Documentation
¶
Index ¶
- Constants
- func IsComplianceSummaryError(err error) bool
- func MCPVisibilityWarnings(findings []source.Finding) []string
- func MarkdownLines(markdown string) []string
- func PublicSanitizeFindings(in []risk.ScoredFinding) []risk.ScoredFinding
- func RenderBacklogCSV(backlog *controlbacklog.Backlog) ([]byte, error)
- func RenderCampaignPublicMarkdown(artifact CampaignArtifact) string
- func RenderEvidenceBundleJSON(summary Summary) ([]byte, error)
- func RenderMarkdown(summary Summary) string
- func ResolveGeneratedAtForCLI(snapshot state.Snapshot, generatedAt time.Time) time.Time
- func SanitizeFindings(in []risk.ScoredFinding, config RedactionConfig) []risk.ScoredFinding
- func SelectTopFindings(report risk.Report, requested int) []risk.ScoredFinding
- type ActionSurfaceRegistryEntry
- type ActivationItem
- type ActivationSummary
- type AgentActionBOM
- type AgentActionBOMGraphRefs
- type AgentActionBOMItem
- type AgentActionBOMReachability
- type AgentActionBOMSummary
- type AssessmentSummary
- type AttackPathSummary
- type BuildInput
- type CampaignArtifact
- type CampaignDetector
- type CampaignMethodology
- type CampaignMetrics
- type CampaignOptions
- type CampaignScanInput
- type CampaignScanResult
- type CampaignSegmentBucket
- type CampaignSegments
- type ChecklistItem
- type ControlProofStatus
- type DeltaMetric
- type DeltaSummary
- type EvidenceBundle
- type Headline
- type LifecycleSummary
- type LifecycleTransition
- type MCPCandidate
- type MCPList
- type MCPListOptions
- type MCPListRow
- type MCPMissDiagnostic
- type Methodology
- type ProofReference
- type ReasonGroup
- type RecordTypeCount
- type RedactionConfig
- type RedactionField
- type RegressSummary
- type RiskItem
- type ScanScopeSummary
- type Section
- type SegmentMetadata
- type ShareProfile
- type ShareProfileMetadata
- type Summary
- type Template
Constants ¶
View Source
const ( MCPTrustTrusted = "trusted" MCPTrustBlocked = "blocked" MCPTrustUnreviewed = "unreviewed" )
View Source
const ( SectionHeadline = "headline_posture" SectionMethodology = "methodology" SectionTopRisks = "top_prioritized_risks" SectionChanges = "change_since_previous" SectionLifecycle = "lifecycle_actions" SectionProof = "proof_verification_footer" SectionNextAction = "next_actions" )
View Source
const AgentActionBOMSchemaVersion = "v1"
View Source
const SummaryVersion = "v1"
Variables ¶
This section is empty.
Functions ¶
func IsComplianceSummaryError ¶ added in v1.0.8
func MCPVisibilityWarnings ¶ added in v1.0.8
func MarkdownLines ¶
func PublicSanitizeFindings ¶
func PublicSanitizeFindings(in []risk.ScoredFinding) []risk.ScoredFinding
func RenderBacklogCSV ¶ added in v1.2.0
func RenderBacklogCSV(backlog *controlbacklog.Backlog) ([]byte, error)
func RenderCampaignPublicMarkdown ¶ added in v1.0.2
func RenderCampaignPublicMarkdown(artifact CampaignArtifact) string
func RenderEvidenceBundleJSON ¶ added in v1.2.0
func RenderMarkdown ¶
func ResolveGeneratedAtForCLI ¶ added in v1.0.8
func SanitizeFindings ¶ added in v1.5.0
func SanitizeFindings(in []risk.ScoredFinding, config RedactionConfig) []risk.ScoredFinding
func SelectTopFindings ¶
func SelectTopFindings(report risk.Report, requested int) []risk.ScoredFinding
Types ¶
type ActionSurfaceRegistryEntry ¶ added in v1.5.0
type ActionSurfaceRegistryEntry struct {
RegistryID string `json:"registry_id"`
SurfaceType string `json:"surface_type,omitempty"`
Org string `json:"org"`
Repo string `json:"repo"`
ToolType string `json:"tool_type"`
ToolInstanceID string `json:"tool_instance_id,omitempty"`
Location string `json:"location,omitempty"`
Label string `json:"label,omitempty"`
Owner string `json:"owner,omitempty"`
OwnerSource string `json:"owner_source,omitempty"`
Purpose string `json:"purpose,omitempty"`
PurposeSource string `json:"purpose_source,omitempty"`
PurposeConfidence string `json:"purpose_confidence,omitempty"`
Version string `json:"version,omitempty"`
VersionSource string `json:"version_source,omitempty"`
ConfigFingerprint string `json:"config_fingerprint,omitempty"`
ConfigSource string `json:"config_source,omitempty"`
Credentials []*agginventory.CredentialProvenance `json:"credentials,omitempty"`
CredentialAuthority *agginventory.CredentialAuthority `json:"credential_authority,omitempty"`
ReachableActions []string `json:"reachable_actions,omitempty"`
MutableEndpointSemantics []agginventory.MutableEndpointSemantic `json:"mutable_endpoint_semantics,omitempty"`
ConfidenceLane string `json:"confidence_lane,omitempty"`
ProofStatus string `json:"proof_status,omitempty"`
Remediation string `json:"remediation,omitempty"`
PathIDs []string `json:"path_ids,omitempty"`
ActionPathCount int `json:"action_path_count"`
GraphRefs AgentActionBOMGraphRefs `json:"graph_refs,omitempty"`
}
func BuildActionSurfaceRegistry ¶ added in v1.5.0
func BuildActionSurfaceRegistry(summary Summary) []ActionSurfaceRegistryEntry
type ActivationItem ¶ added in v1.0.9
type ActivationItem struct {
Rank int `json:"rank"`
RiskScore float64 `json:"risk_score"`
FindingType string `json:"finding_type"`
ToolType string `json:"tool_type"`
Severity string `json:"severity"`
Location string `json:"location"`
Repo string `json:"repo"`
NextStep string `json:"next_step"`
ItemClass string `json:"item_class,omitempty"`
WriteCapable bool `json:"write_capable,omitempty"`
ProductionWrite bool `json:"production_write,omitempty"`
ApprovalClassification string `json:"approval_classification,omitempty"`
SecurityVisibilityStatus string `json:"security_visibility_status,omitempty"`
}
type ActivationSummary ¶ added in v1.0.9
type ActivationSummary struct {
TargetMode string `json:"target_mode"`
Message string `json:"message"`
EligibleCount int `json:"eligible_count"`
SuppressedPolicyItems bool `json:"suppressed_policy_items,omitempty"`
Reason string `json:"reason,omitempty"`
Items []ActivationItem `json:"items"`
}
func BuildActivation ¶ added in v1.0.9
func BuildActivation(targetMode string, ranked []risk.ScoredFinding, inventory *agginventory.Inventory, actionPaths []risk.ActionPath, limit int) *ActivationSummary
BuildActivation projects a first-value view for local-machine scans without mutating raw risk ranking.
