Sentry

https://github.com/sylvester-francis/Sentry
Licensed under MIT - see LICENSE file

Installation

dagger install github.com/sylvester-francis/Sentry@v0.0.1

Entrypoint

Return Type

Sentry

Example

dagger -m github.com/sylvester-francis/Sentry@a9ad6e7f5d48825e6cd113f47d7ebc2307fce71b call \

func (m *MyModule) Example() *dagger.Sentry  {
	return dag.
			Sentry()
}

@function
def example() -> dagger.Sentry:
	return (
		dag.sentry()
	)

@func()
example(): Sentry {
	return dag
		.sentry()
}

Types

Sentry 🔗

Sentry is the main module struct for container security auditing

test() 🔗

Test runs unit tests for the Sentry module and returns a test report

Return Type

String !

Example

dagger -m github.com/sylvester-francis/Sentry@a9ad6e7f5d48825e6cd113f47d7ebc2307fce71b call \
 test

func (m *MyModule) Example(ctx context.Context) string  {
	return dag.
			Sentry().
			Test(ctx)
}

@function
async def example() -> str:
	return await (
		dag.sentry()
		.test()
	)

@func()
async example(): Promise<string> {
	return dag
		.sentry()
		.test()
}

scan() 🔗

Scan initializes a security audit for the given container Returns an AuditConfig that can be further configured with chain methods Default scanner is Trivy

Return Type

AuditConfig !

Arguments

Name	Type	Default Value	Description
container	Container !	-	No description provided

Example

dagger -m github.com/sylvester-francis/Sentry@a9ad6e7f5d48825e6cd113f47d7ebc2307fce71b call \
 scan --container IMAGE:TAG

func (m *MyModule) Example(container *dagger.Container) *dagger.SentryAuditConfig  {
	return dag.
			Sentry().
			Scan(container)
}

@function
def example(container: dagger.Container) -> dagger.SentryAuditConfig:
	return (
		dag.sentry()
		.scan(container)
	)

@func()
example(container: Container): SentryAuditConfig {
	return dag
		.sentry()
		.scan(container)
}

AuditConfig 🔗

AuditConfig holds the configuration for a security audit

container() 🔗

The container to audit

Return Type

Container !

Example

dagger -m github.com/sylvester-francis/Sentry@a9ad6e7f5d48825e6cd113f47d7ebc2307fce71b call \
 scan --container IMAGE:TAG \
 container

func (m *MyModule) Example(container *dagger.Container) *dagger.Container  {
	return dag.
			Sentry().
			Scan(container).
			Container()
}

@function
def example(container: dagger.Container) -> dagger.Container:
	return (
		dag.sentry()
		.scan(container)
		.container()
	)

@func()
example(container: Container): Container {
	return dag
		.sentry()
		.scan(container)
		.container()
}

scanner() 🔗

Vulnerability scanner configuration

Return Type

ScannerConfig !

Example

dagger -m github.com/sylvester-francis/Sentry@a9ad6e7f5d48825e6cd113f47d7ebc2307fce71b call \
 scan --container IMAGE:TAG \
 scanner

func (m *MyModule) Example(container *dagger.Container) *dagger.SentryScannerConfig  {
	return dag.
			Sentry().
			Scan(container).
			Scanner()
}

@function
def example(container: dagger.Container) -> dagger.SentryScannerConfig:
	return (
		dag.sentry()
		.scan(container)
		.scanner()
	)

@func()
example(container: Container): SentryScannerConfig {
	return dag
		.sentry()
		.scan(container)
		.scanner()
}

failOnSeverity() 🔗

Fail if vulns >= this severity

Return Type

Enum !

Example

dagger -m github.com/sylvester-francis/Sentry@a9ad6e7f5d48825e6cd113f47d7ebc2307fce71b call \
 scan --container IMAGE:TAG \
 fail-on-severity

func (m *MyModule) Example(container *dagger.Container)   {
	return dag.
			Sentry().
			Scan(container).
			FailOnSeverity()
}

@function
def example(container: dagger.Container) -> :
	return (
		dag.sentry()
		.scan(container)
		.fail_on_severity()
	)

@func()
example(container: Container):  {
	return dag
		.sentry()
		.scan(container)
		.failOnSeverity()
}

checkSecrets() 🔗

Check for secrets in env vars

Return Type

Boolean !

