shared

package
v1.0.0-rc.10 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Dec 15, 2025 License: AGPL-3.0 Imports: 31 Imported by: 0

Documentation

Overview

Copyright (C) 2023 Tim Bastin, l3montree GmbH

This program is free software: you can redistribute it and/or modify it under the terms of the GNU Affero General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version.

This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Affero General Public License for more details.

You should have received a copy of the GNU Affero General Public License along with this program. If not, see <http://www.gnu.org/licenses/>.

Index

Constants

This section is empty.

Variables

View Source 
var V = validator.New()

Functions

func BootstrapOrg 

func BootstrapOrg(rbac AccessControl, userID string, userRole Role) error

func FetchMembersOfOrganization 

func FetchMembersOfOrganization(ctx Context) ([]dtos.UserDTO, error)

FetchMembersOfOrganization retrieves all members of an organization including their roles from both the RBAC system and third-party integrations

func GetArtifact 

func GetArtifact(ctx Context) models.Artifact

func GetArtifactName 

func GetArtifactName(ctx Context) (string, error)

func GetAsset 

func GetAsset(ctx Context) models.Asset

func GetAssetSlug 

func GetAssetSlug(ctx Context) (string, error)

func GetAssetVersion 

func GetAssetVersion(ctx Context) models.AssetVersion

func GetAssetVersionSlug 

func GetAssetVersionSlug(ctx Context) (string, error)

func GetAttestation 

func GetAttestation(ctx Context) models.Attestation

func GetBadgeSVG 

func GetBadgeSVG(label string, values []BadgeValues) string

func GetEventID 

func GetEventID(ctx Context) (string, error)

func GetOrg 

func GetOrg(c Context) models.Org

func GetOrgSlug 

func GetOrgSlug(ctx Context) (string, error)

func GetOryClient 

func GetOryClient(ctx Context) *client.APIClient

func GetParam 

func GetParam(ctx Context, param string) string

func GetProject 

func GetProject(ctx Context) models.Project

func GetProjectSlug 

func GetProjectSlug(ctx Context) (string, error)

func GetRepositoryID 

func GetRepositoryID(asset *models.Asset) (string, error)

func GetURLDecodedParam 

func GetURLDecodedParam(ctx Context, param string) (string, error)

func GetVulnID 

func GetVulnID(ctx Context) (string, dtos.VulnType, error)

func HasOrganization 

func HasOrganization(c Context) bool

func HasProject 

func HasProject(c Context) bool

func InitLogger 

func InitLogger()

InitLogger initializes the logger with a tint handler. tint is a simple logging library that allows to add colors to the log output. this is obviously not required, but it makes the logs easier to read.

func IsPublicRequest 

func IsPublicRequest(ctx Context) bool

func LoadConfig 

func LoadConfig() error

func MaybeGetArtifact 

func MaybeGetArtifact(ctx Context) (models.Artifact, error)

func MaybeGetAssetVersion 

func MaybeGetAssetVersion(ctx Context) (models.AssetVersion, error)

func MaybeGetProject 

func MaybeGetProject(ctx Context) (models.Project, error)

func Ptr 

func Ptr[T any](t T) *T

func SanitizeParam 

func SanitizeParam(s string) string

func SetArtifact 

func SetArtifact(ctx Context, artifact models.Artifact)

func SetAsset 

func SetAsset(ctx Context, asset models.Asset)

func SetAssetSlug 

func SetAssetSlug(ctx Context, assetSlug string)

func SetAssetVersion 

func SetAssetVersion(ctx Context, assetVersion models.AssetVersion)

func SetAttestation 

func SetAttestation(ctx Context, attestation models.Attestation)

func SetAuthAdminClient 

func SetAuthAdminClient(ctx Context, i AdminClient)

func SetEventID 

func SetEventID(ctx Context, eventID string)

func SetIsPublicRequest 

func SetIsPublicRequest(ctx Context)

func SetOrg 

func SetOrg(c Context, org models.Org)

func SetOrgSlug 

func SetOrgSlug(ctx Context, orgSlug string)

func SetProject 

func SetProject(ctx Context, project models.Project)

func SetProjectSlug 

func SetProjectSlug(ctx Context, projectSlug string)

func SetRBAC 

func SetRBAC(ctx Context, rbac AccessControl)

func SetSession 

func SetSession(ctx Context, session AuthSession)

func SetThirdPartyIntegration 

func SetThirdPartyIntegration(ctx Context, i IntegrationAggregate)

func ValidRole 

func ValidRole(role Role) bool

Types

type AccessControl 

type AccessControl interface {
	HasAccess(subject string) (bool, error) // return error if couldnt be checked due to unauthorized access or other issues

	InheritRole(roleWhichGetsPermissions, roleWhichProvidesPermissions Role) error

	GetAllRoles(user string) []string

	GrantRole(subject string, role Role) error
	RevokeRole(subject string, role Role) error

	GrantRoleInProject(subject string, role Role, project string) error
	GrantRoleInAsset(subject string, role Role, asset string) error

	RevokeRoleInProject(subject string, role Role, project string) error
	RevokeRoleInAsset(subject string, role Role, asset string) error

	RevokeAllRolesInProjectForUser(user string, project string) error
	RevokeAllRolesInAssetForUser(user string, asset string) error

	InheritProjectRole(roleWhichGetsPermissions, roleWhichProvidesPermissions Role, project string) error
	InheritAssetRole(roleWhichGetsPermissions, roleWhichProvidesPermissions Role, asset string) error

	InheritProjectRolesAcrossProjects(roleWhichGetsPermissions, roleWhichProvidesPermissions ProjectRole) error

	LinkDomainAndProjectRole(domainRoleWhichGetsPermission, projectRoleWhichProvidesPermissions Role, project string) error
	LinkProjectAndAssetRole(projectRoleWhichGetsPermission, assetRoleWhichProvidesPermissions Role, project, asset string) error

	AllowRole(role Role, object Object, action []Action) error
	IsAllowed(subject string, object Object, action Action) (bool, error)

	IsAllowedInProject(project *models.Project, user string, object Object, action Action) (bool, error)
	IsAllowedInAsset(asset *models.Asset, user string, object Object, action Action) (bool, error)

	AllowRoleInProject(project string, role Role, object Object, action []Action) error
	AllowRoleInAsset(asset string, role Role, object Object, action []Action) error

	GetAllProjectsForUser(user string) ([]string, error)
	GetAllAssetsForUser(user string) ([]string, error)

	GetOwnerOfOrganization() (string, error)

	GetAllMembersOfOrganization() ([]string, error)

	GetAllMembersOfProject(projectID string) ([]string, error)
	GetAllMembersOfAsset(projectID string) ([]string, error)

	GetDomainRole(user string) (Role, error)
	GetProjectRole(user string, project string) (Role, error)
	GetAssetRole(user string, asset string) (Role, error)

