The highest tagged major version is
Documentation
¶
Index ¶
- type Component
- type Components
- type CycloneDxReport
- type GitlabSASTReport
- type Hash
- type Issue
- type JUnitReport
- type Location
- type Metadata
- type Range
- type Rating
- type Recommendation
- type SarifReport
- type SarifRun
- type SonarQubeReport
- type SonarQubeReportBuilder
- type Source
- type Tool
- type Vulnerability
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type Component ¶ added in v1.4.9
type Component struct {
// component tag information
Type string `xml:"type,attr"`
BomRef string `xml:"bom-ref,attr"`
// component body information
Name string `xml:"name"`
Version string `xml:"version"`
Hashes []Hash `xml:"hashes>hash"`
Purl string `xml:"purl"`
Vulnerabilities []Vulnerability `xml:"v:vulnerabilities>v:vulnerability"`
}
Component includes the CycloneDX component structure properties considered relevant
type Components ¶ added in v1.4.9
type Components struct {
Components []Component `xml:"component"`
}
Components is a list of components
type CycloneDxReport ¶ added in v1.4.9
type CycloneDxReport struct {
XMLName xml.Name `xml:"bom"`
// bom tag information
XMLNS string `xml:"xmlns,attr"`
SerialNumber string `xml:"serialNumber,attr"`
XMLNSV string `xml:"xmlns:v,attr"`
Version int `xml:"version,attr"`
// bom body information
Metadata *Metadata `xml:"metadata"`
Components Components `xml:"components"`
}
CycloneDxReport includes all the properties considered relevant for the CycloneDX Report
func BuildCycloneDxReport ¶ added in v1.4.9
func BuildCycloneDxReport(summary *model.Summary) *CycloneDxReport
BuildCycloneDxReport builds the CycloneDX report
func InitCycloneDxReport ¶ added in v1.4.9
func InitCycloneDxReport() *CycloneDxReport
InitCycloneDxReport inits the CycloneDx report with no components (consequently, no vulnerabilities)
type GitlabSASTReport ¶
type GitlabSASTReport interface {
BuildGitlabSASTVulnerability(issue *model.QueryResult, file *model.VulnerableFile)
}
GitlabSASTReport represents a usable gitlab sast report reference
func NewGitlabSASTReport ¶
func NewGitlabSASTReport(start, end time.Time) GitlabSASTReport
NewGitlabSASTReport initializes a new instance of GitlabSASTReport to be uses
type Hash ¶ added in v1.4.9
Hash includes the algorithm used in the HASH function and the output of it (content)
type Issue ¶ added in v1.4.8
type Issue struct {
EngineID string `json:"engineId"`
RuleID string `json:"ruleId"`
Severity string `json:"severity"`
Type string `json:"type"`
PrimaryLocation *Location `json:"primaryLocation"`
SecondaryLocations []*Location `json:"secondaryLocations,omitempty"`
}
Issue is a single issue for SonarQube Report
type JUnitReport ¶ added in v1.4.9
type JUnitReport interface {
GenerateTestEntry(query *model.QueryResult)
FinishReport()
}
JUnitReport is a JUnit report representation
func NewJUnitReport ¶ added in v1.4.9
func NewJUnitReport(time string) JUnitReport
NewJUnitReport creates a new JUnit report instance
type Location ¶ added in v1.4.8
type Location struct {
Message string `json:"message"`
FilePath string `json:"filePath"`
TextRange *Range `json:"textRange"`
}
Location is the location for the vulnerability in the SonarQube Report
type Metadata ¶ added in v1.4.9
type Metadata struct {
Timestamp string `xml:"timestamp"` // the timestamp when the CycloneDX report is created
Tools *[]Tool `xml:"tools>tool"` // array of tools used to create the CycloneDX report
}
Metadata includes the relevant additional information about the CycloneDX report
type Range ¶ added in v1.4.8
type Range struct {
StartLine int `json:"startLine"`
}
Range is the range for the vulnerability in the SonarQube Report
type Rating ¶ added in v1.4.9
Rating includes the severity of the vulnerability and the method used to classify it
type Recommendation ¶ added in v1.4.9
type Recommendation struct {
Recommendation string `xml:""`
}
Recommendation describes how the vulnerability should be avoided
type SarifReport ¶
type SarifReport interface {
BuildSarifIssue(issue *model.QueryResult)
}
SarifReport represents a usable sarif report reference
func NewSarifReport ¶
func NewSarifReport() SarifReport
NewSarifReport creates and start a new sarif report with default values respecting SARIF schema 2.1.0
type SarifRun ¶ added in v1.3.3
type SarifRun struct {
Tool sarifTool `json:"tool"`
Results []sarifResult `json:"results"`
Taxonomies []sarifTaxonomy `json:"taxonomies"`
}
SarifRun - sarifRun is a component of the SARIF report
type SonarQubeReport ¶ added in v1.4.8
type SonarQubeReport struct {
Issues []Issue `json:"issues"`
}
SonarQubeReport is a list of issues for SonarQube Report
type SonarQubeReportBuilder ¶ added in v1.4.8
type SonarQubeReportBuilder struct {
// contains filtered or unexported fields
}
SonarQubeReportBuilder is the builder for the SonarQubeReport struct
func NewSonarQubeRepory ¶ added in v1.4.8
func NewSonarQubeRepory() *SonarQubeReportBuilder
NewSonarQubeRepory creates a new SonarQubeReportBuilder instance
func (*SonarQubeReportBuilder) BuildReport ¶ added in v1.4.8
func (s *SonarQubeReportBuilder) BuildReport(summary *model.Summary) *SonarQubeReport
BuildReport builds the SonarQubeReport from the given QueryResults
type Source ¶ added in v1.4.9
Source includes information about the origin where the vulnerability was reported
type Tool ¶ added in v1.4.9
type Tool struct {
Vendor string `xml:"vendor"`
Name string `xml:"name"`
Version string `xml:"version"`
}
Tool includes the information about the tool used to create the CycloneDX report
type Vulnerability ¶ added in v1.4.9
type Vulnerability struct {
// vulnerability tag information
Ref string `xml:"ref,attr"`
// vulnerability body information
ID string `xml:"v:id"`
Source Source `xml:"v:source"`
Ratings []Rating `xml:"v:ratings>v:rating"`
Description string `xml:"v:description"`
Recommendations []Recommendation `xml:"v:recommendations>v:recommendation"`
}
Vulnerability includes all the relevant information about the vulnerability
Source Files