---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.14.0
name: vulnerabilityreports.aquasecurity.github.io
spec:
group: aquasecurity.github.io
names:
kind: VulnerabilityReport
listKind: VulnerabilityReportList
plural: vulnerabilityreports
shortNames:
- vuln
- vulns
singular: vulnerabilityreport
scope: Namespaced
versions:
- additionalPrinterColumns:
- description: The name of image repository
jsonPath: .report.artifact.repository
name: Repository
type: string
- description: The name of image tag
jsonPath: .report.artifact.tag
name: Tag
type: string
- description: The name of the vulnerability scanner
jsonPath: .report.scanner.name
name: Scanner
type: string
- description: The age of the report
jsonPath: .metadata.creationTimestamp
name: Age
type: date
- description: The number of critical vulnerabilities
jsonPath: .report.summary.criticalCount
name: Critical
priority: 1
type: integer
- description: The number of high vulnerabilities
jsonPath: .report.summary.highCount
name: High
priority: 1
type: integer
- description: The number of medium vulnerabilities
jsonPath: .report.summary.mediumCount
name: Medium
priority: 1
type: integer
- description: The number of low vulnerabilities
jsonPath: .report.summary.lowCount
name: Low
priority: 1
type: integer
- description: The number of unknown vulnerabilities
jsonPath: .report.summary.unknownCount
name: Unknown
priority: 1
type: integer
name: v1alpha1
schema:
openAPIV3Schema:
description: |-
VulnerabilityReport summarizes vulnerabilities in application dependencies and operating system packages
built into container images.
properties:
apiVersion:
description: |-
APIVersion defines the versioned schema of this representation of an object.
Servers should convert recognized schemas to the latest internal value, and
may reject unrecognized values.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
type: string
kind:
description: |-
Kind is a string value representing the REST resource this object represents.
Servers may infer this from the endpoint the client submits requests to.
Cannot be updated.
In CamelCase.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
type: string
metadata:
type: object
report:
description: Report is the actual vulnerability report data.
properties:
artifact:
description: |-
Artifact represents a standalone, executable package of software that includes everything needed to
run an application.
properties:
digest:
description: Digest is a unique and immutable identifier of an
Artifact.
type: string
mimeType:
description: MimeType represents a type and format of an Artifact.
type: string
repository:
description: Repository is the name of the repository in the Artifact
registry.
type: string
tag:
description: Tag is a mutable, human-readable string used to identify
an Artifact.
type: string
type: object
os:
description: OS information of the artifact
properties:
eosl:
description: Eosl is true if OS version has reached end of service
life
type: boolean
family:
description: Operating System Family
type: string
name:
description: Name or version of the OS
type: string
type: object
registry:
description: Registry is the registry the Artifact was pulled from.
properties:
server:
description: Server the FQDN of registry server.
type: string
type: object
scanner:
description: Scanner is the scanner that generated this report.
properties:
name:
description: Name the name of the scanner.
type: string
vendor:
description: Vendor the name of the vendor providing the scanner.
type: string
version:
description: Version the version of the scanner.
type: string
required:
- name
- vendor
- version
type: object
summary:
description: Summary is a summary of Vulnerability counts grouped
by Severity.
properties:
criticalCount:
description: CriticalCount is the number of vulnerabilities with
Critical Severity.
minimum: 0
type: integer
highCount:
description: HighCount is the number of vulnerabilities with High
Severity.
minimum: 0
type: integer
lowCount:
description: LowCount is the number of vulnerabilities with Low
Severity.
minimum: 0
type: integer
mediumCount:
description: MediumCount is the number of vulnerabilities with
Medium Severity.
minimum: 0
type: integer
noneCount:
description: NoneCount is the number of packages without any vulnerability.
minimum: 0
type: integer
unknownCount:
description: UnknownCount is the number of vulnerabilities with
unknown severity.
minimum: 0
type: integer
required:
- criticalCount
- highCount
- lowCount
- mediumCount
- unknownCount
type: object
updateTimestamp:
description: UpdateTimestamp is a timestamp representing the server
time in UTC when this report was updated.
format: date-time
type: string
vulnerabilities:
description: Vulnerabilities is a list of operating system (OS) or
application software Vulnerability items found in the Artifact.
items:
description: Vulnerability is the spec for a vulnerability record.
properties:
class:
type: string
cvss:
additionalProperties:
properties:
V2Score:
type: number
V2Vector:
type: string
V3Score:
type: number
V3Vector:
type: string
V40Score:
type: number
V40Vector:
type: string
type: object
type: object
cvsssource:
type: string
description:
type: string
fixedVersion:
description: FixedVersion indicates the version of the Resource
in which this vulnerability has been fixed.
type: string
installedVersion:
description: InstalledVersion indicates the installed version
of the Resource.
type: string
lastModifiedDate:
description: LastModifiedDate indicates the last date CVE has
been modified.
type: string
links:
items:
type: string
type: array
packagePURL:
type: string
packagePath:
type: string
packageType:
type: string
primaryLink:
type: string
publishedDate:
description: PublishedDate indicates the date of published CVE.
type: string
resource:
description: Resource is a vulnerable package, application,
or library.
type: string
score:
type: number
severity:
description: Severity level of a vulnerability or a configuration
audit check.
enum:
- CRITICAL
- HIGH
- MEDIUM
- LOW
- UNKNOWN
type: string
target:
type: string
title:
type: string
vulnerabilityID:
description: VulnerabilityID the vulnerability identifier.
type: string
required:
- fixedVersion
- installedVersion
- lastModifiedDate
- publishedDate
- resource
- severity
- title
- vulnerabilityID
type: object
type: array
required:
- artifact
- os
- scanner
- summary
- updateTimestamp
- vulnerabilities
type: object
required:
- report
type: object
x-kubernetes-preserve-unknown-fields: true
served: true
storage: true
subresources: {}