{ "description": "ExposedSecretReport summarizes exposed secrets in plaintext files built into container images.", "properties": { "apiVersion": { "description": "APIVersion defines the versioned schema of this representation of an object.\nServers should convert recognized schemas to the latest internal value, and\nmay reject unrecognized values.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, "kind": { "description": "Kind is a string value representing the REST resource this object represents.\nServers may infer this from the endpoint the client submits requests to.\nCannot be updated.\nIn CamelCase.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, "metadata": { "type": "object" }, "report": { "description": "Report is the actual exposed secret report data.", "properties": { "artifact": { "description": "Artifact represents a standalone, executable package of software that includes everything needed to\nrun an application.", "properties": { "digest": { "description": "Digest is a unique and immutable identifier of an Artifact.", "type": "string" }, "mimeType": { "description": "MimeType represents a type and format of an Artifact.", "type": "string" }, "repository": { "description": "Repository is the name of the repository in the Artifact registry.", "type": "string" }, "tag": { "description": "Tag is a mutable, human-readable string used to identify an Artifact.", "type": "string" } }, "type": "object", "additionalProperties": false }, "registry": { "description": "Registry is the registry the Artifact was pulled from.", "properties": { "server": { "description": "Server the FQDN of registry server.", "type": "string" } }, "type": "object", "additionalProperties": false }, "scanner": { "description": "Scanner is the scanner that generated this report.", "properties": { "name": { "description": "Name the name of the scanner.", "type": "string" }, "vendor": { "description": "Vendor the name of the vendor providing the scanner.", "type": "string" }, "version": { "description": "Version the version of the scanner.", "type": "string" } }, "required": [ "name", "vendor", "version" ], "type": "object", "additionalProperties": false }, "secrets": { "description": "Exposed secrets is a list of passwords, api keys, tokens and others items found in the Artifact.", "items": { "description": "ExposedSecret is the spec for a exposed secret record.", "properties": { "category": { "type": "string" }, "match": { "description": "Match where the exposed rule matched.", "type": "string" }, "ruleID": { "description": "RuleID is rule the identifier.", "type": "string" }, "severity": { "description": "Severity level of a vulnerability or a configuration audit check.", "enum": [ "CRITICAL", "HIGH", "MEDIUM", "LOW" ], "type": "string" }, "target": { "description": "Target is where the exposed secret was found.", "type": "string" }, "title": { "type": "string" } }, "required": [ "category", "match", "ruleID", "severity", "target", "title" ], "type": "object", "additionalProperties": false }, "type": "array" }, "summary": { "description": "Summary is the exposed secrets counts grouped by Severity.", "properties": { "criticalCount": { "description": "CriticalCount is the number of exposed secrets with Critical Severity.", "minimum": 0, "type": "integer" }, "highCount": { "description": "HighCount is the number of exposed secrets with High Severity.", "minimum": 0, "type": "integer" }, "lowCount": { "description": "LowCount is the number of exposed secrets with Low Severity.", "minimum": 0, "type": "integer" }, "mediumCount": { "description": "MediumCount is the number of exposed secrets with Medium Severity.", "minimum": 0, "type": "integer" } }, "required": [ "criticalCount", "highCount", "lowCount", "mediumCount" ], "type": "object", "additionalProperties": false }, "updateTimestamp": { "description": "UpdateTimestamp is a timestamp representing the server time in UTC when this report was updated.", "format": "date-time", "type": "string" } }, "required": [ "artifact", "scanner", "secrets", "summary", "updateTimestamp" ], "type": "object", "additionalProperties": false } }, "required": [ "report" ], "type": "object", "x-kubernetes-preserve-unknown-fields": true }