Sentry

Sentry audits container images for security vulnerabilities and misconfigurations
using multiple scanners (Trivy, Grype, Snyk, Wiz, Black Duck) and performs
security best practice checks. Generates compliance-ready reports with security
scoring, pass/fail status, and detailed findings.

Example usage:

dagger call scan-image --image-ref nginx:latest report
dagger call scan-image --image-ref myapp:latest with-grype summary
dagger call scan-image --image-ref myapp:latest ignore-cves --cve-ids CVE-2024-1234 score

Installation

dagger install github.com/sylvester-francis/Sentry@v0.0.3

Entrypoint

Return Type

Sentry

Example

dagger -m github.com/sylvester-francis/Sentry@e330b5947a471870b14299b5fa3e5239c981fd27 call \

func (m *MyModule) Example() *dagger.Sentry  {
	return dag.
			Sentry()
}

@function
def example() -> dagger.Sentry:
	return (
		dag.sentry()
	)

@func()
example(): Sentry {
	return dag
		.sentry()
}

Types

Sentry 🔗

Sentry is the main module struct for container security auditing

test() 🔗

Test runs unit tests for the Sentry module and returns a test report

Return Type

String !

Example

dagger -m github.com/sylvester-francis/Sentry@e330b5947a471870b14299b5fa3e5239c981fd27 call \
 test

func (m *MyModule) Example(ctx context.Context) string  {
	return dag.
			Sentry().
			Test(ctx)
}

@function
async def example() -> str:
	return await (
		dag.sentry()
		.test()
	)

@func()
async example(): Promise<string> {
	return dag
		.sentry()
		.test()
}

scan() 🔗

Scan initializes a security audit for the given container Returns an AuditConfig that can be further configured with chain methods Default scanner is Trivy

Return Type

AuditConfig !

Arguments

Name	Type	Default Value	Description
container	Container !	-	Container image to audit for security vulnerabilities

Example

dagger -m github.com/sylvester-francis/Sentry@e330b5947a471870b14299b5fa3e5239c981fd27 call \
 scan --container IMAGE:TAG

func (m *MyModule) Example(container *dagger.Container) *dagger.SentryAuditConfig  {
	return dag.
			Sentry().
			Scan(container)
}

@function
def example(container: dagger.Container) -> dagger.SentryAuditConfig:
	return (
		dag.sentry()
		.scan(container)
	)

@func()
example(container: Container): SentryAuditConfig {
	return dag
		.sentry()
		.scan(container)
}

scanImage() 🔗

ScanImage initializes a security audit from a container image reference This is a convenience method that pulls the image and scans it Returns an AuditConfig that can be further configured with chain methods

Return Type

AuditConfig !

Arguments

Name	Type	Default Value	Description
imageRef	String !	-	Container image reference (e.g., "nginx:latest", "alpine:3.18")

Example

dagger -m github.com/sylvester-francis/Sentry@e330b5947a471870b14299b5fa3e5239c981fd27 call \
 scan-image --image-ref string

func (m *MyModule) Example(imageRef string) *dagger.SentryAuditConfig  {
	return dag.
			Sentry().
			ScanImage(imageRef)
}

@function
def example(image_ref: str) -> dagger.SentryAuditConfig:
	return (
		dag.sentry()
		.scan_image(image_ref)
	)

@func()
example(imageRef: string): SentryAuditConfig {
	return dag
		.sentry()
		.scanImage(imageRef)
}

AuditConfig 🔗

AuditConfig holds the configuration for a security audit

container() 🔗

The container to audit

Return Type

Container !

Example

dagger -m github.com/sylvester-francis/Sentry@e330b5947a471870b14299b5fa3e5239c981fd27 call \
 scan-image --image-ref string \
 container

func (m *MyModule) Example(imageRef string) *dagger.Container  {
	return dag.
			Sentry().
			ScanImage(imageRef).
			Container()
}

@function
def example(image_ref: str) -> dagger.Container:
	return (
		dag.sentry()
		.scan_image(image_ref)
		.container()
	)

@func()
example(imageRef: string): Container {
	return dag
		.sentry()
		.scanImage(imageRef)
		.container()
}

scanner() 🔗

Vulnerability scanner configuration

Return Type

ScannerConfig !

Example

dagger -m github.com/sylvester-francis/Sentry@e330b5947a471870b14299b5fa3e5239c981fd27 call \
 scan-image --image-ref string \
 scanner

func (m *MyModule) Example(imageRef string) *dagger.SentryScannerConfig  {
	return dag.
			Sentry().
			ScanImage(imageRef).
			Scanner()
}

@function
def example(image_ref: str) -> dagger.SentryScannerConfig:
	return (
		dag.sentry()
		.scan_image(image_ref)
		.scanner()
	)

@func()
example(imageRef: string): SentryScannerConfig {
	return dag
		.sentry()
		.scanImage(imageRef)
		.scanner()
}

failOnSeverity() 🔗

Fail if vulns >= this severity

Return Type

Enum !