Example

dagger -m github.com/sylvester-francis/Sentry@a9ad6e7f5d48825e6cd113f47d7ebc2307fce71b call \
 scan --container IMAGE:TAG \
 check-secrets

func (m *MyModule) Example(ctx context.Context, container *dagger.Container) bool  {
	return dag.
			Sentry().
			Scan(container).
			CheckSecrets(ctx)
}

@function
async def example(container: dagger.Container) -> bool:
	return await (
		dag.sentry()
		.scan(container)
		.check_secrets()
	)

@func()
async example(container: Container): Promise<boolean> {
	return dag
		.sentry()
		.scan(container)
		.checkSecrets()
}

checkNonRoot() 🔗

Check for non-root user

Return Type

Boolean !

Example

dagger -m github.com/sylvester-francis/Sentry@a9ad6e7f5d48825e6cd113f47d7ebc2307fce71b call \
 scan --container IMAGE:TAG \
 check-non-root

func (m *MyModule) Example(ctx context.Context, container *dagger.Container) bool  {
	return dag.
			Sentry().
			Scan(container).
			CheckNonRoot(ctx)
}

@function
async def example(container: dagger.Container) -> bool:
	return await (
		dag.sentry()
		.scan(container)
		.check_non_root()
	)

@func()
async example(container: Container): Promise<boolean> {
	return dag
		.sentry()
		.scan(container)
		.checkNonRoot()
}

checkHealth() 🔗

Check for healthcheck

Return Type

Boolean !

Example

dagger -m github.com/sylvester-francis/Sentry@a9ad6e7f5d48825e6cd113f47d7ebc2307fce71b call \
 scan --container IMAGE:TAG \
 check-health

func (m *MyModule) Example(ctx context.Context, container *dagger.Container) bool  {
	return dag.
			Sentry().
			Scan(container).
			CheckHealth(ctx)
}

@function
async def example(container: dagger.Container) -> bool:
	return await (
		dag.sentry()
		.scan(container)
		.check_health()
	)

@func()
async example(container: Container): Promise<boolean> {
	return dag
		.sentry()
		.scan(container)
		.checkHealth()
}

audit() 🔗

Audit runs the complete security audit and returns the result

Return Type

AuditResult !

Example

dagger -m github.com/sylvester-francis/Sentry@a9ad6e7f5d48825e6cd113f47d7ebc2307fce71b call \
 scan --container IMAGE:TAG \
 audit

func (m *MyModule) Example(container *dagger.Container) *dagger.SentryAuditResult  {
	return dag.
			Sentry().
			Scan(container).
			Audit()
}

@function
def example(container: dagger.Container) -> dagger.SentryAuditResult:
	return (
		dag.sentry()
		.scan(container)
		.audit()
	)

@func()
example(container: Container): SentryAuditResult {
	return dag
		.sentry()
		.scan(container)
		.audit()
}

report() 🔗

Report generates a Markdown security audit report

Return Type

String !

Example

dagger -m github.com/sylvester-francis/Sentry@a9ad6e7f5d48825e6cd113f47d7ebc2307fce71b call \
 scan --container IMAGE:TAG \
 report

func (m *MyModule) Example(ctx context.Context, container *dagger.Container) string  {
	return dag.
			Sentry().
			Scan(container).
			Report(ctx)
}

@function
async def example(container: dagger.Container) -> str:
	return await (
		dag.sentry()
		.scan(container)
		.report()
	)

@func()
async example(container: Container): Promise<string> {
	return dag
		.sentry()
		.scan(container)
		.report()
}

json() 🔗

Json generates a JSON security audit report

Return Type

String !

Example

dagger -m github.com/sylvester-francis/Sentry@a9ad6e7f5d48825e6cd113f47d7ebc2307fce71b call \
 scan --container IMAGE:TAG \
 json

func (m *MyModule) Example(ctx context.Context, container *dagger.Container) string  {
	return dag.
			Sentry().
			Scan(container).
			Json(ctx)
}

@function
async def example(container: dagger.Container) -> str:
	return await (
		dag.sentry()
		.scan(container)
		.json()
	)

@func()
async example(container: Container): Promise<string> {
	return dag
		.sentry()
		.scan(container)
		.json()
}

passed() 🔗

Passed returns true if the audit passed all checks

Return Type

Boolean !

Example

dagger -m github.com/sylvester-francis/Sentry@a9ad6e7f5d48825e6cd113f47d7ebc2307fce71b call \
 scan --container IMAGE:TAG \
 passed

func (m *MyModule) Example(ctx context.Context, container *dagger.Container) bool  {
	return dag.
			Sentry().
			Scan(container).
			Passed(ctx)
}

@function
async def example(container: dagger.Container) -> bool:
	return await (
		dag.sentry()
		.scan(container)
		.passed()
	)

@func()
async example(container: Container): Promise<boolean> {
	return dag
		.sentry()
		.scan(container)
		.passed()
}

exitCode() 🔗

ExitCode returns 0 if passed, 1 if failed (for CI integration)

Return Type

Integer !

Example

dagger -m github.com/sylvester-francis/Sentry@a9ad6e7f5d48825e6cd113f47d7ebc2307fce71b call \
 scan --container IMAGE:TAG \
 exit-code

func (m *MyModule) Example(ctx context.Context, container *dagger.Container) int  {
	return dag.
			Sentry().
			Scan(container).
			ExitCode(ctx)
}

@function
async def example(container: dagger.Container) -> int:
	return await (
		dag.sentry()
		.scan(container)
		.exit_code()
	)

@func()
async example(container: Container): Promise<number> {
	return dag
		.sentry()
		.scan(container)
		.exitCode()
}

withTrivy() 🔗

WithTrivy uses Trivy as the vulnerability scanner (default)

Return Type

AuditConfig !

Example

dagger -m github.com/sylvester-francis/Sentry@a9ad6e7f5d48825e6cd113f47d7ebc2307fce71b call \
 scan --container IMAGE:TAG \
 with-trivy

func (m *MyModule) Example(container *dagger.Container) *dagger.SentryAuditConfig  {
	return dag.
			Sentry().
			Scan(container).
			WithTrivy()
}

@function
def example(container: dagger.Container) -> dagger.SentryAuditConfig:
	return (
		dag.sentry()
		.scan(container)
		.with_trivy()
	)

@func()
example(container: Container): SentryAuditConfig {
	return dag
		.sentry()
		.scan(container)
		.withTrivy()
}

withGrype() 🔗

WithGrype uses Grype (Anchore) as the vulnerability scanner

Return Type

AuditConfig !

Example

dagger -m github.com/sylvester-francis/Sentry@a9ad6e7f5d48825e6cd113f47d7ebc2307fce71b call \
 scan --container IMAGE:TAG \
 with-grype

func (m *MyModule) Example(container *dagger.Container) *dagger.SentryAuditConfig  {
	return dag.
			Sentry().
			Scan(container).
			WithGrype()
}

@function
def example(container: dagger.Container) -> dagger.SentryAuditConfig:
	return (
		dag.sentry()
		.scan(container)
		.with_grype()
	)

@func()
example(container: Container): SentryAuditConfig {
	return dag
		.sentry()
		.scan(container)
		.withGrype()
}

withSnyk() 🔗

WithSnyk uses Snyk as the vulnerability scanner Requires SNYK_TOKEN environment variable

Return Type

AuditConfig !

Arguments

Name	Type	Default Value	Description
token	Secret !	-	No description provided

Example

dagger -m github.com/sylvester-francis/Sentry@a9ad6e7f5d48825e6cd113f47d7ebc2307fce71b call \
 scan --container IMAGE:TAG \
 with-snyk --token env:MYSECRET

func (m *MyModule) Example(container *dagger.Container, token *dagger.Secret) *dagger.SentryAuditConfig  {
	return dag.
			Sentry().
			Scan(container).
			WithSnyk(token)
}

@function
def example(container: dagger.Container, token: dagger.Secret) -> dagger.SentryAuditConfig:
	return (
		dag.sentry()
		.scan(container)
		.with_snyk(token)
	)

@func()
example(container: Container, token: Secret): SentryAuditConfig {
	return dag
		.sentry()
		.scan(container)
		.withSnyk(token)
}

withWiz() 🔗

WithWiz uses Wiz as the vulnerability scanner Requires WIZ_CLIENT_ID and WIZ_CLIENT_SECRET

Return Type

AuditConfig !

