scan

package

v0.2.0 Latest Latest Go to latest Published: Mar 25, 2026 License: Apache-2.0 Imports: 12 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/complytime/complyctl

Links

Open Source Insights

Documentation ¶

Index ¶

Constants
func ResolveSpecPath(specRef, specDir string) string
func WriteSpecFiles(specDir string) error
type CommandRunner
type ExecRunner
- func (r ExecRunner) Run(name string, args ...string) ([]byte, error)
- func (r ExecRunner) RunWithEnv(env []string, name string, args ...string) ([]byte, error)
type RawScanResult
- func ScanRepository(repo RepoTarget, branch, specPath string, cfg ScanConfig, runner CommandRunner) (*RawScanResult, error)
type RepoTarget
type ScanConfig

Constants ¶

View Source

const GitHubSpecFile = "branch-rules.yaml"

GitHubSpecFile is the filename for the GitHub branch rules spec.

View Source

const GitLabSpecFile = "branch-protection.yaml"

GitLabSpecFile is the filename for the GitLab branch protection spec.

Variables ¶

This section is empty.

Functions ¶

func ResolveSpecPath ¶

func ResolveSpecPath(specRef, specDir string) string

ResolveSpecPath resolves a spec reference to an absolute path. Specs with the "builtin:" prefix are passed through unchanged for snappy to handle. Absolute paths are returned as-is. Relative paths containing a "/" or ending in ".yaml"/".yml" are resolved against specDir. Bare names (snappy built-ins) are passed through unchanged.

func WriteSpecFiles ¶

func WriteSpecFiles(specDir string) error

WriteSpecFiles writes the embedded spec files to the given directory.

Types ¶

type CommandRunner ¶

type CommandRunner interface {
	Run(name string, args ...string) ([]byte, error)
	RunWithEnv(env []string, name string, args ...string) ([]byte, error)
}

CommandRunner abstracts command execution for testing.

type ExecRunner ¶

type ExecRunner struct{}

ExecRunner executes commands using os/exec.

func (ExecRunner) Run ¶

func (r ExecRunner) Run(name string, args ...string) ([]byte, error)

Run executes the named command with the given arguments.

func (ExecRunner) RunWithEnv ¶

func (r ExecRunner) RunWithEnv(env []string, name string, args ...string) ([]byte, error)

RunWithEnv executes the named command with a custom environment.

type RawScanResult ¶

type RawScanResult struct {
	Output []byte
}

RawScanResult holds the raw output from an AMPEL verify operation.

func ScanRepository ¶

func ScanRepository(repo RepoTarget, branch, specPath string, cfg ScanConfig, runner CommandRunner) (*RawScanResult, error)

ScanRepository runs snappy and ampel verify for a single repository, branch, and spec file. The specPath must already be resolved (see ResolveSpecPath).

type RepoTarget ¶

type RepoTarget struct {
	URL         string
	AccessToken string `json:"-"` //nolint:gosec // G117: struct field, not a hardcoded credential
	Platform    string // "github" or "gitlab"
}

RepoTarget holds the repository information extracted from target variables.

type ScanConfig ¶

type ScanConfig struct {
	PolicyPath string
	OutputDir  string
	SpecDir    string
}

ScanConfig holds configuration for scanning a repository.

Source Files ¶

View all Source files

scan.go

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL