Documentation
¶
Index ¶
- func AddVex(vex *cyclonedx.Vulnerability, vexList *[]cyclonedx.Vulnerability)
- func AnalyzeCDX(sbom *cyclonedx.BOM)
- func MatchCPE(cpes []string, criteria *types.Criteria) bool
- func MatchConstraint(packageVersion *string, criteria *types.Criteria) bool
- func New(params types.Parameters)
- func ToVex(pkg *cyclonedx.Component, vuln *types.Vulnerability) *cyclonedx.Vulnerability
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func AnalyzeCDX ¶
func AnalyzeCDX(sbom *cyclonedx.BOM)
AnalyzeCDX is a function that accepts a CycloneDX BOM (Software Bill of Materials) as input. It calls findMatchingVulnerabilities to search for vulnerabilities affecting the components in the BOM, and appends any found vulnerabilities to the BOM's Vulnerabilities list.
func MatchCPE ¶
MatchCPE is a function that takes in a slice of Common Platform Enumeration (CPE) strings and a pointer to a `types.Criteria` object, and returns true if any CPE matches the criteria, false otherwise. Input: a slice of CPE strings, and a pointer to a `types.Criteria` object. Output: a boolean value indicating whether any CPE matched the criteria.
func New ¶
func New(params types.Parameters)
New is the main function for the analyzer It checks if the database is up to date, then scans the target with diggity It then gets the sbom from cdx mod and analyzes it to find vulnerabilities Finally, it displays the results
func ToVex ¶
func ToVex(pkg *cyclonedx.Component, vuln *types.Vulnerability) *cyclonedx.Vulnerability
ToVex function creates a new CycloneDX vulnerability object given a pointer to a CycloneDX component and a pointer to a types.Vulnerability object. The function initializes the new vulnerability object with data such as vulnerability rating, source of the vulnerability, description and recommendation to fix the vulnerability.
Types ¶
This section is empty.
Source Files