type AgentActionBOM ¶ added in v1.3.0
type AgentActionBOM struct {
BOMID string `json:"bom_id"`
SchemaVersion string `json:"schema_version"`
GeneratedAt string `json:"generated_at"`
Summary AgentActionBOMSummary `json:"summary"`
ScanQuality *scanquality.Report `json:"scan_quality,omitempty"`
Items []AgentActionBOMItem `json:"items,omitempty"`
GraphRefs AgentActionBOMGraphRefs `json:"graph_refs,omitempty"`
EvidenceRefs []string `json:"evidence_refs,omitempty"`
ProofRefs []string `json:"proof_refs,omitempty"`
}
func BuildAgentActionBOM ¶ added in v1.3.0
func BuildAgentActionBOM(summary Summary) *AgentActionBOM
type AgentActionBOMGraphRefs ¶ added in v1.3.0
type AgentActionBOMItem ¶ added in v1.3.0
type AgentActionBOMItem struct {
PathID string `json:"path_id"`
AgentID string `json:"agent_id,omitempty"`
ToolFamilyID string `json:"tool_family_id,omitempty"`
ToolInstanceID string `json:"tool_instance_id,omitempty"`
Org string `json:"org"`
Repo string `json:"repo"`
ToolType string `json:"tool_type"`
Location string `json:"location,omitempty"`
Purpose string `json:"purpose,omitempty"`
PurposeSource string `json:"purpose_source,omitempty"`
PurposeConfidence string `json:"purpose_confidence,omitempty"`
Version string `json:"version,omitempty"`
VersionSource string `json:"version_source,omitempty"`
ConfigFingerprint string `json:"config_fingerprint,omitempty"`
ConfigSource string `json:"config_source,omitempty"`
Owner string `json:"owner,omitempty"`
OwnerSource string `json:"owner_source,omitempty"`
OwnershipStatus string `json:"ownership_status,omitempty"`
OwnershipState string `json:"ownership_state,omitempty"`
CredentialAccess bool `json:"credential_access"`
Credentials []*agginventory.CredentialProvenance `json:"credentials,omitempty"`
CredentialProvenance *agginventory.CredentialProvenance `json:"credential_provenance,omitempty"`
CredentialAuthority *agginventory.CredentialAuthority `json:"credential_authority,omitempty"`
PathContext *agginventory.PathContext `json:"path_context,omitempty"`
StandingPrivilege bool `json:"standing_privilege,omitempty"`
StandingPrivilegeReasons []string `json:"standing_privilege_reasons,omitempty"`
ControlState string `json:"control_state,omitempty"`
ControlStateReasons []string `json:"control_state_reasons,omitempty"`
RiskZone string `json:"risk_zone,omitempty"`
RiskZoneReasons []string `json:"risk_zone_reasons,omitempty"`
ReviewBurden string `json:"review_burden,omitempty"`
ReviewBurdenReasons []string `json:"review_burden_reasons,omitempty"`
ConfidenceLane string `json:"confidence_lane,omitempty"`
ConfidenceLaneReasons []string `json:"confidence_lane_reasons,omitempty"`
ActionClasses []string `json:"action_classes,omitempty"`
ActionReasons []string `json:"action_reasons,omitempty"`
MutableEndpointSemantics []agginventory.MutableEndpointSemantic `json:"mutable_endpoint_semantics,omitempty"`
ProductionWrite bool `json:"production_write,omitempty"`
ProductionTargetStatus string `json:"production_target_status,omitempty"`
MatchedProductionTargets []string `json:"matched_production_targets,omitempty"`
ApprovalGap bool `json:"approval_gap"`
ApprovalGapReasons []string `json:"approval_gap_reasons,omitempty"`
PolicyStatus string `json:"policy_status,omitempty"`
PolicyRefs []string `json:"policy_refs,omitempty"`
PolicyMissingReasons []string `json:"policy_missing_reasons,omitempty"`
PolicyStatusReasons []string `json:"policy_status_reasons,omitempty"`
PolicyConfidence string `json:"policy_confidence,omitempty"`
PolicyEvidenceRefs []string `json:"policy_evidence_refs,omitempty"`
ProofCoverage string `json:"proof_coverage,omitempty"`
ProofRefs []string `json:"proof_refs,omitempty"`
RuntimeEvidenceStatus string `json:"runtime_evidence_status,omitempty"`
