Documentation
¶
Index ¶
- func CanonicalizeDockerHubRegistry(host string) string
- func CleanOriginPath(location string) string
- func DetectGitHeadSHA(repoRoot string) string
- func DetectGitRepoRoot() string
- func FoldDockerHubAliasInName(name string) string
- func GenerateFNVHash(data []byte) uint64
- func HasDigestPin(ref string) bool
- func ReadFileLimit(path string, max int64) ([]byte, error)
- type GitRemoteInfo
- type OverriddenJobDetail
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func CanonicalizeDockerHubRegistry ¶ added in v0.3.65
CanonicalizeDockerHubRegistry maps any known Docker Hub registry-host alias to "docker.io". Non-Hub hosts pass through unchanged.
func CleanOriginPath ¶ added in v0.1.47
CleanOriginPath normalizes a GitLab include/component path by stripping the version suffix and instance URL prefix, producing a bare path suitable for comparison (e.g. "components/sast/sast").
func DetectGitHeadSHA ¶ added in v0.3.26
DetectGitHeadSHA returns the full commit SHA of HEAD at repoRoot. Used to anchor remote source links to the exact code that was analysed instead of a mutable branch name. Returns "" when repoRoot is empty, not a git repository, or in a detached state with no resolvable HEAD (rare); callers fall back to a branch-name link.
func DetectGitRepoRoot ¶ added in v0.1.41
func DetectGitRepoRoot() string
DetectGitRepoRoot returns the absolute path to the root of the current git repository. Returns an empty string if not in a git repository.
func FoldDockerHubAliasInName ¶ added in v0.3.65
FoldDockerHubAliasInName rewrites the leading registry-host segment of an image name when that segment is a Docker Hub alias. Names without a leading host segment (e.g. bare "alpine") are returned unchanged.
func GenerateFNVHash ¶
GenerateFNVHash generates a 64-bit FNV-1a hash from the input bytes
func HasDigestPin ¶ added in v0.3.0
HasDigestPin reports whether ref contains a digest reference using any algorithm allowed by the OCI image spec — sha256 today, sha512 already in production at some registries, and any future algorithm without a code change. Empty refs return false.
func ReadFileLimit ¶ added in v0.3.89
ReadFileLimit reads a file but returns an error if it exceeds max bytes, bounding memory when reading files whose size is not trusted. The open error is returned unwrapped so callers can still use os.IsNotExist.
Types ¶
type GitRemoteInfo ¶ added in v0.1.30
type GitRemoteInfo struct {
Host string // e.g., "gitlab.com", "github.com", "gitlab.example.com"
ProjectPath string // e.g., "group/project" or "group/subgroup/project"
URL string // The full instance URL, e.g., "https://gitlab.com"
RepoRoot string // Absolute path to the git repository root
Provider string // "gitlab" or "github" — derived from Host; default "gitlab" for unknown hosts (self-hosted GitLab is the common case).
// ProviderReason is a short, user-facing explanation of why Provider was
// chosen (host match, .github/workflows marker, or the GitLab default),
// surfaced in the detection banner. Empty when set host-only by
// ParseGitRemoteURL (no working tree available).
ProviderReason string
}
GitRemoteInfo contains parsed information from a git remote URL.
func DetectGitRemote ¶ added in v0.1.30
func DetectGitRemote() *GitRemoteInfo
DetectGitRemote attempts to detect GitLab URL and project path from git remote. It tries the "origin" remote first. Returns nil if detection fails (not a git repo, no remote, not a GitLab URL, etc.)
func ParseGitRemoteURL ¶ added in v0.1.30
func ParseGitRemoteURL(remoteURL string) *GitRemoteInfo
ParseGitRemoteURL parses a git remote URL and extracts host and project path. Supports the following formats:
- SSH URL: ssh://git@host[:port]/group/project.git
- SSH SCP-like: git@host:group/project.git
- HTTPS: https://host[:port]/group/project.git
- Git protocol: git://host[:port]/group/project.git
Returns nil if the URL cannot be parsed.
type OverriddenJobDetail ¶ added in v0.1.47
type OverriddenJobDetail struct {
JobName string `json:"jobName"`
OverriddenKeys []string `json:"overriddenKeys"`
}
OverriddenJobDetail captures which job was overridden and with which forbidden CI/CD keywords. Shared across control (detection) and pbom (reporting) packages.