Arguments

Name	Type	Default Value	Description
clientId	Secret !	-	No description provided
clientSecret	Secret !	-	No description provided

Example

dagger -m github.com/sylvester-francis/Sentry@a9ad6e7f5d48825e6cd113f47d7ebc2307fce71b call \
 scan --container IMAGE:TAG \
 with-wiz --client-id env:MYSECRET --client-secret env:MYSECRET

func (m *MyModule) Example(container *dagger.Container, clientId *dagger.Secret, clientSecret *dagger.Secret) *dagger.SentryAuditConfig  {
	return dag.
			Sentry().
			Scan(container).
			WithWiz(clientId, clientSecret)
}

@function
def example(container: dagger.Container, client_id: dagger.Secret, client_secret: dagger.Secret) -> dagger.SentryAuditConfig:
	return (
		dag.sentry()
		.scan(container)
		.with_wiz(client_id, client_secret)
	)

@func()
example(container: Container, clientId: Secret, clientSecret: Secret): SentryAuditConfig {
	return dag
		.sentry()
		.scan(container)
		.withWiz(clientId, clientSecret)
}

withBlackDuck() 🔗

WithBlackDuck uses Black Duck as the vulnerability scanner Requires BLACKDUCK_URL and BLACKDUCK_API_TOKEN

Return Type

AuditConfig !

Arguments

Name	Type	Default Value	Description
url	String !	-	No description provided
token	Secret !	-	No description provided

Example

dagger -m github.com/sylvester-francis/Sentry@a9ad6e7f5d48825e6cd113f47d7ebc2307fce71b call \
 scan --container IMAGE:TAG \
 with-black-duck --url string --token env:MYSECRET

func (m *MyModule) Example(container *dagger.Container, url string, token *dagger.Secret) *dagger.SentryAuditConfig  {
	return dag.
			Sentry().
			Scan(container).
			WithBlackDuck(url, token)
}

@function
def example(container: dagger.Container, url: str, token: dagger.Secret) -> dagger.SentryAuditConfig:
	return (
		dag.sentry()
		.scan(container)
		.with_black_duck(url, token)
	)

@func()
example(container: Container, url: string, token: Secret): SentryAuditConfig {
	return dag
		.sentry()
		.scan(container)
		.withBlackDuck(url, token)
}

withCustomScanner() 🔗

WithCustomScanner uses a custom scanner container You provide the container image, command args, and output format for parsing

Return Type

AuditConfig !

Arguments

Name	Type	Default Value	Description
image	String !	-	No description provided
args	[String ! ] !	-	No description provided
outputFormat	String	"trivy"	No description provided

Example

dagger -m github.com/sylvester-francis/Sentry@a9ad6e7f5d48825e6cd113f47d7ebc2307fce71b call \
 scan --container IMAGE:TAG \
 with-custom-scanner --image string --args string1 --args string2

func (m *MyModule) Example(container *dagger.Container, image string, args []string) *dagger.SentryAuditConfig  {
	return dag.
			Sentry().
			Scan(container).
			WithCustomScanner(image, args)
}

@function
def example(container: dagger.Container, image: str, args: List[str]) -> dagger.SentryAuditConfig:
	return (
		dag.sentry()
		.scan(container)
		.with_custom_scanner(image, args)
	)

@func()
example(container: Container, image: string, args: string[]): SentryAuditConfig {
	return dag
		.sentry()
		.scan(container)
		.withCustomScanner(image, args)
}

withoutScanner() 🔗

WithoutScanner disables vulnerability scanning entirely

Return Type

AuditConfig !

Example

dagger -m github.com/sylvester-francis/Sentry@a9ad6e7f5d48825e6cd113f47d7ebc2307fce71b call \
 scan --container IMAGE:TAG \
 without-scanner

func (m *MyModule) Example(container *dagger.Container) *dagger.SentryAuditConfig  {
	return dag.
			Sentry().
			Scan(container).
			WithoutScanner()
}

@function
def example(container: dagger.Container) -> dagger.SentryAuditConfig:
	return (
		dag.sentry()
		.scan(container)
		.without_scanner()
	)

@func()
example(container: Container): SentryAuditConfig {
	return dag
		.sentry()
		.scan(container)
		.withoutScanner()
}

failOn() 🔗

FailOn sets the minimum severity that causes the audit to fail

Return Type

AuditConfig !

