Documentation
¶
Index ¶
- Constants
- func ValidConfidence(value string) bool
- func ValidRecommendedAction(value string) bool
- func ValidSignalClass(value string) bool
- type Backlog
- type ExecutiveRollup
- type ExecutiveRollupDimensions
- type ExecutiveRollupEvidenceStateCounts
- type ExecutiveRollupGroup
- type GovernanceDisposition
- type GovernedUsageMetrics
- type Input
- type Item
- type SecurityTestRecipe
- type Summary
Constants ¶
View Source
const ( SignalClassUniqueWrkrSignal = "unique_wrkr_signal" SignalClassSupportingSecurity = "supporting_security_signal" QueueControlFirst = "control_first" QueueReviewQueue = "review_queue" QueueAcceptedRisk = "accepted_risk_queue" QueueInventoryHygiene = "inventory_hygiene" QueueDebugOnly = "debug_only" FindingVisibilityPrimary = "primary" FindingVisibilityAppendix = "appendix" FindingVisibilityDebug = "debug" ControlSurfaceAIAgent = "ai_agent" ControlSurfaceCodingAssistant = "coding_assistant_config" ControlSurfaceMCPServerTool = "mcp_server_tool" ControlSurfaceCIAutomation = "ci_automation" ControlSurfaceReleaseAutomation = "release_automation" ControlSurfaceDependencyAgent = "dependency_agent_surface" ControlSurfaceSecretWorkflow = "secret_bearing_workflow" ControlSurfaceNonHumanIdentity = "non_human_identity" ControlPathAgentConfig = "agent_config" ControlPathMCPTool = "mcp_tool" ControlPathCIAutomation = "ci_automation" ControlPathReleaseWorkflow = "release_workflow" ControlPathDependencyAgent = "dependency_agent_surface" ControlPathSecretWorkflow = "secret_bearing_workflow" ActionAttachEvidence = "attach_evidence" ActionApprove = "approve" ActionRemediate = "remediate" ActionDowngrade = "downgrade" ActionDeprecate = "deprecate" ActionExclude = "exclude" ActionMonitor = "monitor" ActionInventoryReview = "inventory_review" ActionSuppress = "suppress" ActionDebugOnly = "debug_only" ConfidenceHigh = "high" ConfidenceMedium = "medium" ConfidenceLow = "low" GovernanceKindAcceptedRisk = "accepted_risk" GovernanceKindSuppression = "suppression" GovernanceStatusActive = "active" GovernanceStatusExpired = "expired" GovernanceStatusInvalid = "invalid" SecretReferenceDetected = "secret_reference_detected" SecretValueDetected = "secret_value_detected" SecretScopeUnknown = "secret_scope_unknown" // #nosec G101 -- governance enum label, not credential material. SecretRotationEvidenceMissing = "secret_rotation_evidence_missing" SecretOwnerMissing = "secret_owner_missing" SecretUsedByWriteCapableWorkflow = "secret_used_by_write_capable_workflow" )
View Source
const BacklogVersion = "1"
Variables ¶
This section is empty.
Functions ¶
func ValidConfidence ¶
func ValidRecommendedAction ¶
func ValidSignalClass ¶
Types ¶
type Backlog ¶
type Backlog struct {
ControlBacklogVersion string `json:"control_backlog_version"`
ExecutiveRollup *ExecutiveRollup `json:"executive_rollup,omitempty"`
GovernedUsageMetrics *GovernedUsageMetrics `json:"governed_usage_metrics,omitempty"`
Summary Summary `json:"summary"`
Items []Item `json:"items"`
}
type ExecutiveRollup ¶ added in v1.6.0
type ExecutiveRollup struct {
TotalGroups int `json:"total_groups"`
TotalPaths int `json:"total_paths"`
Groups []ExecutiveRollupGroup `json:"groups,omitempty"`
}
type ExecutiveRollupDimensions ¶ added in v1.6.0
type ExecutiveRollupDimensions struct {
ActionClass string `json:"action_class,omitempty"`
TargetClass string `json:"target_class,omitempty"`
RiskZone string `json:"risk_zone,omitempty"`
CredentialAuthority string `json:"credential_authority,omitempty"`
ProductionTarget string `json:"production_target,omitempty"`
EvidenceState string `json:"evidence_state,omitempty"`
OwnerState string `json:"owner_state,omitempty"`
RepoCluster string `json:"repo_cluster,omitempty"`
DetectorConfidence string `json:"detector_confidence,omitempty"`
ContradictionState string `json:"contradiction_state,omitempty"`
ClosureAction string `json:"closure_action,omitempty"`
}
type ExecutiveRollupEvidenceStateCounts ¶ added in v1.6.0
type ExecutiveRollupGroup ¶ added in v1.6.0
type ExecutiveRollupGroup struct {
GroupID string `json:"group_id"`
Count int `json:"count"`
HighestSeverity string `json:"highest_severity,omitempty"`
HighestPriority string `json:"highest_priority,omitempty"`
ClosureRecommendation string `json:"closure_recommendation,omitempty"`
TopExampleRefs []string `json:"top_example_refs,omitempty"`
EvidenceStateSummary ExecutiveRollupEvidenceStateCounts `json:"evidence_state_summary"`
Rationale []string `json:"rationale,omitempty"`
Dimensions ExecutiveRollupDimensions `json:"dimensions"`
}
type GovernanceDisposition ¶ added in v1.6.0
type GovernanceDisposition struct {
Kind string `json:"kind"`
Status string `json:"status"`
Reason string `json:"reason"`
Scope string `json:"scope"`
Issuer string `json:"issuer,omitempty"`
ExpiresAt string `json:"expires_at,omitempty"`
EvidenceState string `json:"evidence_state,omitempty"`
VisibilityBehavior string `json:"visibility_behavior,omitempty"`
RescanBehavior string `json:"rescan_behavior,omitempty"`
EvidenceRefs []string `json:"evidence_refs,omitempty"`
}
type GovernedUsageMetrics ¶ added in v1.6.0
type GovernedUsageMetrics struct {
ActiveMonitoredActionPaths int `json:"active_monitored_action_paths"`
GovernedPaths int `json:"governed_paths"`
EvidencePacks int `json:"evidence_packs"`
AuditExports int `json:"audit_exports"`
ApprovalDecisions int `json:"approval_decisions"`
ConnectedRuntimes int `json:"connected_runtimes"`
GovernedAgentsWorkflows int `json:"governed_agents_workflows"`
VerifiedControlPaths int `json:"verified_control_paths"`
UnknownControlPaths int `json:"unknown_control_paths"`
ContradictoryPaths int `json:"contradictory_paths"`
}
type Input ¶
type Input struct {
Mode string
GeneratedAt time.Time
Findings []model.Finding
Inventory *agginventory.Inventory
Identities []manifest.IdentityRecord
LifecycleGaps []lifecycle.Gap
ActionPaths []risk.ActionPath
ControlPathGraph *aggattack.ControlPathGraph
}
type Item ¶
type Item struct {
ID string `json:"id"`
AgentID string `json:"agent_id,omitempty"`
Repo string `json:"repo"`
Path string `json:"path"`
ControlSurfaceType string `json:"control_surface_type"`
ControlPathType string `json:"control_path_type"`
Capability string `json:"capability"`
Capabilities []string `json:"capabilities,omitempty"`
WritePathClasses []string `json:"write_path_classes,omitempty"`
ActionClasses []string `json:"action_classes,omitempty"`
ActionReasons []string `json:"action_reasons,omitempty"`
GovernanceControls []agginventory.GovernanceControlMapping `json:"governance_controls,omitempty"`
Owner string `json:"owner,omitempty"`
OwnerSource string `json:"owner_source,omitempty"`
OwnershipStatus string `json:"ownership_status,omitempty"`
OwnershipState string `json:"ownership_state,omitempty"`
OwnershipConfidence float64 `json:"ownership_confidence,omitempty"`
OwnershipEvidence []string `json:"ownership_evidence_basis,omitempty"`
OwnershipConflicts []string `json:"ownership_conflicts,omitempty"`
EvidenceDecisions []evidencepolicy.Decision `json:"evidence_decisions,omitempty"`
Contradictions []evidencepolicy.Contradiction `json:"contradictions,omitempty"`
ControlResolutionState string `json:"control_resolution_state,omitempty"`
ControlResolutionReasons []string `json:"control_resolution_reasons,omitempty"`
ControlEvidenceRefs []string `json:"control_evidence_refs,omitempty"`
ConstraintEvidenceClasses []string `json:"constraint_evidence_classes,omitempty"`
ConstraintEvidenceRefs []string `json:"constraint_evidence_refs,omitempty"`
ApprovalEvidenceState string `json:"approval_evidence_state,omitempty"`
OwnerEvidenceState string `json:"owner_evidence_state,omitempty"`
ProofEvidenceState string `json:"proof_evidence_state,omitempty"`
RuntimeEvidenceState string `json:"runtime_evidence_state,omitempty"`
TargetEvidenceState string `json:"target_evidence_state,omitempty"`
CredentialEvidenceState string `json:"credential_evidence_state,omitempty"`
TargetClass string `json:"target_class,omitempty"`
TargetClassReasons []string `json:"target_class_reasons,omitempty"`
TargetClassEvidenceRefs []string `json:"target_class_evidence_refs,omitempty"`
ActionPathType string `json:"action_path_type,omitempty"`
ActionPathTypeReasons []string `json:"action_path_type_reasons,omitempty"`
ActionPathTypeEvidenceRefs []string `json:"action_path_type_evidence_refs,omitempty"`
EvidenceSource string `json:"evidence_source"`
EvidenceBasis []string `json:"evidence_basis"`
ApprovalStatus string `json:"approval_status"`
SecurityVisibility string `json:"security_visibility"`
Queue string `json:"queue,omitempty"`
FindingVisibility string `json:"finding_visibility,omitempty"`
SignalClass string `json:"signal_class"`
RecommendedAction string `json:"recommended_action"`
Remediation string `json:"remediation,omitempty"`
Confidence string `json:"confidence"`
EvidenceGaps []string `json:"evidence_gaps,omitempty"`
ConfidenceRaise []string `json:"confidence_raise,omitempty"`
SLA string `json:"sla"`
ClosureCriteria string `json:"closure_criteria"`
ClosureRequirements []risk.ClosureRequirement `json:"closure_requirements,omitempty"`
EvidenceCompleteness *risk.EvidenceCompleteness `json:"evidence_completeness,omitempty"`
GovernanceDisposition *GovernanceDisposition `json:"governance_disposition,omitempty"`
LifecycleQueue *governancequeue.Item `json:"lifecycle_queue,omitempty"`
SecretSignalTypes []string `json:"secret_signal_types,omitempty"`
LinkedFindingIDs []string `json:"linked_finding_ids,omitempty"`
LinkedActionPathID string `json:"linked_action_path_id,omitempty"`
LinkedControlPathNodeIDs []string `json:"linked_control_path_node_ids,omitempty"`
LinkedControlPathEdgeIDs []string `json:"linked_control_path_edge_ids,omitempty"`
CredentialProvenance *agginventory.CredentialProvenance `json:"credential_provenance,omitempty"`
CredentialAuthority *agginventory.CredentialAuthority `json:"credential_authority,omitempty"`
AuthorityBindings []*agginventory.AuthorityBinding `json:"authority_bindings,omitempty"`
StandingPrivilege bool `json:"standing_privilege,omitempty"`
StandingPrivilegeReasons []string `json:"standing_privilege_reasons,omitempty"`
ControlState string `json:"control_state,omitempty"`
ControlStateReasons []string `json:"control_state_reasons,omitempty"`
RiskZone string `json:"risk_zone,omitempty"`
RiskZoneReasons []string `json:"risk_zone_reasons,omitempty"`
ReviewBurden string `json:"review_burden,omitempty"`
ReviewBurdenReasons []string `json:"review_burden_reasons,omitempty"`
ConfidenceLane string `json:"confidence_lane,omitempty"`
ConfidenceLaneReasons []string `json:"confidence_lane_reasons,omitempty"`
AutonomyTier string `json:"autonomy_tier,omitempty"`
AutonomyTierReasons []string `json:"autonomy_tier_reasons,omitempty"`
AutonomyTierEvidenceRefs []string `json:"autonomy_tier_evidence_refs,omitempty"`
DelegationReadinessState string `json:"delegation_readiness_state,omitempty"`
DelegationReadinessReasons []string `json:"delegation_readiness_reasons,omitempty"`
RecommendedControl string `json:"recommended_control,omitempty"`
RecommendedControlReasons []string `json:"recommended_control_reasons,omitempty"`
RiskClassificationValidationReasons []string `json:"risk_classification_validation_reasons,omitempty"`
RiskClassificationValidationRefs []string `json:"risk_classification_validation_refs,omitempty"`
RecommendedActionContract *risk.RecommendedActionContract `json:"recommended_action_contract,omitempty"`
TodayPath *risk.GovernedPathView `json:"today_path,omitempty"`
RecommendedGovernedPath *risk.GovernedPathView `json:"recommended_governed_path,omitempty"`
HighStakesPresets []risk.HighStakesPreset `json:"high_stakes_presets,omitempty"`
ProductionContext *risk.ProductionContext `json:"production_context,omitempty"`
PolicyCoverageStatus string `json:"policy_coverage_status,omitempty"`
PolicyRefs []string `json:"policy_refs,omitempty"`
PolicyMissingReasons []string `json:"policy_missing_reasons,omitempty"`
PolicyEvidenceRefs []string `json:"policy_evidence_refs,omitempty"`
PolicyConfidence string `json:"policy_confidence,omitempty"`
TrustDepth *agginventory.TrustDepth `json:"trust_depth,omitempty"`
SecurityTestRecipes []SecurityTestRecipe `json:"security_test_recipes,omitempty"`
}
type SecurityTestRecipe ¶ added in v1.3.0
type SecurityTestRecipe struct {
ID string `json:"id"`
Class string `json:"class"`
Title string `json:"title"`
Preconditions []string `json:"preconditions,omitempty"`
ExpectedObservation string `json:"expected_observation"`
RequiredApprovals []string `json:"required_approvals,omitempty"`
DryRunFlag string `json:"dry_run_flag,omitempty"`
EvidenceRefs []string `json:"evidence_refs,omitempty"`
}
type Summary ¶
type Summary struct {
TotalItems int `json:"total_items"`
UniqueWrkrSignalItems int `json:"unique_wrkr_signal_items"`
SupportingSecurityItems int `json:"supporting_security_signal_items"`
AttachEvidenceActionItems int `json:"attach_evidence_action_items"`
ApproveActionItems int `json:"approve_action_items"`
RemediateActionItems int `json:"remediate_action_items"`
ControlFirstQueueItems int `json:"control_first_queue_items,omitempty"`
ReviewQueueItems int `json:"review_queue_items,omitempty"`
AcceptedRiskQueueItems int `json:"accepted_risk_queue_items,omitempty"`
InventoryHygieneItems int `json:"inventory_hygiene_items,omitempty"`
DebugOnlyQueueItems int `json:"debug_only_queue_items,omitempty"`
LifecycleQueueItems int `json:"lifecycle_queue_items,omitempty"`
AutonomyTiers risk.AutonomyTierCounts `json:"autonomy_tiers"`
DelegationReadiness risk.DelegationReadinessCounts `json:"delegation_readiness"`
RecommendedControls risk.RecommendedControlCounts `json:"recommended_controls"`
}
func SummarizeItems ¶ added in v1.6.0
Source Files
Click to show internal directories.
Click to hide internal directories.