asset

package
v0.1.4 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Apr 7, 2026 License: GPL-3.0 Imports: 9 Imported by: 0

Documentation

Index

Constants

View Source 
const (
	DiscoverySourceDNS              = "dns"
	DiscoverySourceCertTransparency = "cert_transparency"
	DiscoverySourceBruteforce       = "bruteforce"
	DiscoverySourcePassive          = "passive"
	DiscoverySourceManual           = "manual"
	DiscoverySourceAPIDiscovery     = "api_discovery"
	DiscoverySourceWebCrawl         = "web_crawl"
)

DiscoverySource constants for domain discovery

View Source 
const (
	VisibilityPublic   RepoVisibility = "public"
	VisibilityPrivate  RepoVisibility = "private"
	VisibilityInternal RepoVisibility = "internal"

	// Aliases for backward compatibility
	RepoVisibilityPublic   = VisibilityPublic
	RepoVisibilityPrivate  = VisibilityPrivate
	RepoVisibilityInternal = VisibilityInternal
)
View Source 
const (
	ComplianceFrameworkPCIDSS   = "PCI-DSS"
	ComplianceFrameworkHIPAA    = "HIPAA"
	ComplianceFrameworkSOC2     = "SOC2"
	ComplianceFrameworkGDPR     = "GDPR"
	ComplianceFrameworkISO27001 = "ISO27001"
	ComplianceFrameworkNIST     = "NIST"
	ComplianceFrameworkFedRAMP  = "FedRAMP"
	ComplianceFrameworkCCPA     = "CCPA"
)

ComplianceFramework represents common compliance frameworks.

Variables

View Source 
var (
	ErrAssetNotFound      = fmt.Errorf("asset %w", shared.ErrNotFound)
	ErrAssetAlreadyExists = fmt.Errorf("asset %w", shared.ErrAlreadyExists)
)

Domain-specific errors for asset.

View Source 
var (
	ErrRelationshipNotFound      = fmt.Errorf("relationship %w", shared.ErrNotFound)
	ErrRelationshipAlreadyExists = fmt.Errorf("relationship %w", shared.ErrAlreadyExists)
)

Domain-specific errors for relationship.

Functions

func AllComplianceFrameworks 

func AllComplianceFrameworks() []string

AllComplianceFrameworks returns all recognized compliance frameworks.

func AllowedSortFields 

func AllowedSortFields() map[string]string

AllowedSortFields returns the allowed sort fields for assets.

func AlreadyExistsError 

func AlreadyExistsError(name string) error

AlreadyExistsError creates an asset already exists error with the name.

func BuildDomainMetadata 

func BuildDomainMetadata(domain string, discoverySource string) map[string]any

BuildDomainMetadata creates domain metadata from a domain name. This is a convenience function for creating metadata with hierarchy information.

func CalculateDomainLevel 

func CalculateDomainLevel(domain string) int

CalculateDomainLevel calculates the domain level. Level 1 = root domain (e.g., "techviet.vn") Level 2 = first subdomain (e.g., "api.techviet.vn") Level 3 = sub-subdomain (e.g., "v2.api.techviet.vn") etc.

func ExtractParentDomain 

func ExtractParentDomain(domain string) string

ExtractParentDomain extracts the parent domain. e.g., "v2.api.techviet.vn" -> "api.techviet.vn" Returns empty string if domain is root domain.

func ExtractRootDomain 

func ExtractRootDomain(domain string) string

ExtractRootDomain extracts the root domain from a full domain name. e.g., "staging.v2.api.techviet.vn" -> "techviet.vn"

func IsValidComplianceFramework 

func IsValidComplianceFramework(framework string) bool

IsValidComplianceFramework checks if a framework is recognized.

func IsWildcardDomain 

func IsWildcardDomain(domain string) bool

IsWildcardDomain checks if the domain is a wildcard domain.

func NormalizeDomain 

func NormalizeDomain(domain string) string

NormalizeDomain normalizes a domain name to lowercase, trims spaces and trailing dots.

func NotFoundError 

func NotFoundError(assetID shared.ID) error

NotFoundError creates an asset not found error with the ID.

func ParseClassification 

func ParseClassification(s string) string

ParseClassification parses a classification string. Classification is a free-form string, so this just trims whitespace.

func RelationshipAlreadyExistsError 

func RelationshipAlreadyExistsError() error

RelationshipAlreadyExistsError creates a relationship already exists error.

func RelationshipNotFoundError 

func RelationshipNotFoundError(id shared.ID) error

RelationshipNotFoundError creates a relationship not found error.

Types

type AggregateStats added in v0.1.3 

type AggregateStats struct {
	Total         int
	ByType        map[string]int
	ByStatus      map[string]int
	ByCriticality map[string]int
	ByScope       map[string]int
	ByExposure    map[string]int
	WithFindings  int
	FindingsTotal int
	HighRiskCount int
	RiskScoreAvg  float64
}

AggregateStats holds all statistics computed via SQL aggregation.

type Asset 

type Asset struct {
	// contains filtered or unexported fields
}

Asset represents an asset entity in the domain.

func NewAsset 

func NewAsset(name string, assetType AssetType, criticality Criticality) (*Asset, error)

NewAsset creates a new Asset entity.

func NewAssetWithTenant 

func NewAssetWithTenant(tenantID shared.ID, name string, assetType AssetType, criticality Criticality) (*Asset, error)

NewAssetWithTenant creates a new Asset entity with tenant.

func Reconstitute 

func Reconstitute(
	assetID shared.ID,
	tenantID shared.ID,
	parentID *shared.ID,
	ownerID *shared.ID,
	name string,
	assetType AssetType,
	criticality Criticality,
	status Status,
	scope Scope,
	exposure Exposure,
	riskScore int,
	findingCount int,
	description string,
	tags []string,
	metadata map[string]any,
	properties map[string]any,
	provider Provider,
	externalID string,
	classification string,
	syncStatus SyncStatus,
	lastSyncedAt *time.Time,
	syncError string,
	discoverySource string,
	discoveryTool string,
	discoveredAt *time.Time,

	complianceScope []string,
	dataClassification DataClassification,
	piiDataExposed bool,
	phiDataExposed bool,
	regulatoryOwnerID *shared.ID,
	isInternetAccessible bool,
	exposureChangedAt *time.Time,
	lastExposureLevel Exposure,

	firstSeen, lastSeen time.Time,
	createdAt, updatedAt time.Time,
) *Asset

Reconstitute recreates an Asset from persistence (used by repository).

func (*Asset) Activate 

func (a *Asset) Activate()

Activate activates the asset.

func (*Asset) AddComplianceFramework 

func (a *Asset) AddComplianceFramework(framework string)

AddComplianceFramework adds a compliance framework to scope.

func (*Asset) AddTag 

func (a *Asset) AddTag(tag string)

AddTag adds a tag to the asset.

func (*Asset) Archive 

func (a *Asset) Archive()

Archive archives the asset.

func (*Asset) CTEMRiskFactor 

func (a *Asset) CTEMRiskFactor() float64

CTEMRiskFactor returns a risk multiplier based on CTEM factors.

func (*Asset) CalculateRiskScore 

func (a *Asset) CalculateRiskScore()

CalculateRiskScore calculates and updates the risk score based on exposure, criticality, and findings.

func (*Asset) CalculateRiskScoreWithConfig added in v0.1.2 

func (a *Asset) CalculateRiskScoreWithConfig(config *RiskScoringConfig)

CalculateRiskScoreWithConfig calculates risk using the provided scoring config.

func (*Asset) Classification 

func (a *Asset) Classification() string

Classification returns the asset classification.

func (*Asset) ComplianceScope 

func (a *Asset) ComplianceScope() []string

ComplianceScope returns the compliance frameworks this asset is in scope for.

func (*Asset) CreatedAt 

func (a *Asset) CreatedAt() time.Time

CreatedAt returns the creation timestamp.

func (*Asset) Criticality 

func (a *Asset) Criticality() Criticality

Criticality returns the asset criticality.

func (*Asset) DataClassification 

func (a *Asset) DataClassification() DataClassification

DataClassification returns the data classification level.

func (*Asset) Deactivate 

func (a *Asset) Deactivate()

Deactivate deactivates the asset.

func (*Asset) DecrementFindingCount 

func (a *Asset) DecrementFindingCount()

DecrementFindingCount decrements the finding count by 1.

func (*Asset) Description 

func (a *Asset) Description() string

Description returns the asset description.

func (*Asset) DisableSync 

func (a *Asset) DisableSync()

DisableSync disables syncing for this asset.

func (*Asset) DiscoveredAt 

func (a *Asset) DiscoveredAt() *time.Time

DiscoveredAt returns when the asset was discovered.

func (*Asset) DiscoverySource 

func (a *Asset) DiscoverySource() string

DiscoverySource returns the discovery source.

func (*Asset) DiscoveryTool 

func (a *Asset) DiscoveryTool() string

DiscoveryTool returns the discovery tool.

func (*Asset) EnableSync 

func (a *Asset) EnableSync()

EnableSync enables syncing for this asset.

func (*Asset) Exposure 

func (a *Asset) Exposure() Exposure

Exposure returns the asset exposure level.

func (*Asset) ExposureChangedAt 

func (a *Asset) ExposureChangedAt() *time.Time

ExposureChangedAt returns when the exposure level last changed.

func (*Asset) ExternalID 

func (a *Asset) ExternalID() string

ExternalID returns the external system ID.

func (*Asset) FindingCount 

func (a *Asset) FindingCount() int

FindingCount returns the number of findings for this asset.

func (*Asset) FindingSeverityCounts added in v0.1.2 

func (a *Asset) FindingSeverityCounts() *FindingSeverityCounts

FindingSeverityCounts returns the per-severity finding counts.

func (*Asset) FirstSeen 

func (a *Asset) FirstSeen() time.Time

FirstSeen returns when the asset was first discovered.

func (*Asset) GetProperty 

func (a *Asset) GetProperty(key string) (any, bool)

GetProperty gets a type-specific property.

func (*Asset) HasSensitiveData 

func (a *Asset) HasSensitiveData() bool

HasSensitiveData returns true if asset contains PII or PHI data.

func (*Asset) ID 

func (a *Asset) ID() shared.ID

ID returns the asset ID.

func (*Asset) IncrementFindingCount 

func (a *Asset) IncrementFindingCount()

IncrementFindingCount increments the finding count by 1.

func (*Asset) IsActive 

func (a *Asset) IsActive() bool

IsActive returns true if the asset is active.

func (*Asset) IsCritical 

func (a *Asset) IsCritical() bool

IsCritical returns true if the asset is critical.

func (*Asset) IsHighRiskCompliance 

func (a *Asset) IsHighRiskCompliance() bool

IsHighRiskCompliance returns true if asset is in high-risk compliance scope.

func (*Asset) IsInComplianceScope 

func (a *Asset) IsInComplianceScope(framework string) bool

IsInComplianceScope checks if asset is in scope for a framework.

func (*Asset) IsInternetAccessible 

func (a *Asset) IsInternetAccessible() bool

IsInternetAccessible returns whether the asset is directly internet accessible.

func (*Asset) IsRepository 

func (a *Asset) IsRepository() bool

IsRepository returns true if the asset is a repository type.

func (*Asset) LastExposureLevel 

func (a *Asset) LastExposureLevel() Exposure

LastExposureLevel returns the previous exposure level.

func (*Asset) LastSeen 

func (a *Asset) LastSeen() time.Time

LastSeen returns when the asset was last seen.

func (*Asset) LastSyncedAt 

func (a *Asset) LastSyncedAt() *time.Time

LastSyncedAt returns the last sync timestamp.

func (*Asset) MarkSeen 

func (a *Asset) MarkSeen()

MarkSeen updates the last seen timestamp.

func (*Asset) MarkSyncError 

func (a *Asset) MarkSyncError(err string)

MarkSyncError marks the asset with a sync error.

func (*Asset) MarkSynced 

func (a *Asset) MarkSynced()

MarkSynced marks the asset as synced.

func (*Asset) MarkSyncing 

func (a *Asset) MarkSyncing()

MarkSyncing marks the asset as syncing.

func (*Asset) Metadata 

func (a *Asset) Metadata() map[string]any

Metadata returns the asset metadata.

func (*Asset) Name 

func (a *Asset) Name() string

Name returns the asset name.

func (*Asset) OwnerID 

func (a *Asset) OwnerID() *shared.ID

OwnerID returns the owner user ID.

func (*Asset) PHIDataExposed 

func (a *Asset) PHIDataExposed() bool

PHIDataExposed returns whether PHI data is exposed.

func (*Asset) PIIDataExposed 

func (a *Asset) PIIDataExposed() bool

PIIDataExposed returns whether PII data is exposed.

func (*Asset) ParentID 

func (a *Asset) ParentID() *shared.ID

ParentID returns the parent asset ID.

func (*Asset) Properties 

func (a *Asset) Properties() map[string]any

Properties returns a copy of the type-specific properties.

func (*Asset) Provider 

func (a *Asset) Provider() Provider

Provider returns the external provider.

func (*Asset) RegulatoryOwnerID 

func (a *Asset) RegulatoryOwnerID() *shared.ID

RegulatoryOwnerID returns the regulatory owner user ID.

func (*Asset) RemoveComplianceFramework 

func (a *Asset) RemoveComplianceFramework(framework string)

RemoveComplianceFramework removes a compliance framework from scope.

func (*Asset) RemoveTag 

func (a *Asset) RemoveTag(tag string)

RemoveTag removes a tag from the asset.

func (*Asset) RiskScore 

func (a *Asset) RiskScore() int

RiskScore returns the asset risk score.

func (*Asset) Scope 

func (a *Asset) Scope() Scope

Scope returns the asset scope.

func (*Asset) SetClassification 

func (a *Asset) SetClassification(classification string)

SetClassification sets the asset classification.

func (*Asset) SetComplianceScope 

func (a *Asset) SetComplianceScope(frameworks []string)

SetComplianceScope sets the compliance frameworks.

func (*Asset) SetDataClassification 

func (a *Asset) SetDataClassification(classification DataClassification) error

SetDataClassification sets the data classification level.

func (*Asset) SetDiscoveredAt 

func (a *Asset) SetDiscoveredAt(t *time.Time)

SetDiscoveredAt sets when the asset was discovered.

func (*Asset) SetDiscoveryInfo 

func (a *Asset) SetDiscoveryInfo(source, tool string, discoveredAt *time.Time)

SetDiscoveryInfo sets all discovery-related fields at once.

func (*Asset) SetDiscoverySource 

func (a *Asset) SetDiscoverySource(source string)

SetDiscoverySource sets the discovery source.

func (*Asset) SetDiscoveryTool 

func (a *Asset) SetDiscoveryTool(tool string)

SetDiscoveryTool sets the discovery tool.

func (*Asset) SetExternalID 

func (a *Asset) SetExternalID(externalID string)

SetExternalID sets the external system ID.

func (*Asset) SetFindingSeverityCounts added in v0.1.2 

func (a *Asset) SetFindingSeverityCounts(counts *FindingSeverityCounts)

SetFindingSeverityCounts sets the per-severity finding counts.

func (*Asset) SetInternetAccessible 

func (a *Asset) SetInternetAccessible(accessible bool)

SetInternetAccessible sets whether the asset is internet accessible.

func (*Asset) SetMetadata 

func (a *Asset) SetMetadata(key string, value any)

SetMetadata sets a metadata key-value pair.

func (*Asset) SetOwnerID 

func (a *Asset) SetOwnerID(ownerID *shared.ID)

SetOwnerID sets the owner user ID.

func (*Asset) SetPHIDataExposed 

func (a *Asset) SetPHIDataExposed(exposed bool)

SetPHIDataExposed sets whether PHI data is exposed.

func (*Asset) SetPIIDataExposed 

func (a *Asset) SetPIIDataExposed(exposed bool)

SetPIIDataExposed sets whether PII data is exposed.

func (*Asset) SetParentID 

func (a *Asset) SetParentID(parentID *shared.ID) error

SetParentID sets the parent asset ID. Returns error if the parent ID would create a self-reference.

func (*Asset) SetProperties 

func (a *Asset) SetProperties(properties map[string]any)

SetProperties replaces all properties.

func (*Asset) SetProperty 

func (a *Asset) SetProperty(key string, value any)

SetProperty sets a type-specific property.

func (*Asset) SetProvider 

func (a *Asset) SetProvider(provider Provider)

SetProvider sets the external provider.

func (*Asset) SetRegulatoryOwnerID 

func (a *Asset) SetRegulatoryOwnerID(ownerID *shared.ID)

SetRegulatoryOwnerID sets the regulatory owner user ID.

func (*Asset) SetTenantID 

func (a *Asset) SetTenantID(tenantID shared.ID)

SetTenantID sets the tenant ID.

func (*Asset) Status 

func (a *Asset) Status() Status

Status returns the asset status.

func (*Asset) SyncError 

func (a *Asset) SyncError() string

SyncError returns the last sync error.

func (*Asset) SyncStatus 

func (a *Asset) SyncStatus() SyncStatus

SyncStatus returns the sync status.

func (*Asset) Tags 

func (a *Asset) Tags() []string

Tags returns the asset tags.

func (*Asset) TenantID 

func (a *Asset) TenantID() shared.ID

TenantID returns the tenant ID.

func (*Asset) Type 

func (a *Asset) Type() AssetType

Type returns the asset type.

func (*Asset) UpdateCriticality 

func (a *Asset) UpdateCriticality(criticality Criticality) error

UpdateCriticality updates the asset criticality.

func (*Asset) UpdateDescription 

func (a *Asset) UpdateDescription(description string)

UpdateDescription updates the asset description.

func (*Asset) UpdateExposure 

func (a *Asset) UpdateExposure(exposure Exposure) error

UpdateExposure updates the asset exposure level.

func (*Asset) UpdateExposureWithTracking 

func (a *Asset) UpdateExposureWithTracking(newExposure Exposure) error

UpdateExposureWithTracking updates exposure and tracks the change.

func (*Asset) UpdateFindingCount 

func (a *Asset) UpdateFindingCount(count int)

UpdateFindingCount updates the finding count.

func (*Asset) UpdateName 

func (a *Asset) UpdateName(name string) error

UpdateName updates the asset name.

func (*Asset) UpdateRiskScore 

func (a *Asset) UpdateRiskScore(score int) error

UpdateRiskScore updates the asset risk score.

func (*Asset) UpdateScope 

func (a *Asset) UpdateScope(scope Scope) error

UpdateScope updates the asset scope.

func (*Asset) UpdatedAt 

func (a *Asset) UpdatedAt() time.Time

UpdatedAt returns the last update timestamp.

type AssetService 

type AssetService struct {
	// contains filtered or unexported fields
}

AssetService represents a network service running on an asset (host/server). Services are stored in the `asset_services` table and linked to assets via asset_id. This follows the same extension pattern as RepositoryExtension (asset_repositories table). Provides a clean 1:N relationship (Host -> Services) without bloating the assets table.

func NewAssetService 

func NewAssetService(tenantID, assetID shared.ID, port int, protocol Protocol, serviceType ServiceType) (*AssetService, error)

NewAssetService creates a new AssetService entity.

func ReconstituteAssetService 

func ReconstituteAssetService(
	id, tenantID, assetID shared.ID,
	name string,
	protocol Protocol,
	port int,
	serviceType ServiceType,
	product, version, banner, cpe string,
	technologies []string,
	isPublic bool,
	exposure Exposure,
	tlsEnabled bool,
	tlsVersion string,
	discoverySource string,
	discoveredAt, lastSeenAt *time.Time,
	findingCount, riskScore int,
	state ServiceState,
	stateChangedAt *time.Time,
	createdAt, updatedAt time.Time,
) *AssetService

ReconstituteAssetService recreates an AssetService from persistence.

func (*AssetService) AssetID 

func (s *AssetService) AssetID() shared.ID

func (*AssetService) Banner 

func (s *AssetService) Banner() string

func (*AssetService) CPE 

func (s *AssetService) CPE() string

func (*AssetService) CalculateRiskScore 

func (s *AssetService) CalculateRiskScore()

CalculateRiskScore calculates and updates the risk score.

func (*AssetService) CreatedAt 

func (s *AssetService) CreatedAt() time.Time

func (*AssetService) DiscoveredAt 

func (s *AssetService) DiscoveredAt() *time.Time

func (*AssetService) DiscoverySource 

func (s *AssetService) DiscoverySource() string

func (*AssetService) Exposure 

func (s *AssetService) Exposure() Exposure

func (*AssetService) FindingCount 

func (s *AssetService) FindingCount() int

func (*AssetService) ID 

func (s *AssetService) ID() shared.ID

func (*AssetService) Identifier 

func (s *AssetService) Identifier() string

Identifier returns a unique identifier string for this service. Format: "{asset_id}:{port}/{protocol}"

func (*AssetService) IsActive 

func (s *AssetService) IsActive() bool

IsActive returns true if the service is currently active.

func (*AssetService) IsHighRisk 

func (s *AssetService) IsHighRisk() bool

IsHighRisk returns true if the service is considered high risk. High risk: public + (database OR remote access OR no TLS on HTTPS)

func (*AssetService) IsPublic 

func (s *AssetService) IsPublic() bool

func (*AssetService) LastSeenAt 

func (s *AssetService) LastSeenAt() *time.Time

func (*AssetService) MarkSeen 

func (s *AssetService) MarkSeen()

func (*AssetService) Name 

func (s *AssetService) Name() string

func (*AssetService) Port 

func (s *AssetService) Port() int

func (*AssetService) Product 

func (s *AssetService) Product() string

func (*AssetService) Protocol 

func (s *AssetService) Protocol() Protocol

func (*AssetService) RiskScore 

func (s *AssetService) RiskScore() int

func (*AssetService) ServiceType 

func (s *AssetService) ServiceType() ServiceType

func (*AssetService) SetBanner 

func (s *AssetService) SetBanner(banner string)

func (*AssetService) SetCPE 

func (s *AssetService) SetCPE(cpe string)

func (*AssetService) SetDiscoveryInfo 

func (s *AssetService) SetDiscoveryInfo(source string, discoveredAt *time.Time)

func (*AssetService) SetExposure 

func (s *AssetService) SetExposure(exposure Exposure) error

func (*AssetService) SetName 

func (s *AssetService) SetName(name string)

func (*AssetService) SetProduct 

func (s *AssetService) SetProduct(product string)

func (*AssetService) SetPublic 

func (s *AssetService) SetPublic(isPublic bool)

func (*AssetService) SetState 

func (s *AssetService) SetState(state ServiceState) error

func (*AssetService) SetTLS 

func (s *AssetService) SetTLS(enabled bool, version string)

func (*AssetService) SetTechnologies added in v0.1.2 

func (s *AssetService) SetTechnologies(technologies []string)

func (*AssetService) SetVersion 

func (s *AssetService) SetVersion(version string)

func (*AssetService) State 

func (s *AssetService) State() ServiceState

func (*AssetService) StateChangedAt 

func (s *AssetService) StateChangedAt() *time.Time

func (*AssetService) TLSEnabled 

func (s *AssetService) TLSEnabled() bool

func (*AssetService) TLSVersion 

func (s *AssetService) TLSVersion() string

func (*AssetService) Technologies added in v0.1.2 

func (s *AssetService) Technologies() []string

func (*AssetService) TenantID 

func (s *AssetService) TenantID() shared.ID

func (*AssetService) UpdateFindingCount 

func (s *AssetService) UpdateFindingCount(count int)

func (*AssetService) UpdateRiskScore 

func (s *AssetService) UpdateRiskScore(score int) error

func (*AssetService) UpdatedAt 

func (s *AssetService) UpdatedAt() time.Time

func (*AssetService) Version 

func (s *AssetService) Version() string

type AssetServiceRepository 

type AssetServiceRepository interface {

	// Create persists a new asset service.
	Create(ctx context.Context, service *AssetService) error

	// GetByID retrieves an asset service by its ID.
	GetByID(ctx context.Context, tenantID, id shared.ID) (*AssetService, error)

	// Update updates an existing asset service.
	Update(ctx context.Context, service *AssetService) error

	// Delete removes an asset service by its ID.
	Delete(ctx context.Context, tenantID, id shared.ID) error

	// GetByAssetID retrieves all services for an asset.
	GetByAssetID(ctx context.Context, tenantID, assetID shared.ID) ([]*AssetService, error)

	// GetByAssetAndPort retrieves a service by asset ID and port.
	// Used for upsert operations to find existing service.
	GetByAssetAndPort(ctx context.Context, tenantID, assetID shared.ID, port int, protocol Protocol) (*AssetService, error)

	// List retrieves services with filtering and pagination.
	List(ctx context.Context, tenantID shared.ID, opts ListAssetServicesOptions) ([]*AssetService, int, error)

	// ListPublic retrieves all public (internet-exposed) services for a tenant.
	ListPublic(ctx context.Context, tenantID shared.ID, limit, offset int) ([]*AssetService, int, error)

	// ListByServiceType retrieves services of a specific type.
	ListByServiceType(ctx context.Context, tenantID shared.ID, serviceType ServiceType, limit, offset int) ([]*AssetService, int, error)

	// ListHighRisk retrieves services with risk score above threshold.
	ListHighRisk(ctx context.Context, tenantID shared.ID, minRiskScore int, limit, offset int) ([]*AssetService, int, error)

	// UpsertBatch creates or updates multiple services in a single operation.
	// Uses PostgreSQL ON CONFLICT (tenant_id, asset_id, port, protocol) for atomic upsert.
	// Returns the number of created and updated services.
	UpsertBatch(ctx context.Context, services []*AssetService) (created int, updated int, err error)

	// DeleteByAssetID removes all services for an asset.
	// Called when asset is deleted (also handled by FK CASCADE).
	DeleteByAssetID(ctx context.Context, tenantID, assetID shared.ID) error

	// UpdateFindingCounts updates finding counts for multiple services.
	// Maps serviceID -> count
	UpdateFindingCounts(ctx context.Context, counts map[shared.ID]int) error

	// CountByTenant returns the total number of services for a tenant.
	CountByTenant(ctx context.Context, tenantID shared.ID) (int64, error)

	// CountByAsset returns the number of services for an asset.
	CountByAsset(ctx context.Context, tenantID, assetID shared.ID) (int, error)

	// CountPublic returns the number of public services for a tenant.
	CountPublic(ctx context.Context, tenantID shared.ID) (int64, error)

	// GetServiceTypeCounts returns count of services grouped by service type.
	GetServiceTypeCounts(ctx context.Context, tenantID shared.ID) (map[ServiceType]int, error)

	// GetPortCounts returns count of services grouped by port (top N).
	GetPortCounts(ctx context.Context, tenantID shared.ID, topN int) (map[int]int, error)

	// SearchByProduct searches services by product name (partial match).
	SearchByProduct(ctx context.Context, tenantID shared.ID, product string, limit int) ([]*AssetService, error)

	// SearchByVersion searches services by version (partial match).
	// Useful for finding vulnerable versions.
	SearchByVersion(ctx context.Context, tenantID shared.ID, version string, limit int) ([]*AssetService, error)

	// SearchByCPE searches services by CPE (partial match).
	// Used for vulnerability correlation.
	SearchByCPE(ctx context.Context, tenantID shared.ID, cpe string, limit int) ([]*AssetService, error)
}

AssetServiceRepository defines the interface for asset service persistence. Services are stored in the `asset_services` table and linked to assets via asset_id. This follows the same pattern as RepositoryExtensionRepository (asset_repositories table).

type AssetServiceStats 

type AssetServiceStats struct {
	TotalServices    int64
	PublicServices   int64
	ActiveServices   int64
	InactiveServices int64
	HighRiskServices int64 // risk_score > 70

	// By Type
	HTTPServices     int64
	DatabaseServices int64
	RemoteAccess     int64

	// Top Ports
	TopPorts []PortCount

	// Top Products
	TopProducts []ProductCount
}

AssetServiceStats contains aggregated statistics for services.

type AssetServiceWithAsset 

type AssetServiceWithAsset struct {
	Service   *AssetService
	AssetName string
	AssetType AssetType
}

AssetServiceWithAsset combines a service with its parent asset information. Used for list views that need to show asset context.

type AssetStateChange 

type AssetStateChange struct {
	// contains filtered or unexported fields
}

AssetStateChange represents a tracked change in asset state. Used for audit logging, compliance tracking, and shadow IT detection. Records are stored in the `asset_state_history` table (append-only).

func NewAssetStateChange 

func NewAssetStateChange(
	tenantID, assetID shared.ID,
	changeType StateChangeType,
	source ChangeSource,
) (*AssetStateChange, error)

NewAssetStateChange creates a new state change record.

func ReconstituteStateChange 

func ReconstituteStateChange(
	id, tenantID, assetID shared.ID,
	changeType StateChangeType,
	field, oldValue, newValue, reason, metadata string,
	source ChangeSource,
	changedBy *shared.ID,
	changedAt, createdAt time.Time,
) *AssetStateChange

ReconstituteStateChange recreates a state change from persistence.

func RecordAssetAppeared 

func RecordAssetAppeared(tenantID, assetID shared.ID, source ChangeSource, reason string) *AssetStateChange

RecordAssetAppeared creates a state change for a newly discovered asset.

func RecordAssetDisappeared 

func RecordAssetDisappeared(tenantID, assetID shared.ID, source ChangeSource, reason string) *AssetStateChange

RecordAssetDisappeared creates a state change for an asset that's no longer seen.

func RecordAssetRecovered 

func RecordAssetRecovered(tenantID, assetID shared.ID, source ChangeSource, reason string) *AssetStateChange

RecordAssetRecovered creates a state change for an asset that reappeared.

func RecordFieldChange 

func RecordFieldChange(
	tenantID, assetID shared.ID,
	changeType StateChangeType,
	field, oldValue, newValue string,
	source ChangeSource,
	changedBy *shared.ID,
) *AssetStateChange

RecordFieldChange creates a state change for a specific field change.

func (*AssetStateChange) AssetID 

func (s *AssetStateChange) AssetID() shared.ID

func (*AssetStateChange) ChangeType 

func (s *AssetStateChange) ChangeType() StateChangeType

func (*AssetStateChange) ChangedAt 

func (s *AssetStateChange) ChangedAt() time.Time

func (*AssetStateChange) ChangedBy 

func (s *AssetStateChange) ChangedBy() *shared.ID

func (*AssetStateChange) CreatedAt 

func (s *AssetStateChange) CreatedAt() time.Time

func (*AssetStateChange) Field 

func (s *AssetStateChange) Field() string

func (*AssetStateChange) ID 

func (s *AssetStateChange) ID() shared.ID

func (*AssetStateChange) IsAutomatedChange 

func (s *AssetStateChange) IsAutomatedChange() bool

IsAutomatedChange returns true if this change was automated.

func (*AssetStateChange) IsComplianceChange 

func (s *AssetStateChange) IsComplianceChange() bool

IsComplianceChange returns true if this is a compliance-related change.

func (*AssetStateChange) IsExposureChange 

func (s *AssetStateChange) IsExposureChange() bool

IsExposureChange returns true if this is an exposure-related change.

func (*AssetStateChange) IsLifecycleChange 

func (s *AssetStateChange) IsLifecycleChange() bool

IsLifecycleChange returns true if this is an asset lifecycle event.

func (*AssetStateChange) IsManualChange 

func (s *AssetStateChange) IsManualChange() bool

IsManualChange returns true if this change was made by a user.

func (*AssetStateChange) Metadata 

func (s *AssetStateChange) Metadata() string

func (*AssetStateChange) NewValue 

func (s *AssetStateChange) NewValue() string

func (*AssetStateChange) OldValue 

func (s *AssetStateChange) OldValue() string

func (*AssetStateChange) Reason 

func (s *AssetStateChange) Reason() string

func (*AssetStateChange) SetChangedBy 

func (s *AssetStateChange) SetChangedBy(userID *shared.ID)

SetChangedBy sets the user who made the change.

func (*AssetStateChange) SetFieldChange 

func (s *AssetStateChange) SetFieldChange(field, oldValue, newValue string)

SetFieldChange sets the field-level change details.

func (*AssetStateChange) SetMetadata 

func (s *AssetStateChange) SetMetadata(metadata string)

SetMetadata sets optional JSON metadata.

func (*AssetStateChange) SetReason 

func (s *AssetStateChange) SetReason(reason string)

SetReason sets the reason for the change.

func (*AssetStateChange) Source 

func (s *AssetStateChange) Source() ChangeSource

func (*AssetStateChange) TenantID 

func (s *AssetStateChange) TenantID() shared.ID

type AssetType 

type AssetType string

AssetType represents the type of an asset. 

const (
	// Discovery/External Attack Surface
	AssetTypeDomain      AssetType = "domain"
	AssetTypeSubdomain   AssetType = "subdomain"
	AssetTypeCertificate AssetType = "certificate"
	AssetTypeIPAddress   AssetType = "ip_address"

	// Applications
	AssetTypeWebsite        AssetType = "website"
	AssetTypeWebApplication AssetType = "web_application"
	AssetTypeAPI            AssetType = "api"
	AssetTypeMobileApp      AssetType = "mobile_app"
	AssetTypeService        AssetType = "service" // Network services (SSH, HTTP, DB, etc.)

