---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.14.0
name: exposedsecretreports.aquasecurity.github.io
spec:
group: aquasecurity.github.io
names:
kind: ExposedSecretReport
listKind: ExposedSecretReportList
plural: exposedsecretreports
shortNames:
- exposedsecret
- exposedsecrets
singular: exposedsecretreport
scope: Namespaced
versions:
- additionalPrinterColumns:
- description: The name of image repository
jsonPath: .report.artifact.repository
name: Repository
type: string
- description: The name of image tag
jsonPath: .report.artifact.tag
name: Tag
type: string
- description: The name of the exposed secret scanner
jsonPath: .report.scanner.name
name: Scanner
type: string
- description: The age of the report
jsonPath: .metadata.creationTimestamp
name: Age
type: date
- description: The number of critical exposed secrets
jsonPath: .report.summary.criticalCount
name: Critical
priority: 1
type: integer
- description: The number of high exposed secrets
jsonPath: .report.summary.highCount
name: High
priority: 1
type: integer
- description: The number of medium exposed secrets
jsonPath: .report.summary.mediumCount
name: Medium
priority: 1
type: integer
- description: The number of low exposed secrets
jsonPath: .report.summary.lowCount
name: Low
priority: 1
type: integer
name: v1alpha1
schema:
openAPIV3Schema:
description: ExposedSecretReport summarizes exposed secrets in plaintext files
built into container images.
properties:
apiVersion:
description: |-
APIVersion defines the versioned schema of this representation of an object.
Servers should convert recognized schemas to the latest internal value, and
may reject unrecognized values.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
type: string
kind:
description: |-
Kind is a string value representing the REST resource this object represents.
Servers may infer this from the endpoint the client submits requests to.
Cannot be updated.
In CamelCase.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
type: string
metadata:
type: object
report:
description: Report is the actual exposed secret report data.
properties:
artifact:
description: |-
Artifact represents a standalone, executable package of software that includes everything needed to
run an application.
properties:
digest:
description: Digest is a unique and immutable identifier of an
Artifact.
type: string
mimeType:
description: MimeType represents a type and format of an Artifact.
type: string
repository:
description: Repository is the name of the repository in the Artifact
registry.
type: string
tag:
description: Tag is a mutable, human-readable string used to identify
an Artifact.
type: string
type: object
registry:
description: Registry is the registry the Artifact was pulled from.
properties:
server:
description: Server the FQDN of registry server.
type: string
type: object
scanner:
description: Scanner is the scanner that generated this report.
properties:
name:
description: Name the name of the scanner.
type: string
vendor:
description: Vendor the name of the vendor providing the scanner.
type: string
version:
description: Version the version of the scanner.
type: string
required:
- name
- vendor
- version
type: object
secrets:
description: Exposed secrets is a list of passwords, api keys, tokens
and others items found in the Artifact.
items:
description: ExposedSecret is the spec for a exposed secret record.
properties:
category:
type: string
match:
description: Match where the exposed rule matched.
type: string
ruleID:
description: RuleID is rule the identifier.
type: string
severity:
description: Severity level of a vulnerability or a configuration
audit check.
enum:
- CRITICAL
- HIGH
- MEDIUM
- LOW
type: string
target:
description: Target is where the exposed secret was found.
type: string
title:
type: string
required:
- category
- match
- ruleID
- severity
- target
- title
type: object
type: array
summary:
description: Summary is the exposed secrets counts grouped by Severity.
properties:
criticalCount:
description: CriticalCount is the number of exposed secrets with
Critical Severity.
minimum: 0
type: integer
highCount:
description: HighCount is the number of exposed secrets with High
Severity.
minimum: 0
type: integer
lowCount:
description: LowCount is the number of exposed secrets with Low
Severity.
minimum: 0
type: integer
mediumCount:
description: MediumCount is the number of exposed secrets with
Medium Severity.
minimum: 0
type: integer
required:
- criticalCount
- highCount
- lowCount
- mediumCount
type: object
updateTimestamp:
description: UpdateTimestamp is a timestamp representing the server
time in UTC when this report was updated.
format: date-time
type: string
required:
- artifact
- scanner
- secrets
- summary
- updateTimestamp
type: object
required:
- report
type: object
x-kubernetes-preserve-unknown-fields: true
served: true
storage: true
subresources: {}