results

package
v1.24.2 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Dec 17, 2025 License: Apache-2.0 Imports: 28 Imported by: 5

Documentation

Index

Constants

View Source 
const (
	RootIndex                  = 0
	DirectDependencyIndex      = 1
	DirectDependencyPathLength = 2

	// <FILE_REF>#L<START_LINE>C<START_COLUMN>-L<END_LINE>C<END_COLUMN>
	LocationIdTemplate = "%s#L%dC%d-L%dC%d"
	// Applicability properties for cdx
	ApplicabilityStatusPropertyName             = "jfrog:contextual-analysis:status"
	ApplicabilityEvidenceReasonPropertyTemplate = "jfrog:contextual-analysis:evidence:reason:" + LocationIdTemplate
	ApplicabilityEvidencePropertyTemplate       = "jfrog:contextual-analysis:evidence:" + LocationIdTemplate
)
View Source 
const (
	CmdStepSbom               = "SBOM Generation"
	CmdStepSca                = "SCA Scan"
	CmdStepContextualAnalysis = "Contextual Analysis Enrichment"
	CmdStepIaC                = "IaC Scan"
	CmdStepSecrets            = "Secret Detection Scan"
	CmdStepSast               = "Static Application Security Testing (SAST)"
	CmdStepViolations         = "Violations Reporting"
)

Variables

View Source 
var (
	ErrResetConvertor    = fmt.Errorf("reset must be called before parsing new scan results metadata")
	ErrNoTargetConvertor = fmt.Errorf("ParseNewTargetResults must be called before starting to parse issues")
)

Functions

func AddFileIssueAffects added in v1.20.0 

func AddFileIssueAffects(issue *cyclonedx.Vulnerability, fileComponent cyclonedx.Component, properties ...cyclonedx.Property)

func AppendUniqueImpactPaths 

func AppendUniqueImpactPaths(target [][]services.ImpactPathNode, source [][]services.ImpactPathNode, multipleRoots bool) [][]services.ImpactPathNode

appendImpactPathsWithoutDuplicates appends the elements of a source [][]ImpactPathNode struct to a target [][]ImpactPathNode, without adding any duplicate elements. This implementation uses the ComponentId field of the ImpactPathNode struct to check for duplicates, as it is guaranteed to be unique.

func AppendUniqueImpactPathsForMultipleRoots 

func AppendUniqueImpactPathsForMultipleRoots(target [][]services.ImpactPathNode, source [][]services.ImpactPathNode) [][]services.ImpactPathNode

AppendUniqueImpactPathsForMultipleRoots appends the source impact path to the target impact path while avoiding duplicates. Specifically, it is designed for handling multiple root projects, such as Maven or Gradle, by comparing each pair of paths and identifying the path that is closest to the direct dependency.

func AttachApplicabilityToVulnerability added in v1.20.0 

func AttachApplicabilityToVulnerability(destination *cyclonedx.BOM, vulnerability *cyclonedx.Vulnerability, applicability *formats.Applicability)

func BomToFlatTree added in v1.20.0 

func BomToFlatTree(sbom *cyclonedx.BOM, convertToXrayCompId bool) (flatTree *xrayUtils.GraphNode)

func BomToFullCompTree added in v1.20.0 

func BomToFullCompTree(sbom *cyclonedx.BOM, isBuildInfoXray bool) (fullDependencyTrees []*xrayUtils.BinaryGraphNode)

func BomToFullTree added in v1.20.0 

func BomToFullTree(sbom *cyclonedx.BOM, convertToXrayCompId bool) (fullDependencyTrees []*xrayUtils.GraphNode)

func BomToTree added in v1.20.0 

func BomToTree(sbom *cyclonedx.BOM) (flatTree *xrayUtils.GraphNode, fullDependencyTrees []*xrayUtils.GraphNode)

func BuildImpactPath added in v1.20.0 

func BuildImpactPath(affectedComponent cyclonedx.Component, components []cyclonedx.Component, dependencies ...cyclonedx.Dependency) (impactPathsRows [][]formats.ComponentRow)

func CdxEvidenceToLocation added in v1.20.0 

func CdxEvidenceToLocation(component cyclonedx.Component) (location *formats.Location)

func CdxToFixedVersions added in v1.20.0 

func CdxToFixedVersions(affectedVersions *[]cyclonedx.AffectedVersions) (fixedVersion []string)

func CdxVulnToCveRows added in v1.20.0 

func CdxVulnToCveRows(vulnerability cyclonedx.Vulnerability, applicability *formats.Applicability) (cveRows []formats.CveRow)

func CollectRuns added in v1.23.0 

func CollectRuns(runs ...[]*sarif.Run) []*sarif.Run

func CompTreeToSbom added in v1.16.0 

func CompTreeToSbom(trees ...*xrayUtils.BinaryGraphNode) (components *[]cyclonedx.Component, dependencies *[]cyclonedx.Dependency)

func ConvertCvesWithApplicability 

func ConvertCvesWithApplicability(cves []services.Cve, entitledForJas bool, applicabilityRuns []*sarif.Run, components map[string]services.Component) (convertedCves []formats.CveRow, applicabilityStatus jasutils.ApplicabilityStatus)

func ConvertJfrogResearchInformation added in v1.23.0 

func ConvertJfrogResearchInformation(extendedInfo *services.ExtendedInformation) *formats.JfrogResearchInformation

func ConvertPolicesToString added in v1.14.0 

func ConvertPolicesToString(policies []services.Policy) []string

func CreateCveRatings added in v1.20.0 

func CreateCveRatings(cve formats.CveRow) (ratings []cyclonedx.VulnerabilityRating)

func CreateScaComponentFromBinaryNode added in v1.20.0 

func CreateScaComponentFromBinaryNode(node *xrayUtils.BinaryGraphNode) (component cyclonedx.Component)

func CreateScaComponentFromXrayCompId added in v1.20.0 

func CreateScaComponentFromXrayCompId(xrayImpactedPackageId string, properties ...cyclonedx.Property) (component cyclonedx.Component)

func DepsTreeToSbom added in v1.20.0 

func DepsTreeToSbom(trees ...*xrayUtils.GraphNode) (components *[]cyclonedx.Component, dependencies *[]cyclonedx.Dependency)

func ExtractCdxDependenciesCves added in v1.20.0 

func ExtractCdxDependenciesCves(bom *cyclonedx.BOM) (directCves []string, indirectCves []string)

func ExtractCvesFromScanResponse added in v1.20.0 

func ExtractCvesFromScanResponse(xrayScanResults []services.ScanResponse, directDependencies []string) (directCves []string, indirectCves []string)

This function gets a list of xray scan responses that contain direct and indirect vulnerabilities and returns separate lists of the direct and indirect CVEs

func ExtractIssuesInfoForCdx added in v1.20.0 

func ExtractIssuesInfoForCdx(issueId string, cves []formats.CveRow, severity severityutils.Severity, applicabilityStatus jasutils.ApplicabilityStatus, service *cyclonedx.Service) (cveIds []string, statuses []*formats.Applicability, cwe [][]string, ratings [][]cyclonedx.VulnerabilityRating)

func FindMaxCVEScore 

func FindMaxCVEScore(severity severityutils.Severity, applicabilityStatus jasutils.ApplicabilityStatus, cves []formats.CveRow) (string, error)

FindMaxCVEScore returns the maximum CVSS score of the given CVEs or score based on severity and applicability status if not exists.

func ForEachJasIssue added in v1.20.0 

func ForEachJasIssue(runs []*sarif.Run, entitledForJas bool, handler ParseJasIssueFunc) error

Allows to iterate over the provided SARIF runs and call the provided handler for each issue to process it.

func ForEachLicense added in v1.20.0 

func ForEachLicense(target ScanTarget, licenses []services.License, handler ParseLicenseFunc) error

ForEachLicense allows to iterate over the provided licenses and call the provided handler for each component/package with a license to process it.

func ForEachSbomComponent added in v1.20.0 

func ForEachSbomComponent(bom *cyclonedx.BOM, handler ParseSbomComponentFunc) (err error)

ForEachSbomComponent allows to iterate over the provided CycloneDX SBOM components and call the provided handler for each component to process it.

func ForEachScaBomVulnerability added in v1.20.0 

func ForEachScaBomVulnerability(_ ScanTarget, bom *cyclonedx.BOM, entitledForJas bool, applicabilityRuns []*sarif.Run, handler ParseBomScaVulnerabilityFunc) error

func ForEachScanGraphVulnerability added in v1.20.0 

func ForEachScanGraphVulnerability(target ScanTarget, descriptors []string, vulnerabilities []services.Vulnerability, entitledForJas bool, applicabilityRuns []*sarif.Run, handler ParseScanGraphVulnerabilityFunc) error

ForEachScanGraphVulnerability allows to iterate over the provided SCA security vulnerabilities and call the provided handler for each impacted component/package with a vulnerability to process it.

func GetApplicableCveStatus 

func GetApplicableCveStatus(entitledForJas bool, applicabilityScanResults []*sarif.Run, cves []formats.CveRow) jasutils.ApplicabilityStatus

func GetBestScaEvidenceMatch added in v1.23.0 

func GetBestScaEvidenceMatch(target ScanTarget, descriptors []string) string

Get the best match for the scan target in the sca results

func GetCveApplicabilityField 

func GetCveApplicabilityField(cveId string, applicabilityScanResults []*sarif.Run) *formats.Applicability

func GetCveApplicabilityFieldAndFilterDisqualify added in v1.20.0 

func GetCveApplicabilityFieldAndFilterDisqualify(cveId string, applicabilityScanResults []*sarif.Run, components map[string]services.Component) (applicability *formats.Applicability)

func GetCveScore 

func GetCveScore(severity severityutils.Severity, applicabilityStatus jasutils.ApplicabilityStatus, cve formats.CveRow) (float32, error)

GetCveScore returns the CVSS score of the given CVE or score based on severity and applicability status if not exists.

func GetDependencyId 

func GetDependencyId(depName, version string) string

func GetDirectDependenciesAsComponentRows added in v1.20.0 

func GetDirectDependenciesAsComponentRows(component cyclonedx.Component, components []cyclonedx.Component, dependencies []cyclonedx.Dependency) (directComponents []formats.ComponentRow)

func GetFinalApplicabilityStatus added in v1.22.0 

func GetFinalApplicabilityStatus(hasContextualAnalysisRun bool, applicabilityStatuses []jasutils.ApplicabilityStatus) jasutils.ApplicabilityStatus

If we don't get any statues (not scanned are ignored) it means the applicability -> scanner didn't run = not scanned, scanner run = not covered If only one status -> final value is that status Else If at least one status is applicable -> final value is applicable Else if at least one status is undetermined -> final value is undetermined Else if at least one status is missing context -> final value is missing context Else if all statuses are not applicable -> final value is not applicable Else (at least one status is not covered) -> final value is not covered

func GetFixedVersions added in v1.23.0 

func GetFixedVersions(affectedComponent cyclonedx.Affects) (fixedVersions *[]cyclonedx.AffectedVersions)

func GetIssueIdentifier 

func GetIssueIdentifier(cvesRow []formats.CveRow, issueId string, delimiter string) string

func GetIssueTechnology added in v1.14.0 

func GetIssueTechnology(responseTechnology string, targetTech techutils.Technology) techutils.Technology

Resolve the actual technology from multiple sources:

func GetJasResultApplicability added in v1.20.0 

func GetJasResultApplicability(result *sarif.Result) *formats.Applicability

func GetOrCreateFileComponent added in v1.20.0 

func GetOrCreateFileComponent(destination *cyclonedx.BOM, filePathOrUri string) (component *cyclonedx.Component)

func GetOrCreateScaComponent added in v1.20.0 

func GetOrCreateScaComponent(destination *cyclonedx.BOM, xrayCompId string) (libComponent *cyclonedx.Component)

func GetScaIssueId 

func GetScaIssueId(depName, version, issueId string) string

func GetTargetDirectDependencies added in v1.20.0 

func GetTargetDirectDependencies(targetResult *TargetResults, flatTree, convertToXrayCompId bool) (slice []string)

func GetUniqueKey 

func GetUniqueKey(vulnerableDependency, vulnerableVersion, xrayID string, fixVersionExist bool) string

GetUniqueKey returns a unique string key of format "vulnerableDependency:vulnerableVersion:xrayID:fixVersionExist"

func GetXrayService added in v1.23.0 

func GetXrayService() *cyclonedx.Service

func IdToName added in v1.16.1 

func IdToName(input string) string

replaces underscore with dash

func IsMultiProject added in v1.20.0 

func IsMultiProject(sbom *cyclonedx.BOM) bool

func ScanResponseToSbom added in v1.20.0 

func ScanResponseToSbom(destination *cyclonedx.BOM, scanResponse services.ScanResponse) (err error)

func SplitComponents 

func SplitComponents(target string, impactedPackages map[string]services.Component) (impactedPackagesIds []string, fixedVersions [][]string, directComponents [][]formats.ComponentRow, impactPaths [][][]formats.ComponentRow, err error)

Types

type JasScanResults added in v1.14.0 

type JasScanResults struct {
	SecretsScanResults []*sarif.Run `json:"secrets,omitempty"`
	IacScanResults     []*sarif.Run `json:"iac,omitempty"`
	SastScanResults    []*sarif.Run `json:"sast,omitempty"`
}

type JasScansResults 

type JasScansResults struct {
	JasVulnerabilities       JasScanResults `json:"jas_vulnerabilities,omitempty"`
	JasViolations            JasScanResults `json:"jas_violations,omitempty"`
	ApplicabilityScanResults []*sarif.Run   `json:"contextual_analysis,omitempty"`
}

func (*JasScansResults) GetApplicabilityScanResults added in v1.14.0 

func (jsr *JasScansResults) GetApplicabilityScanResults() (results []*sarif.Run)

func (*JasScansResults) GetViolationsResults added in v1.14.0 

func (jsr *JasScansResults) GetViolationsResults(scanType jasutils.JasScanType) (results []*sarif.Run)

func (*JasScansResults) GetVulnerabilitiesResults added in v1.14.0 

func (jsr *JasScansResults) GetVulnerabilitiesResults(scanType jasutils.JasScanType) (results []*sarif.Run)

func (*JasScansResults) HasFindings 

func (jsr *JasScansResults) HasFindings() bool

func (*JasScansResults) HasFindingsByType 

func (jsr *JasScansResults) HasFindingsByType(scanType jasutils.JasScanType) bool

func (*JasScansResults) HasInformation 

func (jsr *JasScansResults) HasInformation() bool

func (*JasScansResults) HasInformationByType 

func (jsr *JasScansResults) HasInformationByType(scanType jasutils.JasScanType) bool

type ParseBomScaVulnerabilityFunc added in v1.20.0 

type ParseBomScaVulnerabilityFunc func(vulnerability cyclonedx.Vulnerability, component cyclonedx.Component, fixedVersion *[]cyclonedx.AffectedVersions, applicability *formats.Applicability, severity severityutils.Severity) error

type ParseJasIssueFunc added in v1.20.0 

type ParseJasIssueFunc func(run *sarif.Run, rule *sarif.ReportingDescriptor, severity severityutils.Severity, result *sarif.Result, location *sarif.Location) error

type ParseLicenseFunc added in v1.20.0 

type ParseLicenseFunc func(license services.License, impactedPackagesId string, directComponents []formats.ComponentRow, impactPaths [][]formats.ComponentRow) error

func ParseScanGraphLicenseToSbom added in v1.20.0 

func ParseScanGraphLicenseToSbom(destination *cyclonedx.BOM) ParseLicenseFunc

type ParseSbomComponentFunc added in v1.20.0 

type ParseSbomComponentFunc func(component cyclonedx.Component, relatedDependencies *cyclonedx.Dependency, relation cdxutils.ComponentRelation) error

type ParseScanGraphVulnerabilityFunc added in v1.20.0 

type ParseScanGraphVulnerabilityFunc func(vulnerability services.Vulnerability, cves []formats.CveRow, applicabilityStatus jasutils.ApplicabilityStatus, severity severityutils.Severity, impactedPackagesId string, fixedVersion []string, directComponents []formats.ComponentRow, impactPaths [][]formats.ComponentRow) error

func ParseScanGraphVulnerabilityToSbom added in v1.20.0 

func ParseScanGraphVulnerabilityToSbom(destination *cyclonedx.BOM) ParseScanGraphVulnerabilityFunc

type ResultContext added in v1.14.0 

type ResultContext struct {
	// If watches are provided, the scan will be performed only with the provided watches.
	Watches []string `json:"watches,omitempty"`
	// (Resource) If repo_path is provided, the scan will be performed on the repository's watches.
	RepoPath string `json:"repo_path,omitempty"`
	// (Resource) If projectKey is provided we will fetch the watches defined on the project.
	ProjectKey string `json:"project_key,omitempty"`
	// (Resource) If gitRepository is provided we will fetch the watches defined on the git repository.
	GitRepoHttpsCloneUrl string `json:"git_repo_key,omitempty"`
	// If non of the above is provided or requested, the results will include vulnerabilities
	IncludeVulnerabilities bool `json:"include_vulnerabilities"`
	// If requested, the results will include licenses
	IncludeLicenses bool `json:"include_licenses"`
	// If requested, the results will include sbom
	IncludeSbom bool `json:"include_sbom,omitempty"`
	// The active watches defined on the project_key and git_repository values above that were fetched from the platform
	PlatformWatches *xrayApi.ResourcesWatchesBody `json:"platform_watches,omitempty"`
}

We have three types of results: vulnerabilities, violations and licenses. If the user provides a violation context (watches, repo_path, project_key, git_repo_key) the results will only include violations. If the user provides a violation context and requests vulnerabilities, the results will include both vulnerabilities and violations. If the user doesn't provide a violation context, the results will include vulnerabilities. Only one (Resource) field can be provided at a time. License information can be provided in all cases if requested.

func (*ResultContext) HasViolationContext added in v1.14.0 

func (rc *ResultContext) HasViolationContext() bool

type ResultsMetaData added in v1.23.0 

type ResultsMetaData struct {
	XrayVersion      string                         `json:"xray_version"`
	XscVersion       string                         `json:"xsc_version,omitempty"`
	EntitledForJas   bool                           `json:"jas_entitled"`
	SecretValidation bool                           `json:"secret_validation"`
	CmdType          utils.CommandType              `json:"command_type"`
	ResultContext    ResultContext                  `json:"result_context,omitempty"`
	GitContext       *xscServices.XscGitInfoContext `json:"git_context,omitempty"`
	StartTime        time.Time                      `json:"start_time"`
	// MultiScanId is a unique identifier that is used to group multiple scans together.
	MultiScanId        string `json:"multi_scan_id,omitempty"`
	ResultsPlatformUrl string `json:"results_platform_url,omitempty"`
	// GeneralError that occurred during the command execution
	GeneralError error `json:"general_error,omitempty"`
}

type ResultsStatus added in v1.23.0 

type ResultsStatus struct {
	SbomScanStatusCode           *int `json:"sbom,omitempty"`
	ScaScanStatusCode            *int `json:"sca,omitempty"`
	ContextualAnalysisStatusCode *int `json:"contextual_analysis,omitempty"`
	SecretsScanStatusCode        *int `json:"secrets,omitempty"`
	IacScanStatusCode            *int `json:"iac,omitempty"`
	SastScanStatusCode           *int `json:"sast,omitempty"`
	ViolationsStatusCode         *int `json:"violations,omitempty"`
}

func (*ResultsStatus) IsScanFailed added in v1.23.0 

func (status *ResultsStatus) IsScanFailed(step SecurityCommandStep) bool

func (*ResultsStatus) UpdateStatus added in v1.23.0 

func (status *ResultsStatus) UpdateStatus(step SecurityCommandStep, statusCode *int)

type ScaScanResults 

type ScaScanResults struct {
	// Metadata about the scan
	Descriptors           []string `json:"descriptors,omitempty"`
	IsMultipleRootProject *bool    `json:"is_multiple_root_project,omitempty"`
	// Sca scan results
	DeprecatedXrayResults []services.ScanResponse `json:"xray_scan,omitempty"`
	// Sbom (potentially, with enriched components and CVE Vulnerabilities) of the target
	Sbom *cyclonedx.BOM `json:"sbom,omitempty"`
}

func (*ScaScanResults) HasFindings 

func (ssr *ScaScanResults) HasFindings() bool

func (*ScaScanResults) HasInformation 

func (ssr *ScaScanResults) HasInformation() bool

type ScanTarget 

type ScanTarget struct {
	// Physical location of the target: Working directory (audit) / binary to scan (scan / docker scan)
	Target string `json:"target,omitempty"`
	// Logical name of the target (build name / module name / docker image name...)
	Name string `json:"name,omitempty"`
	// Optional field (not used only in build scan) to provide the technology of the target
	Technology techutils.Technology `json:"technology,omitempty"`
}

func (ScanTarget) Copy 

func (st ScanTarget) Copy(newTarget string) ScanTarget

func (ScanTarget) String 

func (st ScanTarget) String() (str string)

type SecurityCommandResults 

type SecurityCommandResults struct {

	// General fields describing the command metadata
	ResultsMetaData
	// Results for each target in the command
	Targets []*TargetResults `json:"targets"`
	// Policy violations found in the command
	Violations           *violationutils.Violations `json:"violations,omitempty"`
	ViolationsStatusCode *int                       `json:"violations_status_code,omitempty"`
	// contains filtered or unexported fields
}

SecurityCommandResults is a struct that holds the results of a security scan/audit command.

func NewCommandResults 

func NewCommandResults(cmdType utils.CommandType) *SecurityCommandResults

func (*SecurityCommandResults) AddGeneralError added in v1.12.4 

func (r *SecurityCommandResults) AddGeneralError(err error, allowSkippingError bool) *SecurityCommandResults

--- Aggregated results for all targets --- Adds a general error to the command results in different phases of its execution. Notice that in some usages we pass constant 'false' to the 'allowSkippingError' parameter in some places, where we wish to force propagation of the error when it occurs.

func (*SecurityCommandResults) GetCommonParentPath added in v1.18.0 

func (r *SecurityCommandResults) GetCommonParentPath() string

func (*SecurityCommandResults) GetErrors 

func (r *SecurityCommandResults) GetErrors() (err error)

func (*SecurityCommandResults) GetScaScansXrayResults 

func (r *SecurityCommandResults) GetScaScansXrayResults() (results []services.ScanResponse)

func (*SecurityCommandResults) GetStatusCodes added in v1.23.0 

func (r *SecurityCommandResults) GetStatusCodes() ResultsStatus

func (*SecurityCommandResults) GetTargetResults added in v1.18.0 

func (r *SecurityCommandResults) GetTargetResults(target string) *TargetResults

func (*SecurityCommandResults) GetTargets added in v1.14.0 

func (r *SecurityCommandResults) GetTargets() (targets []ScanTarget)

func (*SecurityCommandResults) GetTargetsPaths 

func (r *SecurityCommandResults) GetTargetsPaths() (paths []string)

func (*SecurityCommandResults) GetTechnologies 

func (r *SecurityCommandResults) GetTechnologies(additionalTechs ...techutils.Technology) []techutils.Technology

func (*SecurityCommandResults) HasFindings 

func (r *SecurityCommandResults) HasFindings() bool

func (*SecurityCommandResults) HasInformation 

func (r *SecurityCommandResults) HasInformation() bool

func (*SecurityCommandResults) HasJasScansResults added in v1.14.0 

func (r *SecurityCommandResults) HasJasScansResults(scanType jasutils.JasScanType) bool

func (*SecurityCommandResults) HasMultipleTargets 

func (r *SecurityCommandResults) HasMultipleTargets() bool

In case multipleRoots is true, the field Component will show the root of each impact path, otherwise it will show the root's child. Set multipleRoots to true in case the given vulnerabilities array contains (or may contain) results of several projects or files (like in binary scan).

func (*SecurityCommandResults) HasViolationContext added in v1.14.0 

func (r *SecurityCommandResults) HasViolationContext() bool

Is the result includes violations

func (*SecurityCommandResults) IncludeSbom added in v1.16.0 

func (r *SecurityCommandResults) IncludeSbom() bool

func (*SecurityCommandResults) IncludesLicenses added in v1.14.0 

func (r *SecurityCommandResults) IncludesLicenses() bool

Is the result includes licenses

func (*SecurityCommandResults) IncludesVulnerabilities added in v1.14.0 

func (r *SecurityCommandResults) IncludesVulnerabilities() bool

Is the result includes vulnerabilities

func (*SecurityCommandResults) NewScanResults 

func (r *SecurityCommandResults) NewScanResults(target ScanTarget) *TargetResults

func (*SecurityCommandResults) SetEntitledForJas added in v1.12.4 

func (r *SecurityCommandResults) SetEntitledForJas(entitledForJas bool) *SecurityCommandResults

func (*SecurityCommandResults) SetGitContext added in v1.21.7 

func (r *SecurityCommandResults) SetGitContext(gitContext *xscServices.XscGitInfoContext) *SecurityCommandResults

func (*SecurityCommandResults) SetMultiScanId 

func (r *SecurityCommandResults) SetMultiScanId(multiScanId string) *SecurityCommandResults

func (*SecurityCommandResults) SetResultsContext added in v1.14.0 

func (r *SecurityCommandResults) SetResultsContext(context ResultContext) *SecurityCommandResults

func (*SecurityCommandResults) SetResultsPlatformUrl added in v1.23.0 

func (r *SecurityCommandResults) SetResultsPlatformUrl(resultsPlatformUrl string) *SecurityCommandResults

func (*SecurityCommandResults) SetSecretValidation added in v1.12.4 

func (r *SecurityCommandResults) SetSecretValidation(secretValidation bool) *SecurityCommandResults

func (*SecurityCommandResults) SetStartTime added in v1.13.2 

func (r *SecurityCommandResults) SetStartTime(startTime time.Time) *SecurityCommandResults

func (*SecurityCommandResults) SetViolations added in v1.23.0 

func (r *SecurityCommandResults) SetViolations(statusCode int, violations violationutils.Violations) *SecurityCommandResults

func (*SecurityCommandResults) SetXrayVersion added in v1.12.4 

func (r *SecurityCommandResults) SetXrayVersion(xrayVersion string) *SecurityCommandResults

func (*SecurityCommandResults) SetXscVersion added in v1.13.2 

func (r *SecurityCommandResults) SetXscVersion(xscVersion string) *SecurityCommandResults

type SecurityCommandStep added in v1.23.0 

type SecurityCommandStep string

type TargetResults 

type TargetResults struct {
	ScanTarget
	AppsConfigModule *jfrogappsconfig.Module `json:"apps_config_module,omitempty"`
	// All scan results for the target
	ScaResults    *ScaScanResults  `json:"sca_scans,omitempty"`
	JasResults    *JasScansResults `json:"jas_scans,omitempty"`
	ResultsStatus ResultsStatus    `json:"status,omitempty"`
	// Errors that occurred during the scans
	Errors []error `json:"errors,omitempty"`
	// contains filtered or unexported fields
}

func SearchTargetResultsByRelativePath added in v1.20.0 

func SearchTargetResultsByRelativePath(relativeTarget string, resultsToCompare *SecurityCommandResults) (targetResults *TargetResults)

func (*TargetResults) AddApplicabilityScanResults added in v1.23.0 

func (sr *TargetResults) AddApplicabilityScanResults(exitCode int, runs ...*sarif.Run)

func (*TargetResults) AddJasScanResults added in v1.23.0 

func (sr *TargetResults) AddJasScanResults(scanType jasutils.JasScanType, vulnerabilitiesRuns []*sarif.Run, violationsRuns []*sarif.Run, exitCode int)

func (*TargetResults) AddTargetError added in v1.12.4 

func (sr *TargetResults) AddTargetError(err error, allowSkippingError bool) error

func (*TargetResults) EnrichedSbomScanResults added in v1.20.0 

func (sr *TargetResults) EnrichedSbomScanResults(statusCode int, enrichedSbom *cyclonedx.BOM) *ScaScanResults

func (*TargetResults) GetDescriptors added in v1.20.0 

func (sr *TargetResults) GetDescriptors() []string

func (*TargetResults) GetErrors 

func (sr *TargetResults) GetErrors() (err error)

func (*TargetResults) GetJasScansResults 

func (sr *TargetResults) GetJasScansResults(scanType jasutils.JasScanType) (results []*sarif.Run)

func (*TargetResults) GetScaScansXrayResults 

func (sr *TargetResults) GetScaScansXrayResults() (results []services.ScanResponse)

func (*TargetResults) GetScanIds 

func (sr *TargetResults) GetScanIds() []string

func (*TargetResults) GetTechnologies 

func (sr *TargetResults) GetTechnologies() []techutils.Technology

func (*TargetResults) GetWatches 

func (sr *TargetResults) GetWatches() []string

func (*TargetResults) HasFindings 

func (sr *TargetResults) HasFindings() bool

func (*TargetResults) HasInformation 

func (sr *TargetResults) HasInformation() bool

func (*TargetResults) HasJasScansResults added in v1.14.0 

func (sr *TargetResults) HasJasScansResults(scanType jasutils.JasScanType) bool

func (*TargetResults) ScaScanResults added in v1.20.0 

func (sr *TargetResults) ScaScanResults(statusCode int, responses ...services.ScanResponse) *ScaScanResults

func (*TargetResults) SetDescriptors 

func (sr *TargetResults) SetDescriptors(descriptors ...string) *TargetResults

func (*TargetResults) SetSbom added in v1.18.0 

func (sr *TargetResults) SetSbom(sbom *cyclonedx.BOM, optionalStatusCodes ...int) *ScaScanResults

Source Files

View all Source files

Directories

Path Synopsis
cyclonedxparser
sarifparser
simplejsonparser
summaryparser
tableparser

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.