Documentation
¶
Overview ¶
Copyright (C) 2025 l3montree GmbH
This program is free software: you can redistribute it and/or modify it under the terms of the GNU Affero General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version.
This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Affero General Public License for more details.
You should have received a copy of the GNU Affero General Public License along with this program. If not, see <https://www.gnu.org/licenses/>.
Copyright (C) 2025 l3montree GmbH ¶
This program is free software: you can redistribute it and/or modify it under the terms of the GNU Affero General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version.
This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Affero General Public License for more details.
You should have received a copy of the GNU Affero General Public License along with this program. If not, see <https://www.gnu.org/licenses/>.
Copyright (C) 2025 l3montree GmbH ¶
This program is free software: you can redistribute it and/or modify it under the terms of the GNU Affero General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version.
This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Affero General Public License for more details.
You should have received a copy of the GNU Affero General Public License along with this program. If not, see <https://www.gnu.org/licenses/>.
Copyright (C) 2025 l3montree GmbH ¶
This program is free software: you can redistribute it and/or modify it under the terms of the GNU Affero General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version.
This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Affero General Public License for more details.
You should have received a copy of the GNU Affero General Public License along with this program. If not, see <https://www.gnu.org/licenses/>.
Index ¶
- Constants
- Variables
- func BeautifyFinalLicenseDecision(licenseDecision *string) *string
- type AcceptInvitationRequest
- type Affected
- type ArtifactDTO
- type AssetChangeRoleRequest
- type AssetCreateRequest
- type AssetDTO
- type AssetDetailsDTO
- type AssetDetailsWithSecretsDTO
- type AssetInviteToAssetRequest
- type AssetMetrics
- type AssetPatchRequest
- type AssetVersionDTO
- type AssetWithSecretsDTO
- type CVEDTO
- type CandidatesResponseDTO
- type ComponentDTO
- type ComponentDependencyDTO
- type ComponentOccurrenceDTO
- type ComponentProjectDTO
- type ComponentType
- type ContentTreeElement
- type CreateInTotoLinkRequest
- type DeadSimpleSigningEnvelope
- type DependencyVulnAggregationState
- type DependencyVulnAggregationStateAndChange
- type DependencyVulnDTO
- type DependencyVulnHints
- type DetailedDependencyVulnDTO
- type DetailedFirstPartyVulnDTO
- type DetailedLicenseRiskDTO
- type Distribution
- type EcosystemSpecific
- type ExploitDTO
- type FirstPartyScanResponse
- type FirstPartyVulnDTO
- type GitRepository
- type GithubAppInstallationDTO
- type GitlabIntegrationDTO
- type History
- type InformationSourceDTO
- type InviteRequest
- type JiraIntegrationDTO
- type LicenseRiskArtifactDTO
- type LicenseRiskDTO
- type LookupResponse
- type MechanicalJustificationType
- type OSV
- type OpenSourceInsightsProjectResponse
- type OpenSourceInsightsVersionResponse
- type OrgChangeRoleRequest
- type OrgCreateRequest
- type OrgDTO
- type OrgDetailsDTO
- type OrgPatchRequest
- type Package
- type PatCreateRequest
- type PolicyDTO
- type ProjectChangeRoleRequest
- type ProjectCreateRequest
- type ProjectDTO
- type ProjectDetailsDTO
- type ProjectInviteRequest
- type ProjectPatchRequest
- type Range
- type RelationshipDTO
- type RelationshipType
- type ReleaseCreateRequest
- type ReleaseDTO
- type ReleaseItemDTO
- type ReleasePatchRequest
- type RequirementLevel
- type RevokeByPrivateKeyRequest
- type RiskCalculationReport
- type RiskHistoryDTO
- type RiskMetrics
- type ScanResponse
- type Scorecard
- type SemverEvent
- type Severity
- type SnippetContent
- type SnippetContents
- type UpstreamState
- type UserDTO
- type VulnEventDTO
- type VulnEventType
- type VulnState
- type VulnType
- type VulnerabilityInReport
- type VulnerabilityReport
- type WebhookIntegrationDTO
- type YamlMetadata
- type YamlVars
Constants ¶
View Source
const CannotCalculateRisk float64 = 0
Variables ¶
View Source
var AllowedScopes = []string{"manage", "scan"}
Functions ¶
Types ¶
type AcceptInvitationRequest ¶
type AcceptInvitationRequest struct {
Code string `json:"code" validate:"required"`
}
type Affected ¶
type Affected struct {
Package Package `json:"package"`
Ranges []Range `json:"ranges"`
Versions []string `json:"versions"`
EcosystemSpecific *EcosystemSpecific `json:"ecosystem_specific"`
}
type ArtifactDTO ¶
type ArtifactDTO struct {
ArtifactName string `json:"artifactName"`
AssetVersionName string `json:"assetVersionName"`
AssetID uuid.UUID `json:"assetId"`
}
ArtifactDTO is a trimmed artifact view returned to clients. It includes the asset's name.
type AssetChangeRoleRequest ¶
type AssetChangeRoleRequest struct {
Role string `json:"role" validate:"required,oneof=member admin"`
}
type AssetCreateRequest ¶
type AssetCreateRequest struct {
Name string `json:"name" validate:"required"`
Description string `json:"description"`
CVSSAutomaticTicketThreshold *float64 `json:"cvssAutomaticTicketThreshold"`
RiskAutomaticTicketThreshold *float64 `json:"riskAutomaticTicketThreshold"`
EnableTicketRange bool `json:"enableTicketRange"`
CentralDependencyVulnManagement bool `json:"centralDependencyVulnManagement"`
Importance int `json:"importance"`
ReachableFromInternet bool `json:"reachableFromInternet"`
ConfidentialityRequirement string `json:"confidentialityRequirement" validate:"required"`
IntegrityRequirement string `json:"integrityRequirement" validate:"required"`
AvailabilityRequirement string `json:"availabilityRequirement" validate:"required"`
RepositoryProvider *string `json:"repositoryProvider" validate:"omitempty,oneof=github gitlab"` // either null or github or gitlab, etc.
}
type AssetDTO ¶
type AssetDTO struct {
ID uuid.UUID `json:"id"`
Name string `json:"name"`
Avatar *string `json:"avatar,omitempty"`
Slug string `json:"slug"`
Description string `json:"description"`
ProjectID uuid.UUID `json:"projectId"`
AvailabilityRequirement RequirementLevel `json:"availabilityRequirement"`
IntegrityRequirement RequirementLevel `json:"integrityRequirement"`
ConfidentialityRequirement RequirementLevel `json:"confidentialityRequirement"`
ReachableFromInternet bool `json:"reachableFromInternet"`
RepositoryID *string `json:"repositoryId"`
RepositoryName *string `json:"repositoryName"`
SigningPubKey *string `json:"signingPubKey"`
EnableTicketRange bool `json:"enableTicketRange"`
CVSSAutomaticTicketThreshold *float64 `json:"cvssAutomaticTicketThreshold"`
RiskAutomaticTicketThreshold *float64 `json:"riskAutomaticTicketThreshold"`
VulnAutoReopenAfterDays *int `json:"vulnAutoReopenAfterDays"`
AssetVersions []AssetVersionDTO `json:"refs"`
ExternalEntityProviderID *string `json:"externalEntityProviderId,omitempty"`
ExternalEntityID *string `json:"externalEntityId,omitempty"`
RepositoryProvider *string `json:"repositoryProvider,omitempty"`
IsPublic bool `json:"isPublic"`
ParanoidMode bool `json:"paranoidMode"`
CentralDependencyVulnManagement bool `json:"centralDependencyVulnManagement"`
PipelineLastRun time.Time `json:"pipelineLastRun"`
PipelineError *string `json:"pipelineError,omitempty"`
}
type AssetDetailsDTO ¶
type AssetDetailsWithSecretsDTO ¶
type AssetDetailsWithSecretsDTO struct {
AssetWithSecretsDTO
Members []UserDTO `json:"members"`
}
type AssetInviteToAssetRequest ¶
type AssetInviteToAssetRequest struct {
Ids []string `json:"ids" validate:"required"`
}
type AssetMetrics ¶
type AssetPatchRequest ¶
type AssetPatchRequest struct {
Name *string `json:"name"`
Description *string `json:"description"`
CVSSAutomaticTicketThreshold *float64 `json:"cvssAutomaticTicketThreshold"`
RiskAutomaticTicketThreshold *float64 `json:"riskAutomaticTicketThreshold"`
EnableTicketRange *bool `json:"enableTicketRange"`
CentralDependencyVulnManagement *bool `json:"centralDependencyVulnManagement"`
ReachableFromInternet *bool `json:"reachableFromInternet"`
ConfidentialityRequirement *RequirementLevel `json:"confidentialityRequirement"`
IntegrityRequirement *RequirementLevel `json:"integrityRequirement"`
AvailabilityRequirement *RequirementLevel `json:"availabilityRequirement"`
RepositoryID *string `json:"repositoryId"`
RepositoryName *string `json:"repositoryName"`
ConfigFiles *map[string]any `json:"configFiles"`
VulnAutoReopenAfterDays *int `json:"vulnAutoReopenAfterDays"`
WebhookSecret *string `json:"webhookSecret"`
BadgeSecret *string `json:"badgeSecret"`
RepositoryProvider *string `json:"repositoryProvider" validate:"omitempty,oneof=github gitlab"` // either null or github or gitlab, etc.
