artifact

package
v0.0.10 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jun 7, 2023 License: Apache-2.0 Imports: 23 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

View Source 
var ErrCyclonedxValidationFailed = errors.New("cyclonedx validation failed")
View Source 
var ErrNotExist = errors.New("Artifact does not exist")
View Source 
var GitleaksValidationFailed = errors.New("gitleaks validation failed")
View Source 
var GrypeValidationFailed = errors.New("grype validation failed")
View Source 
var SemgrepFailedValidation = errors.New("semgrep failed validation")

Functions

func DecodeJSON added in v0.0.8 

func DecodeJSON[T any](r io.Reader) T

DecodeJSON if the type is known and decode error is unexpected. Intended to be paired with Inspect

func DecodeYAML added in v0.0.8 

func DecodeYAML[T any](r io.Reader) T

DecodeYAML if the type is known and decode error is unexpected. Intended to be paired with Inspect

func ValidateCyclonedx added in v0.0.10 

func ValidateCyclonedx(config CyclonedxConfig, scanReport CyclonedxSbomReport) error

func ValidateGitleaks added in v0.0.8 

func ValidateGitleaks(config GitleaksConfig, scanReport GitleaksScanReport) error

func ValidateGrype added in v0.0.8 

func ValidateGrype(config GrypeConfig, scanReport GrypeScanReport) error

func ValidateSemgrep added in v0.0.8 

func ValidateSemgrep(config SemgrepConfig, scanReport SemgrepScanReport) error

Types

type Artifact added in v0.0.8 

type Artifact struct {
	Label   string
	Digest  []byte
	Content []byte
}

func NewArtifact added in v0.0.8 

func NewArtifact(label string, r io.Reader) (Artifact, error)

func (Artifact) ContentBytes added in v0.0.8 

func (a Artifact) ContentBytes() []byte

func (Artifact) DigestString added in v0.0.8 

func (a Artifact) DigestString() string

func (Artifact) String added in v0.0.8 

func (a Artifact) String() string

type Bundle added in v0.0.8 

type Bundle struct {
	CyclonedxSbom Artifact
	GrypeScan     Artifact
	SemgrepScan   Artifact
	GitleaksScan  Artifact
	Generic       map[string]Artifact
	PipelineID    string
	PipelineURL   string
	ProjectName   string
}

func DecodeBundle added in v0.0.8 

func DecodeBundle(r io.Reader) Bundle

DecodeBundle without checking for a decode error. Intended to be paired with Inspect

func NewBundle added in v0.0.8 

func NewBundle() *Bundle

func (*Bundle) Add added in v0.0.8 

func (b *Bundle) Add(artifacts ...Artifact) error

func (*Bundle) String added in v0.0.8 

func (b *Bundle) String() string

func (*Bundle) ValidateCyclonedx added in v0.0.10 

func (b *Bundle) ValidateCyclonedx(config *CyclonedxConfig) error

func (*Bundle) ValidateGitleaks added in v0.0.8 

func (b *Bundle) ValidateGitleaks(config *GitleaksConfig) error

func (*Bundle) ValidateGrype added in v0.0.8 

func (b *Bundle) ValidateGrype(config *GrypeConfig) error

func (*Bundle) ValidateSemgrep added in v0.0.8 

func (b *Bundle) ValidateSemgrep(config *SemgrepConfig) error

func (*Bundle) Write added in v0.0.10 

func (b *Bundle) Write(w io.Writer, key string) (written int64, err error)

type BundleDecoder added in v0.0.8 

type BundleDecoder struct {
	// contains filtered or unexported fields
}

func NewBundleDecoder added in v0.0.8 

func NewBundleDecoder(r io.Reader) *BundleDecoder

func (BundleDecoder) Decode added in v0.0.8 

func (d BundleDecoder) Decode(bundle *Bundle) error

type Config added in v0.0.8 

type Config struct {
	Cyclonedx *CyclonedxConfig `yaml:"cyclonedx,omitempty" json:"cyclonedx,omitempty"`
	Grype     *GrypeConfig     `yaml:"grype,omitempty" json:"grype,omitempty"`
	Semgrep   *SemgrepConfig   `yaml:"semgrep,omitempty" json:"semgrep,omitempty"`
	Gitleaks  *GitleaksConfig  `yaml:"gitleaks,omitempty" json:"gitleaks,omitempty"`
}

func NewConfig added in v0.0.8 

func NewConfig() *Config

type CyclonedxConfig added in v0.0.10 

type CyclonedxConfig struct {
	AllowList []CyclonedxListItem `yaml:"allowList,omitempty" json:"allowList,omitempty"`
	DenyList  []CyclonedxListItem `yaml:"denyList,omitempty" json:"denyList,omitempty"`
	Critical  int                 `yaml:"critical"   json:"critical"`
	High      int                 `yaml:"high"       json:"high"`
	Medium    int                 `yaml:"medium"     json:"medium"`
	Low       int                 `yaml:"low"        json:"low"`
	Info      int                 `yaml:"info"       json:"info"`
	None      int                 `yaml:"none"       json:"none"`
	Unknown   int                 `yaml:"unknown"    json:"unknown"`
}

type CyclonedxListItem added in v0.0.10 

type CyclonedxListItem struct {
	Id     string `yaml:"id"     json:"id"`
	Reason string `yaml:"reason" json:"reason"`
}

type CyclonedxSbomReport added in v0.0.10 

type CyclonedxSbomReport cdx.BOM

func (*CyclonedxSbomReport) ShimComponentsAsVulnerabilities added in v0.0.10 

func (r *CyclonedxSbomReport) ShimComponentsAsVulnerabilities() *CyclonedxSbomReport