	// Code/Repository
	AssetTypeRepository AssetType = "repository"

	// Cloud
	AssetTypeCloudAccount      AssetType = "cloud_account"
	AssetTypeCompute           AssetType = "compute"
	AssetTypeStorage           AssetType = "storage"
	AssetTypeServerless        AssetType = "serverless"
	AssetTypeContainerRegistry AssetType = "container_registry"

	// Infrastructure
	AssetTypeHost                AssetType = "host"
	AssetTypeContainer           AssetType = "container"
	AssetTypeKubernetesCluster   AssetType = "kubernetes_cluster"
	AssetTypeKubernetesNamespace AssetType = "kubernetes_namespace"

	// Data
	AssetTypeDatabase  AssetType = "database"
	AssetTypeDataStore AssetType = "data_store"
	AssetTypeS3Bucket  AssetType = "s3_bucket"

	// Network
	AssetTypeNetwork      AssetType = "network"
	AssetTypeVPC          AssetType = "vpc"
	AssetTypeSubnet       AssetType = "subnet"
	AssetTypeLoadBalancer AssetType = "load_balancer"
	AssetTypeFirewall     AssetType = "firewall"

	// Identity
	AssetTypeIAMUser        AssetType = "iam_user"
	AssetTypeIAMRole        AssetType = "iam_role"
	AssetTypeServiceAccount AssetType = "service_account"

	// Unclassified assets
	AssetTypeUnclassified AssetType = "unclassified"

	// Recon-specific types
	AssetTypeHTTPService   AssetType = "http_service"   // HTTP/HTTPS services from HTTPX
	AssetTypeOpenPort      AssetType = "open_port"      // Individual open ports from Naabu
	AssetTypeDiscoveredURL AssetType = "discovered_url" // URLs/endpoints from Katana
)

func AllAssetTypes 

func AllAssetTypes() []AssetType

AllAssetTypes returns all valid asset types.

func ParseAssetType 

func ParseAssetType(s string) (AssetType, error)

ParseAssetType parses a string into an AssetType.

func (AssetType) IsRepository 

func (t AssetType) IsRepository() bool

IsRepository returns true if the asset type is a code repository.

func (AssetType) IsValid 

func (t AssetType) IsValid() bool

IsValid checks if the asset type is valid.

func (AssetType) String 

func (t AssetType) String() string

String returns the string representation.

type AssetTypeStats added in v0.1.2 

type AssetTypeStats struct {
	Total   int
	Exposed int
}

AssetTypeStats holds per-type aggregate counts.

type CTEMPointsConfig added in v0.1.2 

type CTEMPointsConfig struct {
	Enabled            bool
	InternetAccessible int
	PIIExposed         int
	PHIExposed         int
	HighRiskCompliance int
	RestrictedData     int
}

CTEMPointsConfig configures CTEM-specific risk point additions.

type ChangeSource 

type ChangeSource string

ChangeSource represents the source of the change. 

const (
	ChangeSourceScan        ChangeSource = "scan"        // From vulnerability/port scan
	ChangeSourceManual      ChangeSource = "manual"      // Manual user action
	ChangeSourceIntegration ChangeSource = "integration" // From external integration (GitHub, AWS, etc.)
	ChangeSourceSystem      ChangeSource = "system"      // System-generated (e.g., auto-archive)
	ChangeSourceAgent       ChangeSource = "agent"       // From platform agent
	ChangeSourceAPI         ChangeSource = "api"         // From API call
)

func AllChangeSources 

func AllChangeSources() []ChangeSource

AllChangeSources returns all valid change sources.

func (ChangeSource) IsValid 

func (s ChangeSource) IsValid() bool

func (ChangeSource) String 

func (s ChangeSource) String() string

type ComponentWeights added in v0.1.2 

type ComponentWeights struct {
	Exposure    int
	Criticality int
	Findings    int
	CTEM        int
}

ComponentWeights defines the percentage weights for each risk component.

type Criticality 

type Criticality string

Criticality represents the criticality level of an asset. 

const (
	CriticalityCritical Criticality = "critical"
	CriticalityHigh     Criticality = "high"
	CriticalityMedium   Criticality = "medium"
	CriticalityLow      Criticality = "low"
	CriticalityNone     Criticality = "none"
)

func AllCriticalities 

func AllCriticalities() []Criticality

AllCriticalities returns all valid criticality levels.

func ParseCriticality 

func ParseCriticality(s string) (Criticality, error)

ParseCriticality parses a string into a Criticality.

func (Criticality) IsValid 

func (c Criticality) IsValid() bool

IsValid checks if the criticality is valid.

func (Criticality) Score 

func (c Criticality) Score() int

Score returns the numeric score for the criticality (0-100).

func (Criticality) String 

func (c Criticality) String() string

String returns the string representation.

type CriticalityScoreMap added in v0.1.2 

type CriticalityScoreMap struct {
	Critical int
	High     int
	Medium   int
	Low      int
	None     int
}

CriticalityScoreMap maps criticality levels to base scores (0-100).

type DailyActivityCount 

type DailyActivityCount struct {
	Date           time.Time
	Appeared       int
	Disappeared    int
	Recovered      int
	ExposureChange int
	OtherChanges   int
	Total          int
}

DailyActivityCount represents activity count for a single day.

type DataClassification 

type DataClassification string

DataClassification represents the data classification level of an asset. 

const (
	DataClassificationPublic       DataClassification = "public"       // Public information, no restrictions
	DataClassificationInternal     DataClassification = "internal"     // Internal use only
	DataClassificationConfidential DataClassification = "confidential" // Confidential, limited access
	DataClassificationRestricted   DataClassification = "restricted"   // Restricted, PII/PHI data
	DataClassificationSecret       DataClassification = "secret"       // Highly sensitive, need-to-know
)

func AllDataClassifications 

func AllDataClassifications() []DataClassification

AllDataClassifications returns all valid data classification levels.

func ParseDataClassification 

func ParseDataClassification(str string) (DataClassification, error)

ParseDataClassification parses a string into a DataClassification.

func (DataClassification) IsValid 

func (d DataClassification) IsValid() bool

IsValid checks if the data classification is valid.

func (DataClassification) RequiresEncryption 

func (d DataClassification) RequiresEncryption() bool

RequiresEncryption returns true if data at this classification level requires encryption.

func (DataClassification) RiskMultiplier 

func (d DataClassification) RiskMultiplier() float64

RiskMultiplier returns the risk multiplier for the data classification.

func (DataClassification) String 

func (d DataClassification) String() string

String returns the string representation.

type DomainMetadata 

type DomainMetadata struct {
	// Domain Hierarchy
	RootDomain      string `json:"root_domain"`      // Root/apex domain (e.g., "techviet.vn")
	DomainLevel     int    `json:"domain_level"`     // 1=root, 2=subdomain, 3=sub-subdomain, etc.
	ParentDomain    string `json:"parent_domain"`    // Parent domain (e.g., "api.techviet.vn" -> "techviet.vn")
	IsWildcard      bool   `json:"is_wildcard"`      // Is this a wildcard domain (*.domain.com)
	DiscoverySource string `json:"discovery_source"` // How discovered: dns, cert_transparency, bruteforce, passive, manual

	// DNS Information
	DNSRecordTypes []string `json:"dns_record_types"` // A, AAAA, CNAME, MX, NS, TXT, etc.
	ResolvedIPs    []string `json:"resolved_ips"`     // IP addresses this domain resolves to
	Nameservers    []string `json:"nameservers"`      // NS records
	MXRecords      []string `json:"mx_records"`       // Mail exchange records
	CNAMETarget    string   `json:"cname_target"`     // CNAME target if applicable
	TTL            int      `json:"ttl"`              // DNS TTL in seconds

	// WHOIS Information
	Registrar         string `json:"registrar"`          // Domain registrar
	WhoisOrganization string `json:"whois_organization"` // Organization from WHOIS
	RegistrationDate  string `json:"registration_date"`  // Domain registration date
	ExpiryDate        string `json:"expiry_date"`        // Domain expiry date
	UpdatedDate       string `json:"updated_date"`       // Last WHOIS update

	// Security
	DNSSECEnabled bool   `json:"dnssec_enabled"` // DNSSEC enabled
	CAA           string `json:"caa"`            // CAA record value
	SPF           string `json:"spf"`            // SPF record
	DKIM          string `json:"dkim"`           // DKIM record
	DMARC         string `json:"dmarc"`          // DMARC record

	// Certificate (linked)
	HasCertificate     bool   `json:"has_certificate"`      // Has SSL/TLS certificate
	CertificateAssetID string `json:"certificate_asset_id"` // Link to certificate asset
}

DomainMetadata contains domain-specific metadata fields for domain assets. These fields should be stored in the asset's metadata map.

type Exposure 

type Exposure string

Exposure represents the network accessibility level of an asset. 

const (
	ExposurePublic     Exposure = "public"     // Publicly accessible from internet
	ExposureRestricted Exposure = "restricted" // Restricted access (VPN, IP whitelist)
	ExposurePrivate    Exposure = "private"    // Internal network only
	ExposureIsolated   Exposure = "isolated"   // Air-gapped or highly isolated
	ExposureUnknown    Exposure = "unknown"    // Unknown exposure level
)

func AllExposures 

func AllExposures() []Exposure

AllExposures returns all valid exposure levels.

func ParseExposure 

func ParseExposure(str string) (Exposure, error)

ParseExposure parses a string into an Exposure.

func (Exposure) BaseRiskScore 

func (e Exposure) BaseRiskScore() int

BaseRiskScore returns the base risk score for the exposure level.

func (Exposure) ExposureMultiplier 

func (e Exposure) ExposureMultiplier() float64

ExposureMultiplier returns the risk multiplier for the exposure level.

func (Exposure) IsValid 

func (e Exposure) IsValid() bool

IsValid checks if the exposure is valid.

func (Exposure) String 

func (e Exposure) String() string

String returns the string representation.

type ExposureMultiplierMap added in v0.1.2 

type ExposureMultiplierMap struct {
	Public     float64
	Restricted float64
	Private    float64
	Isolated   float64
	Unknown    float64
}

ExposureMultiplierMap maps exposure levels to score multipliers.

type ExposureScoreMap added in v0.1.2 

type ExposureScoreMap struct {
	Public     int
	Restricted int
	Private    int
	Isolated   int
	Unknown    int
}

ExposureScoreMap maps exposure levels to base scores (0-100).

type Filter 

type Filter struct {
	TenantID      *string       // Filter by tenant ID
	Name          *string       // Filter by name (partial match)
	Types         []AssetType   // Filter by asset types
	Criticalities []Criticality // Filter by criticality levels
	Statuses      []Status      // Filter by statuses
	Scopes        []Scope       // Filter by scopes
	Exposures     []Exposure    // Filter by exposure levels
	Providers     []Provider    // Filter by providers
	SyncStatuses  []SyncStatus  // Filter by sync statuses
	Tags          []string      // Filter by tags
	Search        *string       // Full-text search across name and description
	MinRiskScore  *int          // Filter by minimum risk score
	MaxRiskScore  *int          // Filter by maximum risk score
	HasFindings   *bool         // Filter by whether asset has findings
	ParentID      *string       // Filter by parent asset ID

	// Layer 2: Data Scope - filter assets by user's group membership
	// When set, only assets accessible to this user are returned.
	// Backward compat: if user has no group assignments, all assets are visible.
	DataScopeUserID *shared.ID
}

Filter defines the filtering options for listing assets.

func NewFilter 

func NewFilter() Filter

NewFilter creates an empty filter.

func (Filter) IsEmpty 

func (f Filter) IsEmpty() bool

IsEmpty returns true if no filters are set.

func (Filter) WithCriticalities 

func (f Filter) WithCriticalities(criticalities ...Criticality) Filter

WithCriticalities adds a criticalities filter.

func (Filter) WithDataScopeUserID added in v0.1.2 

func (f Filter) WithDataScopeUserID(id shared.ID) Filter

WithDataScopeUserID adds a data scope filter by user's group membership.

func (Filter) WithExposures 

func (f Filter) WithExposures(exposures ...Exposure) Filter

WithExposures adds an exposures filter.

func (Filter) WithHasFindings 

func (f Filter) WithHasFindings(hasFindings bool) Filter

WithHasFindings adds a has findings filter.

func (Filter) WithMaxRiskScore 

func (f Filter) WithMaxRiskScore(score int) Filter

WithMaxRiskScore adds a maximum risk score filter.

func (Filter) WithMinRiskScore 

func (f Filter) WithMinRiskScore(score int) Filter

WithMinRiskScore adds a minimum risk score filter.

func (Filter) WithName 

func (f Filter) WithName(name string) Filter

WithName adds a name filter.

func (Filter) WithParentID 

func (f Filter) WithParentID(parentID string) Filter

WithParentID adds a parent ID filter.

func (Filter) WithProviders 

func (f Filter) WithProviders(providers ...Provider) Filter

WithProviders adds a providers filter.

func (Filter) WithScopes 

func (f Filter) WithScopes(scopes ...Scope) Filter

WithScopes adds a scopes filter.

func (Filter) WithSearch 

func (f Filter) WithSearch(search string) Filter

WithSearch adds a full-text search filter.

func (Filter) WithStatuses 

func (f Filter) WithStatuses(statuses ...Status) Filter

WithStatuses adds a statuses filter.

func (Filter) WithSyncStatuses 

func (f Filter) WithSyncStatuses(statuses ...SyncStatus) Filter

WithSyncStatuses adds a sync statuses filter.

func (Filter) WithTags 

func (f Filter) WithTags(tags ...string) Filter

WithTags adds a tags filter.

func (Filter) WithTenantID 

func (f Filter) WithTenantID(tenantID string) Filter

WithTenantID adds a tenant ID filter.

func (Filter) WithTypes 

func (f Filter) WithTypes(types ...AssetType) Filter

WithTypes adds a types filter.

type FindingImpactConfig added in v0.1.2 

type FindingImpactConfig struct {
	Mode             string // "count" or "severity_weighted"
	PerFindingPoints int
	FindingCap       int
	SeverityWeights  SeverityWeightMap
}

FindingImpactConfig configures how findings affect the risk score.

type FindingSeverityCounts added in v0.1.2 

type FindingSeverityCounts struct {
	Critical int
	High     int
	Medium   int
	Low      int
	Info     int
}

FindingSeverityCounts holds per-severity finding counts for an asset.

type ListAssetServicesOptions 

type ListAssetServicesOptions struct {
	AssetID     *shared.ID
	ServiceType *ServiceType
	State       *ServiceState
	IsPublic    *bool
	Port        *int
	Product     *string

	// Pagination
	Limit  int
	Offset int

	// Sorting
	SortBy    string // port, service_type, risk_score, last_seen_at, created_at
	SortOrder string // asc, desc
}

ListAssetServicesOptions contains options for listing asset services.

func DefaultListAssetServicesOptions 

func DefaultListAssetServicesOptions() ListAssetServicesOptions

DefaultListAssetServicesOptions returns default options.

type ListOptions 

type ListOptions struct {
	Sort *pagination.SortOption
}

ListOptions contains options for listing assets (sorting).

func NewListOptions 

func NewListOptions() ListOptions

NewListOptions creates empty list options.

func (ListOptions) WithSort 

func (o ListOptions) WithSort(sort *pagination.SortOption) ListOptions

WithSort adds sorting options.

type ListStateHistoryOptions 

type ListStateHistoryOptions struct {
	AssetID     *shared.ID
	ChangeType  *StateChangeType  // Single filter for simpler API
	ChangeTypes []StateChangeType // Multiple filters
	Source      *ChangeSource     // Single filter for simpler API
	Sources     []ChangeSource    // Multiple filters
	ChangedBy   *shared.ID
	From        *time.Time
	To          *time.Time

	// Pagination
	Limit  int
	Offset int

	// Sorting (default: changed_at DESC)
	SortOrder string // asc, desc
}

ListStateHistoryOptions contains options for listing state history.

func ComplianceChangesOptions 

func ComplianceChangesOptions() ListStateHistoryOptions

ComplianceChangesOptions returns options for compliance changes only.

func DefaultListStateHistoryOptions 

func DefaultListStateHistoryOptions() ListStateHistoryOptions

DefaultListStateHistoryOptions returns default options.

func ExposureChangesOptions 

func ExposureChangesOptions() ListStateHistoryOptions

ExposureChangesOptions returns options for exposure changes only.

func LifecycleChangesOptions 

func LifecycleChangesOptions() ListStateHistoryOptions

LifecycleChanges returns options for lifecycle changes only.

func (ListStateHistoryOptions) WithAssetID 

func (o ListStateHistoryOptions) WithAssetID(assetID shared.ID) ListStateHistoryOptions

WithAssetID filters by asset ID.

func (ListStateHistoryOptions) WithChangeTypes 

func (o ListStateHistoryOptions) WithChangeTypes(types ...StateChangeType) ListStateHistoryOptions

WithChangeTypes filters by change types.

func (ListStateHistoryOptions) WithSources 

func (o ListStateHistoryOptions) WithSources(sources ...ChangeSource) ListStateHistoryOptions

WithSources filters by change sources.

func (ListStateHistoryOptions) WithTimeRange 

func (o ListStateHistoryOptions) WithTimeRange(from, to *time.Time) ListStateHistoryOptions

WithTimeRange filters by time range.

type PortCount 

type PortCount struct {
	Port  int
	Count int
}

PortCount represents a port and its count.

type ProductCount 

type ProductCount struct {
	Product string
	Count   int
}

ProductCount represents a product and its count.

type Protocol 

type Protocol string

Protocol represents the network protocol. 

const (
	ProtocolTCP Protocol = "tcp"
	ProtocolUDP Protocol = "udp"
)

func (Protocol) IsValid 

func (p Protocol) IsValid() bool

func (Protocol) String 

func (p Protocol) String() string

type Provider 

type Provider string

Provider represents the external provider of an asset. 

const (
	ProviderGitHub      Provider = "github"
	ProviderGitLab      Provider = "gitlab"
	ProviderBitbucket   Provider = "bitbucket"
	ProviderAzureDevOps Provider = "azure_devops"
	ProviderAWS         Provider = "aws"
	ProviderAzure       Provider = "azure"
	ProviderGCP         Provider = "gcp"
	ProviderManual      Provider = "manual"
	ProviderOther       Provider = "other"
)

func AllProviders 

func AllProviders() []Provider

AllProviders returns all valid providers.

func ParseProvider 

func ParseProvider(str string) Provider

ParseProvider parses a string into a Provider.

func (Provider) IsCloud 

func (p Provider) IsCloud() bool

IsCloud returns true if the provider is a cloud provider.

func (Provider) IsSCM 

func (p Provider) IsSCM() bool

IsSCM returns true if the provider is a source code management provider.

func (Provider) IsValid 

func (p Provider) IsValid() bool

IsValid checks if the provider is valid.

func (Provider) String 

func (p Provider) String() string

String returns the string representation.

type Relationship 

type Relationship struct {
	// contains filtered or unexported fields
}

Relationship represents a directed relationship between two assets.

func NewRelationship 

func NewRelationship(
	tenantID, sourceAssetID, targetAssetID shared.ID,
	relType RelationshipType,
) (*Relationship, error)

NewRelationship creates a new Relationship entity with validation.

func ReconstituteRelationship 

func ReconstituteRelationship(
	id, tenantID, sourceAssetID, targetAssetID shared.ID,
	relType RelationshipType,
	description string,
	confidence RelationshipConfidence,
	discoveryMethod RelationshipDiscoveryMethod,
	impactWeight int,
	tags []string,
	lastVerified *time.Time,
	createdAt, updatedAt time.Time,
) *Relationship

ReconstituteRelationship recreates a Relationship from persistence (used by repository).

func (*Relationship) Confidence 

func (r *Relationship) Confidence() RelationshipConfidence

Confidence returns the confidence level.

func (*Relationship) CreatedAt 

func (r *Relationship) CreatedAt() time.Time

CreatedAt returns the creation timestamp.

func (*Relationship) Description 

func (r *Relationship) Description() string

Description returns the description.

func (*Relationship) DiscoveryMethod 

func (r *Relationship) DiscoveryMethod() RelationshipDiscoveryMethod

DiscoveryMethod returns the discovery method.

func (*Relationship) ID 

func (r *Relationship) ID() shared.ID

ID returns the relationship ID.

func (*Relationship) ImpactWeight 

func (r *Relationship) ImpactWeight() int

ImpactWeight returns the impact weight.

func (*Relationship) LastVerified 

func (r *Relationship) LastVerified() *time.Time

LastVerified returns when the relationship was last verified.

func (*Relationship) SetConfidence 

func (r *Relationship) SetConfidence(confidence RelationshipConfidence) error

SetConfidence updates the confidence level.

func (*Relationship) SetDescription 

func (r *Relationship) SetDescription(description string)

SetDescription updates the description.

func (*Relationship) SetDiscoveryMethod 

func (r *Relationship) SetDiscoveryMethod(method RelationshipDiscoveryMethod) error

SetDiscoveryMethod updates the discovery method.

func (*Relationship) SetImpactWeight 

func (r *Relationship) SetImpactWeight(weight int) error

SetImpactWeight updates the impact weight.

func (*Relationship) SetTags 

func (r *Relationship) SetTags(tags []string)

SetTags replaces all tags.

func (*Relationship) SourceAssetID 

func (r *Relationship) SourceAssetID() shared.ID

SourceAssetID returns the source asset ID.

func (*Relationship) Tags 

func (r *Relationship) Tags() []string

Tags returns a copy of the tags.

func (*Relationship) TargetAssetID 

func (r *Relationship) TargetAssetID() shared.ID

TargetAssetID returns the target asset ID.

func (*Relationship) TenantID 

func (r *Relationship) TenantID() shared.ID

TenantID returns the tenant ID.

func (*Relationship) Type 

func (r *Relationship) Type() RelationshipType

Type returns the relationship type.

func (*Relationship) UpdatedAt 

func (r *Relationship) UpdatedAt() time.Time

UpdatedAt returns the last update timestamp.

func (*Relationship) Verify 

func (r *Relationship) Verify()

Verify marks the relationship as verified now.

type RelationshipConfidence 

type RelationshipConfidence string

RelationshipConfidence represents the confidence level of a relationship. 

const (
	ConfidenceHigh   RelationshipConfidence = "high"
	ConfidenceMedium RelationshipConfidence = "medium"
	ConfidenceLow    RelationshipConfidence = "low"
)

func ParseRelationshipConfidence 

func ParseRelationshipConfidence(s string) (RelationshipConfidence, error)

ParseRelationshipConfidence parses a string into a RelationshipConfidence.

func (RelationshipConfidence) IsValid 

func (c RelationshipConfidence) IsValid() bool

IsValid checks if the confidence level is valid.

func (RelationshipConfidence) String 

func (c RelationshipConfidence) String() string

String returns the string representation.

type RelationshipDiscoveryMethod 

type RelationshipDiscoveryMethod string

RelationshipDiscoveryMethod represents how a relationship was discovered. 

const (
	DiscoveryAutomatic RelationshipDiscoveryMethod = "automatic"
	DiscoveryManual    RelationshipDiscoveryMethod = "manual"
	DiscoveryImported  RelationshipDiscoveryMethod = "imported"
	DiscoveryInferred  RelationshipDiscoveryMethod = "inferred"
)

func ParseRelationshipDiscoveryMethod 

func ParseRelationshipDiscoveryMethod(s string) (RelationshipDiscoveryMethod, error)

ParseRelationshipDiscoveryMethod parses a string into a RelationshipDiscoveryMethod.

func (RelationshipDiscoveryMethod) IsValid 

func (d RelationshipDiscoveryMethod) IsValid() bool

IsValid checks if the discovery method is valid.

func (RelationshipDiscoveryMethod) String 

func (d RelationshipDiscoveryMethod) String() string

String returns the string representation.

type RelationshipFilter 

type RelationshipFilter struct {
	Types            []RelationshipType
	Confidences      []RelationshipConfidence
	DiscoveryMethods []RelationshipDiscoveryMethod
	Tags             []string
	MinImpactWeight  *int
	MaxImpactWeight  *int
	Direction        string // "outgoing", "incoming", or "" for both
	Page             int
	PerPage          int
}

RelationshipFilter defines filtering options for relationship queries.

type RelationshipRepository 

type RelationshipRepository interface {
	// Create persists a new relationship.
	Create(ctx context.Context, rel *Relationship) error

	// GetByID retrieves a relationship by ID within a tenant.
	GetByID(ctx context.Context, tenantID, id shared.ID) (*RelationshipWithAssets, error)

	// Update updates an existing relationship.
	Update(ctx context.Context, rel *Relationship) error

	// Delete removes a relationship by ID within a tenant.
	Delete(ctx context.Context, tenantID, id shared.ID) error

	// ListByAsset retrieves all relationships for an asset (both directions).
	ListByAsset(ctx context.Context, tenantID, assetID shared.ID,
		filter RelationshipFilter,
	) ([]*RelationshipWithAssets, int64, error)

	// Exists checks if a specific relationship already exists.
	Exists(ctx context.Context, tenantID, sourceID, targetID shared.ID,
		relType RelationshipType) (bool, error)

	// CountByAsset returns the count of relationships for an asset.
	CountByAsset(ctx context.Context, tenantID, assetID shared.ID) (int64, error)

	// CreateBatchIgnoreConflicts inserts multiple relationships, silently skipping duplicates.
	// Returns the number of relationships actually created (excluding conflicts).
	CreateBatchIgnoreConflicts(ctx context.Context, rels []*Relationship) (int, error)
}

RelationshipRepository defines the interface for asset relationship persistence.

type RelationshipType 

type RelationshipType string

RelationshipType represents the type of relationship between assets. 

const (
	// Attack Surface Mapping
	RelTypeRunsOn     RelationshipType = "runs_on"
	RelTypeDeployedTo RelationshipType = "deployed_to"
	RelTypeContains   RelationshipType = "contains"
	RelTypeExposes    RelationshipType = "exposes"
	RelTypeMemberOf   RelationshipType = "member_of"
	RelTypeResolvesTo RelationshipType = "resolves_to"

	// Attack Path Analysis
	RelTypeDependsOn       RelationshipType = "depends_on"
	RelTypeSendsDataTo     RelationshipType = "sends_data_to"
	RelTypeStoresDataIn    RelationshipType = "stores_data_in"
	RelTypeAuthenticatesTo RelationshipType = "authenticates_to"
	RelTypeGrantedTo       RelationshipType = "granted_to"
	RelTypeLoadBalances    RelationshipType = "load_balances"

	// Control & Ownership
	RelTypeProtectedBy RelationshipType = "protected_by"
	RelTypeMonitors    RelationshipType = "monitors"
	RelTypeManages     RelationshipType = "manages"
	RelTypeOwnedBy     RelationshipType = "owned_by"
)

func AllRelationshipTypes 

func AllRelationshipTypes() []RelationshipType

AllRelationshipTypes returns all valid relationship types.

func ParseRelationshipType 

func ParseRelationshipType(s string) (RelationshipType, error)

ParseRelationshipType parses a string into a RelationshipType.

func (RelationshipType) IsValid 

func (t RelationshipType) IsValid() bool

IsValid checks if the relationship type is valid.

func (RelationshipType) String 

func (t RelationshipType) String() string

String returns the string representation.

type RelationshipWithAssets 

type RelationshipWithAssets struct {
	*Relationship
	SourceAssetName string
	SourceAssetType AssetType
	TargetAssetName string
	TargetAssetType AssetType
}

RelationshipWithAssets includes joined asset data for API responses.

type RepoVisibility 

type RepoVisibility string

RepoVisibility represents the visibility of a repository.

func ParseRepoVisibility 

func ParseRepoVisibility(s string) RepoVisibility

ParseRepoVisibility parses a string into a RepoVisibility.

func (RepoVisibility) IsValid 

func (v RepoVisibility) IsValid() bool

IsValid checks if the visibility is valid.

func (RepoVisibility) String 

func (v RepoVisibility) String() string

String returns the string representation.

type Repository 

type Repository interface {
	// Create persists a new asset.
	Create(ctx context.Context, asset *Asset) error

	// GetByID retrieves an asset by its ID within a tenant.
	// Security: Requires tenantID to prevent cross-tenant data access.
	GetByID(ctx context.Context, tenantID, id shared.ID) (*Asset, error)

	// Update updates an existing asset.
	// Security: Asset's TenantID is validated internally.
	Update(ctx context.Context, asset *Asset) error

	// Delete removes an asset by its ID within a tenant.
	// Security: Requires tenantID to prevent cross-tenant deletion.
	Delete(ctx context.Context, tenantID, id shared.ID) error

	// List retrieves assets with filtering, sorting, and pagination.
	List(ctx context.Context, filter Filter, opts ListOptions, page pagination.Pagination) (pagination.Result[*Asset], error)

	// Count returns the total number of assets matching the filter.
	Count(ctx context.Context, filter Filter) (int64, error)

	// ExistsByName checks if an asset with the given name exists within a tenant.
	// Security: Requires tenantID to prevent cross-tenant enumeration.
	ExistsByName(ctx context.Context, tenantID shared.ID, name string) (bool, error)

	// GetByExternalID retrieves an asset by external ID and provider.
	GetByExternalID(ctx context.Context, tenantID shared.ID, provider Provider, externalID string) (*Asset, error)

	// GetByName retrieves an asset by name within a tenant.
	GetByName(ctx context.Context, tenantID shared.ID, name string) (*Asset, error)

	// FindRepositoryByRepoName finds a repository asset whose name ends with the given repo name.
	// This is useful for matching agent-created assets (e.g., "github.com-org/repo") with SCM imports (e.g., "repo").
	FindRepositoryByRepoName(ctx context.Context, tenantID shared.ID, repoName string) (*Asset, error)

	// FindRepositoryByFullName finds a repository asset that matches the given full name (org/repo format).
	// It searches for assets whose name or external_id contains the full name pattern.
	FindRepositoryByFullName(ctx context.Context, tenantID shared.ID, fullName string) (*Asset, error)

	// GetByNames retrieves multiple assets by their names within a tenant.
	// Returns a map of name -> Asset for found assets.
	GetByNames(ctx context.Context, tenantID shared.ID, names []string) (map[string]*Asset, error)

	// UpsertBatch creates or updates multiple assets in a single operation.
	// Uses PostgreSQL ON CONFLICT for atomic upsert behavior.
	// Returns the number of created and updated assets.
	UpsertBatch(ctx context.Context, assets []*Asset) (created int, updated int, err error)

	// UpdateFindingCounts updates finding counts for multiple assets in batch.
	// This is used after bulk finding ingestion to refresh asset statistics.
	UpdateFindingCounts(ctx context.Context, tenantID shared.ID, assetIDs []shared.ID) error

	// ListDistinctTags returns distinct tags across all assets for a tenant.
	// Supports prefix filtering for autocomplete and a limit for result size.
	ListDistinctTags(ctx context.Context, tenantID shared.ID, prefix string, limit int) ([]string, error)

	// GetAssetTypeBreakdown returns total and exposed counts grouped by asset_type in a single query.
	// This replaces the N+1 pattern of calling Count() per type.
	GetAssetTypeBreakdown(ctx context.Context, tenantID shared.ID) (map[string]AssetTypeStats, error)

	// GetAverageRiskScore returns the average risk_score for all assets in a tenant.
	// This replaces loading all assets into memory to compute the average.
	GetAverageRiskScore(ctx context.Context, tenantID shared.ID) (float64, error)

	// BatchUpdateRiskScores updates risk scores for multiple assets in a single query.
	// Uses PostgreSQL unnest() for efficient bulk updates.
	BatchUpdateRiskScores(ctx context.Context, tenantID shared.ID, assets []*Asset) error

	// BulkUpdateStatus atomically updates the status of multiple assets in a single transaction.
	BulkUpdateStatus(ctx context.Context, tenantID shared.ID, assetIDs []shared.ID, status Status) (int64, error)

	// GetAggregateStats computes all asset statistics using SQL aggregation.
	GetAggregateStats(ctx context.Context, tenantID shared.ID, types []string) (*AggregateStats, error)
}

Repository defines the interface for asset persistence. Alias: Store (preferred for new code) Security: All methods that access tenant-scoped data require tenantID parameter.

type RepositoryExtension 

type RepositoryExtension struct {
	// contains filtered or unexported fields
}

RepositoryExtension represents the extension data for repository assets. This is linked 1:1 with an Asset of type "repository".

func NewRepositoryExtension 

func NewRepositoryExtension(assetID shared.ID, fullName string, visibility RepoVisibility) (*RepositoryExtension, error)

NewRepositoryExtension creates a new RepositoryExtension extension.

func ReconstituteRepositoryExtension 

func ReconstituteRepositoryExtension(
	assetID shared.ID,
	repoID string,
	fullName string,
	scmOrganization string,
	cloneURL string,
	webURL string,
	sshURL string,
	defaultBranch string,
	visibility RepoVisibility,
	language string,
	languages map[string]int64,
	topics []string,
	stars int,
	forks int,
	watchers int,
	openIssues int,
	contributorsCount int,
	sizeKB int,
	findingCount int,
	riskScore float64,
	scanEnabled bool,
	scanSchedule string,
	lastScannedAt *time.Time,
	branchCount int,
	protectedBranchCount int,
	componentCount int,
	vulnerableComponentCount int,
	repoCreatedAt *time.Time,
	repoUpdatedAt *time.Time,
	repoPushedAt *time.Time,
) *RepositoryExtension

ReconstituteRepositoryExtension recreates a RepositoryExtension from persistence.

func (*RepositoryExtension) AssetID 

func (r *RepositoryExtension) AssetID() shared.ID

AssetID returns the asset ID.

func (*RepositoryExtension) BranchCount 

func (r *RepositoryExtension) BranchCount() int

BranchCount returns the branch count.

func (*RepositoryExtension) CalculateRiskScore 

func (r *RepositoryExtension) CalculateRiskScore()

CalculateRiskScore calculates and sets the risk score based on actual security factors. The score reflects real risk indicators for repositories: - Unknown state (never scanned): +15 points - Security findings: up to 50 points - Vulnerable dependencies: up to 30 points - Public visibility (exposed): +15 points - Scanning disabled (no monitoring): +10 points

func (*RepositoryExtension) CloneURL 

func (r *RepositoryExtension) CloneURL() string

CloneURL returns the clone URL.

func (*RepositoryExtension) ComponentCount 

func (r *RepositoryExtension) ComponentCount() int

ComponentCount returns the component count.

func (*RepositoryExtension) ContributorsCount 

func (r *RepositoryExtension) ContributorsCount() int

ContributorsCount returns the contributor count.

func (*RepositoryExtension) DefaultBranch 

func (r *RepositoryExtension) DefaultBranch() string

DefaultBranch returns the default branch name.

func (*RepositoryExtension) DisableScan 

func (r *RepositoryExtension) DisableScan()

DisableScan disables scanning for this repository.

func (*RepositoryExtension) EnableScan 

func (r *RepositoryExtension) EnableScan(schedule string)

EnableScan enables scanning for this repository with an optional schedule.

func (*RepositoryExtension) FindingCount 

func (r *RepositoryExtension) FindingCount() int

FindingCount returns the finding count.

func (*RepositoryExtension) Forks 

func (r *RepositoryExtension) Forks() int

Forks returns the fork count.

func (*RepositoryExtension) FullName 

func (r *RepositoryExtension) FullName() string

FullName returns the full repository name (owner/repo).

func (*RepositoryExtension) HasBranches 

func (r *RepositoryExtension) HasBranches() bool

HasBranches returns true if the repository has branches.

func (*RepositoryExtension) HasComponents 

func (r *RepositoryExtension) HasComponents() bool

HasComponents returns true if the repository has components.

func (*RepositoryExtension) HasVulnerableComponents 

func (r *RepositoryExtension) HasVulnerableComponents() bool

HasVulnerableComponents returns true if the repository has vulnerable components.

func (*RepositoryExtension) IsPublic 

func (r *RepositoryExtension) IsPublic() bool

IsPublic returns true if the repository is public.

func (*RepositoryExtension) Language 

func (r *RepositoryExtension) Language() string

Language returns the primary language.

func (*RepositoryExtension) Languages 

func (r *RepositoryExtension) Languages() map[string]int64

Languages returns a copy of the language breakdown.

func (*RepositoryExtension) LastScannedAt 

func (r *RepositoryExtension) LastScannedAt() *time.Time

LastScannedAt returns the last scan timestamp.

func (*RepositoryExtension) MarkScanned 

func (r *RepositoryExtension) MarkScanned()

MarkScanned updates the last scanned timestamp.

func (*RepositoryExtension) OpenIssues 

func (r *RepositoryExtension) OpenIssues() int

OpenIssues returns the open issue count.

func (*RepositoryExtension) ProtectedBranchCount 

func (r *RepositoryExtension) ProtectedBranchCount() int

ProtectedBranchCount returns the protected branch count.

func (*RepositoryExtension) RecordScan 

func (r *RepositoryExtension) RecordScan()

RecordScan records a scan completion (alias for MarkScanned).

func (*RepositoryExtension) RepoCreatedAt 

func (r *RepositoryExtension) RepoCreatedAt() *time.Time

RepoCreatedAt returns the external repo creation timestamp.

func (*RepositoryExtension) RepoID 

func (r *RepositoryExtension) RepoID() string

RepoID returns the external repository ID.

func (*RepositoryExtension) RepoPushedAt 

func (r *RepositoryExtension) RepoPushedAt() *time.Time

RepoPushedAt returns the external repo last push timestamp.

func (*RepositoryExtension) RepoUpdatedAt 

func (r *RepositoryExtension) RepoUpdatedAt() *time.Time

RepoUpdatedAt returns the external repo update timestamp.

func (*RepositoryExtension) RiskScore 

func (r *RepositoryExtension) RiskScore() float64

RiskScore returns the risk score.

func (*RepositoryExtension) SCMOrganization 

func (r *RepositoryExtension) SCMOrganization() string

SCMOrganization returns the SCM organization name.

func (*RepositoryExtension) SSHURL 

func (r *RepositoryExtension) SSHURL() string

SSHURL returns the SSH URL.

func (*RepositoryExtension) ScanEnabled 

func (r *RepositoryExtension) ScanEnabled() bool

ScanEnabled returns whether scanning is enabled.

func (*RepositoryExtension) ScanSchedule 

func (r *RepositoryExtension) ScanSchedule() string

ScanSchedule returns the scan schedule.

func (*RepositoryExtension) SetBranchCount 

func (r *RepositoryExtension) SetBranchCount(count int)

SetBranchCount sets the branch count.

func (*RepositoryExtension) SetCloneURL 

func (r *RepositoryExtension) SetCloneURL(url string)

SetCloneURL sets the clone URL.

func (*RepositoryExtension) SetComponentCount 

func (r *RepositoryExtension) SetComponentCount(count int)

SetComponentCount sets the component count.

func (*RepositoryExtension) SetContributorsCount 

func (r *RepositoryExtension) SetContributorsCount(count int)

SetContributorsCount sets the contributor count.

func (*RepositoryExtension) SetDefaultBranch 

func (r *RepositoryExtension) SetDefaultBranch(branch string)

SetDefaultBranch sets the default branch.

func (*RepositoryExtension) SetFindingCount 

func (r *RepositoryExtension) SetFindingCount(count int)

SetFindingCount sets the finding count.

func (*RepositoryExtension) SetForks 

func (r *RepositoryExtension) SetForks(forks int)

SetForks sets the fork count.

func (*RepositoryExtension) SetFullName 

func (r *RepositoryExtension) SetFullName(fullName string)

SetFullName sets the full repository name.

func (*RepositoryExtension) SetLanguage 

func (r *RepositoryExtension) SetLanguage(language string)

SetLanguage sets the primary language.

func (*RepositoryExtension) SetLanguages 

func (r *RepositoryExtension) SetLanguages(languages map[string]int64)

SetLanguages sets the language breakdown.

func (*RepositoryExtension) SetOpenIssues 

func (r *RepositoryExtension) SetOpenIssues(openIssues int)

SetOpenIssues sets the open issue count.

func (*RepositoryExtension) SetProtectedBranchCount 

func (r *RepositoryExtension) SetProtectedBranchCount(count int)

SetProtectedBranchCount sets the protected branch count.

func (*RepositoryExtension) SetRepoID 

func (r *RepositoryExtension) SetRepoID(repoID string)

SetRepoID sets the external repository ID.

func (*RepositoryExtension) SetSCMOrganization 

func (r *RepositoryExtension) SetSCMOrganization(org string)

SetSCMOrganization sets the SCM organization name.

func (*RepositoryExtension) SetSSHURL 

func (r *RepositoryExtension) SetSSHURL(url string)

SetSSHURL sets the SSH URL.

func (*RepositoryExtension) SetScanSchedule 

func (r *RepositoryExtension) SetScanSchedule(schedule string)

SetScanSchedule sets the scan schedule.

func (*RepositoryExtension) SetSizeKB 

func (r *RepositoryExtension) SetSizeKB(sizeKB int)

SetSizeKB sets the repository size in KB.

func (*RepositoryExtension) SetStars 

func (r *RepositoryExtension) SetStars(stars int)

SetStars sets the star count.

func (*RepositoryExtension) SetTopics 

func (r *RepositoryExtension) SetTopics(topics []string)

SetTopics sets the topics.

func (*RepositoryExtension) SetVisibility 

func (r *RepositoryExtension) SetVisibility(visibility RepoVisibility)

SetVisibility sets the repository visibility.

func (*RepositoryExtension) SetVulnerableComponentCount 

func (r *RepositoryExtension) SetVulnerableComponentCount(count int)

SetVulnerableComponentCount sets the vulnerable component count.

func (*RepositoryExtension) SetWatchers 

func (r *RepositoryExtension) SetWatchers(watchers int)

SetWatchers sets the watcher count.

func (*RepositoryExtension) SetWebURL 

func (r *RepositoryExtension) SetWebURL(url string)

SetWebURL sets the web URL.

func (*RepositoryExtension) SizeKB 

func (r *RepositoryExtension) SizeKB() int

SizeKB returns the repository size in KB.

func (*RepositoryExtension) Stars 

func (r *RepositoryExtension) Stars() int

Stars returns the star count.

func (*RepositoryExtension) Topics 

func (r *RepositoryExtension) Topics() []string

Topics returns a copy of the topics.

func (*RepositoryExtension) UpdateBranchStats 

func (r *RepositoryExtension) UpdateBranchStats(branchCount, protectedBranchCount int)

UpdateBranchStats updates branch stats.

func (*RepositoryExtension) UpdateComponentStats 

func (r *RepositoryExtension) UpdateComponentStats(componentCount, vulnerableComponentCount int)

UpdateComponentStats updates component stats.

func (*RepositoryExtension) UpdateRepoTimestamps 

func (r *RepositoryExtension) UpdateRepoTimestamps(createdAt, updatedAt, pushedAt *time.Time)

UpdateRepoTimestamps updates external repo timestamps.

func (*RepositoryExtension) UpdateSecurityStats 

func (r *RepositoryExtension) UpdateSecurityStats(findingCount int, riskScore float64)

UpdateSecurityStats updates security stats.

func (*RepositoryExtension) UpdateStats 

func (r *RepositoryExtension) UpdateStats(stars, forks, watchers, openIssues, contributorsCount, sizeKB int)

UpdateStats updates repository stats.

func (*RepositoryExtension) Visibility 

func (r *RepositoryExtension) Visibility() RepoVisibility

Visibility returns the repository visibility.

func (*RepositoryExtension) VulnerableComponentCount 

func (r *RepositoryExtension) VulnerableComponentCount() int

VulnerableComponentCount returns the vulnerable component count.

func (*RepositoryExtension) Watchers 

func (r *RepositoryExtension) Watchers() int

Watchers returns the watcher count.

func (*RepositoryExtension) WebURL 

func (r *RepositoryExtension) WebURL() string

WebURL returns the web URL.

type RepositoryExtensionRepository 

type RepositoryExtensionRepository interface {
	// Create persists a new repository extension.
	Create(ctx context.Context, repo *RepositoryExtension) error

	// GetByAssetID retrieves a repository extension by asset ID.
	GetByAssetID(ctx context.Context, assetID shared.ID) (*RepositoryExtension, error)

	// Update updates an existing repository extension.
	Update(ctx context.Context, repo *RepositoryExtension) error

	// Delete removes a repository extension by asset ID.
	Delete(ctx context.Context, assetID shared.ID) error

	// GetByFullName retrieves a repository by full name.
	GetByFullName(ctx context.Context, tenantID shared.ID, fullName string) (*RepositoryExtension, error)

	// ListByTenant retrieves all repositories for a tenant.
	ListByTenant(ctx context.Context, tenantID shared.ID, opts ListOptions, page pagination.Pagination) (pagination.Result[*RepositoryExtension], error)

	// GetByAssetIDs retrieves repository extensions for multiple asset IDs in a single query.
	// Returns a map keyed by asset ID. Missing entries indicate no extension exists for that asset.
	GetByAssetIDs(ctx context.Context, assetIDs []shared.ID) (map[shared.ID]*RepositoryExtension, error)
}

RepositoryExtensionRepository defines the interface for repository extension persistence.

type RiskScoringConfig added in v0.1.2 

type RiskScoringConfig struct {
	Weights             ComponentWeights
	ExposureScores      ExposureScoreMap
	ExposureMultipliers ExposureMultiplierMap
	CriticalityScores   CriticalityScoreMap
	FindingImpact       FindingImpactConfig
	CTEMPoints          CTEMPointsConfig
}

RiskScoringConfig contains the scoring configuration. This mirrors tenant.RiskScoringSettings but lives in the asset package to avoid circular dependencies. The service layer maps between them.

func LegacyRiskScoringConfig added in v0.1.2 

func LegacyRiskScoringConfig() RiskScoringConfig

LegacyRiskScoringConfig returns the config that reproduces the exact current hardcoded formula in CalculateRiskScore().

type RiskScoringEngine added in v0.1.2 

type RiskScoringEngine struct {
	// contains filtered or unexported fields
}

RiskScoringEngine calculates risk scores using configurable weights.

func NewRiskScoringEngine added in v0.1.2 

func NewRiskScoringEngine(config RiskScoringConfig) *RiskScoringEngine

NewRiskScoringEngine creates a new scoring engine with the given config.

func (*RiskScoringEngine) CalculateScore added in v0.1.2 

func (e *RiskScoringEngine) CalculateScore(a *Asset) int

CalculateScore computes the risk score for an asset (0-100).

type Scope 

type Scope string

Scope represents the ownership classification of an asset. 

const (
	ScopeInternal Scope = "internal" // Owned and managed internally
	ScopeExternal Scope = "external" // External-facing assets
	ScopeCloud    Scope = "cloud"    // Cloud-hosted assets
	ScopePartner  Scope = "partner"  // Partner-managed assets
	ScopeVendor   Scope = "vendor"   // Vendor/third-party assets
	ScopeShadow   Scope = "shadow"   // Unknown/shadow IT assets
)

func AllScopes 

func AllScopes() []Scope

AllScopes returns all valid scopes.

func ParseScope 

func ParseScope(str string) (Scope, error)

ParseScope parses a string into a Scope.

func (Scope) IsValid 

func (s Scope) IsValid() bool

IsValid checks if the scope is valid.

func (Scope) String 

func (s Scope) String() string

String returns the string representation.

type ScoringConfigProvider added in v0.1.2 

type ScoringConfigProvider interface {
	GetScoringConfig(ctx context.Context, tenantID shared.ID) (*RiskScoringConfig, error)
}

ScoringConfigProvider provides risk scoring configuration for a tenant. This interface lives in the asset package to avoid circular dependencies. The service layer implements it by reading from tenant settings.

type ServiceState 

type ServiceState string

ServiceState represents the state of a service. 

const (
	ServiceStateActive   ServiceState = "active"   // Service is responding
	ServiceStateInactive ServiceState = "inactive" // Service not responding
	ServiceStateFiltered ServiceState = "filtered" // Firewall blocked
)

func (ServiceState) IsValid 

func (s ServiceState) IsValid() bool

func (ServiceState) String 

func (s ServiceState) String() string

type ServiceType 

type ServiceType string

ServiceType represents the type of network service. 

const (
	// Web Services
	ServiceTypeHTTP  ServiceType = "http"
	ServiceTypeHTTPS ServiceType = "https"
	ServiceTypeGRPC  ServiceType = "grpc"

	// Remote Access
	ServiceTypeSSH    ServiceType = "ssh"
	ServiceTypeRDP    ServiceType = "rdp"
	ServiceTypeTelnet ServiceType = "telnet"
	ServiceTypeVNC    ServiceType = "vnc"

	// File Transfer
	ServiceTypeFTP  ServiceType = "ftp"
	ServiceTypeSFTP ServiceType = "sftp"

	// Email
	ServiceTypeSMTP  ServiceType = "smtp"
	ServiceTypeSMTPS ServiceType = "smtps"
	ServiceTypeIMAP  ServiceType = "imap"
	ServiceTypeIMAPS ServiceType = "imaps"
	ServiceTypePOP3  ServiceType = "pop3"
	ServiceTypePOP3S ServiceType = "pop3s"

	// Databases
	ServiceTypeMySQL         ServiceType = "mysql"
	ServiceTypePostgreSQL    ServiceType = "postgresql"
	ServiceTypeMongoDB       ServiceType = "mongodb"
	ServiceTypeRedis         ServiceType = "redis"
	ServiceTypeMSSQL         ServiceType = "mssql"
	ServiceTypeOracle        ServiceType = "oracle"
	ServiceTypeCassandra     ServiceType = "cassandra"
	ServiceTypeElasticsearch ServiceType = "elasticsearch"
	ServiceTypeMemcached     ServiceType = "memcached"

	// Message Queues
	ServiceTypeKafka    ServiceType = "kafka"
	ServiceTypeRabbitMQ ServiceType = "rabbitmq"

	// Infrastructure
	ServiceTypeDNS        ServiceType = "dns"
	ServiceTypeLDAP       ServiceType = "ldap"
	ServiceTypeKerberos   ServiceType = "kerberos"
	ServiceTypeSMB        ServiceType = "smb"
	ServiceTypeNTP        ServiceType = "ntp"
	ServiceTypeSNMP       ServiceType = "snmp"
	ServiceTypeKubernetes ServiceType = "kubernetes"
	ServiceTypeDocker     ServiceType = "docker"

	// Media
	ServiceTypeRTSP ServiceType = "rtsp"
	ServiceTypeSIP  ServiceType = "sip"

	// Other
	ServiceTypeOther ServiceType = "other"
)

func AllServiceTypes 

func AllServiceTypes() []ServiceType

AllServiceTypes returns all valid service types.

func (ServiceType) DefaultPort 

func (t ServiceType) DefaultPort() int

DefaultPort returns the default port for this service type.

func (ServiceType) IsDatabase 

func (t ServiceType) IsDatabase() bool

IsDatabase returns true if this is a database service.

func (ServiceType) IsRemoteAccess 

func (t ServiceType) IsRemoteAccess() bool

IsRemoteAccess returns true if this is a remote access service.

func (ServiceType) IsValid 

func (t ServiceType) IsValid() bool

func (ServiceType) IsWeb 

func (t ServiceType) IsWeb() bool

IsWeb returns true if this is a web service.

func (ServiceType) String 

func (t ServiceType) String() string

type SeverityWeightMap added in v0.1.2 

type SeverityWeightMap struct {
	Critical int
	High     int
	Medium   int
	Low      int
	Info     int
}

SeverityWeightMap maps finding severities to point values.

type StateChangeType 

type StateChangeType string

StateChangeType represents the type of state change. 

const (
	// Lifecycle changes
	StateChangeAppeared    StateChangeType = "appeared"    // New asset discovered
	StateChangeDisappeared StateChangeType = "disappeared" // Asset no longer seen
	StateChangeRecovered   StateChangeType = "recovered"   // Asset seen again after disappearing

	// Property changes
	StateChangeExposureChanged         StateChangeType = "exposure_changed"          // Exposure level changed
	StateChangeInternetExposureChanged StateChangeType = "internet_exposure_changed" // Internet accessibility changed
	StateChangeStatusChanged           StateChangeType = "status_changed"            // Status changed (active/inactive/archived)
	StateChangeCriticalityChanged      StateChangeType = "criticality_changed"       // Criticality level changed
	StateChangeOwnerChanged            StateChangeType = "owner_changed"             // Owner changed
	StateChangeComplianceChanged       StateChangeType = "compliance_changed"        // Compliance scope changed
	StateChangeClassificationChanged   StateChangeType = "classification_changed"    // Data classification changed
)

func AllStateChangeTypes 

func AllStateChangeTypes() []StateChangeType

AllStateChangeTypes returns all valid state change types.

func (StateChangeType) Description 

func (t StateChangeType) Description() string

Description returns a human-readable description of the change type.

func (StateChangeType) IsValid 

func (t StateChangeType) IsValid() bool

func (StateChangeType) String 

func (t StateChangeType) String() string

type StateHistoryRepository 

type StateHistoryRepository interface {

	// Create appends a new state change record.
	// Note: Records cannot be updated or deleted (append-only audit log).
	Create(ctx context.Context, change *AssetStateChange) error

	// CreateBatch appends multiple state change records in a single operation.
	CreateBatch(ctx context.Context, changes []*AssetStateChange) error

	// GetByID retrieves a state change by its ID.
	GetByID(ctx context.Context, tenantID, id shared.ID) (*AssetStateChange, error)

	// GetByAssetID retrieves all state changes for an asset.
	GetByAssetID(ctx context.Context, tenantID, assetID shared.ID, opts ListStateHistoryOptions) ([]*AssetStateChange, int, error)

	// List retrieves state changes with filtering and pagination.
	List(ctx context.Context, tenantID shared.ID, opts ListStateHistoryOptions) ([]*AssetStateChange, int, error)

	// GetLatestByAsset retrieves the most recent state change for each asset.
	// Useful for getting current state summary across all assets.
	GetLatestByAsset(ctx context.Context, tenantID shared.ID, changeTypes []StateChangeType) (map[shared.ID]*AssetStateChange, error)

	// GetRecentAppearances retrieves assets that appeared within the time window.
	// Used for shadow IT detection - finding newly discovered assets.
	GetRecentAppearances(ctx context.Context, tenantID shared.ID, since time.Time, limit int) ([]*AssetStateChange, error)

	// GetRecentDisappearances retrieves assets that disappeared within the time window.
	GetRecentDisappearances(ctx context.Context, tenantID shared.ID, since time.Time, limit int) ([]*AssetStateChange, error)

	// GetShadowITCandidates retrieves assets that appeared but have unknown/shadow scope.
	// These are potential shadow IT assets that need review.
	GetShadowITCandidates(ctx context.Context, tenantID shared.ID, since time.Time, limit int) ([]*AssetStateChange, error)

	// GetExposureChanges retrieves all exposure-related changes within a time window.
	GetExposureChanges(ctx context.Context, tenantID shared.ID, since time.Time, limit int) ([]*AssetStateChange, error)

	// GetNewlyExposedAssets retrieves assets that became internet-accessible.
	// High priority for security review.
	GetNewlyExposedAssets(ctx context.Context, tenantID shared.ID, since time.Time, limit int) ([]*AssetStateChange, error)

	// GetComplianceChanges retrieves compliance-related changes within a time window.
	GetComplianceChanges(ctx context.Context, tenantID shared.ID, since time.Time, limit int) ([]*AssetStateChange, error)

	// GetChangesByUser retrieves all changes made by a specific user.
	// Used for compliance auditing.
	GetChangesByUser(ctx context.Context, tenantID, userID shared.ID, opts ListStateHistoryOptions) ([]*AssetStateChange, int, error)

	// CountByType returns count of changes grouped by change type.
	CountByType(ctx context.Context, tenantID shared.ID, since time.Time) (map[StateChangeType]int, error)

	// CountBySource returns count of changes grouped by source.
	CountBySource(ctx context.Context, tenantID shared.ID, since time.Time) (map[ChangeSource]int, error)

	// GetActivityTimeline returns daily counts of changes over a time period.
	// Used for activity trend visualization.
	GetActivityTimeline(ctx context.Context, tenantID shared.ID, from, to time.Time) ([]DailyActivityCount, error)
}

StateHistoryRepository defines the interface for asset state history persistence. This table is append-only with deletion protection (see migration 000111).

type StateHistorySummary 

type StateHistorySummary struct {
	AssetID          shared.ID
	FirstSeenAt      *time.Time // When asset first appeared
	LastSeenAt       *time.Time // When asset was last seen active
	DisappearedAt    *time.Time // When asset last disappeared (if currently gone)
	TotalAppearances int        // How many times asset appeared
	TotalChanges     int        // Total number of state changes
	LastChangeAt     *time.Time // Most recent change timestamp
	LastChangeType   StateChangeType
}

StateHistorySummary provides a summary of state history for an asset.

type Status 

type Status string

Status represents the status of an asset. 

const (
	StatusActive   Status = "active"
	StatusInactive Status = "inactive"
	StatusArchived Status = "archived"
)

func AllStatuses 

func AllStatuses() []Status

AllStatuses returns all valid statuses.

func ParseStatus 

func ParseStatus(str string) (Status, error)

ParseStatus parses a string into a Status.

func (Status) IsValid 

func (s Status) IsValid() bool

IsValid checks if the status is valid.

func (Status) String 

func (s Status) String() string

String returns the string representation.

type SyncStatus 

type SyncStatus string

SyncStatus represents the synchronization status of an asset. 

const (
	SyncStatusSynced   SyncStatus = "synced"
	SyncStatusPending  SyncStatus = "pending"
	SyncStatusSyncing  SyncStatus = "syncing"
	SyncStatusError    SyncStatus = "error"
	SyncStatusDisabled SyncStatus = "disabled"
)

func AllSyncStatuses 

func AllSyncStatuses() []SyncStatus

AllSyncStatuses returns all valid sync statuses.

func ParseSyncStatus 

func ParseSyncStatus(str string) SyncStatus

ParseSyncStatus parses a string into a SyncStatus.

func (SyncStatus) IsValid 

func (s SyncStatus) IsValid() bool

IsValid checks if the sync status is valid.

func (SyncStatus) String 

func (s SyncStatus) String() string

String returns the string representation.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.