analyse

package

v0.0.0-...-77fb227 Latest Latest Go to latest Published: Jul 3, 2023 License: Apache-2.0 Imports: 24 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/rhecosystemappeng/crda-cli

Links

Open Source Insights

Documentation ¶

Index ¶

Variables
func GetStackReport(ctx context.Context, manifest *Manifest, manifestPath string, ...) error
func IsSupportedManifestPath(filePath string) error
type JavaMavenTreeProvider
- func (a *JavaMavenTreeProvider) Provide(ctx context.Context, manifestPath string) ([]byte, string, error)
type Manifest
- func GetManifest(fileName string) (*Manifest, error)
type PomDependencies
type PomDependency
type PomProject
type TreeProvider

Constants ¶

This section is empty.

Variables ¶

View Source

var (
	JavaMaven = Manifest{"pom.xml", "maven", &JavaMavenTreeProvider{}}
	PythonPip = Manifest{"requirements.txt", "maven", nil}
	NodeJS    = Manifest{"package.json", "npm", nil}
	GoModule  = Manifest{"go.mod", "go", nil}
)

View Source

var SupportedManifests = []Manifest{JavaMaven, PythonPip, NodeJS, GoModule}

View Source

var SupportedManifestsFilenames []string

Functions ¶

func GetStackReport ¶

func GetStackReport(
	ctx context.Context,
	manifest *Manifest,
	manifestPath string,
	tokens map[backend.HeaderTokenKeyType]string,
	jsonOut, verboseOut bool,
) error

GetStackReport is used for requesting a stack analysis from the backend server It will print a human-readable report summary to the standard output Use jsonOut=true to print the summary as a machine-readable json object Use verbose=true to include private vulnerabilities in the report

func IsSupportedManifestPath ¶

func IsSupportedManifestPath(filePath string) error

IsSupportedManifestPath is used to load a manifest file from the OS and verify we can support it

Types ¶

type JavaMavenTreeProvider ¶

type JavaMavenTreeProvider struct{}

func (*JavaMavenTreeProvider) Provide ¶

func (a *JavaMavenTreeProvider) Provide(ctx context.Context, manifestPath string) ([]byte, string, error)

Provide of the JavaMavenTreeProvider type implementing TreeProvider will load the pom.xml manifest file, and create a dot graph dependency tree as the for the request content with the "text/vnd.graphviz" content type will ignore dependencies marked with a "crdaignore" comment

type Manifest ¶

type Manifest struct {
	Filename, Ecosystem string
	TreeProvider
}

Manifest is used as a type for binding a file and ecosystem names with a tree provider

func GetManifest ¶

func GetManifest(fileName string) (*Manifest, error)

GetManifest returns the Manifest type for a string returns error then used with an unknown manifest file

type PomDependencies ¶

type PomDependencies struct {
	Dependency []PomDependency `xml:"dependency"`
}

type PomDependency ¶

type PomDependency struct {
	Comment    string `xml:",comment"`
	GroupId    string `xml:"groupId"`
	ArtifactId string `xml:"artifactId"`
	Version    string `xml:"version,omitempty"`
}

type PomProject ¶

type PomProject struct {
	Dependencies PomDependencies `xml:"dependencies"`
}

type TreeProvider ¶

type TreeProvider interface {
	// Provide is used for providing a dependency tree that will be used as the backend request body content
	// it is also in charge of providing the body content type
	// should return an error if failed to create the dependency tree
	Provide(ctx context.Context, manifestPath string) ([]byte, string, error)
}

TreeProvider is used to contract dependency trees providers i.e. Java-Maven, Node-JS

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL