models

package
v1.0.0-rc.11 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Dec 19, 2025 License: AGPL-3.0 Imports: 20 Imported by: 0

Documentation

Overview

Copyright (C) 2024 Tim Bastin, l3montree GmbH

This program is free software: you can redistribute it and/or modify it under the terms of the GNU Affero General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version.

This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Affero General Public License for more details.

You should have received a copy of the GNU Affero General Public License along with this program. If not, see <https://www.gnu.org/licenses/>.

Index

Constants

View Source 
const NoVersion = "0.0.0"
View Source 
const Root string = "root"

Variables

This section is empty.

Functions

func BuildDepMap 

func BuildDepMap(deps []ComponentDependency) map[string][]string

func CheckStatusType 

func CheckStatusType(statusType string) error

func EventTypeToVulnState 

func EventTypeToVulnState(eventType dtos.VulnEventType) (dtos.VulnState, error)

Types

type AffectedComponent 

type AffectedComponent struct {
	ID                 string `json:"id" gorm:"primaryKey;"`
	Source             string
	PurlWithoutVersion string  `json:"purl" gorm:"type:text;column:purl;index"`
	Ecosystem          string  `json:"ecosystem" gorm:"type:text;"`
	Scheme             string  `json:"scheme" gorm:"type:text;"`
	Type               string  `json:"type" gorm:"type:text;"`
	Name               string  `json:"name" gorm:"type:text;"`
	Namespace          *string `json:"namespace" gorm:"type:text;"`
	Qualifiers         *string `json:"qualifiers" gorm:"type:text;"`
	Subpath            *string `json:"subpath" gorm:"type:text;"`
	Version            *string `json:"version" gorm:"index"` // either version or semver is defined
	SemverIntroduced   *string `json:"semverStart" gorm:"type:semver;index"`
	SemverFixed        *string `json:"semverEnd" gorm:"type:semver;index"`

	VersionIntroduced *string `json:"versionIntroduced" gorm:"index"` // for non semver packages - if both are defined, THIS one should be used for displaying. We might fake semver versions just for database querying and ordering
	VersionFixed      *string `json:"versionFixed" gorm:"index"`      // for non semver packages - if both are defined, THIS one should be used for displaying. We might fake semver versions just for database querying and ordering

	CVE []CVE `json:"cves" gorm:"many2many:cve_affected_component;constraint:OnUpdate:CASCADE,OnDelete:CASCADE;"`
}

func AffectedComponentFromOSV 

func AffectedComponentFromOSV(osv dtos.OSV) []AffectedComponent

func (*AffectedComponent) BeforeSave 

func (affectedComponent *AffectedComponent) BeforeSave(tx *gorm.DB) error

func (AffectedComponent) CalculateHash 

func (affectedComponent AffectedComponent) CalculateHash() string

func (AffectedComponent) TableName 

func (affectedComponent AffectedComponent) TableName() string

type Artifact 

type Artifact struct {
	CreatedAt time.Time `json:"createdAt"`

	ArtifactName      string       `json:"artifactName" gorm:"primaryKey;not null;"`
	AssetVersionName  string       `json:"assetVersionName" gorm:"primaryKey;not null;type:text;"`
	AssetID           uuid.UUID    `json:"vulnAssetId" gorm:"primaryKey;not null;type:uuid;"`
	LastHistoryUpdate *time.Time   `json:"lastHistoryUpdate,omitempty"`
	AssetVersion      AssetVersion `json:"assetVersion" gorm:"foreignKey:AssetVersionName,AssetID;references:Name,AssetID;constraint:OnDelete:CASCADE;"`

	DependencyVuln        []DependencyVuln      `json:"dependencyVulns" gorm:"many2many:artifact_dependency_vulns;constraint:OnDelete:CASCADE;"`
	ComponentDependencies []ComponentDependency `json:"componentDependencies" gorm:"many2many:artifact_component_dependencies;constraint:OnDelete:CASCADE;"`
	LicenseRisks          []LicenseRisk         `json:"licenseRisks" gorm:"many2many:artifact_license_risks;constraint:OnDelete:CASCADE;"`
	RiskHistories         []ArtifactRiskHistory `` /* 154-byte string literal not displayed */
}

func (Artifact) TableName 

func (a Artifact) TableName() string

type ArtifactRiskHistory 

type ArtifactRiskHistory struct {
	History
	ArtifactName     string    `json:"artifactName" gorm:"primaryKey;type:text;"`
	AssetVersionName string    `json:"assetVersionName" gorm:"primaryKey;type:text;"`
	AssetID          uuid.UUID `json:"assetId" gorm:"primaryKey;type:uuid"`
}

func (ArtifactRiskHistory) TableName 

func (m ArtifactRiskHistory) TableName() string

type Asset 

type Asset struct {
	Model
	Name                         string                `json:"name" gorm:"type:text"`
	Avatar                       *string               `json:"avatar" gorm:"type:text"`
	Slug                         string                `json:"slug" gorm:"type:text;uniqueIndex:idx_app_project_slug;not null;"`
	ProjectID                    uuid.UUID             `json:"projectId" gorm:"uniqueIndex:idx_app_project_slug;not null;type:uuid;"`
	Description                  string                `json:"description" gorm:"type:text"`
	Type                         AssetType             `json:"type" gorm:"type:text;not null;"`
	AssetVersions                []AssetVersion        `json:"refs" gorm:"foreignKey:AssetID;references:ID;constraint:OnDelete:CASCADE;"`
	Project                      Project               `json:"project" gorm:"foreignKey:ProjectID;references:ID;"`
	Importance                   int                   `json:"importance" gorm:"default:1;"`
	ReachableFromInternet        bool                  `json:"reachableFromInternet" gorm:"default:false;"`
	ConfidentialityRequirement   dtos.RequirementLevel `json:"confidentialityRequirement" gorm:"default:'high';not null;type:text;"`
	IntegrityRequirement         dtos.RequirementLevel `json:"integrityRequirement" gorm:"default:'high';not null;type:text;"`
	AvailabilityRequirement      dtos.RequirementLevel `json:"availabilityRequirement" gorm:"default:'high';not null;type:text;"`
	RepositoryID                 *string               `json:"repositoryId" gorm:"type:text;"` // the id will be prefixed with the provider name, e.g. github:<github app installation id>:123456
	RepositoryName               *string               `json:"repositoryName" gorm:"type:text;"`
	CVSSAutomaticTicketThreshold *float64              `json:"cvssAutomaticTicketThreshold" gorm:"type:decimal(4,2);"`
	RiskAutomaticTicketThreshold *float64              `json:"riskAutomaticTicketThreshold" gorm:"type:decimal(4,2);"`
	// Auto-reopen configuration - number of days after which closed/accepted vulnerabilities should be reopened
	VulnAutoReopenAfterDays  *int           `json:"vulnAutoReopenAfterDays" gorm:"type:integer;"`
	SigningPubKey            *string        `json:"signingPubKey" gorm:"type:text;"`
	ConfigFiles              database.JSONB `json:"configFiles" gorm:"type:jsonb"`
	BadgeSecret              *uuid.UUID     `json:"badgeSecret" gorm:"type:uuid;default:gen_random_uuid();"`
	WebhookSecret            *uuid.UUID     `json:"webhookSecret" gorm:"type:uuid;default:gen_random_uuid();"`
	ExternalEntityID         *string        `json:"externalEntityId" gorm:"uniqueIndex:asset_unique_external_entity;type:text"`
	ExternalEntityProviderID *string        `json:"externalEntityProviderId" gorm:"uniqueIndex:asset_unique_external_entity;type:text"`
	RepositoryProvider       *string        `json:"repositoryProvider" gorm:"type:text;"`
	Metadata                 database.JSONB `json:"metadata" gorm:"column:metadata;type:jsonb;"`
	IsPublic                 bool           `json:"isPublic" gorm:"default:false;not null;"`
	ParanoidMode             bool           `json:"paranoidMode" gorm:"default:false;not null;"`
	SharesInformation        bool           `json:"shareInformation" gorm:"default:false;not null;"`