Adds the components that are not vulnerabilities as one with severity as none

func (CyclonedxSbomReport) String added in v0.0.10 

func (r CyclonedxSbomReport) String() string

type Encoder added in v0.0.8 

type Encoder struct {
	// contains filtered or unexported fields
}

func NewBundleEncoder added in v0.0.8 

func NewBundleEncoder(w io.Writer) *Encoder

func (Encoder) Encode added in v0.0.8 

func (e Encoder) Encode(bundle *Bundle) error

type GitleaksConfig added in v0.0.8 

type GitleaksConfig struct {
	SecretsAllowed bool `yaml:"SecretsAllowed" json:"secretsAllowed"`
}

type GitleaksFinding added in v0.0.8 

type GitleaksFinding report.Finding

type GitleaksScanReport added in v0.0.8 

type GitleaksScanReport []GitleaksFinding

func (GitleaksScanReport) String added in v0.0.8 

func (r GitleaksScanReport) String() string

type GrypeConfig added in v0.0.8 

type GrypeConfig struct {
	AllowList  []GrypeListItem `yaml:"allowList,omitempty" json:"allowList,omitempty"`
	DenyList   []GrypeListItem `yaml:"denyList,omitempty" json:"denyList,omitempty"`
	Critical   int             `yaml:"critical"   json:"critical"`
	High       int             `yaml:"high"       json:"high"`
	Medium     int             `yaml:"medium"     json:"medium"`
	Low        int             `yaml:"low"        json:"low"`
	Negligible int             `yaml:"negligible" json:"negligible"`
	Unknown    int             `yaml:"unknown"    json:"unknown"`
}

type GrypeListItem added in v0.0.10 

type GrypeListItem struct {
	Id     string `yaml:"id"     json:"id"`
	Reason string `yaml:"reason" json:"reason"`
}

type GrypeScanReport added in v0.0.8 

type GrypeScanReport models.Document

func (GrypeScanReport) String added in v0.0.8 

func (r GrypeScanReport) String() string

type KEVCatalog added in v0.0.8 

type KEVCatalog struct {
	Title           string                    `json:"title"`
	CatalogVersion  string                    `json:"catalogVersion"`
	DateReleased    time.Time                 `json:"dateReleased"`
	Count           int                       `json:"count"`
	Vulnerabilities []KEVCatalogVulnerability `json:"vulnerabilities"`
}

type KEVCatalogVulnerability added in v0.0.8 

type KEVCatalogVulnerability struct {
	CveID             string `json:"cveID"`
	VendorProject     string `json:"vendorProject"`
	Product           string `json:"product"`
	VulnerabilityName string `json:"vulnerabilityName"`
	DateAdded         string `json:"dateAdded"`
	ShortDescription  string `json:"shortDescription"`
	RequiredAction    string `json:"requiredAction"`
	DueDate           string `json:"dueDate"`
	Notes             string `json:"notes"`
}

type SemgrepConfig added in v0.0.8 

type SemgrepConfig struct {
	Info    int `yaml:"info" json:"info"`
	Warning int `yaml:"warning" json:"warning"`
	Error   int `yaml:"error" json:"error"`
}

type SemgrepScanReport added in v0.0.8 

type SemgrepScanReport semgrep.SemgrepOutputV1Jsonschema

SemgrepScanReport is a data model for a Semgrep Output scan produced by `semgrep scan --json`

func (SemgrepScanReport) String added in v0.0.8 

func (r SemgrepScanReport) String() string

type Type added in v0.0.8 

type Type string
const (
	Gitleaks        Type = "Gitleaks"
	Cyclonedx       Type = "Cyclonedx"
	Grype           Type = "Grype"
	Semgrep         Type = "Semgrep"
	GatecheckBundle Type = "Gatecheck Bundle"
	GatecheckConfig Type = "Gatecheck Config"
	Unsupported     Type = "Unsupported"
)

func Inspect added in v0.0.8 

func Inspect(r io.Reader) (Type, error)

Inspect will attempt to decode into all report types and return the one that worked. Warning: this function is prone to hanging if a bad reader is supplied, use InspectWithContext unless reader can be guaranteed not to hang. Very small performance bump over InspectWithContext

func InspectWithContext added in v0.0.8 

func InspectWithContext(ctx context.Context, r io.Reader) (Type, error)

InspectWithContext calls Inspect with the ability to cancel which prevents hanging when running go routines

func Read added in v0.0.8 

func Read(r io.Reader) (Type, []byte, error)

Read bytes from a reader and inspect the report type. Use ReadWithContext for the option to timeout

func ReadWithContext added in v0.0.8 

func ReadWithContext(ctx context.Context, r io.Reader) (Type, []byte, error)

ReadWithContext same as Read but enables the ability to cancel early via Context to prevent hanging

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.