Why Go
- Case Studies
  
  Common problems companies solve with Go
- Use Cases
  
  Stories about how and why companies use Go
- Security
  
  How Go can help keep you secure by default
Learn
Docs
- Effective Go
  
  Tips for writing clear, performant, and idiomatic Go code
- Go User Manual
  
  A complete introduction to building software with Go
- Standard library
  
  Reference documentation for Go's standard library
- Release Notes
  
  Learn what's new in each Go release
Packages
Community
- Recorded Talks
  
  Videos from prior events
- Meetups
  
  Meet other local Go developers
- Conferences
  
  Learn and network with Go developers from around the world
- Go blog
  
  The Go project's official blog.
- Go project
  
  Get help and stay informed from Go
- Get connected

security

package

Go to main page

Versions in this module

v0

v0.4.1

Mar 27, 2026

v0.4.0

Mar 22, 2026

v0.3.2

Mar 16, 2026

v0.3.1

Mar 13, 2026

v0.3.0

Mar 13, 2026

Changes in this version

+ func BuildSummary(result *ScanResult, detail string) (tile, body string)

+ func ConfidenceLabel(c VerifyConfidence) string

+ func ExtractRegistry(ref string) string

+ func InferEcosystem(pkg, installed string) string

+ func NormalizePackageName(pkg, ecosystem string) string

+ func ResolveDetailLevel(cfg config.SecurityConfig, cliOverride string, policies config.PoliciesConfig) string

+ func WriteAdvisories(outputDir, imageRef string, vulns []Vulnerability) error

+ type Advisory struct

+ Ecosystem string

+ FixedIn string

+ ID string

+ Installed string

+ Package string

+ Severity string

+ Source string

+ func ReadAdvisories(rootDir string) ([]Advisory, error)

+ type AdvisoryFile struct

+ Advisories []Advisory

+ Generator string

+ Image string

+ SchemaVersion int

+ type CandidateInfo struct

+ Digest string

+ ObservedDigest string

+ ObservedDigestAlt string

+ Ref string

+ Stability RefStability

+ type RefStability string

+ const StabilityDigest

+ const StabilityTag

+ const StabilityTagWithDigest

+ func ClassifyRefStability(ref string, knownDigest string) RefStability

+ type ScanConfig struct

+ Enabled bool

+ FailOnCritical bool

+ GrypeEnabled bool

+ ImageRef string

+ OutputDir string

+ SBOMEnabled bool

+ SectionWriter io.Writer

+ TrivyEnabled bool

+ type ScanResult struct

+ Artifacts []string

+ Critical int

+ EngineVersion string

+ High int

+ Low int

+ Medium int

+ OS string

+ Partial bool

+ ScannersFailed []ScannerInfo

+ ScannersRun []ScannerInfo

+ Status string

+ Summary string

+ Target ScanTarget

+ Vulnerabilities []Vulnerability

+ func Scan(ctx context.Context, cfg ScanConfig) (*ScanResult, error)

+ type ScanTarget struct

+ Candidates []CandidateInfo

+ Digest string

+ DigestMatch *bool

+ DiscoveredTag string

+ ExpectedCommit string

+ ExpectedTags []string

+ ObservedDigest string

+ ObservedDigestAlt string

+ Ref string

+ SelectionReason string

+ SigningAttempted bool

+ Source TargetSource

+ Stability RefStability

+ type ScannerInfo struct

+ Name string

+ Version string

+ type TargetSource string

+ const TargetExplicit

+ const TargetPositionalArg

+ const TargetPublishManifest

+ type VerificationResult struct

+ ActualTag string

+ AttestationValid *bool

+ Confidence VerifyConfidence

+ DigestMatch *bool

+ ExpectedDigest string

+ ExpectedTags []string

+ Failures []string

+ IdentityMatched *bool

+ ObservedConsistent *bool

+ ProvenanceMatched *bool

+ ResolvedDigest string

+ SignatureValid *bool

+ SigningAttempted bool

+ TagBindingMatch *bool

+ func Verify(ctx context.Context, opts VerifyOpts) *VerificationResult

+ type VerifyConfidence string

+ const ConfidenceDegraded

+ const ConfidenceHigh

+ const ConfidenceNone

+ type VerifyOpts struct

+ ActualRef string

+ ActualTag string

+ Attestation *build.AttestationRecord

+ CosignKeyPath string

+ CredRef string

+ CredResolver func(string) (string, string)

+ ExpectedCommit string

+ ExpectedDigest string

+ ExpectedTags []string

+ ObservedDigest string

+ ObservedDigestAlt string

+ SigningAttempted bool

+ type Vulnerability struct

+ Description string

+ FixedIn string

+ ID string

+ Installed string

+ Package string

+ Severity string

+ Source string