services

package
v1.6.1 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jun 17, 2026 License: AGPL-3.0 Imports: 79 Imported by: 0

Documentation

Overview

Copyright (C) 2024 Tim Bastin, l3montree GmbH

This program is free software: you can redistribute it and/or modify it under the terms of the GNU Affero General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version.

This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Affero General Public License for more details.

You should have received a copy of the GNU Affero General Public License along with this program. If not, see <https://www.gnu.org/licenses/>.

Copyright 2025 l3montree UG (haftungsbeschraenkt). SPDX-License-Identifier: AGPL-3.0-or-later

Index

Constants

View Source 
const KeyFilePathENVName = "APP_SIDE_ENCRYPTION_KEY_PATH"
View Source 
const StatisticsExpiryTime = 15 * time.Minute

Variables

View Source 
var BearerTokenPrefix = "dvg_"
View Source 
var ServiceModule = fx.Options(
	fx.Provide(fx.Annotate(utils.NewFireAndForgetSynchronizer, fx.As(new(utils.FireAndForgetSynchronizer)))),
	fx.Provide(fx.Annotate(NewDatabaseLeaderElector, fx.As(new(shared.LeaderElector)))),
	fx.Provide(fx.Annotate(NewConfigService, fx.As(new(shared.ConfigService)))),
	fx.Provide(fx.Annotate(NewFirstPartyVulnService, fx.As(new(shared.FirstPartyVulnService)))),
	fx.Provide(fx.Annotate(NewLicenseRiskService, fx.As(new(shared.LicenseRiskService)))),
	fx.Provide(fx.Annotate(NewProjectService, fx.As(new(shared.ProjectService)))),
	fx.Provide(fx.Annotate(NewAssetService, fx.As(new(shared.AssetService)))),
	fx.Provide(fx.Annotate(NewComponentService, fx.As(new(shared.ComponentService)))),
	fx.Provide(fx.Annotate(NewAssetVersionService, fx.As(new(shared.AssetVersionService)))),
	fx.Provide(func() http.Client { return utils.EgressClient }),
	fx.Provide(fx.Annotate(NewCSAFService, fx.As(new(shared.CSAFService)))),
	fx.Provide(fx.Annotate(NewArtifactService, fx.As(new(shared.ArtifactService)))),
	fx.Provide(fx.Annotate(NewStatisticsService, fx.As(new(shared.StatisticsService)))),
	fx.Provide(fx.Annotate(NewInTotoService, fx.As(new(shared.InTotoVerifierService)))),
	fx.Provide(fx.Annotate(NewOrgService, fx.As(new(shared.OrgService)))),
	fx.Provide(fx.Annotate(NewScanService, fx.As(new(shared.ScanService)))),
	fx.Provide(fx.Annotate(NewExternalEntityProviderService, fx.As(new(shared.ExternalEntityProviderService)))),
	fx.Provide(fx.Annotate(NewReleaseService, fx.As(new(shared.ReleaseService)))),
	fx.Provide(fx.Annotate(NewPatService, fx.As(new(shared.PersonalAccessTokenService)))),
	fx.Provide(fx.Annotate(NewDependencyVulnService, fx.As(new(shared.DependencyVulnService)))),
	fx.Provide(fx.Annotate(NewOpenSourceInsightService, fx.As(new(shared.OpenSourceInsightService)))),
	fx.Provide(fx.Annotate(NewVEXRuleService, fx.As(new(shared.VEXRuleService)))),
	fx.Provide(fx.Annotate(NewDependencyProxyService, fx.As(new(shared.DependencyProxySecretService)))),
	fx.Provide(fx.Annotate(NewAdminService, fx.As(new(shared.AdminService)))),
	fx.Provide(fx.Annotate(NewCrowdsourcedVexingService, fx.As(new(shared.CrowdSourcedVexingService)))),
	fx.Provide(fx.Annotate(NewDBEncryptionService, fx.As(new(shared.DBEncryptionService)))),
)