	GetExternalEntityProviderID() *string
}

func GetRBAC 

func GetRBAC(ctx Context) AccessControl

type Action 

type Action string
const (
	ActionCreate Action = "create"
	ActionRead   Action = "read"
	ActionUpdate Action = "update"
	ActionDelete Action = "delete"
)

type AdminClient 

type AdminClient interface {
	ListUser(client client.IdentityAPIListIdentitiesRequest) ([]client.Identity, error)
	GetIdentity(ctx context.Context, userID string) (client.Identity, error)
	GetIdentityWithCredentials(ctx context.Context, userID string) (client.Identity, error)
}

func GetAuthAdminClient 

func GetAuthAdminClient(ctx Context) AdminClient

type AdminClientImplementation 

type AdminClientImplementation struct {
	// contains filtered or unexported fields
}

func NewAdminClient 

func NewAdminClient(client *client.APIClient) AdminClientImplementation

func (AdminClientImplementation) GetIdentity 

func (a AdminClientImplementation) GetIdentity(ctx context.Context, userID string) (client.Identity, error)

func (AdminClientImplementation) GetIdentityWithCredentials 

func (a AdminClientImplementation) GetIdentityWithCredentials(ctx context.Context, userID string) (client.Identity, error)

func (AdminClientImplementation) ListUser 

func (a AdminClientImplementation) ListUser(request client.IdentityAPIListIdentitiesRequest) ([]client.Identity, error)

type AffectedComponentRepository 

type AffectedComponentRepository interface {
	utils.Repository[string, models.AffectedComponent, DB]
	GetAllAffectedComponentsID() ([]string, error)
	Save(tx DB, affectedComponent *models.AffectedComponent) error
	SaveBatch(tx DB, affectedPkgs []models.AffectedComponent) error
	DeleteAll(tx DB, ecosystem string) error
}

type ArtifactObject 

type ArtifactObject struct {
	ArtifactName string `json:"artifactName"`
}

type ArtifactRepository 

type ArtifactRepository interface {
	utils.Repository[string, models.Artifact, DB]
	GetByAssetIDAndAssetVersionName(assetID uuid.UUID, assetVersionName string) ([]models.Artifact, error)
	ReadArtifact(name string, assetVersionName string, assetID uuid.UUID) (models.Artifact, error)
	DeleteArtifact(assetID uuid.UUID, assetVersionName string, artifactName string) error
	GetAllArtifactAffectedByDependencyVuln(tx DB, vulnID string) ([]models.Artifact, error)
	GetByAssetVersions(assetID uuid.UUID, assetVersionNames []string) ([]models.Artifact, error)
}

type ArtifactRiskHistoryRepository 

type ArtifactRiskHistoryRepository interface {
	// artifactName if non-nil restricts the history to a single artifact (artifactName + assetVersionName + assetID)
	GetRiskHistory(artifactName *string, assetVersionName string, assetID uuid.UUID, start, end time.Time) ([]models.ArtifactRiskHistory, error)
	// GetRiskHistoryByRelease collects artifact risk histories for all artifacts included in a release tree
	GetRiskHistoryByRelease(releaseID uuid.UUID, start, end time.Time) ([]models.ArtifactRiskHistory, error)
	UpdateRiskAggregation(assetRisk *models.ArtifactRiskHistory) error
}

type ArtifactService 

type ArtifactService interface {
	GetArtifactsByAssetIDAndAssetVersionName(assetID uuid.UUID, assetVersionName string) ([]models.Artifact, error)
	SaveArtifact(artifact *models.Artifact) error
	DeleteArtifact(assetID uuid.UUID, assetVersionName string, artifactName string) error
	ReadArtifact(name string, assetVersionName string, assetID uuid.UUID) (models.Artifact, error)
	FetchBomsFromUpstream(artifactName string, ref string, upstreamURLs []string) ([]*normalize.CdxBom, []string, []string)
	SyncUpstreamBoms(boms []*normalize.CdxBom, org models.Org, project models.Project, asset models.Asset, assetVersion models.AssetVersion, artifact models.Artifact, userID string) ([]models.DependencyVuln, error)
}

type AssetObject 

type AssetObject struct {
	ID          uuid.UUID `json:"id"`
	Name        string    `json:"name"`
	Slug        string    `json:"slug"`
	Description string    `json:"description"`
	ProjectID   uuid.UUID `json:"projectId"`

	AvailabilityRequirement    string `json:"availabilityRequirement"`
	IntegrityRequirement       string `json:"integrityRequirement"`
	ConfidentialityRequirement string `json:"confidentialityRequirement"`
	ReachableFromInternet      bool   `json:"reachableFromInternet"`

	RepositoryID   *string `json:"repositoryId"`
	RepositoryName *string `json:"repositoryName"`

	LastSecretScan    *time.Time `json:"lastSecretScan"`
	LastSastScan      *time.Time `json:"lastSastScan"`
	LastScaScan       *time.Time `json:"lastScaScan"`
	LastIacScan       *time.Time `json:"lastIacScan"`
	LastContainerScan *time.Time `json:"lastContainerScan"`
	LastDastScan      *time.Time `json:"lastDastScan"`
	SigningPubKey     *string    `json:"signingPubKey"`

	EnableTicketRange            bool     `json:"enableTicketRange"`
	CVSSAutomaticTicketThreshold *float64 `json:"cvssAutomaticTicketThreshold"`
	RiskAutomaticTicketThreshold *float64 `json:"riskAutomaticTicketThreshold"`

	ExternalEntityProviderID *string `json:"externalEntityProviderId,omitempty"`
	ExternalEntityID         *string `json:"externalEntityId,omitempty"`
}

func ToAssetObject 

func ToAssetObject(a models.Asset) AssetObject

type AssetRepository 

type AssetRepository interface {
	utils.Repository[uuid.UUID, models.Asset, DB]
	GetAllowedAssetsByProjectID(allowedAssetIDs []string, projectID uuid.UUID) ([]models.Asset, error)
	GetByProjectID(projectID uuid.UUID) ([]models.Asset, error)
	GetByOrgID(organizationID uuid.UUID) ([]models.Asset, error)
	FindByName(name string) (models.Asset, error)
	FindAssetByExternalProviderID(externalEntityProviderID string, externalEntityID string) (*models.Asset, error)
	GetFQNByID(id uuid.UUID) (string, error)
	ReadBySlug(projectID uuid.UUID, slug string) (models.Asset, error)
	GetAssetIDBySlug(projectID uuid.UUID, slug string) (uuid.UUID, error)
	Update(tx DB, asset *models.Asset) error
	ReadBySlugUnscoped(projectID uuid.UUID, slug string) (models.Asset, error)
	GetAllAssetsFromDB() ([]models.Asset, error)
	Delete(tx DB, id uuid.UUID) error
	GetAssetIDByBadgeSecret(badgeSecret uuid.UUID) (models.Asset, error)
	ReadWithAssetVersions(assetID uuid.UUID) (models.Asset, error)
	GetAssetsWithVulnSharingEnabled(orgID uuid.UUID) ([]models.Asset, error)
}

type AssetService 

type AssetService interface {
	UpdateAssetRequirements(asset models.Asset, responsible string, justification string) error
	GetCVSSBadgeSVG(results []models.ArtifactRiskHistory) string
	CreateAsset(rbac AccessControl, currentUserID string, asset models.Asset) (*models.Asset, error)
	BootstrapAsset(rbac AccessControl, asset *models.Asset) error
}

type AssetVersionObject 

type AssetVersionObject struct {
	Name          string         `json:"name"`
	AssetID       uuid.UUID      `json:"assetId"`
	Slug          string         `json:"slug"`
	DefaultBranch bool           `json:"defaultBranch"`
	Type          string         `json:"type"`
	SigningPubKey *string        `json:"signingPubKey"`
	Metadata      map[string]any `json:"metadata"`
}

func ToAssetVersionObject 

func ToAssetVersionObject(av models.AssetVersion) AssetVersionObject

type AssetVersionRepository 

type AssetVersionRepository interface {
	All() ([]models.AssetVersion, error)
	Read(assetVersionName string, assetID uuid.UUID) (models.AssetVersion, error)
	GetDB(DB) DB
	Delete(tx DB, assetVersion *models.AssetVersion) error
	Save(tx DB, assetVersion *models.AssetVersion) error
	GetAssetVersionsByAssetID(tx DB, assetID uuid.UUID) ([]models.AssetVersion, error)
	GetAssetVersionsByAssetIDWithArtifacts(tx DB, assetID uuid.UUID) ([]models.AssetVersion, error)
	GetDefaultAssetVersionsByProjectID(projectID uuid.UUID) ([]models.AssetVersion, error)
	GetDefaultAssetVersionsByProjectIDs(projectIDs []uuid.UUID) ([]models.AssetVersion, error)
	FindOrCreate(assetVersionName string, assetID uuid.UUID, tag bool, defaultBranchName *string) (models.AssetVersion, error)
	ReadBySlug(assetID uuid.UUID, slug string) (models.AssetVersion, error)
	GetDefaultAssetVersion(assetID uuid.UUID) (models.AssetVersion, error)
	GetAllTagsAndDefaultBranchForAsset(tx DB, assetID uuid.UUID) ([]models.AssetVersion, error)
	UpdateAssetDefaultBranch(assetID uuid.UUID, defaultBranch string) error
	DeleteOldAssetVersions(day int) (int64, error)
}

