Documentation
¶
Overview ¶
Package converter provides pluggable parsers for vulnerability scanner output.
Each scanner produces JSON in a unique format. Converters normalize this output into a common Vulnerability structure for unified storage and querying.
Supported scanners:
- grype: Anchore Grype scanner
- trivy: Aqua Security Trivy scanner
- snyk: Snyk Container scanner
- clair: CoreOS Clair scanner
- osv: Google OSV-Scanner
- anchore: Anchore Engine (legacy)
The Registry pattern enables auto-detection of scanner format:
registry := converter.DefaultRegistry()
conv, err := registry.Detect(jsonContainer)
if err != nil {
// unknown format
}
vulns, err := conv.Convert(ctx, jsonContainer)
To add a new scanner, implement the Converter interface:
type Converter interface {
Name() string
CanHandle(c *gabs.Container) bool
Convert(ctx context.Context, c *gabs.Container) ([]*data.Vulnerability, error)
}
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type Converter ¶
type Converter interface {
// Name returns the converter's identifier (e.g., "grype", "trivy").
Name() string
// CanHandle returns true if this converter can process the given JSON container.
CanHandle(c *gabs.Container) bool
// Convert transforms scanner output into normalized vulnerabilities.
Convert(ctx context.Context, c *gabs.Container) ([]*data.Vulnerability, error)
}
Converter defines the interface for vulnerability scanner output converters.
type Registry ¶
type Registry struct {
// contains filtered or unexported fields
}
Registry manages registered converters and provides detection/lookup.
func DefaultRegistry ¶
func DefaultRegistry() *Registry
DefaultRegistry returns a registry with all built-in converters registered.
func NewRegistry ¶
func NewRegistry() *Registry
NewRegistry creates a new converter registry with all available converters.
func (*Registry) Detect ¶
Detect attempts to find a converter that can handle the given JSON container.
Source Files
Directories