diff

package

v1.19.1 Latest Latest Go to latest Published: May 29, 2026 License: MIT Imports: 3 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/darpanzope/compliancekit

Links

Open Source Insights

Documentation ¶

Overview ¶

Package diff classifies a current scan's findings against a previously captured baseline. Three buckets:

new — fingerprint not in baseline
existing — fingerprint present in both, status unchanged
resolved — fingerprint in baseline, not in current scan

A fourth implicit case ("fingerprint present in both, status changed") is folded into `new` -- the status is the load-bearing piece of the fingerprint at v0.6, so a status change manifests as a different fingerprint already. Future v0.x may surface "regressed" / "improved" as their own buckets if the use case demands.

The package is intentionally output-format-agnostic. The CLI layer renders the DiffResult into the human-readable format an operator expects; downstream tools (a future Slack notifier, a CI dashboard) will read the same struct.

Index ¶

func CountsBySeverity(findings []compliancekit.Finding) map[string]int
func CountsBySeverityEntries(entries []baseline.Entry) map[string]int
type DiffResult
- func Compute(b baseline.Baseline, current []compliancekit.Finding) DiffResult
- func (r DiffResult) HasActionableAtOrAbove(level compliancekit.Severity) bool
- func (r DiffResult) HasNewAtOrAbove(level compliancekit.Severity) bool

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

func CountsBySeverity ¶

func CountsBySeverity(findings []compliancekit.Finding) map[string]int

CountsBySeverity tallies a slice of findings into a per-severity map keyed by the lowercase severity name. Used by the CLI renderer to produce the "+ 2 new (1 high, 1 medium)" footer line.

func CountsBySeverityEntries ¶

func CountsBySeverityEntries(entries []baseline.Entry) map[string]int

CountsBySeverityEntries is the entries-flavored version of CountsBySeverity, for Resolved which holds Entry rather than Finding.

Types ¶

type DiffResult ¶

type DiffResult struct {
	New      []compliancekit.Finding // findings whose fingerprint is not in the baseline
	Existing []compliancekit.Finding // findings whose fingerprint matches the baseline
	Resolved []baseline.Entry        // baseline entries whose fingerprint is no longer in the scan

	// PreviousScore + CurrentScore come from the baseline (captured
	// at baseline time) and a fresh Compute() over the current
	// findings, respectively.
	PreviousScore int
	CurrentScore  int
}

DiffResult is the typed shape downstream tooling joins against. Counts are pre-computed because every consumer needs them; the raw slices are kept so a renderer can drill in.

func Compute ¶

func Compute(b baseline.Baseline, current []compliancekit.Finding) DiffResult

Compute joins current findings against the baseline. Findings arriving in `current` are de-duplicated by fingerprint -- a finding referenced under multiple framework controls counts once in the diff, matching the baseline's own dedup.

func (DiffResult) HasActionableAtOrAbove ¶

func (r DiffResult) HasActionableAtOrAbove(level compliancekit.Severity) bool

HasActionableAtOrAbove reports whether ANY current finding (new or existing) is actionable at or above the given severity. Powers the `--fail-on=<sev>` gate, identical in shape to the scan command's gate.

func (DiffResult) HasNewAtOrAbove ¶

func (r DiffResult) HasNewAtOrAbove(level compliancekit.Severity) bool

HasNewAtOrAbove reports whether any New finding is actionable (fail/error) and at or above the given severity. Powers the `--fail-on=new-<sev>` exit-code gate.

Source Files ¶

View all Source files

diff.go

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL