Documentation
¶
Index ¶
- Constants
- func ApplySecurityVisibility(inv *Inventory, ref SecurityVisibilityReference)
- func ApplySecurityVisibilityToPrivilegeMap(inv *Inventory)
- func CredentialRiskMultiplier(kind string) float64
- func CredentialRiskMultiplierFor(in *CredentialProvenance) float64
- func DeriveActionClasses(input ActionClassInput) ([]string, []string)
- func DeriveWritePathClasses(permissions []string, ...) []string
- func GovernanceSecurityVisibilityStatus(status, approvalStatus, lifecycleState string) string
- func KeyForFinding(finding model.Finding) string
- func ReclassifyApprovalWithMatcher(inv *Inventory, matcher func(Tool) bool)
- func RefreshIdentityGovernance(inv *Inventory, identities []manifest.IdentityRecord)
- func StandingPrivilegeFromProvenance(in *CredentialProvenance) (bool, []string)
- type ActionClassInput
- type AdoptionSummary
- type Agent
- type AgentBindingContext
- type AgentDeploymentContext
- type AgentPrivilegeMapEntry
- type ApprovalSummary
- type BuildInput
- type ControlRollup
- type CredentialProvenance
- type GovernanceControlInput
- type GovernanceControlMapping
- type Inventory
- type LocalGovernanceSummary
- type MethodologyDetector
- type MethodologySummary
- type NonHumanIdentity
- type PermissionSurface
- type PrivilegeBudget
- type ProductionWriteBudget
- type RegulationRollup
- type RegulatoryStatus
- type RegulatorySummary
- type SecurityVisibilityReference
- type SecurityVisibilitySummary
- type Summary
- type Tool
- type ToolContext
- type ToolLocation
- type TrustDepth
Constants ¶
View Source
const ( WritePathRead = "read" WritePathWrite = "write" WritePathPullRequestWrite = "pr_write" WritePathRepoWrite = "repo_write" WritePathReleaseWrite = "release_write" WritePathPackagePublish = "package_publish" WritePathDeployWrite = "deploy_write" WritePathInfraWrite = "infra_write" WritePathSecretBearingExec = "secret_bearing_execution" WritePathProductionAdjacent = "production_adjacent_write" GovernanceControlOwnerAssigned = "owner_assigned" GovernanceControlApproval = "approval_recorded" GovernanceControlLeastPrivilege = "least_privilege_verified" GovernanceControlRotation = "rotation_evidence_attached" GovernanceControlDeploymentGate = "deployment_gate_present" GovernanceControlProduction = "production_access_classified" GovernanceControlProof = "proof_artifact_generated" GovernanceControlReviewCadence = "review_cadence_set" ControlStatusSatisfied = "satisfied" ControlStatusGap = "gap" ControlStatusNotApplicable = "not_applicable" ActionClassRead = "read" ActionClassWrite = "write" ActionClassDeploy = "deploy" ActionClassDelete = "delete" ActionClassExecute = "execute" ActionClassEgress = "egress" ActionClassCredentialAccess = "credential_access" // #nosec G101 -- Deterministic action classification label, not a credential. )
View Source
const ( SecurityVisibilityApproved = "approved" SecurityVisibilityKnownApproved = "known_approved" SecurityVisibilityKnownUnapproved = "known_unapproved" SecurityVisibilityUnknownToSecurity = "unknown_to_security" SecurityVisibilityAcceptedRisk = "accepted_risk" SecurityVisibilityDeprecated = "deprecated" SecurityVisibilityRevoked = "revoked" SecurityVisibilityNeedsReview = "needs_review" )
View Source