	PipelineLastRun time.Time `json:"pipelineLastRun" gorm:"type:timestamp with time zone;"`
	PipelineError   *string   `json:"pipelineError" gorm:"type:text;"`
}

func (*Asset) GetSlug 

func (m *Asset) GetSlug() string

func (*Asset) Same 

func (m *Asset) Same(other *Asset) bool

func (*Asset) SetSlug 

func (m *Asset) SetSlug(slug string)

func (Asset) TableName 

func (m Asset) TableName() string

func (*Asset) UpstreamState 

func (m *Asset) UpstreamState() dtos.UpstreamState

type AssetType 

type AssetType string
const (
	AssetTypeApplication    AssetType = "application"
	AssetTypeInfrastructure AssetType = "infrastructure"
)

type AssetVersion 

type AssetVersion struct {
	CreatedAt time.Time `json:"createdAt"`
	UpdatedAt time.Time `json:"updatedAt"`

	Name    string    `json:"name" gorm:"primarykey;type:text;not null;"`
	AssetID uuid.UUID `json:"assetId" gorm:"primarykey;not null;type:uuid;"`
	Asset   Asset     `json:"asset" gorm:"foreignKey:AssetID;references:ID; constraint:OnDelete:CASCADE;"`

	DefaultBranch   bool                  `json:"defaultBranch" gorm:"default:false;"`
	Slug            string                `json:"slug" gorm:"type:text;not null;type:text;"`
	DependencyVulns []DependencyVuln      `json:"dependencyVulns" gorm:"foreignKey:AssetVersionName,AssetID;references:Name,AssetID;constraint:OnDelete:CASCADE;"`
	Artifacts       []Artifact            `` /* 129-byte string literal not displayed */
	Type            AssetVersionType      `json:"type" gorm:"type:text;not null;"`
	Components      []ComponentDependency `json:"components" gorm:"foreignKey:AssetVersionName,AssetID;references:Name,AssetID;constraint:OnDelete:CASCADE;"`
	SupplyChains    []SupplyChain         `json:"supplyChains" gorm:"foreignKey:AssetVersionName,AssetID;references:Name,AssetID;constraint:OnDelete:CASCADE;"`

	SigningPubKey  *string        `json:"signingPubKey" gorm:"type:text;"`
	Metadata       database.JSONB `json:"metadata" gorm:"type:jsonb"`
	LastAccessedAt time.Time      `json:"lastAccessedAt" gorm:"default:NOW();"`
}

func (AssetVersion) TableName 

func (m AssetVersion) TableName() string

type AssetVersionType 

type AssetVersionType string
const (
	AssetVersionBranch AssetVersionType = "branch"
	AssetVersionTag    AssetVersionType = "tag"
)

type Attestation 

type Attestation struct {
	CreatedAt        time.Time `json:"createdAt"`
	UpdatedAt        time.Time `json:"updatedAt"`
	PredicateType    string    `json:"predicateType" gorm:"type:text;primaryKey"`
	AssetVersionName string    `json:"assetVersionName" gorm:"primaryKey;type:text;"`
	AssetID          uuid.UUID `json:"assetId" gorm:"primaryKey;type:uuid"`
	ArtifactName     string    `json:"artifactName" gorm:"primaryKey"`

	// Ensure foreign key field order matches Artifact primary key: ArtifactName, AssetVersionName, AssetID
	Artifact Artifact `json:"artifact" gorm:"foreignKey:ArtifactName,AssetVersionName,AssetID;constraint:OnDelete:CASCADE;"`

	Content database.JSONB `json:"content" gorm:"type:jsonb"`
}

func (Attestation) TableName 

func (m Attestation) TableName() string

type AttestationType 

type AttestationType string

type CVE 

type CVE struct {
	CVE                   string               `json:"cve" gorm:"primaryKey;not null;type:text;"`
	CreatedAt             time.Time            `json:"createdAt" cve:"createdAt"`
	UpdatedAt             time.Time            `json:"updatedAt" cve:"updatedAt"`
	DatePublished         time.Time            `json:"datePublished" cve:"datePublished"`
	DateLastModified      time.Time            `json:"dateLastModified" cve:"dateLastModified"`
	Weaknesses            []*Weakness          `json:"weaknesses" gorm:"foreignKey:CVEID;constraint:OnDelete:CASCADE;" cve:"weaknesses"`
	Description           string               `json:"description" gorm:"type:text;" cve:"description"`
	CVSS                  float32              `json:"cvss" gorm:"type:decimal(4,2);" cve:"cvss"`
	References            string               `json:"references" gorm:"type:text;" cve:"references"`
	CISAExploitAdd        *datatypes.Date      `json:"cisaExploitAdd" gorm:"type:date;" cve:"cisaExploitAdd"`
	CISAActionDue         *datatypes.Date      `json:"cisaActionDue" gorm:"type:date;" cve:"cisaActionDue"`
	CISARequiredAction    string               `json:"cisaRequiredAction" gorm:"type:text;" cve:"cisaRequiredAction"`
	CISAVulnerabilityName string               `json:"cisaVulnerabilityName" gorm:"type:text;" cve:"cisaVulnerabilityName"`
	EPSS                  *float64             `json:"epss" gorm:"type:decimal(6,5);" cve:"epss"`
	Percentile            *float32             `json:"percentile" gorm:"type:decimal(6,5);" cve:"percentile"`
	AffectedComponents    []*AffectedComponent `json:"affectedComponents" gorm:"many2many:cve_affected_component"`
	Vector                string               `json:"vector" gorm:"type:text;" cve:"vector"`
	Risk                  dtos.RiskMetrics     `json:"risk" gorm:"-" cve:"risk"`
	Exploits              []*Exploit           `json:"exploits" gorm:"foreignKey:CVEID;"`
}

func (CVE) GetReferences 

func (m CVE) GetReferences() ([]cveReference, error)

func (CVE) TableName 

func (m CVE) TableName() string

type CWE 

type CWE struct {
	CreatedAt time.Time `json:"createdAt"`
	UpdatedAt time.Time `json:"updatedAt"`