ServiceModule provides all service-layer constructors as their interfaces

Functions

func AuthenticateRequestWithToken added in v1.6.0 

func AuthenticateRequestWithToken(token string, req *http.Request) error

func CreateYAMLMetadata 

func CreateYAMLMetadata(organizationName string, assetName string, assetVersionName string) dtos.YamlMetadata

generate the metadata used to generate the sbom-pdf and return it as struct

func FetchMembersOfAsset 

func FetchMembersOfAsset(ctx shared.Context) ([]dtos.UserDTO, error)

func GenerateDocumentTitle added in v1.2.0 

func GenerateDocumentTitle(assetName, cveID string) *string

func HexPubKeyToECDSA 

func HexPubKeyToECDSA(hexPubKey string) (ecdsa.PublicKey, error)

func HexTokenToECDSA 

func HexTokenToECDSA(hexToken string) (ecdsa.PrivateKey, ecdsa.PublicKey, error)

func MarkdownTableFromSBOM 

func MarkdownTableFromSBOM(outputFile *bytes.Buffer, bom *cdx.BOM) error

write the components from bom to the output file following the template

func NewAssetService 

func NewAssetService(assetRepository shared.AssetRepository, dependencyVulnRepository shared.DependencyVulnRepository, dependencyVulnService shared.DependencyVulnService) *assetService

func NewAssetVersionService 

func NewAssetVersionService(assetVersionRepository shared.AssetVersionRepository, componentRepository shared.ComponentRepository, componentService shared.ComponentService, thirdPartyIntegration shared.IntegrationAggregate, licenseRiskRepository shared.LicenseRiskRepository, synchronizer utils.FireAndForgetSynchronizer, vexRuleService shared.VEXRuleService) *assetVersionService

func NewCSAFService 

func NewCSAFService(client http.Client, dependencyVulnRepository shared.DependencyVulnRepository, dependencyVulnService shared.DependencyVulnService, vulnEventRepository shared.VulnEventRepository, assetVersionRepository shared.AssetVersionRepository, cveRepository shared.CveRepository, artifactRepository shared.ArtifactRepository) *csafService

func NewDatabaseLeaderElector 

func NewDatabaseLeaderElector(configService shared.ConfigService) *databaseLeaderElector

func NewDependencyProxyService added in v1.3.0 

func NewDependencyProxyService(dependencyProxySecretRepository shared.DependencyProxySecretRepository) *dependencyProxySecretService

func NewExternalEntityProviderService 

func NewExternalEntityProviderService(
	projectService shared.ProjectService,
	assetService shared.AssetService,
	assetRepository shared.AssetRepository,
	projectRepository shared.ProjectRepository,
	rbacProvider shared.RBACProvider,
	organizationRepository shared.OrganizationRepository,

) externalEntityProviderService

func NewFirstPartyVulnService 

func NewFirstPartyVulnService(firstPartyVulnRepository shared.FirstPartyVulnRepository, vulnEventRepository shared.VulnEventRepository, thirdPartyIntegration shared.IntegrationAggregate) *firstPartyVulnService

func NewOpenSourceInsightService 

func NewOpenSourceInsightService() *openSourceInsightService

func NewProjectService 

func NewProjectService(projectRepository shared.ProjectRepository, assetRepository shared.AssetRepository) *projectService

func NewReleaseService 

func NewReleaseService(releaseRepository shared.ReleaseRepository) *releaseService

func NewScanService 

func NewScanService(
	db shared.DB,
	cveRepository shared.CveRepository,
	dependencyVulnService shared.DependencyVulnService,
	synchronizer utils.FireAndForgetSynchronizer,
	firstPartyVulnService shared.FirstPartyVulnService,
	firstPartyVulnRepository shared.FirstPartyVulnRepository,
	dependencyVulnRepository shared.DependencyVulnRepository,
	thirdPartyIntegration shared.IntegrationAggregate,
	csafService shared.CSAFService,
	assetVersionService shared.AssetVersionService,
	vexRuleService shared.VEXRuleService,
	externalReferenceRepository shared.ExternalReferenceRepository,
	componentService shared.ComponentService,
) *scanService

func NewStatisticsService 

func NewStatisticsService(statisticsRepository shared.StatisticsRepository, assetRiskHistoryRepository shared.ArtifactRiskHistoryRepository, dependencyVulnRepository shared.DependencyVulnRepository, assetVersionRepository shared.AssetVersionRepository) *statisticsService

func NewWebhookService 

func NewWebhookService(url string, secret *string) *webhookClient

func ReadCurrentKey added in v1.6.0 

func ReadCurrentKey() []byte

reads the current key from the key file specified in the .env file, panicking if it is unavailable

func SignCSAFReport 

func SignCSAFReport(csafJSON []byte) ([]byte, error)

signs report and returns the resulting signature

Types

type AdminService added in v1.6.1 

type AdminService struct {
	// contains filtered or unexported fields
}

func NewAdminService added in v1.6.1 

func NewAdminService(casbinRBACProvider shared.RBACProvider, orgRepository shared.OrganizationRepository, statisticsRepository shared.StatisticsRepository) *AdminService

func (AdminService) AddAdminToOrg added in v1.6.1 

func (service AdminService) AddAdminToOrg(ctx context.Context, orgID uuid.UUID, userID uuid.UUID) error

func (AdminService) CheckIfOrgExists added in v1.6.1 

func (service AdminService) CheckIfOrgExists(ctx context.Context, orgID uuid.UUID) error

func (AdminService) GetAdminsForOrg added in v1.6.1 

func (service AdminService) GetAdminsForOrg(ctx context.Context, orgID uuid.UUID, adminClient shared.AdminClient) ([]dtos.UserDTO, error)

func (AdminService) GetInstanceUsageStatistics added in v1.6.1 

func (service AdminService) GetInstanceUsageStatistics(ctx context.Context, tx *gorm.DB, authClient shared.AdminClient) (dtos.InstanceUsageStatistics, error)

func (AdminService) GetInstanceVulnStatistics added in v1.6.1 

func (service AdminService) GetInstanceVulnStatistics(ctx context.Context, topCVEsLimit, topComponentsLimit, topProjectsLimit int) (dtos.InstanceOverview, error)

func (AdminService) GetMailFromUserID added in v1.6.1 

func (service AdminService) GetMailFromUserID(ctx context.Context, authClient shared.AdminClient, userID uuid.UUID) (string, error)

func (AdminService) GetOrgsWhereUserIsOwner added in v1.6.1 

func (service AdminService) GetOrgsWhereUserIsOwner(ctx context.Context, userID uuid.UUID) ([]models.Org, error)

func (AdminService) GetOwnerForOrg added in v1.6.1 

func (service AdminService) GetOwnerForOrg(ctx context.Context, orgID uuid.UUID) (uuid.UUID, error)

func (AdminService) GetUserIDFromMail added in v1.6.1 

func (service AdminService) GetUserIDFromMail(ctx context.Context, adminClient shared.AdminClient, email string) (uuid.UUID, error)

func (AdminService) RevokeAdminFromOrg added in v1.6.1 

func (service AdminService) RevokeAdminFromOrg(ctx context.Context, orgID uuid.UUID, userID uuid.UUID) error

type ArtifactService 

type ArtifactService struct {
	// contains filtered or unexported fields
}

func NewArtifactService 

func NewArtifactService(artifactRepository shared.ArtifactRepository,
	csafService shared.CSAFService,
	cveRepository shared.CveRepository, componentRepository shared.ComponentRepository, assetVersionRepository shared.AssetVersionRepository, assetVersionService shared.AssetVersionService, dependencyVulnService shared.DependencyVulnService, dependencyVulnRepository shared.DependencyVulnRepository, scanService shared.ScanService, synchronizer utils.FireAndForgetSynchronizer) *ArtifactService

func (*ArtifactService) DeleteArtifact 

func (s *ArtifactService) DeleteArtifact(ctx context.Context, assetID uuid.UUID, assetVersionName string, artifactName string) error

func (*ArtifactService) GatherVexInformationIncludingResolvedMarking added in v1.2.0 

func (s *ArtifactService) GatherVexInformationIncludingResolvedMarking(ctx context.Context, assetVersion models.AssetVersion, artifactName *string) ([]models.DependencyVuln, error)

func (*ArtifactService) GetArtifactsByAssetIDAndAssetVersionName 

func (s *ArtifactService) GetArtifactsByAssetIDAndAssetVersionName(ctx context.Context, tx shared.DB, assetID uuid.UUID, assetVersionName string) ([]models.Artifact, error)

func (*ArtifactService) ReadArtifact 

func (s *ArtifactService) ReadArtifact(ctx context.Context, tx shared.DB, name string, assetVersionName string, assetID uuid.UUID) (models.Artifact, error)