Example

dagger -m github.com/sylvester-francis/Sentry@e330b5947a471870b14299b5fa3e5239c981fd27 call \
 scan-image --image-ref string \
 fail-on-severity

func (m *MyModule) Example(imageRef string)   {
	return dag.
			Sentry().
			ScanImage(imageRef).
			FailOnSeverity()
}

@function
def example(image_ref: str) -> :
	return (
		dag.sentry()
		.scan_image(image_ref)
		.fail_on_severity()
	)

@func()
example(imageRef: string):  {
	return dag
		.sentry()
		.scanImage(imageRef)
		.failOnSeverity()
}

checkSecrets() 🔗

Check for secrets in env vars

Return Type

Boolean !

Example

dagger -m github.com/sylvester-francis/Sentry@e330b5947a471870b14299b5fa3e5239c981fd27 call \
 scan-image --image-ref string \
 check-secrets

func (m *MyModule) Example(ctx context.Context, imageRef string) bool  {
	return dag.
			Sentry().
			ScanImage(imageRef).
			CheckSecrets(ctx)
}

@function
async def example(image_ref: str) -> bool:
	return await (
		dag.sentry()
		.scan_image(image_ref)
		.check_secrets()
	)

@func()
async example(imageRef: string): Promise<boolean> {
	return dag
		.sentry()
		.scanImage(imageRef)
		.checkSecrets()
}

checkNonRoot() 🔗

Check for non-root user

Return Type

Boolean !

Example

dagger -m github.com/sylvester-francis/Sentry@e330b5947a471870b14299b5fa3e5239c981fd27 call \
 scan-image --image-ref string \
 check-non-root

func (m *MyModule) Example(ctx context.Context, imageRef string) bool  {
	return dag.
			Sentry().
			ScanImage(imageRef).
			CheckNonRoot(ctx)
}

@function
async def example(image_ref: str) -> bool:
	return await (
		dag.sentry()
		.scan_image(image_ref)
		.check_non_root()
	)

@func()
async example(imageRef: string): Promise<boolean> {
	return dag
		.sentry()
		.scanImage(imageRef)
		.checkNonRoot()
}

checkHealth() 🔗

Check for healthcheck

Return Type

Boolean !

Example

dagger -m github.com/sylvester-francis/Sentry@e330b5947a471870b14299b5fa3e5239c981fd27 call \
 scan-image --image-ref string \
 check-health

func (m *MyModule) Example(ctx context.Context, imageRef string) bool  {
	return dag.
			Sentry().
			ScanImage(imageRef).
			CheckHealth(ctx)
}

@function
async def example(image_ref: str) -> bool:
	return await (
		dag.sentry()
		.scan_image(image_ref)
		.check_health()
	)

@func()
async example(imageRef: string): Promise<boolean> {
	return dag
		.sentry()
		.scanImage(imageRef)
		.checkHealth()
}

ignoredCves() 🔗

CVE IDs to ignore (suppress from results)

Return Type

[String ! ] !

Example

dagger -m github.com/sylvester-francis/Sentry@e330b5947a471870b14299b5fa3e5239c981fd27 call \
 scan-image --image-ref string \
 ignored-cves

func (m *MyModule) Example(ctx context.Context, imageRef string) []string  {
	return dag.
			Sentry().
			ScanImage(imageRef).
			IgnoredCves(ctx)
}

@function
async def example(image_ref: str) -> List[str]:
	return await (
		dag.sentry()
		.scan_image(image_ref)
		.ignored_cves()
	)

@func()
async example(imageRef: string): Promise<string[]> {
	return dag
		.sentry()
		.scanImage(imageRef)
		.ignoredCves()
}

audit() 🔗

Audit runs the complete security audit and returns the result

Return Type

AuditResult !

Example

dagger -m github.com/sylvester-francis/Sentry@e330b5947a471870b14299b5fa3e5239c981fd27 call \
 scan-image --image-ref string \
 audit

func (m *MyModule) Example(imageRef string) *dagger.SentryAuditResult  {
	return dag.
			Sentry().
			ScanImage(imageRef).
			Audit()
}

@function
def example(image_ref: str) -> dagger.SentryAuditResult:
	return (
		dag.sentry()
		.scan_image(image_ref)
		.audit()
	)

@func()
example(imageRef: string): SentryAuditResult {
	return dag
		.sentry()
		.scanImage(imageRef)
		.audit()
}

report() 🔗

Report generates a Markdown security audit report

Return Type

String !

Example

dagger -m github.com/sylvester-francis/Sentry@e330b5947a471870b14299b5fa3e5239c981fd27 call \
 scan-image --image-ref string \
 report

func (m *MyModule) Example(ctx context.Context, imageRef string) string  {
	return dag.
			Sentry().
			ScanImage(imageRef).
			Report(ctx)
}

@function
async def example(image_ref: str) -> str:
	return await (
		dag.sentry()
		.scan_image(image_ref)
		.report()
	)

@func()
async example(imageRef: string): Promise<string> {
	return dag
		.sentry()
		.scanImage(imageRef)
		.report()
}

json() 🔗

Json generates a JSON security audit report

Return Type

String !

Example

dagger -m github.com/sylvester-francis/Sentry@e330b5947a471870b14299b5fa3e5239c981fd27 call \
 scan-image --image-ref string \
 json

func (m *MyModule) Example(ctx context.Context, imageRef string) string  {
	return dag.
			Sentry().
			ScanImage(imageRef).
			Json(ctx)
}

@function
async def example(image_ref: str) -> str:
	return await (
		dag.sentry()
		.scan_image(image_ref)
		.json()
	)

@func()
async example(imageRef: string): Promise<string> {
	return dag
		.sentry()
		.scanImage(imageRef)
		.json()
}

passed() 🔗

Passed returns true if the audit passed all checks

Return Type

Boolean !

Example

dagger -m github.com/sylvester-francis/Sentry@e330b5947a471870b14299b5fa3e5239c981fd27 call \
 scan-image --image-ref string \
 passed

func (m *MyModule) Example(ctx context.Context, imageRef string) bool  {
	return dag.
			Sentry().
			ScanImage(imageRef).
			Passed(ctx)
}

@function
async def example(image_ref: str) -> bool:
	return await (
		dag.sentry()
		.scan_image(image_ref)
		.passed()
	)

@func()
async example(imageRef: string): Promise<boolean> {
	return dag
		.sentry()
		.scanImage(imageRef)
		.passed()
}

exitCode() 🔗

ExitCode returns 0 if passed, 1 if failed (for CI integration)

Return Type

Integer !

Example

dagger -m github.com/sylvester-francis/Sentry@e330b5947a471870b14299b5fa3e5239c981fd27 call \
 scan-image --image-ref string \
 exit-code

func (m *MyModule) Example(ctx context.Context, imageRef string) int  {
	return dag.
			Sentry().
			ScanImage(imageRef).
			ExitCode(ctx)
}

@function
async def example(image_ref: str) -> int:
	return await (
		dag.sentry()
		.scan_image(image_ref)
		.exit_code()
	)

@func()
async example(imageRef: string): Promise<number> {
	return dag
		.sentry()
		.scanImage(imageRef)
		.exitCode()
}

score() 🔗

Score returns just the numeric security score (0-100)

Return Type

Integer !

Example

dagger -m github.com/sylvester-francis/Sentry@e330b5947a471870b14299b5fa3e5239c981fd27 call \
 scan-image --image-ref string \
 score

func (m *MyModule) Example(ctx context.Context, imageRef string) int  {
	return dag.
			Sentry().
			ScanImage(imageRef).
			Score(ctx)
}

@function
async def example(image_ref: str) -> int:
	return await (
		dag.sentry()
		.scan_image(image_ref)
		.score()
	)

@func()
async example(imageRef: string): Promise<number> {
	return dag
		.sentry()
		.scanImage(imageRef)
		.score()
}

summary() 🔗

Summary generates a concise one-line status summary

Return Type

String !

Example

dagger -m github.com/sylvester-francis/Sentry@e330b5947a471870b14299b5fa3e5239c981fd27 call \
 scan-image --image-ref string \
 summary

func (m *MyModule) Example(ctx context.Context, imageRef string) string  {
	return dag.
			Sentry().
			ScanImage(imageRef).
			Summary(ctx)
}

@function
async def example(image_ref: str) -> str:
	return await (
		dag.sentry()
		.scan_image(image_ref)
		.summary()
	)

@func()
async example(imageRef: string): Promise<string> {
	return dag
		.sentry()
		.scanImage(imageRef)
		.summary()
}

withTrivy() 🔗

WithTrivy uses Trivy as the vulnerability scanner (default)

Return Type

AuditConfig !

Example

dagger -m github.com/sylvester-francis/Sentry@e330b5947a471870b14299b5fa3e5239c981fd27 call \
 scan-image --image-ref string \
 with-trivy

func (m *MyModule) Example(imageRef string) *dagger.SentryAuditConfig  {
	return dag.
			Sentry().
			ScanImage(imageRef).
			WithTrivy()
}

@function
def example(image_ref: str) -> dagger.SentryAuditConfig:
	return (
		dag.sentry()
		.scan_image(image_ref)
		.with_trivy()
	)

@func()
example(imageRef: string): SentryAuditConfig {
	return dag
		.sentry()
		.scanImage(imageRef)
		.withTrivy()
}

withGrype() 🔗

WithGrype uses Grype (Anchore) as the vulnerability scanner

Return Type

AuditConfig !

