scanner

package
v2.7.2 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Nov 1, 2022 License: Apache-2.0 Imports: 8 Imported by: 8

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func GetFixVersion 

func GetFixVersion(vulnerability Vulnerability) string

TODO can be multiple fix version?

func PrintIgnoredVulnerabilities 

func PrintIgnoredVulnerabilities(vulnerabilities []MergedVulnerability)

Types

type CVSS 

type CVSS struct {
	Version        string      `json:"version"`
	Vector         string      `json:"vector"`
	Metrics        CvssMetrics `json:"metrics"`
	VendorMetadata interface{} `json:"vendorMetadata"`
}

type CvssMetrics 

type CvssMetrics struct {
	BaseScore           float64  `json:"baseScore"`
	ExploitabilityScore *float64 `json:"exploitabilityScore,omitempty"`
	ImpactScore         *float64 `json:"impactScore,omitempty"`
}

type DiffInfo 

type DiffInfo struct {
	CompareToID string                 `json:"compareToID"`
	JSONDiff    map[string]interface{} `json:"jsonDiff"`
	ASCIIDiff   string                 `json:"asciiDiff"`
}

type Distro 

type Distro struct {
	Name    string   `json:"name"`    // Name of the Linux distribution
	Version string   `json:"version"` // Version of the Linux distribution (major or major.minor version)
	IDLike  []string `json:"idLike"`  // the ID_LIKE field found within the /etc/os-release file
}

Distro provides information about a detected Linux distribution.

type Fix 

type Fix struct {
	Versions []string `json:"versions"`
	State    string   `json:"state"`
}

type Info 

type Info struct {
	Name string `json:"name"`
}

type Match 

type Match struct {
	Vulnerability Vulnerability `json:"vulnerability"`
}

type Matches 

type Matches []Match

type MergedResults 

type MergedResults struct {
	MergedVulnerabilitiesByKey map[VulnerabilityKey][]MergedVulnerability
	Source                     Source
}

func NewMergedResults 

func NewMergedResults() *MergedResults

func (*MergedResults) Merge 

func (m *MergedResults) Merge(other *Results) *MergedResults

func (*MergedResults) SetHash 

func (m *MergedResults) SetHash(hash string)

func (*MergedResults) SetName 

func (m *MergedResults) SetName(name string)

func (*MergedResults) SetSource 

func (m *MergedResults) SetSource(src Source)

func (*MergedResults) SetType 

func (m *MergedResults) SetType(srcType string)

func (*MergedResults) ToSlice 

func (m *MergedResults) ToSlice() [][]MergedVulnerability

ToSlice returns MergedResults in a slice format and not by key.

type MergedVulnerability 

type MergedVulnerability struct {
	ID            string        `json:"id"` // Merged vulnerability ID used in DiffInfo - THIS IS NOT THE CVE ID
	Vulnerability Vulnerability `json:"vulnerability"`
	ScannersInfo  []Info        `json:"scanners"`
	Diffs         []DiffInfo    `json:"diffs"`
}

func SortBySeverityAndCVSS 

func SortBySeverityAndCVSS(vulnerabilities []MergedVulnerability) []MergedVulnerability

SortBySeverityAndCVSS sorts vulnerabilities by severity, CVSSv3.1, CVSSv3.0 and CVSSv2.0.

func (*MergedVulnerability) AppendDiffInfo 

func (mv *MergedVulnerability) AppendDiffInfo(diff DiffInfo) *MergedVulnerability

func (*MergedVulnerability) AppendScannerInfo 

func (mv *MergedVulnerability) AppendScannerInfo(info Info) *MergedVulnerability

type Package 

type Package struct {
	Name     string   `json:"name"`
	Version  string   `json:"version"`
	Type     string   `json:"type"`     // apk, gem, deb, ...
	Language string   `json:"language"` // java, python, go, ...
	Licenses []string `json:"licenses"`
	CPEs     []string `json:"cpes"`
	PURL     string   `json:"purl"`
}

type Results 

type Results struct {
	Matches     Matches `json:"matches"`
	ScannerInfo Info    `json:"scanner"`
	Source      Source  `json:"source"`
	Error       error   `json:"-"`
}

func (*Results) GetError 

func (r *Results) GetError() error

type Source 

type Source struct {
	Type string `json:"type"`
	// Name is the path in the case of the input type is dir or file, and userInput in the case of input type is image
	Name string `json:"name"`
	Hash string `json:"hash"`
}

type Vulnerability 

type Vulnerability struct {
	ID          string   `json:"id"`
	Description string   `json:"description,omitempty"`
	Links       []string `json:"links"`
	Distro      Distro   `json:"distro"`
	CVSS        []CVSS   `json:"cvss"`
	Fix         Fix      `json:"fix"`
	Severity    string   `json:"severity,omitempty"`
	Package     Package  `json:"package"`
	LayerID     string   `json:"layerID"`
	Path        string   `json:"path"`
}

type VulnerabilityKey 

type VulnerabilityKey string // Unique identification of a vulnerability ID per package (name and version)

Source Files

View all Source files

Directories

Path Synopsis
api/client/client
api/client/client/bom
api/client/client/component
api/client/client/finding
api/client/client/project
api/client/client/vulnerability
api/client/models

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.