IsPublic *bool `json:"isPublic"`
ParanoidMode *bool `json:"paranoidMode"`
}
type AssetVersionDTO ¶
type AssetVersionDTO struct {
CreatedAt string `json:"createdAt"`
UpdatedAt string `json:"updatedAt"`
Name string `json:"name"`
AssetID string `json:"assetId"`
DefaultBranch bool `json:"defaultBranch"`
Slug string `json:"slug"`
Type string `json:"type"`
SigningPubKey *string `json:"signingPubKey,omitempty"`
Metadata map[string]any `json:"metadata,omitempty"`
LastAccessedAt string `json:"lastAccessedAt,omitempty"`
}
type AssetWithSecretsDTO ¶
type CVEDTO ¶
type CVEDTO struct {
CVE string `json:"cve"`
CreatedAt time.Time `json:"createdAt"`
UpdatedAt time.Time `json:"updatedAt"`
DatePublished time.Time `json:"datePublished"`
DateLastModified time.Time `json:"dateLastModified"`
Description string `json:"description"`
CVSS float32 `json:"cvss"`
References string `json:"references"`
CISAExploitAdd *datatypes.Date `json:"cisaExploitAdd" swaggertype:"string" format:"date"`
CISAActionDue *datatypes.Date `json:"cisaActionDue" swaggertype:"string" format:"date"`
CISARequiredAction string `json:"cisaRequiredAction"`
CISAVulnerabilityName string `json:"cisaVulnerabilityName"`
EPSS *float64 `json:"epss"`
Percentile *float32 `json:"percentile"`
Vector string `json:"vector"`
Risk RiskMetrics `json:"risk"`
Exploits []ExploitDTO `json:"exploits"`
Relationships []RelationshipDTO `json:"relationships"`
}
type CandidatesResponseDTO ¶
type CandidatesResponseDTO struct {
Artifacts []ArtifactDTO `json:"artifacts"`
Releases []ReleaseDTO `json:"releases"`
}
type ComponentDTO ¶
type ComponentDTO struct {
Purl string `json:"purl" gorm:"primaryKey;column:purl"` // without qualifiers!
Dependencies []ComponentDependencyDTO `json:"dependsOn" gorm:"hasMany;"`
ComponentType ComponentType `json:"componentType"`
Version string `json:"version"`
License *string `json:"license"`
Published *time.Time `json:"published"`
ComponentProject *ComponentProjectDTO `json:"project" gorm:"foreignKey:ComponentProjectKey;references:ProjectKey;constraint:OnDelete:CASCADE;"`
ComponentProjectKey *string `json:"projectId" gorm:"column:project_key"`
IsLicenseOverwritten bool `json:"isLicenseOverwritten" gorm:"-"`
}
type ComponentDependencyDTO ¶
type ComponentDependencyDTO struct {
ID uuid.UUID `json:"id"`
ComponentPurl string `json:"componentPurl"`
// the provided sbom from cyclondx only contains the transitive dependencies, which do really get used
// this means, that the dependency graph between people using the same library might differ, since they use it differently
// we use edges, which provide the information, that a component is used by another component in one asset
DependencyPurl string `json:"dependencyPurl"` // will be nil, for direct dependencies
Artifacts []ArtifactDTO `json:"artifacts"`
Component ComponentDTO `json:"component"`
Dependency ComponentDTO `json:"dependency"`
}
type ComponentOccurrenceDTO ¶
type ComponentOccurrenceDTO struct {
ComponentDependencyID string `json:"componentDependencyId"`
DependencyPurl *string `json:"dependencyPurl"`
OrganizationID string `json:"organizationId"`
OrganizationName string `json:"organizationName"`
ProjectID string `json:"projectId"`
ProjectName string `json:"projectName"`
ProjectSlug string `json:"projectSlug"`
AssetID string `json:"assetId"`
AssetName string `json:"assetName"`
AssetSlug string `json:"assetSlug"`
AssetVersionName string `json:"assetVersionName"`
ComponentPurl *string `json:"componentPurl"`
ComponentVersion *string `json:"componentVersion"`
ArtifactName *string `json:"artifactName"`
ArtifactAssetVersion *string `json:"artifactAssetVersion"`
}
type ComponentProjectDTO ¶
type ComponentProjectDTO struct {
// project name like "github.com/facebook/react"
ProjectKey string `json:"projectKey" gorm:"primaryKey;column:project_key"`
StarsCount int `json:"starsCount" gorm:"column:stars_count"`
ForksCount int `json:"forksCount" gorm:"column:forks_count"`
OpenIssuesCount int `json:"openIssuesCount" gorm:"column:open_issues_count"`
Homepage string `json:"homepage"`
License string `json:"license"`
Description string `json:"description"`
ScoreCard map[string]any `json:"scoreCard"`
ScoreCardScore *float64 `json:"scoreCardScore" gorm:"column:score_card_score"`
UpdatedAt time.Time `json:"updatedAt" gorm:"column:updated_at"`
}
type ComponentType ¶
type ComponentType string
