Directories
¶
| Path | Synopsis |
|---|---|
|
adapters
|
|
|
dart
Package dart implements a gorisk analyzer for Dart/Flutter projects.
|
Package dart implements a gorisk analyzer for Dart/Flutter projects. |
|
dotnet
Package dotnet implements a gorisk analyzer for C#/.NET projects.
|
Package dotnet implements a gorisk analyzer for C#/.NET projects. |
|
elixir
Package elixir implements a gorisk analyzer for Elixir/Erlang projects.
|
Package elixir implements a gorisk analyzer for Elixir/Erlang projects. |
|
java
Package java implements a gorisk analyzer for Java projects.
|
Package java implements a gorisk analyzer for Java projects. |
|
python
Package python implements a gorisk analyzer for Python projects.
|
Package python implements a gorisk analyzer for Python projects. |
|
ruby
Package ruby implements a gorisk analyzer for Ruby projects.
|
Package ruby implements a gorisk analyzer for Ruby projects. |
|
rust
Package rust implements a gorisk analyzer for Rust projects.
|
Package rust implements a gorisk analyzer for Rust projects. |
|
swift
Package swift implements a gorisk analyzer for Swift / Swift Package Manager (SPM) projects.
|
Package swift implements a gorisk analyzer for Swift / Swift Package Manager (SPM) projects. |
|
engines
|
|
|
integrity
Package integrity validates checksum and integrity metadata in lockfiles.
|
Package integrity validates checksum and integrity metadata in lockfiles. |
|
topology
Package topology computes lockfile-structure risk signals.
|
Package topology computes lockfile-structure risk signals. |
|
versiondiff
Package versiondiff compares lockfile states to compute per-package risk deltas.
|
Package versiondiff compares lockfile states to compute per-package risk deltas. |
|
Package interproc provides interprocedural analysis capabilities for context-sensitive call graph analysis and taint tracking.
|
Package interproc provides interprocedural analysis capabilities for context-sensitive call graph analysis and taint tracking. |
|
Package plugin provides gorisk's plugin loading infrastructure.
|
Package plugin provides gorisk's plugin loading infrastructure. |
|
Package priority computes composite risk scores combining capability, reachability, CVE, and taint analysis signals.
|
Package priority computes composite risk scores combining capability, reachability, CVE, and taint analysis signals. |
|
Package taint identifies packages that act as source→sink conduits — the highest-signal supply-chain finding: capabilities that both receive untrusted input and perform a dangerous operation.
|
Package taint identifies packages that act as source→sink conduits — the highest-signal supply-chain finding: capabilities that both receive untrusted input and perform a dangerous operation. |
Click to show internal directories.
Click to hide internal directories.