Why Go
- Case Studies
  
  Common problems companies solve with Go
- Use Cases
  
  Stories about how and why companies use Go
- Security
  
  How Go can help keep you secure by default
Learn
Docs
- Effective Go
  
  Tips for writing clear, performant, and idiomatic Go code
- Go User Manual
  
  A complete introduction to building software with Go
- Standard library
  
  Reference documentation for Go's standard library
- Release Notes
  
  Learn what's new in each Go release
Packages
Community
- Recorded Talks
  
  Videos from prior events
- Meetups
  
  Meet other local Go developers
- Conferences
  
  Learn and network with Go developers from around the world
- Go blog
  
  The Go project's official blog.
- Go project
  
  Get help and stay informed from Go
- Get connected

scanner

package

Go to main page

Versions in this module

v0

v0.24.2

Apr 11, 2026

v0.24.1

Apr 11, 2026

v0.24.0

Apr 11, 2026

Changes in this version

+ const DefaultWorkerPoolSize

+ const MaxLogBytes

+ const MaxQueueSize

+ const MaxScanLogLines

+ const MaxScannedFiles

+ const MaxScansPerServer

+ const QueueStatusCancelled

+ const QueueStatusCompleted

+ const QueueStatusFailed

+ const QueueStatusPending

+ const QueueStatusRunning

+ const QueueStatusSkipped

+ const ScanJobStatusCancelled

+ const ScanJobStatusCompleted

+ const ScanJobStatusFailed

+ const ScanJobStatusPending

+ const ScanJobStatusRunning

+ const ScanPassSecurityScan

+ const ScanPassSupplyChainAudit

+ const ScannerStatusAvailable

+ const ScannerStatusConfigured

+ const ScannerStatusError

+ const ScannerStatusInstalled

+ const ScannerStatusPulling

+ const SeverityCritical

+ const SeverityHigh

+ const SeverityInfo

+ const SeverityLow

+ const SeverityMedium

+ const ThreatLevelDangerous

+ const ThreatLevelInfo

+ const ThreatLevelWarning

+ const ThreatMaliciousCode

+ const ThreatPromptInjection

+ const ThreatRugPull

+ const ThreatSupplyChain

+ const ThreatToolPoisoning

+ const ThreatUncategorized

+ func CalculateRiskScore(findings []ScanFinding) int

+ func ClassifyAllFindings(findings []ScanFinding)

+ func ClassifyThreat(f *ScanFinding)

+ func CollectFileList(dir string) (files []string, totalFiles int, totalSize int64)

+ func GenerateContainerName(scannerID, serverName string) string

+ func IsSARIF(data []byte) bool

+ func PrepareReportDir(baseDir, jobID, scannerID string) (string, error)

+ func ValidateManifest(s *ScannerPlugin) error

+ type AggregatedReport struct

+ EmptyScan bool

+ Findings []ScanFinding

+ JobID string

+ Pass1Complete bool

+ Pass2Complete bool

+ Pass2Running bool

+ Reports []ScanReport

+ RiskScore int

+ ScanComplete bool

+ ScanContext *ScanContext

+ ScannedAt time.Time

+ ScannerStatuses []ScannerJobStatus

+ ScannersFailed int

+ ScannersRun int

+ ScannersTotal int

+ ServerName string

+ Summary ReportSummary

+ func AggregateReports(jobID, serverName string, reports []*ScanReport) *AggregatedReport

+ func AggregateReportsWithJobStatus(jobID, serverName string, reports []*ScanReport, job *ScanJob) *AggregatedReport

+ type DockerRunner struct

+ func NewDockerRunner(logger *zap.Logger) *DockerRunner

+ func (d *DockerRunner) GetImageDigest(ctx context.Context, image string) (string, error)

+ func (d *DockerRunner) ImageExists(ctx context.Context, image string) bool

+ func (d *DockerRunner) IsDockerAvailable(ctx context.Context) bool

+ func (d *DockerRunner) KillContainer(ctx context.Context, name string) error

+ func (d *DockerRunner) PullImage(ctx context.Context, image string) error

+ func (d *DockerRunner) ReadReportFile(reportDir string) ([]byte, error)

+ func (d *DockerRunner) RemoveImage(ctx context.Context, image string) error

+ func (d *DockerRunner) RunScanner(ctx context.Context, cfg ScannerRunConfig) (stdout, stderr string, exitCode int, err error)

+ func (d *DockerRunner) StopContainer(ctx context.Context, name string, timeout int) error

+ type Engine struct

+ func NewEngine(docker *DockerRunner, registry *Registry, dataDir string, logger *zap.Logger) *Engine

+ func (e *Engine) CancelScan(serverName string) error

+ func (e *Engine) GetActiveJob(serverName string) *ScanJob

+ func (e *Engine) StartScan(ctx context.Context, req ScanRequest, callback ScanCallback) (*ScanJob, error)

+ type EnvRequirement struct

+ Key string

+ Label string

+ Secret bool

+ type EventEmitter interface

+ EmitSecurityIntegrityAlert func(serverName, alertType, action string)

+ EmitSecurityScanCompleted func(serverName string, findingsSummary map[string]int)

+ EmitSecurityScanFailed func(serverName, scannerID, errMsg string)

+ EmitSecurityScanProgress func(serverName, scannerID, status string, progress int)

+ EmitSecurityScanStarted func(serverName string, scanners []string, jobID string)

+ EmitSecurityScannerChanged func(scannerID, status, errMsg string)

+ type FindingCounts struct

+ Dangerous int

+ Info int

+ Total int

+ Warning int

+ type IntegrityBaseline struct

+ ApprovedAt time.Time

+ ApprovedBy string

+ DiffManifest []string

+ ImageDigest string

+ LockfileHash string

+ ScanReportIDs []string

+ ServerName string

+ SourceHash string

+ ToolHashes map[string]string

+ func (b *IntegrityBaseline) MarshalBinary() ([]byte, error)

+ func (b *IntegrityBaseline) UnmarshalBinary(data []byte) error

+ type IntegrityCheckResult struct

+ CheckedAt time.Time

+ Passed bool

+ ServerName string

+ Violations []IntegrityViolation

+ type IntegrityViolation struct

+ Actual string

+ Expected string

+ Message string

+ Type string

+ type NoopCallback struct

+ func (n *NoopCallback) OnScanCompleted(_ *ScanJob, _ []*ScanReport)

+ func (n *NoopCallback) OnScanFailed(_ *ScanJob, _ error)

+ func (n *NoopCallback) OnScanStarted(_ *ScanJob)

+ func (n *NoopCallback) OnScannerCompleted(_ *ScanJob, _ string, _ *ScanReport)

+ func (n *NoopCallback) OnScannerFailed(_ *ScanJob, _ string, _ error)

+ func (n *NoopCallback) OnScannerStarted(_ *ScanJob, _ string)

+ type NoopEmitter struct

+ func (n *NoopEmitter) EmitSecurityIntegrityAlert(string, string, string)

+ func (n *NoopEmitter) EmitSecurityScanCompleted(string, map[string]int)

+ func (n *NoopEmitter) EmitSecurityScanFailed(string, string, string)

+ func (n *NoopEmitter) EmitSecurityScanProgress(string, string, string, int)

+ func (n *NoopEmitter) EmitSecurityScanStarted(string, []string, string)

+ func (n *NoopEmitter) EmitSecurityScannerChanged(string, string, string)

+ type QueueItem struct

+ DoneAt time.Time

+ Error string

+ JobID string

+ ServerName string

+ SkipReason string

+ StartedAt time.Time

+ Status string

+ type QueueProgress struct

+ BatchID string

+ Cancelled int

+ Completed int

+ DoneAt time.Time

+ Failed int

+ Items []QueueItem

+ Pending int

+ Running int

+ Skipped int

+ StartedAt time.Time

+ Status string

+ Total int

+ type Registry struct

+ func NewRegistry(dataDir string, logger *zap.Logger) *Registry

+ func (r *Registry) Get(id string) (*ScannerPlugin, error)

