scan

package
v0.19.2 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Nov 4, 2025 License: AGPL-3.0 Imports: 14 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func NewSBOMScanner 

func NewSBOMScanner(purlComparer comparer, cveRepository core.CveRepository) *sbomScanner

func NewScanService added in v0.19.0 

func NewScanService(db core.DB, cveRepository core.CveRepository, assetVersionService core.AssetVersionService, dependencyVulnService core.DependencyVulnService, artifactService core.ArtifactService, statisticsService core.StatisticsService) *scanService

Types

type FirstPartyScanResponse added in v0.17.0 

type FirstPartyScanResponse struct {
	AmountOpened    int                      `json:"amountOpened"`
	AmountClosed    int                      `json:"amountClosed"`
	FirstPartyVulns []vuln.FirstPartyVulnDTO `json:"firstPartyVulns"`
}

type HTTPController added in v0.17.0 

type HTTPController struct {
	core.ScanService
	// mark public to let it be overridden in tests
	core.FireAndForgetSynchronizer
	// contains filtered or unexported fields
}

func NewHTTPController added in v0.17.0 

func NewHTTPController(scanService core.ScanService, componentRepository core.ComponentRepository, assetRepository core.AssetRepository, assetVersionRepository core.AssetVersionRepository, assetVersionService core.AssetVersionService, statisticsService core.StatisticsService, dependencyVulnService core.DependencyVulnService, firstPartyVulnService core.FirstPartyVulnService, artifactService core.ArtifactService, dependencyVulnRepository core.DependencyVulnRepository) *HTTPController

func (*HTTPController) DependencyVulnScan added in v0.17.0 

func (s *HTTPController) DependencyVulnScan(c core.Context, bom *cdx.BOM) (ScanResponse, error)

func (*HTTPController) FirstPartyVulnScan added in v0.17.0 

func (s *HTTPController) FirstPartyVulnScan(ctx core.Context) error

func (*HTTPController) ScanDependencyVulnFromProject added in v0.17.0 

func (s *HTTPController) ScanDependencyVulnFromProject(c core.Context) error

func (*HTTPController) ScanSbomFile added in v0.17.0 

func (s *HTTPController) ScanSbomFile(c core.Context) error

func (HTTPController) UploadVEX added in v0.17.0 

func (s HTTPController) UploadVEX(ctx core.Context) error

UploadVEX accepts a multipart file upload (field name "file") containing an OpenVEX JSON document. It updates existing dependency vulnerabilities on the target asset version and creates vuln events.

type PurlComparer added in v0.17.0 

type PurlComparer struct {
	// contains filtered or unexported fields
}

func NewPurlComparer 

func NewPurlComparer(db core.DB) *PurlComparer

func (*PurlComparer) GetAffectedComponents added in v0.17.0 

func (comparer *PurlComparer) GetAffectedComponents(purl, version string) ([]models.AffectedComponent, error)

GetAffectedComponents finds security vulnerabilities for a software package

func (*PurlComparer) GetVulns added in v0.17.0 

func (comparer *PurlComparer) GetVulns(purl string, version string, _ string) ([]models.VulnInPackage, error)

some purls do contain versions, which cannot be found in the database. An example is git. the purl looks like: pkg:deb/debian/git@v2.30.2-1, while the version we would like it to match is: 1:2.30.2-1 ("1:" prefix)

type ScanResponse 

type ScanResponse struct {
	AmountOpened    int                      `json:"amountOpened"`
	AmountClosed    int                      `json:"amountClosed"`
	DependencyVulns []vuln.DependencyVulnDTO `json:"dependencyVulns"`
}

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.