attackpath

package
v1.6.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jun 5, 2026 License: Apache-2.0 Imports: 9 Imported by: 0

Documentation

Index

Constants

View Source 
const (
	ControlPathNodeControlPath       = "control_path"
	ControlPathNodeAgent             = "agent"
	ControlPathNodeExecutionIdentity = "execution_identity"
	ControlPathNodeCredential        = "credential"
	ControlPathNodeTool              = "tool"
	ControlPathNodeWorkflow          = "workflow"
	ControlPathNodeRepo              = "repo"
	ControlPathNodeGovernanceControl = "governance_control"
	ControlPathNodeTarget            = "target"
	ControlPathNodeActionCapability  = "action_capability"
	ControlPathNodeIntent            = "intent"
	ControlPathNodeTask              = "task"
	ControlPathNodeHumanIdentity     = "human_identity"
	ControlPathNodeAgentTeam         = "agent_team"
	ControlPathNodePullRequest       = "pull_request"
	ControlPathNodeApprovalIdentity  = "approval_identity"
	ControlPathNodePolicyIdentity    = "policy_identity"
	ControlPathNodeAssetIdentity     = "asset_identity"
	ControlPathNodeEvidenceIdentity  = "evidence_identity"
	ControlPathNodeDeploymentPath    = "deployment_path"
	ControlPathNodeCICDRun           = "ci_cd_run"
	ControlPathNodeWorkflowRun       = "workflow_run"
	ControlPathNodeOutcome           = "outcome"
)
View Source 
const (
	ControlPathEdgeRequestToHuman               = "request_to_human"
	ControlPathEdgeHumanDelegatesTask           = "human_delegates_task"
	ControlPathEdgeTaskExecutedByAgentTeam      = "task_executed_by_agent_team"
	ControlPathEdgeAgentTeamUsesTool            = "agent_team_uses_tool"
	ControlPathEdgeToolUsesCredential           = "tool_uses_credential"           // #nosec G101 -- deterministic graph edge label, not credential material.
	ControlPathEdgeCredentialAuthorizesWorkflow = "credential_authorizes_workflow" // #nosec G101 -- deterministic graph edge label, not credential material.
	ControlPathEdgeWorkflowChangesRepo          = "workflow_changes_repo"
	ControlPathEdgeRepoProducesPullRequest      = "repo_produces_pull_request"
	ControlPathEdgePullRequestRunsChecks        = "pull_request_runs_checks"
	ControlPathEdgeChecksGateApproval           = "checks_gate_approval"
	ControlPathEdgeApprovalAuthorizesDeploy     = "approval_authorizes_deploy"
	ControlPathEdgeDeployAffectsAsset           = "deploy_affects_asset"
	ControlPathEdgeEvidenceProvesOutcome        = "evidence_proves_outcome"
)
View Source 
const ControlPathGraphVersion = "1"

Variables

This section is empty.

Functions

This section is empty.

Types

type ControlPathEdge added in v1.3.0 

type ControlPathEdge struct {
	EdgeID            string   `json:"edge_id"`
	PathID            string   `json:"path_id"`
	Kind              string   `json:"kind"`
	BoundaryLabel     string   `json:"boundary_label,omitempty"`
	FromNodeID        string   `json:"from_node_id"`
	ToNodeID          string   `json:"to_node_id"`
	EvidenceRefs      []string `json:"evidence_refs,omitempty"`
	SourceRefs        []string `json:"source_refs,omitempty"`
	AttackPathRefs    []string `json:"attack_path_refs,omitempty"`
	SourceFindingKeys []string `json:"source_finding_keys,omitempty"`
}

type ControlPathGraph added in v1.3.0 

type ControlPathGraph struct {
	Version string                  `json:"version"`
	Summary ControlPathGraphSummary `json:"summary"`
	Nodes   []ControlPathNode       `json:"nodes"`
	Edges   []ControlPathEdge       `json:"edges"`
}

func BuildControlPathGraph added in v1.3.0 

func BuildControlPathGraph(paths []ControlPathInput) *ControlPathGraph

type ControlPathGraphSummary added in v1.3.0 

type ControlPathGraphSummary struct {
	TotalNodes                int                     `json:"total_nodes"`
	TotalEdges                int                     `json:"total_edges"`
	NodeKinds                 []ControlPathKindRollup `json:"node_kinds"`
	EdgeKinds                 []ControlPathKindRollup `json:"edge_kinds"`
	AutonomyTiers             []ControlPathKindRollup `json:"autonomy_tiers,omitempty"`
	DelegationReadinessStates []ControlPathKindRollup `json:"delegation_readiness_states,omitempty"`
	EvidenceStates            []ControlPathKindRollup `json:"evidence_states,omitempty"`
}

type ControlPathInput added in v1.3.0 

type ControlPathInput struct {
	PathID                    string
	AgentID                   string
	Org                       string
	Repo                      string
	ToolType                  string
	Location                  string
	Purpose                   string
	PurposeSource             string
	PurposeConfidence         string
	Version                   string
	VersionSource             string
	ConfigFingerprint         string
	ConfigSource              string
	ExecutionIdentity         string
	ExecutionIdentityType     string
	ExecutionIdentitySource   string
	ExecutionIdentityStatus   string
	CredentialAccess          bool
	CredentialProvenance      *agginventory.CredentialProvenance
	CredentialAuthority       *agginventory.CredentialAuthority
	AuthorityBindings         []*agginventory.AuthorityBinding
	MutableEndpointSemantics  []agginventory.MutableEndpointSemantic
	GovernanceControls        []agginventory.GovernanceControlMapping
	MatchedProductionTargets  []string
	WritePathClasses          []string
	PullRequestWrite          bool
	MergeExecute              bool
	DeployWrite               bool
	ProductionWrite           bool
	ApprovalGap               bool
	IntroducedBy              *attribution.Result
	PolicyRefs                []string
	ControlResolutionState    string
	AutonomyTier              string
	DelegationReadinessState  string
	ApprovalEvidenceState     string
	ProofEvidenceState        string
	RuntimeEvidenceState      string
	TargetEvidenceState       string
	EvidenceCompletenessLabel string
	AttackPathRefs            []string
	SourceFindingKeys         []string
}

type ControlPathKindRollup added in v1.3.0 

type ControlPathKindRollup struct {
	Kind  string `json:"kind"`
	Count int    `json:"count"`
}

type ControlPathNode added in v1.3.0 

type ControlPathNode struct {
	NodeID                   string                                 `json:"node_id"`
	PathID                   string                                 `json:"path_id"`
	Kind                     string                                 `json:"kind"`
	LineageSegment           string                                 `json:"lineage_segment,omitempty"`
	Org                      string                                 `json:"org"`
	Repo                     string                                 `json:"repo"`
	Label                    string                                 `json:"label,omitempty"`
	ToolType                 string                                 `json:"tool_type,omitempty"`
	Location                 string                                 `json:"location,omitempty"`
	AgentID                  string                                 `json:"agent_id,omitempty"`
	BoundaryLabel            string                                 `json:"boundary_label,omitempty"`
	Purpose                  string                                 `json:"purpose,omitempty"`
	PurposeSource            string                                 `json:"purpose_source,omitempty"`
	PurposeConfidence        string                                 `json:"purpose_confidence,omitempty"`
	Version                  string                                 `json:"version,omitempty"`
	VersionSource            string                                 `json:"version_source,omitempty"`
	ConfigFingerprint        string                                 `json:"config_fingerprint,omitempty"`
	ConfigSource             string                                 `json:"config_source,omitempty"`
	Status                   string                                 `json:"status,omitempty"`
	CredentialAuthority      *agginventory.CredentialAuthority      `json:"credential_authority,omitempty"`
	AuthorityBindings        []*agginventory.AuthorityBinding       `json:"authority_bindings,omitempty"`
	MutableEndpointSemantics []agginventory.MutableEndpointSemantic `json:"mutable_endpoint_semantics,omitempty"`
	EvidenceRefs             []string                               `json:"evidence_refs,omitempty"`
	SourceRefs               []string                               `json:"source_refs,omitempty"`
	AttackPathRefs           []string                               `json:"attack_path_refs,omitempty"`
	SourceFindingKeys        []string                               `json:"source_finding_keys,omitempty"`
}

type Edge 

type Edge struct {
	EdgeID       string `json:"edge_id"`
	Org          string `json:"org"`
	Repo         string `json:"repo"`
	FromNodeID   string `json:"from_node_id"`
	ToNodeID     string `json:"to_node_id"`
	Rationale    string `json:"rationale"`
	SourceLink   string `json:"source_link"`
	SourceDetail string `json:"source_detail"`
}

type Graph 

type Graph struct {
	Org   string `json:"org"`
	Repo  string `json:"repo"`
	Nodes []Node `json:"nodes"`
	Edges []Edge `json:"edges"`
}

func Build 

func Build(findings []model.Finding) []Graph

type Node 

type Node struct {
	NodeID       string `json:"node_id"`
	Org          string `json:"org"`
	Repo         string `json:"repo"`
	Kind         string `json:"kind"`
	FindingType  string `json:"finding_type"`
	ToolType     string `json:"tool_type"`
	Location     string `json:"location"`
	CanonicalKey string `json:"canonical_key"`
}

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.