+ func (r *Registry) List() []*ScannerPlugin

+ func (r *Registry) Register(s *ScannerPlugin) error

+ func (r *Registry) Unregister(id string) error

+ func (r *Registry) UpdateStatus(id, status string) error

+ type ReportSummary struct

+ Critical int

+ Dangerous int

+ High int

+ Info int

+ InfoLevel int

+ Low int

+ Medium int

+ Total int

+ Warnings int

+ func SummarizeFindings(findings []ScanFinding) ReportSummary

+ type ResolvedSource struct

+ Cleanup func()

+ ContainerID string

+ Files []string

+ Method string

+ ServerURL string

+ SourceDir string

+ TotalFiles int

+ TotalSize int64

+ type SARIFArtifactLocation struct

+ URI string

+ type SARIFConfiguration struct

+ Level string

+ type SARIFDriver struct

+ Name string

+ Rules []SARIFRule

+ Version string

+ type SARIFLocation struct

+ PhysicalLocation *SARIFPhysicalLocation

+ type SARIFMessage struct

+ Text string

+ type SARIFPhysicalLocation struct

+ ArtifactLocation *SARIFArtifactLocation

+ Region *SARIFRegion

+ type SARIFRegion struct

+ EndColumn int

+ EndLine int

+ StartColumn int

+ StartLine int

+ type SARIFReport struct

+ Runs []SARIFRun

+ Schema string

+ Version string

+ func ParseSARIF(data []byte) (*SARIFReport, error)

+ type SARIFResult struct

+ Level string

+ Locations []SARIFLocation

+ Message SARIFMessage

+ Properties map[string]any

+ RuleID string

+ type SARIFRule struct

+ DefaultConfig *SARIFConfiguration

+ FullDescription *SARIFMessage

+ HelpURI string

+ ID string

+ Properties map[string]any

+ ShortDescription *SARIFMessage

+ type SARIFRun struct

+ Results []SARIFResult

+ Tool SARIFTool

+ type SARIFTool struct

+ Driver SARIFDriver

+ type ScanAllRequest struct

+ ScannerIDs []string

+ SkipEnabled bool

+ type ScanCallback interface

+ OnScanCompleted func(job *ScanJob, reports []*ScanReport)

+ OnScanFailed func(job *ScanJob, err error)

+ OnScanStarted func(job *ScanJob)

+ OnScannerCompleted func(job *ScanJob, scannerID string, report *ScanReport)

+ OnScannerFailed func(job *ScanJob, scannerID string, err error)

+ OnScannerStarted func(job *ScanJob, scannerID string)

+ type ScanContext struct

+ ContainerID string

+ ContainerImage string

+ DockerIsolation bool

+ ScannedFiles []string

+ ServerCommand string

+ ServerProtocol string

+ SourceMethod string

+ SourcePath string

+ ToolsExported int

+ TotalFiles int

+ TotalSizeBytes int64

+ type ScanFinding struct

+ CVSSScore float64

+ Category string

+ Description string

+ Evidence string

+ FixedVersion string

+ HelpURI string

+ InstalledVersion string

+ Location string

+ PackageName string

+ RuleID string

+ ScanPass int

+ Scanner string

+ Severity string

+ SupplyChainAudit bool

+ ThreatLevel string

+ ThreatType string

+ Title string

+ func NormalizeFindings(report *SARIFReport, scannerID string) []ScanFinding

+ type ScanJob struct

+ CompletedAt time.Time

+ DryRun bool

+ Error string

+ ID string

+ ScanContext *ScanContext

+ ScanPass int

+ ScannerStatuses []ScannerJobStatus

+ Scanners []string

+ ServerName string

+ StartedAt time.Time

+ Status string

+ func (j *ScanJob) MarshalBinary() ([]byte, error)

