services

package
v1.0.0-rc.18 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Feb 17, 2026 License: AGPL-3.0 Imports: 69 Imported by: 0

Documentation

Overview

Copyright (C) 2024 Tim Bastin, l3montree GmbH

This program is free software: you can redistribute it and/or modify it under the terms of the GNU Affero General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version.

This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Affero General Public License for more details.

You should have received a copy of the GNU Affero General Public License along with this program. If not, see <https://www.gnu.org/licenses/>.

Copyright 2025 l3montree UG (haftungsbeschraenkt). SPDX-License-Identifier: AGPL-3.0-or-later

Index

Constants

This section is empty.

Variables

View Source 
var ServiceModule = fx.Options(
	fx.Provide(fx.Annotate(utils.NewFireAndForgetSynchronizer, fx.As(new(utils.FireAndForgetSynchronizer)))),
	fx.Provide(fx.Annotate(NewDatabaseLeaderElector, fx.As(new(shared.LeaderElector)))),
	fx.Provide(fx.Annotate(NewConfigService, fx.As(new(shared.ConfigService)))),
	fx.Provide(fx.Annotate(NewFirstPartyVulnService, fx.As(new(shared.FirstPartyVulnService)))),
	fx.Provide(fx.Annotate(NewLicenseRiskService, fx.As(new(shared.LicenseRiskService)))),
	fx.Provide(fx.Annotate(NewProjectService, fx.As(new(shared.ProjectService)))),
	fx.Provide(fx.Annotate(NewAssetService, fx.As(new(shared.AssetService)))),
	fx.Provide(fx.Annotate(NewComponentService, fx.As(new(shared.ComponentService)))),
	fx.Provide(fx.Annotate(NewAssetVersionService, fx.As(new(shared.AssetVersionService)))),
	fx.Provide(func() http.Client { return utils.EgressClient }),
	fx.Provide(fx.Annotate(NewCSAFService, fx.As(new(shared.CSAFService)))),
	fx.Provide(fx.Annotate(NewArtifactService, fx.As(new(shared.ArtifactService)))),
	fx.Provide(fx.Annotate(NewStatisticsService, fx.As(new(shared.StatisticsService)))),
	fx.Provide(fx.Annotate(NewInTotoService, fx.As(new(shared.InTotoVerifierService)))),
	fx.Provide(fx.Annotate(NewOrgService, fx.As(new(shared.OrgService)))),
	fx.Provide(fx.Annotate(NewScanService, fx.As(new(shared.ScanService)))),
	fx.Provide(fx.Annotate(NewExternalEntityProviderService, fx.As(new(shared.ExternalEntityProviderService)))),
	fx.Provide(fx.Annotate(NewReleaseService, fx.As(new(shared.ReleaseService)))),
	fx.Provide(fx.Annotate(NewPatService, fx.As(new(shared.PersonalAccessTokenService)))),
	fx.Provide(fx.Annotate(NewDependencyVulnService, fx.As(new(shared.DependencyVulnService)))),
	fx.Provide(fx.Annotate(NewOpenSourceInsightService, fx.As(new(shared.OpenSourceInsightService)))),
	fx.Provide(fx.Annotate(NewVEXRuleService, fx.As(new(shared.VEXRuleService)))),
)

ServiceModule provides all service-layer constructors as their interfaces

Functions

func CreateYAMLMetadata 

func CreateYAMLMetadata(organizationName string, assetName string, assetVersionName string) dtos.YamlMetadata

generate the metadata used to generate the sbom-pdf and return it as struct

func FetchMembersOfAsset 

func FetchMembersOfAsset(ctx shared.Context) ([]dtos.UserDTO, error)

func GenerateCSAFReport 

func GenerateCSAFReport(ctx shared.Context, dependencyVulnRepository shared.DependencyVulnRepository, vulnEventRepository shared.VulnEventRepository, assetVersionRepository shared.AssetVersionRepository, cveRepository shared.CveRepository, artifactRepository shared.ArtifactRepository) (gocsaf.Advisory, error)

generate a csaf report for a specific vulnerability in an asset

func HexPubKeyToECDSA 

func HexPubKeyToECDSA(hexPubKey string) ecdsa.PublicKey

func HexTokenToECDSA 

func HexTokenToECDSA(hexToken string) (ecdsa.PrivateKey, ecdsa.PublicKey, error)

func MarkdownTableFromSBOM 

func MarkdownTableFromSBOM(outputFile *bytes.Buffer, bom *cdx.BOM) error

write the components from bom to the output file following the template

func NewAssetService 

func NewAssetService(assetRepository shared.AssetRepository, dependencyVulnRepository shared.DependencyVulnRepository, dependencyVulnService shared.DependencyVulnService) *assetService

func NewAssetVersionService 

func NewAssetVersionService(assetVersionRepository shared.AssetVersionRepository, componentRepository shared.ComponentRepository, componentService shared.ComponentService, thirdPartyIntegration shared.IntegrationAggregate, licenseRiskRepository shared.LicenseRiskRepository, synchronizer utils.FireAndForgetSynchronizer, vexRuleService shared.VEXRuleService) *assetVersionService

func NewCSAFService 

func NewCSAFService(client http.Client) *csafService

func NewDatabaseLeaderElector 

func NewDatabaseLeaderElector(configService shared.ConfigService) *databaseLeaderElector

func NewExternalEntityProviderService 

func NewExternalEntityProviderService(
	projectService shared.ProjectService,
	assetService shared.AssetService,
	assetRepository shared.AssetRepository,
	projectRepository shared.ProjectRepository,
	rbacProvider shared.RBACProvider,
	organizationRepository shared.OrganizationRepository,

) externalEntityProviderService

func NewFirstPartyVulnService 

func NewFirstPartyVulnService(firstPartyVulnRepository shared.FirstPartyVulnRepository, vulnEventRepository shared.VulnEventRepository, thirdPartyIntegration shared.IntegrationAggregate) *firstPartyVulnService

func NewOpenSourceInsightService 

func NewOpenSourceInsightService() *openSourceInsightService

func NewProjectService 

func NewProjectService(projectRepository shared.ProjectRepository, assetRepository shared.AssetRepository) *projectService

func NewReleaseService 

func NewReleaseService(releaseRepository shared.ReleaseRepository) *releaseService

func NewScanService 

func NewScanService(
	db shared.DB,
	cveRepository shared.CveRepository,
	dependencyVulnService shared.DependencyVulnService,
	synchronizer utils.FireAndForgetSynchronizer,
	firstPartyVulnService shared.FirstPartyVulnService,
	firstPartyVulnRepository shared.FirstPartyVulnRepository,
	dependencyVulnRepository shared.DependencyVulnRepository,
	thirdPartyIntegration shared.IntegrationAggregate,
	csafService shared.CSAFService,
	assetVersionService shared.AssetVersionService,
	vexRuleService shared.VEXRuleService,
	externalReferenceRepository shared.ExternalReferenceRepository,
	componentService shared.ComponentService,
) *scanService

func NewStatisticsService 

func NewStatisticsService(statisticsRepository shared.StatisticsRepository, assetRiskHistoryRepository shared.ArtifactRiskHistoryRepository, dependencyVulnRepository shared.DependencyVulnRepository, assetVersionRepository shared.AssetVersionRepository) *statisticsService

func NewWebhookService 

func NewWebhookService(url string, secret *string) *webhookClient

func SignCSAFReport 

func SignCSAFReport(csafJSON []byte) ([]byte, error)

signs report and returns the resulting signature

func SignRequest 

func SignRequest(hexPrivKey string, req *http.Request) error

Types

type ArtifactService 

type ArtifactService struct {
	// contains filtered or unexported fields
}

func NewArtifactService 

func NewArtifactService(artifactRepository shared.ArtifactRepository,
	csafService shared.CSAFService,
	cveRepository shared.CveRepository, componentRepository shared.ComponentRepository, assetVersionRepository shared.AssetVersionRepository, assetVersionService shared.AssetVersionService, dependencyVulnService shared.DependencyVulnService, scanService shared.ScanService) *ArtifactService

func (*ArtifactService) DeleteArtifact 

func (s *ArtifactService) DeleteArtifact(assetID uuid.UUID, assetVersionName string, artifactName string) error

func (*ArtifactService) GetArtifactsByAssetIDAndAssetVersionName 

func (s *ArtifactService) GetArtifactsByAssetIDAndAssetVersionName(assetID uuid.UUID, assetVersionName string) ([]models.Artifact, error)

func (*ArtifactService) ReadArtifact 

func (s *ArtifactService) ReadArtifact(name string, assetVersionName string, assetID uuid.UUID) (models.Artifact, error)

func (*ArtifactService) SaveArtifact 

func (s *ArtifactService) SaveArtifact(artifact *models.Artifact) error

type ComponentService 

type ComponentService struct {
	utils.FireAndForgetSynchronizer
	// contains filtered or unexported fields
}

func NewComponentService 

func NewComponentService(openSourceInsightsService shared.OpenSourceInsightService, componentProjectRepository shared.ComponentProjectRepository, componentRepository shared.ComponentRepository, licenseRiskService shared.LicenseRiskService, artifactRepository shared.ArtifactRepository, synchronizer utils.FireAndForgetSynchronizer) *ComponentService

func (*ComponentService) FetchInformationSources 

func (s *ComponentService) FetchInformationSources(artifact *models.Artifact) ([]models.ComponentDependency, error)

func (*ComponentService) GetAndSaveLicenseInformation 

func (s *ComponentService) GetAndSaveLicenseInformation(tx shared.DB, assetVersion models.AssetVersion, artifactName *string, forceRefresh bool) ([]models.Component, error)

func (*ComponentService) GetLicense 

func (s *ComponentService) GetLicense(component models.Component) (models.Component, error)

func (*ComponentService) RefreshComponentProjectInformation 

func (s *ComponentService) RefreshComponentProjectInformation(project models.ComponentProject)

func (*ComponentService) RemoveInformationSources 

func (s *ComponentService) RemoveInformationSources(artifact *models.Artifact, rootNodePurls []string) error

type ConfigService 

type ConfigService struct {
	// contains filtered or unexported fields
}

func NewConfigService 

func NewConfigService(db shared.DB) ConfigService

func (ConfigService) GetJSONConfig 

func (service ConfigService) GetJSONConfig(key string, v any) error

func (ConfigService) RemoveConfig 

func (service ConfigService) RemoveConfig(key string) error

func (ConfigService) SetJSONConfig 

func (service ConfigService) SetJSONConfig(key string, v any) error

type DependencyVulnService 

type DependencyVulnService struct {
	// contains filtered or unexported fields
}

func NewDependencyVulnService 

func NewDependencyVulnService(dependencyVulnRepository shared.DependencyVulnRepository, vulnEventRepository shared.VulnEventRepository, thirdPartyIntegration shared.IntegrationAggregate) *DependencyVulnService

func (*DependencyVulnService) CreateVulnEventAndApply 

func (s *DependencyVulnService) CreateVulnEventAndApply(tx shared.DB, assetID uuid.UUID, userID string, dependencyVuln *models.DependencyVuln, vulnEventType dtos.VulnEventType, justification string, mechanicalJustification dtos.MechanicalJustificationType, assetVersionName string) (models.VulnEvent, error)

func (*DependencyVulnService) RecalculateRawRiskAssessment 

func (s *DependencyVulnService) RecalculateRawRiskAssessment(tx shared.DB, userID string, dependencyVulns []models.DependencyVuln, justification string, asset models.Asset) ([]models.DependencyVuln, error)

func (*DependencyVulnService) SyncAllIssues 

func (s *DependencyVulnService) SyncAllIssues(org models.Org, project models.Project, asset models.Asset, assetVersion models.AssetVersion) error

func (*DependencyVulnService) SyncIssues 

func (s *DependencyVulnService) SyncIssues(org models.Org, project models.Project, asset models.Asset, assetVersion models.AssetVersion, vulnList []models.DependencyVuln) error

func (*DependencyVulnService) UserDetectedDependencyVulnInAnotherArtifact 

func (s *DependencyVulnService) UserDetectedDependencyVulnInAnotherArtifact(tx shared.DB, vulnerabilities []models.DependencyVuln, scannerID string) error

func (*DependencyVulnService) UserDetectedDependencyVulns 

func (s *DependencyVulnService) UserDetectedDependencyVulns(tx shared.DB, artifactName string, dependencyVulns []models.DependencyVuln, assetVersion models.AssetVersion, asset models.Asset) error

func (*DependencyVulnService) UserDetectedExistingVulnOnDifferentBranch 

func (s *DependencyVulnService) UserDetectedExistingVulnOnDifferentBranch(tx shared.DB, scannerID string, dependencyVulns []statemachine.BranchVulnMatch[*models.DependencyVuln], assetVersion models.AssetVersion, asset models.Asset) error

func (*DependencyVulnService) UserDidNotDetectDependencyVulnInArtifactAnymore 

func (s *DependencyVulnService) UserDidNotDetectDependencyVulnInArtifactAnymore(tx shared.DB, vulnerabilities []models.DependencyVuln, scannerID string) error

func (*DependencyVulnService) UserFixedDependencyVulns 

func (s *DependencyVulnService) UserFixedDependencyVulns(tx shared.DB, userID string, dependencyVulns []models.DependencyVuln, assetVersion models.AssetVersion, asset models.Asset) error

type InTotoService 

type InTotoService struct {
	// contains filtered or unexported fields
}

func NewInTotoService 

func NewInTotoService(rbacProvider shared.RBACProvider, inTotoLinkRepository shared.InTotoLinkRepository, projectRepository shared.ProjectRepository, patRepository shared.PersonalAccessTokenRepository, supplyChainRepository shared.SupplyChainRepository) *InTotoService

func (InTotoService) HexPublicKeyToInTotoKey 

func (service InTotoService) HexPublicKeyToInTotoKey(hexPubKey string) (toto.Key, error)

func (InTotoService) VerifySupplyChain 

func (service InTotoService) VerifySupplyChain(supplyChainID string) (bool, error)

func (InTotoService) VerifySupplyChainByDigestOnly 

func (service InTotoService) VerifySupplyChainByDigestOnly(digest string) (bool, error)

func (InTotoService) VerifySupplyChainWithOutputDigest 

func (service InTotoService) VerifySupplyChainWithOutputDigest(imageNameOrSupplyChainID string, digest string) (bool, error)

type LicenseRiskService 

type LicenseRiskService struct {
	// contains filtered or unexported fields
}

func NewLicenseRiskService 

func NewLicenseRiskService(licenseRiskRepository shared.LicenseRiskRepository, vulnEventRepository shared.VulnEventRepository) *LicenseRiskService

func (*LicenseRiskService) FindLicenseRisksInComponents 

func (s *LicenseRiskService) FindLicenseRisksInComponents(assetVersion models.AssetVersion, components []models.Component, artifactName string) error

func (*LicenseRiskService) MakeFinalLicenseDecision 

func (s *LicenseRiskService) MakeFinalLicenseDecision(vulnID, finalLicense, justification, userID string) error

func (*LicenseRiskService) UpdateLicenseRiskState 

func (s *LicenseRiskService) UpdateLicenseRiskState(tx shared.DB, userID string, licenseRisk *models.LicenseRisk, statusType string, justification string, mechanicalJustification dtos.MechanicalJustificationType) (models.VulnEvent, error)

func (*LicenseRiskService) UserDetectedExistingLicenseRiskOnDifferentBranch 

func (s *LicenseRiskService) UserDetectedExistingLicenseRiskOnDifferentBranch(tx shared.DB, artifactName string, licenseRisks []models.LicenseRisk, alreadyExistingEvents [][]models.VulnEvent, assetVersion models.AssetVersion, asset models.Asset) error

func (*LicenseRiskService) UserDetectedLicenseRiskInAnotherArtifact 

func (s *LicenseRiskService) UserDetectedLicenseRiskInAnotherArtifact(tx shared.DB, licenseRisks []models.LicenseRisk, artifactName string) error

Helper: ensure existing license risks are associated with another artifact (insert join rows)

func (*LicenseRiskService) UserDetectedLicenseRisks 

func (s *LicenseRiskService) UserDetectedLicenseRisks(tx shared.DB, assetID uuid.UUID, assetVersionName, artifactName string, licenseRisks []models.LicenseRisk) error

Helper: create detected events for newly opened license risks and save them

func (*LicenseRiskService) UserDidNotDetectLicenseRiskInArtifactAnymore 

func (s *LicenseRiskService) UserDidNotDetectLicenseRiskInArtifactAnymore(tx shared.DB, licenseRisks []models.LicenseRisk, artifactName string) error

func (*LicenseRiskService) UserFixedLicenseRisks 

func (s *LicenseRiskService) UserFixedLicenseRisks(tx shared.DB, userID string, licenseRisks []models.LicenseRisk) error

the license risks were fixes BY REMOVING the component

func (*LicenseRiskService) UserFixedLicenseRisksByAutomaticRefresh 

func (s *LicenseRiskService) UserFixedLicenseRisksByAutomaticRefresh(tx shared.DB, userID string, licenseRisks []licenseRiskWithNewLicense, artifactName string) error

type OrgService 

type OrgService struct {
	// contains filtered or unexported fields
}

func NewOrgService 

func NewOrgService(organizationRepository shared.OrganizationRepository, rbacProvider shared.RBACProvider) *OrgService

func (*OrgService) CreateOrganization 

func (o *OrgService) CreateOrganization(ctx shared.Context, organization *models.Org) error

func (*OrgService) ReadBySlug 

func (o *OrgService) ReadBySlug(slug string) (*models.Org, error)

type PatService 

type PatService struct {
	// contains filtered or unexported fields
}

func NewPatService 

func NewPatService(repository shared.PersonalAccessTokenRepository) *PatService

func (*PatService) RevokeByPrivateKey 

func (p *PatService) RevokeByPrivateKey(privKey string) error

func (*PatService) ToModel 

func (p *PatService) ToModel(request dtos.PatCreateRequest, userID string) models.PAT

func (*PatService) VerifyRequestSignature 

func (p *PatService) VerifyRequestSignature(req *http.Request) (string, string, error)

type TestPayloadType 

type TestPayloadType string
const (
	TestPayloadTypeEmpty                 TestPayloadType = "empty"
	TestPayloadTypeSampleSBOM            TestPayloadType = "sampleSbom"
	TestPayloadTypeSampleDependencyVulns TestPayloadType = "sampleDependencyVulns"
	TestPayloadTypeSampleFirstPartyVulns TestPayloadType = "sampleFirstPartyVulns"
)

type VEXRuleService 

type VEXRuleService struct {
	// contains filtered or unexported fields
}

func NewVEXRuleService 

func NewVEXRuleService(
	vexRuleRepository shared.VEXRuleRepository,
	dependencyVulnRepository shared.DependencyVulnRepository,
	vulnEventRepository shared.VulnEventRepository,
) *VEXRuleService

func (*VEXRuleService) ApplyRulesToExisting 

func (s *VEXRuleService) ApplyRulesToExisting(tx shared.DB, rules []models.VEXRule, vulns []models.DependencyVuln) ([]models.DependencyVuln, error)

func (*VEXRuleService) ApplyRulesToExistingForce 

func (s *VEXRuleService) ApplyRulesToExistingForce(tx shared.DB, rules []models.VEXRule, vulns []models.DependencyVuln) ([]models.DependencyVuln, error)

ApplyRulesToExistingForce applies rules to existing vulns ignoring duplicate checks

func (*VEXRuleService) ApplyRulesToExistingVulns 

func (s *VEXRuleService) ApplyRulesToExistingVulns(tx shared.DB, rules []models.VEXRule) ([]models.DependencyVuln, error)

ApplyRulesToExistingVulns applies multiple VEX rules to all existing vulnerabilities that match each rule's path pattern and CVE. This is more efficient than applying rules one by one as it batches database queries and saves.

func (*VEXRuleService) ApplyRulesToExistingVulnsForce 

func (s *VEXRuleService) ApplyRulesToExistingVulnsForce(tx shared.DB, rules []models.VEXRule) ([]models.DependencyVuln, error)

ApplyRulesToExistingVulnsForce applies rules to existing vulns ignoring duplicate checks

func (*VEXRuleService) Begin 

func (s *VEXRuleService) Begin() shared.DB

func (*VEXRuleService) CountMatchingVulns 

func (s *VEXRuleService) CountMatchingVulns(tx shared.DB, rule models.VEXRule) (int, error)

CountMatchingVulns returns the number of dependency vulnerabilities that match a VEX rule

func (*VEXRuleService) CountMatchingVulnsForRules 

func (s *VEXRuleService) CountMatchingVulnsForRules(tx shared.DB, rules []models.VEXRule) (map[string]int, error)

CountMatchingVulnsForRules returns the number of matching vulnerabilities for each rule in a single batch query Returns a map of rule ID to count

func (*VEXRuleService) Create 

func (s *VEXRuleService) Create(tx shared.DB, rule *models.VEXRule) error

func (*VEXRuleService) Delete 

func (s *VEXRuleService) Delete(tx shared.DB, rule models.VEXRule) error

func (*VEXRuleService) DeleteByAssetVersion 

func (s *VEXRuleService) DeleteByAssetVersion(tx shared.DB, assetID uuid.UUID, assetVersionName string) error

func (*VEXRuleService) FindByAssetVersion 

func (s *VEXRuleService) FindByAssetVersion(tx shared.DB, assetID uuid.UUID, assetVersionName string) ([]models.VEXRule, error)

func (*VEXRuleService) FindByAssetVersionAndCVE 

func (s *VEXRuleService) FindByAssetVersionAndCVE(tx shared.DB, assetID uuid.UUID, assetVersionName string, cveID string) ([]models.VEXRule, error)

func (*VEXRuleService) FindByAssetVersionAndVulnID 

func (s *VEXRuleService) FindByAssetVersionAndVulnID(tx shared.DB, assetID uuid.UUID, assetVersionName string, vulnID string) ([]models.VEXRule, error)

func (*VEXRuleService) FindByAssetVersionPaged 

func (s *VEXRuleService) FindByAssetVersionPaged(tx shared.DB, assetID uuid.UUID, assetVersionName string, pageInfo shared.PageInfo, search string, filterQuery []shared.FilterQuery, sortQuery []shared.SortQuery) (shared.Paged[models.VEXRule], error)

func (*VEXRuleService) FindByID 

func (s *VEXRuleService) FindByID(tx shared.DB, id string) (models.VEXRule, error)

func (*VEXRuleService) IngestVEX 

func (s *VEXRuleService) IngestVEX(tx shared.DB, asset models.Asset, assetVersion models.AssetVersion, vexReport *normalize.VexReport) error

func (*VEXRuleService) IngestVexes 

func (s *VEXRuleService) IngestVexes(tx shared.DB, asset models.Asset, assetVersion models.AssetVersion, vexReports []*normalize.VexReport) error

func (*VEXRuleService) Update 

func (s *VEXRuleService) Update(tx shared.DB, rule *models.VEXRule) error

type WebhookStruct 

type WebhookStruct struct {
	Organization shared.OrgObject          `json:"organization"`
	Project      shared.ProjectObject      `json:"project"`
	Asset        shared.AssetObject        `json:"asset"`
	AssetVersion shared.AssetVersionObject `json:"assetVersion"`
	Payload      any                       `json:"payload"`
	Type         WebhookType               `json:"type"`
	Artifact     shared.ArtifactObject     `json:"artifact,omitempty"`
}

type WebhookType 

type WebhookType string
const (
	WebhookTypeSBOM                      WebhookType = "sbom"
	WebhookTypeFirstPartyVulnerabilities WebhookType = "firstPartyVulnerabilities"
	WebhookTypeDependencyVulnerabilities WebhookType = "dependencyVulnerabilities"
	WebhookTypeTest                      WebhookType = "test"
)

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.