func (*ArtifactService) SaveArtifact 

func (s *ArtifactService) SaveArtifact(ctx context.Context, tx shared.DB, artifact *models.Artifact) error

type ComponentService 

type ComponentService struct {
	utils.FireAndForgetSynchronizer
	// contains filtered or unexported fields
}

func NewComponentService 

func NewComponentService(openSourceInsightsService shared.OpenSourceInsightService, componentProjectRepository shared.ComponentProjectRepository, componentRepository shared.ComponentRepository, licenseRiskService shared.LicenseRiskService, artifactRepository shared.ArtifactRepository, synchronizer utils.FireAndForgetSynchronizer) *ComponentService

func (*ComponentService) FetchComponentProject added in v1.0.1 

func (s *ComponentService) FetchComponentProject(ctx context.Context, component models.Component) (models.Component, error)

func (*ComponentService) FetchInformationSources 

func (s *ComponentService) FetchInformationSources(ctx context.Context, tx *gorm.DB, artifact *models.Artifact) ([]models.ComponentDependency, error)

func (*ComponentService) GetAndSaveLicenseInformation 

func (s *ComponentService) GetAndSaveLicenseInformation(ctx context.Context, tx shared.DB, assetVersion models.AssetVersion, artifactName *string, forceRefresh bool) ([]models.Component, error)

func (*ComponentService) GetLicense 

func (s *ComponentService) GetLicense(ctx context.Context, component models.Component) (models.Component, error)

func (*ComponentService) RefreshComponentProjectInformation 

func (s *ComponentService) RefreshComponentProjectInformation(ctx context.Context, project models.ComponentProject)

func (*ComponentService) RemoveInformationSources 

func (s *ComponentService) RemoveInformationSources(ctx context.Context, tx *gorm.DB, artifact *models.Artifact, rootNodePurls []string) error

type ConfigService 

type ConfigService struct {
	// contains filtered or unexported fields
}

func NewConfigService 

func NewConfigService(db shared.DB) ConfigService

func (ConfigService) GetAndCacheInstanceSettings added in v1.6.0 

func (service ConfigService) GetAndCacheInstanceSettings(ctx context.Context) (shared.InstanceSettings, error)

func (ConfigService) GetInstanceSettings added in v1.4.0 

func (service ConfigService) GetInstanceSettings(ctx context.Context) (shared.InstanceSettings, error)

func (ConfigService) GetJSONConfig 

func (service ConfigService) GetJSONConfig(ctx context.Context, key string, v any) error

func (ConfigService) RemoveConfig 

func (service ConfigService) RemoveConfig(ctx context.Context, key string) error

func (ConfigService) SetJSONConfig 

func (service ConfigService) SetJSONConfig(ctx context.Context, key string, v any) error

type CrowdsourcedVexingService added in v1.4.0 

type CrowdsourcedVexingService struct {
	// contains filtered or unexported fields
}

func NewCrowdsourcedVexingService added in v1.4.0 

func NewCrowdsourcedVexingService(vexRuleRepository shared.VEXRuleRepository, organisationRepository shared.OrganizationRepository, projectRepository shared.ProjectRepository, assetVersionRepository shared.AssetVersionRepository, dependencyVulnRepository shared.DependencyVulnRepository, trustedEntityRepository shared.TrustedEntityRepository, rbacProvider shared.RBACProvider) *CrowdsourcedVexingService

func (*CrowdsourcedVexingService) Recommend added in v1.4.0 

func (s *CrowdsourcedVexingService) Recommend(ctx shared.Context, tx shared.DB, vulnID uuid.UUID) (models.VEXRule, error)

type DBEncryptionService added in v1.6.0 

type DBEncryptionService struct {
	// contains filtered or unexported fields
}

func NewDBEncryptionService added in v1.6.0 

func NewDBEncryptionService() *DBEncryptionService

func NewDBEncryptionServiceFromKey added in v1.6.0 

func NewDBEncryptionServiceFromKey(key []byte) (*DBEncryptionService, error)

builds a service from an explicit key; used for the key rotation

func (*DBEncryptionService) EncryptAndWrapData added in v1.6.0 

func (service *DBEncryptionService) EncryptAndWrapData(data string) (string, error)

encrypts the data using AES-GCM and the loaded key and wraps it inside the encryption format (enc prefix+nonce+cipher) nosemgrep: service-method-missing-ctx -- pure crypto; no I/O, interface constraint prevents ctx addition