const ( ComponentTypeApplication ComponentType = "application" ComponentTypeContainer ComponentType = "container" ComponentTypeData ComponentType = "data" ComponentTypeDevice ComponentType = "device" ComponentTypeDeviceDriver ComponentType = "device-driver" ComponentTypeFile ComponentType = "file" ComponentTypeFirmware ComponentType = "firmware" ComponentTypeFramework ComponentType = "framework" ComponentTypeLibrary ComponentType = "library" ComponentTypeMachineLearningModel ComponentType = "machine-learning-model" ComponentTypeOS ComponentType = "operating-system" ComponentTypePlatform ComponentType = "platform" )
type ContentTreeElement ¶
type CreateInTotoLinkRequest ¶
type DependencyVulnAggregationStateAndChange ¶
type DependencyVulnAggregationStateAndChange struct {
Now DependencyVulnAggregationState `json:"now"`
Was DependencyVulnAggregationState `json:"was"`
}
type DependencyVulnDTO ¶
type DependencyVulnDTO struct {
ID string `json:"id"`
Message *string `json:"message"`
AssetVersionName string `json:"assetVersionId"`
AssetID string `json:"assetId"`
State VulnState `json:"state"`
CVE CVEDTO `json:"cve"`
CVEID string `json:"cveID"`
ComponentPurl string `json:"componentPurl"`
ComponentDepth *int `json:"componentDepth"`
ComponentFixedVersion *string `json:"componentFixedVersion"`
Effort *int `json:"effort"`
RiskAssessment *int `json:"riskAssessment"`
RawRiskAssessment *float64 `json:"rawRiskAssessment"`
Priority *int `json:"priority"`
LastDetected time.Time `json:"lastDetected"`
CreatedAt time.Time `json:"createdAt"`
TicketID *string `json:"ticketId"`
TicketURL *string `json:"ticketUrl"`
ManualTicketCreation bool `json:"manualTicketCreation"`
Artifacts []ArtifactDTO `json:"artifacts"`
Exploits []ExploitDTO `json:"exploits"`
RiskRecalculatedAt time.Time `json:"riskRecalculatedAt"`
}
type DependencyVulnHints ¶
type DependencyVulnHints struct {
AmountOpen int `json:"amountOpen"`
AmountFixed int `json:"amountFixed"`
AmountAccepted int `json:"amountAccepted"`
AmountFalsePositive int `json:"amountFalsePositive"`
AmountMarkedForTransfer int `json:"amountMarkedForTransfer"`
}
used to return information about other instances of a dependency vuln in other parts of an organization
type DetailedDependencyVulnDTO ¶
type DetailedDependencyVulnDTO struct {
DependencyVulnDTO
Events []VulnEventDTO `json:"events"`
}
type DetailedFirstPartyVulnDTO ¶
type DetailedFirstPartyVulnDTO struct {
FirstPartyVulnDTO
Events []VulnEventDTO `json:"events"`
}
type DetailedLicenseRiskDTO ¶
type DetailedLicenseRiskDTO struct {
LicenseRiskDTO
Events []VulnEventDTO `json:"events"`
}
type Distribution ¶
type EcosystemSpecific ¶
type EcosystemSpecific struct {
Urgency string `json:"urgency,omitempty"`
}
type ExploitDTO ¶
type ExploitDTO struct {
ID string `json:"id"`
Published *time.Time `json:"pushed_at"`
Updated *time.Time `json:"updated_at"`
Author string `json:"author"`
Type string `json:"type"`
Verified bool `json:"verified"`
SourceURL string `json:"sourceURL"`
Description string `json:"description"`
CVEID string `json:"cveID"`
Tags string `json:"tags"`
Forks int `json:"forks"`
Watchers int `json:"watchers"`
Subscribers int `json:"subscribers_count"`
Stars int `json:"stargazers_count"`
}
type FirstPartyScanResponse ¶
type FirstPartyScanResponse struct {
AmountOpened int `json:"amountOpened"`
AmountClosed int `json:"amountClosed"`
FirstPartyVulns []FirstPartyVulnDTO `json:"firstPartyVulns"`
}
type FirstPartyVulnDTO ¶
type FirstPartyVulnDTO struct {
ID string `json:"id"`
ScannerIDs string `json:"scannerIds"`
Message *string `json:"message"`
AssetVersionName string `json:"assetVersionName"`
AssetID string `json:"assetId"`
State VulnState `json:"state"`
RuleID string `json:"ruleId"`
URI string `json:"uri"`
SnippetContents []SnippetContent `json:"snippetContents"`
CreatedAt time.Time `json:"createdAt"`
TicketID *string `json:"ticketId"`
TicketURL *string `json:"ticketUrl"`
ManualTicketCreation bool `json:"manualTicketCreation"`
Commit string `json:"commit"`
Email string `json:"email"`
Author string `json:"author"`
Date string `json:"date"`
RuleName string `json:"ruleName"`
RuleHelp string `json:"ruleHelp"`
RuleHelpURI string `json:"ruleHelpURI"`
RuleDescription string `json:"ruleDescription"`
RuleProperties map[string]any `json:"ruleProperties"`
}
type GitRepository ¶
type GithubAppInstallationDTO ¶
type GithubAppInstallationDTO struct {
InstallationID int `json:"installationId"`
OrgID uuid.UUID
InstallationCreatedWebhookReceivedTime time.Time `json:"installationCreatedWebhookReceivedTime"`
SettingsURL string `json:"settingsUrl"`
TargetType string `json:"targetType"`
TargetLogin string `json:"targetLogin"`
TargetAvatarURL string `json:"targetAvatarUrl"`
}
type GitlabIntegrationDTO ¶
type History ¶
type History struct {
Distribution
// on the day 2024-08-12 the asset had a sumRisk of 25.
Day time.Time `json:"day" gorm:"primaryKey;type:date"`
SumOpenRisk float64 `json:"sumOpenRisk"`
AvgOpenRisk float64 `json:"averageOpenRisk"`
MaxOpenRisk float64 `json:"maxOpenRisk"`
MinOpenRisk float64 `json:"minOpenRisk"`
SumClosedRisk float64 `json:"sumClosedRisk"`
AvgClosedRisk float64 `json:"averageClosedRisk"`
MaxClosedRisk float64 `json:"maxClosedRisk"`
MinClosedRisk float64 `json:"minClosedRisk"`
OpenDependencyVulns int `json:"openDependencyVulns"`
FixedDependencyVulns int `json:"fixedDependencyVulns"`
}
type InformationSourceDTO ¶
type InviteRequest ¶
type InviteRequest struct {
Email string `json:"email" validate:"required,email"`
}
type JiraIntegrationDTO ¶
type LicenseRiskArtifactDTO ¶
type LicenseRiskDTO ¶
type LicenseRiskDTO struct {
ID string `json:"id"`
Message *string `json:"message"`
AssetVersionName string `json:"assetVersionName"`
AssetID string `json:"assetId"`
State VulnState `json:"state"`
CreatedAt time.Time `json:"createdAt"`
TicketID *string `json:"ticketId"`
TicketURL *string `json:"ticketUrl"`
ManualTicketCreation bool `json:"manualTicketCreation"`
FinalLicenseDecision *string `json:"finalLicenseDecision"`
ComponentPurl string `json:"componentPurl"`
Component ComponentDTO `json:"component"`
Artifacts []LicenseRiskArtifactDTO `json:"artifacts"`
}
type LookupResponse ¶
type MechanicalJustificationType ¶
type MechanicalJustificationType string
const ( ComponentNotPresent MechanicalJustificationType = "component_not_present" VulnerableCodeNotPresent MechanicalJustificationType = "vulnerable_code_not_present" VulnerableCodeNotInExecutePath MechanicalJustificationType = "vulnerable_code_not_in_execute_path" VulnerableCodeCannotBeControlledByAdversary MechanicalJustificationType = "vulnerable_code_cannot_be_controlled_by_adversary" InlineMitigationsAlreadyExist MechanicalJustificationType = "inline_mitigations_already_exist" )
type OSV ¶
type OSV struct {
ID string `json:"id"`
Summary string `json:"summary"`
Modified time.Time `json:"modified"`
Published time.Time `json:"published"`
Details string `json:"details"`
Related []string `json:"related"`
Aliases []string `json:"aliases"`
Upstream []string `json:"upstream"`
Affected []Affected `json:"affected"`
SchemaVersion string `json:"schema_version"`
Severity []struct {
Type string `json:"type"`
Score string `json:"score"`
} `json:"severity"`
}
type OpenSourceInsightsProjectResponse ¶
type OpenSourceInsightsProjectResponse struct {
ProjectKey struct {
ID string `json:"id"`
} `json:"projectKey"`
OpenIssuesCount int `json:"openIssuesCount"`
StarsCount int `json:"starsCount"`
ForksCount int `json:"forksCount"`
License string `json:"license"`
Description string `json:"description"`
Homepage string `json:"homepage"`
Scorecard *Scorecard `json:"scorecard"`
}
type OpenSourceInsightsVersionResponse ¶
type OpenSourceInsightsVersionResponse struct {
VersionKey struct {
System string `json:"system"`
Name string `json:"name"`
Version string `json:"version"`
} `json:"versionKey"`
PublishedAt time.Time `json:"publishedAt"`
IsDefault bool `json:"isDefault"`
Licenses []string `json:"licenses"`
AdvisoryKeys []any `json:"advisoryKeys"`
Links []struct {
Label string `json:"label"`
URL string `json:"url"`
} `json:"links"`
SlsaProvenances []any `json:"slsaProvenances"`
Attestations []any `json:"attestations"`
Registries []string `json:"registries"`
RelatedProjects []struct {
ProjectKey struct {
ID string `json:"id"`
} `json:"projectKey"`
RelationProvenance string `json:"relationProvenance"`
RelationType string `json:"relationType"`
} `json:"relatedProjects"`
}
type OrgChangeRoleRequest ¶
type OrgChangeRoleRequest struct {
Role string `json:"role" validate:"required,oneof=member admin"`
}
type OrgCreateRequest ¶
type OrgCreateRequest struct {
Name string `json:"name" validate:"required"`
ContactPhoneNumber *string `json:"contactPhoneNumber"`
NumberOfEmployees *int `json:"numberOfEmployees"`
Country *string `json:"country"`
Industry *string `json:"industry"`
CriticalInfrastructure bool `json:"criticalInfrastructure"`
ISO27001 bool `json:"iso27001"`
NIST bool `json:"nist"`
Grundschutz bool `json:"grundschutz"`
Description string `json:"description"`
Language string `json:"language"`
}
type OrgDTO ¶
type OrgDTO struct {
ID uuid.UUID `json:"id"`
CreatedAt time.Time `json:"createdAt"`
UpdatedAt time.Time `json:"updatedAt"`
Name string `json:"name" gorm:"type:text"`
ContactPhoneNumber *string `json:"contactPhoneNumber" gorm:"type:text"`
NumberOfEmployees *int `json:"numberOfEmployees"`
Country *string `json:"country" gorm:"type:text"`
Industry *string `json:"industry" gorm:"type:text"`
CriticalInfrastructure bool `json:"criticalInfrastructure"`
ISO27001 bool `json:"iso27001"`
NIST bool `json:"nist"`
Grundschutz bool `json:"grundschutz"`
Projects []ProjectDTO `json:"projects" gorm:"foreignKey:OrganizationID;"`
Slug string `json:"slug" gorm:"type:text;unique;not null;index"`
Description string `json:"description" gorm:"type:text"`
GithubAppInstallations []GithubAppInstallationDTO `json:"githubAppInstallations" gorm:"foreignKey:OrgID;"`
GitLabIntegrations []GitlabIntegrationDTO `json:"gitLabIntegrations" gorm:"foreignKey:OrgID;"`
JiraIntegrations []JiraIntegrationDTO `json:"jiraIntegrations" gorm:"foreignKey:OrgID;"`
IsPublic bool `json:"isPublic" gorm:"default:false;"`
Webhooks []WebhookIntegrationDTO `json:"webhooks" gorm:"foreignKey:OrgID;"`
ConfigFiles map[string]any `json:"configFiles"`
Language string `json:"language"`
ExternalEntityProviderID *string `json:"externalEntityProviderId" gorm:"type:text"`
}
type OrgDetailsDTO ¶
type OrgPatchRequest ¶
type OrgPatchRequest struct {
Name *string `json:"name"`
ContactPhoneNumber *string `json:"contactPhoneNumber"`
NumberOfEmployees *int `json:"numberOfEmployees"`
Country *string `json:"country"`
Industry *string `json:"industry"`
CriticalInfrastructure *bool `json:"criticalInfrastructure"`
ISO27001 *bool `json:"iso27001"`
NIST *bool `json:"nist"`
Grundschutz *bool `json:"grundschutz"`
Description *string `json:"description"`
IsPublic *bool `json:"isPublic"`
ConfigFiles *map[string]any `json:"configFiles"`
Language *string `json:"language"`
}
type PatCreateRequest ¶
type ProjectChangeRoleRequest ¶
type ProjectChangeRoleRequest struct {
Role string `json:"role" validate:"required,oneof=member admin"`
}
type ProjectCreateRequest ¶
type ProjectDTO ¶
type ProjectDTO struct {
Avatar *string `json:"avatar,omitempty"` // URL to the project's avatar
ID uuid.UUID `json:"id"`
Name string `json:"name"`
Slug string `json:"slug"`
Description string `json:"description"`
IsPublic bool `json:"isPublic"`
Type string `json:"type"`
ParentID *uuid.UUID `json:"parentId"`
Parent *ProjectDTO `json:"parent,omitempty"` // recursive structure
RepositoryID *string `json:"repositoryId"`
RepositoryName *string `json:"repositoryName"`
Assets []AssetDTO `json:"assets"`
ConfigFiles map[string]any `json:"configFiles"`
ExternalEntityProviderID *string `json:"externalEntityProviderId,omitempty"`
ExternalEntityID *string `json:"externalEntityId,omitempty"` // only set if this is an external entity
}
type ProjectDetailsDTO ¶
type ProjectDetailsDTO struct {
ProjectDTO
Members []UserDTO `json:"members"`
Webhooks []WebhookIntegrationDTO `json:"webhooks"`
}
type ProjectInviteRequest ¶
type ProjectInviteRequest struct {
Ids []string `json:"ids" validate:"required"`
}
type ProjectPatchRequest ¶
type ProjectPatchRequest struct {
Name *string `json:"name"`
Description *string `json:"description"`
IsPublic *bool `json:"isPublic"`
Type *string `json:"type"`
