package scan

import "github.com/cyralinc/dmap/scan"

Package scan provides and API to scan cloud environments for data repositories and an API to scan those repositories for sensitive data.

Index

Types

type RepoScanResults

type RepoScanResults struct {
	Labels          []classification.Label          `json:"labels"`
	Classifications []classification.Classification `json:"classifications"`
}

RepoScanResults is the result of a repository scan.

type RepoScanner

type RepoScanner interface {
	Scan(ctx context.Context) (*RepoScanResults, error)
}

RepoScanner is a scanner that scans a data repository for sensitive data.

type RepoType

type RepoType string

RepoType defines the AWS data repository types supported (e.g. RDS, Redshift, DynamoDB, etc). 

const (
	RepoTypeRDS        RepoType = "TYPE_RDS"
	RepoTypeRedshift   RepoType = "TYPE_REDSHIFT"
	RepoTypeDynamoDB   RepoType = "TYPE_DYNAMODB"
	RepoTypeS3         RepoType = "TYPE_S3"
	RepoTypeDocumentDB RepoType = "TYPE_DOCUMENTDB"
)

type Repository

type Repository struct {
	Id         string
	Name       string
	Type       RepoType
	CreatedAt  time.Time
	Tags       []string
	Properties any
}

Repository represents a scanned data repository.

type ScanError

type ScanError struct {
	Errs []error
}

ScanError is an error type that represents a collection of errors that occurred during the scanning process.

func (*ScanError) Error

func (e *ScanError) Error() string

Error returns a string representation of the error.

func (*ScanError) Unwrap

func (e *ScanError) Unwrap() []error

Unwrap returns the list of errors that occurred during the scanning process.

type ScanResults

type ScanResults struct {
	Repositories map[string]Repository
}

ScanResults represents the results of a repository scan, including all the data repositories that were scanned. The map key is the repository ID and the value is the repository itself.

type Scanner

type Scanner interface {
	Scan(ctx context.Context) (*ScanResults, error)
}

Scanner provides an API to scan cloud environments. It should be implemented for a specific cloud provider (e.g. AWS, GCP, etc.). It defines the Scan method responsible for discovering the existing data repositories in a cloud environment.