Arguments

Name	Type	Default Value	Description
severity	Enum !	-	No description provided

Example

dagger -m github.com/sylvester-francis/Sentry@a9ad6e7f5d48825e6cd113f47d7ebc2307fce71b call \
 scan --container IMAGE:TAG \
 fail-on

func (m *MyModule) Example(container *dagger.Container, severity ) *dagger.SentryAuditConfig  {
	return dag.
			Sentry().
			Scan(container).
			FailOn(severity)
}

@function
def example(container: dagger.Container, severity: ) -> dagger.SentryAuditConfig:
	return (
		dag.sentry()
		.scan(container)
		.fail_on(severity)
	)

@func()
example(container: Container, severity: ): SentryAuditConfig {
	return dag
		.sentry()
		.scan(container)
		.failOn(severity)
}

withSecretCheck() 🔗

WithSecretCheck enables or disables secret detection in environment variables

Return Type

AuditConfig !

Arguments

Name	Type	Default Value	Description
enable	Boolean !	-	No description provided

Example

dagger -m github.com/sylvester-francis/Sentry@a9ad6e7f5d48825e6cd113f47d7ebc2307fce71b call \
 scan --container IMAGE:TAG \
 with-secret-check --enable boolean

func (m *MyModule) Example(container *dagger.Container, enable bool) *dagger.SentryAuditConfig  {
	return dag.
			Sentry().
			Scan(container).
			WithSecretCheck(enable)
}

@function
def example(container: dagger.Container, enable: bool) -> dagger.SentryAuditConfig:
	return (
		dag.sentry()
		.scan(container)
		.with_secret_check(enable)
	)

@func()
example(container: Container, enable: boolean): SentryAuditConfig {
	return dag
		.sentry()
		.scan(container)
		.withSecretCheck(enable)
}

withNonRootCheck() 🔗

WithNonRootCheck enables or disables the non-root user check

Return Type

AuditConfig !

Arguments

Name	Type	Default Value	Description
enable	Boolean !	-	No description provided

Example

dagger -m github.com/sylvester-francis/Sentry@a9ad6e7f5d48825e6cd113f47d7ebc2307fce71b call \
 scan --container IMAGE:TAG \
 with-non-root-check --enable boolean

func (m *MyModule) Example(container *dagger.Container, enable bool) *dagger.SentryAuditConfig  {
	return dag.
			Sentry().
			Scan(container).
			WithNonRootCheck(enable)
}

@function
def example(container: dagger.Container, enable: bool) -> dagger.SentryAuditConfig:
	return (
		dag.sentry()
		.scan(container)
		.with_non_root_check(enable)
	)

@func()
example(container: Container, enable: boolean): SentryAuditConfig {
	return dag
		.sentry()
		.scan(container)
		.withNonRootCheck(enable)
}

withHealthCheck() 🔗

WithHealthCheck enables or disables the healthcheck verification

Return Type

AuditConfig !

Arguments

Name	Type	Default Value	Description
enable	Boolean !	-	No description provided

Example

dagger -m github.com/sylvester-francis/Sentry@a9ad6e7f5d48825e6cd113f47d7ebc2307fce71b call \
 scan --container IMAGE:TAG \
 with-health-check --enable boolean

func (m *MyModule) Example(container *dagger.Container, enable bool) *dagger.SentryAuditConfig  {
	return dag.
			Sentry().
			Scan(container).
			WithHealthCheck(enable)
}

@function
def example(container: dagger.Container, enable: bool) -> dagger.SentryAuditConfig:
	return (
		dag.sentry()
		.scan(container)
		.with_health_check(enable)
	)

@func()
example(container: Container, enable: boolean): SentryAuditConfig {
	return dag
		.sentry()
		.scan(container)
		.withHealthCheck(enable)
}

ScannerConfig 🔗

ScannerConfig holds configuration for a vulnerability scanner

type() 🔗

Which scanner to use

Return Type

Enum !

Example

Function SentryScannerConfig.type is not accessible from the Sentry module

Function SentryScannerConfig.type is not accessible from the Sentry module

Function SentryScannerConfig.type is not accessible from the Sentry module

Function SentryScannerConfig.type is not accessible from the Sentry module

image() 🔗

Container image for the scanner

Return Type

String !

