Documentation
¶
Index ¶
- func ApplyGovernFirstProfile(profileName string, paths []ActionPath) ([]ActionPath, *ActionPathToControlFirst)
- func BuildActionPaths(attackPaths []riskattack.ScoredPath, inventory *agginventory.Inventory) ([]ActionPath, *ActionPathToControlFirst)
- func BuildIdentityActionTargets(paths []ActionPath) (*IdentityActionTarget, *IdentityActionTarget)
- type ActionPath
- type ActionPathSummary
- type ActionPathToControlFirst
- type ExposureGroup
- type IdentityActionTarget
- type IdentityExposureSummary
- type OwnerlessExposure
- type RepoAggregate
- type Report
- type ScoredFinding
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func ApplyGovernFirstProfile ¶ added in v1.1.0
func ApplyGovernFirstProfile(profileName string, paths []ActionPath) ([]ActionPath, *ActionPathToControlFirst)
func BuildActionPaths ¶ added in v1.0.11
func BuildActionPaths(attackPaths []riskattack.ScoredPath, inventory *agginventory.Inventory) ([]ActionPath, *ActionPathToControlFirst)
func BuildIdentityActionTargets ¶ added in v1.1.0
func BuildIdentityActionTargets(paths []ActionPath) (*IdentityActionTarget, *IdentityActionTarget)
Types ¶
type ActionPath ¶ added in v1.0.11
type ActionPath struct {
PathID string `json:"path_id"`
Org string `json:"org"`
Repo string `json:"repo"`
AgentID string `json:"agent_id,omitempty"`
ToolType string `json:"tool_type"`
Location string `json:"location,omitempty"`
WriteCapable bool `json:"write_capable"`
OperationalOwner string `json:"operational_owner,omitempty"`
OwnerSource string `json:"owner_source,omitempty"`
OwnershipStatus string `json:"ownership_status,omitempty"`
ApprovalGapReasons []string `json:"approval_gap_reasons,omitempty"`
PullRequestWrite bool `json:"pull_request_write,omitempty"`
MergeExecute bool `json:"merge_execute,omitempty"`
DeployWrite bool `json:"deploy_write,omitempty"`
DeliveryChainStatus string `json:"delivery_chain_status,omitempty"`
ProductionTargetStatus string `json:"production_target_status,omitempty"`
ProductionWrite bool `json:"production_write"`
ApprovalGap bool `json:"approval_gap"`
SecurityVisibilityStatus string `json:"security_visibility_status,omitempty"`
CredentialAccess bool `json:"credential_access"`
DeploymentStatus string `json:"deployment_status,omitempty"`
WorkflowTriggerClass string `json:"workflow_trigger_class,omitempty"`
ExecutionIdentity string `json:"execution_identity,omitempty"`
ExecutionIdentityType string `json:"execution_identity_type,omitempty"`
ExecutionIdentitySource string `json:"execution_identity_source,omitempty"`
ExecutionIdentityStatus string `json:"execution_identity_status,omitempty"`
ExecutionIdentityRationale string `json:"execution_identity_rationale,omitempty"`
BusinessStateSurface string `json:"business_state_surface,omitempty"`
StandingPrivilege bool `json:"standing_privilege,omitempty"`
AttackPathScore float64 `json:"attack_path_score"`
RiskScore float64 `json:"risk_score"`
RecommendedAction string `json:"recommended_action"`
MatchedProductionTargets []string `json:"matched_production_targets,omitempty"`
}
func DecorateActionPaths ¶ added in v1.1.0
func DecorateActionPaths(paths []ActionPath) []ActionPath
type ActionPathSummary ¶ added in v1.0.11
type ActionPathToControlFirst ¶ added in v1.0.11
type ActionPathToControlFirst struct {
Summary ActionPathSummary `json:"summary"`
Path ActionPath `json:"path"`
}
type ExposureGroup ¶ added in v1.1.0
type ExposureGroup struct {
GroupID string `json:"group_id"`
Org string `json:"org"`
Repos []string `json:"repos"`
ToolTypes []string `json:"tool_types"`
ExecutionIdentity string `json:"execution_identity,omitempty"`
ExecutionIdentityType string `json:"execution_identity_type,omitempty"`
