sdk-go

module

v0.2.2 Latest Latest Go to latest Published: Apr 15, 2026 License: GPL-3.0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/openctemio/sdk-go

Links

Open Source Insights

README ¶

OpenCTEM SDK

Go SDK for building integrations with the OpenCTEM security platform.

Overview

OpenCTEM SDK provides Go packages for:

API client for interacting with OpenCTEM API
Scanner integrations (Semgrep, Trivy, Nuclei, etc.)
Output formatters (SARIF, JSON)
Common utilities and helpers

Installation

go get github.com/openctemio/sdk-go

Quick Start

API Client

package main

import (
    "context"
    "github.com/openctemio/sdk-go/pkg/client"
)

func main() {
    // Create client
    c := client.New(
        client.WithBaseURL("http://localhost:8080"),
        client.WithAPIKey("your-api-key"),
    )

    // List assets
    assets, err := c.Assets().List(context.Background())
    if err != nil {
        panic(err)
    }

    // Create finding
    finding := &client.Finding{
        Title:    "SQL Injection",
        Severity: "HIGH",
        // ...
    }
    err = c.Findings().Create(context.Background(), finding)
}

Scanner Integration

package main

import (
    "github.com/openctemio/sdk-go/pkg/scanners/semgrep"
    "github.com/openctemio/sdk-go/pkg/handler"
)

func main() {
    // Create scanner
    scanner := semgrep.New(
        semgrep.WithConfig("p/security-audit"),
    )

    // Run scan
    results, err := scanner.Scan(context.Background(), "./src")
    if err != nil {
        panic(err)
    }

    // Handle results
    h := handler.New(
        handler.WithAPIClient(client),
        handler.WithOutputFile("results.sarif"),
    )
    h.Handle(results)
}

Packages

Package	Description
`pkg/client`	API client for OpenCTEM API
`pkg/scanners`	Scanner integrations (Semgrep, Trivy, Nuclei, Gitleaks)
`pkg/handler`	Result handlers and output formatters
`pkg/core`	Core types and interfaces
`pkg/errors`	Error types and handling
`pkg/retry`	Retry utilities
`pkg/metrics`	Prometheus metrics
`pkg/health`	Health check utilities
`pkg/transport`	HTTP/gRPC transport
`pkg/credentials`	Credential management
`pkg/connectors`	SCM connectors (GitHub, GitLab)
`pkg/enrichers`	Data enrichment (CVE, NVD)

Examples

See examples/ for complete examples:

Basic API client usage
Scanner integration
CI/CD pipeline integration
Custom scanner development

Building

# Run tests
go test ./...

# Generate proto files
make proto

# Lint
make lint

Contributing

We welcome contributions! Please see CONTRIBUTING.md.

openctemio/api - Backend API
openctemio/ui - Web UI
openctemio/agent - Scanning Agent

Enterprise Edition

For advanced features and enterprise support, see OpenCTEM Enterprise.

License

Apache License 2.0 - see LICENSE.

Directories ¶

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL

Path	Synopsis
examples
custom-adapter command Example: Using the SARIF Adapter	Example: Using the SARIF Adapter
custom-connector command Example: Building a Custom Connector	Example: Building a Custom Connector
custom-provider command Example: Using the GitHub Provider	Example: Using the GitHub Provider
custom-scanner command Example: Custom Scanner Implementation	Example: Custom Scanner Implementation
integration-test command Package main provides an integration test example for the OpenCTEM SDK.	Package main provides an integration test example for the OpenCTEM SDK.
semgrep-test command Example: Testing semgrep scanner	Example: Testing semgrep scanner
pkg
adapters Package adapters provides a registry for scanner output adapters.	Package adapters provides a registry for scanner output adapters.
adapters/gitleaks Package gitleaks provides an adapter to convert Gitleaks JSON output to CTIS.	Package gitleaks provides an adapter to convert Gitleaks JSON output to CTIS.
adapters/nuclei Package nuclei provides an adapter to convert Nuclei JSONL output to CTIS.	Package nuclei provides an adapter to convert Nuclei JSONL output to CTIS.
adapters/sarif Package sarif provides an adapter to convert SARIF format to CTIS.	Package sarif provides an adapter to convert SARIF format to CTIS.
adapters/semgrep Package semgrep provides an adapter to convert Semgrep JSON output to CTIS.	Package semgrep provides an adapter to convert Semgrep JSON output to CTIS.
adapters/trivy Package trivy provides an adapter to convert Trivy JSON output to CTIS.	Package trivy provides an adapter to convert Trivy JSON output to CTIS.
adapters/vuls Package vuls provides an adapter to convert Vuls JSON output to CTIS.	Package vuls provides an adapter to convert Vuls JSON output to CTIS.
audit Package audit provides structured audit logging for agent operations.	Package audit provides structured audit logging for agent operations.
chunk Package chunk provides chunked upload functionality for large scan reports.	Package chunk provides chunked upload functionality for large scan reports.
client Package client provides the OpenCTEM API client.	Package client provides the OpenCTEM API client.
compress Package compress provides compression utilities for large payloads.	Package compress provides compression utilities for large payloads.
connectors Package connectors provides base implementations and utilities for external system connectors.	Package connectors provides base implementations and utilities for external system connectors.
connectors/github Package github provides a GitHub connector for the OpenCTEM SDK.	Package github provides a GitHub connector for the OpenCTEM SDK.
core Package core provides the core interfaces and base implementations for the OpenCTEM Scanner SDK.	Package core provides the core interfaces and base implementations for the OpenCTEM Scanner SDK.
credentials Package credentials provides credential management for the OpenCTEM SDK.	Package credentials provides credential management for the OpenCTEM SDK.
ctis
enrichers/epss Package epss provides EPSS (Exploit Prediction Scoring System) enrichment for CVEs.	Package epss provides EPSS (Exploit Prediction Scoring System) enrichment for CVEs.
enrichers/kev Package kev provides KEV (Known Exploited Vulnerabilities) enrichment.	Package kev provides KEV (Known Exploited Vulnerabilities) enrichment.
errors Package errors provides custom error types for the OpenCTEM SDK.	Package errors provides custom error types for the OpenCTEM SDK.
gitenv Package gitenv provides auto-detection and abstraction for CI/CD environments.	Package gitenv provides auto-detection and abstraction for CI/CD environments.
handler Package handler provides lifecycle management for security scanning workflows.	Package handler provides lifecycle management for security scanning workflows.
health Package health provides health check endpoints for the OpenCTEM SDK.	Package health provides health check endpoints for the OpenCTEM SDK.
metrics Package metrics provides metrics collection and reporting for the OpenCTEM SDK.	Package metrics provides metrics collection and reporting for the OpenCTEM SDK.
mocks Package mocks provides mock implementations for testing.	Package mocks provides mock implementations for testing.
options Package options provides functional options pattern for SDK configuration.	Package options provides functional options pattern for SDK configuration.
pipeline Package pipeline provides async pipeline for separating scan and upload.	Package pipeline provides async pipeline for separating scan and upload.
platform Package platform provides components for running agents in platform mode.	Package platform provides components for running agents in platform mode.
providers/github Package github provides a GitHub provider for the OpenCTEM SDK.	Package github provides a GitHub provider for the OpenCTEM SDK.
resource Package resource provides system resource monitoring and control.	Package resource provides system resource monitoring and control.
retry Package retry provides persistent retry queue functionality for failed API operations.	Package retry provides persistent retry queue functionality for failed API operations.
scanners Package scanners provides scanner implementations for various security tools.	Package scanners provides scanner implementations for various security tools.
scanners/codeql Package codeql provides a scanner implementation for GitHub CodeQL.	Package codeql provides a scanner implementation for GitHub CodeQL.
scanners/gitleaks Package gitleaks provides a scanner implementation for the Gitleaks secret detection tool.	Package gitleaks provides a scanner implementation for the Gitleaks secret detection tool.
scanners/nuclei
scanners/recon/dnsx Package dnsx provides a scanner implementation for the dnsx DNS toolkit.	Package dnsx provides a scanner implementation for the dnsx DNS toolkit.
scanners/recon/httpx Package httpx provides a scanner implementation for the httpx HTTP probing tool.	Package httpx provides a scanner implementation for the httpx HTTP probing tool.
scanners/recon/katana Package katana provides a scanner implementation for the katana web crawler.	Package katana provides a scanner implementation for the katana web crawler.
scanners/recon/naabu Package naabu provides a scanner implementation for the naabu port scanning tool.	Package naabu provides a scanner implementation for the naabu port scanning tool.
scanners/recon/subfinder Package subfinder provides a scanner implementation for the subfinder subdomain enumeration tool.	Package subfinder provides a scanner implementation for the subfinder subdomain enumeration tool.
scanners/semgrep Package semgrep provides a scanner implementation for the Semgrep SAST tool.	Package semgrep provides a scanner implementation for the Semgrep SAST tool.
scanners/trivy
shared/fingerprint Package fingerprint provides unified fingerprint generation algorithms for deduplication of security findings across SDK and Backend.	Package fingerprint provides unified fingerprint generation algorithms for deduplication of security findings across SDK and Backend.
shared/severity Package severity provides unified severity level definitions and mappings for security findings across SDK and Backend.	Package severity provides unified severity level definitions and mappings for security findings across SDK and Backend.
strategy Package strategy provides scan strategy determination for security scanning.	Package strategy provides scan strategy determination for security scanning.
transport/grpc Package grpc provides a gRPC transport layer for the OpenCTEM SDK client.	Package grpc provides a gRPC transport layer for the OpenCTEM SDK client.