cyclonedx

package
v0.4.0-rc.2 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Mar 1, 2024 License: Apache-2.0 Imports: 13 Imported by: 0

Documentation

Overview

Package cyclonedx provides data model, decoder, and validator for cyclonedx reports

Index

Constants

View Source 
const ConfigFieldName = "cyclonedx"

ConfigFieldName the field name in the config map

View Source 
const ReportType = "CycloneDX Report"

ReportType in plain text

Variables

View Source 
var OrderedSeverities = []string{"Critical", "High", "Medium", "Low", "Info", "None", "Unknown"}

Functions

func AllowListRule 

func AllowListRule(vul cdx.Vulnerability, config Config) bool

AllowListRule for custom list

func DenyListRule 

func DenyListRule(vuls []cdx.Vulnerability, config Config) error

DenyListRule for custom list

func HighestVulnerability added in v0.4.0 

func HighestVulnerability(ratings []cdx.VulnerabilityRating) cdx.VulnerabilityRating

func NewValidator 

func NewValidator() gcv.Validator[cdx.Vulnerability, Config]

NewValidator implementation of the generic validator

func ThresholdRule 

func ThresholdRule(vuls []cdx.Vulnerability, config Config) error

ThresholdRule deny if X > vulnerabilities of Y Severity

Types

type Config 

type Config struct {
	AllowList []ListItem `json:"allowList,omitempty" toml:"allowList,omitempty" yaml:"allowList,omitempty"`
	DenyList  []ListItem `json:"denyList,omitempty"  toml:"denyList,omitempty"  yaml:"denyList,omitempty"`
	Required  bool       `json:"required"            toml:"required"            yaml:"required"`
	Critical  int        `json:"critical"            toml:"critical"            yaml:"critical"`
	High      int        `json:"high"                toml:"high"                yaml:"high"`
	Medium    int        `json:"medium"              toml:"medium"              yaml:"medium"`
	Low       int        `json:"low"                 toml:"low"                 yaml:"low"`
	Info      int        `json:"info"                toml:"info"                yaml:"info"`
	None      int        `json:"none"                toml:"none"                yaml:"none"`
	Unknown   int        `json:"unknown"             toml:"unknown"             yaml:"unknown"`
}

Config data model

type ListItem 

type ListItem struct {
	ID     string `json:"id"     yaml:"id"`
	Reason string `json:"reason" yaml:"reason"`
}

ListItem for a specific allow/deny list record

type ReportDecoder 

type ReportDecoder struct {
	bytes.Buffer
}

ReportDecoder Custom decoder to handle multiple report types

func NewReportDecoder 

func NewReportDecoder() *ReportDecoder

NewReportDecoder ...

func (*ReportDecoder) Decode 

func (d *ReportDecoder) Decode() (any, error)

Decode and check BOMFormat

func (*ReportDecoder) DecodeFrom 

func (d *ReportDecoder) DecodeFrom(r io.Reader) (any, error)

DecodeFrom ...

func (*ReportDecoder) FileType 

func (d *ReportDecoder) FileType() string

FileType in plain text

type ScanReport 

type ScanReport cdx.BOM

ScanReport data model

func (*ScanReport) ShimComponentsAsVulnerabilities 

func (r *ScanReport) ShimComponentsAsVulnerabilities() *ScanReport

ShimComponentsAsVulnerabilities modify the report to add compontents as vulnerabilities with no score

func (ScanReport) String 

func (r ScanReport) String() string

String pretty formatted table

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.