Documentation
¶
Index ¶
- Constants
- func IsComplianceSummaryError(err error) bool
- func MCPVisibilityWarnings(findings []source.Finding) []string
- func MarkdownLines(markdown string) []string
- func PublicSanitizeFindings(in []risk.ScoredFinding) []risk.ScoredFinding
- func RenderBacklogCSV(backlog *controlbacklog.Backlog) ([]byte, error)
- func RenderCampaignPublicMarkdown(artifact CampaignArtifact) string
- func RenderEvidenceBundleJSON(summary Summary) ([]byte, error)
- func RenderMarkdown(summary Summary) string
- func ResolveGeneratedAtForCLI(snapshot state.Snapshot, generatedAt time.Time) time.Time
- func SelectTopFindings(report risk.Report, requested int) []risk.ScoredFinding
- type ActivationItem
- type ActivationSummary
- type AssessmentSummary
- type AttackPathSummary
- type BuildInput
- type CampaignArtifact
- type CampaignDetector
- type CampaignMethodology
- type CampaignMetrics
- type CampaignOptions
- type CampaignScanInput
- type CampaignScanResult
- type CampaignSegmentBucket
- type CampaignSegments
- type ChecklistItem
- type DeltaMetric
- type DeltaSummary
- type EvidenceBundle
- type Headline
- type LifecycleSummary
- type LifecycleTransition
- type MCPList
- type MCPListRow
- type Methodology
- type ProofReference
- type ReasonGroup
- type RecordTypeCount
- type RegressSummary
- type RiskItem
- type Section
- type SegmentMetadata
- type ShareProfile
- type Summary
- type Template
Constants ¶
View Source
const ( MCPTrustTrusted = "trusted" MCPTrustBlocked = "blocked" MCPTrustUnreviewed = "unreviewed" )
View Source
const ( SectionHeadline = "headline_posture" SectionMethodology = "methodology" SectionTopRisks = "top_prioritized_risks" SectionChanges = "change_since_previous" SectionLifecycle = "lifecycle_actions" SectionProof = "proof_verification_footer" SectionNextAction = "next_actions" )
View Source
const SummaryVersion = "v1"
Variables ¶
This section is empty.
Functions ¶
func IsComplianceSummaryError ¶ added in v1.0.8
func MCPVisibilityWarnings ¶ added in v1.0.8
func MarkdownLines ¶
func PublicSanitizeFindings ¶
func PublicSanitizeFindings(in []risk.ScoredFinding) []risk.ScoredFinding
func RenderBacklogCSV ¶ added in v1.2.0
func RenderBacklogCSV(backlog *controlbacklog.Backlog) ([]byte, error)
func RenderCampaignPublicMarkdown ¶ added in v1.0.2
func RenderCampaignPublicMarkdown(artifact CampaignArtifact) string
func RenderEvidenceBundleJSON ¶ added in v1.2.0
func RenderMarkdown ¶
func ResolveGeneratedAtForCLI ¶ added in v1.0.8
func SelectTopFindings ¶
func SelectTopFindings(report risk.Report, requested int) []risk.ScoredFinding
Types ¶
type ActivationItem ¶ added in v1.0.9
type ActivationItem struct {
Rank int `json:"rank"`
RiskScore float64 `json:"risk_score"`
FindingType string `json:"finding_type"`
ToolType string `json:"tool_type"`
Severity string `json:"severity"`
Location string `json:"location"`
Repo string `json:"repo"`
NextStep string `json:"next_step"`
ItemClass string `json:"item_class,omitempty"`
WriteCapable bool `json:"write_capable,omitempty"`
ProductionWrite bool `json:"production_write,omitempty"`
ApprovalClassification string `json:"approval_classification,omitempty"`
SecurityVisibilityStatus string `json:"security_visibility_status,omitempty"`
}
type ActivationSummary ¶ added in v1.0.9
type ActivationSummary struct {
TargetMode string `json:"target_mode"`
Message string `json:"message"`
EligibleCount int `json:"eligible_count"`
SuppressedPolicyItems bool `json:"suppressed_policy_items,omitempty"`
Reason string `json:"reason,omitempty"`
Items []ActivationItem `json:"items"`
}
func BuildActivation ¶ added in v1.0.9
func BuildActivation(targetMode string, ranked []risk.ScoredFinding, inventory *agginventory.Inventory, actionPaths []risk.ActionPath, limit int) *ActivationSummary
BuildActivation projects a first-value view for local-machine scans without mutating raw risk ranking.