RuntimeEvidenceClasses []string `json:"runtime_evidence_classes,omitempty"`
RuntimeEvidenceRefs []string `json:"runtime_evidence_refs,omitempty"`
GaitCoverage *risk.GaitCoverage `json:"gait_coverage,omitempty"`
Confidence string `json:"confidence,omitempty"`
EvidenceStrength string `json:"evidence_strength,omitempty"`
InventoryRisk string `json:"inventory_risk,omitempty"`
ControlPriority string `json:"control_priority,omitempty"`
RiskTier string `json:"risk_tier,omitempty"`
RecommendedNextAction string `json:"recommended_next_action,omitempty"`
Queue string `json:"queue,omitempty"`
FindingVisibility string `json:"finding_visibility,omitempty"`
Remediation string `json:"remediation,omitempty"`
AttackPathRefs []string `json:"attack_path_refs,omitempty"`
SourceFindingKeys []string `json:"source_finding_keys,omitempty"`
ExclusionReason string `json:"exclusion_reason,omitempty"`
GraphRefs AgentActionBOMGraphRefs `json:"graph_refs,omitempty"`
EvidenceRefs []string `json:"evidence_refs,omitempty"`
Reachability []AgentActionBOMReachability `json:"reachability,omitempty"`
ReachableServers []AgentActionBOMReachability `json:"reachable_servers,omitempty"`
ReachableTools []AgentActionBOMReachability `json:"reachable_tools,omitempty"`
ReachableEndpoints []AgentActionBOMReachability `json:"reachable_endpoints,omitempty"`
ReachableTargets []AgentActionBOMReachability `json:"reachable_targets,omitempty"`
ReachableAPIs []AgentActionBOMReachability `json:"reachable_apis,omitempty"`
ReachableAgents []AgentActionBOMReachability `json:"reachable_agents,omitempty"`
IntroducedBy *attribution.Result `json:"introduced_by,omitempty"`
ActionLineage *risk.ActionLineage `json:"action_lineage,omitempty"`
}
type AgentActionBOMReachability ¶ added in v1.3.0
type AgentActionBOMReachability struct {
Surface string `json:"surface"`
Name string `json:"name,omitempty"`
Capabilities []string `json:"capabilities,omitempty"`
TrustDepth *agginventory.TrustDepth `json:"trust_depth,omitempty"`
EvidenceRefs []string `json:"evidence_refs,omitempty"`
}
type AgentActionBOMSummary ¶ added in v1.3.0
type AgentActionBOMSummary struct {
TotalItems int `json:"total_items"`
ControlFirstItems int `json:"control_first_items"`
StandingPrivilegeItems int `json:"standing_privilege_items"`
StaticCredentialItems int `json:"static_credential_items"`
ProductionTargetItems int `json:"production_target_items"`
MissingApprovalItems int `json:"missing_approval_items"`
MissingPolicyItems int `json:"missing_policy_items"`
MissingProofItems int `json:"missing_proof_items"`
RuntimeProvenItems int `json:"runtime_proven_items"`
UnresolvedOwnerItems int `json:"unresolved_owner_items"`
ConfirmedActionPathItems int `json:"confirmed_action_path_items,omitempty"`
LikelyActionPathItems int `json:"likely_action_path_items,omitempty"`
SemanticReviewCandidateItems int `json:"semantic_review_candidate_items,omitempty"`
ContextOnlyItems int `json:"context_only_items,omitempty"`
EmptyStateStatus string `json:"empty_state_status,omitempty"`
EmptyStateReasons []string `json:"empty_state_reasons,omitempty"`
ScanScope *ScanScopeSummary `json:"scan_scope,omitempty"`
SourcePrivacy *sourceprivacy.Contract `json:"source_privacy,omitempty"`
OperationalExposure *scorecore.AxisSummary `json:"operational_exposure,omitempty"`
GovernanceReadiness *scorecore.AxisSummary `json:"governance_readiness,omitempty"`
CoverageConfidence string `json:"coverage_confidence,omitempty"`
}
type AssessmentSummary ¶ added in v1.1.0
type AssessmentSummary struct {
GovernablePathCount int `json:"governable_path_count"`
WriteCapablePathCount int `json:"write_capable_path_count"`
ProductionBackedPathCount int `json:"production_target_backed_path_count"`
TopPathToControlFirst *risk.ActionPath `json:"top_path_to_control_first,omitempty"`
TopExecutionIdentityBacked *risk.ActionPath `json:"top_execution_identity_backed_path,omitempty"`
OwnerlessExposure *risk.OwnerlessExposure `json:"ownerless_exposure,omitempty"`
IdentityExposureSummary *risk.IdentityExposureSummary `json:"identity_exposure_summary,omitempty"`
IdentityToReviewFirst *risk.IdentityActionTarget `json:"identity_to_review_first,omitempty"`
IdentityToRevokeFirst *risk.IdentityActionTarget `json:"identity_to_revoke_first,omitempty"`
ProofChainPath string `json:"proof_chain_path,omitempty"`
}
type AttackPathSummary ¶ added in v1.0.5
type BuildInput ¶
type CampaignArtifact ¶ added in v1.0.2
type CampaignArtifact struct {
SchemaVersion string `json:"schema_version"`
GeneratedAt string `json:"generated_at"`
InputGlob string `json:"input_glob,omitempty"`
Methodology CampaignMethodology `json:"methodology"`
Metrics CampaignMetrics `json:"metrics"`
Segments CampaignSegments `json:"segments"`
Scans []CampaignScanResult `json:"scans"`
}
func AggregateCampaign ¶ added in v1.0.2
func AggregateCampaign(inputs []CampaignScanInput, generatedAt time.Time) CampaignArtifact
func AggregateCampaignWithOptions ¶ added in v1.0.2
func AggregateCampaignWithOptions(inputs []CampaignScanInput, generatedAt time.Time, opts CampaignOptions) CampaignArtifact
type CampaignDetector ¶ added in v1.0.2
type CampaignMethodology ¶ added in v1.0.2
type CampaignMethodology struct {
WrkrVersion string `json:"wrkr_version"`
ScanCount int `json:"scan_count"`
RepoCount int `json:"repo_count"`
FileCountProcessed int `json:"file_count_processed"`
Detectors []CampaignDetector `json:"detectors"`
}
type CampaignMetrics ¶ added in v1.0.2
type CampaignMetrics struct {
ReposScanned int `json:"repos_scanned"`
ToolsDetectedTotal int `json:"tools_detected_total"`
WriteCapableTools int `json:"write_capable_tools"`
CredentialAccessTools int `json:"credential_access_tools"`
ExecCapableTools int `json:"exec_capable_tools"`
ApprovedTools int `json:"approved_tools"`
UnapprovedTools int `json:"unapproved_tools"`
UnknownTools int `json:"unknown_tools"`
UnknownToSecurityTools int `json:"unknown_to_security_tools"`
UnknownToSecurityAgents int `json:"unknown_to_security_agents"`
UnknownToSecurityWriteCapableAgents int `json:"unknown_to_security_write_capable_agents"`
SecurityVisibilityReference string `json:"security_visibility_reference"`
ApprovedPercent float64 `json:"approved_percent"`
UnapprovedPercent float64 `json:"unapproved_percent"`
UnknownPercent float64 `json:"unknown_percent"`
UnapprovedPerApproved *float64 `json:"unapproved_per_approved"`
ProductionWriteStatus string `json:"production_write_status"`
ProductionWriteTools *int `json:"production_write_tools"`
}
type CampaignOptions ¶ added in v1.0.2
type CampaignOptions struct {
SegmentMetadata map[string]SegmentMetadata
}
type CampaignScanInput ¶ added in v1.0.2
type CampaignScanInput struct {
Path string
Target source.Target
SourceManifest source.Manifest
Inventory *agginventory.Inventory
PrivilegeBudget agginventory.PrivilegeBudget
Findings []source.Finding
}
type CampaignScanResult ¶ added in v1.0.2
type CampaignScanResult struct {
Path string `json:"path"`
TargetMode string `json:"target_mode"`
TargetValue string `json:"target_value"`
RepoCount int `json:"repo_count"`
ToolsDetected int `json:"tools_detected"`
WriteCapableTools int `json:"write_capable_tools"`
CredentialAccessTool int `json:"credential_access_tools"`
ExecCapableTools int `json:"exec_capable_tools"`
}
type CampaignSegmentBucket ¶ added in v1.0.2
type CampaignSegments ¶ added in v1.0.2
type CampaignSegments struct {
OrgSizeBands []CampaignSegmentBucket `json:"org_size_bands"`
IndustryBands []CampaignSegmentBucket `json:"industry_bands"`
}
type ChecklistItem ¶
type ControlProofStatus ¶ added in v1.3.0