RepositoryID *string `json:"repositoryId"`
RepositoryName *string `json:"repositoryName"`
ConfigFiles *map[string]any `json:"configFiles"`
}
type Range ¶
type Range struct {
Type string `json:"type"`
Repo string `json:"repo"`
Events []SemverEvent `json:"events"`
}
type RelationshipDTO ¶
type RelationshipType ¶
type RelationshipType = string
const ( RelationshipTypeAlias RelationshipType = "alias" RelationshipTypeUpstream RelationshipType = "upstream" RelationshipTypeRelated RelationshipType = "related" )
type ReleaseCreateRequest ¶
type ReleaseCreateRequest struct {
Name string `json:"name"`
Items []ReleaseItemDTO `json:"items,omitempty"`
}
requests
type ReleaseDTO ¶
type ReleaseItemDTO ¶
type ReleaseItemDTO struct {
ID uuid.UUID `json:"id,omitempty"`
ReleaseID uuid.UUID `json:"releaseId,omitempty"`
ChildReleaseName *string `json:"childReleaseName,omitempty"`
ChildReleaseID *uuid.UUID `json:"childReleaseId,omitempty"`
ArtifactName *string `json:"artifactName,omitempty"`
AssetVersionName *string `json:"assetVersionName,omitempty"`
AssetID *uuid.UUID `json:"assetId,omitempty"`
}
type ReleasePatchRequest ¶
type ReleasePatchRequest struct {
Items []ReleaseItemDTO `json:"items,omitempty"`
}
type RequirementLevel ¶
type RequirementLevel string
const ( RequirementLevelLow RequirementLevel = "low" RequirementLevelMedium RequirementLevel = "medium" RequirementLevelHigh RequirementLevel = "high" )
type RevokeByPrivateKeyRequest ¶
type RevokeByPrivateKeyRequest struct {
PrivateKey string `json:"privkey" validate:"required"`
}
type RiskCalculationReport ¶
type RiskCalculationReport struct {
EPSS float64 `json:"epss"`
BaseScore float64 `json:"baseScore"`
ExploitExists bool `json:"exploitExists"`
VerifiedExploitExists bool `json:"verifiedExploitExists"`
UnderAttack bool `json:"underAttack"`
// environment information
ConfidentialityRequirement string `json:"confidentialityRequirement"`
IntegrityRequirement string `json:"integrityRequirement"`
AvailabilityRequirement string `json:"availabilityRequirement"`
Risk float64 `json:"risk"`
Vector string `json:"vector"`
}
func (RiskCalculationReport) Map ¶
func (r RiskCalculationReport) Map() map[string]any
func (RiskCalculationReport) String ¶
func (r RiskCalculationReport) String() string
type RiskHistoryDTO ¶
type RiskMetrics ¶
type ScanResponse ¶
type ScanResponse struct {
AmountOpened int `json:"amountOpened"`
AmountClosed int `json:"amountClosed"`
DependencyVulns []DependencyVulnDTO `json:"dependencyVulns"`
}
type Scorecard ¶
type Scorecard struct {
Date time.Time `json:"date"`
Repository struct {
Name string `json:"name"`
Commit string `json:"commit"`
} `json:"repository"`
Scorecard struct {
Version string `json:"version"`
Commit string `json:"commit"`
} `json:"scorecard"`
Checks []struct {
Name string `json:"name"`
Documentation struct {
ShortDescription string `json:"shortDescription"`
URL string `json:"url"`
} `json:"documentation"`
Score int `json:"score"`
Reason string `json:"reason"`
Details []any `json:"details"`
} `json:"checks"`
OverallScore float64 `json:"overallScore"`
Metadata []any `json:"metadata"`
}
type SemverEvent ¶
type SnippetContent ¶
type SnippetContents ¶
type SnippetContents struct {
Snippets []SnippetContent `json:"snippets"`
}
type UpstreamState ¶
type UpstreamState int
const ( UpstreamStateInternal UpstreamState = 0 UpstreamStateExternalAccepted UpstreamState = 1 UpstreamStateExternal UpstreamState = 2 )
type VulnEventDTO ¶
type VulnEventDTO struct {
ID uuid.UUID `json:"id"`
Type VulnEventType `json:"type"`
VulnID string `json:"vulnId"`
VulnType VulnType `json:"vulnType"`
UserID string `json:"userId"`
Justification *string `json:"justification"`
MechanicalJustification MechanicalJustificationType `json:"mechanicalJustification"`
ArbitraryJSONData map[string]any `json:"arbitraryJSONData"`
