The highest tagged major version is
Documentation
¶
Index ¶
- type AsffRecommendation
- type AwsAccountInfo
- type AwsSecurityFinding
- type CSVReport
- type CodeClimateReport
- type Compliance
- type Component
- type Components
- type CycloneDxReport
- type GitlabSASTReport
- type Hash
- type Issue
- type JUnitReport
- type Location
- type Metadata
- type Range
- type Rating
- type Recommendation
- type Remediation
- type Resource
- type SarifReport
- type SarifRun
- type Severity
- type SonarQubeReport
- type SonarQubeReportBuilder
- type Source
- type Tool
- type Vulnerability
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type AsffRecommendation ¶ added in v1.5.0
type AsffRecommendation struct {
Text string
}
AsffRecommendation includes the recommendation to avoid the finding
type AwsAccountInfo ¶ added in v1.5.0
AwsAccountInfo contains all the relevant information of the user AWS account
type AwsSecurityFinding ¶ added in v1.5.0
type AwsSecurityFinding struct {
AwsAccountID string `json:"AwsAccountId"`
Compliance Compliance
CreatedAt string
Description string
GeneratorID string `json:"GeneratorId"`
ID string `json:"Id"`
ProductArn string
Remediation Remediation
Resources []Resource
SchemaVersion string
Severity Severity
Title string
Types []string
UpdatedAt string
CWE string
}
AwsSecurityFinding contains all the relevant information to build a finding
func BuildASFF ¶ added in v1.5.0
func BuildASFF(summary *model.Summary) []AwsSecurityFinding
BuildASFF builds the ASFF report
type CSVReport ¶ added in v1.5.5
type CSVReport struct {
QueryName string `csv:"query_name"`
QueryID string `csv:"query_id"`
QueryURI string `csv:"query_uri"`
Severity string `csv:"severity"`
Platform string `csv:"platform"`
CWE string `csv:"cwe,omitempty"`
CloudProvider string `csv:"cloud_provider"`
Category string `csv:"category"`
DescriptionID string `csv:"description_id"`
Description string `csv:"description"`
CISDescriptionIDFormatted string `csv:"cis_description_id"`
CISDescriptionTitle string `csv:"cis_description_title"`
CISDescriptionTextFormatted string `csv:"cis_description_text"`
FileName string `csv:"file_name"`
SimilarityID string `csv:"similarity_id"`
Line int `csv:"line"`
IssueType string `csv:"issue_type"`
SearchKey string `csv:"search_key"`
SearchLine int `csv:"search_line"`
SearchValue string `csv:"search_value"`
ExpectedValue string `csv:"expected_value"`
ActualValue string `csv:"actual_value"`
}
CSVReport struct contains all the info to create the csv report
func BuildCSVReport ¶ added in v1.5.5
BuildCSVReport builds the CSV report
type CodeClimateReport ¶ added in v1.5.7
type CodeClimateReport struct {
Type string `json:"type"`
CheckName string `json:"check_name"`
CWE string `json:"cwe,omitempty"`
Description string `json:"description"`
Categories []string `json:"categories"`
Location location `json:"location"`
Severity string `json:"severity"`
Fingerprint string `json:"fingerprint"`
}
CodeClimateReport struct contains all the info to create the code climate report
func BuildCodeClimateReport ¶ added in v1.5.7
func BuildCodeClimateReport(summary *model.Summary) []CodeClimateReport
BuildCodeClimateReport builds the code climate report
type Compliance ¶ added in v1.5.0
type Compliance struct {
Status string
}
Compliance contains the status of the finding
type Component ¶ added in v1.4.9
type Component struct {
// component tag information
Type string `xml:"type,attr"`
BomRef string `xml:"bom-ref,attr"`
// component body information
Name string `xml:"name"`
Version string `xml:"version"`
Hashes []Hash `xml:"hashes>hash"`
Purl string `xml:"purl"`
Vulnerabilities []Vulnerability `xml:"v:vulnerabilities>v:vulnerability"`
}
Component includes the CycloneDX component structure properties considered relevant
type Components ¶ added in v1.4.9
type Components struct {
Components []Component `xml:"component"`
}
Components is a list of components
type CycloneDxReport ¶ added in v1.4.9
type CycloneDxReport struct {
XMLName xml.Name `xml:"bom"`
// bom tag information
XMLNS string `xml:"xmlns,attr"`
SerialNumber string `xml:"serialNumber,attr"`
XMLNSV string `xml:"xmlns:v,attr"`
Version int `xml:"version,attr"`
// bom body information
Metadata *Metadata `xml:"metadata"`
Components Components `xml:"components"`
}
CycloneDxReport includes all the properties considered relevant for the CycloneDX Report
func BuildCycloneDxReport ¶ added in v1.4.9
func BuildCycloneDxReport(summary *model.Summary, filePaths map[string]string) *CycloneDxReport
BuildCycloneDxReport builds the CycloneDX report
func InitCycloneDxReport ¶ added in v1.4.9
func InitCycloneDxReport() *CycloneDxReport
InitCycloneDxReport inits the CycloneDx report with no components (consequently, no vulnerabilities)
type GitlabSASTReport ¶
type GitlabSASTReport interface {
BuildGitlabSASTVulnerability(issue *model.QueryResult, file *model.VulnerableFile)
}
GitlabSASTReport represents a usable gitlab sast report reference
func NewGitlabSASTReport ¶
func NewGitlabSASTReport(start, end time.Time) GitlabSASTReport
NewGitlabSASTReport initializes a new instance of GitlabSASTReport to be used
type Hash ¶ added in v1.4.9
Hash includes the algorithm used in the HASH function and the output of it (content)
type Issue ¶ added in v1.4.8
type Issue struct {
EngineID string `json:"engineId"`
RuleID string `json:"ruleId"`
Severity string `json:"severity"`
CWE string `json:"cwe,omitempty"`
Type string `json:"type"`
PrimaryLocation *Location `json:"primaryLocation"`
SecondaryLocations []*Location `json:"secondaryLocations,omitempty"`
}
Issue is a single issue for SonarQube Report
type JUnitReport ¶ added in v1.4.9
type JUnitReport interface {
GenerateTestEntry(query *model.QueryResult)
FinishReport()
}
JUnitReport is a JUnit report representation
func NewJUnitReport ¶ added in v1.4.9
func NewJUnitReport(time string) JUnitReport
NewJUnitReport creates a new JUnit report instance
type Location ¶ added in v1.4.8
type Location struct {
Message string `json:"message"`
FilePath string `json:"filePath"`
TextRange *Range `json:"textRange"`
}
Location is the location for the vulnerability in the SonarQube Report
type Metadata ¶ added in v1.4.9
type Metadata struct {
Timestamp string `xml:"timestamp"` // the timestamp when the CycloneDX report is created
Tools *[]Tool `xml:"tools>tool"` // array of tools used to create the CycloneDX report
}
Metadata includes the relevant additional information about the CycloneDX report
type Range ¶ added in v1.4.8
type Range struct {
StartLine int `json:"startLine"`
}
Range is the range for the vulnerability in the SonarQube Report
type Rating ¶ added in v1.4.9
Rating includes the severity of the vulnerability and the method used to classify it
type Recommendation ¶ added in v1.4.9
type Recommendation struct {
Recommendation string `xml:""`
}
Recommendation describes how the vulnerability should be avoided
type Remediation ¶ added in v1.5.0
type Remediation struct {
Recommendation AsffRecommendation
}
Remediation contains the recommendation
type SarifReport ¶
type SarifReport interface {
BuildSarifIssue(issue *model.QueryResult) string
RebuildTaxonomies(cwes []string, guids map[string]string)
GetGUIDFromRelationships(idx int, cweID string) string
}
SarifReport represents a usable sarif report reference
func NewSarifReport ¶
func NewSarifReport() SarifReport
NewSarifReport creates and start a new sarif report with default values respecting SARIF schema 2.1.0
type SarifRun ¶ added in v1.3.3
type SarifRun struct {
Tool sarifTool `json:"tool"`
Results []sarifResult `json:"results"`
Taxonomies []sarifTaxonomy `json:"taxonomies"`
}
SarifRun - sarifRun is a component of the SARIF report
type Severity ¶ added in v1.5.0
Severity contains the original severity (KICS severity) and the label severity (ASFF severity)
type SonarQubeReport ¶ added in v1.4.8
type SonarQubeReport struct {
Issues []Issue `json:"issues"`
}
SonarQubeReport is a list of issues for SonarQube Report
type SonarQubeReportBuilder ¶ added in v1.4.8
type SonarQubeReportBuilder struct {
// contains filtered or unexported fields
}
SonarQubeReportBuilder is the builder for the SonarQubeReport struct
func NewSonarQubeRepory ¶ added in v1.4.8
func NewSonarQubeRepory() *SonarQubeReportBuilder
NewSonarQubeRepory creates a new SonarQubeReportBuilder instance
func (*SonarQubeReportBuilder) BuildReport ¶ added in v1.4.8
func (s *SonarQubeReportBuilder) BuildReport(summary *model.Summary) *SonarQubeReport
BuildReport builds the SonarQubeReport from the given QueryResults
type Source ¶ added in v1.4.9
Source includes information about the origin where the vulnerability was reported
type Tool ¶ added in v1.4.9
type Tool struct {
Vendor string `xml:"vendor"`
Name string `xml:"name"`
Version string `xml:"version"`
}
Tool includes the information about the tool used to create the CycloneDX report
type Vulnerability ¶ added in v1.4.9
type Vulnerability struct {
// vulnerability tag information
Ref string `xml:"ref,attr"`
// vulnerability body information
ID string `xml:"v:id"`
CWE string `xml:"v:cwe"`
Source Source `xml:"v:source"`
Ratings []Rating `xml:"v:ratings>v:rating"`
Description string `xml:"v:description"`
Recommendations []Recommendation `xml:"v:recommendations>v:recommendation"`
}
Vulnerability includes all the relevant information about the vulnerability
Source Files