Documentation
¶
Index ¶
- Constants
- func ApplySecurityVisibility(inv *Inventory, ref SecurityVisibilityReference)
- func ApplySecurityVisibilityToPrivilegeMap(inv *Inventory)
- func DeriveWritePathClasses(permissions []string, ...) []string
- func GovernanceSecurityVisibilityStatus(status, approvalStatus, lifecycleState string) string
- func KeyForFinding(finding model.Finding) string
- func ReclassifyApprovalWithMatcher(inv *Inventory, matcher func(Tool) bool)
- func RefreshIdentityGovernance(inv *Inventory, identities []manifest.IdentityRecord)
- type AdoptionSummary
- type Agent
- type AgentBindingContext
- type AgentDeploymentContext
- type AgentPrivilegeMapEntry
- type ApprovalSummary
- type BuildInput
- type ControlRollup
- type GovernanceControlInput
- type GovernanceControlMapping
- type Inventory
- type LocalGovernanceSummary
- type MethodologyDetector
- type MethodologySummary
- type NonHumanIdentity
- type PermissionSurface
- type PrivilegeBudget
- type ProductionWriteBudget
- type RegulationRollup
- type RegulatoryStatus
- type RegulatorySummary
- type SecurityVisibilityReference
- type SecurityVisibilitySummary
- type Summary
- type Tool
- type ToolContext
- type ToolLocation
Constants ¶
View Source
const ( WritePathRead = "read" WritePathWrite = "write" WritePathPullRequestWrite = "pr_write" WritePathRepoWrite = "repo_write" WritePathReleaseWrite = "release_write" WritePathPackagePublish = "package_publish" WritePathDeployWrite = "deploy_write" WritePathInfraWrite = "infra_write" WritePathSecretBearingExec = "secret_bearing_execution" WritePathProductionAdjacent = "production_adjacent_write" GovernanceControlOwnerAssigned = "owner_assigned" GovernanceControlApproval = "approval_recorded" GovernanceControlLeastPrivilege = "least_privilege_verified" GovernanceControlRotation = "rotation_evidence_attached" GovernanceControlDeploymentGate = "deployment_gate_present" GovernanceControlProduction = "production_access_classified" GovernanceControlProof = "proof_artifact_generated" GovernanceControlReviewCadence = "review_cadence_set" ControlStatusSatisfied = "satisfied" ControlStatusGap = "gap" ControlStatusNotApplicable = "not_applicable" )
View Source
const ( SecurityVisibilityApproved = "approved" SecurityVisibilityKnownApproved = "known_approved" SecurityVisibilityKnownUnapproved = "known_unapproved" SecurityVisibilityUnknownToSecurity = "unknown_to_security" SecurityVisibilityAcceptedRisk = "accepted_risk" SecurityVisibilityDeprecated = "deprecated" SecurityVisibilityRevoked = "revoked" SecurityVisibilityNeedsReview = "needs_review" )
View Source
const ( ProductionTargetsStatusConfigured = "configured" ProductionTargetsStatusNotConfigured = "not_configured" ProductionTargetsStatusInvalid = "invalid" )
Variables ¶
This section is empty.
Functions ¶
func ApplySecurityVisibility ¶ added in v1.0.9
func ApplySecurityVisibility(inv *Inventory, ref SecurityVisibilityReference)
func ApplySecurityVisibilityToPrivilegeMap ¶ added in v1.0.9
func ApplySecurityVisibilityToPrivilegeMap(inv *Inventory)
func DeriveWritePathClasses ¶ added in v1.2.0
func GovernanceSecurityVisibilityStatus ¶ added in v1.2.0
func KeyForFinding ¶
func ReclassifyApprovalWithMatcher ¶ added in v1.0.2
ReclassifyApprovalWithMatcher applies explicit approved-list policy matching and recomputes approval summary plus dependent derived fields.
func RefreshIdentityGovernance ¶ added in v1.2.0
func RefreshIdentityGovernance(inv *Inventory, identities []manifest.IdentityRecord)
RefreshIdentityGovernance projects persisted lifecycle and approval changes back into the saved inventory snapshot so downstream commands read the same posture the manifest and lifecycle chain now describe.
