security.appvia.io/v1alpha1
Package v1alpha1 contains API Schema definitions for the security v1alpha1 API group
Exported Resource Types
SecurityOverview
SecurityOverview contains a report about the current state of Wayfinder or a workspace
| Field | Description | ||||||
|---|---|---|---|---|---|---|---|
apiVersion | security.appvia.io/v1alpha1 | ||||||
kind | SecurityOverview | ||||||
| metadata Kubernetes meta/v1.ObjectMeta | Refer to the Kubernetes API documentation for the fields of the metadata field. | ||||||
| spec SecurityOverviewSpec |
|
SecurityRule
SecurityRule contains the definition of a security rule
| Field | Description | ||||||||
|---|---|---|---|---|---|---|---|---|---|
apiVersion | security.appvia.io/v1alpha1 | ||||||||
kind | SecurityRule | ||||||||
| metadata Kubernetes meta/v1.ObjectMeta | Refer to the Kubernetes API documentation for the fields of the metadata field. | ||||||||
| spec SecurityRuleSpec |
|
SecurityScanResult
SecurityScanResult contains the result of a scan against all registered rules
| Field | Description | ||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
apiVersion | security.appvia.io/v1alpha1 | ||||||||||||||
kind | SecurityScanResult | ||||||||||||||
| metadata Kubernetes meta/v1.ObjectMeta | Refer to the Kubernetes API documentation for the fields of the metadata field. | ||||||||||||||
| spec SecurityScanResultSpec |
|
Internal Resource Types
- RuleStatus
- SecurityOverviewSpec
- SecurityResourceOverview
- SecurityRuleSpec
- SecurityScanResultSpec
- SecurityScanRuleResult
RuleStatus
(string alias)
(Appears on: SecurityResourceOverview, SecurityScanResultSpec, SecurityScanRuleResult)
RuleStatus values represent the possible status of compliance with a security rule.
| Value | Description |
|---|---|
| "Compliant" | Compliant indicates that this target is fully compliant with the specified rule. |
| "Failure" | Failure indicates that this target is uncompliant in a significant way and should be mitigated. This would typically be used for rules where compliance is considered to be vital to a well-run cluster. |
| "Warning" | Warning indicates that this target is uncompliant in such a way that consideration should be made as to whether this should be remediated. This would typically be used for best practice considerations, where not being compliant isn’t necessarily a critical issue. |
SecurityOverviewSpec
(Appears on: SecurityOverview)
SecurityOverviewSpec shows the overall current security posture of Wayfinder or a workspace
| Field | Description |
|---|---|
| workspace WorkspaceKey | Workspace will be populated with the workspace key if this report is about a workspace, else unpopulated for a report for the whole of Wayfinder |
| openIssueCounts map[github.com/appvia/wayfinder/tmpcrdref/pkg/apis/security/v1alpha1.RuleStatus]uint64 | OpenIssueCounts informs how many issues of each rule status exist currently |
| resources []SecurityResourceOverview | Resources contains summaries of the open issues for each resource |
SecurityResourceOverview
(Appears on: SecurityOverviewSpec)
SecurityResourceOverview provides an overview of the open issue counts for a resource
| Field | Description |
|---|---|
| resource Ownership | Resource is a reference to the group/version/kind/namespace/name of the resource scanned by this scan |
| lastChecked Kubernetes meta/v1.Time | LastChecked is the timestamp this resource was last scanned |
| overallStatus RuleStatus | OverallStatus is the overall status of this resource |
| openIssueCounts map[github.com/appvia/wayfinder/tmpcrdref/pkg/apis/security/v1alpha1.RuleStatus]uint64 | OpenIssueCounts is the summary of open issues for this resource |
SecurityRuleSpec
(Appears on: SecurityRule)
SecurityRuleSpec specifies the details of a security rule
| Field | Description |
|---|---|
| code string | Code is the unique identifier of this rule |
| name string | Name is the human-readable name of this rule |
| description string | Description is the markdown-formatted extended description of this rule. |
| appliesTo []string | AppliesTo is the list of resource types (e.g. Plan, Cluster) that this rule is applicable for |
SecurityScanResultSpec
(Appears on: SecurityScanResult)
SecurityScanResultSpec shows the overall result of a scan against all registered rules
| Field | Description |
|---|---|
| id uint64 | ID is the ID of this scan result in the data store |
| resource Ownership | Resource is a reference to the group/version/kind/namespace/name of the resource scanned by this scan |
| owningWorkspace string | OwningWorkspace is the name of the workspace that owns this resource, will be empty if it is a non-workspace resource. |
| checkedAt Kubernetes meta/v1.Time | CheckedAt is the timestamp this result was determined |
| archivedAt Kubernetes meta/v1.Time | ArchivedAt is the timestamp this result was superceded by a later scan - if ArchivedAt.IsZero() is true this is the most recent scan. |
| overallStatus RuleStatus | OverallStatus indicates the worst-case status of the rules checked in this scan |
| results []SecurityScanRuleResult | Results are the underlying results of the individual rules run as part of this scan |
SecurityScanRuleResult
(Appears on: SecurityScanResultSpec)
SecurityScanRuleResult represents the compliance status of a target with respect to a specific security rule.
| Field | Description |
|---|---|
| ruleCode string | RuleCode indicates the rule that this result relates to |
| status RuleStatus | Status indicates the compliance of the target with this rule |
| message string | Message provides additional information about the status of this rule on this target, if applicable |
| checkedAt Kubernetes meta/v1.Time | CheckedAt is the timestamp this result was determined |