	CWE string `json:"cwe" gorm:"primaryKey;not null;"`

	Description string `json:"description" gorm:"type:text;"`
}

func (CWE) TableName 

func (m CWE) TableName() string

type Comment 

type Comment struct {
	Model
	DependencyVulnID uuid.UUID `json:"dependencyVulnId"`
	UserID           uuid.UUID `json:"userId"`
	Comment          string    `json:"comment"`
}

func (Comment) TableName 

func (m Comment) TableName() string

type Component 

type Component struct {
	Purl          string                `json:"purl" gorm:"primaryKey;column:purl"`
	Dependencies  []ComponentDependency `json:"dependsOn" gorm:"hasMany;"`
	ComponentType dtos.ComponentType    `json:"componentType"`
	Version       string                `json:"version"`
	License       *string               `json:"license"`
	Published     *time.Time            `json:"published"`

	ComponentProject     *ComponentProject `json:"project" gorm:"foreignKey:ComponentProjectKey;references:ProjectKey;constraint:OnDelete:CASCADE;"`
	ComponentProjectKey  *string           `json:"projectId" gorm:"column:project_key"`
	IsLicenseOverwritten bool              `json:"isLicenseOverwritten" gorm:"-"`
}

func (Component) TableName 

func (c Component) TableName() string

type ComponentDependency 

type ComponentDependency struct {
	ID uuid.UUID `gorm:"primarykey;type:uuid;default:gen_random_uuid()" json:"id"`
	// the provided sbom from cyclondx only contains the transitive dependencies, which do really get used
	// this means, that the dependency graph between people using the same library might differ, since they use it differently
	// we use edges, which provide the information, that a component is used by another component in one asset
	Component      Component `json:"component" gorm:"foreignKey:ComponentPurl;references:Purl;constraint:OnDelete:CASCADE;"`
	ComponentPurl  *string   `json:"componentPurl" gorm:"column:component_purl;index:component_purl_idx"` // will be nil, for direct dependencies
	Dependency     Component `json:"dependency" gorm:"foreignKey:DependencyPurl;references:Purl;constraint:OnDelete:CASCADE;"`
	DependencyPurl string    `json:"dependencyPurl" gorm:"column:dependency_purl;index:dependency_purl_idx"`

	// Foreign key fields for AssetVersion relationship
	AssetVersionName string    `json:"assetVersionName" gorm:"column:asset_version_name;not null;"`
	AssetID          uuid.UUID `json:"assetId" gorm:"column:asset_id;not null;type:uuid;"`

	Artifacts []Artifact `json:"artifacts" gorm:"many2many:artifact_component_dependencies;constraint:OnDelete:CASCADE"`

	Depth int `json:"depth" gorm:"column:depth"`
}

func GetOnlyDirectDependencies 

func GetOnlyDirectDependencies(deps []ComponentDependency) []ComponentDependency

func (ComponentDependency) GetDependentPurl 

func (c ComponentDependency) GetDependentPurl() *string

func (ComponentDependency) GetPurl 

func (c ComponentDependency) GetPurl() string

func (ComponentDependency) TableName 

func (c ComponentDependency) TableName() string

func (ComponentDependency) ToCdxComponent 

func (c ComponentDependency) ToCdxComponent(componentLicenseOverwrites map[string]string) cyclonedx.Component

func (ComponentDependency) ToNodes 

func (c ComponentDependency) ToNodes() []ComponentDependencyNode

type ComponentDependencyNode 

type ComponentDependencyNode struct {
	ID string `json:"id"`
}

func (ComponentDependencyNode) GetID 

func (c ComponentDependencyNode) GetID() string

type ComponentOccurrence 

type ComponentOccurrence struct {
	ComponentDependencyID uuid.UUID `json:"componentDependencyId" gorm:"column:component_dependency_id"`
	DependencyPurl        *string   `json:"dependencyPurl" gorm:"column:dependency_purl"`
	ProjectID             uuid.UUID `json:"projectId" gorm:"column:project_id"`
	ProjectName           string    `json:"projectName" gorm:"column:project_name"`
	ProjectSlug           string    `json:"projectSlug" gorm:"column:project_slug"`
	AssetID               uuid.UUID `json:"assetId" gorm:"column:asset_id"`
	AssetName             string    `json:"assetName" gorm:"column:asset_name"`
	AssetSlug             string    `json:"assetSlug" gorm:"column:asset_slug"`
	AssetVersionName      string    `json:"assetVersionName" gorm:"column:asset_version_name"`
	ArtifactName          *string   `json:"artifactName" gorm:"column:artifact_name"`
	ArtifactAssetVersion  *string   `json:"artifactAssetVersion" gorm:"column:artifact_asset_version_name"`
}

type ComponentProject 

type ComponentProject struct {
	// project name like "github.com/facebook/react"
	ProjectKey      string `json:"projectKey" gorm:"primaryKey;column:project_key"`
	StarsCount      int    `json:"starsCount" gorm:"column:stars_count"`
	ForksCount      int    `json:"forksCount" gorm:"column:forks_count"`
	OpenIssuesCount int    `json:"openIssuesCount" gorm:"column:open_issues_count"`
	Homepage        string `json:"homepage"`
	License         string `json:"license"`
	Description     string `json:"description"`

	ScoreCard      *database.JSONB `json:"scoreCard" gorm:"column:score_card;type:jsonb"`
	ScoreCardScore *float64        `json:"scoreCardScore" gorm:"column:score_card_score"`
	UpdatedAt      time.Time       `json:"updatedAt" gorm:"column:updated_at"`
}

func (ComponentProject) TableName 

func (c ComponentProject) TableName() string

type Config 

type Config struct {
	Key string `gorm:"primarykey"`
	Val string `gorm:"type:text"`
}

func (Config) TableName 

func (Config) TableName() string

type DependencyVuln 

type DependencyVuln struct {
	Vulnerability

	CVE   *CVE    `json:"cve"`
	CVEID *string `json:"cveId" gorm:"null;type:text;default:null;"`

	ComponentPurl         *string `json:"componentPurl" gorm:"type:text;default:null;"`
	ComponentDepth        *int    `json:"componentDepth" gorm:"default:null;"`
	ComponentFixedVersion *string `json:"componentFixedVersion" gorm:"default:null;"`

	Effort            *int     `json:"effort" gorm:"default:null;"`
	RiskAssessment    *int     `json:"riskAssessment" gorm:"default:null;"`
	RawRiskAssessment *float64 `json:"rawRiskAssessment" gorm:"default:null;"`

