diff --git a/build/registry/go.mod b/build/registry/go.mod index 33c6eab3..44024b2b 100644 --- a/build/registry/go.mod +++ b/build/registry/go.mod @@ -7,7 +7,7 @@ require ( github.com/aws/aws-sdk-go-v2/feature/s3/manager v1.11.81 github.com/aws/aws-sdk-go-v2/service/s3 v1.38.5 github.com/blang/semver v3.5.1+incompatible - github.com/falcosecurity/falcoctl v0.6.0 + github.com/falcosecurity/falcoctl v0.6.1 github.com/falcosecurity/plugin-sdk-go v0.7.3 github.com/onsi/ginkgo/v2 v2.10.0 github.com/onsi/gomega v1.27.8 diff --git a/build/registry/go.sum b/build/registry/go.sum index 2bff1ec4..2c3afa30 100644 --- a/build/registry/go.sum +++ b/build/registry/go.sum @@ -148,8 +148,8 @@ github.com/envoyproxy/go-control-plane v0.9.4/go.mod h1:6rpuAdCZL397s3pYoYcLgu1m github.com/envoyproxy/go-control-plane v0.9.7/go.mod h1:cwu0lG7PUMfa9snN8LXBig5ynNVH9qI8YYLbd1fK2po= github.com/envoyproxy/go-control-plane v0.9.9-0.20201210154907-fd9021fe5dad/go.mod h1:cXg6YxExXjJnVBQHBLXeUAgxn2UodCpnH306RInaBQk= github.com/envoyproxy/protoc-gen-validate v0.1.0/go.mod h1:iSmxcyjqTsJpI2R4NaDN7+kN2VEUnK/pcBlmesArF7c= -github.com/falcosecurity/falcoctl v0.6.0 h1:+VW6/HJ9mWU2p8apiTQuKRHFsBngfG1s35ao4X2BEfc= -github.com/falcosecurity/falcoctl v0.6.0/go.mod h1:4Hx4h3KtcaQzPKxvYn5S9x4IHxwd6QRK9Gu04HHNbhE= +github.com/falcosecurity/falcoctl v0.6.1 h1:Klg3jHi/PL1Inw9DO9kGpzL6ka+TjI4oDl6kvm1I+VY= +github.com/falcosecurity/falcoctl v0.6.1/go.mod h1:4Hx4h3KtcaQzPKxvYn5S9x4IHxwd6QRK9Gu04HHNbhE= github.com/falcosecurity/plugin-sdk-go v0.7.3 h1:nmlBUmeAgEhcEHhSDWeEYgD9WdiHR9uMWyog5Iv7GIA= github.com/falcosecurity/plugin-sdk-go v0.7.3/go.mod h1:NP+y22DYOS+G3GDXIXNmzf0CBL3nfPPMoQuHvAzfitQ= github.com/felixge/httpsnoop v1.0.3 h1:s/nj+GCswXYzN5v2DpNMuMQYe+0DDwt5WVCU6CWBdXk= diff --git a/build/registry/pkg/distribution/distribution_suite_test.go b/build/registry/pkg/distribution/distribution_suite_test.go new file mode 100644 index 00000000..b2e563d3 --- /dev/null +++ b/build/registry/pkg/distribution/distribution_suite_test.go @@ -0,0 +1,29 @@ +/* +Copyright (C) 2022 The Falco Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package distribution_test + +import ( + "testing" + + . "github.com/onsi/ginkgo/v2" + . "github.com/onsi/gomega" +) + +func TestDistribution(t *testing.T) { + RegisterFailHandler(Fail) + RunSpecs(t, "Distribution Suite") +} diff --git a/build/registry/pkg/distribution/index.go b/build/registry/pkg/distribution/index.go index 5a6290c0..e2d06cb4 100644 --- a/build/registry/pkg/distribution/index.go +++ b/build/registry/pkg/distribution/index.go @@ -41,11 +41,12 @@ const ( GHOrg = "falcosecurity" ) -func pluginToIndexEntry(p registry.Plugin, registry, repo string) *index.Entry { +func PluginToIndexEntry(p registry.Plugin, registry, repo string) *index.Entry { return &index.Entry{ Name: p.Name, Type: string(falcoctloci.Plugin), Registry: registry, + Signature: p.Signature, Repository: repo, Description: p.Description, Home: p.URL, @@ -56,11 +57,12 @@ func pluginToIndexEntry(p registry.Plugin, registry, repo string) *index.Entry { } } -func pluginRulesToIndexEntry(p registry.Plugin, registry, repo string) *index.Entry { +func PluginRulesToIndexEntry(p registry.Plugin, registry, repo string) *index.Entry { return &index.Entry{ Name: p.Name + common.RulesArtifactSuffix, Type: string(falcoctloci.Rulesfile), Registry: registry, + Signature: p.Signature, Repository: repo, Description: p.Description, Home: p.URL, @@ -89,13 +91,13 @@ func upsertIndex(r *registry.Registry, ociArtifacts map[string]string, indexPath tokens := strings.Split(refPlugin, "/") ociRegistry := tokens[0] ociRepo := filepath.Join(tokens[1:]...) - i.Upsert(pluginToIndexEntry(p, ociRegistry, ociRepo)) + i.Upsert(PluginToIndexEntry(p, ociRegistry, ociRepo)) } if refRulesfile, ok := ociArtifacts[p.Name+common.RulesArtifactSuffix]; ok { tokens := strings.Split(refRulesfile, "/") ociRegistry := tokens[0] ociRepo := filepath.Join(tokens[1:]...) - i.Upsert(pluginRulesToIndexEntry(p, ociRegistry, ociRepo)) + i.Upsert(PluginRulesToIndexEntry(p, ociRegistry, ociRepo)) } } diff --git a/build/registry/pkg/distribution/index_internal_test.go b/build/registry/pkg/distribution/index_internal_test.go new file mode 100644 index 00000000..b8856c2c --- /dev/null +++ b/build/registry/pkg/distribution/index_internal_test.go @@ -0,0 +1,61 @@ +/* +Copyright (C) 2022 The Falco Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package distribution_test + +import ( + "reflect" + "testing" + + "github.com/falcosecurity/falcoctl/pkg/index/index" + + "github.com/falcosecurity/plugins/build/registry/pkg/distribution" + "github.com/falcosecurity/plugins/build/registry/pkg/registry" +) + +func TestPluginToIndexEntrySignature(t *testing.T) { + t.Parallel() + + signature := &index.Signature{ + Cosign: &index.CosignSignature{}, + } + + expected := signature + + p := registry.Plugin{Signature: signature} + + entry := distribution.PluginToIndexEntry(p, "", "") + if !reflect.DeepEqual(entry.Signature, expected) { + t.Fatalf("Index entry signature: expected %#v, got %v", expected, entry.Signature) + } +} + +func TestPluginRulesToIndexEntrySignature(t *testing.T) { + t.Parallel() + + signature := &index.Signature{ + Cosign: &index.CosignSignature{}, + } + + expected := signature + + p := registry.Plugin{Signature: signature} + + entry := distribution.PluginRulesToIndexEntry(p, "", "") + if !reflect.DeepEqual(entry.Signature, expected) { + t.Fatalf("Index entry signature: expected %#v, got %v", expected, entry.Signature) + } +} diff --git a/build/registry/pkg/distribution/index_test.go b/build/registry/pkg/distribution/index_test.go new file mode 100644 index 00000000..da06d4f7 --- /dev/null +++ b/build/registry/pkg/distribution/index_test.go @@ -0,0 +1,85 @@ +/* +Copyright (C) 2022 The Falco Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package distribution_test + +import ( + "os" + + . "github.com/onsi/ginkgo/v2" + . "github.com/onsi/gomega" + + "github.com/falcosecurity/plugins/build/registry/pkg/distribution" +) + +const ( + indexFile = "testdata/index.yaml" + wrongIndexFile = "testdata/wrong-index.yaml" + registryFile = "testdata/registry.yaml" + wrongRegistryFile = "testdata/wrong-registry.yaml" + registryUser = "falcosecurity" + registryName = "ghcr.io" +) + +var _ = Describe("Update index", func() { + var ( + err error + ) + Context("with registry file", func() { + BeforeEach(func() { + os.Setenv("REGISTRY_USER", registryUser) + os.Setenv("REGISTRY", registryName) + }) + Context("with index file", func() { + BeforeEach(func() { + err = distribution.DoUpdateIndex(registryFile, indexFile) + }) + It("Should not fail", func() { + Expect(err).To(BeNil()) + }) + }) + Context("without index file", func() { + BeforeEach(func() { + err = distribution.DoUpdateIndex(registryFile, wrongIndexFile) + }) + It("Should fail", func() { + Expect(err).ToNot(BeNil()) + }) + }) + }) + Context("without registry file", func() { + BeforeEach(func() { + os.Setenv("REGISTRY_USER", registryUser) + os.Setenv("REGISTRY", registryName) + }) + Context("with index file", func() { + BeforeEach(func() { + err = distribution.DoUpdateIndex(wrongRegistryFile, indexFile) + }) + It("Should fail", func() { + Expect(err).ToNot(BeNil()) + }) + }) + Context("without index file", func() { + BeforeEach(func() { + err = distribution.DoUpdateIndex(wrongRegistryFile, wrongIndexFile) + }) + It("Should fail", func() { + Expect(err).ToNot(BeNil()) + }) + }) + }) +}) diff --git a/build/registry/pkg/distribution/testdata/index.yaml b/build/registry/pkg/distribution/testdata/index.yaml new file mode 100644 index 00000000..8ad5b1f6 --- /dev/null +++ b/build/registry/pkg/distribution/testdata/index.yaml @@ -0,0 +1,247 @@ +- name: application-rules + type: rulesfile + registry: ghcr.io + repository: falcosecurity/rules/application-rules + description: Application rules + home: https://github.com/falcosecurity/rules/blob/main/rules/application_rules.yaml + keywords: + - application-rules + license: apache-2.0 + maintainers: + - email: cncf-falco-dev@lists.cncf.io + name: The Falco Authors + sources: + - https://github.com/falcosecurity/rules/blob/main/rules/application_rules.yaml +- name: cloudtrail + type: plugin + registry: ghcr.io + repository: falcosecurity/plugins/plugin/cloudtrail + description: Reads Cloudtrail JSON logs from files/S3 and injects as events + home: https://github.com/falcosecurity/plugins/tree/master/plugins/cloudtrail + keywords: + - audit + - user-activity + - api-usage + - aws + - cloudtrail + license: Apache-2.0 + maintainers: + - email: cncf-falco-dev@lists.cncf.io + name: The Falco Authors + sources: + - https://github.com/falcosecurity/plugins/tree/master/plugins/cloudtrail +- name: cloudtrail-rules + type: rulesfile + registry: ghcr.io + repository: falcosecurity/plugins/ruleset/cloudtrail + description: Reads Cloudtrail JSON logs from files/S3 and injects as events + home: https://github.com/falcosecurity/plugins/tree/master/plugins/cloudtrail + keywords: + - audit + - user-activity + - api-usage + - aws + - cloudtrail-rules + license: Apache-2.0 + maintainers: + - email: cncf-falco-dev@lists.cncf.io + name: The Falco Authors + sources: + - https://github.com/falcosecurity/plugins/tree/master/plugins/cloudtrail/rules +- name: dummy + type: plugin + registry: ghcr.io + repository: falcosecurity/plugins/plugin/dummy + description: Reference plugin used to document interface + home: https://github.com/falcosecurity/plugins/tree/master/plugins/dummy + keywords: + - dummy + license: Apache-2.0 + maintainers: + - email: cncf-falco-dev@lists.cncf.io + name: The Falco Authors + sources: + - https://github.com/falcosecurity/plugins/tree/master/plugins/dummy +- name: dummy_c + type: plugin + registry: ghcr.io + repository: falcosecurity/plugins/plugin/dummy_c + description: Like dummy, but written in C++ + home: https://github.com/falcosecurity/plugins/tree/master/plugins/dummy_c + keywords: + - dummy_c + license: Apache-2.0 + maintainers: + - email: cncf-falco-dev@lists.cncf.io + name: The Falco Authors + sources: + - https://github.com/falcosecurity/plugins/tree/master/plugins/dummy_c +- name: falco-rules + type: rulesfile + registry: ghcr.io + repository: falcosecurity/rules/falco-rules + description: Falco rules that are loaded by default + home: https://github.com/falcosecurity/rules/blob/main/rules/falco_rules.yaml + keywords: + - falco-rules + license: apache-2.0 + maintainers: + - email: cncf-falco-dev@lists.cncf.io + name: The Falco Authors + sources: + - https://github.com/falcosecurity/rules/blob/main/rules/falco_rules.yaml +- name: github + type: plugin + registry: ghcr.io + repository: falcosecurity/plugins/plugin/github + description: Github Webhook Events + home: https://github.com/falcosecurity/plugins/tree/master/plugins/github + keywords: + - audit + - log-events + - webhook + - github-activity + - github + license: Apache-2.0 + maintainers: + - email: cncf-falco-dev@lists.cncf.io + name: The Falco Authors + sources: + - https://github.com/falcosecurity/plugins/tree/master/plugins/github +- name: github-rules + type: rulesfile + registry: ghcr.io + repository: falcosecurity/plugins/ruleset/github + description: Github Webhook Events + home: https://github.com/falcosecurity/plugins/tree/master/plugins/github + keywords: + - audit + - log-events + - webhook + - github-activity + - github + - github-rules + license: Apache-2.0 + maintainers: + - email: cncf-falco-dev@lists.cncf.io + name: The Falco Authors + sources: + - https://github.com/falcosecurity/plugins/tree/master/plugins/github/rules +- name: json + type: plugin + registry: ghcr.io + repository: falcosecurity/plugins/plugin/json + description: Extract values from any JSON payload + home: https://github.com/falcosecurity/plugins/tree/master/plugins/json + keywords: + - json-events + - json-payload + - extractor + - json + license: Apache-2.0 + maintainers: + - email: cncf-falco-dev@lists.cncf.io + name: The Falco Authors + sources: + - https://github.com/falcosecurity/plugins/tree/master/plugins/json +- name: k8saudit + type: plugin + registry: ghcr.io + repository: falcosecurity/plugins/plugin/k8saudit + description: Read Kubernetes Audit Events and monitor Kubernetes Clusters + home: https://github.com/falcosecurity/plugins/tree/master/plugins/k8saudit + keywords: + - audit + - audit-log + - audit-events + - kubernetes + - k8saudit + license: Apache-2.0 + maintainers: + - email: cncf-falco-dev@lists.cncf.io + name: The Falco Authors + sources: + - https://github.com/falcosecurity/plugins/tree/master/plugins/k8saudit +- name: k8saudit-eks + type: plugin + registry: ghcr.io + repository: falcosecurity/plugins/plugin/k8saudit-eks + description: Read Kubernetes Audit Events from AWS EKS Clusters + home: https://github.com/falcosecurity/plugins/tree/master/plugins/k8saudit-eks + keywords: + - audit + - audit-log + - audit-events + - kubernetes + - eks + - aws + - k8saudit-eks + license: Apache-2.0 + maintainers: [] + sources: + - https://github.com/falcosecurity/plugins/tree/master/plugins/k8saudit-eks +- name: k8saudit-rules + type: rulesfile + registry: ghcr.io + repository: falcosecurity/plugins/ruleset/k8saudit + description: Read Kubernetes Audit Events and monitor Kubernetes Clusters + home: https://github.com/falcosecurity/plugins/tree/master/plugins/k8saudit + keywords: + - audit + - audit-log + - audit-events + - kubernetes + - k8saudit-rules + license: Apache-2.0 + maintainers: + - email: cncf-falco-dev@lists.cncf.io + name: The Falco Authors + sources: + - https://github.com/falcosecurity/plugins/tree/master/plugins/k8saudit/rules +- name: okta + type: plugin + registry: ghcr.io + repository: falcosecurity/plugins/plugin/okta + signature: + cosign: + certificate-oidc-issuer: https://token.actions.githubusercontent.com + certificate-oidc-issuer-regexp: "" + certificate-identity: "" + certificate-identity-regexp: https://github.com/LucaGuerra/cool-falco-ruleset/ + certificate-github-workflow: "" + description: Okta Log Events + home: https://github.com/falcosecurity/plugins/tree/master/plugins/okta + keywords: + - audit + - log-events + - okta + license: Apache-2.0 + maintainers: + - email: cncf-falco-dev@lists.cncf.io + name: The Falco Authors + sources: + - https://github.com/falcosecurity/plugins/tree/master/plugins/okta +- name: okta-rules + type: rulesfile + registry: ghcr.io + repository: falcosecurity/plugins/ruleset/okta + signature: + cosign: + certificate-oidc-issuer: https://token.actions.githubusercontent.com + certificate-oidc-issuer-regexp: "" + certificate-identity: "" + certificate-identity-regexp: https://github.com/LucaGuerra/cool-falco-ruleset/ + certificate-github-workflow: "" + description: Okta Log Events + home: https://github.com/falcosecurity/plugins/tree/master/plugins/okta + keywords: + - audit + - log-events + - okta + - okta-rules + license: Apache-2.0 + maintainers: + - email: cncf-falco-dev@lists.cncf.io + name: The Falco Authors + sources: + - https://github.com/falcosecurity/plugins/tree/master/plugins/okta/rules diff --git a/build/registry/pkg/distribution/testdata/registry.yaml b/build/registry/pkg/distribution/testdata/registry.yaml new file mode 100644 index 00000000..ebca737a --- /dev/null +++ b/build/registry/pkg/distribution/testdata/registry.yaml @@ -0,0 +1,270 @@ +# +# Copyright (C) 2022 The Falco Authors. +# +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +# The list of the data sources not allowed in plugins, since they are already +# used in Falco. +reserved_sources: ["syscall", "internal", "plugins"] + +# The list of plugins officially recognized by the Falcosecurity organization. +# Registering your plugin here is required to reserve a given name, source, or id. +# +# License IDs refer to the SPDX License List at https://spdx.org/licenses +plugins: + - name: k8saudit + description: Read Kubernetes Audit Events and monitor Kubernetes Clusters + authors: The Falco Authors + contact: https://falco.org/community + maintainers: + - name: The Falco Authors + email: cncf-falco-dev@lists.cncf.io + keywords: + - audit + - audit-log + - audit-events + - kubernetes + url: https://github.com/falcosecurity/plugins/tree/master/plugins/k8saudit + rules_url: https://github.com/falcosecurity/plugins/tree/master/plugins/k8saudit/rules + license: Apache-2.0 + capabilities: + sourcing: + supported: true + id: 1 + source: k8s_audit + extraction: + supported: true + - name: cloudtrail + description: Reads Cloudtrail JSON logs from files/S3 and injects as events + authors: The Falco Authors + contact: https://falco.org/community + maintainers: + - name: The Falco Authors + email: cncf-falco-dev@lists.cncf.io + keywords: + - audit + - user-activity + - api-usage + - aws + url: https://github.com/falcosecurity/plugins/tree/master/plugins/cloudtrail + rules_url: https://github.com/falcosecurity/plugins/tree/master/plugins/cloudtrail/rules + license: Apache-2.0 + capabilities: + sourcing: + supported: true + id: 2 + source: aws_cloudtrail + extraction: + supported: true + - name: json + description: Extract values from any JSON payload + authors: The Falco Authors + contact: https://falco.org/community + maintainers: + - name: The Falco Authors + email: cncf-falco-dev@lists.cncf.io + keywords: + - json-events + - json-payload + - extractor + url: https://github.com/falcosecurity/plugins/tree/master/plugins/json + license: Apache-2.0 + capabilities: + extraction: + supported: true + - name: dummy + description: Reference plugin used to document interface + authors: The Falco Authors + contact: https://falco.org/community + maintainers: + - name: The Falco Authors + email: cncf-falco-dev@lists.cncf.io + url: https://github.com/falcosecurity/plugins/tree/master/plugins/dummy + license: Apache-2.0 + capabilities: + sourcing: + supported: true + id: 3 + source: dummy + extraction: + supported: true + - name: dummy_c + description: Like dummy, but written in C++ + authors: The Falco Authors + contact: https://falco.org/community + maintainers: + - name: The Falco Authors + email: cncf-falco-dev@lists.cncf.io + url: https://github.com/falcosecurity/plugins/tree/master/plugins/dummy_c + license: Apache-2.0 + capabilities: + sourcing: + supported: true + id: 4 + source: dummy_c + extraction: + supported: true + - name: docker + description: Docker Events + authors: Thomas Labarussias + contact: https://github.com/Issif + maintainers: + - name: Thomas Labarussias + email: issif_github@gadz.org + keywords: + - docker-events + url: https://github.com/Issif/docker-plugin + rules_url: https://github.com/Issif/docker-plugin/tree/main/rules + license: Apache-2.0 + capabilities: + sourcing: + supported: true + id: 5 + source: docker + extraction: + supported: true + - name: seccompagent + description: Seccomp Agent Events + authors: Alban Crequy + contact: https://github.com/kinvolk/seccompagent + url: https://github.com/kinvolk/seccompagent + keywords: + - seccomp + - kinvolk + license: Apache-2.0 + capabilities: + sourcing: + supported: true + id: 6 + source: seccompagent + extraction: + supported: true + - name: okta + description: Okta Log Events + authors: The Falco Authors + contact: https://falco.org/community + maintainers: + - name: The Falco Authors + email: cncf-falco-dev@lists.cncf.io + keywords: + - audit + - log-events + - okta + url: https://github.com/falcosecurity/plugins/tree/master/plugins/okta + rules_url: https://github.com/falcosecurity/plugins/tree/master/plugins/okta/rules + license: Apache-2.0 + capabilities: + sourcing: + supported: true + id: 7 + source: okta + extraction: + supported: true + signature: + cosign: + certificate-oidc-issuer: https://token.actions.githubusercontent.com + certificate-identity-regexp: https://github.com/LucaGuerra/cool-falco-ruleset/ + - name: github + description: Github Webhook Events + authors: The Falco Authors + contact: https://falco.org/community + maintainers: + - name: The Falco Authors + email: cncf-falco-dev@lists.cncf.io + keywords: + - audit + - log-events + - webhook + - github-activity + - github + url: https://github.com/falcosecurity/plugins/tree/master/plugins/github + rules_url: https://github.com/falcosecurity/plugins/tree/master/plugins/github/rules + license: Apache-2.0 + capabilities: + sourcing: + supported: true + id: 8 + source: github + extraction: + supported: true + - name: k8saudit-eks + description: Read Kubernetes Audit Events from AWS EKS Clusters + authors: The Falco Authors + contact: https://falco.org/community + url: https://github.com/falcosecurity/plugins/tree/master/plugins/k8saudit-eks + rules_url: https://github.com/falcosecurity/plugins/tree/master/plugins/k8saudit/rules + license: Apache-2.0 + keywords: + - audit + - audit-log + - audit-events + - kubernetes + - eks + - aws + capabilities: + sourcing: + supported: true + id: 9 + source: k8s_audit + extraction: + supported: true + - name: nomad + description: Read Hashicorp Nomad Events Stream + authors: Alberto Llamas + contact: https://github.com/albertollamaso/nomad-plugin/issues + maintainers: + - name: Alberto Llamas + keywords: + - audit + - audit-events + - nomad + url: https://github.com/albertollamaso/nomad-plugin/tree/main + rules_url: https://github.com/albertollamaso/nomad-plugin/tree/main/rules + license: Apache-2.0 + capabilities: + sourcing: + supported: true + id: 10 + source: nomad + extraction: + supported: true + - name: dnscollector + description: DNS Collector Events + authors: Daniel Moloney + contact: https://github.com/SysdigDan/dnscollector-falco-plugin/issues + maintainers: + - name: Daniel Moloney + keywords: + - audit + - log-events + - dns + url: https://github.com/SysdigDan/dnscollector-falco-plugin + rules_url: https://github.com/SysdigDan/dnscollector-falco-plugin/tree/master/rules + license: Apache-2.0 + capabilities: + sourcing: + supported: true + id: 11 + source: dnscollector + extraction: + supported: true + - name: test + description: This ID is reserved for source plugin development. Any plugin author can use this ID, but authors can expect events from other developers with this ID. After development is complete, the author should request an actual ID + reserved: true + capabilities: + sourcing: + supported: true + id: 999 + source: test diff --git a/build/registry/pkg/registry/types.go b/build/registry/pkg/registry/types.go index 34e5156d..35e708d8 100644 --- a/build/registry/pkg/registry/types.go +++ b/build/registry/pkg/registry/types.go @@ -16,6 +16,10 @@ limitations under the License. package registry +import ( + "github.com/falcosecurity/falcoctl/pkg/index/index" +) + type SourcingCapability struct { Supported bool `yaml:"supported"` ID uint `yaml:"id"` @@ -41,12 +45,13 @@ type Plugin struct { Email string `yaml:"email"` Name string `yaml:"name"` } `yaml:"maintainers"` - Keywords []string `yaml:"keywords"` - URL string `yaml:"url"` - RulesURL string `yaml:"rules_url"` - License string `yaml:"license"` - Reserved bool `yaml:"reserved"` - Capabilities Capabilities `yaml:"capabilities"` + Keywords []string `yaml:"keywords"` + URL string `yaml:"url"` + RulesURL string `yaml:"rules_url"` + License string `yaml:"license"` + Reserved bool `yaml:"reserved"` + Capabilities Capabilities `yaml:"capabilities"` + Signature *index.Signature `yaml:"signature,omitempty"` } type Registry struct {