func (*DBEncryptionService) LoadDBEncryptionKey added in v1.6.0 

func (service *DBEncryptionService) LoadDBEncryptionKey()

eagerly loads the key on startup so misconfiguration fails fast; lazy loading covers callers that skip this nosemgrep: service-method-missing-ctx,service-method-missing-ctx-empty-params -- startup helper; no request context available

func (*DBEncryptionService) MaybeDecryptData added in v1.6.0 

func (service *DBEncryptionService) MaybeDecryptData(data string) (string, error)

returns the data untouched if it carries no encryption prefix (plaintext) and otherwise strips the prefix and decrypts. nosemgrep: service-method-missing-ctx -- pure crypto; no I/O, interface constraint prevents ctx addition

type DependencyVulnService 

type DependencyVulnService struct {
	// contains filtered or unexported fields
}

func NewDependencyVulnService 

func NewDependencyVulnService(dependencyVulnRepository shared.DependencyVulnRepository, vulnEventRepository shared.VulnEventRepository, thirdPartyIntegration shared.IntegrationAggregate) *DependencyVulnService

func (*DependencyVulnService) CreateVulnEventAndApply 

func (s *DependencyVulnService) CreateVulnEventAndApply(ctx context.Context, tx shared.DB, assetID uuid.UUID, userID string, dependencyVuln *models.DependencyVuln, vulnEventType dtos.VulnEventType, justification string, mechanicalJustification dtos.MechanicalJustificationType, assetVersionName string, userAgent *string) (models.VulnEvent, error)

func (*DependencyVulnService) GetAllUniqueCVEsForAsset added in v1.2.0 

func (s *DependencyVulnService) GetAllUniqueCVEsForAsset(ctx context.Context, assetID uuid.UUID, compareFunc func(existingLeader models.DependencyVuln, newVuln models.DependencyVuln) bool) ([]models.DependencyVuln, error)

returns 1 vuln for each unique CVE in the asset. The chosen vuln per CVE-ID is determined by compareFunc (if compareFunc = true , newVuln will be the new leader)

func (*DependencyVulnService) RecalculateRawRiskAssessment 

func (s *DependencyVulnService) RecalculateRawRiskAssessment(ctx context.Context, tx shared.DB, userID string, dependencyVulns []models.DependencyVuln, justification string, asset models.Asset) ([]models.DependencyVuln, error)

func (*DependencyVulnService) SyncAllIssues 

func (s *DependencyVulnService) SyncAllIssues(ctx context.Context, org models.Org, project models.Project, asset models.Asset, assetVersion models.AssetVersion, userAgent *string) error

func (*DependencyVulnService) SyncIssues 

func (s *DependencyVulnService) SyncIssues(ctx context.Context, org models.Org, project models.Project, asset models.Asset, assetVersion models.AssetVersion, vulnList []models.DependencyVuln, userAgent *string) error

func (*DependencyVulnService) UserDetectedDependencyVulnInAnotherArtifact 

func (s *DependencyVulnService) UserDetectedDependencyVulnInAnotherArtifact(ctx context.Context, tx shared.DB, vulnerabilities []models.DependencyVuln, scannerID string) error

func (*DependencyVulnService) UserDetectedDependencyVulns 

func (s *DependencyVulnService) UserDetectedDependencyVulns(ctx context.Context, tx shared.DB, userID string, userAgent *string, artifactName string, dependencyVulns []models.DependencyVuln, assetVersion models.AssetVersion, asset models.Asset) error

func (*DependencyVulnService) UserDetectedExistingVulnOnDifferentBranch 

func (s *DependencyVulnService) UserDetectedExistingVulnOnDifferentBranch(ctx context.Context, tx shared.DB, scannerID string, dependencyVulns []statemachine.BranchVulnMatch[*models.DependencyVuln], assetVersion models.AssetVersion, asset models.Asset) error

func (*DependencyVulnService) UserDidNotDetectDependencyVulnInArtifactAnymore 

func (s *DependencyVulnService) UserDidNotDetectDependencyVulnInArtifactAnymore(ctx context.Context, tx shared.DB, vulnerabilities []models.DependencyVuln, scannerID string) error

