Documentation
¶
Index ¶
- type ArtifactLocation
- type Assessment
- type AssessmentLog
- type AssessmentPlan
- type AssessmentProcedure
- type AssessmentStep
- type Author
- type Checklist
- type ChecklistItem
- type Contact
- type ControlEvaluation
- type ControlSection
- type Datetime
- type Email
- type EvaluationLog
- type EvaluationPlan
- type Location
- type LogicalLocation
- type Mapping
- type MappingReference
- type Message
- type Metadata
- type PhysicalLocation
- type Region
- type ReportingDescriptor
- type Result
- type ResultEntry
- type Run
- type SarifReport
- type Snippet
- type Tool
- type ToolComponent
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type ArtifactLocation ¶ added in v0.13.0
type Assessment ¶
type Assessment struct {
// RequirementId points to the requirement being tested.
Requirement Mapping `json:"requirement" yaml:"requirement"`
// Procedures defines possible testing procedures to evaluate the requirement.
Procedures []AssessmentProcedure `json:"procedures" yaml:"procedures"`
}
Assessment defines all testing procedures for a requirement.
type AssessmentLog ¶ added in v0.8.0
type AssessmentLog struct {
// Requirement should map to the assessment requirement for this assessment.
Requirement Mapping `json:"requirement" yaml:"requirement"`
// Procedure should map to the assessment procedure being executed.
Procedure Mapping `json:"procedure" yaml:"procedure"`
// Description provides a summary of the assessment procedure.
Description string `json:"description" yaml:"description"`
// Result is the overall outcome of the assessment procedure, matching the result of the last step that was run.
Result Result `json:"result" yaml:"result"`
// Message provides additional context about the assessment result.
Message string `json:"message" yaml:"message"`
// Applicability is elevated from the Layer 2 Assessment Requirement to aid in execution and reporting.
Applicability []string `json:"applicability" yaml:"applicability"`
// Steps are sequential actions taken as part of the assessment, which may halt the assessment if a failure occurs.
Steps []AssessmentStep `json:"steps" yaml:"steps"`
// Steps-executed is the number of steps that were executed as part of the assessment.
StepsExecuted int64 `json:"steps-executed,omitempty" yaml:"steps-executed,omitempty"`
// Start is the timestamp when the assessment began.
Start Datetime `json:"start" yaml:"start"`
// End is the timestamp when the assessment concluded.
End Datetime `json:"end,omitempty" yaml:"end,omitempty"`
// Recommendation provides guidance on how to address a failed assessment.
Recommendation string `json:"recommendation,omitempty" yaml:"recommendation,omitempty"`
}
AssessmentLog contains the results of executing a single assessment procedure for a control requirement.
func NewAssessment ¶
func NewAssessment(requirementId string, description string, applicability []string, steps []AssessmentStep) (*AssessmentLog, error)
NewAssessment creates a new AssessmentLog object and returns a pointer to it.
func (*AssessmentLog) AddStep ¶ added in v0.8.0
func (a *AssessmentLog) AddStep(step AssessmentStep)
AddStep queues a new step in the AssessmentLog
func (*AssessmentLog) Run ¶ added in v0.8.0
func (a *AssessmentLog) Run(targetData interface{}) Result
Run will execute all steps, halting if any step does not return layer4.Passed.
type AssessmentPlan ¶ added in v0.8.0
type AssessmentPlan struct {
// Control points to the Layer 2 control being evaluated.
Control Mapping `json:"control" yaml:"control"`
// Assessments defines possible testing procedures to evaluate the control.
//
// Enforce that control reference and the assessments' references match
// This formulation uses the control's reference if the assessment doesn't include a reference
Assessments []Assessment `json:"assessments" yaml:"assessments"`
}
AssessmentPlan defines all testing procedures for a control id.
type AssessmentProcedure ¶ added in v0.8.0
type AssessmentProcedure struct {
// Id uniquely identifies the assessment procedure being executed
Id string `json:"id" yaml:"id"`
// Name provides a summary of the procedure
Name string `json:"name" yaml:"name"`
// Description provides a detailed explanation of the procedure
Description string `json:"description" yaml:"description"`
// Documentation provides a URL to documentation that describes how the assessment procedure evaluates the control requirement
Documentation string `json:"documentation,omitempty" yaml:"documentation,omitempty"`
}
AssessmentProcedure describes a testing procedure for evaluating a Layer 2 control requirement.
type AssessmentStep ¶
AssessmentStep is a function type that inspects the provided targetData and returns a Result with a message. The message may be an error string or other descriptive text.
func (AssessmentStep) MarshalJSON ¶
func (as AssessmentStep) MarshalJSON() ([]byte, error)
func (AssessmentStep) MarshalYAML ¶
func (as AssessmentStep) MarshalYAML() (interface{}, error)
func (AssessmentStep) String ¶
func (as AssessmentStep) String() string
type Author ¶ added in v0.12.0
type Author struct {
Name string `json:"name" yaml:"name"`
Uri string `json:"uri,omitempty" yaml:"uri,omitempty"`
Version string `json:"version,omitempty" yaml:"version,omitempty"`
Contact Contact `json:"contact,omitempty" yaml:"contact,omitempty"`
}
Author contains the information about the entity that produced the evaluation plan or log.
type Checklist ¶ added in v0.16.0
type Checklist struct {
// PlanId identifies the evaluation plan.
PlanId string
// Author is the name of the plan author.
Author string
// AuthorVersion is the version of the authoring tool or system.
AuthorVersion string
// Sections are the control sections
Sections []ControlSection
}
Checklist represents the structured checklist data.
type ChecklistItem ¶ added in v0.16.0
type ChecklistItem struct {
// RequirementId is the requirement ID (e.g., "OSPS-AC-01.01")
RequirementId string
// ProcedureName is the human-readable name of the procedure to execute.
ProcedureName string
// Description provides additional context or a summary about the procedure.
Description string
// Documentation is the documentation URL
Documentation string
// IsAdditionalProcedure indicates if this is an additional procedure
IsAdditionalProcedure bool
}
ChecklistItem represents a single checklist item.
type Contact ¶ added in v0.8.0
type Contact struct {
// The contact person's name.
Name string `json:"name" yaml:"name"`
// Indicates whether this admin is the first point of contact for inquiries. Only one entry should be marked as primary.
Primary bool `json:"primary" yaml:"primary"`
// The entity with which the contact is affiliated, such as a school or employer.
Affiliation *string `json:"affiliation,omitempty" yaml:"affiliation,omitempty"`
// A preferred email address to reach the contact.
Email *Email `json:"email,omitempty" yaml:"email,omitempty"`
// A social media handle or profile for the contact.
Social *string `json:"social,omitempty" yaml:"social,omitempty"`
}
type ControlEvaluation ¶
type ControlEvaluation struct {
Name string `json:"name" yaml:"name"`
Result Result `json:"result" yaml:"result"`
Message string `json:"message" yaml:"message"`
Control Mapping `json:"control" yaml:"control"`
// Enforce that control reference and the assessments' references match
// This formulation uses the control's reference if the assessment doesn't include a reference
AssessmentLogs []*AssessmentLog `json:"assessment-logs" yaml:"assessment-logs"`
}
ControlEvaluation contains the results of evaluating a single Layer 4 control.
func (*ControlEvaluation) AddAssessment ¶
func (c *ControlEvaluation) AddAssessment(requirementId string, description string, applicability []string, steps []AssessmentStep) (assessment *AssessmentLog)
AddAssessment creates a new AssessmentLog object and adds it to the ControlEvaluation.
func (*ControlEvaluation) Evaluate ¶
func (c *ControlEvaluation) Evaluate(targetData interface{}, userApplicability []string)
Evaluate runs each step in each assessment, updating the relevant fields on the control evaluation. It will halt if a step returns a failed result. The targetData is the data that the assessment will be run against. The userApplicability is a slice of strings that determine when the assessment is applicable. The changesAllowed determines whether the assessment is allowed to execute its changes.
type ControlSection ¶ added in v0.16.0
type ControlSection struct {
// ControlName is the control identifier (e.g., "OSPS-AC-01")
ControlName string
// ControlReference is the formatted reference (e.g., "OSPS-B / OSPS-AC-01")
ControlReference string
// Items are the checklist items for this control
Items []ChecklistItem
}
ControlSection organizes checklist items by control.
type EvaluationLog ¶ added in v0.10.1
type EvaluationLog struct {
Evaluations []*ControlEvaluation `json:"evaluations" yaml:"evaluations"`
Metadata Metadata `json:"metadata,omitempty" yaml:"metadata,omitempty"`
}
EvaluationLog contains the results of evaluating a set of Layer 2 controls.
func (EvaluationLog) ToSARIF ¶ added in v0.10.1
ToSARIF converts the evaluation results into a SARIF document (v2.1.0). Each AssessmentLog is emitted as a SARIF result. The rule id is derived from the control id and requirement id.
