├── .circleci └── config.yml ├── .dockerignore ├── .gitignore ├── CHANGELOG ├── LICENSE ├── Makefile ├── README.md ├── cmd ├── opaeval │ └── main.go └── webhook │ ├── main.go │ └── pods.go ├── deployments ├── apiregistration.yaml ├── clusterrolebinding.yaml ├── deployment.yaml ├── image-scan-rules.yaml ├── secret-sysdig-secure-token.yaml └── webhook.yaml ├── doc ├── admission-review-example.json └── scan-report-example.json ├── go.mod ├── go.sum ├── helm-charts ├── .helmignore ├── Chart.yaml ├── commonrules.rego ├── postscanrules.rego ├── prescanrules.rego ├── templates │ ├── NOTES.txt │ ├── _helpers.tpl │ ├── certs.yaml │ ├── clusterrolebinding.yaml │ ├── configmap-opa-policy.yaml │ ├── configmap-opa-post-scan-rules.yaml │ ├── configmap-opa-pre-scan-rules.yaml │ ├── configmap.yaml │ ├── deployment.yaml │ ├── role-kube-system.yaml │ ├── rolebinding.yaml │ ├── secret-token.yaml │ ├── service.yaml │ └── serviceaccount.yaml └── values.yaml ├── pkg ├── admissionserver │ ├── admissionserver.go │ ├── assets │ │ ├── admission-review-with-annotations.json │ │ └── admission-review.json │ ├── evaluate.go │ ├── evaluate_test.go │ ├── mocking_test.go │ ├── mutationhook.go │ ├── mutationhook_test.go │ ├── scheme.go │ └── types.go ├── anchore │ ├── client.go │ ├── client_test.go │ ├── imagescannerimpl.go │ ├── imagescannerimpl_test.go │ └── types.go ├── imagescanner │ └── types.go ├── opa │ ├── assets │ │ └── admission-review.json │ ├── internaltypes.go │ ├── opa.go │ ├── opa_test.go │ └── types.go └── opaimagescanner │ ├── admissionevaluatorimpl.go │ ├── admissionevaluatorimpl_test.go │ ├── assets │ └── admission-review.json │ ├── internaltypes.go │ └── opaimagescanner.go └── rego-test ├── postscanrules_test.rego └── prescanrules_test.rego /.circleci/config.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sysdiglabs/opa-image-scanner/HEAD/.circleci/config.yml -------------------------------------------------------------------------------- /.dockerignore: -------------------------------------------------------------------------------- 1 | webhook 2 | .git 3 | -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sysdiglabs/opa-image-scanner/HEAD/.gitignore -------------------------------------------------------------------------------- /CHANGELOG: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sysdiglabs/opa-image-scanner/HEAD/CHANGELOG -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sysdiglabs/opa-image-scanner/HEAD/LICENSE -------------------------------------------------------------------------------- /Makefile: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sysdiglabs/opa-image-scanner/HEAD/Makefile -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sysdiglabs/opa-image-scanner/HEAD/README.md -------------------------------------------------------------------------------- /cmd/opaeval/main.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sysdiglabs/opa-image-scanner/HEAD/cmd/opaeval/main.go -------------------------------------------------------------------------------- /cmd/webhook/main.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sysdiglabs/opa-image-scanner/HEAD/cmd/webhook/main.go -------------------------------------------------------------------------------- /cmd/webhook/pods.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sysdiglabs/opa-image-scanner/HEAD/cmd/webhook/pods.go -------------------------------------------------------------------------------- /deployments/apiregistration.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sysdiglabs/opa-image-scanner/HEAD/deployments/apiregistration.yaml -------------------------------------------------------------------------------- /deployments/clusterrolebinding.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sysdiglabs/opa-image-scanner/HEAD/deployments/clusterrolebinding.yaml -------------------------------------------------------------------------------- /deployments/deployment.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sysdiglabs/opa-image-scanner/HEAD/deployments/deployment.yaml -------------------------------------------------------------------------------- /deployments/image-scan-rules.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sysdiglabs/opa-image-scanner/HEAD/deployments/image-scan-rules.yaml -------------------------------------------------------------------------------- /deployments/secret-sysdig-secure-token.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sysdiglabs/opa-image-scanner/HEAD/deployments/secret-sysdig-secure-token.yaml -------------------------------------------------------------------------------- /deployments/webhook.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sysdiglabs/opa-image-scanner/HEAD/deployments/webhook.yaml -------------------------------------------------------------------------------- /doc/admission-review-example.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sysdiglabs/opa-image-scanner/HEAD/doc/admission-review-example.json -------------------------------------------------------------------------------- /doc/scan-report-example.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sysdiglabs/opa-image-scanner/HEAD/doc/scan-report-example.json -------------------------------------------------------------------------------- /go.mod: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sysdiglabs/opa-image-scanner/HEAD/go.mod -------------------------------------------------------------------------------- /go.sum: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sysdiglabs/opa-image-scanner/HEAD/go.sum -------------------------------------------------------------------------------- /helm-charts/.helmignore: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sysdiglabs/opa-image-scanner/HEAD/helm-charts/.helmignore -------------------------------------------------------------------------------- /helm-charts/Chart.