report

package
v0.0.1-rc3 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Apr 27, 2026 License: MIT Imports: 5 Imported by: 0

Documentation

Overview

Package report converts the raw findings of a completed scan into a scored Report (JSON envelope), a Markdown export, and a SARIF 2.1.0 document.

Index

Constants

View Source 
const SchemaVersion = "1.0"

SchemaVersion of the report envelope.

Variables

This section is empty.

Functions

func Markdown 

func Markdown(r *Report) string

Markdown renders a Report as the human-and-agent-friendly Markdown described in SPECIFICATIONS.md §6.5.

Types

type BuildOptions 

type BuildOptions struct {
	ScannerVersion string
}

BuildOptions parameterises Build.

type Counts 

type Counts struct {
	Critical int `json:"critical"`
	High     int `json:"high"`
	Medium   int `json:"medium"`
	Low      int `json:"low"`
	Info     int `json:"info"`
	Passed   int `json:"passed"`
	Skipped  int `json:"skipped"`
	Errored  int `json:"errored"`
}

Counts is the per-status / per-severity breakdown.

type FindingEntry 

type FindingEntry struct {
	ID          string               `json:"id"`
	Family      checks.Family        `json:"family"`
	Severity    checks.Severity      `json:"severity"`
	Status      checks.FindingStatus `json:"status"`
	Title       string               `json:"title,omitempty"`
	Description string               `json:"description,omitempty"`
	Evidence    map[string]any       `json:"evidence,omitempty"`
	Remediation map[string]any       `json:"remediation,omitempty"`
	IsQuickWin  bool                 `json:"is_quick_win,omitempty"`
}

FindingEntry mirrors checks.Finding but adds `IsQuickWin` derived at build time. Other Finding fields pass through verbatim.

type Report 

type Report struct {
	SchemaVersion string         `json:"schema_version"`
	Scan          ScanInfo       `json:"scan"`
	Summary       Summary        `json:"summary"`
	Findings      []FindingEntry `json:"findings"`
	PassedChecks  []string       `json:"passed_checks,omitempty"`
	SkippedChecks []SkippedCheck `json:"skipped_checks,omitempty"`
}

Report is the persisted JSON shape of a completed scan, wrapping the raw findings with grade / score / counts / quick-wins.

func Build 

func Build(
	id, target string,
	startedAt time.Time,
	completedAt time.Time,
	findings []checks.Finding,
	opts BuildOptions,
) *Report

Build produces a Report from the raw scan inputs. findings must be the full set produced by the runner (passed/skipped/errored included).

type SARIF 

type SARIF struct {
	Schema  string     `json:"$schema"`
	Version string     `json:"version"`
	Runs    []SARIFRun `json:"runs"`
}

SARIF is a minimal subset of the SARIF 2.1.0 schema sufficient for GitHub Code Scanning ingestion (oasis-tcs/sarif-spec).

func ToSARIF 

func ToSARIF(r *Report) *SARIF

ToSARIF renders r as a SARIF 2.1.0 document. Failing/warning/erroring findings become results; passes and skipped are intentionally dropped (SARIF readers expect issues, not affirmations).

type SARIFArtifactLocation 

type SARIFArtifactLocation struct {
	URI string `json:"uri"`
}

type SARIFDriver 

type SARIFDriver struct {
	Name           string      `json:"name"`
	Version        string      `json:"version"`
	InformationURI string      `json:"informationUri,omitempty"`
	Rules          []SARIFRule `json:"rules,omitempty"`
}

type SARIFInvoc 

type SARIFInvoc struct {
	ExecutionSuccessful bool   `json:"executionSuccessful"`
	StartTimeUTC        string `json:"startTimeUtc,omitempty"`
	EndTimeUTC          string `json:"endTimeUtc,omitempty"`
}

type SARIFLoc 

type SARIFLoc struct {
	PhysicalLocation *SARIFPhysicalLocation `json:"physicalLocation,omitempty"`
}

type SARIFPhysicalLocation 

type SARIFPhysicalLocation struct {
	ArtifactLocation SARIFArtifactLocation `json:"artifactLocation"`
}

type SARIFResult 

type SARIFResult struct {
	RuleID     string         `json:"ruleId"`
	Level      string         `json:"level"`
	Message    SARIFText      `json:"message"`
	Properties map[string]any `json:"properties,omitempty"`
	Locations  []SARIFLoc     `json:"locations,omitempty"`
}

type SARIFRule 

type SARIFRule struct {
	ID                   string                  `json:"id"`
	Name                 string                  `json:"name,omitempty"`
	ShortDescription     SARIFText               `json:"shortDescription,omitempty"`
	FullDescription      SARIFText               `json:"fullDescription,omitempty"`
	DefaultConfiguration *SARIFRuleConfiguration `json:"defaultConfiguration,omitempty"`
	Properties           map[string]any          `json:"properties,omitempty"`
}

type SARIFRuleConfiguration 

type SARIFRuleConfiguration struct {
	Level string `json:"level"`
}

type SARIFRun 

type SARIFRun struct {
	Tool        SARIFTool      `json:"tool"`
	Results     []SARIFResult  `json:"results"`
	Invocations []SARIFInvoc   `json:"invocations,omitempty"`
	Properties  map[string]any `json:"properties,omitempty"`
}

type SARIFText 

type SARIFText struct {
	Text string `json:"text"`
}

type SARIFTool 

type SARIFTool struct {
	Driver SARIFDriver `json:"driver"`
}

type ScanInfo 

type ScanInfo struct {
	ID              string    `json:"id"`
	Target          string    `json:"target"`
	StartedAt       time.Time `json:"started_at"`
	CompletedAt     time.Time `json:"completed_at,omitempty"`
	DurationSeconds int       `json:"duration_seconds"`
	ScannerVersion  string    `json:"scanner_version"`
}

ScanInfo captures the per-scan metadata.

type SkippedCheck 

type SkippedCheck struct {
	ID     string `json:"id"`
	Reason string `json:"reason"`
}

SkippedCheck is the (id, reason) pair surfaced under skipped_checks.

type Summary 

type Summary struct {
	Grade           string         `json:"grade"`
	Score           int            `json:"score"`
	ScoresPerFamily map[string]int `json:"scores_per_family"`
	Counts          Counts         `json:"counts"`
	QuickWins       []string       `json:"quick_wins"`
}

Summary is the scored top-level overview rendered in Markdown summaries and SARIF run properties.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.