	Priority *int `json:"priority" gorm:"default:null;"`

	LastDetected time.Time `json:"lastDetected" gorm:"default:now();not null;"`

	RiskRecalculatedAt time.Time `json:"riskRecalculatedAt"`

	Artifacts []Artifact `json:"artifacts" gorm:"many2many:artifact_dependency_vulns;constraint:OnDelete:CASCADE"`
}

func (DependencyVuln) AssetVersionIndependentHash 

func (vuln DependencyVuln) AssetVersionIndependentHash() string

func (*DependencyVuln) BeforeSave 

func (vuln *DependencyVuln) BeforeSave(tx *gorm.DB) (err error)

hook to calculate the hash before creating the dependencyVuln

func (*DependencyVuln) CalculateHash 

func (vuln *DependencyVuln) CalculateHash() string

func (*DependencyVuln) GetArtifacts 

func (vuln *DependencyVuln) GetArtifacts() []Artifact

func (DependencyVuln) GetAssetVersionName 

func (vuln DependencyVuln) GetAssetVersionName() string

func (DependencyVuln) GetEvents 

func (vuln DependencyVuln) GetEvents() []VulnEvent

func (*DependencyVuln) GetRawRiskAssessment 

func (vuln *DependencyVuln) GetRawRiskAssessment() float64

func (*DependencyVuln) GetScannerIDsOrArtifactNames 

func (vuln *DependencyVuln) GetScannerIDsOrArtifactNames() string

func (*DependencyVuln) GetType 

func (vuln *DependencyVuln) GetType() dtos.VulnType

func (*DependencyVuln) SetRawRiskAssessment 

func (vuln *DependencyVuln) SetRawRiskAssessment(risk float64)

func (*DependencyVuln) SetRiskRecalculatedAt 

func (vuln *DependencyVuln) SetRiskRecalculatedAt(t time.Time)

func (DependencyVuln) TableName 

func (vuln DependencyVuln) TableName() string

type DependencyVulnRisk 

type DependencyVulnRisk struct {
	DependencyVulnID  string
	CreatedAt         time.Time
	ArbitraryJSONData string
	Risk              float64
	Type              dtos.VulnEventType
}

type Distribution 

type Distribution struct {
	Low      int `json:"low"`
	High     int `json:"high"`
	Medium   int `json:"medium"`
	Critical int `json:"critical"`

	LowCVSS      int `json:"lowCvss"`
	MediumCVSS   int `json:"mediumCvss"`
	HighCVSS     int `json:"highCvss"`
	CriticalCVSS int `json:"criticalCvss"`
}

type Exploit 

type Exploit struct {
	ID          string     `json:"id" gorm:"primaryKey;"`
	Published   *time.Time `json:"pushed_at" gorm:"type:date;"`
	Updated     *time.Time `json:"updated_at" gorm:"type:date;"`
	Author      string     `json:"author" gorm:"type:text;"`
	Type        string     `json:"type" gorm:"type:text;"`
	Verified    bool       `json:"verified" gorm:"type:boolean;"`
	SourceURL   string     `json:"sourceURL" gorm:"type:text;"`
	Description string     `json:"description" gorm:"type:text;"`
	CVE         CVE        `json:"-" gorm:"foreignKey:CVEID;constraint:OnDelete:CASCADE;"`
	CVEID       string     `json:"cveID" gorm:"type:text;"`
	Tags        string     `json:"tags" gorm:"type:text;"`
	Forks       int        `json:"forks" gorm:"type:integer;"`
	Watchers    int        `json:"watchers" gorm:"type:integer;"`
	Subscribers int        `json:"subscribers_count" gorm:"type:integer;"`
	Stars       int        `json:"stargazers_count" gorm:"type:integer;"`
}

func (Exploit) TableName 

func (m Exploit) TableName() string

type ExternalUser 

type ExternalUser struct {
	ID            string `json:"id" gorm:"primaryKey"`
	Username      string `json:"username"`
	AvatarURL     string `json:"avatarUrl"`
	Organizations []Org  `json:"orgs" gorm:"many2many:external_user_orgs;"`
}

func (ExternalUser) TableName 

func (ExternalUser) TableName() string

type FirstPartyVuln 

type FirstPartyVuln struct {
	Vulnerability
	// the scanner which was used to detect this firstPartyVuln
	ScannerIDs      string         `json:"scannerIds" gorm:"not null;column:scanner_ids"` //List of scanner ids separated by a white space
	Fingerprint     string         `json:"fingerprint" gorm:"type:text;"`
	RuleID          string         `json:"ruleId"`
	RuleName        string         `json:"ruleName"`
	RuleDescription string         `json:"ruleDescription"`
	RuleHelp        string         `json:"ruleHelp"`
	RuleHelpURI     string         `json:"ruleHelpUri"`
	RuleProperties  database.JSONB `json:"ruleProperties" gorm:"type:jsonb"`

	URI string `json:"uri"`

	Commit string `json:"commit"`
	Email  string `json:"email"`
	Author string `json:"author"`
	Date   string `json:"date"`

	SnippetContents database.JSONB `json:"snippetContents" gorm:"type:jsonb;snippet_contents"` // SnippetContents
}

func (*FirstPartyVuln) AddScannerID 

func (firstPartyVuln *FirstPartyVuln) AddScannerID(scannerID string)

func (FirstPartyVuln) AssetVersionIndependentHash 

func (firstPartyVuln FirstPartyVuln) AssetVersionIndependentHash() string

func (*FirstPartyVuln) BeforeSave 

func (firstPartyVuln *FirstPartyVuln) BeforeSave(tx *gorm.DB) (err error)

func (*FirstPartyVuln) CalculateHash 

func (firstPartyVuln *FirstPartyVuln) CalculateHash() string

func (*FirstPartyVuln) GetArtifacts 

func (firstPartyVuln *FirstPartyVuln) GetArtifacts() []Artifact

func (FirstPartyVuln) GetAssetVersionName 

func (firstPartyVuln FirstPartyVuln) GetAssetVersionName() string

func (FirstPartyVuln) GetEvents 

func (firstPartyVuln FirstPartyVuln) GetEvents() []VulnEvent

func (*FirstPartyVuln) GetScannerIDsOrArtifactNames 

func (firstPartyVuln *FirstPartyVuln) GetScannerIDsOrArtifactNames() string

func (*FirstPartyVuln) GetType 

func (firstPartyVuln *FirstPartyVuln) GetType() dtos.VulnType

func (*FirstPartyVuln) RemoveScannerID 

func (firstPartyVuln *FirstPartyVuln) RemoveScannerID(scannerID string)

func (FirstPartyVuln) TableName 

func (firstPartyVuln FirstPartyVuln) TableName() string

func (*FirstPartyVuln) Title 

func (firstPartyVuln *FirstPartyVuln) Title() string

type GitLabIntegration 

type GitLabIntegration struct {
	Model

	Name string `json:"name"`

	AccessToken string `json:"accessToken"`
	GitLabURL   string `json:"gitLabUrl" gorm:"column:gitlab_url"`