type ControlProofStatus struct {
LinkedActionPathID string `json:"linked_action_path_id,omitempty"`
Repo string `json:"repo,omitempty"`
Path string `json:"path,omitempty"`
ControlID string `json:"control_id"`
BacklogItemID string `json:"backlog_item_id"`
AgentID string `json:"agent_id,omitempty"`
Status string `json:"status"`
ExistingProof []string `json:"existing_proof,omitempty"`
MissingProof []string `json:"missing_proof,omitempty"`
RecordIDs []string `json:"record_ids,omitempty"`
}
func BuildControlProofStatus ¶ added in v1.3.0
func BuildControlProofStatus(snapshot state.Snapshot, chain *proof.Chain) []ControlProofStatus
type DeltaMetric ¶
type DeltaSummary ¶
type DeltaSummary struct {
RiskScoreTrend DeltaMetric `json:"risk_score_trend"`
ProfileComplianceDelta DeltaMetric `json:"profile_compliance_delta"`
PostureScoreTrend DeltaMetric `json:"posture_score_trend_delta"`
}
type EvidenceBundle ¶ added in v1.2.0
type EvidenceBundle struct {
ReportBundleVersion string `json:"report_bundle_version"`
GeneratedAt string `json:"generated_at"`
Template string `json:"template"`
ControlBacklog *controlbacklog.Backlog `json:"control_backlog,omitempty"`
ControlPathGraph *aggattack.ControlPathGraph `json:"control_path_graph,omitempty"`
ActionSurfaceRegistry []ActionSurfaceRegistryEntry `json:"action_surface_registry,omitempty"`
RuntimeEvidence *ingest.Summary `json:"runtime_evidence,omitempty"`
AgentActionBOM *AgentActionBOM `json:"agent_action_bom,omitempty"`
ComplianceSummary any `json:"compliance_summary"`
Proof ProofReference `json:"proof"`
NextActions []ChecklistItem `json:"next_actions"`
}
func BuildEvidenceBundle ¶ added in v1.2.0
func BuildEvidenceBundle(summary Summary) EvidenceBundle
type LifecycleSummary ¶
type LifecycleSummary struct {
IdentityCount int `json:"identity_count"`
UnderReviewCount int `json:"under_review_count"`
RevokedCount int `json:"revoked_count"`
DeprecatedCount int `json:"deprecated_count"`
PendingActionCount int `json:"pending_action_count"`
Gaps []lifecycle.Gap `json:"gaps,omitempty"`
RecentTransitions []LifecycleTransition `json:"recent_transitions"`
}
type LifecycleTransition ¶
type MCPCandidate ¶ added in v1.4.0
type MCPCandidate struct {
CandidateName string `json:"candidate_name"`
Org string `json:"org"`
Repo string `json:"repo"`
Location string `json:"location"`
EvidenceType string `json:"evidence_type"`
Confidence string `json:"confidence"`
DeclarationType string `json:"declaration_type"`
TransportHint string `json:"transport_hint"`
CredentialRefs []string `json:"credential_refs,omitempty"`
UnsupportedReason string `json:"unsupported_reason,omitempty"`
}
type MCPList ¶ added in v1.0.8
type MCPList struct {
Status string `json:"status"`
GeneratedAt string `json:"generated_at"`
RepoFilter string `json:"repo_filter,omitempty"`
Rows []MCPListRow `json:"rows"`
Candidates []MCPCandidate `json:"candidates,omitempty"`
Diagnostics []MCPMissDiagnostic `json:"diagnostics,omitempty"`
Warnings []string `json:"warnings,omitempty"`
}
func BuildMCPList ¶ added in v1.0.8
func BuildMCPListWithOptions ¶ added in v1.4.0
func BuildMCPListWithOptions(snapshot state.Snapshot, opts MCPListOptions) MCPList
type MCPListOptions ¶ added in v1.4.0
type MCPListRow ¶ added in v1.0.8
type MCPListRow struct {
ServerName string `json:"server_name"`
Org string `json:"org"`
Repo string `json:"repo"`
Location string `json:"location"`
Transport string `json:"transport"`
RequestedPermissions []string `json:"requested_permissions,omitempty"`
PrivilegeSurface []string `json:"privilege_surface,omitempty"`
GatewayCoverage string `json:"gateway_coverage"`
TrustDepth *agginventory.TrustDepth `json:"trust_depth,omitempty"`
TrustStatus string `json:"trust_status"`
RiskNote string `json:"risk_note"`
}
type MCPMissDiagnostic ¶ added in v1.4.0
