repo

package
v1.1.1 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Apr 15, 2026 License: MIT Imports: 33 Imported by: 0

Documentation

Index

Constants

View Source 
const (

	// Comment platform constants
	PlatformGitLab = "gitlab"
	PlatformGitHub = "github"
)
View Source 
const (

	// CacheMaxAge is the maximum age of a cache entry before it's considered stale
	CacheMaxAge = 24 * time.Hour
)

Variables

View Source 
var EncodingExts = map[string]EncodingType{
	".bz2": EncodingBzip2,
	".zst": EncodingZstd,
}

Functions

func ClearCache added in v0.24.0 

func ClearCache() error

ClearCache removes all cached scan results.

func RiskCheck added in v0.7.0 

func RiskCheck(dir string, platformUrl string, consoleUrl string, verbose bool, wait bool) error

func SaveToCache added in v0.24.0 

func SaveToCache(repoPath, baseRef, results, consoleURL string, verbose bool) error

SaveToCache stores a scan result in the cache.

func Scan 

func Scan(dir string, rev string, platformUrl string, consoleUrl string, verbose bool, wait bool, outputFormat string, commentPlatform string, fullOutput bool) error

func Upload added in v0.15.0 

func Upload(
	filePath string,
	tenantEndpoint string,
	platformUrl string,
	alias string,
	docType string,
	isOpenVex bool,
	tag string,
	softwareID string,
	sbomSubject string,
	componentName string,
	sbomSubjectNameOverride string,
	sbomSubjectVersionOverride string,
	checkBlockedPackages bool,
	wait bool,
	forge string,
	org string,
	repo string,
	subrepoPath string,
	commitSha string,
) error

Upload handles the upload of SBOM or OpenVEX files to the Kusari platform

Types

type CacheResult added in v0.24.0 

type CacheResult struct {
	Hit        bool
	Results    string
	ConsoleURL string
}

CacheResult represents the result of a cache check.

func CheckCache added in v0.24.0 

func CheckCache(repoPath, baseRef string, verbose bool) (*CacheResult, error)

CheckCache checks if there's a valid cached result for the given repo and base ref. Returns CacheResult with Hit=true if cache is valid, or Hit=false if scan needed. Returns error only for the special case of no changes to scan.

type Document added in v0.15.0 

type Document struct {
	Blob              []byte
	Type              DocumentType
	Format            FormatType
	Encoding          EncodingType
	SourceInformation SourceInformation
}

Document describes the input for a processor to run. This input can come from a collector or from the processor itself (run recursively).

type DocumentType added in v0.15.0 

type DocumentType string

DocumentType describes the type of the document contents for schema checks 

const (
	DocumentSBOM    DocumentType = "SBOM"
	DocumentOpenVEX DocumentType = "OPEN_VEX"
)

Document* is the enumerables of DocumentType

type DocumentWrapper added in v0.15.0 

type DocumentWrapper struct {
	*Document
	UploadMetaData *map[string]string `json:"upload_metadata,omitempty"`
}

DocumentWrapper holds extra fields without modifying processor.Document

type EncodingType added in v0.15.0 

type EncodingType string
const (
	EncodingBzip2   EncodingType = "BZIP2"
	EncodingZstd    EncodingType = "ZSTD"
	EncodingUnknown EncodingType = "UNKNOWN"
)

type FormatType added in v0.15.0 

type FormatType string

FormatType describes the document format for malform checks 

const (
	FormatJSON      FormatType = "JSON"
	FormatJSONLines FormatType = "JSON_LINES"
	FormatXML       FormatType = "XML"
	FormatUnknown   FormatType = "UNKNOWN"
)

Format* is the enumerables of FormatType

type IngestionStatusItem added in v0.15.0 

type IngestionStatusItem struct {
	Workspace     string     `json:"workspace"`      // partition key
	Sort          string     `json:"sort"`           // sort key
	DocumentType  string     `json:"document_type"`  // SBOM, VEX, etc.
	DocumentName  string     `json:"document_name"`  // Name of the ingested document
	ComponentName string     `json:"component_name"` // Component name from upload metadata
	TTL           int64      `json:"ttl"`            // TTL in Unix epoch seconds
	StatusMeta    StatusMeta `json:"statusMeta"`
}

IngestionStatusItem represents an item in the pico-ingestion-status DynamoDB table

type ScanCache added in v0.24.0 

type ScanCache struct {
	Entries map[string]ScanCacheEntry `json:"entries"` // keyed by repo path
}

ScanCache manages cached scan results.

type ScanCacheEntry added in v0.24.0 

type ScanCacheEntry struct {
	DiffHash   string    `json:"diff_hash"`
	BaseRef    string    `json:"base_ref"`
	Results    string    `json:"results"`     // The scan output (SARIF or markdown)
	ConsoleURL string    `json:"console_url"` // Link to console results
	Timestamp  time.Time `json:"timestamp"`
}

ScanCacheEntry represents a cached scan result for a repository.

type SourceInformation added in v0.15.0 

type SourceInformation struct {
	// Collector describes the name of the collector providing this information
	Collector string
	// Source describes the source which the collector got this information
	Source string
	// DocumentRef describes the location of the document in the blob store
	DocumentRef string
}

SourceInformation provides additional information about where the document comes from

type StatusMeta added in v0.15.0 

type StatusMeta struct {
	Status       string `json:"status"`        // started, processing, success, failed
	UserMessage  string `json:"user_message"`  // customer-facing message
	InternalMeta string `json:"internal_meta"` // internal metadata/details
	UpdatedAt    string `json:"updated_at"`    // timestamp in milliseconds
}

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.