Example

dagger -m github.com/sylvester-francis/Sentry@e330b5947a471870b14299b5fa3e5239c981fd27 call \
 scan-image --image-ref string \
 with-grype

func (m *MyModule) Example(imageRef string) *dagger.SentryAuditConfig  {
	return dag.
			Sentry().
			ScanImage(imageRef).
			WithGrype()
}

@function
def example(image_ref: str) -> dagger.SentryAuditConfig:
	return (
		dag.sentry()
		.scan_image(image_ref)
		.with_grype()
	)

@func()
example(imageRef: string): SentryAuditConfig {
	return dag
		.sentry()
		.scanImage(imageRef)
		.withGrype()
}

withSnyk() 🔗

WithSnyk uses Snyk as the vulnerability scanner Requires SNYK_TOKEN environment variable

Return Type

AuditConfig !

Arguments

Name	Type	Default Value	Description
token	Secret !	-	Snyk authentication token (env:SNYK_TOKEN)

Example

dagger -m github.com/sylvester-francis/Sentry@e330b5947a471870b14299b5fa3e5239c981fd27 call \
 scan-image --image-ref string \
 with-snyk --token env:MYSECRET

func (m *MyModule) Example(imageRef string, token *dagger.Secret) *dagger.SentryAuditConfig  {
	return dag.
			Sentry().
			ScanImage(imageRef).
			WithSnyk(token)
}

@function
def example(image_ref: str, token: dagger.Secret) -> dagger.SentryAuditConfig:
	return (
		dag.sentry()
		.scan_image(image_ref)
		.with_snyk(token)
	)

@func()
example(imageRef: string, token: Secret): SentryAuditConfig {
	return dag
		.sentry()
		.scanImage(imageRef)
		.withSnyk(token)
}

withWiz() 🔗

WithWiz uses Wiz as the vulnerability scanner Requires WIZ_CLIENT_ID and WIZ_CLIENT_SECRET

Return Type

AuditConfig !

Arguments

Name	Type	Default Value	Description
clientId	Secret !	-	Wiz client ID credential
clientSecret	Secret !	-	Wiz client secret credential

Example

dagger -m github.com/sylvester-francis/Sentry@e330b5947a471870b14299b5fa3e5239c981fd27 call \
 scan-image --image-ref string \
 with-wiz --client-id env:MYSECRET --client-secret env:MYSECRET

func (m *MyModule) Example(imageRef string, clientId *dagger.Secret, clientSecret *dagger.Secret) *dagger.SentryAuditConfig  {
	return dag.
			Sentry().
			ScanImage(imageRef).
			WithWiz(clientId, clientSecret)
}

@function
def example(image_ref: str, client_id: dagger.Secret, client_secret: dagger.Secret) -> dagger.SentryAuditConfig:
	return (
		dag.sentry()
		.scan_image(image_ref)
		.with_wiz(client_id, client_secret)
	)

@func()
example(imageRef: string, clientId: Secret, clientSecret: Secret): SentryAuditConfig {
	return dag
		.sentry()
		.scanImage(imageRef)
		.withWiz(clientId, clientSecret)
}

withBlackDuck() 🔗

WithBlackDuck uses Black Duck as the vulnerability scanner Requires BLACKDUCK_URL and BLACKDUCK_API_TOKEN

Return Type

AuditConfig !

Arguments

Name	Type	Default Value	Description
url	String !	-	Black Duck server URL
token	Secret !	-	Black Duck API token

Example

dagger -m github.com/sylvester-francis/Sentry@e330b5947a471870b14299b5fa3e5239c981fd27 call \
 scan-image --image-ref string \
 with-black-duck --url string --token env:MYSECRET

func (m *MyModule) Example(imageRef string, url string, token *dagger.Secret) *dagger.SentryAuditConfig  {
	return dag.
			Sentry().
			ScanImage(imageRef).
			WithBlackDuck(url, token)
}

@function
def example(image_ref: str, url: str, token: dagger.Secret) -> dagger.SentryAuditConfig:
	return (
		dag.sentry()
		.scan_image(image_ref)
		.with_black_duck(url, token)
	)

@func()
example(imageRef: string, url: string, token: Secret): SentryAuditConfig {
	return dag
		.sentry()
		.scanImage(imageRef)
		.withBlackDuck(url, token)
}

withCustomScanner() 🔗

WithCustomScanner uses a custom scanner container You provide the container image, command args, and output format for parsing

Return Type

AuditConfig !

Arguments

Name	Type	Default Value	Description
image	String !	-	Scanner container image (e.g., "aquasec/trivy:latest")
args	[String ! ] !	-	Command arguments to pass to the scanner
outputFormat	String	"trivy"	Output format for parsing (trivy, grype, snyk, etc.)

Example

dagger -m github.com/sylvester-francis/Sentry@e330b5947a471870b14299b5fa3e5239c981fd27 call \
 scan-image --image-ref string \
 with-custom-scanner --image string --args string1 --args string2

func (m *MyModule) Example(imageRef string, image string, args []string) *dagger.SentryAuditConfig  {
	return dag.
			Sentry().
			ScanImage(imageRef).
			WithCustomScanner(image, args)
}

@function
def example(image_ref: str, image: str, args: List[str]) -> dagger.SentryAuditConfig:
	return (
		dag.sentry()
		.scan_image(image_ref)
		.with_custom_scanner(image, args)
	)

@func()
example(imageRef: string, image: string, args: string[]): SentryAuditConfig {
	return dag
		.sentry()
		.scanImage(imageRef)
		.withCustomScanner(image, args)
}

withoutScanner() 🔗

WithoutScanner disables vulnerability scanning entirely

Return Type

AuditConfig !

