Skip to content

Commit

Permalink
NVSHAS-9669: Overall security score through REST API
Browse files Browse the repository at this point in the history
  • Loading branch information
@williamlin-suse
williamlin-suse committed Dec 2, 2024
1 parent f08f3b2 commit 22cca0f
Show file tree
Hide file tree
Showing 7 changed files with 440 additions and 177 deletions.
84 changes: 84 additions & 0 deletions controller/api/apis.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1711,6 +1711,90 @@ type RESTSystemStatsData struct {
Stats *RESTSystemStats `json:"stats"`
}

type RESTRiskScoreMetricsWL struct {
RunningPods int `json:"running_pods"`
PrivilegedWLs int `json:"privileged_wls"`
RootWLs int `json:"root_wls"`
DiscoverExtEPs int `json:"discover_ext_eps"`
MonitorExtEPs int `json:"monitor_ext_eps"`
ProtectExtEPs int `json:"protect_ext_eps"`
ThrtExtEPs int `json:"threat_ext_eps"`
VioExtEPs int `json:"violate_ext_eps"`
}

type RESTRiskScoreMetricsGroup struct {
Groups int `json:"groups"`
DiscoverGroups int `json:"discover_groups"`
MonitorGroups int `json:"monitor_groups"`
ProtectGroups int `json:"protect_groups"`
ProfileDiscoverGroups int `json:"profile_discover_groups"`
ProfileMonitorGroups int `json:"profile_monitor_groups"`
ProfileProtectGroups int `json:"profile_protect_groups"`
DiscoverGroupsZD int `json:"discover_groups_zero_drift"`
MonitorGroupsZD int `json:"monitor_groups_zero_drift"`
ProtectGroupsZD int `json:"protect_groups_zero_drift"`
}

type RESTRiskScoreMetricsCVE struct {
DiscoverCVEs int `json:"discover_cves"`
MonitorCVEs int `json:"monitor_cves"`
ProtectCVEs int `json:"protect_cves"`
PlatformCVEs int `json:"platform_cves"`
HostCVEs int `json:"host_cves"`
}

type RESTRiskScoreMetrics struct {
Platform string `json:"platform"`
K8sVersion string `json:"kube_version"`
OCVersion string `json:"openshift_version"`
NewServiceMode string `json:"new_service_policy_mode"`
NewProfileMode string `json:"new_service_profile_mode"`
DenyAdmCtrlRules int `json:"deny_adm_ctrl_rules"`
Hosts int `json:"hosts"`
WLs RESTRiskScoreMetricsWL `json:"workloads"`
Groups RESTRiskScoreMetricsGroup `json:"groups"`
CVEs RESTRiskScoreMetricsCVE `json:"cves"`
}

type RESTExposedEndpoint struct {
ID string `json:"id"`
Name string `json:"name"`
DisplayName string `json:"display_name"`
PodName string `json:"pod_name"`
Service string `json:"service"`
ThreatSeverity string `json:"severity"`
CriticalVuls int `json:"critical"`
HighVuls int `json:"high"`
MedVuls int `json:"medium"`
PolicyMode string `json:"policy_mode"`
PolicyAction string `json:"policy_action"`
Protos []string `json:"protocols,omitempty"`
Apps []string `json:"applications,omitempty"`
Ports []string `json:"ports,omitempty"`
Entries []*RESTConversationReportEntry `json:"entries"`
}

type RESTSecurityScores struct {
NewServiceModeScore int `json:"new_service_mode_score"`
ServiceModeScore int `json:"service_mode_score"`
ServiceModeScoreBy100 int `json:"service_mode_score_by_100"`
ExposureScore int `json:"exposure_score"`
ExposureScoreBy100 int `json:"exposure_score_by_100"`
PrivilegedContainerScore int `json:"privileged_container_score"`
RunAsRootScore int `json:"run_as_root_score"`
AdmissionRuleScore int `json:"admission_rule_score"`
VulnerabilityScore int `json:"vulnerability_score"`
VulnerabilityScoreBy100 int `json:"vulnerability_score_by_100"`
SecurityRiskScore int `json:"security_risk_score"`
}

type RESTScoreMetricsData struct {
Metrics *RESTRiskScoreMetrics `json:"metrics"`
Ingress []*RESTExposedEndpoint `json:"ingress"`
Egress []*RESTExposedEndpoint `json:"egress"`
SecurityScores *RESTSecurityScores `json:"security_scores"`
}

type RESTProxy struct {
URL string `json:"url"`
Username string `json:"username"`
Expand Down
Loading

0 comments on commit 22cca0f

Please sign in to comment.