type MCPMissDiagnostic struct {
Org string `json:"org"`
Repo string `json:"repo"`
ExpectedServer string `json:"expected_server,omitempty"`
Status string `json:"status"`
CandidateFilesScanned []string `json:"candidate_files_scanned,omitempty"`
ParsedConfigs []string `json:"parsed_configs,omitempty"`
CandidatesFound []string `json:"candidates_found,omitempty"`
ParseFailures []string `json:"parse_failures,omitempty"`
GeneratedSuppressions []string `json:"generated_suppressions,omitempty"`
UnsupportedDeclarations []string `json:"unsupported_declarations,omitempty"`
Explanation []string `json:"explanation,omitempty"`
}
type Methodology ¶ added in v1.0.2
type Methodology struct {
WrkrVersion string `json:"wrkr_version"`
ScanStartedAt string `json:"scan_started_at"`
ScanCompletedAt string `json:"scan_completed_at"`
ScanDurationSeconds float64 `json:"scan_duration_seconds"`
RepoCount int `json:"repo_count"`
FileCountProcessed int `json:"file_count_processed"`
DetectorCount int `json:"detector_count"`
CommandSet []string `json:"command_set"`
SampleDefinition string `json:"sample_definition"`
ExclusionCriteria []string `json:"exclusion_criteria"`
}
type ProofReference ¶
type ProofReference struct {
ChainPath string `json:"chain_path"`
HeadHash string `json:"head_hash"`
RecordCount int `json:"record_count"`
RecordTypeCounts []RecordTypeCount `json:"record_type_counts"`
CanonicalFindingKeys []string `json:"canonical_finding_keys"`
}
type ReasonGroup ¶
type RecordTypeCount ¶
type RedactionConfig ¶ added in v1.5.0
type RedactionConfig struct {
Profile ShareProfile
DefaultFields []RedactionField
Fields []RedactionField
// contains filtered or unexported fields
}
func ResolveRedactionConfig ¶ added in v1.5.0
func ResolveRedactionConfig(profile ShareProfile, requested []RedactionField) RedactionConfig
func (RedactionConfig) Applies ¶ added in v1.5.0
func (c RedactionConfig) Applies() bool
func (RedactionConfig) Has ¶ added in v1.5.0
func (c RedactionConfig) Has(field RedactionField) bool
func (RedactionConfig) RequiresLegacySanitizer ¶ added in v1.5.0
func (c RedactionConfig) RequiresLegacySanitizer() bool
type RedactionField ¶ added in v1.5.0
type RedactionField string
const ( RedactionOwners RedactionField = "owners" RedactionRepos RedactionField = "repos" RedactionPaths RedactionField = "paths" RedactionCredentialSubjects RedactionField = "credential-subjects" // #nosec G101 -- redaction selector label, not a credential RedactionAuthors RedactionField = "authors" RedactionFilesystem RedactionField = "filesystem" RedactionProviders RedactionField = "providers" RedactionProofRefs RedactionField = "proof-refs" RedactionGraphRefs RedactionField = "graph-refs" )
func ParseRedactionFields ¶ added in v1.5.0
func ParseRedactionFields(raw string) ([]RedactionField, error)
type RegressSummary ¶
type RegressSummary struct {
BaselineProvided bool `json:"baseline_provided"`
DriftDetected bool `json:"drift_detected"`
ReasonCount int `json:"reason_count"`
ReasonGroups []ReasonGroup `json:"reason_groups"`
}
type RiskItem ¶
type RiskItem struct {
Rank int `json:"rank"`
CanonicalKey string `json:"canonical_key"`
Score float64 `json:"risk_score"`
FindingType string `json:"finding_type"`
Severity string `json:"severity"`
ToolType string `json:"tool_type"`
Org string `json:"org"`
Repo string `json:"repo"`
Location string `json:"location"`
PathID string `json:"path_id,omitempty"`
InventoryRisk string `json:"inventory_risk,omitempty"`
AttackPathScore float64 `json:"attack_path_score,omitempty"`
ControlPriority string `json:"control_priority,omitempty"`
RiskTier string `json:"risk_tier,omitempty"`
ControlState string `json:"control_state,omitempty"`
RiskZone string `json:"risk_zone,omitempty"`
ReviewBurden string `json:"review_burden,omitempty"`
ConfidenceLane string `json:"confidence_lane,omitempty"`
CredentialAccess bool `json:"credential_access,omitempty"`
ProductionTargetStatus string `json:"production_target_status,omitempty"`
RecommendedAction string `json:"recommended_action,omitempty"`
WriteCapable bool `json:"write_capable,omitempty"`
ProductionWrite bool `json:"production_write,omitempty"`
Rationale []string `json:"rationale"`
Remediation string `json:"remediation"`
}
type ScanScopeSummary ¶ added in v1.4.0
type SegmentMetadata ¶ added in v1.0.2
type ShareProfile ¶
type ShareProfile string
const ( )
func ParseShareProfile ¶
func ParseShareProfile(raw string) (ShareProfile, bool)
type ShareProfileMetadata ¶ added in v1.4.0
type ShareProfileMetadata struct {
}
func BuildShareProfileMetadata ¶ added in v1.5.0
func BuildShareProfileMetadata(config RedactionConfig) *ShareProfileMetadata
type Summary ¶
type Summary struct {
SummaryVersion string `json:"summary_version"`
GeneratedAt string `json:"generated_at"`
Template string `json:"template"`
SectionOrder []string `json:"section_order"`
Sections []Section `json:"sections"`
Headline Headline `json:"headline"`
ScanScope *ScanScopeSummary `json:"scan_scope,omitempty"`
OperationalExposure *scorecore.AxisSummary `json:"operational_exposure,omitempty"`
GovernanceReadiness *scorecore.AxisSummary `json:"governance_readiness,omitempty"`
AssessmentSummary *AssessmentSummary `json:"assessment_summary,omitempty"`
Methodology Methodology `json:"methodology"`
TopRisks []RiskItem `json:"top_risks"`
PrivilegeBudget agginventory.PrivilegeBudget `json:"privilege_budget"`
SecurityVisibility agginventory.SecurityVisibilitySummary `json:"security_visibility"`
Deltas DeltaSummary `json:"deltas"`
Lifecycle LifecycleSummary `json:"lifecycle"`
RegressDrift *RegressSummary `json:"regress_drift,omitempty"`
AttackPaths AttackPathSummary `json:"attack_paths"`
ComplianceSummary compliance.RollupSummary `json:"compliance_summary"`
ControlBacklog *controlbacklog.Backlog `json:"control_backlog,omitempty"`
ScanQuality *scanquality.Report `json:"scan_quality,omitempty"`
RuntimeEvidence *ingest.Summary `json:"runtime_evidence,omitempty"`
AgentActionBOM *AgentActionBOM `json:"agent_action_bom,omitempty"`
Proof ProofReference `json:"proof"`
NextActions []ChecklistItem `json:"next_actions"`
Activation *ActivationSummary `json:"activation,omitempty"`
ActionPaths []risk.ActionPath `json:"action_paths,omitempty"`
ActionPathToControlFirst *risk.ActionPathToControlFirst `json:"action_path_to_control_first,omitempty"`
ActionSurfaceRegistry []ActionSurfaceRegistryEntry `json:"action_surface_registry,omitempty"`
ControlPathGraph *aggattack.ControlPathGraph `json:"control_path_graph,omitempty"`
ExposureGroups []risk.ExposureGroup `json:"exposure_groups,omitempty"`
SourcePrivacy *sourceprivacy.Contract `json:"source_privacy,omitempty"`
// contains filtered or unexported fields
}
func BuildSummary ¶
func BuildSummary(in BuildInput) (Summary, error)
BuildSummary composes deterministic report sections from scan, risk, score, lifecycle, regress, and proof data. Non-goal guardrail: this path must remain deterministic and non-generative.
type Template ¶
type Template string
const ( TemplateExec Template = "exec" TemplateOperator Template = "operator" TemplateAudit Template = "audit" TemplatePublic Template = "public" TemplateCISO Template = "ciso" TemplateAppSec Template = "appsec" TemplatePlatform Template = "platform" TemplateCustomerDraft Template = "customer-draft" TemplateAgentActionBOM Template = "agent-action-bom" TemplateDesignPartnerSummary Template = "design-partner-summary" )
func ParseTemplate ¶
Source Files
¶
Directories
Click to show internal directories.
Click to hide internal directories.