Example

dagger -m github.com/sylvester-francis/Sentry@e330b5947a471870b14299b5fa3e5239c981fd27 call \
 scan-image --image-ref string \
 without-scanner

func (m *MyModule) Example(imageRef string) *dagger.SentryAuditConfig  {
	return dag.
			Sentry().
			ScanImage(imageRef).
			WithoutScanner()
}

@function
def example(image_ref: str) -> dagger.SentryAuditConfig:
	return (
		dag.sentry()
		.scan_image(image_ref)
		.without_scanner()
	)

@func()
example(imageRef: string): SentryAuditConfig {
	return dag
		.sentry()
		.scanImage(imageRef)
		.withoutScanner()
}

failOn() 🔗

FailOn sets the minimum severity that causes the audit to fail

Return Type

AuditConfig !

Arguments

Name	Type	Default Value	Description
severity	Enum !	-	Minimum severity level (CRITICAL, HIGH, MEDIUM, LOW, INFO)

Example

dagger -m github.com/sylvester-francis/Sentry@e330b5947a471870b14299b5fa3e5239c981fd27 call \
 scan-image --image-ref string \
 fail-on

func (m *MyModule) Example(imageRef string, severity ) *dagger.SentryAuditConfig  {
	return dag.
			Sentry().
			ScanImage(imageRef).
			FailOn(severity)
}

@function
def example(image_ref: str, severity: ) -> dagger.SentryAuditConfig:
	return (
		dag.sentry()
		.scan_image(image_ref)
		.fail_on(severity)
	)

@func()
example(imageRef: string, severity: ): SentryAuditConfig {
	return dag
		.sentry()
		.scanImage(imageRef)
		.failOn(severity)
}

withSecretCheck() 🔗

WithSecretCheck enables or disables secret detection in environment variables

Return Type

AuditConfig !

Arguments

Name	Type	Default Value	Description
enable	Boolean !	-	Enable or disable secret detection (true to enable, false to disable)

Example

dagger -m github.com/sylvester-francis/Sentry@e330b5947a471870b14299b5fa3e5239c981fd27 call \
 scan-image --image-ref string \
 with-secret-check --enable boolean

func (m *MyModule) Example(imageRef string, enable bool) *dagger.SentryAuditConfig  {
	return dag.
			Sentry().
			ScanImage(imageRef).
			WithSecretCheck(enable)
}

@function
def example(image_ref: str, enable: bool) -> dagger.SentryAuditConfig:
	return (
		dag.sentry()
		.scan_image(image_ref)
		.with_secret_check(enable)
	)

@func()
example(imageRef: string, enable: boolean): SentryAuditConfig {
	return dag
		.sentry()
		.scanImage(imageRef)
		.withSecretCheck(enable)
}

withNonRootCheck() 🔗

WithNonRootCheck enables or disables the non-root user check

Return Type

AuditConfig !

Arguments

Name	Type	Default Value	Description
enable	Boolean !	-	Enable or disable non-root user check (true to enable, false to disable)

Example

dagger -m github.com/sylvester-francis/Sentry@e330b5947a471870b14299b5fa3e5239c981fd27 call \
 scan-image --image-ref string \
 with-non-root-check --enable boolean

func (m *MyModule) Example(imageRef string, enable bool) *dagger.SentryAuditConfig  {
	return dag.
			Sentry().
			ScanImage(imageRef).
			WithNonRootCheck(enable)
}

@function
def example(image_ref: str, enable: bool) -> dagger.SentryAuditConfig:
	return (
		dag.sentry()
		.scan_image(image_ref)
		.with_non_root_check(enable)
	)

@func()
example(imageRef: string, enable: boolean): SentryAuditConfig {
	return dag
		.sentry()
		.scanImage(imageRef)
		.withNonRootCheck(enable)
}

withHealthCheck() 🔗

WithHealthCheck enables or disables the healthcheck verification

Return Type

AuditConfig !

Arguments

Name	Type	Default Value	Description
enable	Boolean !	-	Enable or disable healthcheck verification (true to enable, false to disable)

Example

dagger -m github.com/sylvester-francis/Sentry@e330b5947a471870b14299b5fa3e5239c981fd27 call \
 scan-image --image-ref string \
 with-health-check --enable boolean

func (m *MyModule) Example(imageRef string, enable bool) *dagger.SentryAuditConfig  {
	return dag.
			Sentry().
			ScanImage(imageRef).
			WithHealthCheck(enable)
}

@function
def example(image_ref: str, enable: bool) -> dagger.SentryAuditConfig:
	return (
		dag.sentry()
		.scan_image(image_ref)
		.with_health_check(enable)
	)

@func()
example(imageRef: string, enable: boolean): SentryAuditConfig {
	return dag
		.sentry()
		.scanImage(imageRef)
		.withHealthCheck(enable)
}

ignoreCves() 🔗

IgnoreCVEs suppresses specific CVE IDs from the audit results Useful for known false positives or accepted risks

Return Type

AuditConfig !