CreatedAt time.Time `json:"createdAt"`
AssetVersionName string `json:"assetVersionName"`
AssetVersionSlug string `json:"assetVersionSlug"`
VulnerabilityName string `json:"vulnerabilityName"`
PackageName string `json:"packageName"`
URI string `json:"uri"`
Upstream UpstreamState `json:"upstream"`
}
type VulnEventType ¶
type VulnEventType string
const ( // Manual Events (Events that required User Interaction) (see asset_version_service.go @ getDatesForVulnerabilityEvent) EventTypeFixed VulnEventType = "fixed" EventTypeLicenseDecision VulnEventType = "licenseDecision" EventTypeReopened VulnEventType = "reopened" EventTypeAccepted VulnEventType = "accepted" EventTypeMitigate VulnEventType = "mitigate" EventTypeFalsePositive VulnEventType = "falsePositive" EventTypeMarkedForTransfer VulnEventType = "markedForTransfer" EventTypeComment VulnEventType = "comment" // Automated Events (Events that are triggered by automation's on the server) EventTypeDetected VulnEventType = "detected" // EventTypeRiskAssessmentUpdated VulnEventType = "riskAssessmentUpdated" EventTypeRawRiskAssessmentUpdated VulnEventType = "rawRiskAssessmentUpdated" )
type VulnState ¶
type VulnState string
const ( VulnStateOpen VulnState = "open" VulnStateFixed VulnState = "fixed" // we did not find the dependencyVuln anymore in the last scan! VulnStateAccepted VulnState = "accepted" // like ignore VulnStateFalsePositive VulnState = "falsePositive" // we can use that for crowdsource vulnerability management. 27 People marked this as false positive and they have the same dependency tree - propably you are not either VulnStateMarkedForTransfer VulnState = "markedForTransfer" )
type VulnerabilityInReport ¶
type VulnerabilityInReport struct {
CVEID string
SourceName string
SourceURL string
AffectedComponent string
CveDescription string
AnalysisState string
AnalysisResponse string
AnalysisDetail string
AnalysisFirstIssued string
AnalysisLastUpdated string
CVSS float64
Severity string
CVSSMethod string
Vector string
DevguardScore float64
DevguardSeverity string
DevguardVector string
Depth int
}
VulnerabilityInReport represents a single CVE entry in the template.
type VulnerabilityReport ¶
type VulnerabilityReport struct {
AppTitle string
AppVersion string
ReportCreationDate string
AmountCritical int
AmountHigh int
AmountMedium int
AmountLow int
AvgFixTimeCritical string
AvgFixTimeHigh string
AvgFixTimeMedium string
AvgFixTimeLow string
CriticalVulns []VulnerabilityInReport
HighVulns []VulnerabilityInReport
MediumVulns []VulnerabilityInReport
LowVulns []VulnerabilityInReport
}
VulnerabilityReport is the top-level model matching the markdown.gotmpl context.
type WebhookIntegrationDTO ¶
type YamlMetadata ¶
type YamlMetadata struct {
Vars YamlVars `yaml:"metadata_vars"`
}
type YamlVars ¶
type YamlVars struct {
DocumentTitle string `yaml:"document_title"`
PrimaryColor string `yaml:"primary_color"`
Version string `yaml:"version"`
TimeOfGeneration string `yaml:"generation_date"`
ProjectTitle1 string `yaml:"app_title_part_one"`
ProjectTitle2 string `yaml:"app_title_part_two"`
OrganizationName string `yaml:"organization_name"`
Integrity string `yaml:"integrity"`
}
Source Files
¶
- asset_dto.go
- asset_version_dto.go
- component_dto.go
- contenttree.go
- cve_obj.go
- cve_relationship_dto.go
- dead_simple_signing_envelope.go
- dependency_vuln_dto.go
- deps_dev_dto.go
- first_party_vuln_dto.go
- git_repository_dto.go
- integrations_obj.go
- intoto_dto.go
- license_risk_dto.go
- org_dto.go
- osv_obj.go
- pat_dto.go
- policy_dto.go
- project_dto.go
- release_dto.go
- report_dto.go
- scan_dto.go
- statistics_dto.go
- user_dto.go
- vuln_report.go
- vulnevent_dto.go
Directories
Click to show internal directories.
Click to hide internal directories.