risk

package
v0.11.2 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jun 18, 2026 License: BSD-2-Clause Imports: 6 Imported by: 0

Documentation

Index

Constants

View Source 
const (
	StatusAccepted    = "accepted"
	StatusTransferred = "transferred"
	StatusMonitoring  = "monitoring"
)

Risk status constants.

Variables

View Source 
var ValidStatuses = map[string]bool{
	StatusAccepted:    true,
	StatusTransferred: true,
	StatusMonitoring:  true,
}

ValidStatuses lists valid risk statuses.

Functions

func IsOverdueRegister 

func IsOverdueRegister(reg RegisterHeader) bool

IsOverdue reports whether the risk's next review date has passed.

Types

type Decision 

type Decision struct {
	Date           string `yaml:"date"`
	Rationale      string `yaml:"rationale"`
	Reviewer       string `yaml:"reviewer"`
	ReviewInterval string `yaml:"review_interval"` // quarterly | annually | etc.
}

Decision records the formal risk acceptance decision.

type LoadedFile 

type LoadedFile struct {
	Path string
	Data RegisterFile
}

LoadedFile is a parsed risk register file.

type RegisterFile 

type RegisterFile struct {
	Register RegisterHeader `yaml:"risk_register"`
	Risks    []Risk         `yaml:"risks"`
}

RegisterFile is the top-level structure of a risk register YAML file.

type RegisterHeader 

type RegisterHeader struct {
	ID         string `yaml:"id"`
	Title      string `yaml:"title"`
	Owner      string `yaml:"owner"` // platform | operator
	LastReview string `yaml:"last_review"`
	NextReview string `yaml:"next_review"`
}

RegisterHeader holds metadata for a risk register file.

type Risk 

type Risk struct {
	ID                   string          `yaml:"id"`
	Finding              string          `yaml:"finding"`            // finding ID
	Profiles             []string        `yaml:"profiles,omitempty"` // empty = all profiles
	Title                string          `yaml:"title"`
	Severity             string          `yaml:"severity"`          // original severity
	ResidualSeverity     string          `yaml:"residual_severity"` // after compensating controls
	Status               string          `yaml:"status"`            // accepted | transferred | monitoring
	Description          string          `yaml:"description"`
	CompensatingControls []string        `yaml:"compensating_controls"`
	ResidualRisk         string          `yaml:"residual_risk"`
	Decision             Decision        `yaml:"decision"`
	Tracking             *audit.IssueRef `yaml:"tracking,omitempty"`
}

Risk represents a single accepted/transferred risk entry.

func (*Risk) AppliesToProfile 

func (r *Risk) AppliesToProfile(profile string) bool

AppliesToProfile reports whether the risk applies to the given profile. A risk with no profiles applies to all profiles.

type RiskRef 

type RiskRef struct {
	File *LoadedFile
	Risk *Risk
}

RiskRef points to a risk within a loaded file.

type RiskSet 

type RiskSet struct {
	Files          []LoadedFile
	RisksByID      map[string]*RiskRef
	RisksByFinding map[string][]*RiskRef // finding ID -> risks
}

RiskSet holds all loaded risk register data.

func Load 

func Load(riskDir string, files []string) (*RiskSet, error)

Load reads all risk register YAML files from the given directory.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.