type AssessmentSummary ¶ added in v1.1.0
type AssessmentSummary struct {
GovernablePathCount int `json:"governable_path_count"`
WriteCapablePathCount int `json:"write_capable_path_count"`
ProductionBackedPathCount int `json:"production_target_backed_path_count"`
TopPathToControlFirst *risk.ActionPath `json:"top_path_to_control_first,omitempty"`
TopExecutionIdentityBacked *risk.ActionPath `json:"top_execution_identity_backed_path,omitempty"`
OwnerlessExposure *risk.OwnerlessExposure `json:"ownerless_exposure,omitempty"`
IdentityExposureSummary *risk.IdentityExposureSummary `json:"identity_exposure_summary,omitempty"`
IdentityToReviewFirst *risk.IdentityActionTarget `json:"identity_to_review_first,omitempty"`
IdentityToRevokeFirst *risk.IdentityActionTarget `json:"identity_to_revoke_first,omitempty"`
ProofChainPath string `json:"proof_chain_path,omitempty"`
}
type AttackPathSummary ¶ added in v1.0.5
type BuildInput ¶
type CampaignArtifact ¶ added in v1.0.2
type CampaignArtifact struct {
SchemaVersion string `json:"schema_version"`
GeneratedAt string `json:"generated_at"`
InputGlob string `json:"input_glob,omitempty"`
Methodology CampaignMethodology `json:"methodology"`
Metrics CampaignMetrics `json:"metrics"`
Segments CampaignSegments `json:"segments"`
Scans []CampaignScanResult `json:"scans"`
}
func AggregateCampaign ¶ added in v1.0.2
func AggregateCampaign(inputs []CampaignScanInput, generatedAt time.Time) CampaignArtifact
func AggregateCampaignWithOptions ¶ added in v1.0.2
func AggregateCampaignWithOptions(inputs []CampaignScanInput, generatedAt time.Time, opts CampaignOptions) CampaignArtifact
type CampaignDetector ¶ added in v1.0.2
type CampaignMethodology ¶ added in v1.0.2
type CampaignMethodology struct {
WrkrVersion string `json:"wrkr_version"`
ScanCount int `json:"scan_count"`
RepoCount int `json:"repo_count"`
FileCountProcessed int `json:"file_count_processed"`
Detectors []CampaignDetector `json:"detectors"`
}
type CampaignMetrics ¶ added in v1.0.2
type CampaignMetrics struct {
ReposScanned int `json:"repos_scanned"`
ToolsDetectedTotal int `json:"tools_detected_total"`
WriteCapableTools int `json:"write_capable_tools"`
CredentialAccessTools int `json:"credential_access_tools"`
ExecCapableTools int `json:"exec_capable_tools"`
ApprovedTools int `json:"approved_tools"`
UnapprovedTools int `json:"unapproved_tools"`
UnknownTools int `json:"unknown_tools"`
UnknownToSecurityTools int `json:"unknown_to_security_tools"`
UnknownToSecurityAgents int `json:"unknown_to_security_agents"`
UnknownToSecurityWriteCapableAgents int `json:"unknown_to_security_write_capable_agents"`
SecurityVisibilityReference string `json:"security_visibility_reference"`
ApprovedPercent float64 `json:"approved_percent"`
UnapprovedPercent float64 `json:"unapproved_percent"`
UnknownPercent float64 `json:"unknown_percent"`
UnapprovedPerApproved *float64 `json:"unapproved_per_approved"`
ProductionWriteStatus string `json:"production_write_status"`
ProductionWriteTools *int `json:"production_write_tools"`
}
type CampaignOptions ¶ added in v1.0.2
type CampaignOptions struct {
SegmentMetadata map[string]SegmentMetadata
}
type CampaignScanInput ¶ added in v1.0.2
type CampaignScanInput struct {
Path string
Target source.Target
SourceManifest source.Manifest
