repo

package
v2.0.1 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: May 6, 2026 License: MIT Imports: 33 Imported by: 0

Documentation

Index

Constants

View Source 
const (

	// Comment platform constants
	PlatformGitLab = "gitlab"
	PlatformGitHub = "github"
)
View Source 
const (

	// CacheMaxAge is the maximum age of a cache entry before it's considered stale
	CacheMaxAge = 24 * time.Hour
)

Variables

View Source 
var EncodingExts = map[string]EncodingType{
	".bz2": EncodingBzip2,
	".zst": EncodingZstd,
}

Functions

func ClearCache 

func ClearCache() error

ClearCache removes all cached scan results.

func RiskCheck 

func RiskCheck(dir string, platformUrl string, consoleUrl string, verbose bool, wait bool) error

func SaveToCache 

func SaveToCache(repoPath, baseRef, results, consoleURL string, verbose bool) error

SaveToCache stores a scan result in the cache.

func Scan 

func Scan(dir string, rev string, platformUrl string, consoleUrl string, verbose bool, wait bool, outputFormat string, commentPlatform string, fullOutput bool) error

func Upload 

func Upload(
	filePath string,
	tenantEndpoint string,
	platformUrl string,
	alias string,
	docType string,
	isOpenVex bool,
	tag string,
	softwareID string,
	sbomSubject string,
	sbomSubjectNameOverride string,
	sbomSubjectVersionOverride string,
	checkBlockedPackages bool,
	wait bool,
	forge string,
	org string,
	repo string,
	subrepoPath string,
	commitSha string,
) error

Upload handles the upload of SBOM or OpenVEX files to the Kusari platform

Types

type CacheResult 

type CacheResult struct {
	Hit        bool
	Results    string
	ConsoleURL string
}

CacheResult represents the result of a cache check.

func CheckCache 

func CheckCache(repoPath, baseRef string, verbose bool) (*CacheResult, error)

CheckCache checks if there's a valid cached result for the given repo and base ref. Returns CacheResult with Hit=true if cache is valid, or Hit=false if scan needed. Returns error only for the special case of no changes to scan.

type Document 

type Document struct {
	Blob              []byte
	Type              DocumentType
	Format            FormatType
	Encoding          EncodingType
	SourceInformation SourceInformation
}

Document describes the input for a processor to run. This input can come from a collector or from the processor itself (run recursively).

type DocumentType 

type DocumentType string

DocumentType describes the type of the document contents for schema checks 

const (
	DocumentSBOM    DocumentType = "SBOM"
	DocumentOpenVEX DocumentType = "OPEN_VEX"
)

Document* is the enumerables of DocumentType

type DocumentWrapper 

type DocumentWrapper struct {
	*Document
	UploadMetaData *map[string]string `json:"upload_metadata,omitempty"`
}

DocumentWrapper holds extra fields without modifying processor.Document

type EncodingType 

type EncodingType string
const (
	EncodingBzip2   EncodingType = "BZIP2"
	EncodingZstd    EncodingType = "ZSTD"
	EncodingUnknown EncodingType = "UNKNOWN"
)

type FormatType 

type FormatType string

FormatType describes the document format for malform checks 

const (
	FormatJSON      FormatType = "JSON"
	FormatJSONLines FormatType = "JSON_LINES"
	FormatXML       FormatType = "XML"
	FormatUnknown   FormatType = "UNKNOWN"
)

Format* is the enumerables of FormatType

type IngestionStatusItem 

type IngestionStatusItem struct {
	Workspace    string     `json:"workspace"`     // partition key
	Sort         string     `json:"sort"`          // sort key
	DocumentType string     `json:"document_type"` // SBOM, VEX, etc.
	DocumentName string     `json:"document_name"` // Name of the ingested document
	TTL          int64      `json:"ttl"`           // TTL in Unix epoch seconds
	StatusMeta   StatusMeta `json:"statusMeta"`
}

IngestionStatusItem represents an item in the pico-ingestion-status DynamoDB table

type ScanCache 

type ScanCache struct {
	Entries map[string]ScanCacheEntry `json:"entries"` // keyed by repo path
}

ScanCache manages cached scan results.

type ScanCacheEntry 

type ScanCacheEntry struct {
	DiffHash   string    `json:"diff_hash"`
	BaseRef    string    `json:"base_ref"`
	Results    string    `json:"results"`     // The scan output (SARIF or markdown)
	ConsoleURL string    `json:"console_url"` // Link to console results
	Timestamp  time.Time `json:"timestamp"`
}

ScanCacheEntry represents a cached scan result for a repository.

type SourceInformation 

type SourceInformation struct {
	// Collector describes the name of the collector providing this information
	Collector string
	// Source describes the source which the collector got this information
	Source string
	// DocumentRef describes the location of the document in the blob store
	DocumentRef string
}

SourceInformation provides additional information about where the document comes from

type StatusMeta 

type StatusMeta struct {
	Status       string `json:"status"`        // started, processing, success, failed
	UserMessage  string `json:"user_message"`  // customer-facing message
	InternalMeta string `json:"internal_meta"` // internal metadata/details
	UpdatedAt    string `json:"updated_at"`    // timestamp in milliseconds
}

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.