Documentation
¶
Overview ¶
Package detect implements the project detection engine.
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func FilterByChangedFiles ¶ added in v0.3.0
func FilterByChangedFiles(r *brief.Report, knowledgeBase *kb.KnowledgeBase, changedFiles []string) *brief.Report
FilterByChangedFiles takes a full report and returns a new report containing only detections relevant to the given set of changed files.
Types ¶
type Engine ¶
type Engine struct {
KB *kb.KnowledgeBase
Root string
ScanDepth int // max directory depth for recursive detection (0 = default 4)
SkipDirs []string // additional directories to skip during walks
// contains filtered or unexported fields
}
Engine runs detection against a project directory.
func New ¶
func New(knowledgeBase *kb.KnowledgeBase, root string) *Engine
New creates a detection engine for the given project root.
func (*Engine) Missing ¶ added in v0.4.0
func (e *Engine) Missing(r *brief.Report) *brief.MissingReport
Missing computes which recommended tool categories have no detected tools for the project's ecosystems. It requires Run() to have been called first so that detectedEcosystems is populated.
func (*Engine) Sinks ¶ added in v0.5.0
func (e *Engine) Sinks(r *brief.Report) *brief.SinkReport
Sinks collects known dangerous functions from all detected tools. CWE is filled from the threat registry when the sink doesn't carry one.
func (*Engine) ThreatModel ¶ added in v0.5.0
func (e *Engine) ThreatModel(r *brief.Report) *brief.ThreatReport
ThreatModel resolves the threat surface implied by detected tools. Each tool's taxonomy tags are matched against the threat mappings in _threats.toml; matched threat IDs are unioned with any explicit [security].threats on the tool, then resolved against the registry.
Source Files