Types ¶
type AdoptionSummary ¶ added in v1.0.2
type Agent ¶ added in v1.0.8
type Agent struct {
AgentID string `json:"agent_id" yaml:"agent_id"`
AgentInstanceID string `json:"agent_instance_id" yaml:"agent_instance_id"`
Framework string `json:"framework" yaml:"framework"`
Symbol string `json:"symbol,omitempty" yaml:"symbol,omitempty"`
SecurityVisibilityStatus string `json:"security_visibility_status,omitempty" yaml:"security_visibility_status,omitempty"`
Org string `json:"org" yaml:"org"`
Repo string `json:"repo" yaml:"repo"`
Location string `json:"location" yaml:"location"`
LocationRange *model.LocationRange `json:"location_range,omitempty" yaml:"location_range,omitempty"`
BoundTools []string `json:"bound_tools,omitempty" yaml:"bound_tools,omitempty"`
BoundDataSources []string `json:"bound_data_sources,omitempty" yaml:"bound_data_sources,omitempty"`
BoundAuthSurfaces []string `json:"bound_auth_surfaces,omitempty" yaml:"bound_auth_surfaces,omitempty"`
BindingEvidenceKeys []string `json:"binding_evidence_keys,omitempty" yaml:"binding_evidence_keys,omitempty"`
MissingBindings []string `json:"missing_bindings,omitempty" yaml:"missing_bindings,omitempty"`
DeploymentStatus string `json:"deployment_status,omitempty" yaml:"deployment_status,omitempty"`
DeploymentArtifacts []string `json:"deployment_artifacts,omitempty" yaml:"deployment_artifacts,omitempty"`
DeploymentEvidenceKeys []string `json:"deployment_evidence_keys,omitempty" yaml:"deployment_evidence_keys,omitempty"`
}
type AgentBindingContext ¶ added in v1.0.8
type AgentDeploymentContext ¶ added in v1.0.8
type AgentPrivilegeMapEntry ¶ added in v1.0.2
type AgentPrivilegeMapEntry struct {
AgentID string `json:"agent_id" yaml:"agent_id"`
AgentInstanceID string `json:"agent_instance_id,omitempty" yaml:"agent_instance_id,omitempty"`
ToolID string `json:"tool_id" yaml:"tool_id"`
ToolType string `json:"tool_type" yaml:"tool_type"`
Framework string `json:"framework,omitempty" yaml:"framework,omitempty"`
Symbol string `json:"symbol,omitempty" yaml:"symbol,omitempty"`
Org string `json:"org" yaml:"org"`
Repos []string `json:"repos" yaml:"repos"`
Permissions []string `json:"permissions" yaml:"permissions"`
WritePathClasses []string `json:"write_path_classes,omitempty" yaml:"write_path_classes,omitempty"`
GovernanceControls []GovernanceControlMapping `json:"governance_controls,omitempty" yaml:"governance_controls,omitempty"`
Location string `json:"location,omitempty" yaml:"location,omitempty"`
LocationRange *model.LocationRange `json:"location_range,omitempty" yaml:"location_range,omitempty"`
EndpointClass string `json:"endpoint_class" yaml:"endpoint_class"`
DataClass string `json:"data_class" yaml:"data_class"`
AutonomyLevel string `json:"autonomy_level" yaml:"autonomy_level"`
RiskScore float64 `json:"risk_score" yaml:"risk_score"`
ApprovalClassification string `json:"approval_classification,omitempty" yaml:"approval_classification,omitempty"`
SecurityVisibilityStatus string `json:"security_visibility_status,omitempty" yaml:"security_visibility_status,omitempty"`
BoundTools []string `json:"bound_tools,omitempty" yaml:"bound_tools,omitempty"`
BoundDataSources []string `json:"bound_data_sources,omitempty" yaml:"bound_data_sources,omitempty"`
BoundAuthSurfaces []string `json:"bound_auth_surfaces,omitempty" yaml:"bound_auth_surfaces,omitempty"`
BindingEvidenceKeys []string `json:"binding_evidence_keys,omitempty" yaml:"binding_evidence_keys,omitempty"`
MissingBindings []string `json:"missing_bindings,omitempty" yaml:"missing_bindings,omitempty"`
DeploymentStatus string `json:"deployment_status,omitempty" yaml:"deployment_status,omitempty"`
DeploymentArtifacts []string `json:"deployment_artifacts,omitempty" yaml:"deployment_artifacts,omitempty"`
DeploymentEvidenceKeys []string `json:"deployment_evidence_keys,omitempty" yaml:"deployment_evidence_keys,omitempty"`