ExecutionIdentityStatus string `json:"execution_identity_status,omitempty"`
DeliveryChainStatus string `json:"delivery_chain_status,omitempty"`
WorkflowTriggerClass string `json:"workflow_trigger_class,omitempty"`
BusinessStateSurface string `json:"business_state_surface,omitempty"`
RecommendedAction string `json:"recommended_action"`
StandingPrivilege bool `json:"standing_privilege"`
PathCount int `json:"path_count"`
WriteCapablePathCount int `json:"write_capable_path_count"`
ProductionWritePathCount int `json:"production_write_path_count"`
PathIDs []string `json:"path_ids"`
ExampleRepo string `json:"example_repo,omitempty"`
ExampleLocation string `json:"example_location,omitempty"`
}
func BuildExposureGroups ¶ added in v1.1.0
func BuildExposureGroups(paths []ActionPath) []ExposureGroup
type IdentityActionTarget ¶ added in v1.1.0
type IdentityActionTarget struct {
ExecutionIdentity string `json:"execution_identity,omitempty"`
ExecutionIdentityType string `json:"execution_identity_type,omitempty"`
ExecutionIdentitySource string `json:"execution_identity_source,omitempty"`
RepoCount int `json:"repo_count"`
PathCount int `json:"path_count"`
WriteCapablePathCount int `json:"write_capable_path_count"`
HighImpactPathCount int `json:"high_impact_path_count"`
UnknownToSecurityPathCount int `json:"unknown_to_security_path_count"`
UnresolvedOwnershipPathCount int `json:"unresolved_ownership_path_count"`
StandingPrivilege bool `json:"standing_privilege"`
Rationale []string `json:"rationale,omitempty"`
}
type IdentityExposureSummary ¶ added in v1.1.0
type IdentityExposureSummary struct {
TotalNonHumanIdentitiesObserved int `json:"total_non_human_identities_observed"`
IdentitiesBackingWriteCapablePaths int `json:"identities_backing_write_capable_paths"`
IdentitiesBackingDeployCapablePaths int `json:"identities_backing_deploy_capable_paths"`
IdentitiesWithUnresolvedOwnership int `json:"identities_with_unresolved_ownership"`
IdentitiesWithUnknownExecutionLinked int `json:"identities_with_unknown_execution_correlation"`
}
func BuildIdentityExposureSummary ¶ added in v1.1.0
func BuildIdentityExposureSummary(paths []ActionPath, inventory *agginventory.Inventory) *IdentityExposureSummary
type OwnerlessExposure ¶ added in v1.1.0
type OwnerlessExposure struct {
ExplicitOwnerPaths int `json:"explicit_owner_paths"`
InferredOwnerPaths int `json:"inferred_owner_paths"`
UnresolvedOwnerPaths int `json:"unresolved_owner_paths"`
ConflictOwnerPaths int `json:"conflict_owner_paths"`
}
func BuildOwnerlessExposure ¶ added in v1.1.0
func BuildOwnerlessExposure(paths []ActionPath) *OwnerlessExposure
type RepoAggregate ¶
type Report ¶
type Report struct {
GeneratedAt string `json:"generated_at"`
TopN []ScoredFinding `json:"top_findings"`
Ranked []ScoredFinding `json:"ranked_findings"`
Repos []RepoAggregate `json:"repo_risk"`
AttackPaths []riskattack.ScoredPath `json:"attack_paths,omitempty"`
TopAttackPaths []riskattack.ScoredPath `json:"top_attack_paths,omitempty"`
ActionPaths []ActionPath `json:"action_paths,omitempty"`
ActionPathToControlFirst *ActionPathToControlFirst `json:"action_path_to_control_first,omitempty"`
}
type ScoredFinding ¶
type ScoredFinding struct {
CanonicalKey string `json:"canonical_key"`
Score float64 `json:"risk_score"`
BlastRadius float64 `json:"blast_radius"`
Privilege float64 `json:"privilege_level"`
TrustDeficit float64 `json:"trust_deficit"`
EndpointClass string `json:"endpoint_class"`
DataClass string `json:"data_class"`
AutonomyLevel string `json:"autonomy_level"`
Reasons []string `json:"reasons"`
Finding model.Finding `json:"finding"`
}
Source Files
Directories
Click to show internal directories.
Click to hide internal directories.