Example

Function SentryScannerConfig.image is not accessible from the Sentry module

Function SentryScannerConfig.image is not accessible from the Sentry module

Function SentryScannerConfig.image is not accessible from the Sentry module

Function SentryScannerConfig.image is not accessible from the Sentry module

args() 🔗

Command arguments to run

Return Type

[String ! ] !

Example

Function SentryScannerConfig.args is not accessible from the Sentry module

Function SentryScannerConfig.args is not accessible from the Sentry module

Function SentryScannerConfig.args is not accessible from the Sentry module

Function SentryScannerConfig.args is not accessible from the Sentry module

outputFormat() 🔗

Output format type for parsing

Return Type

String !

Example

Function SentryScannerConfig.outputFormat is not accessible from the Sentry module

Function SentryScannerConfig.outputFormat is not accessible from the Sentry module

Function SentryScannerConfig.outputFormat is not accessible from the Sentry module

Function SentryScannerConfig.outputFormat is not accessible from the Sentry module

AuditResult 🔗

AuditResult contains the complete security audit output

timestamp() 🔗

RFC3339 formatted timestamp

Return Type

String !

Example

dagger -m github.com/sylvester-francis/Sentry@a9ad6e7f5d48825e6cd113f47d7ebc2307fce71b call \
 scan --container IMAGE:TAG \
 audit \
 timestamp

func (m *MyModule) Example(ctx context.Context, container *dagger.Container) string  {
	return dag.
			Sentry().
			Scan(container).
			Audit().
			Timestamp(ctx)
}

@function
async def example(container: dagger.Container) -> str:
	return await (
		dag.sentry()
		.scan(container)
		.audit()
		.timestamp()
	)

@func()
async example(container: Container): Promise<string> {
	return dag
		.sentry()
		.scan(container)
		.audit()
		.timestamp()
}

imageRef() 🔗

Container image reference

Return Type

String !

Example

dagger -m github.com/sylvester-francis/Sentry@a9ad6e7f5d48825e6cd113f47d7ebc2307fce71b call \
 scan --container IMAGE:TAG \
 audit \
 image-ref

func (m *MyModule) Example(ctx context.Context, container *dagger.Container) string  {
	return dag.
			Sentry().
			Scan(container).
			Audit().
			ImageRef(ctx)
}

@function
async def example(container: dagger.Container) -> str:
	return await (
		dag.sentry()
		.scan(container)
		.audit()
		.image_ref()
	)

@func()
async example(container: Container): Promise<string> {
	return dag
		.sentry()
		.scan(container)
		.audit()
		.imageRef()
}

scannerUsed() 🔗

Which scanner was used

Return Type

String !

Example

dagger -m github.com/sylvester-francis/Sentry@a9ad6e7f5d48825e6cd113f47d7ebc2307fce71b call \
 scan --container IMAGE:TAG \
 audit \
 scanner-used

func (m *MyModule) Example(ctx context.Context, container *dagger.Container) string  {
	return dag.
			Sentry().
			Scan(container).
			Audit().
			ScannerUsed(ctx)
}

@function
async def example(container: dagger.Container) -> str:
	return await (
		dag.sentry()
		.scan(container)
		.audit()
		.scanner_used()
	)

@func()
async example(container: Container): Promise<string> {
	return dag
		.sentry()
		.scan(container)
		.audit()
		.scannerUsed()
}

checks() 🔗

Results of security checks

Return Type

[SecurityCheck ! ] !

Example

dagger -m github.com/sylvester-francis/Sentry@a9ad6e7f5d48825e6cd113f47d7ebc2307fce71b call \
 scan --container IMAGE:TAG \
 audit \
 checks

func (m *MyModule) Example(container *dagger.Container) []*dagger.SentrySecurityCheck  {
	return dag.
			Sentry().
			Scan(container).
			Audit().
			Checks()
}

@function
def example(container: dagger.Container) -> List[dagger.SentrySecurityCheck]:
	return (
		dag.sentry()
		.scan(container)
		.audit()
		.checks()
	)

@func()
example(container: Container): SentrySecurityCheck[] {
	return dag
		.sentry()
		.scan(container)
		.audit()
		.checks()
}

vulnerabilities() 🔗

List of CVEs found

Return Type

[Vulnerability ! ] !