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sysdiglabs/opa-image-scanner/HEAD/helm-charts/Chart.yaml -------------------------------------------------------------------------------- /helm-charts/commonrules.rego: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sysdiglabs/opa-image-scanner/HEAD/helm-charts/commonrules.rego -------------------------------------------------------------------------------- /helm-charts/postscanrules.rego: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sysdiglabs/opa-image-scanner/HEAD/helm-charts/postscanrules.rego -------------------------------------------------------------------------------- /helm-charts/prescanrules.rego: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sysdiglabs/opa-image-scanner/HEAD/helm-charts/prescanrules.rego -------------------------------------------------------------------------------- /helm-charts/templates/NOTES.txt: -------------------------------------------------------------------------------- 1 | Sysdig Admission Controller is now installed! 2 | -------------------------------------------------------------------------------- /helm-charts/templates/_helpers.tpl: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sysdiglabs/opa-image-scanner/HEAD/helm-charts/templates/_helpers.tpl -------------------------------------------------------------------------------- /helm-charts/templates/certs.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sysdiglabs/opa-image-scanner/HEAD/helm-charts/templates/certs.yaml -------------------------------------------------------------------------------- /helm-charts/templates/clusterrolebinding.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sysdiglabs/opa-image-scanner/HEAD/helm-charts/templates/clusterrolebinding.yaml -------------------------------------------------------------------------------- /helm-charts/templates/configmap-opa-policy.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sysdiglabs/opa-image-scanner/HEAD/helm-charts/templates/configmap-opa-policy.yaml -------------------------------------------------------------------------------- /helm-charts/templates/configmap-opa-post-scan-rules.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sysdiglabs/opa-image-scanner/HEAD/helm-charts/templates/configmap-opa-post-scan-rules.yaml -------------------------------------------------------------------------------- /helm-charts/templates/configmap-opa-pre-scan-rules.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sysdiglabs/opa-image-scanner/HEAD/helm-charts/templates/configmap-opa-pre-scan-rules.yaml -------------------------------------------------------------------------------- /helm-charts/templates/configmap.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sysdiglabs/opa-image-scanner/HEAD/helm-charts/templates/configmap.yaml -------------------------------------------------------------------------------- /helm-charts/templates/deployment.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sysdiglabs/opa-image-scanner/HEAD/helm-charts/templates/deployment.yaml -------------------------------------------------------------------------------- /helm-charts/templates/role-kube-system.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sysdiglabs/opa-image-scanner/HEAD/helm-charts/templates/role-kube-system.yaml -------------------------------------------------------------------------------- /helm-charts/templates/rolebinding.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sysdiglabs/opa-image-scanner/HEAD/helm-charts/templates/rolebinding.yaml -------------------------------------------------------------------------------- /helm-charts/templates/secret-token.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sysdiglabs/opa-image-scanner/HEAD/helm-charts/templates/secret-token.yaml -------------------------------------------------------------------------------- /helm-charts/templates/service.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sysdiglabs/opa-image-scanner/HEAD/helm-charts/templates/service.yaml -------------------------------------------------------------------------------- /helm-charts/templates/serviceaccount.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sysdiglabs/opa-image-scanner/HEAD/helm-charts/templates/serviceaccount.yaml -------------------------------------------------------------------------------- /helm-charts/values.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sysdiglabs/opa-image-scanner/HEAD/helm-charts/values.yaml -------------------------------------------------------------------------------- /pkg/admissionserver/admissionserver.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sysdiglabs/opa-image-scanner/HEAD/pkg/admissionserver/admissionserver.go -------------------------------------------------------------------------------- /pkg/admissionserver/assets/admission-review-with-annotations.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sysdiglabs/opa-image-scanner/HEAD/pkg/admissionserver/assets/admission-review-with-annotations.json -------------------------------------------------------------------------------- /pkg/admissionserver/assets/admission-review.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sysdiglabs/opa-image-scanner/HEAD/pkg/admissionserver/assets/admission-review.json -------------------------------------------------------------------------------- /pkg/admissionserver/evaluate.