Documentation
¶
Index ¶
- Constants
- func MarkdownLines(markdown string) []string
- func PublicSanitizeFindings(in []risk.ScoredFinding) []risk.ScoredFinding
- func RenderCampaignPublicMarkdown(artifact CampaignArtifact) string
- func RenderMarkdown(summary Summary) string
- func SelectTopFindings(report risk.Report, requested int) []risk.ScoredFinding
- type AttackPathSummary
- type BuildInput
- type CampaignArtifact
- type CampaignDetector
- type CampaignMethodology
- type CampaignMetrics
- type CampaignOptions
- type CampaignScanInput
- type CampaignScanResult
- type CampaignSegmentBucket
- type CampaignSegments
- type ChecklistItem
- type DeltaMetric
- type DeltaSummary
- type Headline
- type LifecycleSummary
- type LifecycleTransition
- type Methodology
- type ProofReference
- type ReasonGroup
- type RecordTypeCount
- type RegressSummary
- type RiskItem
- type Section
- type SegmentMetadata
- type ShareProfile
- type Summary
- type Template
Constants ¶
View Source
const ( SectionHeadline = "headline_posture" SectionMethodology = "methodology" SectionTopRisks = "top_prioritized_risks" SectionChanges = "change_since_previous" SectionLifecycle = "lifecycle_actions" SectionProof = "proof_verification_footer" SectionNextAction = "next_actions" )
View Source
const SummaryVersion = "v1"
Variables ¶
This section is empty.
Functions ¶
func MarkdownLines ¶
func PublicSanitizeFindings ¶
func PublicSanitizeFindings(in []risk.ScoredFinding) []risk.ScoredFinding
func RenderCampaignPublicMarkdown ¶ added in v1.0.2
func RenderCampaignPublicMarkdown(artifact CampaignArtifact) string
func RenderMarkdown ¶
func SelectTopFindings ¶
func SelectTopFindings(report risk.Report, requested int) []risk.ScoredFinding
Types ¶
type AttackPathSummary ¶ added in v1.0.5
type BuildInput ¶
type CampaignArtifact ¶ added in v1.0.2
type CampaignArtifact struct {
SchemaVersion string `json:"schema_version"`
GeneratedAt string `json:"generated_at"`
InputGlob string `json:"input_glob,omitempty"`
Methodology CampaignMethodology `json:"methodology"`
Metrics CampaignMetrics `json:"metrics"`
Segments CampaignSegments `json:"segments"`
Scans []CampaignScanResult `json:"scans"`
}
func AggregateCampaign ¶ added in v1.0.2
func AggregateCampaign(inputs []CampaignScanInput, generatedAt time.Time) CampaignArtifact
func AggregateCampaignWithOptions ¶ added in v1.0.2
func AggregateCampaignWithOptions(inputs []CampaignScanInput, generatedAt time.Time, opts CampaignOptions) CampaignArtifact
type CampaignDetector ¶ added in v1.0.2
type CampaignMethodology ¶ added in v1.0.2
type CampaignMethodology struct {
WrkrVersion string `json:"wrkr_version"`
ScanCount int `json:"scan_count"`
RepoCount int `json:"repo_count"`
FileCountProcessed int `json:"file_count_processed"`
Detectors []CampaignDetector `json:"detectors"`
}
type CampaignMetrics ¶ added in v1.0.2
type CampaignMetrics struct {
ReposScanned int `json:"repos_scanned"`
ToolsDetectedTotal int `json:"tools_detected_total"`
WriteCapableTools int `json:"write_capable_tools"`
CredentialAccessTools int `json:"credential_access_tools"`
ExecCapableTools int `json:"exec_capable_tools"`
ApprovedTools int `json:"approved_tools"`
UnapprovedTools int `json:"unapproved_tools"`
UnknownTools int `json:"unknown_tools"`
ApprovedPercent float64 `json:"approved_percent"`
UnapprovedPercent float64 `json:"unapproved_percent"`
UnknownPercent float64 `json:"unknown_percent"`
UnapprovedPerApproved *float64 `json:"unapproved_per_approved"`
ProductionWriteStatus string `json:"production_write_status"`
ProductionWriteTools *int `json:"production_write_tools"`
}
type CampaignOptions ¶ added in v1.0.2
type CampaignOptions struct {
SegmentMetadata map[string]SegmentMetadata
}
type CampaignScanInput ¶ added in v1.0.2
type CampaignScanInput struct {
Path string
Target source.Target
SourceManifest source.Manifest
Inventory *agginventory.Inventory
PrivilegeBudget agginventory.PrivilegeBudget
Findings []source.Finding
}
type CampaignScanResult ¶ added in v1.0.2
