scanner

package
v1.2.1 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: May 15, 2025 License: Apache-2.0 Imports: 13 Imported by: 0

Documentation

Index

Constants

View Source 
const (
	Reset   = "\033[0m"
	Red     = "\033[31m"
	Green   = "\033[32m"
	Yellow  = "\033[33m"
	Blue    = "\033[34m"
	Magenta = "\033[35m"
	Cyan    = "\033[36m"
	Gray    = "\033[37m"
	White   = "\033[97m"
)

Color codes

View Source 
const SHA256NotAvailable = "N/A"

Variables

This section is empty.

Functions

func ApplyFixesInFile added in v1.2.0 

func ApplyFixesInFile(wf Workflow, isDryRun bool) error

ApplyFixesInFile opens the given file, applies all Findings in-place, and writes the file back. It applies fixes in top-to-bottom, left-to-right order so byte offsets remain valid.

func AuditRepository 

func AuditRepository(path FilePath) (*[]Workflow, error)

AuditRepository collects inventory details from current Git repository.

func AutoFixRepository 

func AutoFixRepository(path FilePath, isDryRun bool) error

AutoFixRepository tries to match and replace third-party action references with SHA It uses SHA resolution to find accurate SHA

func FormatAuditReport added in v1.2.0 

func FormatAuditReport(workflows []Workflow) string

FormatAuditReport renders a slice of workflows into a colored CLI report.

func ReadFile added in v1.1.3 

func ReadFile(loc FilePath) ([]byte, error)

ReadFile reads content of file in a given filepath

func ScanContent added in v1.1.3 

func ScanContent(content []byte, regex *regexp.Regexp) ([]string, error)

ScanContent finds matches in given content

Types

type FilePath added in v1.1.3 

type FilePath string

Relative or Absolute path of a file

func BuildRepoPath added in v1.2.0 

func BuildRepoPath(action string, args []string) (*FilePath, error)

BuildRepoPath builds a repo path from arguments If repo is a local path, absolute path is returned If repo is a cloud URL, repository is cloned into a temporary directory for operation.

func ListFiles added in v1.1.3 

func ListFiles(loc FilePath) ([]*FilePath, error)

type Finding added in v1.2.0 

type Finding struct {
	Line        int    // 1-based line number
	Column      int    // 1-based column number
	Description string // human-readable problem description
	FixSHA      string // suggested replacement
	FixMsg      string // Fix message
	Action      string
	Version     string // version
	Original    string // e.g. "actions/checkout@v2"
}

Finding is a single issue in a workflow file.

type GitRepository 

type GitRepository struct {
	// contains filtered or unexported fields
}

GitRepository implements Repository interface

func ListRepositoriesAtRoot added in v1.1.3 

func ListRepositoriesAtRoot(root FilePath) ([]*GitRepository, error)

func (GitRepository) ListBranches 

func (g GitRepository) ListBranches(fp FilePath) ([]string, error)

func (GitRepository) Name 

func (g GitRepository) Name() string

type Inventory 

type Inventory struct {
	Records []*InventoryRecord `json:"findings"`
}

Inventory aggregates multiple inventory records.

func Find added in v1.1.3 

func Find(root string, headOnly bool) (*Inventory, error)

func ScanBranch added in v1.1.3 

func ScanBranch(branch string, repo GitRepository, regex *regexp.Regexp, dirPath string) *Inventory

ScanBranch scans a given branch for mutable references

func ScanRepos added in v1.1.3 

func ScanRepos(repos []*GitRepository, regex *regexp.Regexp, ho bool) (*Inventory, error)

ScanRepos traverses all repositories found under the root directory, checks each branch, enumerates over files in the given workflow directory path, and scans each file's content for regex matches. ho - HEAD only

type InventoryRecord 

type InventoryRecord struct {
	Repository string   `json:"repository_name"` // Repository name or path
	Branch     string   `json:"branch_name"`     // Branch name
	FilePath   string   `json:"actions_file"`    // File path where the match was found
	Matches    []string `json:"matches"`         // Regex match results from the file content
}

InventoryRecord holds details for a regex match in a file.

type Match added in v1.2.0 

type Match struct {
	Text      string
	Line, Col int
}

Match represents a single match plus its position.

func ScanContentWithPosition added in v1.2.0 

func ScanContentWithPosition(content []byte, regex *regexp.Regexp) ([]Match, error)

ScanContentWithPosition scans the content and returns each match along with its 1-based line and column.

type Workflow added in v1.2.0 

type Workflow struct {
	Name     string    // workflow name (from the YAML)
	FilePath string    // path to the workflow file
	Issues   []Finding // all unpinned-version findings
}

Workflow holds all findings for one GitHub Actions YAML

func AssembleWorkflow added in v1.2.0 

func AssembleWorkflow(res network.Resolver, content []byte, fileName string, filePath string) (*Workflow, error)

AssembleWorkflow builds printable workflows with structure suitable for formatting

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.