Arguments

Name	Type	Default Value	Description
cveIds	[String ! ] !	-	List of CVE IDs to ignore (e.g., ["CVE-2024-1234", "CVE-2024-5678"])

Example

dagger -m github.com/sylvester-francis/Sentry@e330b5947a471870b14299b5fa3e5239c981fd27 call \
 scan-image --image-ref string \
 ignore-cves --cve-ids string1 --cve-ids string2

func (m *MyModule) Example(imageRef string, cveIds []string) *dagger.SentryAuditConfig  {
	return dag.
			Sentry().
			ScanImage(imageRef).
			IgnoreCves(cveIds)
}

@function
def example(image_ref: str, cve_ids: List[str]) -> dagger.SentryAuditConfig:
	return (
		dag.sentry()
		.scan_image(image_ref)
		.ignore_cves(cve_ids)
	)

@func()
example(imageRef: string, cveIds: string[]): SentryAuditConfig {
	return dag
		.sentry()
		.scanImage(imageRef)
		.ignoreCves(cveIds)
}

ScannerConfig 🔗

ScannerConfig holds configuration for a vulnerability scanner

type() 🔗

Which scanner to use

Return Type

Enum !

Example

Function SentryScannerConfig.type is not accessible from the Sentry module

Function SentryScannerConfig.type is not accessible from the Sentry module

Function SentryScannerConfig.type is not accessible from the Sentry module

Function SentryScannerConfig.type is not accessible from the Sentry module

image() 🔗

Container image for the scanner

Return Type

String !

Example

Function SentryScannerConfig.image is not accessible from the Sentry module

Function SentryScannerConfig.image is not accessible from the Sentry module

Function SentryScannerConfig.image is not accessible from the Sentry module

Function SentryScannerConfig.image is not accessible from the Sentry module

args() 🔗

Command arguments to run

Return Type

[String ! ] !

Example

Function SentryScannerConfig.args is not accessible from the Sentry module

Function SentryScannerConfig.args is not accessible from the Sentry module

Function SentryScannerConfig.args is not accessible from the Sentry module

Function SentryScannerConfig.args is not accessible from the Sentry module

outputFormat() 🔗

Output format type for parsing

Return Type

String !

Example

Function SentryScannerConfig.outputFormat is not accessible from the Sentry module

Function SentryScannerConfig.outputFormat is not accessible from the Sentry module

Function SentryScannerConfig.outputFormat is not accessible from the Sentry module

Function SentryScannerConfig.outputFormat is not accessible from the Sentry module

AuditResult 🔗

AuditResult contains the complete security audit output

timestamp() 🔗

RFC3339 formatted timestamp

Return Type

String !

Example

dagger -m github.com/sylvester-francis/Sentry@e330b5947a471870b14299b5fa3e5239c981fd27 call \
 scan-image --image-ref string \
 audit \
 timestamp

func (m *MyModule) Example(ctx context.Context, imageRef string) string  {
	return dag.
			Sentry().
			ScanImage(imageRef).
			Audit().
			Timestamp(ctx)
}

@function
async def example(image_ref: str) -> str:
	return await (
		dag.sentry()
		.scan_image(image_ref)
		.audit()
		.timestamp()
	)

@func()
async example(imageRef: string): Promise<string> {
	return dag
		.sentry()
		.scanImage(imageRef)
		.audit()
		.timestamp()
}

imageRef() 🔗

Container image reference

Return Type

String !

Example

dagger -m github.com/sylvester-francis/Sentry@e330b5947a471870b14299b5fa3e5239c981fd27 call \
 scan-image --image-ref string \
 audit \
 image-ref

func (m *MyModule) Example(ctx context.Context, imageRef string) string  {
	return dag.
			Sentry().
			ScanImage(imageRef).
			Audit().
			ImageRef(ctx)
}

@function
async def example(image_ref: str) -> str:
	return await (
		dag.sentry()
		.scan_image(image_ref)
		.audit()
		.image_ref()
	)

@func()
async example(imageRef: string): Promise<string> {
	return dag
		.sentry()
		.scanImage(imageRef)
		.audit()
		.imageRef()
}

scannerUsed() 🔗

Which scanner was used

Return Type

String !

Example

dagger -m github.com/sylvester-francis/Sentry@e330b5947a471870b14299b5fa3e5239c981fd27 call \
 scan-image --image-ref string \
 audit \
 scanner-used

func (m *MyModule) Example(ctx context.Context, imageRef string) string  {
	return dag.
			Sentry().
			ScanImage(imageRef).
			Audit().
			ScannerUsed(ctx)
}

@function
async def example(image_ref: str) -> str:
	return await (
		dag.sentry()
		.scan_image(image_ref)
		.audit()
		.scanner_used()
	)

@func()
async example(imageRef: string): Promise<string> {
	return dag
		.sentry()
		.scanImage(imageRef)
		.audit()
		.scannerUsed()
}

checks() 🔗

Results of security checks

Return Type

[SecurityCheck ! ] !