Example

dagger -m github.com/sylvester-francis/Sentry@a9ad6e7f5d48825e6cd113f47d7ebc2307fce71b call \
 scan --container IMAGE:TAG \
 audit \
 vulnerabilities

func (m *MyModule) Example(container *dagger.Container) []*dagger.SentryVulnerability  {
	return dag.
			Sentry().
			Scan(container).
			Audit().
			Vulnerabilities()
}

@function
def example(container: dagger.Container) -> List[dagger.SentryVulnerability]:
	return (
		dag.sentry()
		.scan(container)
		.audit()
		.vulnerabilities()
	)

@func()
example(container: Container): SentryVulnerability[] {
	return dag
		.sentry()
		.scan(container)
		.audit()
		.vulnerabilities()
}

vulnSummary() 🔗

Aggregated vuln counts

Return Type

VulnerabilitySummary !

Example

dagger -m github.com/sylvester-francis/Sentry@a9ad6e7f5d48825e6cd113f47d7ebc2307fce71b call \
 scan --container IMAGE:TAG \
 audit \
 vuln-summary

func (m *MyModule) Example(container *dagger.Container) *dagger.SentryVulnerabilitySummary  {
	return dag.
			Sentry().
			Scan(container).
			Audit().
			VulnSummary()
}

@function
def example(container: dagger.Container) -> dagger.SentryVulnerabilitySummary:
	return (
		dag.sentry()
		.scan(container)
		.audit()
		.vuln_summary()
	)

@func()
example(container: Container): SentryVulnerabilitySummary {
	return dag
		.sentry()
		.scan(container)
		.audit()
		.vulnSummary()
}

passed() 🔗

Overall pass/fail status

Return Type

Boolean !

Example

dagger -m github.com/sylvester-francis/Sentry@a9ad6e7f5d48825e6cd113f47d7ebc2307fce71b call \
 scan --container IMAGE:TAG \
 audit \
 passed

func (m *MyModule) Example(ctx context.Context, container *dagger.Container) bool  {
	return dag.
			Sentry().
			Scan(container).
			Audit().
			Passed(ctx)
}

@function
async def example(container: dagger.Container) -> bool:
	return await (
		dag.sentry()
		.scan(container)
		.audit()
		.passed()
	)

@func()
async example(container: Container): Promise<boolean> {
	return dag
		.sentry()
		.scan(container)
		.audit()
		.passed()
}

score() 🔗

Security score (0-100)

Return Type

Integer !

Example

dagger -m github.com/sylvester-francis/Sentry@a9ad6e7f5d48825e6cd113f47d7ebc2307fce71b call \
 scan --container IMAGE:TAG \
 audit \
 score

func (m *MyModule) Example(ctx context.Context, container *dagger.Container) int  {
	return dag.
			Sentry().
			Scan(container).
			Audit().
			Score(ctx)
}

@function
async def example(container: dagger.Container) -> int:
	return await (
		dag.sentry()
		.scan(container)
		.audit()
		.score()
	)

@func()
async example(container: Container): Promise<number> {
	return dag
		.sentry()
		.scan(container)
		.audit()
		.score()
}

SecurityCheck 🔗

SecurityCheck represents the result of a single security check

name() 🔗

e.g., “Non-Root User Check”

Return Type

String !

Example

Function SentrySecurityCheck.name is not accessible from the Sentry module

Function SentrySecurityCheck.name is not accessible from the Sentry module

Function SentrySecurityCheck.name is not accessible from the Sentry module

Function SentrySecurityCheck.name is not accessible from the Sentry module

description() 🔗

e.g., “Verifies container runs as non-root”

Return Type

String !

Example

Function SentrySecurityCheck.description is not accessible from the Sentry module

Function SentrySecurityCheck.description is not accessible from the Sentry module

Function SentrySecurityCheck.description is not accessible from the Sentry module

Function SentrySecurityCheck.description is not accessible from the Sentry module

status() 🔗

PASS, FAIL, WARN, SKIP

Return Type

Enum !

Example

Function SentrySecurityCheck.status is not accessible from the Sentry module

Function SentrySecurityCheck.status is not accessible from the Sentry module

Function SentrySecurityCheck.status is not accessible from the Sentry module

Function SentrySecurityCheck.status is not accessible from the Sentry module

details() 🔗

Additional context or findings

Return Type

String !