type CampaignScanResult struct {
Path string `json:"path"`
TargetMode string `json:"target_mode"`
TargetValue string `json:"target_value"`
RepoCount int `json:"repo_count"`
ToolsDetected int `json:"tools_detected"`
WriteCapableTools int `json:"write_capable_tools"`
CredentialAccessTool int `json:"credential_access_tools"`
ExecCapableTools int `json:"exec_capable_tools"`
}
type CampaignSegmentBucket ¶ added in v1.0.2
type CampaignSegments ¶ added in v1.0.2
type CampaignSegments struct {
OrgSizeBands []CampaignSegmentBucket `json:"org_size_bands"`
IndustryBands []CampaignSegmentBucket `json:"industry_bands"`
}
type ChecklistItem ¶
type DeltaMetric ¶
type DeltaSummary ¶
type DeltaSummary struct {
RiskScoreTrend DeltaMetric `json:"risk_score_trend"`
ProfileComplianceDelta DeltaMetric `json:"profile_compliance_delta"`
PostureScoreTrend DeltaMetric `json:"posture_score_trend_delta"`
}
type LifecycleSummary ¶
type LifecycleSummary struct {
IdentityCount int `json:"identity_count"`
UnderReviewCount int `json:"under_review_count"`
RevokedCount int `json:"revoked_count"`
DeprecatedCount int `json:"deprecated_count"`
PendingActionCount int `json:"pending_action_count"`
RecentTransitions []LifecycleTransition `json:"recent_transitions"`
}
type LifecycleTransition ¶
type Methodology ¶ added in v1.0.2
type Methodology struct {
WrkrVersion string `json:"wrkr_version"`
ScanStartedAt string `json:"scan_started_at"`
ScanCompletedAt string `json:"scan_completed_at"`
ScanDurationSeconds float64 `json:"scan_duration_seconds"`
RepoCount int `json:"repo_count"`
FileCountProcessed int `json:"file_count_processed"`
DetectorCount int `json:"detector_count"`
CommandSet []string `json:"command_set"`
SampleDefinition string `json:"sample_definition"`
ExclusionCriteria []string `json:"exclusion_criteria"`
}
type ProofReference ¶
type ProofReference struct {
ChainPath string `json:"chain_path"`
HeadHash string `json:"head_hash"`
RecordCount int `json:"record_count"`
RecordTypeCounts []RecordTypeCount `json:"record_type_counts"`
CanonicalFindingKeys []string `json:"canonical_finding_keys"`
}
type ReasonGroup ¶
type RecordTypeCount ¶
type RegressSummary ¶
type RegressSummary struct {
BaselineProvided bool `json:"baseline_provided"`
DriftDetected bool `json:"drift_detected"`
ReasonCount int `json:"reason_count"`
ReasonGroups []ReasonGroup `json:"reason_groups"`
}
type RiskItem ¶
type RiskItem struct {
Rank int `json:"rank"`
CanonicalKey string `json:"canonical_key"`
Score float64 `json:"risk_score"`
FindingType string `json:"finding_type"`
Severity string `json:"severity"`
ToolType string `json:"tool_type"`
Org string `json:"org"`
Repo string `json:"repo"`
Location string `json:"location"`
Rationale []string `json:"rationale"`
Remediation string `json:"remediation"`
}
type SegmentMetadata ¶ added in v1.0.2
type ShareProfile ¶
type ShareProfile string
const ( )
func ParseShareProfile ¶
func ParseShareProfile(raw string) (ShareProfile, bool)
type Summary ¶
type Summary struct {
SummaryVersion string `json:"summary_version"`
GeneratedAt string `json:"generated_at"`
Template string `json:"template"`
SectionOrder []string `json:"section_order"`
Sections []Section `json:"sections"`
Headline Headline `json:"headline"`
Methodology Methodology `json:"methodology"`
TopRisks []RiskItem `json:"top_risks"`
PrivilegeBudget agginventory.PrivilegeBudget `json:"privilege_budget"`
Deltas DeltaSummary `json:"deltas"`
Lifecycle LifecycleSummary `json:"lifecycle"`
RegressDrift *RegressSummary `json:"regress_drift,omitempty"`
AttackPaths AttackPathSummary `json:"attack_paths"`
Proof ProofReference `json:"proof"`
NextActions []ChecklistItem `json:"next_actions"`
}
func BuildSummary ¶
func BuildSummary(in BuildInput) (Summary, error)
BuildSummary composes deterministic report sections from scan, risk, score, lifecycle, regress, and proof data. Non-goal guardrail: this path must remain deterministic and non-generative.
Source Files
Directories
Click to show internal directories.
Click to hide internal directories.