Example

dagger -m github.com/sylvester-francis/Sentry@e330b5947a471870b14299b5fa3e5239c981fd27 call \
 scan-image --image-ref string \
 audit \
 checks

func (m *MyModule) Example(imageRef string) []*dagger.SentrySecurityCheck  {
	return dag.
			Sentry().
			ScanImage(imageRef).
			Audit().
			Checks()
}

@function
def example(image_ref: str) -> List[dagger.SentrySecurityCheck]:
	return (
		dag.sentry()
		.scan_image(image_ref)
		.audit()
		.checks()
	)

@func()
example(imageRef: string): SentrySecurityCheck[] {
	return dag
		.sentry()
		.scanImage(imageRef)
		.audit()
		.checks()
}

vulnerabilities() 🔗

List of CVEs found

Return Type

[Vulnerability ! ] !

Example

dagger -m github.com/sylvester-francis/Sentry@e330b5947a471870b14299b5fa3e5239c981fd27 call \
 scan-image --image-ref string \
 audit \
 vulnerabilities

func (m *MyModule) Example(imageRef string) []*dagger.SentryVulnerability  {
	return dag.
			Sentry().
			ScanImage(imageRef).
			Audit().
			Vulnerabilities()
}

@function
def example(image_ref: str) -> List[dagger.SentryVulnerability]:
	return (
		dag.sentry()
		.scan_image(image_ref)
		.audit()
		.vulnerabilities()
	)

@func()
example(imageRef: string): SentryVulnerability[] {
	return dag
		.sentry()
		.scanImage(imageRef)
		.audit()
		.vulnerabilities()
}

vulnSummary() 🔗

Aggregated vuln counts

Return Type

VulnerabilitySummary !

Example

dagger -m github.com/sylvester-francis/Sentry@e330b5947a471870b14299b5fa3e5239c981fd27 call \
 scan-image --image-ref string \
 audit \
 vuln-summary

func (m *MyModule) Example(imageRef string) *dagger.SentryVulnerabilitySummary  {
	return dag.
			Sentry().
			ScanImage(imageRef).
			Audit().
			VulnSummary()
}

@function
def example(image_ref: str) -> dagger.SentryVulnerabilitySummary:
	return (
		dag.sentry()
		.scan_image(image_ref)
		.audit()
		.vuln_summary()
	)

@func()
example(imageRef: string): SentryVulnerabilitySummary {
	return dag
		.sentry()
		.scanImage(imageRef)
		.audit()
		.vulnSummary()
}

passed() 🔗

Overall pass/fail status

Return Type

Boolean !

Example

dagger -m github.com/sylvester-francis/Sentry@e330b5947a471870b14299b5fa3e5239c981fd27 call \
 scan-image --image-ref string \
 audit \
 passed

func (m *MyModule) Example(ctx context.Context, imageRef string) bool  {
	return dag.
			Sentry().
			ScanImage(imageRef).
			Audit().
			Passed(ctx)
}

@function
async def example(image_ref: str) -> bool:
	return await (
		dag.sentry()
		.scan_image(image_ref)
		.audit()
		.passed()
	)

@func()
async example(imageRef: string): Promise<boolean> {
	return dag
		.sentry()
		.scanImage(imageRef)
		.audit()
		.passed()
}

score() 🔗

Security score (0-100)

Return Type

Integer !

Example

dagger -m github.com/sylvester-francis/Sentry@e330b5947a471870b14299b5fa3e5239c981fd27 call \
 scan-image --image-ref string \
 audit \
 score

func (m *MyModule) Example(ctx context.Context, imageRef string) int  {
	return dag.
			Sentry().
			ScanImage(imageRef).
			Audit().
			Score(ctx)
}

@function
async def example(image_ref: str) -> int:
	return await (
		dag.sentry()
		.scan_image(image_ref)
		.audit()
		.score()
	)

@func()
async example(imageRef: string): Promise<number> {
	return dag
		.sentry()
		.scanImage(imageRef)
		.audit()
		.score()
}

SecurityCheck 🔗

SecurityCheck represents the result of a single security check

name() 🔗

e.g., “Non-Root User Check”

Return Type

String !

Example

Function SentrySecurityCheck.name is not accessible from the Sentry module

Function SentrySecurityCheck.name is not accessible from the Sentry module

Function SentrySecurityCheck.name is not accessible from the Sentry module

Function SentrySecurityCheck.name is not accessible from the Sentry module

description() 🔗

e.g., “Verifies container runs as non-root”

Return Type

String !