	Org   Org       `json:"org" gorm:"foreignKey:OrgID;constraint:OnDelete:CASCADE;"`
	OrgID uuid.UUID `json:"orgId" gorm:"column:org_id"`
}

func (GitLabIntegration) TableName 

func (g GitLabIntegration) TableName() string

type GitLabOauth2Token 

type GitLabOauth2Token struct {
	ID uuid.UUID `json:"id" gorm:"column:id;primaryKey;default:gen_random_uuid()"` // the id of the token
	// oauth2 token using GitLab Applications feature
	AccessToken  string    `json:"accessToken" gorm:"column:access_token"`
	RefreshToken string    `json:"refreshToken" gorm:"column:refresh_token"`
	ExpiresAt    int64     `json:"expiresAt" gorm:"column:expires_at"`
	Scopes       string    `json:"scopes" gorm:"column:scopes"`
	UserID       string    `json:"userId" gorm:"column:user_id;uniqueIndex:single-provider-token;check:LOWER(user_id) <> 'NO_SESSION'"` // the gitlab user id
	GitLabUserID int       `json:"gitLabUserId" gorm:"column:gitlab_user_id"`                                                           // the gitlab user id
	Expiry       time.Time `json:"expiry" gorm:"column:expiry"`
	Verifier     *string   `json:"verifier" gorm:"column:verifier"` // used for the PKCE to protect against CSRF attacks during doing oauth2
	BaseURL      string    `json:"baseUrl" gorm:"column:base_url;"` // the base url of the gitlab instance
	CreatedAt    time.Time `json:"createdAt" gorm:"column:created_at"`
	UpdatedAt    time.Time `json:"updatedAt" gorm:"column:updated_at"`

	ProviderID string `json:"providerId" gorm:"column:provider_id;uniqueIndex:single-provider-token"` // the id of the provider - what you define in the env variables GITLAB_<PROVIDERID>_BASEURL...
}

func (*GitLabOauth2Token) BeforeSave 

func (token *GitLabOauth2Token) BeforeSave(tx *gorm.DB) (err error)

func (GitLabOauth2Token) TableName 

func (GitLabOauth2Token) TableName() string

type GithubAppInstallation 

type GithubAppInstallation struct {
	InstallationID int `json:"installationId" gorm:"primaryKey"`

	Org   *Org       `json:"org" gorm:"foreignKey:OrgID;constraint:OnDelete:CASCADE;"`
	OrgID *uuid.UUID `json:"orgId" gorm:"column:org_id"`

	InstallationCreatedWebhookReceivedTime time.Time `json:"installationCreatedWebhookReceivedTime"`

	SettingsURL string `json:"settingsUrl"`

	TargetType      string `json:"targetType"`
	TargetLogin     string `json:"targetLogin"`
	TargetAvatarURL string `json:"targetAvatarUrl"`
}

func (GithubAppInstallation) TableName 

func (GithubAppInstallation) TableName() string

type History 

type History struct {
	Distribution
	// on the day 2024-08-12 the asset had a sumRisk of 25.
	Day         time.Time `json:"day" gorm:"primaryKey;type:date"`
	SumOpenRisk float64   `json:"sumOpenRisk"`
	AvgOpenRisk float64   `json:"averageOpenRisk"`
	MaxOpenRisk float64   `json:"maxOpenRisk"`
	MinOpenRisk float64   `json:"minOpenRisk"`

	SumClosedRisk float64 `json:"sumClosedRisk"`
	AvgClosedRisk float64 `json:"averageClosedRisk"`
	MaxClosedRisk float64 `json:"maxClosedRisk"`
	MinClosedRisk float64 `json:"minClosedRisk"`

	OpenDependencyVulns  int `json:"openDependencyVulns"`
	FixedDependencyVulns int `json:"fixedDependencyVulns"`
}
type InTotoLink struct {
	// this is used to identify the link afterwards.
	// for the post-commit link this is the commit hash
	SupplyChainID string `json:"supplyChainId" gorm:"column:supply_chain_id;primaryKey"`
	Step          string `json:"step" gorm:"column:step;primaryKey"`

	Filename string `json:"filename" gorm:"column:filename"`

	// the real link payload
	Payload string `json:"payload" gorm:"column:payload"`

	PAT              PAT          `json:"pat" gorm:"foreignKey:PatID;constraint:OnDelete:CASCADE;"`
	AssetVersion     AssetVersion `gorm:"foreignKey:AssetVersionName,AssetID;references:Name,AssetID;constraint:OnDelete:CASCADE;"`
	AssetVersionName string       `json:"assetVersionName" gorm:"column:asset_version_name;primaryKey"`
	AssetID          uuid.UUID    `json:"assetId" gorm:"column:asset_id;primaryKey"`

	PatID uuid.UUID `json:"patId" gorm:"column:pat_id;"`

	CreatedAt time.Time `json:"createdAt" gorm:"column:created_at"`
}

func (InTotoLink) TableName 

func (InTotoLink) TableName() string

type Invitation 

type Invitation struct {
	Model
	Code string `json:"code"`
	// OrganizationID is the ID of the organization the invitation is for
	OrganizationID uuid.UUID `json:"organizationId"`
	Organization   Org
	// Email is the email address of the user the invitation is for
	Email string `json:"email"`
}

func (Invitation) TableName 

func (i Invitation) TableName() string

type JiraIntegration 

type JiraIntegration struct {
	Model

	Name  string    `json:"name" gorm:"type:varchar(255);not null"`
	Org   Org       `json:"org" gorm:"foreignKey:OrgID;constraint:OnDelete:CASCADE;"`
	OrgID uuid.UUID `json:"orgId" gorm:"column:org_id"`

	AccessToken string `json:"accessToken"`
	URL         string `json:"url" gorm:"type:text;not null"`
	UserEmail   string `json:"userEmail" gorm:"column:user_email"`
	AccountID   string `json:"accountId" gorm:"column:account_id"`
}

func (JiraIntegration) TableName 

func (JiraIntegration) TableName() string

type LicenseRisk 

type LicenseRisk struct {
	Vulnerability
	FinalLicenseDecision *string    `json:"finalLicenseDecision" gorm:"type:text"`
	ComponentPurl        string     `json:"componentPurl" gorm:"type:text;"`
	Component            Component  `json:"component" gorm:"foreignKey:ComponentPurl;references:Purl;constraint:OnDelete:CASCADE;"`
	Artifacts            []Artifact `json:"artifacts" gorm:"many2many:artifact_license_risks;constraint:OnDelete:CASCADE"`
}

func (LicenseRisk) AssetVersionIndependentHash 

func (licenseRisk LicenseRisk) AssetVersionIndependentHash() string

func (*LicenseRisk) BeforeSave 

func (licenseRisk *LicenseRisk) BeforeSave(tx *gorm.DB) (err error)

func (*LicenseRisk) CalculateHash 

func (licenseRisk *LicenseRisk) CalculateHash() string

func (*LicenseRisk) GetArtifactNames 

func (licenseRisk *LicenseRisk) GetArtifactNames() string

func (*LicenseRisk) GetArtifacts 

func (licenseRisk *LicenseRisk) GetArtifacts() []Artifact

func (LicenseRisk) GetAssetVersionName 

func (licenseRisk LicenseRisk) GetAssetVersionName() string

func (LicenseRisk) GetEvents 

func (licenseRisk LicenseRisk) GetEvents() []VulnEvent

func (LicenseRisk) GetType 

func (licenseRisk LicenseRisk) GetType() dtos.VulnType

func (*LicenseRisk) SetFinalLicenseDecision 

func (licenseRisk *LicenseRisk) SetFinalLicenseDecision(finalLicenseDecision string)

func (LicenseRisk) TableName 

func (licenseRisk LicenseRisk) TableName() string

func (LicenseRisk) Title 

func (licenseRisk LicenseRisk) Title() string

type Mitigation 

type Mitigation struct {
	Model
	Type             Type      `json:"mitigationType"`
	InitiatingUserID string    `json:"initiatingUserId"`
	ResultID         uuid.UUID `json:"resultId"`

	DueDate    *time.Time     `json:"dueDate"`
	Properties datatypes.JSON `gorm:"type:jsonb;default:'{}';not null"`

	MitigationPending bool   `json:"mitigationPending" gorm:"default:false"` // will be true for fix and transfer types - we are waiting for another scan report which verifies, that the related result is fixed. Will be false for avoid and accept types
	Justification     string `json:"justification"`
}

type Model 

type Model struct {
	ID        uuid.UUID `gorm:"primarykey;type:uuid;default:gen_random_uuid()" json:"id"`
	CreatedAt time.Time `json:"createdAt"`
	UpdatedAt time.Time `json:"updatedAt"`
}

func (Model) GetID 

func (a Model) GetID() uuid.UUID

type Org 

type Org struct {
	Model
	Name                   string    `json:"name" gorm:"type:text"`
	ContactPhoneNumber     *string   `json:"contactPhoneNumber" gorm:"type:text"`
	NumberOfEmployees      *int      `json:"numberOfEmployees"`
	Country                *string   `json:"country" gorm:"type:text"`
	Industry               *string   `json:"industry" gorm:"type:text"`
	CriticalInfrastructure bool      `json:"criticalInfrastructure"`
	ISO27001               bool      `json:"iso27001"`
	NIST                   bool      `json:"nist"`
	Grundschutz            bool      `json:"grundschutz"`
	Projects               []Project `json:"projects" gorm:"foreignKey:OrganizationID;"`
	Slug                   string    `json:"slug" gorm:"type:text;unique;not null;index"`
	Description            string    `json:"description" gorm:"type:text"`

	GithubAppInstallations []GithubAppInstallation `json:"githubAppInstallations" gorm:"foreignKey:OrgID;"`

	GitLabIntegrations []GitLabIntegration `json:"gitLabIntegrations" gorm:"foreignKey:OrgID;"`

	JiraIntegrations []JiraIntegration `json:"jiraIntegrations" gorm:"foreignKey:OrgID;"`

	SharesVulnInformation bool                 `json:"sharesVulnInformation" gorm:"default:false"`
	Webhooks              []WebhookIntegration `json:"webhooks" gorm:"foreignKey:OrgID;"`

	IsPublic bool `json:"isPublic" gorm:"default:false;"`

	ConfigFiles database.JSONB `json:"configFiles" gorm:"type:jsonb"`

	Language string `json:"language" gorm:"type:text;size:2"`

	ExternalEntityProviderID *string `json:"externalEntityProviderId" gorm:"unique;type:text"`
}

func (Org) IsExternalEntity 

func (m Org) IsExternalEntity() bool

func (Org) TableName 

func (m Org) TableName() string

type PAT 

type PAT struct {
	CreatedAt   time.Time  `json:"createdAt"`
	UserID      uuid.UUID  `json:"userId"`
	PubKey      string     `json:"pubKey"`
	Description string     `json:"description" gorm:"type:text"`
	ID          uuid.UUID  `json:"id" gorm:"type:uuid;default:gen_random_uuid()"`
	Fingerprint string     `json:"fingerprint"`
	LastUsedAt  *time.Time `json:"lastUsedAt" gorm:"default:null"`
	Scopes      string     `json:"scopes" gorm:"type:text"` // whitespace separated scopes manage-project read-project scan-asset manage-all
}

func (PAT) GetUserID 

func (p PAT) GetUserID() string

func (PAT) HashToken 

func (p PAT) HashToken(token string) string

func (PAT) TableName 

func (p PAT) TableName() string

type Policy 

type Policy struct {
	ID            uuid.UUID `json:"id" gorm:"type:uuid;primaryKey;default:gen_random_uuid()"`
	Rego          string    `json:"rego"`
	Title         string    `json:"title"`
	PredicateType string    `json:"predicateType"`
	Description   string    `json:"description"`

	OrganizationID *uuid.UUID `json:"organizationId"` // will be null for global policies
	Organization   *Org       `json:"organization" gorm:"foreignKey:OrganizationID;references:ID;constraint:OnDelete:CASCADE;"`

	OpaqueID *string   `json:"opaqueId" gorm:"unique"` // only used by global policies maintained by the community and migrated by the system
	Projects []Project `json:"projects" gorm:"many2many:project_enabled_policies;constraint:OnDelete:CASCADE;"`
}

func (Policy) TableName 

func (m Policy) TableName() string

type Project 

type Project struct {
	Model
	Name           string    `json:"name" gorm:"type:text"`
	Avatar         *string   `json:"avatar" gorm:"type:text"`
	Assets         []Asset   `json:"assets" gorm:"foreignKey:ProjectID;"`
	OrganizationID uuid.UUID `json:"organizationId" gorm:"uniqueIndex:idx_project_org_slug;not null;type:uuid"`
	Organization   Org       `json:"organization" gorm:"foreignKey:OrganizationID;references:ID;constraint:OnDelete:CASCADE;"`
	Slug           string    `json:"slug" gorm:"type:text;uniqueIndex:idx_project_org_slug;not null"`
	Description    string    `json:"description" gorm:"type:text"`

	IsPublic bool `json:"isPublic" gorm:"default:false;"`

	Children []Project  `json:"-" gorm:"foreignKey:ParentID;constraint:OnDelete:CASCADE;"` // allowing nested projects
	ParentID *uuid.UUID `json:"parentId" gorm:"type:uuid;"`
	Parent   *Project   `json:"parent" gorm:"foreignKey:ParentID;constraint:OnDelete:CASCADE;"`

	Type ProjectType `json:"type" gorm:"type:text;default:'default';"`

	RepositoryID   *string `json:"repositoryId" gorm:"type:text;"` // the id will be prefixed with the provider name, e.g. github:<github app installation id>:123456
	RepositoryName *string `json:"repositoryName" gorm:"type:text;"`

	ConfigFiles database.JSONB `json:"configFiles" gorm:"type:jsonb"`

	EnabledPolicies []Policy `json:"enabledPolicies" gorm:"many2many:project_enabled_policies;constraint:OnDelete:CASCADE;"`

	ExternalEntityID         *string `json:"externalEntityId" gorm:"uniqueIndex:unique_external_entity;"`
	ExternalEntityProviderID *string `json:"externalEntityProviderId" gorm:"uniqueIndex:unique_external_entity;"`
	ExternalEntityParentID   *string `json:"externalEntityProviderParentId" gorm:"type:text;"`

	Webhooks []WebhookIntegration `json:"webhooks" gorm:"foreignKey:ProjectID;"`
}

func (*Project) GetSlug 

func (m *Project) GetSlug() string

func (Project) IsExternalEntity 

func (m Project) IsExternalEntity() bool

func (*Project) Same 

func (m *Project) Same(other *Project) bool

func (*Project) SetSlug 

func (m *Project) SetSlug(slug string)

func (Project) TableName 

func (m Project) TableName() string

type ProjectRiskHistory 

type ProjectRiskHistory struct {
	Distribution
	History
	ProjectID uuid.UUID `json:"id" gorm:"primaryKey;type:uuid"`
}

func (ProjectRiskHistory) TableName 

func (m ProjectRiskHistory) TableName() string

type ProjectType 

type ProjectType string
const (
	ProjectTypeDefault             ProjectType = "default"
	ProjectTypeKubernetesNamespace ProjectType = "kubernetesNamespace"
	ProjectTypeKubernetesCluster   ProjectType = "kubernetesCluster"
)

type Release 

type Release struct {
	ID        uuid.UUID `gorm:"primarykey;type:uuid;default:gen_random_uuid()" json:"id"`
	CreatedAt time.Time `json:"createdAt"`
	UpdatedAt time.Time `json:"updatedAt"`
	Name      string    `json:"name" gorm:"not null;type:text;"`
	ProjectID uuid.UUID `json:"projectId" gorm:"index;type:uuid"`
	Project   Project   `json:"project" gorm:"foreignKey:ProjectID;references:ID;constraint:OnDelete:CASCADE;"`

	// parent → children
	Items []ReleaseItem `json:"items" gorm:"foreignKey:ReleaseID;constraint:OnDelete:CASCADE;"`

	// back reference → where this release is included as a child
	ParentItems []ReleaseItem `json:"parentItems" gorm:"foreignKey:ChildReleaseID;constraint:OnDelete:CASCADE;"`
}

func (Release) TableName 

func (m Release) TableName() string

type ReleaseItem 

type ReleaseItem struct {
	ID        uuid.UUID `gorm:"primarykey;type:uuid;default:gen_random_uuid()"`
	ReleaseID uuid.UUID `gorm:"index;type:uuid"` // parent release
	Release   Release   `gorm:"foreignKey:ReleaseID;constraint:OnDelete:CASCADE;"`

	ChildReleaseID *uuid.UUID `gorm:"index;type:uuid"`
	ChildRelease   *Release   `gorm:"foreignKey:ChildReleaseID;references:ID;constraint:OnDelete:CASCADE;"`

	// composite foreign key to artifacts (ArtifactName, AssetVersionName, AssetID)
	ArtifactName     *string    `gorm:"index;type:text"`
	AssetVersionName *string    `gorm:"index;type:text"`
	AssetID          *uuid.UUID `gorm:"index;type:uuid"`
	Artifact         *Artifact  `` /* 133-byte string literal not displayed */
}

type ScannerInformation 

type ScannerInformation struct {
	LastScan *time.Time `json:"lastScan,omitempty"`
}

type Severity 

type Severity string
const (
	SeverityCritical Severity = "critical"
	SeverityHigh     Severity = "high"
	SeverityMedium   Severity = "medium"
	SeverityLow      Severity = "low"
	SeverityInfo     Severity = "info"
)

type SupplyChain 

type SupplyChain struct {
	SupplyChainID           string    `json:"supplyChainId" gorm:"column:supply_chain_id;primaryKey"`
	Verified                bool      `json:"verified" gorm:"column:verified"`
	SupplyChainOutputDigest string    `json:"supplyChainOutputDigest" gorm:"column:supply_chain_output_digest"`
	CreatedAt               time.Time `json:"createdAt" gorm:"column:created_at"`
	UpdatedAt               time.Time `json:"updatedAt" gorm:"column:updated_at"`

	AssetVersion     AssetVersion `json:"assetVersion" gorm:"foreignKey:AssetVersionName,AssetID;references:Name,AssetID;OnDelete:CASCADE;"`
	AssetVersionName string       `json:"assetVersionName" gorm:"column:asset_version_name;"`
	AssetID          uuid.UUID    `json:"assetId" gorm:"column:asset_id;"`
}

func (SupplyChain) TableName 

func (SupplyChain) TableName() string

type Type 

type Type string
const (
	TypeAvoid    Type = "avoid"
	TypeAccept   Type = "accept"
	TypeFix      Type = "fix"
	TypeTransfer Type = "transfer"
)

type Vuln 

type Vuln interface {
	SetState(state dtos.VulnState)
	GetState() dtos.VulnState
	SetRawRiskAssessment(risk float64)
	SetRiskRecalculatedAt(time.Time)
	GetRawRiskAssessment() float64
	GetAssetVersionName() string
	GetAssetID() uuid.UUID
	GetID() string
	TableName() string
	AddScannerID(scannerID string)
	RemoveScannerID(scannerID string)
	GetScannerIDsOrArtifactNames() string
	GetType() dtos.VulnType
	SetTicketID(ticketID string)
	SetTicketURL(ticketURL string)
	SetManualTicketCreation(manualTicketCreation bool)
	GetArtifacts() []Artifact

	GetTicketID() *string
	GetTicketURL() *string
	GetManualTicketCreation() bool
}

type VulnEvent 

type VulnEvent struct {
	Model
	Type                    dtos.VulnEventType               `json:"type" gorm:"type:text"`
	VulnID                  string                           `json:"vulnId"`
	VulnType                dtos.VulnType                    `json:"dtos.VulnType" gorm:"type:text;not null;default:'dependencyVuln'"`
	UserID                  string                           `json:"userId"`
	Justification           *string                          `json:"justification" gorm:"type:text;"`
	MechanicalJustification dtos.MechanicalJustificationType `json:"mechanicalJustification" gorm:"type:text;"`
	ArbitraryJSONData       string                           `json:"arbitraryJSONData" gorm:"type:text;"`

