pkg

package
v5.0.0-rc1 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Apr 12, 2024 License: Apache-2.0 Imports: 30 Imported by: 0

Documentation

Overview

Package pkg defines fns for running Scorecard checks on a Repo.

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func DetailToString 

func DetailToString(d *checker.CheckDetail, logLevel log.Level) string

DetailToString turns a detail information into a string.

func FormatResults 

func FormatResults(
	opts *options.Options,
	results *ScorecardResult,
	doc docChecks.Doc,
	policy *spol.ScorecardPolicy,
) error

FormatResults formats scorecard results.

Types

type ChangeType 

type ChangeType string

ChangeType is the change type (added, updated, removed) of a dependency. 

const (
	// Added suggests the dependency is a newly added one.
	Added ChangeType = "added"
	// Updated suggests the dependency is updated from an old version.
	Updated ChangeType = "updated"
	// Removed suggests the dependency is removed.
	Removed ChangeType = "removed"
)

func (ChangeType) IsValid 

func (ct ChangeType) IsValid() bool

IsValid determines if a ChangeType is valid.

type DependencyCheckResult 

type DependencyCheckResult struct {
	// ChangeType indicates whether the dependency is added, updated, or removed.
	ChangeType *ChangeType

	// Package URL is a short link for a package.
	PackageURL *string

	// SourceRepository is the source repository URL of the dependency.
	SourceRepository *string

	// ManifestPath is the path of the manifest file of the dependency, such as go.mod for Go.
	ManifestPath *string

	// Ecosystem is the name of the package management system, such as NPM, GO, PYPI.
	Ecosystem *string

	// Version is the package version of the dependency.
	Version *string

	// ScorecardResultWithError is the scorecard checking result of the dependency.
	ScorecardResultWithError ScorecardResultWithError

	// Name is the name of the dependency.
	Name string
}

DependencyCheckResult is the dependency structure used in the returned results.

func (*DependencyCheckResult) AsJSON 

func (dr *DependencyCheckResult) AsJSON(writer io.Writer) error

AsJSON for DependencyCheckResult exports the DependencyCheckResult as a JSON object.

type JSONScorecardProbeResult 

type JSONScorecardProbeResult struct {
	Date      string            `json:"date"`
	Repo      jsonRepoV2        `json:"repo"`
	Scorecard jsonScorecardV2   `json:"scorecard"`
	Findings  []finding.Finding `json:"findings"`
}

JSONScorecardProbeResult exports results as JSON for flat findings without checks.

type JSONScorecardResultV2 

type JSONScorecardResultV2 struct {
	Date           string              `json:"date"`
	Repo           jsonRepoV2          `json:"repo"`
	Scorecard      jsonScorecardV2     `json:"scorecard"`
	AggregateScore jsonFloatScore      `json:"score"`
	Checks         []jsonCheckResultV2 `json:"checks"`
	Metadata       []string            `json:"metadata"`
}

JSONScorecardResultV2 exports results as JSON for new detail format.

type ProbeResultOption 

type ProbeResultOption struct {
	// Indent is used to control the JSON indentation. For example, if you want to pretty print.
	Indent string
}

ProbeResultOption provides configuration options for the ScorecardResult probe output format.

type RepoInfo 

type RepoInfo struct {
	Name      string
	CommitSHA string
}

RepoInfo contains information about the repo that was analyzed.

type ScorecardInfo 

type ScorecardInfo struct {
	Version   string
	CommitSHA string
}

ScorecardInfo contains information about the scorecard code that was run.

type ScorecardResult 

type ScorecardResult struct {
	Repo       RepoInfo
	Date       time.Time
	Scorecard  ScorecardInfo
	Checks     []checker.CheckResult
	RawResults checker.RawResults
	Findings   []finding.Finding
	Metadata   []string
}

ScorecardResult struct is returned on a successful Scorecard run.

func ExperimentalFromJSON2 

func ExperimentalFromJSON2(r io.Reader) (result ScorecardResult, score float64, err error)

ExperimentalFromJSON2 is experimental. Do not depend on it, it may be removed at any point. Also returns the aggregate score, as the ScorecardResult field does not contain it.

func ExperimentalRunProbes 

func ExperimentalRunProbes(ctx context.Context,
	repo clients.Repo,
	commitSHA string,
	commitDepth int,
	checksToRun checker.CheckNameToFnMap,
	probesToRun []string,
	repoClient clients.RepoClient,
	ossFuzzRepoClient clients.RepoClient,
	ciiClient clients.CIIBestPracticesClient,
	vulnsClient clients.VulnerabilitiesClient,
) (ScorecardResult, error)

ExperimentalRunProbes is experimental. Do not depend on it, it may be removed at any point.

func RunScorecard 

func RunScorecard(ctx context.Context,
	repo clients.Repo,
	commitSHA string,
	commitDepth int,
	checksToRun checker.CheckNameToFnMap,
	repoClient clients.RepoClient,
	ossFuzzRepoClient clients.RepoClient,
	ciiClient clients.CIIBestPracticesClient,
	vulnsClient clients.VulnerabilitiesClient,
) (ScorecardResult, error)

RunScorecard runs enabled Scorecard checks on a Repo.

func (*ScorecardResult) AsFJSON 

func (r *ScorecardResult) AsFJSON(showDetails bool,
	logLevel log.Level, checkDocs docs.Doc, writer io.Writer,
) error

func (*ScorecardResult) AsJSON 

func (r *ScorecardResult) AsJSON(showDetails bool, logLevel log.Level, writer io.Writer) error

AsJSON exports results as JSON for new detail format.

func (*ScorecardResult) AsJSON2 

func (r *ScorecardResult) AsJSON2(showDetails bool,
	logLevel log.Level, checkDocs docs.Doc, writer io.Writer,
) error

AsJSON2 exports results as JSON for new detail format.

func (*ScorecardResult) AsProbe 

func (r *ScorecardResult) AsProbe(writer io.Writer, o *ProbeResultOption) error

AsProbe writes results as JSON for flat findings without checks. It accepts an optional argument to configure the output.

func (*ScorecardResult) AsRawJSON 

func (r *ScorecardResult) AsRawJSON(writer io.Writer) error

AsRawJSON exports results as JSON for raw results.

func (*ScorecardResult) AsSARIF 

func (r *ScorecardResult) AsSARIF(showDetails bool, logLevel log.Level,
	writer io.Writer, checkDocs docs.Doc, policy *spol.ScorecardPolicy,
	opts *options.Options,
) error

AsSARIF outputs ScorecardResult in SARIF 2.1.0 format.

func (*ScorecardResult) AsString 

func (r *ScorecardResult) AsString(showDetails bool, logLevel log.Level,
	checkDocs docChecks.Doc, writer io.Writer,
) error

AsString returns ScorecardResult in string format.

func (*ScorecardResult) GetAggregateScore 

func (r *ScorecardResult) GetAggregateScore(checkDocs docChecks.Doc) (float64, error)

GetAggregateScore returns the aggregate score.

type ScorecardResultWithError 

type ScorecardResultWithError struct {
	// ScorecardResult is the scorecard result for the dependency repo.
	ScorecardResult *ScorecardResult

	// Error is an error returned when running the scorecard checks. A nil Error indicates the run succeeded.
	Error error
}

ScorecardResultWithError is used for the dependency-diff module to record the scorecard result and a error field to record potential errors when the Scorecard run fails.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.