Example

Function SentrySecurityCheck.description is not accessible from the Sentry module

Function SentrySecurityCheck.description is not accessible from the Sentry module

Function SentrySecurityCheck.description is not accessible from the Sentry module

Function SentrySecurityCheck.description is not accessible from the Sentry module

status() 🔗

PASS, FAIL, WARN, SKIP

Return Type

Enum !

Example

Function SentrySecurityCheck.status is not accessible from the Sentry module

Function SentrySecurityCheck.status is not accessible from the Sentry module

Function SentrySecurityCheck.status is not accessible from the Sentry module

Function SentrySecurityCheck.status is not accessible from the Sentry module

details() 🔗

Additional context or findings

Return Type

String !

Example

Function SentrySecurityCheck.details is not accessible from the Sentry module

Function SentrySecurityCheck.details is not accessible from the Sentry module

Function SentrySecurityCheck.details is not accessible from the Sentry module

Function SentrySecurityCheck.details is not accessible from the Sentry module

severity() 🔗

How critical is this check

Return Type

Enum !

Example

Function SentrySecurityCheck.severity is not accessible from the Sentry module

Function SentrySecurityCheck.severity is not accessible from the Sentry module

Function SentrySecurityCheck.severity is not accessible from the Sentry module

Function SentrySecurityCheck.severity is not accessible from the Sentry module

Vulnerability 🔗

Vulnerability represents a single CVE finding from a scanner

packageName() 🔗

e.g., “openssl”

Return Type

String !

Example

Function SentryVulnerability.packageName is not accessible from the Sentry module

Function SentryVulnerability.packageName is not accessible from the Sentry module

Function SentryVulnerability.packageName is not accessible from the Sentry module

Function SentryVulnerability.packageName is not accessible from the Sentry module

cveid() 🔗

e.g., “CVE-2023-12345”

Return Type

String !

Example

Function SentryVulnerability.cveid is not accessible from the Sentry module

Function SentryVulnerability.cveid is not accessible from the Sentry module

Function SentryVulnerability.cveid is not accessible from the Sentry module

Function SentryVulnerability.cveid is not accessible from the Sentry module

severity() 🔗

CRITICAL, HIGH, etc.

Return Type

Enum !

Example

Function SentryVulnerability.severity is not accessible from the Sentry module

Function SentryVulnerability.severity is not accessible from the Sentry module

Function SentryVulnerability.severity is not accessible from the Sentry module

Function SentryVulnerability.severity is not accessible from the Sentry module

installedVersion() 🔗

Currently installed version

Return Type

String !

Example

Function SentryVulnerability.installedVersion is not accessible from the Sentry module

Function SentryVulnerability.installedVersion is not accessible from the Sentry module

Function SentryVulnerability.installedVersion is not accessible from the Sentry module

Function SentryVulnerability.installedVersion is not accessible from the Sentry module

fixedVersion() 🔗

Version with the fix (if available)

Return Type

String !

Example

Function SentryVulnerability.fixedVersion is not accessible from the Sentry module

Function SentryVulnerability.fixedVersion is not accessible from the Sentry module

Function SentryVulnerability.fixedVersion is not accessible from the Sentry module

Function SentryVulnerability.fixedVersion is not accessible from the Sentry module

VulnerabilitySummary 🔗

VulnerabilitySummary aggregates vulnerability counts by severity

critical() 🔗

Return Type

Integer !

Example

Function SentryVulnerabilitySummary.critical is not accessible from the Sentry module

Function SentryVulnerabilitySummary.critical is not accessible from the Sentry module

Function SentryVulnerabilitySummary.critical is not accessible from the Sentry module

Function SentryVulnerabilitySummary.critical is not accessible from the Sentry module

high() 🔗

Return Type

Integer !

Example

Function SentryVulnerabilitySummary.high is not accessible from the Sentry module

Function SentryVulnerabilitySummary.high is not accessible from the Sentry module

Function SentryVulnerabilitySummary.high is not accessible from the Sentry module

Function SentryVulnerabilitySummary.high is not accessible from the Sentry module

medium() 🔗

Return Type

Integer !

Example

Function SentryVulnerabilitySummary.medium is not accessible from the Sentry module

Function SentryVulnerabilitySummary.medium is not accessible from the Sentry module

Function SentryVulnerabilitySummary.medium is not accessible from the Sentry module

Function SentryVulnerabilitySummary.medium is not accessible from the Sentry module

low() 🔗

Return Type

Integer !

Example

Function SentryVulnerabilitySummary.low is not accessible from the Sentry module

Function SentryVulnerabilitySummary.low is not accessible from the Sentry module

Function SentryVulnerabilitySummary.low is not accessible from the Sentry module

Function SentryVulnerabilitySummary.low is not accessible from the Sentry module

total() 🔗

Return Type

Integer !

Example

Function SentryVulnerabilitySummary.total is not accessible from the Sentry module

Function SentryVulnerabilitySummary.total is not accessible from the Sentry module

Function SentryVulnerabilitySummary.total is not accessible from the Sentry module

Function SentryVulnerabilitySummary.total is not accessible from the Sentry module