func (*DependencyVulnService) UserFixedDependencyVulns 

func (s *DependencyVulnService) UserFixedDependencyVulns(ctx context.Context, tx shared.DB, userID string, userAgent *string, dependencyVulns []models.DependencyVuln, assetVersion models.AssetVersion, asset models.Asset) error

func (*DependencyVulnService) UserReopenedToOpen added in v1.3.0 

func (s *DependencyVulnService) UserReopenedToOpen(ctx context.Context, tx shared.DB, userID string, userAgent *string, dependencyVulns []models.DependencyVuln) error

type InTotoService 

type InTotoService struct {
	// contains filtered or unexported fields
}

func NewInTotoService 

func NewInTotoService(rbacProvider shared.RBACProvider, inTotoLinkRepository shared.InTotoLinkRepository, projectRepository shared.ProjectRepository, patRepository shared.PersonalAccessTokenRepository, supplyChainRepository shared.SupplyChainRepository) *InTotoService

func (InTotoService) HexPublicKeyToInTotoKey 

func (service InTotoService) HexPublicKeyToInTotoKey(hexPubKey string) (toto.Key, error)

func (InTotoService) VerifySupplyChain 

func (service InTotoService) VerifySupplyChain(ctx context.Context, supplyChainID string) (bool, error)

func (InTotoService) VerifySupplyChainByDigestOnly 

func (service InTotoService) VerifySupplyChainByDigestOnly(ctx context.Context, digest string) (bool, error)

func (InTotoService) VerifySupplyChainWithOutputDigest 

func (service InTotoService) VerifySupplyChainWithOutputDigest(ctx context.Context, imageNameOrSupplyChainID string, digest string) (bool, error)

type LicenseRiskService 

type LicenseRiskService struct {
	// contains filtered or unexported fields
}

func NewLicenseRiskService 

func NewLicenseRiskService(licenseRiskRepository shared.LicenseRiskRepository, vulnEventRepository shared.VulnEventRepository) *LicenseRiskService

func (*LicenseRiskService) FindLicenseRisksInComponents 

func (s *LicenseRiskService) FindLicenseRisksInComponents(ctx context.Context, tx *gorm.DB, userID string, userAgent *string, assetVersion models.AssetVersion, components []models.Component, artifactName string) error

func (*LicenseRiskService) MakeFinalLicenseDecision 

func (s *LicenseRiskService) MakeFinalLicenseDecision(ctx context.Context, tx *gorm.DB, vulnID uuid.UUID, finalLicense, justification, userID string, userAgent *string) error

func (*LicenseRiskService) UpdateLicenseRiskState 

func (s *LicenseRiskService) UpdateLicenseRiskState(ctx context.Context, tx shared.DB, userID string, licenseRisk *models.LicenseRisk, statusType string, justification string, mechanicalJustification dtos.MechanicalJustificationType, userAgent *string) (models.VulnEvent, error)

func (*LicenseRiskService) UserDetectedExistingLicenseRiskOnDifferentBranch 

func (s *LicenseRiskService) UserDetectedExistingLicenseRiskOnDifferentBranch(ctx context.Context, tx shared.DB, artifactName string, licenseRisks []models.LicenseRisk, alreadyExistingEvents [][]models.VulnEvent, assetVersion models.AssetVersion, asset models.Asset) error

func (*LicenseRiskService) UserDetectedLicenseRiskInAnotherArtifact 

func (s *LicenseRiskService) UserDetectedLicenseRiskInAnotherArtifact(ctx context.Context, tx shared.DB, licenseRisks []models.LicenseRisk, artifactName string) error

Helper: ensure existing license risks are associated with another artifact (insert join rows)

func (*LicenseRiskService) UserDetectedLicenseRisks 

func (s *LicenseRiskService) UserDetectedLicenseRisks(ctx context.Context, tx shared.DB, userID string, userAgent *string, assetID uuid.UUID, assetVersionName, artifactName string, licenseRisks []models.LicenseRisk) error

Helper: create detected events for newly opened license risks and save them

func (*LicenseRiskService) UserDidNotDetectLicenseRiskInArtifactAnymore 

func (s *LicenseRiskService) UserDidNotDetectLicenseRiskInArtifactAnymore(ctx context.Context, tx shared.DB, licenseRisks []models.LicenseRisk, artifactName string) error

func (*LicenseRiskService) UserFixedLicenseRisks 

func (s *LicenseRiskService) UserFixedLicenseRisks(ctx context.Context, tx shared.DB, userID string, userAgent *string, licenseRisks []models.LicenseRisk) error

the license risks were fixes BY REMOVING the component

func (*LicenseRiskService) UserFixedLicenseRisksByAutomaticRefresh 

func (s *LicenseRiskService) UserFixedLicenseRisksByAutomaticRefresh(ctx context.Context, tx shared.DB, userID string, userAgent *string, licenseRisks []licenseRiskWithNewLicense, artifactName string) error

type OrgService 

type OrgService struct {
	// contains filtered or unexported fields
}

func NewOrgService 

func NewOrgService(organizationRepository shared.OrganizationRepository, rbacProvider shared.RBACProvider) *OrgService

func (*OrgService) CreateOrganization 

func (o *OrgService) CreateOrganization(ctx shared.Context, organization *models.Org) error

func (*OrgService) ReadBySlug 

func (o *OrgService) ReadBySlug(ctx context.Context, slug string) (*models.Org, error)

type PatService 

type PatService struct {
	// contains filtered or unexported fields
}

func NewPatService 

func NewPatService(repository shared.PersonalAccessTokenRepository) *PatService

func (*PatService) CheckForValidTokenByFingerprint added in v1.6.0 

func (p *PatService) CheckForValidTokenByFingerprint(ctx context.Context, fingerprint string) (models.PAT, bool)

func (*PatService) RevokeByPrivateKey 

func (p *PatService) RevokeByPrivateKey(ctx context.Context, privKey string) error

func (*PatService) ToModel 

func (p *PatService) ToModel(ctx context.Context, request dtos.PatCreateRequest, userID string) (models.PAT, string, error)

func (*PatService) VerifyAPIToken added in v1.6.0 

func (p *PatService) VerifyAPIToken(ctx context.Context, token string) (string, string, error)

func (*PatService) VerifyAdminRequest added in v1.6.1 

func (p *PatService) VerifyAdminRequest(req *http.Request) (bool, error)

nosemgrep: service-method-missing-ctx -- req.Context() carries the context; adding a separate ctx param would be redundant

func (*PatService) VerifyRequestSignature 

func (p *PatService) VerifyRequestSignature(ctx context.Context, req *http.Request) (shared.AuthSession, error)

type TestPayloadType 

type TestPayloadType string
const (
	TestPayloadTypeEmpty                 TestPayloadType = "empty"
	TestPayloadTypeSampleSBOM            TestPayloadType = "sampleSbom"
	TestPayloadTypeSampleDependencyVulns TestPayloadType = "sampleDependencyVulns"
	TestPayloadTypeSampleFirstPartyVulns TestPayloadType = "sampleFirstPartyVulns"
)

type VEXRuleService 

type VEXRuleService struct {
	// contains filtered or unexported fields
}

func NewVEXRuleService 

func NewVEXRuleService(
	vexRuleRepository shared.VEXRuleRepository,
	dependencyVulnRepository shared.DependencyVulnRepository,
	vulnEventRepository shared.VulnEventRepository,
) *VEXRuleService

func (*VEXRuleService) ApplyRulesToExisting 

func (s *VEXRuleService) ApplyRulesToExisting(ctx context.Context, tx shared.DB, rules []models.VEXRule, vulns []models.DependencyVuln) ([]models.DependencyVuln, error)

func (*VEXRuleService) ApplyRulesToExistingForce 

func (s *VEXRuleService) ApplyRulesToExistingForce(ctx context.Context, tx shared.DB, rules []models.VEXRule, vulns []models.DependencyVuln) ([]models.DependencyVuln, error)

ApplyRulesToExistingForce applies rules to existing vulns ignoring duplicate checks

func (*VEXRuleService) ApplyRulesToExistingVulns 

func (s *VEXRuleService) ApplyRulesToExistingVulns(ctx context.Context, tx shared.DB, rules []models.VEXRule) ([]models.DependencyVuln, error)

ApplyRulesToExistingVulns applies multiple VEX rules to all existing vulnerabilities that match each rule's path pattern and CVE. This is more efficient than applying rules one by one as it batches database queries and saves.

