Documentation
¶
Overview ¶
Package auditcache stores per-package SARIF Runs from the local audit command on disk so repeat audits over the same SBOM are fast. Each entry is keyed by a sha256 of (analysis identifier, policy hash, builder revision hash) and stored as a single JSON file under the configured cache dir.
Index ¶
- func BuilderHash(checkCodes []string) string
- func Get(dir, key string, maxAge time.Duration) (*sarif.Run, time.Time, bool, error)
- func Key(analysisID, policyHash, builderHash string) string
- func ParseMaxAge(s string) (time.Duration, error)
- func PolicyHash(policyOverridePath, policyDefaultPath string) (string, error)
- func Put(dir, key string, run *sarif.Run) error
- type Entry
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func BuilderHash ¶
BuilderHash returns a stable hash of the registered check codes from a builder's metadata, so a check addition/removal invalidates cached entries.
func Get ¶
Get loads a cached Run for key if present and not older than maxAge. Returns (run, savedAt, true) on hit, (nil, zero, false) on miss or expiry. A read error other than not-found is returned to the caller — the cache is expected to be writable by the same user so corruption is a real signal.
func Key ¶
Key produces the on-disk filename component for a (analysisID, policyHash, builderHash) tuple. analysisID is the AnalysisIdentifier from dag-impl (already encodes ecosystem/name/version/overrides). policyHash and builderHash invalidate cache entries when policy files or the registered check set change.
func ParseMaxAge ¶
ParseMaxAge accepts time.ParseDuration syntax plus "Nd" (days). Returns 0 for empty/zero (caller should treat 0 as "no caching").
func PolicyHash ¶
PolicyHash returns a stable hash of two optional policy file paths' contents. Missing files contribute nothing; the same paths in different order produce different hashes (override vs default are not interchangeable).