policy

package
v1.3.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Oct 24, 2025 License: Apache-2.0 Imports: 12 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func Engine 

func Engine(ctx context.Context, policyConfig *Params, policies []Policy) error

func ReportBasic 

func ReportBasic(ctx context.Context, results []PolicyResult) error

ReportBasic writes results in a human-friendly basic format.

func ReportJSON 

func ReportJSON(ctx context.Context, results []PolicyResult) error

ReportJSON writes results as pretty-printed JSON to stdout.

func ReportTable 

func ReportTable(ctx context.Context, results []PolicyResult) error

ReportTable writes results in a per-policy, per-violation detail table format.

func ValidatePolicy 

func ValidatePolicy(p *Policy) error

ValidatePolicy performs basic semantic checks on a policy

Types

type Extractor 

type Extractor struct {
	Doc sbom.Document
	// contains filtered or unexported fields
}

Extractor provides a simple mapping from canonical field names to component-level or document-level.

func NewExtractor 

func NewExtractor(doc sbom.Document) *Extractor

func (*Extractor) HasField 

func (extract *Extractor) HasField(comp sbom.GetComponent, field string) bool

HasField returns true if the given field exists and has at least one non-empty value. Uses the same prefix rules as Values().

func (*Extractor) MapFieldWithFunction 

func (extractor *Extractor) MapFieldWithFunction(ctx context.Context)

MapFieldWithFunction creates an Extractor for SBOM fields. quick mapping of fields with respective funtions

func (*Extractor) RetrieveValues 

func (e *Extractor) RetrieveValues(comp sbom.GetComponent, field string) []string

Values returns a slice of string values for the given field on the provided component. Lookup rules:

  • If field starts with "sbom_" → resolve against doc-level getters only.
  • Otherwise → resolve against component-level getters only.

Field name is normalized to lowercase.

type Params 

type Params struct {
	PolicyFile   string
	PolicyName   string
	PolicyType   string
	PolicyRules  []string
	PolicyAction string

	// SBOM input
	SBOMFile string

	// Output
	OutputFmt string
}

type Policy 

type Policy struct {
	Name   string `yaml:"name"`
	Type   string `yaml:"type"`
	Rules  []Rule `yaml:"rules"`
	Action string `yaml:"action,omitempty"`
}

Policy represents single policy

func BuildPolicyFromCLI 

func BuildPolicyFromCLI(name, ptype, action string, ruleFlags []string) (Policy, error)

BuildPolicyFromCLI builds a Policy from CLI flags. where each element is ONE full rule string, e.g. "field=license,values=MIT,Apache-2.0".

func LoadPoliciesFromFile 

func LoadPoliciesFromFile(path string) ([]Policy, error)

LoadPoliciesFromFile reads a YAML policy file and unmarshals it into policies.

type PolicyFile 

type PolicyFile struct {
	SchemaVersion int      `yaml:"schemaVersion,omitempty"`
	Policy        []Policy `yaml:"policy"`
}

PolicyFile represents the top-level YAML structure

type PolicyResult 

type PolicyResult struct {
	PolicyName      string       `json:"name,omitempty"`
	PolicyType      string       `json:"type,omitempty"`
	PolicyAction    string       `json:"action,omitempty"`
	OverallResult   string       `json:"overall_result"`           // overall: pass|warn|fail
	RuleResults     []RuleResult `json:"policy_results,omitempty"` // both passes & fails
	TotalChecks     int          `json:"total_checks,omitempty"`   // number of total check
	TotalRules      int          `json:"total_rules,omitempty"`
	TotalComponents int          `json:"total_components,omitempty"` // number of components scanned
	ViolationCnt    int          `json:"violation_count,omitempty"`  // number of failed policy_results
}

Result represent the evaluation result of policay against SBOM

func EvaluatePolicyAgainstSBOMs 

func EvaluatePolicyAgainstSBOMs(ctx context.Context, policy Policy, doc sbom.Document, fieldExtractor *Extractor) (PolicyResult, error)

EvaluatePolicyAgainstSBOMs evaluates a single policy against a SBOMs.

func NewPolicyResult 

func NewPolicyResult(p Policy) *PolicyResult

type RULE_TYPE 

type RULE_TYPE string
var (
	REQUIRED  RULE_TYPE = "required"
	WHITELIST RULE_TYPE = "whitelist"
	BLACKLIST RULE_TYPE = "blacklist"
)

type Rule 

type Rule struct {
	Field    string   `yaml:"field"`
	Values   []string `yaml:"values,omitempty"`
	Patterns []string `yaml:"patterns,omitempty"`
}

Rule represents field/values or field/patterns

type RuleResult 

type RuleResult struct {
	ComponentID    string   `json:"component_id,omitempty"`   // component unique id (or "<document>")
	ComponentName  string   `json:"component_name,omitempty"` // friendly name
	DeclaredField  string   `json:"declared_field"`           // the field evaluated (e.g., license)
	DeclaredValues string   `json:"declared_values"`          // the decalred values
	ActualValues   []string `json:"actual_values,omitempty"`  // actual values seen on SBOM
	Result         string   `json:"result"`                   // "pass" | "fail"
	Reason         string   `json:"reason,omitempty"`         // human-friendly reason for failure
}

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.