Parameters:
- artifactURI: File path or URI for PhysicalLocation.artifactLocation.uri. If empty, PhysicalLocation will be nil (no resource URI available). For GitHub Code Scanning, typically use a file path like "README.md".
- catalog: Optional catalog data to enrich SARIF output with requirement text and recommendations. If nil, only basic information is included.
PhysicalLocation identifies the artifact (file/repository) where the result was found. LogicalLocation identifies the logical component (assessment step) that produced the result. Region is left nil as we don't have file-specific line/column data.
type EvaluationPlan ¶ added in v0.8.0
type EvaluationPlan struct {
Metadata Metadata `json:"metadata" yaml:"metadata"`
Plans []AssessmentPlan `json:"plans" yaml:"plans"`
}
EvaluationPlan defines how a set of Layer 2 controls are to be evaluated.
func (EvaluationPlan) ToChecklist ¶ added in v0.16.0
func (e EvaluationPlan) ToChecklist() (Checklist, error)
ToChecklist converts an EvaluationPlan into a structured Checklist.
func (EvaluationPlan) ToMarkdownChecklist ¶ added in v0.16.0
func (e EvaluationPlan) ToMarkdownChecklist() (string, error)
ToMarkdownChecklist converts an evaluation plan into a markdown checklist. Generates a pre-execution checklist showing what needs to be checked.
type Location ¶ added in v0.10.0
type Location struct {
PhysicalLocation *PhysicalLocation `json:"physicalLocation,omitempty"`
LogicalLocations []LogicalLocation `json:"logicalLocations,omitempty"`
}
type LogicalLocation ¶ added in v0.10.0
type LogicalLocation struct {
FullyQualifiedName string `json:"fullyQualifiedName,omitempty"`
}
type Mapping ¶ added in v0.12.0
type Mapping struct {
// ReferenceId should reference the corresponding MappingReference id
ReferenceId string `json:"reference-id" yaml:"reference-id"`
// EntryId should reference the specific element within the referenced document
EntryId string `json:"entry-id" yaml:"entry-id"`
// Strength describes how effectively the referenced item addresses the associated control or procedure on a scale of 1 to 10, with 10 being the most effective.
Strength int64 `json:"strength,omitempty" yaml:"strength,omitempty"`
// Remarks provides additional context about the mapping entry.
Remarks string `json:"remarks,omitempty" yaml:"remarks,omitempty"`
}
type MappingReference ¶ added in v0.12.0
type Metadata ¶ added in v0.8.0
type Metadata struct {
Id string `json:"id" yaml:"id"`
Version string `json:"version,omitempty" yaml:"version,omitempty"`
Author Author `json:"author" yaml:"author"`
MappingReferences []MappingReference `json:"mapping-references,omitempty" yaml:"mapping-references,omitempty"`
}
Metadata contains metadata about the Layer 4 evaluation plan and log.
type PhysicalLocation ¶ added in v0.13.0
type PhysicalLocation struct {
ArtifactLocation ArtifactLocation `json:"artifactLocation"`
Region *Region `json:"region,omitempty"`
}
type ReportingDescriptor ¶ added in v0.10.0
type Result ¶
type Result int
Result is an enum representing the result of a control evaluation This is designed to restrict the possible result values to a set of known states
func UpdateAggregateResult ¶
UpdateAggregateResult compares the current result with the new result and returns the most severe of the two.
func (Result) MarshalJSON ¶
MarshalJSON ensures that Result is serialized as a string in JSON
func (Result) MarshalYAML ¶
MarshalYAML ensures that Result is serialized as a string in YAML
type ResultEntry ¶ added in v0.10.0
type Run ¶ added in v0.10.0
type Run struct {
Tool Tool `json:"tool"`
Results []ResultEntry `json:"results,omitempty"`
}
type SarifReport ¶ added in v0.10.0
type SarifReport struct {
Schema string `json:"$schema"`
Version string `json:"version"`
Runs []Run `json:"runs"`
}
Minimal SARIF v2.1.0 model we need for export without external deps
type Tool ¶ added in v0.10.0
type Tool struct {
Driver ToolComponent `json:"driver"`
}
type ToolComponent ¶ added in v0.10.0
type ToolComponent struct {
Name string `json:"name"`
InformationURI string `json:"informationUri,omitempty"`
Version string `json:"version,omitempty"`
SemanticVersion string `json:"semanticVersion,omitempty"`
DottedQuadFileVersion string `json:"dottedQuadFileVersion,omitempty"`
Rules []ReportingDescriptor `json:"rules,omitempty"`
}
Source Files