models

package
v2.0.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Mar 17, 2025 License: Apache-2.0 Imports: 5 Imported by: 6

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

This section is empty.

Types

type AnalysisInfo 

type AnalysisInfo struct {
	Called      bool `json:"called"`
	Unimportant bool `json:"unimportant"`
}

type BaseImageDetails 

type BaseImageDetails struct {
	Name string `json:"name"`
	// TODO: Not yet filled in
	Tags []string `json:"tags"`
}

type CycloneDXVersion 

type CycloneDXVersion int
const (
	CycloneDXVersion14 CycloneDXVersion = iota
	CycloneDXVersion15
)

type ExperimentalAnalysisConfig 

type ExperimentalAnalysisConfig struct {
	Licenses ExperimentalLicenseConfig `json:"licenses"`
}

ExperimentalAnalysisConfig is an experimental type intended to contain the types of analysis performed on packages found by the scanner.

type ExperimentalLicenseConfig 

type ExperimentalLicenseConfig struct {
	Summary   bool      `json:"summary"`
	Allowlist []License `json:"allowlist"`
}

type GroupInfo 

type GroupInfo struct {
	// IDs expected to be sorted in alphanumeric order
	IDs []string `json:"ids"`
	// Aliases include all aliases and IDs
	Aliases []string `json:"aliases"`
	// Map of Vulnerability IDs to AnalysisInfo
	ExperimentalAnalysis map[string]AnalysisInfo `json:"experimental_analysis,omitempty"`
	MaxSeverity          string                  `json:"max_severity"`
}

func (*GroupInfo) IndexString 

func (groupInfo *GroupInfo) IndexString() string

func (*GroupInfo) IsCalled 

func (groupInfo *GroupInfo) IsCalled() bool

IsCalled returns true if any analysis performed determines that the vulnerability is being called Also returns true if no analysis is performed

func (*GroupInfo) IsGroupUnimportant 

func (groupInfo *GroupInfo) IsGroupUnimportant() bool

type ImageMetadata 

type ImageMetadata struct {
	OS            string               `json:"os"`
	LayerMetadata []LayerMetadata      `json:"layer_metadata"`
	BaseImages    [][]BaseImageDetails `json:"base_images"`
}

type ImageOriginDetails 

type ImageOriginDetails struct {
	Index int `json:"index"`
}

type LayerMetadata 

type LayerMetadata struct {
	DiffID         digest.Digest `json:"diff_id"`
	Command        string        `json:"command"`
	IsEmpty        bool          `json:"is_empty"`
	BaseImageIndex int           `json:"base_image_index"`
}

type License 

type License string

License is an SPDX license.

type LicenseCount 

type LicenseCount struct {
	Name  License `json:"name"`
	Count int     `json:"count"`
}

type Metadata 

type Metadata struct {
	RepoURL   string   `json:"repo_url"`
	DepGroups []string `json:"-"`
}

type PackageInfo 

type PackageInfo struct {
	Name          string              `json:"name"`
	OSPackageName string              `json:"os_package_name,omitempty"`
	Version       string              `json:"version"`
	Ecosystem     string              `json:"ecosystem"`
	Commit        string              `json:"commit,omitempty"`
	ImageOrigin   *ImageOriginDetails `json:"image_origin_details,omitempty"`
}

type PackageSource 

type PackageSource struct {
	Source SourceInfo `json:"source"`
	// Place Annotations in PackageSource instead of SourceInfo as we need SourceInfo to be mappable
	ExperimentalAnnotations []extractor.Annotation `json:"experimental_annotations,omitempty"`
	Packages                []PackageVulns         `json:"packages"`
}

PackageSource represents Vulnerabilities associated with a Source

type PackageVulns 

type PackageVulns struct {
	Package           PackageInfo               `json:"package"`
	DepGroups         []string                  `json:"dependency_groups,omitempty"`
	Vulnerabilities   []osvschema.Vulnerability `json:"vulnerabilities,omitempty"`
	Groups            []GroupInfo               `json:"groups,omitempty"`
	Licenses          []License                 `json:"licenses,omitempty"`
	LicenseViolations []License                 `json:"license_violations,omitempty"`
}

PackageVulns grouped by package TODO: rename this to be Package as it now includes license information too.

type SourceInfo 

type SourceInfo struct {
	Path string `json:"path"`
	Type string `json:"type"`
}

func (SourceInfo) String 

func (s SourceInfo) String() string

type VulnerabilityFlattened 

type VulnerabilityFlattened struct {
	Source            SourceInfo
	Package           PackageInfo
	DepGroups         []string
	Vulnerability     osvschema.Vulnerability
	GroupInfo         GroupInfo
	Licenses          []License
	LicenseViolations []License
}

VulnerabilityFlattened is a flattened version of the VulnerabilityResults TODO: rename this to IssueFlattened or similar in the next major release as it now contains license violations.

type VulnerabilityResults 

type VulnerabilityResults struct {
	Results                    []PackageSource            `json:"results"`
	ExperimentalAnalysisConfig ExperimentalAnalysisConfig `json:"experimental_config"`
	ImageMetadata              *ImageMetadata             `json:"image_metadata,omitempty"`
	LicenseSummary             []LicenseCount             `json:"license_summary,omitempty"`
}

VulnerabilityResults is the top-level struct for the results of a scan

func (*VulnerabilityResults) Flatten 

func (vulns *VulnerabilityResults) Flatten() []VulnerabilityFlattened

Flatten the grouped/nested vulnerability results into one flat array.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.