github

package
v0.9.7 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: May 29, 2020 License: AGPL-3.0 Imports: 11 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func FillGitHubSecurityAlerts 

func FillGitHubSecurityAlerts(r *models.ScanResult, owner, repo, token string) (nCVEs int, err error)

FillGitHubSecurityAlerts access to owner/repo on GitHub and fetch scurity alerts of the repository via GitHub API v4 GraphQL and then set to the given ScanResult. https://help.github.com/articles/about-security-alerts-for-vulnerable-dependencies/

Types

type SecurityAlerts 

type SecurityAlerts struct {
	Data struct {
		Repository struct {
			URL                 string `json:"url"`
			VulnerabilityAlerts struct {
				PageInfo struct {
					EndCursor   string `json:"endCursor"`
					HasNextPage bool   `json:"hasNextPage"`
					StartCursor string `json:"startCursor"`
				} `json:"pageInfo"`
				Edges []struct {
					Node struct {
						ID                    string    `json:"id"`
						DismissReason         string    `json:"dismissReason"`
						DismissedAt           time.Time `json:"dismissedAt"`
						SecurityVulnerability struct {
							Package struct {
								Name      string `json:"name"`
								Ecosystem string `json:"ecosystem"`
							} `json:"package"`
							Severity               string `json:"severity"`
							VulnerableVersionRange string `json:"vulnerableVersionRange"`
							FirstPatchedVersion    struct {
								Identifier string `json:"identifier"`
							} `json:"firstPatchedVersion"`
						} `json:"securityVulnerability"`
						SecurityAdvisory struct {
							Description string    `json:"description"`
							GhsaID      string    `json:"ghsaId"`
							Permalink   string    `json:"permalink"`
							PublishedAt time.Time `json:"publishedAt"`
							Summary     string    `json:"summary"`
							UpdatedAt   time.Time `json:"updatedAt"`
							WithdrawnAt time.Time `json:"withdrawnAt"`
							Origin      string    `json:"origin"`
							Severity    string    `json:"severity"`
							References  []struct {
								URL string `json:"url"`
							} `json:"references"`
							Identifiers []struct {
								Type  string `json:"type"`
								Value string `json:"value"`
							} `json:"identifiers"`
						} `json:"securityAdvisory"`
					} `json:"node"`
				} `json:"edges"`
			} `json:"vulnerabilityAlerts"`
		} `json:"repository"`
	} `json:"data"`
}

SecurityAlerts has detected CVE-IDs, PackageNames, Refs

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.