The highest tagged major version is v2.

resolution

package

v1.6.2 Latest Latest Go to latest Published: Jan 31, 2024 License: Apache-2.0 Imports: 13 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/google/osv-scanner

Links

Documentation ¶

Index ¶

func ChainIsDev(dc DependencyChain, m manifest.Manifest) bool
type DependencyChain
- func (dc DependencyChain) DirectDependency() (resolve.VersionKey, string)
- func (dc DependencyChain) EndDependency() (resolve.VersionKey, string)
type ResolutionDiff
- func (a ResolutionDiff) Compare(b ResolutionDiff) int
type ResolutionResult
- func Resolve(ctx context.Context, cl client.ResolutionClient, m manifest.Manifest) (*ResolutionResult, error)
- func (res *ResolutionResult) CalculateDiff(other *ResolutionResult) ResolutionDiff
- func (res *ResolutionResult) FilterVulns(matchFn func(ResolutionVuln) bool)
type ResolutionVuln

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

func ChainIsDev ¶

func ChainIsDev(dc DependencyChain, m manifest.Manifest) bool

Types ¶

type DependencyChain ¶

type DependencyChain struct {
	Graph *resolve.Graph
	Edges []resolve.Edge // Edge from root node is at the end of the list
}

func (DependencyChain) DirectDependency ¶

func (dc DependencyChain) DirectDependency() (resolve.VersionKey, string)

func (DependencyChain) EndDependency ¶

func (dc DependencyChain) EndDependency() (resolve.VersionKey, string)

type ResolutionDiff ¶

type ResolutionDiff struct {
	Original     *ResolutionResult
	New          *ResolutionResult
	RemovedVulns []ResolutionVuln
	AddedVulns   []ResolutionVuln
	manifest.ManifestPatch
}

func (ResolutionDiff) Compare ¶

func (a ResolutionDiff) Compare(b ResolutionDiff) int

Compare compares ResolutionDiffs based on 'effectiveness' (best first):

Sort order:

(number of fixed vulns - introduced vulns) / (number of changed direct dependencies) [descending] (i.e. more efficient first)
number of fixed vulns [descending]
number of changed direct dependencies [ascending]
changed direct dependency name package names [ascending]
size of changed direct dependency bump [ascending]

type ResolutionResult ¶

type ResolutionResult struct {
	Manifest        manifest.Manifest
	Graph           *resolve.Graph
	Vulns           []ResolutionVuln
	UnfilteredVulns []ResolutionVuln
}

func Resolve ¶

func Resolve(ctx context.Context, cl client.ResolutionClient, m manifest.Manifest) (*ResolutionResult, error)

func (*ResolutionResult) CalculateDiff ¶

func (res *ResolutionResult) CalculateDiff(other *ResolutionResult) ResolutionDiff

func (*ResolutionResult) FilterVulns ¶

func (res *ResolutionResult) FilterVulns(matchFn func(ResolutionVuln) bool)

FilterVulns populates Vulns with the UnfilteredVulns that satisfy matchFn

type ResolutionVuln ¶

type ResolutionVuln struct {
	Vulnerability models.Vulnerability
	DevOnly       bool
	// Chains are paths through requirements from direct dependency to vulnerable package.
	// A 'Problem' chain constrains the package to a vulnerable version.
	// 'NonProblem' chains re-use the vulnerable version, but would not resolve to a vulnerable version in isolation.
	ProblemChains    []DependencyChain
	NonProblemChains []DependencyChain
}

Source Files ¶

View all Source files

Directories ¶

Path	Synopsis
client
datasource
manifest
util

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL