services

package
v1.0.0-rc.17 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jan 19, 2026 License: AGPL-3.0 Imports: 67 Imported by: 0

Documentation

Overview

Copyright (C) 2024 Tim Bastin, l3montree GmbH

This program is free software: you can redistribute it and/or modify it under the terms of the GNU Affero General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version.

This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Affero General Public License for more details.

You should have received a copy of the GNU Affero General Public License along with this program. If not, see <https://www.gnu.org/licenses/>.

Copyright 2025 l3montree UG (haftungsbeschraenkt). SPDX-License-Identifier: AGPL-3.0-or-later

Index

Constants

This section is empty.

Variables

View Source 
var ServiceModule = fx.Options(
	fx.Provide(fx.Annotate(utils.NewFireAndForgetSynchronizer, fx.As(new(utils.FireAndForgetSynchronizer)))),
	fx.Provide(fx.Annotate(NewDatabaseLeaderElector, fx.As(new(shared.LeaderElector)))),
	fx.Provide(fx.Annotate(NewConfigService, fx.As(new(shared.ConfigService)))),
	fx.Provide(fx.Annotate(NewFirstPartyVulnService, fx.As(new(shared.FirstPartyVulnService)))),
	fx.Provide(fx.Annotate(NewLicenseRiskService, fx.As(new(shared.LicenseRiskService)))),
	fx.Provide(fx.Annotate(NewProjectService, fx.As(new(shared.ProjectService)))),
	fx.Provide(fx.Annotate(NewAssetService, fx.As(new(shared.AssetService)))),
	fx.Provide(fx.Annotate(NewComponentService, fx.As(new(shared.ComponentService)))),
	fx.Provide(fx.Annotate(NewAssetVersionService, fx.As(new(shared.AssetVersionService)))),
	fx.Provide(func() http.Client { return utils.EgressClient }),
	fx.Provide(fx.Annotate(NewCSAFService, fx.As(new(shared.CSAFService)))),
	fx.Provide(fx.Annotate(NewArtifactService, fx.As(new(shared.ArtifactService)))),
	fx.Provide(fx.Annotate(NewStatisticsService, fx.As(new(shared.StatisticsService)))),
	fx.Provide(fx.Annotate(NewInTotoService, fx.As(new(shared.InTotoVerifierService)))),
	fx.Provide(fx.Annotate(NewOrgService, fx.As(new(shared.OrgService)))),
	fx.Provide(fx.Annotate(NewScanService, fx.As(new(shared.ScanService)))),
	fx.Provide(fx.Annotate(NewExternalEntityProviderService, fx.As(new(shared.ExternalEntityProviderService)))),
	fx.Provide(fx.Annotate(NewReleaseService, fx.As(new(shared.ReleaseService)))),
	fx.Provide(fx.Annotate(NewPatService, fx.As(new(shared.PersonalAccessTokenService)))),
	fx.Provide(fx.Annotate(NewDependencyVulnService, fx.As(new(shared.DependencyVulnService)))),
	fx.Provide(fx.Annotate(NewOpenSourceInsightService, fx.As(new(shared.OpenSourceInsightService)))),
)

ServiceModule provides all service-layer constructors as their interfaces

Functions

func CreateYAMLMetadata 

func CreateYAMLMetadata(organizationName string, assetName string, assetVersionName string) dtos.YamlMetadata

generate the metadata used to generate the sbom-pdf and return it as struct

func FetchMembersOfAsset 

func FetchMembersOfAsset(ctx shared.Context) ([]dtos.UserDTO, error)

func GenerateCSAFReport 

func GenerateCSAFReport(ctx shared.Context, dependencyVulnRepository shared.DependencyVulnRepository, vulnEventRepository shared.VulnEventRepository, assetVersionRepository shared.AssetVersionRepository, cveRepository shared.CveRepository, artifactRepository shared.ArtifactRepository) (gocsaf.Advisory, error)

generate a specific csaf report version

func HexPubKeyToECDSA 

func HexPubKeyToECDSA(hexPubKey string) ecdsa.PublicKey

func HexTokenToECDSA 

func HexTokenToECDSA(hexToken string) (ecdsa.PrivateKey, ecdsa.PublicKey, error)

func MarkdownTableFromSBOM 

func MarkdownTableFromSBOM(outputFile *bytes.Buffer, bom *cdx.BOM) error

write the components from bom to the output file following the template

func NewAssetService 

func NewAssetService(assetRepository shared.AssetRepository, dependencyVulnRepository shared.DependencyVulnRepository, dependencyVulnService shared.DependencyVulnService) *assetService

func NewAssetVersionService 

func NewAssetVersionService(assetVersionRepository shared.AssetVersionRepository, componentRepository shared.ComponentRepository, dependencyVulnRepository shared.DependencyVulnRepository, firstPartyVulnRepository shared.FirstPartyVulnRepository, dependencyVulnService shared.DependencyVulnService, firstPartyVulnService shared.FirstPartyVulnService, assetRepository shared.AssetRepository, projectRepository shared.ProjectRepository, orgRepository shared.OrganizationRepository, vulnEventRepository shared.VulnEventRepository, componentService shared.ComponentService, thirdPartyIntegration shared.IntegrationAggregate, licenseRiskRepository shared.LicenseRiskRepository, cveRelationshipRepository shared.CVERelationshipRepository, synchronizer utils.FireAndForgetSynchronizer) *assetVersionService

func NewCSAFService 

func NewCSAFService(client http.Client) *csafService

func NewDatabaseLeaderElector 

func NewDatabaseLeaderElector(configService shared.ConfigService) *databaseLeaderElector

func NewExternalEntityProviderService 

func NewExternalEntityProviderService(
	projectService shared.ProjectService,
	assetService shared.AssetService,
	assetRepository shared.AssetRepository,
	projectRepository shared.ProjectRepository,
	rbacProvider shared.RBACProvider,
	organizationRepository shared.OrganizationRepository,

) externalEntityProviderService

func NewFirstPartyVulnService 

func NewFirstPartyVulnService(firstPartyVulnRepository shared.FirstPartyVulnRepository, vulnEventRepository shared.VulnEventRepository, assetRepository shared.AssetRepository, thirdPartyIntegration shared.IntegrationAggregate) *firstPartyVulnService

func NewOpenSourceInsightService 

func NewOpenSourceInsightService() *openSourceInsightService

func NewProjectService 

func NewProjectService(projectRepository shared.ProjectRepository, assetRepository shared.AssetRepository) *projectService

func NewReleaseService 

func NewReleaseService(releaseRepository shared.ReleaseRepository) *releaseService

func NewScanService 

func NewScanService(db shared.DB, cveRepository shared.CveRepository, assetVersionService shared.AssetVersionService, dependencyVulnService shared.DependencyVulnService, artifactService shared.ArtifactService, statisticsService shared.StatisticsService, synchronizer utils.FireAndForgetSynchronizer) *scanService

func NewStatisticsService 

func NewStatisticsService(statisticsRepository shared.StatisticsRepository, componentRepository shared.ComponentRepository, assetRiskHistoryRepository shared.ArtifactRiskHistoryRepository, dependencyVulnRepository shared.DependencyVulnRepository, assetVersionRepository shared.AssetVersionRepository, projectRepository shared.ProjectRepository, releaseRepository shared.ReleaseRepository) *statisticsService

func NewWebhookService 

func NewWebhookService(url string, secret *string) *webhookClient

func SignCSAFReport 

func SignCSAFReport(csafJSON []byte) ([]byte, error)

signs data and returns the resulting signature

func SignRequest 

func SignRequest(hexPrivKey string, req *http.Request) error

Types

type ArtifactService 

type ArtifactService struct {
	// contains filtered or unexported fields
}

func NewArtifactService 

func NewArtifactService(artifactRepository shared.ArtifactRepository,
	csafService shared.CSAFService,
	cveRepository shared.CveRepository, componentRepository shared.ComponentRepository, dependencyVulnRepository shared.DependencyVulnRepository, assetRepository shared.AssetRepository, assetVersionRepository shared.AssetVersionRepository, assetVersionService shared.AssetVersionService, dependencyVulnService shared.DependencyVulnService) *ArtifactService

func (*ArtifactService) DeleteArtifact 

func (s *ArtifactService) DeleteArtifact(assetID uuid.UUID, assetVersionName string, artifactName string) error