WorkflowTriggerClass string `json:"workflow_trigger_class,omitempty" yaml:"workflow_trigger_class,omitempty"`
OperationalOwner string `json:"operational_owner,omitempty" yaml:"operational_owner,omitempty"`
OwnerSource string `json:"owner_source,omitempty" yaml:"owner_source,omitempty"`
OwnershipStatus string `json:"ownership_status,omitempty" yaml:"ownership_status,omitempty"`
OwnershipState string `json:"ownership_state,omitempty" yaml:"ownership_state,omitempty"`
OwnershipConfidence float64 `json:"ownership_confidence,omitempty" yaml:"ownership_confidence,omitempty"`
OwnershipEvidence []string `json:"ownership_evidence_basis,omitempty" yaml:"ownership_evidence_basis,omitempty"`
OwnershipConflicts []string `json:"ownership_conflicts,omitempty" yaml:"ownership_conflicts,omitempty"`
ApprovalGapReasons []string `json:"approval_gap_reasons,omitempty" yaml:"approval_gap_reasons,omitempty"`
PullRequestWrite bool `json:"pull_request_write,omitempty" yaml:"pull_request_write,omitempty"`
MergeExecute bool `json:"merge_execute,omitempty" yaml:"merge_execute,omitempty"`
DeployWrite bool `json:"deploy_write,omitempty" yaml:"deploy_write,omitempty"`
DeliveryChainStatus string `json:"delivery_chain_status,omitempty" yaml:"delivery_chain_status,omitempty"`
ProductionTargetStatus string `json:"production_target_status,omitempty" yaml:"production_target_status,omitempty"`
WriteCapable bool `json:"write_capable" yaml:"write_capable"`
CredentialAccess bool `json:"credential_access" yaml:"credential_access"`
ExecCapable bool `json:"exec_capable" yaml:"exec_capable"`
ProductionWrite bool `json:"production_write" yaml:"production_write"`
MatchedProductionTargets []string `json:"matched_production_targets,omitempty" yaml:"matched_production_targets,omitempty"`
}
type ApprovalSummary ¶ added in v1.0.2
type ApprovalSummary struct {
ApprovedTools int `json:"approved_tools" yaml:"approved_tools"`
UnapprovedTools int `json:"unapproved_tools" yaml:"unapproved_tools"`
UnknownTools int `json:"unknown_tools" yaml:"unknown_tools"`
ApprovedPercent float64 `json:"approved_percent" yaml:"approved_percent"`
UnapprovedPercent float64 `json:"unapproved_percent" yaml:"unapproved_percent"`
UnknownPercent float64 `json:"unknown_percent" yaml:"unknown_percent"`
UnapprovedPerApprove *float64 `json:"unapproved_per_approved" yaml:"unapproved_per_approved"`
}
type BuildInput ¶
type BuildInput struct {
Manifest source.Manifest
Findings []model.Finding
Contexts map[string]ToolContext
AgentBindings map[string]AgentBindingContext
AgentDeployments map[string]AgentDeploymentContext
Methodology MethodologySummary
RepoExposureSummaries []exposure.RepoExposureSummary
GeneratedAt time.Time
}
type ControlRollup ¶ added in v1.0.2
type GovernanceControlInput ¶ added in v1.2.0
type GovernanceControlInput struct {
Owner string
OwnershipStatus string
ApprovalStatus string
ApprovalClassification string
LifecycleState string
SecurityVisibilityStatus string
DeploymentGate string
ProofRequirement string
ProductionTargetStatus string
WritePathClasses []string
CredentialAccess bool
ProductionWrite bool
EvidenceBasis []string
}
type GovernanceControlMapping ¶ added in v1.2.0
type GovernanceControlMapping struct {
Control string `json:"control" yaml:"control"`
Status string `json:"status" yaml:"status"`
Evidence []string `json:"evidence,omitempty" yaml:"evidence,omitempty"`
Gaps []string `json:"gaps,omitempty" yaml:"gaps,omitempty"`
}
func BuildGovernanceControls ¶ added in v1.2.0
func BuildGovernanceControls(input GovernanceControlInput) []GovernanceControlMapping
type Inventory ¶
type Inventory struct {
InventoryVersion string `json:"inventory_version" yaml:"inventory_version"`
GeneratedAt string `json:"generated_at" yaml:"generated_at"`
Org string `json:"org" yaml:"org"`
Agents []Agent `json:"agents" yaml:"agents"`
Tools []Tool `json:"tools" yaml:"tools"`
NonHumanIdentities []NonHumanIdentity `json:"non_human_identities,omitempty" yaml:"non_human_identities,omitempty"`