const ( ProductionTargetsStatusConfigured = "configured" ProductionTargetsStatusNotConfigured = "not_configured" ProductionTargetsStatusInvalid = "invalid" CredentialProvenanceStaticSecret = "static_secret" CredentialProvenanceWorkloadIdentity = "workload_identity" CredentialProvenanceInheritedHuman = "inherited_human" CredentialProvenanceOAuthDelegation = "oauth_delegation" CredentialProvenanceJIT = "jit" CredentialProvenanceUnknown = "unknown" CredentialScopeRepository = "repository" CredentialScopeWorkflow = "workflow" CredentialScopeTool = "tool" CredentialScopeEnvironment = "environment" CredentialScopeOrg = "organization" CredentialScopeUnknown = "unknown" CredentialKindGitHubPAT = "github_pat" CredentialKindGitHubAppKey = "github_app_key" // #nosec G101 -- Deterministic credential classification label, not a secret. CredentialKindDeployKey = "deploy_key" CredentialKindCloudAdminKey = "cloud_admin_key" CredentialKindCloudAccessKey = "cloud_access_key" CredentialKindOIDCWorkloadID = "oidc_workload_identity" // #nosec G101 -- Deterministic credential classification label, not a secret. CredentialKindDelegatedOAuth = "delegated_oauth" // #nosec G101 -- Deterministic credential classification label, not a secret. CredentialKindJITCredential = "jit_credential" // #nosec G101 -- Deterministic credential classification label, not a secret. CredentialKindInheritedHuman = "inherited_human" CredentialKindStaticSecret = "static_secret" CredentialKindUnknownDurable = "unknown_durable" CredentialKindUnknown = "unknown" CredentialAccessTypeStanding = "standing" CredentialAccessTypeJIT = "jit" CredentialAccessTypeDelegated = "delegated" CredentialAccessTypeWorkload = "workload" CredentialAccessTypeInherited = "inherited" CredentialAccessTypeUnknown = "unknown" )
View Source
const ( TrustSurfaceMCP = "mcp" TrustSurfaceA2A = "a2a" TrustAuthNone = "none" TrustAuthStaticSecret = "static_secret" TrustAuthWorkloadIdentity = "workload_identity" TrustAuthInheritedHuman = "inherited_human" TrustAuthOAuthDelegation = "oauth_delegation" TrustAuthJIT = "jit" TrustAuthUnknown = "unknown" TrustDelegationNone = "none" TrustDelegationToolProxy = "tool_proxy" TrustDelegationAgent = "agent_delegate" TrustDelegationUnknown = "unknown" TrustExposureLocal = "local" TrustExposurePrivate = "private" TrustExposurePublic = "public" TrustExposureUnknown = "unknown" TrustPolicyDeclared = "declared" TrustPolicyMissing = "missing" TrustGatewayBound = "bound" TrustGatewayUnbound = "unbound" TrustGatewayUnknownBinding = "unknown" TrustCoverageProtected = "protected" TrustCoverageUnprotected = "unprotected" TrustCoverageUnknown = "unknown" )
Variables ¶
This section is empty.
Functions ¶
func ApplySecurityVisibility ¶ added in v1.0.9
func ApplySecurityVisibility(inv *Inventory, ref SecurityVisibilityReference)
func ApplySecurityVisibilityToPrivilegeMap ¶ added in v1.0.9
func ApplySecurityVisibilityToPrivilegeMap(inv *Inventory)
func CredentialRiskMultiplier ¶ added in v1.3.0
func CredentialRiskMultiplierFor ¶ added in v1.3.0
func CredentialRiskMultiplierFor(in *CredentialProvenance) float64
func DeriveActionClasses ¶ added in v1.3.0
func DeriveActionClasses(input ActionClassInput) ([]string, []string)
func DeriveWritePathClasses ¶ added in v1.2.0
func GovernanceSecurityVisibilityStatus ¶ added in v1.2.0
func KeyForFinding ¶
func ReclassifyApprovalWithMatcher ¶ added in v1.0.2
ReclassifyApprovalWithMatcher applies explicit approved-list policy matching and recomputes approval summary plus dependent derived fields.
func RefreshIdentityGovernance ¶ added in v1.2.0
func RefreshIdentityGovernance(inv *Inventory, identities []manifest.IdentityRecord)
RefreshIdentityGovernance projects persisted lifecycle and approval changes back into the saved inventory snapshot so downstream commands read the same posture the manifest and lifecycle chain now describe.
