Documentation
¶
Index ¶
- Constants
- func ApplySecurityVisibility(inv *Inventory, ref SecurityVisibilityReference)
- func ApplySecurityVisibilityToPrivilegeMap(inv *Inventory)
- func KeyForFinding(finding model.Finding) string
- func ReclassifyApprovalWithMatcher(inv *Inventory, matcher func(Tool) bool)
- type AdoptionSummary
- type Agent
- type AgentBindingContext
- type AgentDeploymentContext
- type AgentPrivilegeMapEntry
- type ApprovalSummary
- type BuildInput
- type ControlRollup
- type Inventory
- type MethodologyDetector
- type MethodologySummary
- type PermissionSurface
- type PrivilegeBudget
- type ProductionWriteBudget
- type RegulationRollup
- type RegulatoryStatus
- type RegulatorySummary
- type SecurityVisibilityReference
- type SecurityVisibilitySummary
- type Summary
- type Tool
- type ToolContext
- type ToolLocation
Constants ¶
View Source
const ( SecurityVisibilityApproved = "approved" SecurityVisibilityKnownUnapproved = "known_unapproved" SecurityVisibilityUnknownToSecurity = "unknown_to_security" )
View Source
const ( ProductionTargetsStatusConfigured = "configured" ProductionTargetsStatusNotConfigured = "not_configured" ProductionTargetsStatusInvalid = "invalid" )
Variables ¶
This section is empty.
Functions ¶
func ApplySecurityVisibility ¶ added in v1.0.9
func ApplySecurityVisibility(inv *Inventory, ref SecurityVisibilityReference)
func ApplySecurityVisibilityToPrivilegeMap ¶ added in v1.0.9
func ApplySecurityVisibilityToPrivilegeMap(inv *Inventory)
func KeyForFinding ¶
func ReclassifyApprovalWithMatcher ¶ added in v1.0.2
ReclassifyApprovalWithMatcher applies explicit approved-list policy matching and recomputes approval summary plus dependent derived fields.
Types ¶
type AdoptionSummary ¶ added in v1.0.2
type Agent ¶ added in v1.0.8
type Agent struct {
AgentID string `json:"agent_id" yaml:"agent_id"`
AgentInstanceID string `json:"agent_instance_id" yaml:"agent_instance_id"`
Framework string `json:"framework" yaml:"framework"`
Symbol string `json:"symbol,omitempty" yaml:"symbol,omitempty"`
SecurityVisibilityStatus string `json:"security_visibility_status,omitempty" yaml:"security_visibility_status,omitempty"`
Org string `json:"org" yaml:"org"`
Repo string `json:"repo" yaml:"repo"`
Location string `json:"location" yaml:"location"`
LocationRange *model.LocationRange `json:"location_range,omitempty" yaml:"location_range,omitempty"`
BoundTools []string `json:"bound_tools,omitempty" yaml:"bound_tools,omitempty"`
BoundDataSources []string `json:"bound_data_sources,omitempty" yaml:"bound_data_sources,omitempty"`
BoundAuthSurfaces []string `json:"bound_auth_surfaces,omitempty" yaml:"bound_auth_surfaces,omitempty"`
BindingEvidenceKeys []string `json:"binding_evidence_keys,omitempty" yaml:"binding_evidence_keys,omitempty"`
MissingBindings []string `json:"missing_bindings,omitempty" yaml:"missing_bindings,omitempty"`
DeploymentStatus string `json:"deployment_status,omitempty" yaml:"deployment_status,omitempty"`
DeploymentArtifacts []string `json:"deployment_artifacts,omitempty" yaml:"deployment_artifacts,omitempty"`
DeploymentEvidenceKeys []string `json:"deployment_evidence_keys,omitempty" yaml:"deployment_evidence_keys,omitempty"`
}
type AgentBindingContext ¶ added in v1.0.8
type AgentDeploymentContext ¶ added in v1.0.8
type AgentPrivilegeMapEntry ¶ added in v1.0.2
type AgentPrivilegeMapEntry struct {
AgentID string `json:"agent_id" yaml:"agent_id"`
AgentInstanceID string `json:"agent_instance_id,omitempty" yaml:"agent_instance_id,omitempty"`
ToolID string `json:"tool_id" yaml:"tool_id"`
ToolType string `json:"tool_type" yaml:"tool_type"`
Framework string `json:"framework,omitempty" yaml:"framework,omitempty"`
Symbol string `json:"symbol,omitempty" yaml:"symbol,omitempty"`
Org string `json:"org" yaml:"org"`
Repos []string `json:"repos" yaml:"repos"`
Permissions []string `json:"permissions" yaml:"permissions"`
Location string `json:"location,omitempty" yaml:"location,omitempty"`
LocationRange *model.LocationRange `json:"location_range,omitempty" yaml:"location_range,omitempty"`
EndpointClass string `json:"endpoint_class" yaml:"endpoint_class"`
DataClass string `json:"data_class" yaml:"data_class"`
AutonomyLevel string `json:"autonomy_level" yaml:"autonomy_level"`
RiskScore float64 `json:"risk_score" yaml:"risk_score"`
ApprovalClassification string `json:"approval_classification,omitempty" yaml:"approval_classification,omitempty"`
SecurityVisibilityStatus string `json:"security_visibility_status,omitempty" yaml:"security_visibility_status,omitempty"`
BoundTools []string `json:"bound_tools,omitempty" yaml:"bound_tools,omitempty"`
BoundDataSources []string `json:"bound_data_sources,omitempty" yaml:"bound_data_sources,omitempty"`
BoundAuthSurfaces []string `json:"bound_auth_surfaces,omitempty" yaml:"bound_auth_surfaces,omitempty"`
BindingEvidenceKeys []string `json:"binding_evidence_keys,omitempty" yaml:"binding_evidence_keys,omitempty"`
MissingBindings []string `json:"missing_bindings,omitempty" yaml:"missing_bindings,omitempty"`
DeploymentStatus string `json:"deployment_status,omitempty" yaml:"deployment_status,omitempty"`
DeploymentArtifacts []string `json:"deployment_artifacts,omitempty" yaml:"deployment_artifacts,omitempty"`
DeploymentEvidenceKeys []string `json:"deployment_evidence_keys,omitempty" yaml:"deployment_evidence_keys,omitempty"`
WriteCapable bool `json:"write_capable" yaml:"write_capable"`
CredentialAccess bool `json:"credential_access" yaml:"credential_access"`
ExecCapable bool `json:"exec_capable" yaml:"exec_capable"`
ProductionWrite bool `json:"production_write" yaml:"production_write"`
MatchedProductionTargets []string `json:"matched_production_targets,omitempty" yaml:"matched_production_targets,omitempty"`
}
type ApprovalSummary ¶ added in v1.0.2
type ApprovalSummary struct {
ApprovedTools int `json:"approved_tools" yaml:"approved_tools"`
UnapprovedTools int `json:"unapproved_tools" yaml:"unapproved_tools"`
UnknownTools int `json:"unknown_tools" yaml:"unknown_tools"`
ApprovedPercent float64 `json:"approved_percent" yaml:"approved_percent"`
UnapprovedPercent float64 `json:"unapproved_percent" yaml:"unapproved_percent"`
UnknownPercent float64 `json:"unknown_percent" yaml:"unknown_percent"`
UnapprovedPerApprove *float64 `json:"unapproved_per_approved" yaml:"unapproved_per_approved"`
}
type BuildInput ¶
type BuildInput struct {
Manifest source.Manifest
Findings []model.Finding
Contexts map[string]ToolContext
AgentBindings map[string]AgentBindingContext
AgentDeployments map[string]AgentDeploymentContext
Methodology MethodologySummary
RepoExposureSummaries []exposure.RepoExposureSummary
GeneratedAt time.Time
}
type ControlRollup ¶ added in v1.0.2
type Inventory ¶
type Inventory struct {
InventoryVersion string `json:"inventory_version" yaml:"inventory_version"`
GeneratedAt string `json:"generated_at" yaml:"generated_at"`
Org string `json:"org" yaml:"org"`
Agents []Agent `json:"agents" yaml:"agents"`
Tools []Tool `json:"tools" yaml:"tools"`
Methodology MethodologySummary `json:"methodology" yaml:"methodology"`
ApprovalSummary ApprovalSummary `json:"approval_summary" yaml:"approval_summary"`
AdoptionSummary AdoptionSummary `json:"adoption_summary" yaml:"adoption_summary"`
RegulatorySummary RegulatorySummary `json:"regulatory_summary" yaml:"regulatory_summary"`
SecurityVisibility SecurityVisibilitySummary `json:"security_visibility_summary" yaml:"security_visibility_summary"`
RepoExposureSummaries []exposure.RepoExposureSummary `json:"repo_exposure_summaries" yaml:"repo_exposure_summaries"`
PrivilegeBudget PrivilegeBudget `json:"privilege_budget" yaml:"privilege_budget"`
AgentPrivilegeMap []AgentPrivilegeMapEntry `json:"agent_privilege_map" yaml:"agent_privilege_map"`
Summary Summary `json:"summary" yaml:"summary"`
}
func Build ¶
func Build(input BuildInput) Inventory
type MethodologyDetector ¶ added in v1.0.2
type MethodologySummary ¶ added in v1.0.2
type MethodologySummary struct {
WrkrVersion string `json:"wrkr_version" yaml:"wrkr_version"`
ScanStartedAt string `json:"scan_started_at" yaml:"scan_started_at"`
ScanCompletedAt string `json:"scan_completed_at" yaml:"scan_completed_at"`
ScanDurationSeconds float64 `json:"scan_duration_seconds" yaml:"scan_duration_seconds"`
RepoCount int `json:"repo_count" yaml:"repo_count"`
FileCountProcessed int `json:"file_count_processed" yaml:"file_count_processed"`
Detectors []MethodologyDetector `json:"detectors" yaml:"detectors"`
}
type PermissionSurface ¶ added in v1.0.2
type PrivilegeBudget ¶ added in v1.0.2
type PrivilegeBudget struct {
TotalTools int `json:"total_tools" yaml:"total_tools"`
WriteCapableTools int `json:"write_capable_tools" yaml:"write_capable_tools"`
CredentialAccessTools int `json:"credential_access_tools" yaml:"credential_access_tools"`
ExecCapableTools int `json:"exec_capable_tools" yaml:"exec_capable_tools"`
ProductionWrite ProductionWriteBudget `json:"production_write" yaml:"production_write"`
}
type ProductionWriteBudget ¶ added in v1.0.2
type RegulationRollup ¶ added in v1.0.2
type RegulatoryStatus ¶ added in v1.0.2
type RegulatorySummary ¶ added in v1.0.2
type RegulatorySummary struct {
ByRegulation []RegulationRollup `json:"by_regulation" yaml:"by_regulation"`
ByControl []ControlRollup `json:"by_control" yaml:"by_control"`
}
type SecurityVisibilityReference ¶ added in v1.0.9
type SecurityVisibilitySummary ¶ added in v1.0.9
type SecurityVisibilitySummary struct {
ReferenceBasis string `json:"reference_basis" yaml:"reference_basis"`
ReferencePath string `json:"reference_path,omitempty" yaml:"reference_path,omitempty"`
ApprovedTools int `json:"approved_tools" yaml:"approved_tools"`
KnownUnapprovedTools int `json:"known_unapproved_tools" yaml:"known_unapproved_tools"`
UnknownToSecurityTools int `json:"unknown_to_security_tools" yaml:"unknown_to_security_tools"`
ApprovedAgents int `json:"approved_agents" yaml:"approved_agents"`
KnownUnapprovedAgents int `json:"known_unapproved_agents" yaml:"known_unapproved_agents"`
UnknownToSecurityAgents int `json:"unknown_to_security_agents" yaml:"unknown_to_security_agents"`
UnknownToSecurityWriteCapableAgents int `json:"unknown_to_security_write_capable_agents" yaml:"unknown_to_security_write_capable_agents"`
}
type Tool ¶
type Tool struct {
ToolID string `json:"tool_id" yaml:"tool_id"`
AgentID string `json:"agent_id" yaml:"agent_id"`
DiscoveryMethod string `json:"discovery_method" yaml:"discovery_method"`
ToolType string `json:"tool_type" yaml:"tool_type"`
ToolCategory string `json:"tool_category" yaml:"tool_category"`
ConfidenceScore float64 `json:"confidence_score" yaml:"confidence_score"`
Org string `json:"org" yaml:"org"`
Repos []string `json:"repos" yaml:"repos"`
Locations []ToolLocation `json:"locations" yaml:"locations"`
Permissions []string `json:"permissions,omitempty" yaml:"permissions,omitempty"`
PermissionSurface PermissionSurface `json:"permission_surface" yaml:"permission_surface"`
PermissionTier string `json:"permission_tier" yaml:"permission_tier"`
RiskTier string `json:"risk_tier" yaml:"risk_tier"`
AdoptionPattern string `json:"adoption_pattern" yaml:"adoption_pattern"`
RegulatoryMapping []RegulatoryStatus `json:"regulatory_mapping" yaml:"regulatory_mapping"`
EndpointClass string `json:"endpoint_class" yaml:"endpoint_class"`
DataClass string `json:"data_class" yaml:"data_class"`
AutonomyLevel string `json:"autonomy_level" yaml:"autonomy_level"`
RiskScore float64 `json:"risk_score" yaml:"risk_score"`
ApprovalStatus string `json:"approval_status" yaml:"approval_status"`
ApprovalClass string `json:"approval_classification" yaml:"approval_classification"`
SecurityVisibilityStatus string `json:"security_visibility_status,omitempty" yaml:"security_visibility_status,omitempty"`
LifecycleState string `json:"lifecycle_state" yaml:"lifecycle_state"`
}
type ToolContext ¶
type ToolLocation ¶
Source Files
Click to show internal directories.
Click to hide internal directories.