internal/

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

Links

Open Source Insights

Directories ¶

Path	Synopsis
adapters
go
java Package java implements a gorisk analyzer for Java projects.	Package java implements a gorisk analyzer for Java projects.
node
php
python Package python implements a gorisk analyzer for Python projects.	Package python implements a gorisk analyzer for Python projects.
ruby Package ruby implements a gorisk analyzer for Ruby projects.	Package ruby implements a gorisk analyzer for Ruby projects.
rust Package rust implements a gorisk analyzer for Rust projects.	Package rust implements a gorisk analyzer for Rust projects.
analyzer
astpipeline
cache
capability
engines
integrity Package integrity validates checksum and integrity metadata in lockfiles.	Package integrity validates checksum and integrity metadata in lockfiles.
topology Package topology computes lockfile-structure risk signals.	Package topology computes lockfile-structure risk signals.
versiondiff Package versiondiff compares lockfile states to compute per-package risk deltas.	Package versiondiff compares lockfile states to compute per-package risk deltas.
graph
health
history
impact
interproc Package interproc provides interprocedural analysis capabilities for context-sensitive call graph analysis and taint tracking.	Package interproc provides interprocedural analysis capabilities for context-sensitive call graph analysis and taint tracking.
ir
license
plugin Package plugin provides gorisk's plugin loading infrastructure.	Package plugin provides gorisk's plugin loading infrastructure.
prdiff
priority Package priority computes composite risk scores combining capability, reachability, CVE, and taint analysis signals.	Package priority computes composite risk scores combining capability, reachability, CVE, and taint analysis signals.
reachability
report
sbom
taint Package taint identifies packages that act as source→sink conduits — the highest-signal supply-chain finding: capabilities that both receive untrusted input and perform a dangerous operation.	Package taint identifies packages that act as source→sink conduits — the highest-signal supply-chain finding: capabilities that both receive untrusted input and perform a dangerous operation.
transitive
upgrade

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL