Documentation
¶
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type CVE ¶
type CVE struct {
ID string `json:"id"`
Summary string `json:"summary"`
Severity string `json:"severity"`
Published time.Time `json:"published"`
Modified time.Time `json:"modified"`
Affected []string `json:"affected"`
References []string `json:"references"`
}
CVE represents a Common Vulnerabilities and Exposures record
type CVEChecker ¶
type CVEChecker struct {
// contains filtered or unexported fields
}
CVEChecker handles CVE matching using OSV and NVD APIs
func (*CVEChecker) CheckCVEs ¶
func (c *CVEChecker) CheckCVEs(ctx context.Context, pkg, version, ecosystem string) ([]Finding, error)
CheckCVEs checks for CVEs in a package
func (*CVEChecker) Init ¶
func (c *CVEChecker) Init() error
Init initializes the CVE checker and database
func (*CVEChecker) SetOffline ¶
func (c *CVEChecker) SetOffline(offline bool)
SetOffline sets the offline mode
type ClamAVScanner ¶
type ClamAVScanner struct {
// contains filtered or unexported fields
}
ClamAVScanner handles ClamAV scanning inside sandbox
func NewClamAVScanner ¶
func NewClamAVScanner() *ClamAVScanner
NewClamAVScanner creates a new ClamAV scanner
func (*ClamAVScanner) Init ¶
func (c *ClamAVScanner) Init() error
Init initializes the ClamAV scanner
func (*ClamAVScanner) IsAvailable ¶
func (c *ClamAVScanner) IsAvailable() bool
IsAvailable returns true if ClamAV is available
func (*ClamAVScanner) ScanWithClamAV ¶
func (c *ClamAVScanner) ScanWithClamAV(ctx context.Context, pkg, version, ecosystem string) ([]Finding, error)
ScanWithClamAV scans package files with ClamAV inside sandbox
func (*ClamAVScanner) UpdateSignatures ¶
func (c *ClamAVScanner) UpdateSignatures() error
UpdateSignatures updates ClamAV virus signatures
type Dependency ¶
Dependency represents a package dependency
type DockerConfig ¶
type DockerConfig struct {
Timeout int `json:"timeout"` // Container timeout in seconds
MemoryLimit string `json:"memory_limit"` // Memory limit (e.g., "512mb")
NetworkMode string `json:"network_mode"` // Network mode ("none" for disabled)
ReadOnlyRoot bool `json:"read_only_root"` // Read-only root filesystem
PidsLimit int64 `json:"pids_limit"` // Maximum number of processes
}
DockerConfig represents Docker container configuration for sandbox scanning
func DefaultDockerConfig ¶
func DefaultDockerConfig() DockerConfig
DefaultDockerConfig returns the default Docker configuration
type MetadataChecker ¶
type MetadataChecker struct {
// contains filtered or unexported fields
}
MetadataChecker handles metadata anomaly detection
func NewMetadataChecker ¶
func NewMetadataChecker() *MetadataChecker
NewMetadataChecker creates a new metadata checker
func (*MetadataChecker) CheckMetadata ¶
func (m *MetadataChecker) CheckMetadata(ctx context.Context, pkg, version, ecosystem string) ([]Finding, error)
CheckMetadata performs metadata anomaly detection on a package
func (*MetadataChecker) Init ¶
func (m *MetadataChecker) Init() error
Init initializes the metadata checker with top packages data
type Pipeline ¶
type Pipeline struct {
// contains filtered or unexported fields
}
Pipeline orchestrates the layered scanning process
func (*Pipeline) ScanPackage ¶
func (p *Pipeline) ScanPackage(ctx context.Context, pkg, version, ecosystem, minSeverity string) (*ScanResult, error)
ScanPackage runs the full scanning pipeline on a package
func (*Pipeline) ScanProject ¶
func (p *Pipeline) ScanProject(ctx context.Context, projectPath, minSeverity string) ([]*ScanResult, error)
ScanProject scans a local project directory
type Resolver ¶
type Resolver struct {
}
Resolver handles dependency resolution for different ecosystems
func (*Resolver) ResolveDependencies ¶
func (r *Resolver) ResolveDependencies(projectPath string) ([]Dependency, error)
ResolveDependencies resolves dependencies from a project directory
type SandboxScanner ¶
type SandboxScanner struct {
// contains filtered or unexported fields
}
SandboxScanner handles Docker-based sandbox scanning
func NewSandboxScanner ¶
func NewSandboxScanner() *SandboxScanner
NewSandboxScanner creates a new sandbox scanner
func (*SandboxScanner) Close ¶
func (s *SandboxScanner) Close() error
Close closes the Docker client
func (*SandboxScanner) Init ¶
func (s *SandboxScanner) Init() error
Init initializes the sandbox scanner
func (*SandboxScanner) IsAvailable ¶
func (s *SandboxScanner) IsAvailable() bool
IsAvailable returns true if Docker is available
func (*SandboxScanner) ScanInSandbox ¶
func (s *SandboxScanner) ScanInSandbox(ctx context.Context, pkg, version, ecosystem string) ([]Finding, error)
ScanInSandbox scans a package in an isolated Docker container
type ScanResult ¶
type ScanResult struct {
Package string
Version string
Ecosystem string
Findings []Finding
Clean bool
}
ScanResult represents the result of scanning a package
type YARAScanner ¶
type YARAScanner struct {
// contains filtered or unexported fields
}
YARAScanner handles YARA rule matching inside sandbox
func (*YARAScanner) AddCustomRule ¶
func (y *YARAScanner) AddCustomRule(rulePath string) error
AddCustomRule adds a custom YARA rule
func (*YARAScanner) IsAvailable ¶
func (y *YARAScanner) IsAvailable() bool
IsAvailable returns true if YARA is available
func (*YARAScanner) ScanWithYARA ¶
func (y *YARAScanner) ScanWithYARA(ctx context.Context, pkg, version, ecosystem string) ([]Finding, error)
ScanWithYARA scans package files with YARA rules
func (*YARAScanner) UpdateRules ¶
func (y *YARAScanner) UpdateRules() error
UpdateRules updates YARA rules from remote source
Source Files