Documentation
¶
Overview ¶
Package models contains structs and interfaces used by bomber
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type Credentials ¶ added in v0.3.0
Credentials the user credentials used by a provider to authenticate to an API
type Enricher ¶ added in v0.4.0
type Enricher interface {
Enrich(vulnerabilities []Vulnerability, credentials *Credentials) (enriched []Vulnerability, err error)
}
Enricher defines methods that can enrich a collection of vulnerabilities
type Epss ¶ added in v0.4.0
type Epss struct {
Status string `json:"status,omitempty"`
StatusCode int64 `json:"status-code,omitempty"`
Version string `json:"version,omitempty"`
Access string `json:"access,omitempty"`
Total int64 `json:"total,omitempty"`
Offset int64 `json:"offset,omitempty"`
Limit int64 `json:"limit,omitempty"`
Scores []EpssScore `json:"data,omitempty"`
}
Epss encapsulates the response of a query to the Epss scoring API
type EpssScore ¶ added in v0.4.0
type EpssScore struct {
Cve string `json:"cve,omitempty"`
Epss string `json:"epss,omitempty"`
Percentile string `json:"percentile,omitempty"`
Date string `json:"date,omitempty"`
}
EpssScore contains epss score data for a specific CVE
type FailSeverity ¶ added in v0.4.5
type FailSeverity int
const ( UNDEFINED FailSeverity = 10 LOW FailSeverity = 11 MODERATE FailSeverity = 12 HIGH FailSeverity = 13 CRITICAL FailSeverity = 14 )
type Issue ¶ added in v0.4.4
type Issue struct {
Err error `json:"error,omitempty"`
IssueType string `json:"issueType,omitempty"`
Purl string `json:"purl,omitempty"`
Message string `json:"message,omitempty"`
}
Issue encapsulates an issue with the processing of an SBOM
type Meta ¶ added in v0.2.1
type Meta struct {
Generator string `json:"generator"`
URL string `json:"url"`
Version string `json:"version"`
Provider string `json:"provider"`
SeverityFilter string `json:"severityFilter"`
Date time.Time `json:"date"`
}
Meta contains system and execution information about the results from bomber
type Package ¶
type Package struct {
Purl string `json:"coordinates"`
Reference string `json:"reference,omitempty"`
Description string `json:"description,omitempty"`
Vulnerabilities []Vulnerability `json:"vulnerabilities"`
}
Package encapsulates information about a package/component and it's vulnerabilities
type Provider ¶
type Provider interface {
SupportedEcosystems() []string
Info() string
Scan(purls []string, credentials *Credentials) (packages []Package, err error)
}
Provider defines the methods that a provider must contain
type Results ¶ added in v0.3.0
type Results struct {
Meta Meta `json:"meta,omitempty"`
Files []ScannedFile `json:"files,omitempty"`
Licenses []string `json:"licenses,omitempty"`
Summary Summary `json:"summary,omitempty"`
Packages []Package `json:"packages,omitempty"`
}
Results is the high level JSON object used to define vulnerabilities processed by bomber.
func NewResults ¶ added in v0.3.0
func NewResults(packages []Package, summary Summary, scanned []ScannedFile, licenses []string, version, providerName string, severityFilter string) Results
NewResults defines the high level output of bomber
type ScannedFile ¶ added in v0.3.5
ScannedFile contains the absolute name and sha256 of a processed file
type Vulnerability ¶
type Vulnerability struct {
ID string `json:"id,omitempty"`
DisplayName string `json:"displayName,omitempty"`
Title string `json:"title,omitempty"`
Description string `json:"description,omitempty"`
Explanation string `json:"explanation,omitempty"` //This is an enrichment via OpenAI
CvssScore float64 `json:"cvssScore,omitempty"`
CvssVector string `json:"cvssVector,omitempty"`
Cwe string `json:"cwe,omitempty"`
Cve string `json:"cve,omitempty"`
Reference string `json:"reference,omitempty"`
ExternalReferences []interface{} `json:"externalReferences,omitempty"`
Severity string `json:"severity,omitempty"`
Epss EpssScore `json:"epss,omitempty"`
}
Vulnerability encapsulates the information describing a detected vulnerability
Source Files