func (*VEXRuleService) ApplyRulesToExistingVulnsForce 

func (s *VEXRuleService) ApplyRulesToExistingVulnsForce(ctx context.Context, tx shared.DB, rules []models.VEXRule) ([]models.DependencyVuln, error)

ApplyRulesToExistingVulnsForce applies rules to existing vulns ignoring duplicate checks

func (*VEXRuleService) Begin 

func (s *VEXRuleService) Begin(ctx context.Context) shared.DB

func (*VEXRuleService) CountMatchingVulns 

func (s *VEXRuleService) CountMatchingVulns(ctx context.Context, tx shared.DB, rule models.VEXRule) (int, error)

CountMatchingVulns returns the number of dependency vulnerabilities that match a VEX rule

func (*VEXRuleService) CountMatchingVulnsForRules 

func (s *VEXRuleService) CountMatchingVulnsForRules(ctx context.Context, tx shared.DB, rules []models.VEXRule) (map[string]int, error)

CountMatchingVulnsForRules returns the number of matching vulnerabilities for each rule in a single batch query Returns a map of rule ID to count

func (*VEXRuleService) Create 

func (s *VEXRuleService) Create(ctx context.Context, tx shared.DB, rule *models.VEXRule) error

func (*VEXRuleService) Delete 

func (s *VEXRuleService) Delete(ctx context.Context, tx shared.DB, rule models.VEXRule) error

func (*VEXRuleService) DeleteByAssetVersion 

func (s *VEXRuleService) DeleteByAssetVersion(ctx context.Context, tx shared.DB, assetID uuid.UUID, assetVersionName string) error

func (*VEXRuleService) FindByAssetVersion 

func (s *VEXRuleService) FindByAssetVersion(ctx context.Context, tx shared.DB, assetID uuid.UUID, assetVersionName string) ([]models.VEXRule, error)

func (*VEXRuleService) FindByAssetVersionAndCVE 

func (s *VEXRuleService) FindByAssetVersionAndCVE(ctx context.Context, tx shared.DB, assetID uuid.UUID, assetVersionName string, cveID string) ([]models.VEXRule, error)

func (*VEXRuleService) FindByAssetVersionAndVulnID 

func (s *VEXRuleService) FindByAssetVersionAndVulnID(ctx context.Context, tx shared.DB, assetID uuid.UUID, assetVersionName string, vulnID uuid.UUID) ([]models.VEXRule, error)

func (*VEXRuleService) FindByAssetVersionPaged 

func (s *VEXRuleService) FindByAssetVersionPaged(ctx context.Context, tx shared.DB, assetID uuid.UUID, assetVersionName string, pageInfo shared.PageInfo, search string, filterQuery []shared.FilterQuery, sortQuery []shared.SortQuery) (shared.Paged[models.VEXRule], error)

func (*VEXRuleService) FindByID 

func (s *VEXRuleService) FindByID(ctx context.Context, tx shared.DB, id string) (models.VEXRule, error)

func (*VEXRuleService) IngestVEX 

func (s *VEXRuleService) IngestVEX(ctx context.Context, tx shared.DB, asset models.Asset, assetVersion models.AssetVersion, vexReport *normalize.VexReport) error

func (*VEXRuleService) IngestVexes 

func (s *VEXRuleService) IngestVexes(ctx context.Context, tx shared.DB, asset models.Asset, assetVersion models.AssetVersion, vexReports []*normalize.VexReport) error

func (*VEXRuleService) Update 

func (s *VEXRuleService) Update(ctx context.Context, tx shared.DB, rule *models.VEXRule) error

type WebhookStruct 

type WebhookStruct struct {
	Organization shared.OrgObject          `json:"organization"`
	Project      shared.ProjectObject      `json:"project"`
	Asset        shared.AssetObject        `json:"asset"`
	AssetVersion shared.AssetVersionObject `json:"assetVersion"`
	Payload      any                       `json:"payload"`
	Type         WebhookType               `json:"type"`
	Artifact     shared.ArtifactObject     `json:"artifact,omitempty"`
}

type WebhookType 

type WebhookType string
const (
	WebhookTypeSBOM                      WebhookType = "sbom"
	WebhookTypeFirstPartyVulnerabilities WebhookType = "firstPartyVulnerabilities"
	WebhookTypeDependencyVulnerabilities WebhookType = "dependencyVulnerabilities"
	WebhookTypeTest                      WebhookType = "test"
)

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.