detector

package

v0.4.0 Latest Latest Go to latest Published: Nov 18, 2025 License: Apache-2.0, BSD-3-Clause Imports: 5 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/google/osv-scalibr

Links

Open Source Insights

Documentation ¶

Overview ¶

Package detector provides the interface for security-related detection plugins.

Index ¶

type Detector

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

This section is empty.

Types ¶

type Detector ¶

type Detector interface {
	plugin.Plugin
	// RequiredExtractors returns a list of Extractors that need to be enabled for this
	// Detector to run.
	RequiredExtractors() []string
	// DetectedFinding returns generic information about the finding identified by the detector.
	// Generic means the finding do not contain any information specific to the target or extras.
	// E.g. no paths (locations), no IP addresses or any other information that could identify the
	// target.
	DetectedFinding() inventory.Finding
	// Scan performs the security scan, considering scanRoot to be the root directory.
	// Implementations may use PackageIndex to check if a relevant software package is installed and
	// terminate early if it's not.
	Scan(c context.Context, scanRoot *scalibrfs.ScanRoot, px *packageindex.PackageIndex) (inventory.Finding, error)
}

Detector is the interface for a security detector plugin, used to scan for security findings such as vulnerabilities.

Source Files ¶

View all Source files

detector.go

Directories ¶

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL

Path	Synopsis
cis
generic_linux/etcpasswdpermissions Package etcpasswdpermissions implements a detector for the "Ensure permissions on /etc/passwd- are configured" CIS check.	Package etcpasswdpermissions implements a detector for the "Ensure permissions on /etc/passwd- are configured" CIS check.
cve
untested/cve202011978 Package cve202011978 implements a detector for CVE-2020-11978.	Package cve202011978 implements a detector for CVE-2020-11978.
untested/cve202016846 Package cve202016846 implements a detector for CVE-2020-16846.	Package cve202016846 implements a detector for CVE-2020-16846.
untested/cve202233891 Package cve202233891 implements a detector for CVE-2022-33891.	Package cve202233891 implements a detector for CVE-2022-33891.
untested/cve202338408 Package cve202338408 implements a detector for CVE-2023-38408.	Package cve202338408 implements a detector for CVE-2023-38408.
untested/cve20236019 Package cve20236019 implements a SCALIBR Detector for CVE-2023-6019 To test, install a vulnerable Ray version: python3 -m pip install ray==2.6.3 Start the Ray dashboard: python3 -c "import ray; context = ray.init(); print(context)" Run the detector	Package cve20236019 implements a SCALIBR Detector for CVE-2023-6019 To test, install a vulnerable Ray version: python3 -m pip install ray==2.6.3 Start the Ray dashboard: python3 -c "import ray; context = ray.init(); print(context)" Run the detector
untested/cve20242912 Package cve20242912 implements a detector for CVE-2024-2912.	Package cve20242912 implements a detector for CVE-2024-2912.
detectorrunner Package detectorrunner provides a Run function to help with running detectors	Package detectorrunner provides a Run function to help with running detectors
endoflife
linuxdistro Package linuxdistro implements a detector for End-of-Life Linux distributions	Package linuxdistro implements a detector for End-of-Life Linux distributions
govulncheck
binary Package binary implements a detector that uses govulncheck to scan for vulns on Go binaries found on the filesystem.	Package binary implements a detector that uses govulncheck to scan for vulns on Go binaries found on the filesystem.
list Package list provides a public list of SCALIBR-internal detection plugins.	Package list provides a public list of SCALIBR-internal detection plugins.
misc
dockersocket Package dockersocket implements a detector for Docker socket exposure vulnerabilities.	Package dockersocket implements a detector for Docker socket exposure vulnerabilities.
weakcredentials
codeserver Package codeserver contains a detector for weak credentials in Code-Server https://github.com/coder/code-server/.	Package codeserver contains a detector for weak credentials in Code-Server https://github.com/coder/code-server/.
etcshadow Package etcshadow implements a detector for weak/guessable passwords stored in /etc/shadow.	Package etcshadow implements a detector for weak/guessable passwords stored in /etc/shadow.
filebrowser Package filebrowser implements a detector for weak/guessable passwords on a filebrowser instance.	Package filebrowser implements a detector for weak/guessable passwords on a filebrowser instance.
winlocal Package winlocal implements a weak passwords detector for local accounts on Windows.	Package winlocal implements a weak passwords detector for local accounts on Windows.
winlocal/samreg Package samreg provides a wrapper around the SAM registry.	Package samreg provides a wrapper around the SAM registry.
winlocal/systemreg Package systemreg provides a wrapper around the SYSTEM registry.	Package systemreg provides a wrapper around the SYSTEM registry.