lifecycle

package
v12.0.403 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Feb 12, 2026 License: Apache-2.0 Imports: 5 Imported by: 0

Documentation

Overview

Package lifecycle provides CVE lifecycle event tracking and management.

Package lifecycle defines the REST API types for CVE lifecycle tracking.

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func CreateOrUpdateLifecycleRecord added in v12.0.165 

func CreateOrUpdateLifecycleRecord(
	ctx context.Context,
	db database.DBConnection,
	endpointName string,
	releaseName string,
	releaseVersion string,
	cveInfo CVEInfo,
	introducedAt time.Time,
	_ bool,
) error

CreateOrUpdateLifecycleRecord handles version-specific audit records with Root discovery tracking.

func GetCVEsForReleaseTracking 

func GetCVEsForReleaseTracking(ctx context.Context, db database.DBConnection, releaseName, releaseVersion string) (map[string]CVEInfo, error)

GetCVEsForReleaseTracking retrieves CVE information for a specific release to be used in lifecycle tracking.

func GetPreviousVersion added in v12.0.165 

func GetPreviousVersion(ctx context.Context, db database.DBConnection, releaseName, endpointName string, currentSyncTime time.Time) (string, time.Time, error)

GetPreviousVersion retrieves the version and sync time of the most recent sync for a release on an endpoint.

func MarkCVERemediated 

func MarkCVERemediated(ctx context.Context, db database.DBConnection, endpointName, releaseName, previousVersion, currentVersion, cveID, pkgPURL string, remediatedAt time.Time) error

MarkCVERemediated is retained as a utility/fallback but primarily replaced by SupersedeAllActiveCVEs

func SupersedeAllActiveCVEs added in v12.0.195 

func SupersedeAllActiveCVEs(ctx context.Context, db database.DBConnection, endpointName, releaseName string, supersededAt time.Time) error

SupersedeAllActiveCVEs closes all active CVEs for a specific endpoint and release. This enforces a "clean slate" logic where all previous records are marked as superseded before the new state is written.

Types

type CVEInfo added in v12.0.165 

type CVEInfo struct {
	CVEID          string
	Package        string
	SeverityRating string
	SeverityScore  float64
	Published      time.Time
	ReleaseName    string // Context for lifecycle identification
	ReleaseVersion string // Context for lifecycle identification
}

CVEInfo holds CVE information including the CVE ID and release context Used by sync handler and OSV loader for creating lifecycle records

type CVEInfoTracking 

type CVEInfoTracking struct {
	Package        string
	SeverityRating string
	SeverityScore  float64
	Published      time.Time
}

CVEInfoTracking holds minimal CVE info for lifecycle tracking

type CVEKey 

type CVEKey struct {
	CveID       string
	Package     string
	ReleaseName string
}

CVEKey represents a unique CVE occurrence

type CurrentCVEInfo 

type CurrentCVEInfo struct {
	CVEKey
	SeverityRating string
	SeverityScore  float64
	Published      time.Time
	ReleaseVersion string
}

CurrentCVEInfo holds CVE information for current endpoint state

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.