Documentation
¶
Index ¶
Constants ¶
View Source
const ( SignalClassUniqueWrkrSignal = "unique_wrkr_signal" SignalClassSupportingSecurity = "supporting_security_signal" ControlSurfaceAIAgent = "ai_agent" ControlSurfaceCodingAssistant = "coding_assistant_config" ControlSurfaceMCPServerTool = "mcp_server_tool" ControlSurfaceCIAutomation = "ci_automation" ControlSurfaceReleaseAutomation = "release_automation" ControlSurfaceDependencyAgent = "dependency_agent_surface" ControlSurfaceSecretWorkflow = "secret_bearing_workflow" ControlSurfaceNonHumanIdentity = "non_human_identity" ControlPathAgentConfig = "agent_config" ControlPathMCPTool = "mcp_tool" ControlPathCIAutomation = "ci_automation" ControlPathReleaseWorkflow = "release_workflow" ControlPathDependencyAgent = "dependency_agent_surface" ControlPathSecretWorkflow = "secret_bearing_workflow" ActionAttachEvidence = "attach_evidence" ActionApprove = "approve" ActionRemediate = "remediate" ActionDowngrade = "downgrade" ActionDeprecate = "deprecate" ActionExclude = "exclude" ActionMonitor = "monitor" ActionInventoryReview = "inventory_review" ActionSuppress = "suppress" ActionDebugOnly = "debug_only" ConfidenceHigh = "high" ConfidenceMedium = "medium" ConfidenceLow = "low" SecretReferenceDetected = "secret_reference_detected" SecretValueDetected = "secret_value_detected" SecretScopeUnknown = "secret_scope_unknown" // #nosec G101 -- governance enum label, not credential material. SecretRotationEvidenceMissing = "secret_rotation_evidence_missing" SecretOwnerMissing = "secret_owner_missing" SecretUsedByWriteCapableWorkflow = "secret_used_by_write_capable_workflow" )
View Source
const BacklogVersion = "1"
Variables ¶
This section is empty.
Functions ¶
func ValidConfidence ¶
func ValidRecommendedAction ¶
func ValidSignalClass ¶
Types ¶
type Backlog ¶
type Input ¶
type Input struct {
Mode string
Findings []model.Finding
Inventory *agginventory.Inventory
LifecycleGaps []lifecycle.Gap
ActionPaths []risk.ActionPath
ControlPathGraph *aggattack.ControlPathGraph
}
type Item ¶
type Item struct {
ID string `json:"id"`
Repo string `json:"repo"`
Path string `json:"path"`
ControlSurfaceType string `json:"control_surface_type"`
ControlPathType string `json:"control_path_type"`
Capability string `json:"capability"`
Capabilities []string `json:"capabilities,omitempty"`
WritePathClasses []string `json:"write_path_classes,omitempty"`
ActionClasses []string `json:"action_classes,omitempty"`
ActionReasons []string `json:"action_reasons,omitempty"`
GovernanceControls []agginventory.GovernanceControlMapping `json:"governance_controls,omitempty"`
Owner string `json:"owner,omitempty"`
OwnerSource string `json:"owner_source,omitempty"`
OwnershipStatus string `json:"ownership_status,omitempty"`
OwnershipState string `json:"ownership_state,omitempty"`
OwnershipConfidence float64 `json:"ownership_confidence,omitempty"`
OwnershipEvidence []string `json:"ownership_evidence_basis,omitempty"`
OwnershipConflicts []string `json:"ownership_conflicts,omitempty"`
EvidenceSource string `json:"evidence_source"`
EvidenceBasis []string `json:"evidence_basis"`
ApprovalStatus string `json:"approval_status"`
SecurityVisibility string `json:"security_visibility"`
SignalClass string `json:"signal_class"`
RecommendedAction string `json:"recommended_action"`
Confidence string `json:"confidence"`
EvidenceGaps []string `json:"evidence_gaps,omitempty"`
ConfidenceRaise []string `json:"confidence_raise,omitempty"`
SLA string `json:"sla"`
ClosureCriteria string `json:"closure_criteria"`
SecretSignalTypes []string `json:"secret_signal_types,omitempty"`
LinkedFindingIDs []string `json:"linked_finding_ids,omitempty"`
LinkedActionPathID string `json:"linked_action_path_id,omitempty"`
LinkedControlPathNodeIDs []string `json:"linked_control_path_node_ids,omitempty"`
LinkedControlPathEdgeIDs []string `json:"linked_control_path_edge_ids,omitempty"`
CredentialProvenance *agginventory.CredentialProvenance `json:"credential_provenance,omitempty"`
StandingPrivilege bool `json:"standing_privilege,omitempty"`
StandingPrivilegeReasons []string `json:"standing_privilege_reasons,omitempty"`
PolicyCoverageStatus string `json:"policy_coverage_status,omitempty"`
PolicyRefs []string `json:"policy_refs,omitempty"`
PolicyMissingReasons []string `json:"policy_missing_reasons,omitempty"`
PolicyEvidenceRefs []string `json:"policy_evidence_refs,omitempty"`
PolicyConfidence string `json:"policy_confidence,omitempty"`
TrustDepth *agginventory.TrustDepth `json:"trust_depth,omitempty"`
SecurityTestRecipes []SecurityTestRecipe `json:"security_test_recipes,omitempty"`
}
type SecurityTestRecipe ¶ added in v1.3.0
type SecurityTestRecipe struct {
ID string `json:"id"`
Class string `json:"class"`
Title string `json:"title"`
Preconditions []string `json:"preconditions,omitempty"`
ExpectedObservation string `json:"expected_observation"`
RequiredApprovals []string `json:"required_approvals,omitempty"`
DryRunFlag string `json:"dry_run_flag,omitempty"`
EvidenceRefs []string `json:"evidence_refs,omitempty"`
}
type Summary ¶
type Summary struct {
TotalItems int `json:"total_items"`
UniqueWrkrSignalItems int `json:"unique_wrkr_signal_items"`
SupportingSecurityItems int `json:"supporting_security_signal_items"`
AttachEvidenceActionItems int `json:"attach_evidence_action_items"`
ApproveActionItems int `json:"approve_action_items"`
RemediateActionItems int `json:"remediate_action_items"`
}
Source Files
Click to show internal directories.
Click to hide internal directories.