func StandingPrivilegeFromProvenance ¶ added in v1.3.0
func StandingPrivilegeFromProvenance(in *CredentialProvenance) (bool, []string)
Types ¶
type ActionClassInput ¶ added in v1.3.0
type AdoptionSummary ¶ added in v1.0.2
type Agent ¶ added in v1.0.8
type Agent struct {
AgentID string `json:"agent_id" yaml:"agent_id"`
AgentInstanceID string `json:"agent_instance_id" yaml:"agent_instance_id"`
Framework string `json:"framework" yaml:"framework"`
Symbol string `json:"symbol,omitempty" yaml:"symbol,omitempty"`
SecurityVisibilityStatus string `json:"security_visibility_status,omitempty" yaml:"security_visibility_status,omitempty"`
Org string `json:"org" yaml:"org"`
Repo string `json:"repo" yaml:"repo"`
Location string `json:"location" yaml:"location"`
LocationRange *model.LocationRange `json:"location_range,omitempty" yaml:"location_range,omitempty"`
BoundTools []string `json:"bound_tools,omitempty" yaml:"bound_tools,omitempty"`
BoundDataSources []string `json:"bound_data_sources,omitempty" yaml:"bound_data_sources,omitempty"`
BoundAuthSurfaces []string `json:"bound_auth_surfaces,omitempty" yaml:"bound_auth_surfaces,omitempty"`
BindingEvidenceKeys []string `json:"binding_evidence_keys,omitempty" yaml:"binding_evidence_keys,omitempty"`
MissingBindings []string `json:"missing_bindings,omitempty" yaml:"missing_bindings,omitempty"`
DeploymentStatus string `json:"deployment_status,omitempty" yaml:"deployment_status,omitempty"`
DeploymentArtifacts []string `json:"deployment_artifacts,omitempty" yaml:"deployment_artifacts,omitempty"`
DeploymentEvidenceKeys []string `json:"deployment_evidence_keys,omitempty" yaml:"deployment_evidence_keys,omitempty"`
}
type AgentBindingContext ¶ added in v1.0.8
type AgentDeploymentContext ¶ added in v1.0.8
type AgentPrivilegeMapEntry ¶ added in v1.0.2
type AgentPrivilegeMapEntry struct {
AgentID string `json:"agent_id" yaml:"agent_id"`
AgentInstanceID string `json:"agent_instance_id,omitempty" yaml:"agent_instance_id,omitempty"`
ToolID string `json:"tool_id" yaml:"tool_id"`
ToolType string `json:"tool_type" yaml:"tool_type"`
Framework string `json:"framework,omitempty" yaml:"framework,omitempty"`
Symbol string `json:"symbol,omitempty" yaml:"symbol,omitempty"`
Org string `json:"org" yaml:"org"`
Repos []string `json:"repos" yaml:"repos"`
Permissions []string `json:"permissions" yaml:"permissions"`
WritePathClasses []string `json:"write_path_classes,omitempty" yaml:"write_path_classes,omitempty"`
ActionClasses []string `json:"action_classes,omitempty" yaml:"action_classes,omitempty"`
ActionReasons []string `json:"action_reasons,omitempty" yaml:"action_reasons,omitempty"`
GovernanceControls []GovernanceControlMapping `json:"governance_controls,omitempty" yaml:"governance_controls,omitempty"`
Location string `json:"location,omitempty" yaml:"location,omitempty"`
LocationRange *model.LocationRange `json:"location_range,omitempty" yaml:"location_range,omitempty"`
EndpointClass string `json:"endpoint_class" yaml:"endpoint_class"`
DataClass string `json:"data_class" yaml:"data_class"`
AutonomyLevel string `json:"autonomy_level" yaml:"autonomy_level"`
RiskScore float64 `json:"risk_score" yaml:"risk_score"`
ApprovalClassification string `json:"approval_classification,omitempty" yaml:"approval_classification,omitempty"`
SecurityVisibilityStatus string `json:"security_visibility_status,omitempty" yaml:"security_visibility_status,omitempty"`
BoundTools []string `json:"bound_tools,omitempty" yaml:"bound_tools,omitempty"`
BoundDataSources []string `json:"bound_data_sources,omitempty" yaml:"bound_data_sources,omitempty"`
BoundAuthSurfaces []string `json:"bound_auth_surfaces,omitempty" yaml:"bound_auth_surfaces,omitempty"`
BindingEvidenceKeys []string `json:"binding_evidence_keys,omitempty" yaml:"binding_evidence_keys,omitempty"`