+ func (j *ScanJob) UnmarshalBinary(data []byte) error

+ type ScanJobSummary struct

+ CompletedAt time.Time

+ FindingsCount int

+ ID string

+ RiskScore int

+ ScanPass int

+ Scanners []string

+ ServerName string

+ StartedAt time.Time

+ Status string

+ type ScanQueue struct

+ func NewScanQueue(logger *zap.Logger) *ScanQueue

+ func (q *ScanQueue) CancelAll() error

+ func (q *ScanQueue) GetProgress() *QueueProgress

+ func (q *ScanQueue) IsRunning() bool

+ func (q *ScanQueue) StartScanAll(serverList []ServerStatus, ...) (*QueueProgress, error)

+ type ScanReport struct

+ Findings []ScanFinding

+ ID string

+ JobID string

+ RiskScore int

+ SarifRaw json.RawMessage

+ ScannedAt time.Time

+ ScannerID string

+ ServerName string

+ func (r *ScanReport) MarshalBinary() ([]byte, error)

+ func (r *ScanReport) UnmarshalBinary(data []byte) error

+ type ScanRequest struct

+ DryRun bool

+ Env map[string]string

+ ScanContext *ScanContext

+ ScanPass int

+ ScannerIDs []string

+ ServerName string

+ SourceDir string

+ type ScanSummary struct

+ FindingCounts *FindingCounts

+ LastScanAt *time.Time

+ RiskScore int

+ Status string

+ type ScannerJobStatus struct

+ CompletedAt time.Time

+ Error string

+ ExitCode int

+ FindingsCount int

+ ScannerID string

+ StartedAt time.Time

+ Status string

+ Stderr string

+ Stdout string

+ type ScannerPlugin struct

+ Command []string

+ ConfiguredEnv map[string]string

+ Custom bool

+ Description string

+ DockerImage string

+ ErrorMsg string

+ Homepage string

+ ID string

+ ImageOverride string

+ Inputs []string

+ InstalledAt time.Time

+ LastUsedAt time.Time

+ License string

+ Name string

+ NetworkReq bool

+ OptionalEnv []EnvRequirement

+ Outputs []string

+ RequiredEnv []EnvRequirement

+ Status string

+ Timeout string

+ Vendor string

+ func (s *ScannerPlugin) EffectiveImage() string

+ func (s *ScannerPlugin) MarshalBinary() ([]byte, error)

+ func (s *ScannerPlugin) UnmarshalBinary(data []byte) error

+ type ScannerRunConfig struct

+ CacheDir string

+ Command []string

+ ContainerName string

+ Env map[string]string

+ ExtraMounts []string

+ Image string

+ MemoryLimit string

+ NetworkMode string

+ ReadOnly bool

+ ReportDir string

+ SourceDir string

+ Timeout time.Duration

+ type SecretResolverFunc func(ctx context.Context, ref string) (string, error)

+ type SecretStore interface

+ ResolveSecret func(ctx context.Context, ref string) (string, error)

+ StoreSecret func(ctx context.Context, name, value string) error

+ type SecurityOverview struct

+ ActiveScans int

+ DockerAvailable bool

+ FindingsBySeverity ReportSummary

+ LastScanAt time.Time

+ ScannersEnabled int

+ ScannersInstalled int

+ ServersScanned int

+ TotalScans int

+ type ServerInfo struct

+ Args []string

+ Command string

+ Env map[string]string

+ Name string

+ Protocol string

+ URL string

+ WorkingDir string

+ type ServerInfoProvider interface

+ EnsureConnected func(ctx context.Context, serverName string) error

+ GetServerInfo func(serverName string) (*ServerInfo, error)

+ GetServerTools func(serverName string) ([]map[string]interface{}, error)

+ IsConnected func(serverName string) bool

+ type ServerStatus struct

+ Connected bool

+ Enabled bool

+ Name string

+ Protocol string

+ type ServerUnquarantiner interface

+ UnquarantineServer func(serverName string) error

+ type Service struct

+ func NewService(storage Storage, registry *Registry, docker *DockerRunner, dataDir string, ...) *Service

+ func (s *Service) ApproveServer(ctx context.Context, serverName string, force bool, approvedBy string) error

+ func (s *Service) CancelAllScans() error

+ func (s *Service) CancelScan(ctx context.Context, serverName string) error

+ func (s *Service) CheckIntegrity(ctx context.Context, serverName string) (*IntegrityCheckResult, error)

+ func (s *Service) CleanupStaleJobs()

+ func (s *Service) ConfigureScanner(_ context.Context, id string, env map[string]string, dockerImage string) error

+ func (s *Service) GetOverview(ctx context.Context) (*SecurityOverview, error)

+ func (s *Service) GetQueueProgress() *QueueProgress

+ func (s *Service) GetScanReport(ctx context.Context, serverName string) (*AggregatedReport, error)

+ func (s *Service) GetScanReportByJobID(ctx context.Context, jobID string) (*AggregatedReport, error)

+ func (s *Service) GetScanStatus(ctx context.Context, serverName string) (*ScanJob, error)

+ func (s *Service) GetScanStatusByPass(ctx context.Context, serverName string, pass int) (*ScanJob, error)

+ func (s *Service) GetScanSummary(ctx context.Context, serverName string) *ScanSummary

+ func (s *Service) GetScanner(ctx context.Context, id string) (*ScannerPlugin, error)

+ func (s *Service) GetScannerStatus(ctx context.Context, id string) (*ScannerPlugin, error)

+ func (s *Service) GetSecurityOverview(ctx context.Context) (*SecurityOverview, error)

+ func (s *Service) InstallScanner(ctx context.Context, id string) error

+ func (s *Service) IsQueueRunning() bool

+ func (s *Service) ListScanHistory(ctx context.Context) ([]ScanJobSummary, error)

+ func (s *Service) ListScanners(ctx context.Context) ([]*ScannerPlugin, error)

+ func (s *Service) RejectServer(ctx context.Context, serverName string) error

+ func (s *Service) RemoveScanner(ctx context.Context, id string) error

+ func (s *Service) ScanAll(ctx context.Context, servers []ServerStatus, scannerIDs []string) (*QueueProgress, error)

+ func (s *Service) SetEmitter(emitter EventEmitter)

+ func (s *Service) SetSecretStore(store SecretStore)

+ func (s *Service) SetServerInfoProvider(provider ServerInfoProvider)

+ func (s *Service) SetServerUnquarantiner(u ServerUnquarantiner)

+ func (s *Service) StartScan(ctx context.Context, serverName string, dryRun bool, scannerIDs []string, ...) (*ScanJob, error)

+ type SourceResolver struct

+ func NewSourceResolver(logger *zap.Logger) *SourceResolver

+ func (r *SourceResolver) EnrichWithFileList(resolved *ResolvedSource)

+ func (r *SourceResolver) Resolve(ctx context.Context, info ServerInfo) (*ResolvedSource, error)

+ func (r *SourceResolver) ResolveFullSource(ctx context.Context, info ServerInfo) (*ResolvedSource, error)

+ type Storage interface

+ DeleteIntegrityBaseline func(serverName string) error

+ DeleteScanJob func(id string) error

+ DeleteScanReport func(id string) error

+ DeleteScanner func(id string) error

+ DeleteServerScanJobs func(serverName string) error

+ DeleteServerScanReports func(serverName string) error

+ GetIntegrityBaseline func(serverName string) (*IntegrityBaseline, error)

+ GetLatestScanJob func(serverName string) (*ScanJob, error)

+ GetScanJob func(id string) (*ScanJob, error)

+ GetScanReport func(id string) (*ScanReport, error)

+ GetScanner func(id string) (*ScannerPlugin, error)

+ ListIntegrityBaselines func() ([]*IntegrityBaseline, error)

+ ListScanJobs func(serverName string) ([]*ScanJob, error)

+ ListScanReports func(serverName string) ([]*ScanReport, error)

+ ListScanReportsByJob func(jobID string) ([]*ScanReport, error)

+ ListScanners func() ([]*ScannerPlugin, error)

+ SaveIntegrityBaseline func(baseline *IntegrityBaseline) error

+ SaveScanJob func(job *ScanJob) error

+ SaveScanReport func(report *ScanReport) error

+ SaveScanner func(s *ScannerPlugin) error