Inventory *agginventory.Inventory
PrivilegeBudget agginventory.PrivilegeBudget
Findings []source.Finding
}
type CampaignScanResult ¶ added in v1.0.2
type CampaignScanResult struct {
Path string `json:"path"`
TargetMode string `json:"target_mode"`
TargetValue string `json:"target_value"`
RepoCount int `json:"repo_count"`
ToolsDetected int `json:"tools_detected"`
WriteCapableTools int `json:"write_capable_tools"`
CredentialAccessTool int `json:"credential_access_tools"`
ExecCapableTools int `json:"exec_capable_tools"`
}
type CampaignSegmentBucket ¶ added in v1.0.2
type CampaignSegments ¶ added in v1.0.2
type CampaignSegments struct {
OrgSizeBands []CampaignSegmentBucket `json:"org_size_bands"`
IndustryBands []CampaignSegmentBucket `json:"industry_bands"`
}
type ChecklistItem ¶
type DeltaMetric ¶
type DeltaSummary ¶
type DeltaSummary struct {
RiskScoreTrend DeltaMetric `json:"risk_score_trend"`
ProfileComplianceDelta DeltaMetric `json:"profile_compliance_delta"`
PostureScoreTrend DeltaMetric `json:"posture_score_trend_delta"`
}
type EvidenceBundle ¶ added in v1.2.0
type EvidenceBundle struct {
ReportBundleVersion string `json:"report_bundle_version"`
GeneratedAt string `json:"generated_at"`
Template string `json:"template"`
ControlBacklog *controlbacklog.Backlog `json:"control_backlog,omitempty"`
ComplianceSummary any `json:"compliance_summary"`
Proof ProofReference `json:"proof"`
NextActions []ChecklistItem `json:"next_actions"`
}
func BuildEvidenceBundle ¶ added in v1.2.0
func BuildEvidenceBundle(summary Summary) EvidenceBundle
type LifecycleSummary ¶
type LifecycleSummary struct {
IdentityCount int `json:"identity_count"`
UnderReviewCount int `json:"under_review_count"`
RevokedCount int `json:"revoked_count"`
DeprecatedCount int `json:"deprecated_count"`
PendingActionCount int `json:"pending_action_count"`
RecentTransitions []LifecycleTransition `json:"recent_transitions"`
}
type LifecycleTransition ¶
type MCPList ¶ added in v1.0.8
type MCPList struct {
Status string `json:"status"`
GeneratedAt string `json:"generated_at"`
Rows []MCPListRow `json:"rows"`
Warnings []string `json:"warnings,omitempty"`
}
type MCPListRow ¶ added in v1.0.8
type MCPListRow struct {
ServerName string `json:"server_name"`
Org string `json:"org"`
Repo string `json:"repo"`
Location string `json:"location"`
Transport string `json:"transport"`
RequestedPermissions []string `json:"requested_permissions,omitempty"`
PrivilegeSurface []string `json:"privilege_surface,omitempty"`
GatewayCoverage string `json:"gateway_coverage"`
TrustStatus string `json:"trust_status"`
RiskNote string `json:"risk_note"`
}
type Methodology ¶ added in v1.0.2
type Methodology struct {
WrkrVersion string `json:"wrkr_version"`
ScanStartedAt string `json:"scan_started_at"`
ScanCompletedAt string `json:"scan_completed_at"`
ScanDurationSeconds float64 `json:"scan_duration_seconds"`
RepoCount int `json:"repo_count"`
FileCountProcessed int `json:"file_count_processed"`
DetectorCount int `json:"detector_count"`
CommandSet []string `json:"command_set"`
SampleDefinition string `json:"sample_definition"`
ExclusionCriteria []string `json:"exclusion_criteria"`
}
type ProofReference ¶
type ProofReference struct {
ChainPath string `json:"chain_path"`
HeadHash string `json:"head_hash"`
RecordCount int `json:"record_count"`
RecordTypeCounts []RecordTypeCount `json:"record_type_counts"`
CanonicalFindingKeys []string `json:"canonical_finding_keys"`
}
type ReasonGroup ¶
type RecordTypeCount ¶
type RegressSummary ¶
type RegressSummary struct {
BaselineProvided bool `json:"baseline_provided"`
DriftDetected bool `json:"drift_detected"`
ReasonCount int `json:"reason_count"`
ReasonGroups []ReasonGroup `json:"reason_groups"`
}
type RiskItem ¶
type RiskItem struct {
Rank int `json:"rank"`
CanonicalKey string `json:"canonical_key"`
Score float64 `json:"risk_score"`
FindingType string `json:"finding_type"`
Severity string `json:"severity"`
ToolType string `json:"tool_type"`
Org string `json:"org"`
Repo string `json:"repo"`
Location string `json:"location"`
PathID string `json:"path_id,omitempty"`
RecommendedAction string `json:"recommended_action,omitempty"`
WriteCapable bool `json:"write_capable,omitempty"`
ProductionWrite bool `json:"production_write,omitempty"`
Rationale []string `json:"rationale"`
Remediation string `json:"remediation"`
}
type SegmentMetadata ¶ added in v1.0.2
type ShareProfile ¶
type ShareProfile string
const ( )
func ParseShareProfile ¶
func ParseShareProfile(raw string) (ShareProfile, bool)
type Summary ¶
type Summary struct {
SummaryVersion string `json:"summary_version"`
GeneratedAt string `json:"generated_at"`
Template string `json:"template"`
SectionOrder []string `json:"section_order"`
Sections []Section `json:"sections"`
Headline Headline `json:"headline"`
AssessmentSummary *AssessmentSummary `json:"assessment_summary,omitempty"`
Methodology Methodology `json:"methodology"`
TopRisks []RiskItem `json:"top_risks"`
PrivilegeBudget agginventory.PrivilegeBudget `json:"privilege_budget"`
SecurityVisibility agginventory.SecurityVisibilitySummary `json:"security_visibility"`
Deltas DeltaSummary `json:"deltas"`
Lifecycle LifecycleSummary `json:"lifecycle"`
RegressDrift *RegressSummary `json:"regress_drift,omitempty"`
AttackPaths AttackPathSummary `json:"attack_paths"`
ComplianceSummary compliance.RollupSummary `json:"compliance_summary"`
ControlBacklog *controlbacklog.Backlog `json:"control_backlog,omitempty"`
Proof ProofReference `json:"proof"`
NextActions []ChecklistItem `json:"next_actions"`
Activation *ActivationSummary `json:"activation,omitempty"`
ActionPaths []risk.ActionPath `json:"action_paths,omitempty"`
ActionPathToControlFirst *risk.ActionPathToControlFirst `json:"action_path_to_control_first,omitempty"`
ExposureGroups []risk.ExposureGroup `json:"exposure_groups,omitempty"`
}
func BuildSummary ¶
func BuildSummary(in BuildInput) (Summary, error)
BuildSummary composes deterministic report sections from scan, risk, score, lifecycle, regress, and proof data. Non-goal guardrail: this path must remain deterministic and non-generative.
type Template ¶
type Template string
const ( TemplateExec Template = "exec" TemplateOperator Template = "operator" TemplateAudit Template = "audit" TemplatePublic Template = "public" TemplateCISO Template = "ciso" TemplateAppSec Template = "appsec" TemplatePlatform Template = "platform" TemplateCustomerDraft Template = "customer-draft" )
func ParseTemplate ¶
Source Files
¶
Directories
Click to show internal directories.
Click to hide internal directories.