MissingBindings []string `json:"missing_bindings,omitempty" yaml:"missing_bindings,omitempty"`
DeploymentStatus string `json:"deployment_status,omitempty" yaml:"deployment_status,omitempty"`
DeploymentArtifacts []string `json:"deployment_artifacts,omitempty" yaml:"deployment_artifacts,omitempty"`
DeploymentEvidenceKeys []string `json:"deployment_evidence_keys,omitempty" yaml:"deployment_evidence_keys,omitempty"`
WorkflowTriggerClass string `json:"workflow_trigger_class,omitempty" yaml:"workflow_trigger_class,omitempty"`
OperationalOwner string `json:"operational_owner,omitempty" yaml:"operational_owner,omitempty"`
OwnerSource string `json:"owner_source,omitempty" yaml:"owner_source,omitempty"`
OwnershipStatus string `json:"ownership_status,omitempty" yaml:"ownership_status,omitempty"`
OwnershipState string `json:"ownership_state,omitempty" yaml:"ownership_state,omitempty"`
OwnershipConfidence float64 `json:"ownership_confidence,omitempty" yaml:"ownership_confidence,omitempty"`
OwnershipEvidence []string `json:"ownership_evidence_basis,omitempty" yaml:"ownership_evidence_basis,omitempty"`
OwnershipConflicts []string `json:"ownership_conflicts,omitempty" yaml:"ownership_conflicts,omitempty"`
ApprovalGapReasons []string `json:"approval_gap_reasons,omitempty" yaml:"approval_gap_reasons,omitempty"`
TrustDepth *TrustDepth `json:"trust_depth,omitempty" yaml:"trust_depth,omitempty"`
PullRequestWrite bool `json:"pull_request_write,omitempty" yaml:"pull_request_write,omitempty"`
MergeExecute bool `json:"merge_execute,omitempty" yaml:"merge_execute,omitempty"`
DeployWrite bool `json:"deploy_write,omitempty" yaml:"deploy_write,omitempty"`
DeliveryChainStatus string `json:"delivery_chain_status,omitempty" yaml:"delivery_chain_status,omitempty"`
ProductionTargetStatus string `json:"production_target_status,omitempty" yaml:"production_target_status,omitempty"`
WriteCapable bool `json:"write_capable" yaml:"write_capable"`
CredentialAccess bool `json:"credential_access" yaml:"credential_access"`
CredentialProvenance *CredentialProvenance `json:"credential_provenance,omitempty" yaml:"credential_provenance,omitempty"`
StandingPrivilege bool `json:"standing_privilege,omitempty" yaml:"standing_privilege,omitempty"`
StandingPrivilegeReasons []string `json:"standing_privilege_reasons,omitempty" yaml:"standing_privilege_reasons,omitempty"`
ExecCapable bool `json:"exec_capable" yaml:"exec_capable"`
ProductionWrite bool `json:"production_write" yaml:"production_write"`
MatchedProductionTargets []string `json:"matched_production_targets,omitempty" yaml:"matched_production_targets,omitempty"`
}
type ApprovalSummary ¶ added in v1.0.2
type ApprovalSummary struct {
ApprovedTools int `json:"approved_tools" yaml:"approved_tools"`
UnapprovedTools int `json:"unapproved_tools" yaml:"unapproved_tools"`
UnknownTools int `json:"unknown_tools" yaml:"unknown_tools"`
ApprovedPercent float64 `json:"approved_percent" yaml:"approved_percent"`
UnapprovedPercent float64 `json:"unapproved_percent" yaml:"unapproved_percent"`
UnknownPercent float64 `json:"unknown_percent" yaml:"unknown_percent"`
UnapprovedPerApprove *float64 `json:"unapproved_per_approved" yaml:"unapproved_per_approved"`
}
type BuildInput ¶
type BuildInput struct {
Manifest source.Manifest
Findings []model.Finding
Contexts map[string]ToolContext
AgentBindings map[string]AgentBindingContext
AgentDeployments map[string]AgentDeploymentContext
Methodology MethodologySummary
RepoExposureSummaries []exposure.RepoExposureSummary
GeneratedAt time.Time
}
type ControlRollup ¶ added in v1.0.2
type CredentialProvenance ¶ added in v1.3.0
type CredentialProvenance struct {
Type string `json:"type" yaml:"type"`
Subject string `json:"subject,omitempty" yaml:"subject,omitempty"`
Scope string `json:"scope" yaml:"scope"`
Confidence string `json:"confidence" yaml:"confidence"`
EvidenceBasis []string `json:"evidence_basis,omitempty" yaml:"evidence_basis,omitempty"`
CredentialKind string `json:"credential_kind,omitempty" yaml:"credential_kind,omitempty"`
AccessType string `json:"access_type,omitempty" yaml:"access_type,omitempty"`
StandingAccess bool `json:"standing_access" yaml:"standing_access"`
LikelyJIT bool `json:"likely_jit" yaml:"likely_jit"`
EvidenceLocation string `json:"evidence_location,omitempty" yaml:"evidence_location,omitempty"`
ClassificationReasons []string `json:"classification_reasons,omitempty" yaml:"classification_reasons,omitempty"`
RiskMultiplier float64 `json:"risk_multiplier" yaml:"risk_multiplier"`
}
func CloneCredentialProvenance ¶ added in v1.3.0
func CloneCredentialProvenance(in *CredentialProvenance) *CredentialProvenance
func NormalizeCredentialProvenance ¶ added in v1.3.0
func NormalizeCredentialProvenance(in *CredentialProvenance) *CredentialProvenance
type GovernanceControlInput ¶ added in v1.2.0
type GovernanceControlInput struct {
Owner string
OwnershipStatus string
ApprovalStatus string
ApprovalClassification string
LifecycleState string
SecurityVisibilityStatus string
DeploymentGate string
ProofRequirement string
ProductionTargetStatus string
WritePathClasses []string
CredentialAccess bool
ProductionWrite bool
EvidenceBasis []string
}
type GovernanceControlMapping ¶ added in v1.2.0
type GovernanceControlMapping struct {
Control string `json:"control" yaml:"control"`
Status string `json:"status" yaml:"status"`
Evidence []string `json:"evidence,omitempty" yaml:"evidence,omitempty"`
Gaps []string `json:"gaps,omitempty" yaml:"gaps,omitempty"`
}
func BuildGovernanceControls ¶ added in v1.2.0
func BuildGovernanceControls(input GovernanceControlInput) []GovernanceControlMapping
type Inventory ¶
type Inventory struct {
InventoryVersion string `json:"inventory_version" yaml:"inventory_version"`
GeneratedAt string `json:"generated_at" yaml:"generated_at"`
Org string `json:"org" yaml:"org"`
Agents []Agent `json:"agents" yaml:"agents"`
Tools []Tool `json:"tools" yaml:"tools"`
NonHumanIdentities []NonHumanIdentity `json:"non_human_identities,omitempty" yaml:"non_human_identities,omitempty"`
Methodology MethodologySummary `json:"methodology" yaml:"methodology"`
ApprovalSummary ApprovalSummary `json:"approval_summary" yaml:"approval_summary"`
AdoptionSummary AdoptionSummary `json:"adoption_summary" yaml:"adoption_summary"`
RegulatorySummary RegulatorySummary `json:"regulatory_summary" yaml:"regulatory_summary"`
SecurityVisibility SecurityVisibilitySummary `json:"security_visibility_summary" yaml:"security_visibility_summary"`
LocalGovernance *LocalGovernanceSummary `json:"local_governance,omitempty" yaml:"local_governance,omitempty"`
RepoExposureSummaries []exposure.RepoExposureSummary `json:"repo_exposure_summaries" yaml:"repo_exposure_summaries"`
PrivilegeBudget PrivilegeBudget `json:"privilege_budget" yaml:"privilege_budget"`
AgentPrivilegeMap []AgentPrivilegeMapEntry `json:"agent_privilege_map" yaml:"agent_privilege_map"`
Summary Summary `json:"summary" yaml:"summary"`
}
func Build ¶
func Build(input BuildInput) Inventory
type LocalGovernanceSummary ¶ added in v1.0.11
type LocalGovernanceSummary struct {
ReferenceBasis string `json:"reference_basis" yaml:"reference_basis"`
ReferencePath string `json:"reference_path,omitempty" yaml:"reference_path,omitempty"`
Status string `json:"status" yaml:"status"`
SanctionedTools int `json:"sanctioned_tools" yaml:"sanctioned_tools"`
UnsanctionedTools int `json:"unsanctioned_tools" yaml:"unsanctioned_tools"`
UnknownTools int `json:"unknown_tools" yaml:"unknown_tools"`
}
type MethodologyDetector ¶ added in v1.0.2
type MethodologySummary ¶ added in v1.0.2
type MethodologySummary struct {
WrkrVersion string `json:"wrkr_version" yaml:"wrkr_version"`
ScanStartedAt string `json:"scan_started_at" yaml:"scan_started_at"`
ScanCompletedAt string `json:"scan_completed_at" yaml:"scan_completed_at"`
ScanDurationSeconds float64 `json:"scan_duration_seconds" yaml:"scan_duration_seconds"`
RepoCount int `json:"repo_count" yaml:"repo_count"`
FileCountProcessed int `json:"file_count_processed" yaml:"file_count_processed"`
Detectors []MethodologyDetector `json:"detectors" yaml:"detectors"`
}
type NonHumanIdentity ¶ added in v1.0.11
type NonHumanIdentity struct {
IdentityID string `json:"identity_id" yaml:"identity_id"`
IdentityType string `json:"identity_type" yaml:"identity_type"`
Subject string `json:"subject" yaml:"subject"`
Source string `json:"source" yaml:"source"`
Org string `json:"org" yaml:"org"`
Repo string `json:"repo" yaml:"repo"`
Location string `json:"location" yaml:"location"`
Confidence string `json:"confidence,omitempty" yaml:"confidence,omitempty"`
}
type PermissionSurface ¶ added in v1.0.2
type PrivilegeBudget ¶ added in v1.0.2
type PrivilegeBudget struct {
TotalTools int `json:"total_tools" yaml:"total_tools"`
WriteCapableTools int `json:"write_capable_tools" yaml:"write_capable_tools"`
CredentialAccessTools int `json:"credential_access_tools" yaml:"credential_access_tools"`
ExecCapableTools int `json:"exec_capable_tools" yaml:"exec_capable_tools"`
ProductionWrite ProductionWriteBudget `json:"production_write" yaml:"production_write"`
}
type ProductionWriteBudget ¶ added in v1.0.2
type RegulationRollup ¶ added in v1.0.2
type RegulatoryStatus ¶ added in v1.0.2
type RegulatorySummary ¶ added in v1.0.2
type RegulatorySummary struct {
ByRegulation []RegulationRollup `json:"by_regulation" yaml:"by_regulation"`
ByControl []ControlRollup `json:"by_control" yaml:"by_control"`
}
type SecurityVisibilityReference ¶ added in v1.0.9
type SecurityVisibilitySummary ¶ added in v1.0.9
type SecurityVisibilitySummary struct {
ReferenceBasis string `json:"reference_basis" yaml:"reference_basis"`
ReferencePath string `json:"reference_path,omitempty" yaml:"reference_path,omitempty"`
ApprovedTools int `json:"approved_tools" yaml:"approved_tools"`
AcceptedRiskTools int `json:"accepted_risk_tools,omitempty" yaml:"accepted_risk_tools,omitempty"`
DeprecatedTools int `json:"deprecated_tools,omitempty" yaml:"deprecated_tools,omitempty"`
RevokedTools int `json:"revoked_tools,omitempty" yaml:"revoked_tools,omitempty"`
NeedsReviewTools int `json:"needs_review_tools,omitempty" yaml:"needs_review_tools,omitempty"`
KnownUnapprovedTools int `json:"known_unapproved_tools" yaml:"known_unapproved_tools"`
UnknownToSecurityTools int `json:"unknown_to_security_tools" yaml:"unknown_to_security_tools"`
ApprovedAgents int `json:"approved_agents" yaml:"approved_agents"`
AcceptedRiskAgents int `json:"accepted_risk_agents,omitempty" yaml:"accepted_risk_agents,omitempty"`
DeprecatedAgents int `json:"deprecated_agents,omitempty" yaml:"deprecated_agents,omitempty"`
RevokedAgents int `json:"revoked_agents,omitempty" yaml:"revoked_agents,omitempty"`
NeedsReviewAgents int `json:"needs_review_agents,omitempty" yaml:"needs_review_agents,omitempty"`
KnownUnapprovedAgents int `json:"known_unapproved_agents" yaml:"known_unapproved_agents"`
UnknownToSecurityAgents int `json:"unknown_to_security_agents" yaml:"unknown_to_security_agents"`
UnknownToSecurityWriteCapableAgents int `json:"unknown_to_security_write_capable_agents" yaml:"unknown_to_security_write_capable_agents"`
}
type Tool ¶
type Tool struct {
ToolID string `json:"tool_id" yaml:"tool_id"`
AgentID string `json:"agent_id" yaml:"agent_id"`
DiscoveryMethod string `json:"discovery_method" yaml:"discovery_method"`
ToolType string `json:"tool_type" yaml:"tool_type"`
ToolCategory string `json:"tool_category" yaml:"tool_category"`
ConfidenceScore float64 `json:"confidence_score" yaml:"confidence_score"`
Org string `json:"org" yaml:"org"`
Repos []string `json:"repos" yaml:"repos"`
Locations []ToolLocation `json:"locations" yaml:"locations"`
Permissions []string `json:"permissions,omitempty" yaml:"permissions,omitempty"`
WritePathClasses []string `json:"write_path_classes,omitempty" yaml:"write_path_classes,omitempty"`
GovernanceControls []GovernanceControlMapping `json:"governance_controls,omitempty" yaml:"governance_controls,omitempty"`
PermissionSurface PermissionSurface `json:"permission_surface" yaml:"permission_surface"`
PermissionTier string `json:"permission_tier" yaml:"permission_tier"`
RiskTier string `json:"risk_tier" yaml:"risk_tier"`
AdoptionPattern string `json:"adoption_pattern" yaml:"adoption_pattern"`
RegulatoryMapping []RegulatoryStatus `json:"regulatory_mapping" yaml:"regulatory_mapping"`
EndpointClass string `json:"endpoint_class" yaml:"endpoint_class"`
DataClass string `json:"data_class" yaml:"data_class"`
AutonomyLevel string `json:"autonomy_level" yaml:"autonomy_level"`
RiskScore float64 `json:"risk_score" yaml:"risk_score"`
ApprovalStatus string `json:"approval_status" yaml:"approval_status"`
ApprovalClass string `json:"approval_classification" yaml:"approval_classification"`
SecurityVisibilityStatus string `json:"security_visibility_status,omitempty" yaml:"security_visibility_status,omitempty"`
LifecycleState string `json:"lifecycle_state" yaml:"lifecycle_state"`
TrustDepth *TrustDepth `json:"trust_depth,omitempty" yaml:"trust_depth,omitempty"`
}
type ToolContext ¶
type ToolLocation ¶
type ToolLocation struct {
Repo string `json:"repo" yaml:"repo"`
Location string `json:"location" yaml:"location"`
Owner string `json:"owner" yaml:"owner"`
OwnerSource string `json:"owner_source,omitempty" yaml:"owner_source,omitempty"`
OwnershipStatus string `json:"ownership_status,omitempty" yaml:"ownership_status,omitempty"`
OwnershipState string `json:"ownership_state,omitempty" yaml:"ownership_state,omitempty"`
OwnershipConfidence float64 `json:"ownership_confidence,omitempty" yaml:"ownership_confidence,omitempty"`
OwnershipEvidence []string `json:"ownership_evidence_basis,omitempty" yaml:"ownership_evidence_basis,omitempty"`
OwnershipConflicts []string `json:"ownership_conflicts,omitempty" yaml:"ownership_conflicts,omitempty"`
}
type TrustDepth ¶ added in v1.3.0
type TrustDepth struct {
Surface string `json:"surface,omitempty" yaml:"surface,omitempty"`
AuthStrength string `json:"auth_strength" yaml:"auth_strength"`
DelegationModel string `json:"delegation_model" yaml:"delegation_model"`
Exposure string `json:"exposure" yaml:"exposure"`
PolicyBinding string `json:"policy_binding" yaml:"policy_binding"`
PolicyRefs []string `json:"policy_refs,omitempty" yaml:"policy_refs,omitempty"`
GatewayBinding string `json:"gateway_binding" yaml:"gateway_binding"`
GatewayCoverage string `json:"gateway_coverage" yaml:"gateway_coverage"`
SanitizationClaims []string `json:"sanitization_claims,omitempty" yaml:"sanitization_claims,omitempty"`
CapabilityExposure []string `json:"capability_exposure,omitempty" yaml:"capability_exposure,omitempty"`
TrustGaps []string `json:"trust_gaps,omitempty" yaml:"trust_gaps,omitempty"`
TrustDepthScore float64 `json:"trust_depth_score" yaml:"trust_depth_score"`
}
func CloneTrustDepth ¶ added in v1.3.0
func CloneTrustDepth(in *TrustDepth) *TrustDepth
func MergeTrustDepth ¶ added in v1.3.0
func MergeTrustDepth(current, incoming *TrustDepth) *TrustDepth
func NormalizeTrustDepth ¶ added in v1.3.0
func NormalizeTrustDepth(in *TrustDepth) *TrustDepth
func TrustDepthFromFinding ¶ added in v1.3.0
func TrustDepthFromFinding(finding model.Finding) *TrustDepth
Source Files
Click to show internal directories.
Click to hide internal directories.