Example

Function SentrySecurityCheck.details is not accessible from the Sentry module

Function SentrySecurityCheck.details is not accessible from the Sentry module

Function SentrySecurityCheck.details is not accessible from the Sentry module

Function SentrySecurityCheck.details is not accessible from the Sentry module

severity() 🔗

How critical is this check

Return Type

Enum !

Example

Function SentrySecurityCheck.severity is not accessible from the Sentry module

Function SentrySecurityCheck.severity is not accessible from the Sentry module

Function SentrySecurityCheck.severity is not accessible from the Sentry module

Function SentrySecurityCheck.severity is not accessible from the Sentry module

Vulnerability 🔗

Vulnerability represents a single CVE finding from a scanner

packageName() 🔗

e.g., “openssl”

Return Type

String !

Example

Function SentryVulnerability.packageName is not accessible from the Sentry module

Function SentryVulnerability.packageName is not accessible from the Sentry module

Function SentryVulnerability.packageName is not accessible from the Sentry module

Function SentryVulnerability.packageName is not accessible from the Sentry module

cveid() 🔗

e.g., “CVE-2023-12345”

Return Type

String !

Example

Function SentryVulnerability.cveid is not accessible from the Sentry module

Function SentryVulnerability.cveid is not accessible from the Sentry module

Function SentryVulnerability.cveid is not accessible from the Sentry module

Function SentryVulnerability.cveid is not accessible from the Sentry module

severity() 🔗

CRITICAL, HIGH, etc.

Return Type

Enum !

Example

Function SentryVulnerability.severity is not accessible from the Sentry module

Function SentryVulnerability.severity is not accessible from the Sentry module

Function SentryVulnerability.severity is not accessible from the Sentry module

Function SentryVulnerability.severity is not accessible from the Sentry module

installedVersion() 🔗

Currently installed version

Return Type

String !

Example

Function SentryVulnerability.installedVersion is not accessible from the Sentry module

Function SentryVulnerability.installedVersion is not accessible from the Sentry module

Function SentryVulnerability.installedVersion is not accessible from the Sentry module

Function SentryVulnerability.installedVersion is not accessible from the Sentry module

fixedVersion() 🔗

Version with the fix (if available)

Return Type

String !

Example

Function SentryVulnerability.fixedVersion is not accessible from the Sentry module

Function SentryVulnerability.fixedVersion is not accessible from the Sentry module

Function SentryVulnerability.fixedVersion is not accessible from the Sentry module

Function SentryVulnerability.fixedVersion is not accessible from the Sentry module

VulnerabilitySummary 🔗

VulnerabilitySummary aggregates vulnerability counts by severity

critical() 🔗

Return Type

Integer !

Example

Function SentryVulnerabilitySummary.critical is not accessible from the Sentry module

Function SentryVulnerabilitySummary.critical is not accessible from the Sentry module

Function SentryVulnerabilitySummary.critical is not accessible from the Sentry module

Function SentryVulnerabilitySummary.critical is not accessible from the Sentry module

high() 🔗

Return Type

Integer !

Example

Function SentryVulnerabilitySummary.high is not accessible from the Sentry module

Function SentryVulnerabilitySummary.high is not accessible from the Sentry module

Function SentryVulnerabilitySummary.high is not accessible from the Sentry module

Function SentryVulnerabilitySummary.high is not accessible from the Sentry module

medium() 🔗

Return Type

Integer !

Example

Function SentryVulnerabilitySummary.medium is not accessible from the Sentry module

Function SentryVulnerabilitySummary.medium is not accessible from the Sentry module

Function SentryVulnerabilitySummary.medium is not accessible from the Sentry module

Function SentryVulnerabilitySummary.medium is not accessible from the Sentry module

low() 🔗

Return Type

Integer !

Example

Function SentryVulnerabilitySummary.low is not accessible from the Sentry module

Function SentryVulnerabilitySummary.low is not accessible from the Sentry module

Function SentryVulnerabilitySummary.low is not accessible from the Sentry module

Function SentryVulnerabilitySummary.low is not accessible from the Sentry module

total() 🔗

Return Type

Integer !

Example

Function SentryVulnerabilitySummary.total is not accessible from the Sentry module

Function SentryVulnerabilitySummary.total is not accessible from the Sentry module

Function SentryVulnerabilitySummary.total is not accessible from the Sentry module

Function SentryVulnerabilitySummary.total is not accessible from the Sentry module