Documentation
¶
Index ¶
- type ScanResult
- type Vulnerability
- type VulnerabilityCache
- type VulnerabilityScanner
- func (vs *VulnerabilityScanner) BatchScanGoMod(ctx context.Context, goModContents map[string][]byte) (map[string]*ScanResult, error)
- func (vs *VulnerabilityScanner) GetSecurityBumps(scanResult *ScanResult) []string
- func (vs *VulnerabilityScanner) ScanGoMod(ctx context.Context, goModContent []byte) (*ScanResult, error)
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type ScanResult ¶
type ScanResult struct {
Vulnerabilities []Vulnerability `json:"vulnerabilities"`
SecurityBumps []string `json:"security_bumps"`
Error string `json:"error,omitempty"`
}
ScanResult contains the results of a vulnerability scan
func (*ScanResult) GetCriticalCount ¶
func (result *ScanResult) GetCriticalCount() int
GetCriticalCount returns count of critical vulnerabilities
func (*ScanResult) GetHighCount ¶
func (result *ScanResult) GetHighCount() int
GetHighCount returns count of high severity vulnerabilities
func (*ScanResult) HasSecurityBumps ¶
func (result *ScanResult) HasSecurityBumps() bool
HasSecurityBumps checks if scan result has security bumps to apply
func (*ScanResult) HasVulnerabilities ¶
func (result *ScanResult) HasVulnerabilities() bool
HasVulnerabilities checks if scan result contains any vulnerabilities
type Vulnerability ¶
type Vulnerability struct {
ID string `json:"id"`
Module string `json:"module"`
CurrentVersion string `json:"current_version"`
FixedVersion string `json:"fixed_version,omitempty"`
Severity string `json:"severity,omitempty"`
Summary string `json:"summary,omitempty"`
DatabaseSpecific any `json:"database_specific,omitempty"`
}
Vulnerability represents a security vulnerability with fix information
type VulnerabilityCache ¶
type VulnerabilityCache struct {
// contains filtered or unexported fields
}
VulnerabilityCache provides a thread-safe cache for vulnerability scan results to avoid redundant API calls for the same package@version combinations within a single run
func GetGlobalCache ¶
func GetGlobalCache() *VulnerabilityCache
GetGlobalCache returns the shared global vulnerability cache
func NewVulnerabilityCache ¶
func NewVulnerabilityCache() *VulnerabilityCache
NewVulnerabilityCache creates a new vulnerability cache
func (*VulnerabilityCache) Clear ¶
func (c *VulnerabilityCache) Clear()
Clear removes all entries from the cache
func (*VulnerabilityCache) Get ¶
func (c *VulnerabilityCache) Get(key string) ([]models.Vulnerability, bool)
Get retrieves cached vulnerability results for a package@version key Returns the vulnerabilities and true if found, empty slice and false if not found
func (*VulnerabilityCache) Set ¶
func (c *VulnerabilityCache) Set(key string, vulns []models.Vulnerability)
Set stores vulnerability results for a package@version key
func (*VulnerabilityCache) Size ¶
func (c *VulnerabilityCache) Size() int
Size returns the number of entries in the cache
type VulnerabilityScanner ¶
type VulnerabilityScanner struct {
// contains filtered or unexported fields
}
VulnerabilityScanner handles scanning go.mod files for security vulnerabilities
func NewVulnerabilityScanner ¶
func NewVulnerabilityScanner(httpClient *http.Client) *VulnerabilityScanner
NewVulnerabilityScanner creates a new vulnerability scanner with the global cache The httpClient parameter is required and should be obtained from httpclient.NewHTTPClient()
func (*VulnerabilityScanner) BatchScanGoMod ¶
func (vs *VulnerabilityScanner) BatchScanGoMod(ctx context.Context, goModContents map[string][]byte) (map[string]*ScanResult, error)
BatchScanGoMod scans multiple go.mod files efficiently
func (*VulnerabilityScanner) GetSecurityBumps ¶
func (vs *VulnerabilityScanner) GetSecurityBumps(scanResult *ScanResult) []string
GetSecurityBumps returns a list of security bumps for vulnerabilities
func (*VulnerabilityScanner) ScanGoMod ¶
func (vs *VulnerabilityScanner) ScanGoMod(ctx context.Context, goModContent []byte) (*ScanResult, error)
ScanGoMod scans a go.mod file content for vulnerabilities Respects replace directives and uses cache to avoid duplicate API calls
Source Files