Methodology MethodologySummary `json:"methodology" yaml:"methodology"`
ApprovalSummary ApprovalSummary `json:"approval_summary" yaml:"approval_summary"`
AdoptionSummary AdoptionSummary `json:"adoption_summary" yaml:"adoption_summary"`
RegulatorySummary RegulatorySummary `json:"regulatory_summary" yaml:"regulatory_summary"`
SecurityVisibility SecurityVisibilitySummary `json:"security_visibility_summary" yaml:"security_visibility_summary"`
LocalGovernance *LocalGovernanceSummary `json:"local_governance,omitempty" yaml:"local_governance,omitempty"`
RepoExposureSummaries []exposure.RepoExposureSummary `json:"repo_exposure_summaries" yaml:"repo_exposure_summaries"`
PrivilegeBudget PrivilegeBudget `json:"privilege_budget" yaml:"privilege_budget"`
AgentPrivilegeMap []AgentPrivilegeMapEntry `json:"agent_privilege_map" yaml:"agent_privilege_map"`
Summary Summary `json:"summary" yaml:"summary"`
}
func Build ¶
func Build(input BuildInput) Inventory
type LocalGovernanceSummary ¶ added in v1.0.11
type LocalGovernanceSummary struct {
ReferenceBasis string `json:"reference_basis" yaml:"reference_basis"`
ReferencePath string `json:"reference_path,omitempty" yaml:"reference_path,omitempty"`
Status string `json:"status" yaml:"status"`
SanctionedTools int `json:"sanctioned_tools" yaml:"sanctioned_tools"`
UnsanctionedTools int `json:"unsanctioned_tools" yaml:"unsanctioned_tools"`
UnknownTools int `json:"unknown_tools" yaml:"unknown_tools"`
}
type MethodologyDetector ¶ added in v1.0.2
type MethodologySummary ¶ added in v1.0.2
type MethodologySummary struct {
WrkrVersion string `json:"wrkr_version" yaml:"wrkr_version"`
ScanStartedAt string `json:"scan_started_at" yaml:"scan_started_at"`
ScanCompletedAt string `json:"scan_completed_at" yaml:"scan_completed_at"`
ScanDurationSeconds float64 `json:"scan_duration_seconds" yaml:"scan_duration_seconds"`
RepoCount int `json:"repo_count" yaml:"repo_count"`
FileCountProcessed int `json:"file_count_processed" yaml:"file_count_processed"`
Detectors []MethodologyDetector `json:"detectors" yaml:"detectors"`
}
type NonHumanIdentity ¶ added in v1.0.11
type NonHumanIdentity struct {
IdentityID string `json:"identity_id" yaml:"identity_id"`
IdentityType string `json:"identity_type" yaml:"identity_type"`
Subject string `json:"subject" yaml:"subject"`
Source string `json:"source" yaml:"source"`
Org string `json:"org" yaml:"org"`
Repo string `json:"repo" yaml:"repo"`
Location string `json:"location" yaml:"location"`
Confidence string `json:"confidence,omitempty" yaml:"confidence,omitempty"`
}
type PermissionSurface ¶ added in v1.0.2
type PrivilegeBudget ¶ added in v1.0.2
type PrivilegeBudget struct {
TotalTools int `json:"total_tools" yaml:"total_tools"`
WriteCapableTools int `json:"write_capable_tools" yaml:"write_capable_tools"`
CredentialAccessTools int `json:"credential_access_tools" yaml:"credential_access_tools"`
ExecCapableTools int `json:"exec_capable_tools" yaml:"exec_capable_tools"`
ProductionWrite ProductionWriteBudget `json:"production_write" yaml:"production_write"`
}
type ProductionWriteBudget ¶ added in v1.0.2
type RegulationRollup ¶ added in v1.0.2
type RegulatoryStatus ¶ added in v1.0.2
type RegulatorySummary ¶ added in v1.0.2
type RegulatorySummary struct {
ByRegulation []RegulationRollup `json:"by_regulation" yaml:"by_regulation"`
ByControl []ControlRollup `json:"by_control" yaml:"by_control"`
}
type SecurityVisibilityReference ¶ added in v1.0.9
type SecurityVisibilitySummary ¶ added in v1.0.9
type SecurityVisibilitySummary struct {
ReferenceBasis string `json:"reference_basis" yaml:"reference_basis"`
ReferencePath string `json:"reference_path,omitempty" yaml:"reference_path,omitempty"`
ApprovedTools int `json:"approved_tools" yaml:"approved_tools"`
AcceptedRiskTools int `json:"accepted_risk_tools,omitempty" yaml:"accepted_risk_tools,omitempty"`
DeprecatedTools int `json:"deprecated_tools,omitempty" yaml:"deprecated_tools,omitempty"`
RevokedTools int `json:"revoked_tools,omitempty" yaml:"revoked_tools,omitempty"`
NeedsReviewTools int `json:"needs_review_tools,omitempty" yaml:"needs_review_tools,omitempty"`
KnownUnapprovedTools int `json:"known_unapproved_tools" yaml:"known_unapproved_tools"`
UnknownToSecurityTools int `json:"unknown_to_security_tools" yaml:"unknown_to_security_tools"`
ApprovedAgents int `json:"approved_agents" yaml:"approved_agents"`
AcceptedRiskAgents int `json:"accepted_risk_agents,omitempty" yaml:"accepted_risk_agents,omitempty"`
DeprecatedAgents int `json:"deprecated_agents,omitempty" yaml:"deprecated_agents,omitempty"`
RevokedAgents int `json:"revoked_agents,omitempty" yaml:"revoked_agents,omitempty"`
NeedsReviewAgents int `json:"needs_review_agents,omitempty" yaml:"needs_review_agents,omitempty"`
KnownUnapprovedAgents int `json:"known_unapproved_agents" yaml:"known_unapproved_agents"`
UnknownToSecurityAgents int `json:"unknown_to_security_agents" yaml:"unknown_to_security_agents"`
UnknownToSecurityWriteCapableAgents int `json:"unknown_to_security_write_capable_agents" yaml:"unknown_to_security_write_capable_agents"`
}
type Tool ¶
type Tool struct {
ToolID string `json:"tool_id" yaml:"tool_id"`
AgentID string `json:"agent_id" yaml:"agent_id"`
DiscoveryMethod string `json:"discovery_method" yaml:"discovery_method"`
ToolType string `json:"tool_type" yaml:"tool_type"`
ToolCategory string `json:"tool_category" yaml:"tool_category"`
ConfidenceScore float64 `json:"confidence_score" yaml:"confidence_score"`
Org string `json:"org" yaml:"org"`
Repos []string `json:"repos" yaml:"repos"`
Locations []ToolLocation `json:"locations" yaml:"locations"`
Permissions []string `json:"permissions,omitempty" yaml:"permissions,omitempty"`
WritePathClasses []string `json:"write_path_classes,omitempty" yaml:"write_path_classes,omitempty"`
GovernanceControls []GovernanceControlMapping `json:"governance_controls,omitempty" yaml:"governance_controls,omitempty"`
PermissionSurface PermissionSurface `json:"permission_surface" yaml:"permission_surface"`
PermissionTier string `json:"permission_tier" yaml:"permission_tier"`
RiskTier string `json:"risk_tier" yaml:"risk_tier"`
AdoptionPattern string `json:"adoption_pattern" yaml:"adoption_pattern"`
RegulatoryMapping []RegulatoryStatus `json:"regulatory_mapping" yaml:"regulatory_mapping"`
EndpointClass string `json:"endpoint_class" yaml:"endpoint_class"`
DataClass string `json:"data_class" yaml:"data_class"`
AutonomyLevel string `json:"autonomy_level" yaml:"autonomy_level"`
RiskScore float64 `json:"risk_score" yaml:"risk_score"`
ApprovalStatus string `json:"approval_status" yaml:"approval_status"`
ApprovalClass string `json:"approval_classification" yaml:"approval_classification"`
SecurityVisibilityStatus string `json:"security_visibility_status,omitempty" yaml:"security_visibility_status,omitempty"`
LifecycleState string `json:"lifecycle_state" yaml:"lifecycle_state"`
}
type ToolContext ¶
type ToolLocation ¶
type ToolLocation struct {
Repo string `json:"repo" yaml:"repo"`
Location string `json:"location" yaml:"location"`
Owner string `json:"owner" yaml:"owner"`
OwnerSource string `json:"owner_source,omitempty" yaml:"owner_source,omitempty"`
OwnershipStatus string `json:"ownership_status,omitempty" yaml:"ownership_status,omitempty"`
OwnershipState string `json:"ownership_state,omitempty" yaml:"ownership_state,omitempty"`
OwnershipConfidence float64 `json:"ownership_confidence,omitempty" yaml:"ownership_confidence,omitempty"`
OwnershipEvidence []string `json:"ownership_evidence_basis,omitempty" yaml:"ownership_evidence_basis,omitempty"`
OwnershipConflicts []string `json:"ownership_conflicts,omitempty" yaml:"ownership_conflicts,omitempty"`
}
Source Files
Click to show internal directories.
Click to hide internal directories.