type AssetVersionService 

type AssetVersionService interface {
	BuildSBOM(asset models.Asset, assetVersion models.AssetVersion, artifactName string, orgName string, components []models.ComponentDependency) (*normalize.CdxBom, error)
	BuildVeX(asset models.Asset, assetVersion models.AssetVersion, artifactName string, orgName string, dependencyVulns []models.DependencyVuln) *normalize.CdxBom
	GetAssetVersionsByAssetID(assetID uuid.UUID) ([]models.AssetVersion, error)
	HandleFirstPartyVulnResult(org models.Org, project models.Project, asset models.Asset, assetVersion *models.AssetVersion, sarifScan sarif.SarifSchema210Json, scannerID string, userID string) ([]models.FirstPartyVuln, []models.FirstPartyVuln, []models.FirstPartyVuln, error)
	UpdateSBOM(org models.Org, project models.Project, asset models.Asset, assetVersion models.AssetVersion, artifactName string, sbom *normalize.CdxBom, upstream dtos.UpstreamState) (*normalize.CdxBom, error)
	HandleScanResult(org models.Org, project models.Project, asset models.Asset, assetVersion *models.AssetVersion, vulns []models.VulnInPackage, artifactName string, userID string, upstream dtos.UpstreamState) (opened []models.DependencyVuln, closed []models.DependencyVuln, newState []models.DependencyVuln, err error)
	BuildOpenVeX(asset models.Asset, assetVersion models.AssetVersion, organizationSlug string, dependencyVulns []models.DependencyVuln) vex.VEX
}

type AttestationRepository 

type AttestationRepository interface {
	utils.Repository[string, models.Attestation, DB]
	GetByAssetID(assetID uuid.UUID) ([]models.Attestation, error)
	GetByAssetVersionAndAssetID(assetID uuid.UUID, assetVersion string) ([]models.Attestation, error)
}

type AuthSession 

type AuthSession interface {
	GetUserID() string
	GetScopes() []string
}

func GetSession 

func GetSession(ctx Context) AuthSession

type BadgeValues 

type BadgeValues struct {
	Key   string
	Value int
	Color string
}

type CSAFService 

type CSAFService interface {
	GetVexFromCsafProvider(purl packageurl.PackageURL, ref string, realURL, domain string) (*normalize.CdxBom, error)
}

type ComponentProjectRepository 

type ComponentProjectRepository interface {
	utils.Repository[string, models.ComponentProject, DB]
	FindAllOutdatedProjects() ([]models.ComponentProject, error)
}

type ComponentRepository 

type ComponentRepository interface {
	utils.Repository[string, models.Component, DB]
	LoadComponents(tx DB, assetVersionName string, assetID uuid.UUID, artifactName *string) ([]models.ComponentDependency, error)
	LoadComponentsWithProject(tx DB, overwrittenLicenses []models.LicenseRisk, assetVersionName string, assetID uuid.UUID, pageInfo PageInfo, search string, filter []FilterQuery, sort []SortQuery) (Paged[models.ComponentDependency], error)
	LoadPathToComponent(tx DB, assetVersionName string, assetID uuid.UUID, pURL string, artifactName *string) ([]models.ComponentDependency, error)
	SearchComponentOccurrencesByProject(tx DB, projectIDs []uuid.UUID, pageInfo PageInfo, search string) (Paged[models.ComponentOccurrence], error)
	SaveBatch(tx DB, components []models.Component) error
	FindByPurl(tx DB, purl string) (models.Component, error)
	HandleStateDiff(tx DB, assetVersionName string, assetID uuid.UUID, oldState []models.ComponentDependency, newState []models.ComponentDependency, artifactName string) (bool, error)
	GetLicenseDistribution(tx DB, assetVersionName string, assetID uuid.UUID, artifactName *string) (map[string]int, error)
	CreateComponents(tx DB, components []models.ComponentDependency) error
	FetchInformationSources(artifact *models.Artifact) ([]models.ComponentDependency, error)
	RemoveInformationSources(artifact *models.Artifact, rootNodePurls []string) error
}

type ComponentService 

type ComponentService interface {
	GetAndSaveLicenseInformation(assetVersion models.AssetVersion, artifactName *string, forceRefresh bool, upstream dtos.UpstreamState) ([]models.Component, error)
	RefreshComponentProjectInformation(project models.ComponentProject)
	GetLicense(component models.Component) (models.Component, error)
	FetchInformationSources(artifact *models.Artifact) ([]models.ComponentDependency, error)
	RemoveInformationSources(artifact *models.Artifact, rootNodePurls []string) error
}

type ConfigRepository 

type ConfigRepository interface {
	Save(tx DB, config *models.Config) error
	GetDB(tx DB) DB
}

type ConfigService 

type ConfigService interface {
	// retrieves the value for the given key and marshals it into v
	GetJSONConfig(key string, v any) error
	SetJSONConfig(key string, v any) error
}

type Context 

type Context = echo.Context

type CveRepository 

type CveRepository interface {
	utils.Repository[string, models.CVE, DB]
	FindByID(id string) (models.CVE, error)
	GetLastModDate() (time.Time, error)
	GetAllCVEsID() ([]string, error)
	Save(tx DB, cve *models.CVE) error
	SaveCveAffectedComponents(tx DB, cveID string, affectedComponentHashes []string) error
	FindCVE(tx DB, id string) (models.CVE, error)
	FindCVEs(tx DB, ids []string) ([]models.CVE, error)
	FindAllListPaged(tx DB, pageInfo PageInfo, filter []FilterQuery, sort []SortQuery) (Paged[models.CVE], error)
}

type CweRepository 

type CweRepository interface {
	GetAllCWEsID() ([]string, error)
	SaveBatch(tx DB, cwes []models.CWE) error
}

type DB 

type DB = *gorm.DB

func DatabaseFactory 

func DatabaseFactory() (DB, error)

type DaemonRunner 

type DaemonRunner interface {
	RunDaemonPipelineForAsset(assetID uuid.UUID) error
	RunAssetPipeline()
	UpdateFixedVersions() error
	UpdateVulnDB() error
	UpdateOpenSourceInsightInformation() error
	DeleteOldAssetVersions() error