func (*ArtifactService) FetchBomsFromUpstream 

func (s *ArtifactService) FetchBomsFromUpstream(artifactName string, ref string, upstreamURLs []string) ([]*normalize.CdxBom, []string, []string)

func (*ArtifactService) GetArtifactsByAssetIDAndAssetVersionName 

func (s *ArtifactService) GetArtifactsByAssetIDAndAssetVersionName(assetID uuid.UUID, assetVersionName string) ([]models.Artifact, error)

func (*ArtifactService) ReadArtifact 

func (s *ArtifactService) ReadArtifact(name string, assetVersionName string, assetID uuid.UUID) (models.Artifact, error)

func (*ArtifactService) SaveArtifact 

func (s *ArtifactService) SaveArtifact(artifact *models.Artifact) error

func (*ArtifactService) SyncUpstreamBoms 

func (s *ArtifactService) SyncUpstreamBoms(boms []*normalize.CdxBom, org models.Org, project models.Project, asset models.Asset, assetVersion models.AssetVersion, artifact models.Artifact, userID string) ([]models.DependencyVuln, error)

type ComponentService 

type ComponentService struct {
	utils.FireAndForgetSynchronizer
	// contains filtered or unexported fields
}

func NewComponentService 

func NewComponentService(openSourceInsightsService shared.OpenSourceInsightService, componentProjectRepository shared.ComponentProjectRepository, componentRepository shared.ComponentRepository, licenseRiskService shared.LicenseRiskService, artifactRepository shared.ArtifactRepository, synchronizer utils.FireAndForgetSynchronizer) *ComponentService

func (*ComponentService) FetchInformationSources 

func (s *ComponentService) FetchInformationSources(artifact *models.Artifact) ([]models.ComponentDependency, error)

func (*ComponentService) GetAndSaveLicenseInformation 

func (s *ComponentService) GetAndSaveLicenseInformation(assetVersion models.AssetVersion, artifactName *string, forceRefresh bool, upstream dtos.UpstreamState) ([]models.Component, error)

func (*ComponentService) GetLicense 

func (s *ComponentService) GetLicense(component models.Component) (models.Component, error)

func (*ComponentService) RefreshComponentProjectInformation 

func (s *ComponentService) RefreshComponentProjectInformation(project models.ComponentProject)

func (*ComponentService) RemoveInformationSources 

func (s *ComponentService) RemoveInformationSources(artifact *models.Artifact, rootNodePurls []string) error

type ConfigService 

type ConfigService struct {
	// contains filtered or unexported fields
}

func NewConfigService 

func NewConfigService(db shared.DB) ConfigService

func (ConfigService) GetJSONConfig 

func (service ConfigService) GetJSONConfig(key string, v any) error

func (ConfigService) RemoveConfig 

func (service ConfigService) RemoveConfig(key string) error

func (ConfigService) SetJSONConfig 

func (service ConfigService) SetJSONConfig(key string, v any) error

type DependencyVulnService 

type DependencyVulnService struct {
	// contains filtered or unexported fields
}

func NewDependencyVulnService 

func NewDependencyVulnService(dependencyVulnRepository shared.DependencyVulnRepository, vulnEventRepository shared.VulnEventRepository, assetRepository shared.AssetRepository, cveRepository shared.CveRepository, orgRepository shared.OrganizationRepository, projectRepository shared.ProjectRepository, thirdPartyIntegration shared.IntegrationAggregate, assetVersionRepository shared.AssetVersionRepository) *DependencyVulnService

func (*DependencyVulnService) CreateVulnEventAndApply 

func (s *DependencyVulnService) CreateVulnEventAndApply(tx shared.DB, assetID uuid.UUID, userID string, dependencyVuln *models.DependencyVuln, vulnEventType dtos.VulnEventType, justification string, mechanicalJustification dtos.MechanicalJustificationType, assetVersionName string, upstream dtos.UpstreamState) (models.VulnEvent, error)

func (*DependencyVulnService) RecalculateRawRiskAssessment 

func (s *DependencyVulnService) RecalculateRawRiskAssessment(tx shared.DB, userID string, dependencyVulns []models.DependencyVuln, justification string, asset models.Asset) ([]models.DependencyVuln, error)

func (*DependencyVulnService) SyncAllIssues 

func (s *DependencyVulnService) SyncAllIssues(org models.Org, project models.Project, asset models.Asset, assetVersion models.AssetVersion) error

func (*DependencyVulnService) SyncIssues 

func (s *DependencyVulnService) SyncIssues(org models.Org, project models.Project, asset models.Asset, assetVersion models.AssetVersion, vulnList []models.DependencyVuln) error

func (*DependencyVulnService) UserDetectedDependencyVulnInAnotherArtifact 

func (s *DependencyVulnService) UserDetectedDependencyVulnInAnotherArtifact(tx shared.DB, vulnerabilities []models.DependencyVuln, scannerID string) error

func (*DependencyVulnService) UserDetectedDependencyVulns 

func (s *DependencyVulnService) UserDetectedDependencyVulns(tx shared.DB, artifactName string, dependencyVulns []models.DependencyVuln, assetVersion models.AssetVersion, asset models.Asset, upstream dtos.UpstreamState) error

func (*DependencyVulnService) UserDetectedExistingVulnOnDifferentBranch 

func (s *DependencyVulnService) UserDetectedExistingVulnOnDifferentBranch(tx shared.DB, scannerID string, dependencyVulns []statemachine.BranchVulnMatch[*models.DependencyVuln], assetVersion models.AssetVersion, asset models.Asset) error

func (*DependencyVulnService) UserDidNotDetectDependencyVulnInArtifactAnymore 

func (s *DependencyVulnService) UserDidNotDetectDependencyVulnInArtifactAnymore(tx shared.DB, vulnerabilities []models.DependencyVuln, scannerID string) error

func (*DependencyVulnService) UserFixedDependencyVulns 

func (s *DependencyVulnService) UserFixedDependencyVulns(tx shared.DB, userID string, dependencyVulns []models.DependencyVuln, assetVersion models.AssetVersion, asset models.Asset, upstream dtos.UpstreamState) error

type Diffable 

type Diffable interface {
	AssetVersionIndependentHash() string
	GetAssetVersionName() string
	GetEvents() []models.VulnEvent
}

type InTotoService 

type InTotoService struct {
	// contains filtered or unexported fields
}

func NewInTotoService 

func NewInTotoService(rbacProvider shared.RBACProvider, inTotoLinkRepository shared.InTotoLinkRepository, projectRepository shared.ProjectRepository, patRepository shared.PersonalAccessTokenRepository, supplyChainRepository shared.SupplyChainRepository) *InTotoService

func (InTotoService) HexPublicKeyToInTotoKey 

func (service InTotoService) HexPublicKeyToInTotoKey(hexPubKey string) (toto.Key, error)

func (InTotoService) VerifySupplyChain 

func (service InTotoService) VerifySupplyChain(supplyChainID string) (bool, error)

func (InTotoService) VerifySupplyChainByDigestOnly 

func (service InTotoService) VerifySupplyChainByDigestOnly(digest string) (bool, error)

func (InTotoService) VerifySupplyChainWithOutputDigest 

func (service InTotoService) VerifySupplyChainWithOutputDigest(imageNameOrSupplyChainID string, digest string) (bool, error)

type LicenseRiskService 

type LicenseRiskService struct {
	// contains filtered or unexported fields
}

func NewLicenseRiskService 

func NewLicenseRiskService(licenseRiskRepository shared.LicenseRiskRepository, vulnEventRepository shared.VulnEventRepository) *LicenseRiskService

func (*LicenseRiskService) FindLicenseRisksInComponents 

func (s *LicenseRiskService) FindLicenseRisksInComponents(assetVersion models.AssetVersion, components []models.Component, artifactName string, upstream dtos.UpstreamState) error

func (*LicenseRiskService) MakeFinalLicenseDecision 

func (s *LicenseRiskService) MakeFinalLicenseDecision(vulnID, finalLicense, justification, userID string) error

func (*LicenseRiskService) UpdateLicenseRiskState 

func (s *LicenseRiskService) UpdateLicenseRiskState(tx shared.DB, userID string, licenseRisk *models.LicenseRisk, statusType string, justification string, mechanicalJustification dtos.MechanicalJustificationType, upstream dtos.UpstreamState) (models.VulnEvent, error)

func (*LicenseRiskService) UserDetectedExistingLicenseRiskOnDifferentBranch 

func (s *LicenseRiskService) UserDetectedExistingLicenseRiskOnDifferentBranch(tx shared.DB, artifactName string, licenseRisks []models.LicenseRisk, alreadyExistingEvents [][]models.VulnEvent, assetVersion models.AssetVersion, asset models.Asset) error

func (*LicenseRiskService) UserDetectedLicenseRiskInAnotherArtifact 

func (s *LicenseRiskService) UserDetectedLicenseRiskInAnotherArtifact(tx shared.DB, licenseRisks []models.LicenseRisk, artifactName string) error

Helper: ensure existing license risks are associated with another artifact (insert join rows)

func (*LicenseRiskService) UserDetectedLicenseRisks 

func (s *LicenseRiskService) UserDetectedLicenseRisks(tx shared.DB, assetID uuid.UUID, assetVersionName, artifactName string, licenseRisks []models.LicenseRisk, upstream dtos.UpstreamState) error

Helper: create detected events for newly opened license risks and save them

func (*LicenseRiskService) UserDidNotDetectLicenseRiskInArtifactAnymore 

func (s *LicenseRiskService) UserDidNotDetectLicenseRiskInArtifactAnymore(tx shared.DB, licenseRisks []models.LicenseRisk, artifactName string) error

func (*LicenseRiskService) UserFixedLicenseRisks 

func (s *LicenseRiskService) UserFixedLicenseRisks(tx shared.DB, userID string, licenseRisks []models.LicenseRisk, upstream dtos.UpstreamState) error

the license risks were fixes BY REMOVING the component

func (*LicenseRiskService) UserFixedLicenseRisksByAutomaticRefresh 

func (s *LicenseRiskService) UserFixedLicenseRisksByAutomaticRefresh(tx shared.DB, userID string, licenseRisks []licenseRiskWithNewLicense, artifactName string) error

type OrgService 

type OrgService struct {
	// contains filtered or unexported fields
}

func NewOrgService 

func NewOrgService(organizationRepository shared.OrganizationRepository, rbacProvider shared.RBACProvider) *OrgService

func (*OrgService) CreateOrganization 

func (o *OrgService) CreateOrganization(ctx shared.Context, organization *models.Org) error

func (*OrgService) ReadBySlug 

func (o *OrgService) ReadBySlug(slug string) (*models.Org, error)

type PatService 

type PatService struct {
	// contains filtered or unexported fields
}

func NewPatService 

func NewPatService(repository shared.PersonalAccessTokenRepository) *PatService

func (*PatService) RevokeByPrivateKey 

func (p *PatService) RevokeByPrivateKey(privKey string) error

func (*PatService) ToModel 

func (p *PatService) ToModel(request dtos.PatCreateRequest, userID string) models.PAT

func (*PatService) VerifyRequestSignature 

func (p *PatService) VerifyRequestSignature(req *http.Request) (string, string, error)

type TestPayloadType 

type TestPayloadType string
const (
	TestPayloadTypeEmpty                 TestPayloadType = "empty"
	TestPayloadTypeSampleSBOM            TestPayloadType = "sampleSbom"
	TestPayloadTypeSampleDependencyVulns TestPayloadType = "sampleDependencyVulns"
	TestPayloadTypeSampleFirstPartyVulns TestPayloadType = "sampleFirstPartyVulns"
)

type WebhookStruct 

type WebhookStruct struct {
	Organization shared.OrgObject          `json:"organization"`
	Project      shared.ProjectObject      `json:"project"`
	Asset        shared.AssetObject        `json:"asset"`
	AssetVersion shared.AssetVersionObject `json:"assetVersion"`
	Payload      any                       `json:"payload"`
	Type         WebhookType               `json:"type"`
	Artifact     shared.ArtifactObject     `json:"artifact,omitempty"`
}

type WebhookType 

type WebhookType string
const (
	WebhookTypeSBOM                      WebhookType = "sbom"
	WebhookTypeFirstPartyVulnerabilities WebhookType = "firstPartyVulnerabilities"
	WebhookTypeDependencyVulnerabilities WebhookType = "dependencyVulnerabilities"
	WebhookTypeTest                      WebhookType = "test"
)

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.