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sysdiglabs/opa-image-scanner/HEAD/pkg/admissionserver/evaluate.go -------------------------------------------------------------------------------- /pkg/admissionserver/evaluate_test.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sysdiglabs/opa-image-scanner/HEAD/pkg/admissionserver/evaluate_test.go -------------------------------------------------------------------------------- /pkg/admissionserver/mocking_test.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sysdiglabs/opa-image-scanner/HEAD/pkg/admissionserver/mocking_test.go -------------------------------------------------------------------------------- /pkg/admissionserver/mutationhook.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sysdiglabs/opa-image-scanner/HEAD/pkg/admissionserver/mutationhook.go -------------------------------------------------------------------------------- /pkg/admissionserver/mutationhook_test.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sysdiglabs/opa-image-scanner/HEAD/pkg/admissionserver/mutationhook_test.go -------------------------------------------------------------------------------- /pkg/admissionserver/scheme.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sysdiglabs/opa-image-scanner/HEAD/pkg/admissionserver/scheme.go -------------------------------------------------------------------------------- /pkg/admissionserver/types.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sysdiglabs/opa-image-scanner/HEAD/pkg/admissionserver/types.go -------------------------------------------------------------------------------- /pkg/anchore/client.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sysdiglabs/opa-image-scanner/HEAD/pkg/anchore/client.go -------------------------------------------------------------------------------- /pkg/anchore/client_test.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sysdiglabs/opa-image-scanner/HEAD/pkg/anchore/client_test.go -------------------------------------------------------------------------------- /pkg/anchore/imagescannerimpl.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sysdiglabs/opa-image-scanner/HEAD/pkg/anchore/imagescannerimpl.go -------------------------------------------------------------------------------- /pkg/anchore/imagescannerimpl_test.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sysdiglabs/opa-image-scanner/HEAD/pkg/anchore/imagescannerimpl_test.go -------------------------------------------------------------------------------- /pkg/anchore/types.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sysdiglabs/opa-image-scanner/HEAD/pkg/anchore/types.go -------------------------------------------------------------------------------- /pkg/imagescanner/types.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sysdiglabs/opa-image-scanner/HEAD/pkg/imagescanner/types.go -------------------------------------------------------------------------------- /pkg/opa/assets/admission-review.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sysdiglabs/opa-image-scanner/HEAD/pkg/opa/assets/admission-review.json -------------------------------------------------------------------------------- /pkg/opa/internaltypes.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sysdiglabs/opa-image-scanner/HEAD/pkg/opa/internaltypes.go -------------------------------------------------------------------------------- /pkg/opa/opa.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sysdiglabs/opa-image-scanner/HEAD/pkg/opa/opa.go -------------------------------------------------------------------------------- /pkg/opa/opa_test.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sysdiglabs/opa-image-scanner/HEAD/pkg/opa/opa_test.go -------------------------------------------------------------------------------- /pkg/opa/types.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sysdiglabs/opa-image-scanner/HEAD/pkg/opa/types.go -------------------------------------------------------------------------------- /pkg/opaimagescanner/admissionevaluatorimpl.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sysdiglabs/opa-image-scanner/HEAD/pkg/opaimagescanner/admissionevaluatorimpl.go -------------------------------------------------------------------------------- /pkg/opaimagescanner/admissionevaluatorimpl_test.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sysdiglabs/opa-image-scanner/HEAD/pkg/opaimagescanner/admissionevaluatorimpl_test.go -------------------------------------------------------------------------------- /pkg/opaimagescanner/assets/admission-review.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sysdiglabs/opa-image-scanner/HEAD/pkg/opaimagescanner/assets/admission-review.json -------------------------------------------------------------------------------- /pkg/opaimagescanner/internaltypes.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sysdiglabs/opa-image-scanner/HEAD/pkg/opaimagescanner/internaltypes.go -------------------------------------------------------------------------------- /pkg/opaimagescanner/opaimagescanner.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sysdiglabs/opa-image-scanner/HEAD/pkg/opaimagescanner/opaimagescanner.go -------------------------------------------------------------------------------- /rego-test/postscanrules_test.rego: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sysdiglabs/opa-image-scanner/HEAD/rego-test/postscanrules_test.rego -------------------------------------------------------------------------------- /rego-test/prescanrules_test.rego: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sysdiglabs/opa-image-scanner/HEAD/rego-test/prescanrules_test.rego --------------------------------------------------------------------------------