	Start()
}

type DependencyVulnRepository 

type DependencyVulnRepository interface {
	utils.Repository[string, models.DependencyVuln, DB]
	GetByAssetID(tx DB, assetID uuid.UUID) ([]models.DependencyVuln, error)
	GetAllVulnsByAssetID(tx DB, assetID uuid.UUID) ([]models.DependencyVuln, error)
	GetAllVulnsByAssetIDWithTicketIDs(tx DB, assetID uuid.UUID) ([]models.DependencyVuln, error)
	GetDependencyVulnByCVEIDAndAssetID(tx DB, cveID string, assetID uuid.UUID) ([]models.DependencyVuln, error)
	GetAllOpenVulnsByAssetVersionNameAndAssetID(tx DB, artifactName *string, assetVersionName string, assetID uuid.UUID) ([]models.DependencyVuln, error)
	GetDependencyVulnsByAssetVersion(tx DB, assetVersionName string, assetID uuid.UUID, artifactName *string) ([]models.DependencyVuln, error)
	GetByAssetVersionPaged(tx DB, assetVersionName string, assetID uuid.UUID, pageInfo PageInfo, search string, filter []FilterQuery, sort []SortQuery) (Paged[models.DependencyVuln], map[string]int, error)
	GetDefaultDependencyVulnsByOrgIDPaged(tx DB, userAllowedProjectIds []string, pageInfo PageInfo, search string, filter []FilterQuery, sort []SortQuery) (Paged[models.DependencyVuln], error)
	GetDefaultDependencyVulnsByProjectIDPaged(tx DB, projectID uuid.UUID, pageInfo PageInfo, search string, filter []FilterQuery, sort []SortQuery) (Paged[models.DependencyVuln], error)
	GetDependencyVulnsByAssetVersionPagedAndFlat(tx DB, assetVersionName string, assetVersionID uuid.UUID, pageInfo PageInfo, search string, filter []FilterQuery, sort []SortQuery) (Paged[models.DependencyVuln], error)
	ListByAssetAndAssetVersion(assetVersionName string, assetID uuid.UUID) ([]models.DependencyVuln, error)
	GetDependencyVulnsByPurl(tx DB, purls []string) ([]models.DependencyVuln, error)
	ApplyAndSave(tx DB, dependencyVuln *models.DependencyVuln, vulnEvent *models.VulnEvent) error
	GetDependencyVulnsByDefaultAssetVersion(tx DB, assetID uuid.UUID, artifactName *string) ([]models.DependencyVuln, error)
	ListUnfixedByAssetAndAssetVersion(assetVersionName string, assetID uuid.UUID, artifactName *string) ([]models.DependencyVuln, error)
	GetHintsInOrganizationForVuln(tx DB, orgID uuid.UUID, pURL string, cveID string) (dtos.DependencyVulnHints, error)
	GetAllByAssetIDAndState(tx DB, assetID uuid.UUID, state dtos.VulnState, durationSinceStateChange time.Duration) ([]models.DependencyVuln, error)
	GetDependencyVulnsByOtherAssetVersions(tx DB, assetVersionName string, assetID uuid.UUID) ([]models.DependencyVuln, error)
	GetAllVulnsByArtifact(tx DB, artifact models.Artifact) ([]models.DependencyVuln, error)
	GetAllVulnsForTagsAndDefaultBranchInAsset(tx DB, assetID uuid.UUID, excludedStates []dtos.VulnState) ([]models.DependencyVuln, error)
	ListByAssetIDWithoutHandledExternalEvents(assetID uuid.UUID, assetVersionName string, pageInfo PageInfo, search string, filter []FilterQuery, sort []SortQuery) (Paged[models.DependencyVuln], error)
}

type DependencyVulnService 

type DependencyVulnService interface {
	RecalculateRawRiskAssessment(tx DB, userID string, dependencyVulns []models.DependencyVuln, justification string, asset models.Asset) ([]models.DependencyVuln, error)
	UserFixedDependencyVulns(tx DB, userID string, dependencyVulns []models.DependencyVuln, assetVersion models.AssetVersion, asset models.Asset, upstream dtos.UpstreamState) error
	UserDetectedDependencyVulns(tx DB, artifactName string, dependencyVulns []models.DependencyVuln, assetVersion models.AssetVersion, asset models.Asset, upstream dtos.UpstreamState) error
	UserDetectedExistingVulnOnDifferentBranch(tx DB, artifactName string, dependencyVulns []models.DependencyVuln, alreadyExistingEvents [][]models.VulnEvent, assetVersion models.AssetVersion, asset models.Asset) error
	UserDetectedDependencyVulnInAnotherArtifact(tx DB, vulnerabilities []models.DependencyVuln, artifactName string) error
	UserDidNotDetectDependencyVulnInArtifactAnymore(tx DB, vulnerabilities []models.DependencyVuln, artifactName string) error
	CreateVulnEventAndApply(tx DB, assetID uuid.UUID, userID string, dependencyVuln *models.DependencyVuln, status dtos.VulnEventType, justification string, mechanicalJustification dtos.MechanicalJustificationType, assetVersionName string, upstream dtos.UpstreamState) (models.VulnEvent, error)
	SyncIssues(org models.Org, project models.Project, asset models.Asset, assetVersion models.AssetVersion, vulnList []models.DependencyVuln) error
	SyncAllIssues(org models.Org, project models.Project, asset models.Asset, assetVersion models.AssetVersion) error
}

type DependencyVulnsDetectedEvent 

type DependencyVulnsDetectedEvent struct {
	Vulns        any // []dtos.DependencyVulnDTO
	Org          OrgObject
	Project      ProjectObject
	Asset        AssetObject
	Artifact     ArtifactObject
	AssetVersion AssetVersionObject
}

type Environmental 

type Environmental struct {
	ConfidentialityRequirements string
	IntegrityRequirements       string
	AvailabilityRequirements    string
}

func GetEnvironmental 

func GetEnvironmental(ctx Context) Environmental

func GetEnvironmentalFromAsset 

func GetEnvironmentalFromAsset(m models.Asset) Environmental

func SanitizeEnv 

func SanitizeEnv(env Environmental) Environmental

type ExploitRepository 

type ExploitRepository interface {
	GetAllExploitsID() ([]string, error)
	SaveBatch(tx DB, exploits []models.Exploit) error
}

type ExternalEntityProviderService 

type ExternalEntityProviderService interface {
	RefreshExternalEntityProviderProjects(ctx Context, org models.Org, user string) error
	TriggerOrgSync(c Context) error
	SyncOrgs(c Context) ([]*models.Org, error)
	TriggerSync(c echo.Context) error
}

type ExternalEntitySlug 

type ExternalEntitySlug string

func FromStringToExternalEntitySlug 

func FromStringToExternalEntitySlug(s string) (ExternalEntitySlug, error)

func (ExternalEntitySlug) IsValid 

func (e ExternalEntitySlug) IsValid() bool

func (ExternalEntitySlug) ProviderID 

func (e ExternalEntitySlug) ProviderID() string

func (ExternalEntitySlug) SameAs 

func (e ExternalEntitySlug) SameAs(slug string) bool

func (ExternalEntitySlug) Slug 

func (e ExternalEntitySlug) Slug() string

func (ExternalEntitySlug) String 

func (e ExternalEntitySlug) String() string

type ExternalUserRepository 

type ExternalUserRepository interface {
	Save(db DB, user *models.ExternalUser) error
	GetDB(tx DB) DB
	FindByOrgID(tx DB, orgID uuid.UUID) ([]models.ExternalUser, error)
}

type FilterQuery 

type FilterQuery struct {
	Field      string
	FieldValue string
	Operator   string
}

func GetFilterQuery 

func GetFilterQuery(ctx Context) []FilterQuery

func (FilterQuery) SQL 

func (f FilterQuery) SQL() string

func (FilterQuery) Value 

func (f FilterQuery) Value() any

type FirstPartyVulnRepository 

type FirstPartyVulnRepository interface {
	utils.Repository[string, models.FirstPartyVuln, DB]
	SaveBatch(tx DB, vulns []models.FirstPartyVuln) error
	Save(tx DB, vuln *models.FirstPartyVuln) error
	Transaction(txFunc func(DB) error) error
	Begin() DB
	GetDefaultFirstPartyVulnsByProjectIDPaged(tx DB, projectID uuid.UUID, pageInfo PageInfo, search string, filter []FilterQuery, sort []SortQuery) (Paged[models.FirstPartyVuln], error)
	GetDefaultFirstPartyVulnsByOrgIDPaged(tx DB, userAllowedProjectIds []string, pageInfo PageInfo, search string, filter []FilterQuery, sort []SortQuery) (Paged[models.FirstPartyVuln], error)
	GetByAssetID(tx DB, assetID uuid.UUID) ([]models.FirstPartyVuln, error)
	GetByAssetVersionPaged(tx DB, assetVersionName string, assetID uuid.UUID, pageInfo PageInfo, search string, filter []FilterQuery, sort []SortQuery) (Paged[models.FirstPartyVuln], map[string]int, error)
	ListByScanner(assetVersionName string, assetID uuid.UUID, scannerID string) ([]models.FirstPartyVuln, error)
	ApplyAndSave(tx DB, dependencyVuln *models.FirstPartyVuln, vulnEvent *models.VulnEvent) error
	GetByAssetVersion(tx DB, assetVersionName string, assetID uuid.UUID) ([]models.FirstPartyVuln, error)
	GetFirstPartyVulnsByOtherAssetVersions(tx DB, assetVersionName string, assetID uuid.UUID, scannerID string) ([]models.FirstPartyVuln, error)
	ListUnfixedByAssetAndAssetVersionAndScanner(assetVersionName string, assetID uuid.UUID, scannerID string) ([]models.FirstPartyVuln, error)
}

type FirstPartyVulnService 

type FirstPartyVulnService interface {
	UserFixedFirstPartyVulns(tx DB, userID string, firstPartyVulns []models.FirstPartyVuln) error
	UserDetectedFirstPartyVulns(tx DB, userID string, scannerID string, firstPartyVulns []models.FirstPartyVuln) error
	UserDetectedExistingFirstPartyVulnOnDifferentBranch(tx DB, scannerID string, firstPartyVulns []models.FirstPartyVuln, alreadyExistingEvents [][]models.VulnEvent, assetVersion models.AssetVersion, asset models.Asset) error
	UpdateFirstPartyVulnState(tx DB, userID string, firstPartyVuln *models.FirstPartyVuln, statusType string, justification string, mechanicalJustification dtos.MechanicalJustificationType) (models.VulnEvent, error)
	SyncIssues(org models.Org, project models.Project, asset models.Asset, assetVersion models.AssetVersion, vulnList []models.FirstPartyVuln) error
	SyncAllIssues(org models.Org, project models.Project, asset models.Asset, assetVersion models.AssetVersion) error
}

type FirstPartyVulnsDetectedEvent 

type FirstPartyVulnsDetectedEvent struct {
	Vulns        any //[]dtos.FirstPartyVulnDTO
	Org          OrgObject
	Project      ProjectObject
	Asset        AssetObject
	AssetVersion AssetVersionObject
}

type GitLabOauth2TokenRepository 

type GitLabOauth2TokenRepository interface {
	Save(tx DB, model ...*models.GitLabOauth2Token) error
	FindByUserIDAndProviderID(userID string, providerID string) (*models.GitLabOauth2Token, error)
	FindByUserID(userID string) ([]models.GitLabOauth2Token, error)
	Delete(tx DB, tokens []models.GitLabOauth2Token) error
	DeleteByUserIDAndProviderID(userID string, providerID string) error
	CreateIfNotExists(tokens []*models.GitLabOauth2Token) error
}

type GithubAppInstallationRepository 

type GithubAppInstallationRepository interface {
	Save(tx DB, model *models.GithubAppInstallation) error
	Read(installationID int) (models.GithubAppInstallation, error)
	FindByOrganizationID(orgID uuid.UUID) ([]models.GithubAppInstallation, error)
	Delete(tx DB, installationID int) error
}

type GithubClientFacade 

type GithubClientFacade interface {
	CreateIssue(ctx context.Context, owner string, repo string, issue *github.IssueRequest) (*github.Issue, *github.Response, error)
	CreateIssueComment(ctx context.Context, owner string, repo string, number int, comment *github.IssueComment) (*github.IssueComment, *github.Response, error)
	EditIssue(ctx context.Context, owner string, repo string, number int, issue *github.IssueRequest) (*github.Issue, *github.Response, error)
	EditIssueLabel(ctx context.Context, owner string, repo string, name string, label *github.Label) (*github.Label, *github.Response, error)
	IsCollaboratorInRepository(ctx context.Context, owner string, repoID string, userID int64, opts *github.ListCollaboratorsOptions) (bool, error)
}

wrapper around the github package - which provides only the methods we need

type GitlabClientFacade 

type GitlabClientFacade interface {
	Whoami(ctx context.Context) (*gitlab.User, *gitlab.Response, error)

	GetVersion(ctx context.Context) (*gitlab.Version, *gitlab.Response, error)
	FetchGroupAvatarBase64(groupID int) (string, error)
	FetchProjectAvatarBase64(projectID int) (string, error)

	GetClientID() string

	ListProjects(ctx context.Context, opt *gitlab.ListProjectsOptions) ([]*gitlab.Project, *gitlab.Response, error)
	ListGroups(ctx context.Context, opt *gitlab.ListGroupsOptions) ([]*gitlab.Group, *gitlab.Response, error)
	GetGroup(ctx context.Context, groupID int) (*gitlab.Group, *gitlab.Response, error)
	GetMemberInGroup(ctx context.Context, userID int, groupID int) (*gitlab.GroupMember, *gitlab.Response, error)
	GetMemberInProject(ctx context.Context, userID int, projectID int) (*gitlab.ProjectMember, *gitlab.Response, error)
	ListProjectsInGroup(ctx context.Context, groupID int, opt *gitlab.ListGroupProjectsOptions) ([]*gitlab.Project, *gitlab.Response, error)
	GetProjectIssues(projectID int, opt *gitlab.ListProjectIssuesOptions) ([]*gitlab.Issue, *gitlab.Response, error)

	CreateIssue(ctx context.Context, pid int, opt *gitlab.CreateIssueOptions) (*gitlab.Issue, *gitlab.Response, error)
	CreateIssueComment(ctx context.Context, pid int, issue int, opt *gitlab.CreateIssueNoteOptions) (*gitlab.Note, *gitlab.Response, error)
	EditIssue(ctx context.Context, pid int, issue int, opt *gitlab.UpdateIssueOptions) (*gitlab.Issue, *gitlab.Response, error)
	EditIssueLabel(ctx context.Context, pid int, issue int, labels []*gitlab.CreateLabelOptions) (*gitlab.Response, error)
	CreateNewLabel(ctx context.Context, projectID int, label *gitlab.CreateLabelOptions) (*gitlab.Label, *gitlab.Response, error)
	ListLabels(ctx context.Context, projectID int, opt *gitlab.ListLabelsOptions) ([]*gitlab.Label, *gitlab.Response, error)
	UpdateLabel(ctx context.Context, projectID int, labelID int, opt *gitlab.UpdateLabelOptions) (*gitlab.Label, *gitlab.Response, error)

	ListProjectHooks(ctx context.Context, projectID int, options *gitlab.ListProjectHooksOptions) ([]*gitlab.ProjectHook, *gitlab.Response, error)
	AddProjectHook(ctx context.Context, projectID int, opt *gitlab.AddProjectHookOptions) (*gitlab.ProjectHook, *gitlab.Response, error)
	DeleteProjectHook(ctx context.Context, projectID int, hookID int) (*gitlab.Response, error)

	ListVariables(ctx context.Context, projectID int, options *gitlab.ListProjectVariablesOptions) ([]*gitlab.ProjectVariable, *gitlab.Response, error)
	CreateVariable(ctx context.Context, projectID int, opt *gitlab.CreateProjectVariableOptions) (*gitlab.ProjectVariable, *gitlab.Response, error)
	UpdateVariable(ctx context.Context, projectID int, key string, opt *gitlab.UpdateProjectVariableOptions) (*gitlab.ProjectVariable, *gitlab.Response, error)
	RemoveVariable(ctx context.Context, projectID int, key string) (*gitlab.Response, error)

	CreateMergeRequest(ctx context.Context, project string, opt *gitlab.CreateMergeRequestOptions) (*gitlab.MergeRequest, *gitlab.Response, error)
	GetProject(ctx context.Context, projectID int) (*gitlab.Project, *gitlab.Response, error)

	IsProjectMember(ctx context.Context, projectID int, userID int, options *gitlab.ListProjectMembersOptions) (bool, error)