	OriginalAssetVersionName *string            `json:"originalAssetVersionName" gorm:"column:original_asset_version_name;type:text;default:null;"`
	Upstream                 dtos.UpstreamState `json:"upstream" gorm:"default:0;not null;"`
	// contains filtered or unexported fields
}

func NewAcceptedEvent 

func NewAcceptedEvent(vulnID string, vulnType dtos.VulnType, userID, justification string, upstream dtos.UpstreamState) VulnEvent

func NewCommentEvent 

func NewCommentEvent(vulnID string, vulnType dtos.VulnType, userID, justification string, upstream dtos.UpstreamState) VulnEvent

func NewDetectedEvent 

func NewDetectedEvent(vulnID string, vulnType dtos.VulnType, userID string, riskCalculationReport dtos.RiskCalculationReport, scannerID string, upstream dtos.UpstreamState) VulnEvent

func NewFalsePositiveEvent 

func NewFalsePositiveEvent(vulnID string, vulnType dtos.VulnType, userID, justification string, mechanicalJustification dtos.MechanicalJustificationType, artifactName string, upstream dtos.UpstreamState) VulnEvent

func NewFixedEvent 

func NewFixedEvent(vulnID string, vulnType dtos.VulnType, userID string, artifactName string, upstream dtos.UpstreamState) VulnEvent

func NewLicenseDecisionEvent 

func NewLicenseDecisionEvent(vulnID string, vulnType dtos.VulnType, userID string, justification, artifactName string, finalLicenseDecision string) VulnEvent

func NewMitigateEvent 

func NewMitigateEvent(vulnID string, vulnType dtos.VulnType, userID string, justification string, arbitraryData map[string]any) VulnEvent

func NewRawRiskAssessmentUpdatedEvent 

func NewRawRiskAssessmentUpdatedEvent(vulnID string, vulnType dtos.VulnType, userID string, justification string, oldRisk *float64, report dtos.RiskCalculationReport) VulnEvent

func NewReopenedEvent 

func NewReopenedEvent(vulnID string, vulnType dtos.VulnType, userID, justification string, upstream dtos.UpstreamState) VulnEvent

func (VulnEvent) Apply 

func (event VulnEvent) Apply(vuln Vuln)

func (*VulnEvent) GetArbitraryJSONData 

func (event *VulnEvent) GetArbitraryJSONData() map[string]any

func (*VulnEvent) SetArbitraryJSONData 

func (event *VulnEvent) SetArbitraryJSONData(data map[string]any)

func (VulnEvent) TableName 

func (event VulnEvent) TableName() string

type VulnEventDetail 

type VulnEventDetail struct {
	VulnEvent

	AssetVersionName string `json:"assetVersionName" gorm:"column:asset_version_name"`
	Slug             string `json:"assetVersionSlug" gorm:"column:slug"`
	CVEID            string `json:"cveID" gorm:"column:cve_id"`
	ComponentPurl    string `json:"packageName"`
	URI              string `json:"uri"`
}

type VulnInPackage 

type VulnInPackage struct {
	CVEID        string
	CVE          CVE
	Purl         string
	FixedVersion *string
}

type Vulnerability 

type Vulnerability struct {
	ID string `json:"id" gorm:"primaryKey;not null;"`

	AssetVersionName string       `json:"assetVersionName" gorm:"not null;"`
	AssetID          uuid.UUID    `json:"vulnAssetId" gorm:"not null;"`
	AssetVersion     AssetVersion `json:"assetVersion" gorm:"foreignKey:AssetVersionName,AssetID;references:Name,AssetID;constraint:OnDelete:CASCADE;"`

	Message *string `json:"message"`

	Events []VulnEvent `gorm:"foreignKey:VulnID;constraint:OnDelete:CASCADE,OnUpdate:CASCADE;" json:"events"`

	State dtos.VulnState `json:"state" gorm:"default:'open';not null;type:text;"`

	LastDetected time.Time `json:"lastDetected" gorm:"default:now();not null;"`

	TicketID             *string `json:"ticketId" gorm:"default:null;"` // might be set by integrations
	TicketURL            *string `json:"ticketUrl" gorm:"default:null;"`
	ManualTicketCreation bool    `json:"manualTicketCreation" gorm:"default:false;"`

	CreatedAt time.Time `json:"createdAt"`
	UpdatedAt time.Time `json:"updatedAt"`
}

func (*Vulnerability) AddScannerID 

func (d *Vulnerability) AddScannerID(scannerID string)

func (*Vulnerability) GetAssetID 

func (d *Vulnerability) GetAssetID() uuid.UUID

func (*Vulnerability) GetAssetVersionName 

func (d *Vulnerability) GetAssetVersionName() string

func (*Vulnerability) GetID 

func (d *Vulnerability) GetID() string

func (*Vulnerability) GetManualTicketCreation 

func (d *Vulnerability) GetManualTicketCreation() bool

func (*Vulnerability) GetRawRiskAssessment 

func (d *Vulnerability) GetRawRiskAssessment() float64

func (*Vulnerability) GetScannerIDsOrArtifactNames 

func (d *Vulnerability) GetScannerIDsOrArtifactNames() string

TODO what should we return by dependency vulns? we need this for example by commonint.CreateNewVulnEventBasedOnComment function

func (*Vulnerability) GetState 

func (d *Vulnerability) GetState() dtos.VulnState

func (*Vulnerability) GetTicketID 

func (d *Vulnerability) GetTicketID() *string

func (*Vulnerability) GetTicketURL 

func (d *Vulnerability) GetTicketURL() *string

func (*Vulnerability) RemoveScannerID 

func (d *Vulnerability) RemoveScannerID(scannerID string)

func (*Vulnerability) SetManualTicketCreation 

func (d *Vulnerability) SetManualTicketCreation(manualTicketCreation bool)

func (*Vulnerability) SetRawRiskAssessment 

func (d *Vulnerability) SetRawRiskAssessment(risk float64)

func (*Vulnerability) SetRiskRecalculatedAt 

func (d *Vulnerability) SetRiskRecalculatedAt(t time.Time)

func (*Vulnerability) SetState 

func (d *Vulnerability) SetState(state dtos.VulnState)

func (*Vulnerability) SetTicketID 

func (d *Vulnerability) SetTicketID(ticketID string)

func (*Vulnerability) SetTicketURL 

func (d *Vulnerability) SetTicketURL(ticketURL string)

type Weakness 

type Weakness struct {
	Source string `json:"source" gorm:"type:text;"`
	Type   string `json:"type" gorm:"type:text;"`
	CVEID  string `json:"cve" gorm:"primaryKey;not null;type:text;"`
	CVE    CVE
	CWEID  string `json:"cwe" gorm:"primaryKey;not null;type:text;"`
}

func (Weakness) TableName 

func (m Weakness) TableName() string

type WebhookIntegration 

type WebhookIntegration struct {
	Model
	Name        *string `json:"name"`
	Description *string `json:"description"`
	URL         string  `json:"url" gorm:"column:url"`
	Secret      *string `json:"secret" gorm:"column:secret"`
	SbomEnabled bool    `json:"sbomEnabled" gorm:"column:sbom_enabled"`
	VulnEnabled bool    `json:"vulnEnabled" gorm:"column:vuln_enabled"`

	Org   Org       `json:"org" gorm:"foreignKey:OrgID;constraint:OnDelete:CASCADE;"`
	OrgID uuid.UUID `json:"orgId" gorm:"column:org_id"`

	ProjectID *uuid.UUID `json:"projectId" gorm:"column:project_id;nullable"`
	Project   *Project   `json:"project" gorm:"foreignKey:ProjectID;constraint:OnDelete:CASCADE;"`
}

func (WebhookIntegration) TableName 

func (WebhookIntegration) TableName() string

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.