	InviteReporter(ctx context.Context, projectID int, userID int) (*gitlab.ProjectMember, *gitlab.Response, error)
}

type GitlabClientFactory 

type GitlabClientFactory interface {
	FromIntegration(integration models.GitLabIntegration) (GitlabClientFacade, error)
	FromIntegrationUUID(id uuid.UUID) (GitlabClientFacade, error)
	FromOauth2Token(token models.GitLabOauth2Token, enableClientCache bool) (GitlabClientFacade, error)
	FromAccessToken(accessToken string, baseURL string) (GitlabClientFacade, error)
}

type GitlabIntegrationRepository 

type GitlabIntegrationRepository interface {
	Save(tx DB, model *models.GitLabIntegration) error
	Read(id uuid.UUID) (models.GitLabIntegration, error)
	FindByOrganizationID(orgID uuid.UUID) ([]models.GitLabIntegration, error)
	Delete(tx DB, id uuid.UUID) error
}

type InTotoLinkRepository 

type InTotoLinkRepository interface {
	utils.Repository[uuid.UUID, models.InTotoLink, DB]
	FindByAssetAndSupplyChainID(assetID uuid.UUID, supplyChainID string) ([]models.InTotoLink, error)
	Save(tx DB, model *models.InTotoLink) error
	FindBySupplyChainID(supplyChainID string) ([]models.InTotoLink, error)
}

type InTotoVerifierService 

type InTotoVerifierService interface {
	VerifySupplyChainWithOutputDigest(supplyChainID string, digest string) (bool, error)
	VerifySupplyChain(supplyChainID string) (bool, error)
	VerifySupplyChainByDigestOnly(digest string) (bool, error)
	HexPublicKeyToInTotoKey(hexPubKey string) (toto.Key, error)
}

type IntegrationAggregate 

type IntegrationAggregate interface {
	ThirdPartyIntegration
	GetIntegration(id IntegrationID) ThirdPartyIntegration
	GetUsers(org models.Org) []dtos.UserDTO
}

func GetThirdPartyIntegration 

func GetThirdPartyIntegration(ctx Context) IntegrationAggregate

type IntegrationID 

type IntegrationID string
const (
	GitLabIntegrationID  IntegrationID = "gitlab"
	GitHubIntegrationID  IntegrationID = "github"
	AggregateID          IntegrationID = "aggregate"
	JiraIntegrationID    IntegrationID = "jira"
	WebhookIntegrationID IntegrationID = "webhook"
)

type InvitationRepository 

type InvitationRepository interface {
	Save(tx DB, invitation *models.Invitation) error
	FindByCode(code string) (models.Invitation, error)
	Delete(tx DB, id uuid.UUID) error
}

type JiraIntegrationRepository 

type JiraIntegrationRepository interface {
	Save(tx DB, model *models.JiraIntegration) error
	Read(id uuid.UUID) (models.JiraIntegration, error)
	FindByOrganizationID(orgID uuid.UUID) ([]models.JiraIntegration, error)
	Delete(tx DB, id uuid.UUID) error
	GetClientByIntegrationID(integrationID uuid.UUID) (models.JiraIntegration, error)
}

type LeaderElector 

type LeaderElector interface {
	IsLeader() bool
}

type LicenseRiskRepository 

type LicenseRiskRepository interface {
	utils.Repository[string, models.LicenseRisk, DB]
	GetByAssetID(tx DB, assetID uuid.UUID) ([]models.LicenseRisk, error)
	GetAllLicenseRisksForAssetVersionPaged(tx DB, assetID uuid.UUID, assetVersionName string, pageInfo PageInfo, search string, filter []FilterQuery, sort []SortQuery) (Paged[models.LicenseRisk], error)
	GetAllLicenseRisksForAssetVersion(assetID uuid.UUID, assetVersionName string) ([]models.LicenseRisk, error)
	GetLicenseRisksByOtherAssetVersions(tx DB, assetVersionName string, assetID uuid.UUID) ([]models.LicenseRisk, error)
	GetAllOverwrittenLicensesForAssetVersion(assetID uuid.UUID, assetVersionName string) ([]models.LicenseRisk, error)
	MaybeGetLicenseOverwriteForComponent(assetID uuid.UUID, assetVersionName string, pURL packageurl.PackageURL) (models.LicenseRisk, error)
	DeleteByComponentPurl(assetID uuid.UUID, assetVersionName string, purl packageurl.PackageURL) error
	ListByArtifactName(assetVersionName string, assetID uuid.UUID, scannerID string) ([]models.LicenseRisk, error)
	ApplyAndSave(tx DB, licenseRisk *models.LicenseRisk, vulnEvent *models.VulnEvent) error
}

type LicenseRiskService 

type LicenseRiskService interface {
	FindLicenseRisksInComponents(assetVersion models.AssetVersion, components []models.Component, artifactName string, upstream dtos.UpstreamState) error
	UpdateLicenseRiskState(tx DB, userID string, licenseRisk *models.LicenseRisk, statusType string, justification string, mechanicalJustification dtos.MechanicalJustificationType, upstream dtos.UpstreamState) (models.VulnEvent, error)
	MakeFinalLicenseDecision(vulnID, finalLicense, justification, userID string) error
}

type ManualMitigateEvent 

type ManualMitigateEvent struct {
	Ctx           Context
	Justification string
}

type MiddlewareFunc 

type MiddlewareFunc = echo.MiddlewareFunc

type Object 

type Object string
const (
	ObjectProject      Object = "project"
	ObjectAsset        Object = "asset"
	ObjectUser         Object = "user"
	ObjectOrganization Object = "organization"
)

type OpenSourceInsightService 

type OpenSourceInsightService interface {
	GetProject(ctx context.Context, projectID string) (dtos.OpenSourceInsightsProjectResponse, error)
	GetVersion(ctx context.Context, ecosystem, packageName, version string) (dtos.OpenSourceInsightsVersionResponse, error)
}

type OrgObject 

type OrgObject struct {
	ID                       uuid.UUID `json:"id"`
	Name                     string    `json:"name"`
	ContactPhoneNumber       *string   `json:"contactPhoneNumber"`
	NumberOfEmployees        *int      `json:"numberOfEmployees"`
	Country                  *string   `json:"country"`
	Industry                 *string   `json:"industry"`
	CriticalInfrastructure   bool      `json:"criticalInfrastructure"`
	ISO27001                 bool      `json:"iso27001"`
	NIST                     bool      `json:"nist"`
	Grundschutz              bool      `json:"grundschutz"`
	Slug                     string    `json:"slug"`
	Description              string    `json:"description"`
	IsPublic                 bool      `json:"isPublic"`
	Language                 string    `json:"language"`
	ExternalEntityProviderID *string   `json:"externalEntityProviderId,omitempty"`
}

func ToOrgObject 

func ToOrgObject(o models.Org) OrgObject

type OrgService 

type OrgService interface {
	CreateOrganization(ctx Context, organization *models.Org) error
	ReadBySlug(slug string) (*models.Org, error)
}

type OrganizationRepository 

type OrganizationRepository interface {
	utils.Repository[uuid.UUID, models.Org, DB]
	ReadBySlug(slug string) (models.Org, error)
	Update(tx DB, organization *models.Org) error
	ContentTree(orgID uuid.UUID, projects []string) []any // returns project dtos as values - including fetched assets
	GetOrgByID(id uuid.UUID) (models.Org, error)
	GetOrgsWithVulnSharingAssets() ([]models.Org, error)
}

type PageInfo 

type PageInfo struct {
	PageSize int `json:"pageSize"`
	Page     int `json:"page"`
}

func GetPageInfo 

func GetPageInfo(ctx Context) PageInfo

func (PageInfo) ApplyOnDB 

func (p PageInfo) ApplyOnDB(db DB) DB

type Paged 

type Paged[T any] struct {
	PageInfo
	Total int64 `json:"total"`
	Data  []T   `json:"data"`
}

func NewPaged 

func NewPaged[T any](pageInfo PageInfo, total int64, data []T) Paged[T]

func (Paged[T]) Map 

func (p Paged[T]) Map(f func(T) any) Paged[any]

type PersonalAccessTokenRepository 

type PersonalAccessTokenRepository interface {
	utils.Repository[uuid.UUID, models.PAT, DB]
	GetByFingerprint(fingerprint string) (models.PAT, error)
	FindByUserIDs(userID []uuid.UUID) ([]models.PAT, error)
	ListByUserID(userID string) ([]models.PAT, error)
	DeleteByFingerprint(fingerprint string) error
	MarkAsLastUsedNow(fingerprint string) error
}

type PersonalAccessTokenService 

type PersonalAccessTokenService interface {
	VerifyRequestSignature(req *http.Request) (string, string, error)
	RevokeByPrivateKey(privKey string) error
	ToModel(request dtos.PatCreateRequest, userID string) models.PAT
}

type PolicyRepository 

type PolicyRepository interface {
	utils.Repository[uuid.UUID, models.Policy, DB]
	FindByProjectID(projectID uuid.UUID) ([]models.Policy, error)
	FindByOrganizationID(organizationID uuid.UUID) ([]models.Policy, error)
	FindCommunityManagedPolicies() ([]models.Policy, error)
}

type ProjectObject 

type ProjectObject struct {
	ID          uuid.UUID      `json:"id"`
	Name        string         `json:"name"`
	Description string         `json:"description"`
	Slug        string         `json:"slug"`
	ParentID    *uuid.UUID     `json:"parentId,omitempty"`
	Parent      *ProjectObject `json:"parent,omitempty"` // recursive structure
	IsPublic    bool           `json:"isPublic"`
	Type        string         `json:"type"`

	RepositoryID   *string `json:"repositoryId"`
	RepositoryName *string `json:"repositoryName"`

	ExternalEntityProviderID *string `json:"externalEntityProviderId,omitempty"`
	ExternalEntityID         *string `json:"externalEntityId,omitempty"`
}

func ToProjectObject 

func ToProjectObject(p models.Project) ProjectObject

type ProjectRepository 

type ProjectRepository interface {
	Read(projectID uuid.UUID) (models.Project, error)
	ReadBySlug(organizationID uuid.UUID, slug string) (models.Project, error)
	ReadBySlugUnscoped(organizationID uuid.UUID, slug string) (models.Project, error)
	Update(tx DB, project *models.Project) error
	Delete(tx DB, projectID uuid.UUID) error
	Create(tx DB, project *models.Project) error
	Activate(tx DB, projectID uuid.UUID) error
	RecursivelyGetChildProjects(projectID uuid.UUID) ([]models.Project, error)
	GetDirectChildProjects(projectID uuid.UUID) ([]models.Project, error)
	GetByOrgID(organizationID uuid.UUID) ([]models.Project, error)
	GetProjectByAssetID(assetID uuid.UUID) (models.Project, error)
	List(idSlice []uuid.UUID, parentID *uuid.UUID, organizationID uuid.UUID) ([]models.Project, error)
	ListPaged(projectIDs []uuid.UUID, parentID *uuid.UUID, orgID uuid.UUID, pageInfo PageInfo, search string) (Paged[models.Project], error)
	EnablePolicyForProject(tx DB, projectID uuid.UUID, policyID uuid.UUID) error
	DisablePolicyForProject(tx DB, projectID uuid.UUID, policyID uuid.UUID) error
	Upsert(projects *[]*models.Project, conflictingColumns []clause.Column, toUpdate []string) error
	EnableCommunityManagedPolicies(tx DB, projectID uuid.UUID) error
	UpsertSplit(tx DB, externalProviderID string, projects []*models.Project) ([]*models.Project, []*models.Project, error)
}

type ProjectRiskHistoryRepository 

type ProjectRiskHistoryRepository interface {
	GetRiskHistory(projectID uuid.UUID, start, end time.Time) ([]models.ProjectRiskHistory, error)
	UpdateRiskAggregation(projectRisk *models.ProjectRiskHistory) error
}

type ProjectRole 

type ProjectRole struct {
	Project string
	Role    Role
}

type ProjectService 

type ProjectService interface {
	ReadBySlug(ctx Context, organizationID uuid.UUID, slug string) (models.Project, error)
	ListAllowedProjects(ctx Context) ([]models.Project, error)
	ListAllowedProjectsPaged(c Context) (Paged[models.Project], error)
	ListProjectsByOrganizationID(organizationID uuid.UUID) ([]models.Project, error)
	RecursivelyGetChildProjects(projectID uuid.UUID) ([]models.Project, error)
	GetDirectChildProjects(projectID uuid.UUID) ([]models.Project, error)
	CreateProject(ctx Context, project *models.Project) error
	BootstrapProject(rbac AccessControl, project *models.Project) error
}

type PublicClient 

type PublicClient interface {
	GetIdentityFromCookie(ctx context.Context, cookie string) (client.Identity, error)
}

type PublicClientImplementation 

type PublicClientImplementation struct {
	// contains filtered or unexported fields
}

func NewPublicClient 

func NewPublicClient(client *client.APIClient) PublicClientImplementation

func (PublicClientImplementation) GetIdentityFromCookie 

func (a PublicClientImplementation) GetIdentityFromCookie(ctx context.Context, cookie string) (client.Identity, error)

type RBACMiddleware 

type RBACMiddleware = func(obj Object, act Action) echo.MiddlewareFunc

type RBACProvider 

type RBACProvider interface {
	GetDomainRBAC(domain string) AccessControl
	DomainsOfUser(user string) ([]string, error)
}

type ReleaseRepository 

type ReleaseRepository interface {
	utils.Repository[uuid.UUID, models.Release, DB]
	GetByProjectID(projectID uuid.UUID) ([]models.Release, error)
	ReadWithItems(id uuid.UUID) (models.Release, error)
	ReadRecursive(id uuid.UUID) (models.Release, error)
	GetByProjectIDPaged(tx DB, projectID uuid.UUID, pageInfo PageInfo, search string, filter []FilterQuery, sort []SortQuery) (Paged[models.Release], error)
	CreateReleaseItem(tx DB, item *models.ReleaseItem) error
	DeleteReleaseItem(tx DB, id uuid.UUID) error
	GetCandidateItemsForRelease(projectID uuid.UUID, releaseID *uuid.UUID) ([]models.Artifact, []models.Release, error)
}

type ReleaseService 

type ReleaseService interface {
	ListByProject(projectID uuid.UUID) ([]models.Release, error)
	ListByProjectPaged(projectID uuid.UUID, pageInfo PageInfo, search string, filter []FilterQuery, sort []SortQuery) (Paged[models.Release], error)
	Read(id uuid.UUID) (models.Release, error)
	ReadRecursive(id uuid.UUID) (models.Release, error)
	Create(r *models.Release) error
	Update(r *models.Release) error
	Delete(id uuid.UUID) error
	AddItem(item *models.ReleaseItem) error
	RemoveItem(id uuid.UUID) error
	ListCandidates(projectID uuid.UUID, releaseID *uuid.UUID) ([]models.Artifact, []models.Release, error)
}

type Role 

type Role string
const (
	RoleOwner  Role = "owner"
	RoleAdmin  Role = "admin"
	RoleMember Role = "member"
	RoleGuest  Role = "guest"

	// this is mainly for backwards compatibility - and to have a default value
	// noone should ever have the role unknown. This happens, if you logged into devguard before the "real permission sync" - not forwarding permission sync
	// was added
	RoleUnknown Role = "unknown"
)

type SBOMCreatedEvent 

type SBOMCreatedEvent struct {
	SBOM         *cdx.BOM           `json:"sbom"`
	Org          OrgObject          `json:"org"`
	Project      ProjectObject      `json:"project"`
	Asset        AssetObject        `json:"asset"`
	AssetVersion AssetVersionObject `json:"assetVersion"`
	Artifact     ArtifactObject     `json:"artifact"`
}

type SBOMScanner 

type SBOMScanner interface {
	Scan(bom *normalize.CdxBom) ([]models.VulnInPackage, error)
}

type ScanService 

type ScanService interface {
	ScanNormalizedSBOM(org models.Org, project models.Project, asset models.Asset, assetVersion models.AssetVersion, artifact models.Artifact, normalizedBom *normalize.CdxBom, userID string) (int, int, []models.DependencyVuln, error)
	ScanNormalizedSBOMWithoutEventHandling(org models.Org, project models.Project, asset models.Asset, assetVersion models.AssetVersion, artifact models.Artifact, normalizedBom *normalize.CdxBom, userID string) ([]models.DependencyVuln, []models.DependencyVuln, []models.DependencyVuln, error)
}

type ScannerType 

type ScannerType string
const (
	VexReport     ScannerType = "vex-report"
	ScaScanner    ScannerType = "source-scanner"
	ContainerScan ScannerType = "container-scan"
	TestScanner   ScannerType = "test-scanner"
)

type Server 

type Server = *echo.Group

type SortQuery 

type SortQuery struct {
	Field    string
	Operator string // asc or desc
}

func GetSortQuery 

func GetSortQuery(ctx Context) []SortQuery

func (SortQuery) GetField 

func (s SortQuery) GetField() string

func (SortQuery) SQL 

func (s SortQuery) SQL() string

type StatisticsRepository 

type StatisticsRepository interface {
	TimeTravelDependencyVulnState(artifactName *string, assetVersionName *string, assetID uuid.UUID, time time.Time) ([]models.DependencyVuln, error)
	AverageFixingTime(artifactNam *string, assetVersionName string, assetID uuid.UUID, riskIntervalStart, riskIntervalEnd float64) (time.Duration, error)
	// AverageFixingTimeForRelease computes average fixing time across all artifacts included in a release tree
	AverageFixingTimeForRelease(releaseID uuid.UUID, riskIntervalStart, riskIntervalEnd float64) (time.Duration, error)
	// CVSS-based average fixing time methods
	AverageFixingTimeByCvss(artifactName *string, assetVersionName string, assetID uuid.UUID, cvssIntervalStart, cvssIntervalEnd float64) (time.Duration, error)
	AverageFixingTimeByCvssForRelease(releaseID uuid.UUID, cvssIntervalStart, cvssIntervalEnd float64) (time.Duration, error)
	CVESWithKnownExploitsInAssetVersion(assetVersion models.AssetVersion) ([]models.CVE, error)
}

type StatisticsService 

type StatisticsService interface {
	UpdateArtifactRiskAggregation(artifact *models.Artifact, assetID uuid.UUID, begin time.Time, end time.Time) error
	GetAverageFixingTime(artifactName *string, assetVersionName string, assetID uuid.UUID, severity string) (time.Duration, error)
	GetArtifactRiskHistory(artifactName *string, assetVersionName string, assetID uuid.UUID, start time.Time, end time.Time) ([]models.ArtifactRiskHistory, error)
	// Release scoped statistics
	GetReleaseRiskHistory(releaseID uuid.UUID, start time.Time, end time.Time) ([]models.ArtifactRiskHistory, error)
	GetAverageFixingTimeForRelease(releaseID uuid.UUID, severity string) (time.Duration, error)
	// CVSS-based average fixing time methods
	GetAverageFixingTimeByCvss(artifactName *string, assetVersionName string, assetID uuid.UUID, severity string) (time.Duration, error)
	GetAverageFixingTimeByCvssForRelease(releaseID uuid.UUID, severity string) (time.Duration, error)
	GetComponentRisk(artifactName *string, assetVersionName string, assetID uuid.UUID) (map[string]models.Distribution, error)
}

type SupplyChainRepository 

type SupplyChainRepository interface {
	utils.Repository[uuid.UUID, models.SupplyChain, DB]
	FindByDigest(digest string) ([]models.SupplyChain, error)
	FindBySupplyChainID(supplyChainID string) ([]models.SupplyChain, error)
	PercentageOfVerifiedSupplyChains(assetVersionName string, assetID uuid.UUID) (float64, error)
}

type ThirdPartyIntegration 

type ThirdPartyIntegration interface {
	WantsToHandleWebhook(ctx Context) bool
	HandleWebhook(ctx Context) error
	ListOrgs(ctx Context) ([]models.Org, error)                                                                         // maps identity providers to orgs
	ListGroups(ctx context.Context, userID string, providerID string) ([]models.Project, []Role, error)                 // maps groups to projects
	ListProjects(ctx context.Context, userID string, providerID string, groupID string) ([]models.Asset, []Role, error) // maps projects to assets
	ListRepositories(ctx Context) ([]dtos.GitRepository, error)
	HasAccessToExternalEntityProvider(ctx Context, externalEntityProviderID string) (bool, error)
	HandleEvent(event any) error
	CreateIssue(ctx context.Context, asset models.Asset, assetVersionName string, vuln models.Vuln, projectSlug string, orgSlug string, justification string, userID string) error
	UpdateIssue(ctx context.Context, asset models.Asset, assetVersionSlug string, vuln models.Vuln) error
	CreateLabels(ctx context.Context, asset models.Asset) error
	CompareIssueStatesAndResolveDifferences(asset models.Asset, vulnsWithTickets []models.DependencyVuln) error
	GetID() IntegrationID
}

type Verifier 

type Verifier interface {
	VerifyRequestSignature(req *http.Request) (string, string, error)
}

type VulnEvent 

type VulnEvent struct {
	Ctx   Context
	Event models.VulnEvent
}

type VulnEventRepository 

type VulnEventRepository interface {
	SaveBatch(db DB, events []models.VulnEvent) error
	Save(db DB, event *models.VulnEvent) error
	ReadAssetEventsByVulnID(vulnID string, vulnType dtos.VulnType) ([]models.VulnEventDetail, error)
	ReadEventsByAssetIDAndAssetVersionName(assetID uuid.UUID, assetVersionName string, pageInfo PageInfo, filter []FilterQuery) (Paged[models.VulnEventDetail], error)
	GetSecurityRelevantEventsForVulnIDs(tx DB, vulnIDs []string) ([]models.VulnEvent, error)
	GetLastEventBeforeTimestamp(tx DB, vulnID string, time time.Time) (models.VulnEvent, error)
	DeleteEventsWithNotExistingVulnID() error
	DeleteEventByID(tx DB, eventID string) error
	HasAccessToEvent(assetID uuid.UUID, eventID string) (bool, error)
}

type VulnRepository 

type VulnRepository interface {
	FindByTicketID(tx DB, ticketID string) (models.Vuln, error)
	Save(db DB, vuln *models.Vuln) error
	Transaction(fn func(tx DB) error) error
	GetOrgFromVuln(vuln models.Vuln) (models.Org, error)
	ApplyAndSave(tx DB, dependencyVuln models.Vuln, vulnEvent *models.VulnEvent) error
}

type WebhookIntegrationRepository 

type WebhookIntegrationRepository interface {
	Save(tx DB, model *models.WebhookIntegration) error
	Read(id uuid.UUID) (models.WebhookIntegration, error)
	FindByOrgIDAndProjectID(orgID uuid.UUID, projectID uuid.UUID) ([]models.WebhookIntegration, error)
	Delete(tx DB, id uuid.UUID) error
	GetClientByIntegrationID(integrationID uuid.UUID) (models.WebhookIntegration, error)
	GetProjectWebhooks(orgID uuid.UUID, projectID uuid.UUID) ([]models.WebhookIntegration, error)
}

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.