Documentation
¶
Overview ¶
Package types is the collection of main data types used by the Trusty libraries
Index ¶
- Variables
- func ConvertDepsToMap(deps []Dependency) map[string]string
- func DiffDependencies(oldDeps, newDeps map[string]string) map[string]string
- type Alternative
- type AlternativesList
- type Dependency
- type Ecosystem
- type HistoricalProvenance
- type MaliciousData
- type PackageData
- type Provenance
- type ProvenanceDescription
- type Reply
- type ScoreSummary
- type SigstoreProvenance
Constants ¶
This section is empty.
Variables ¶
var Ecosystems = map[string]Ecosystem{ "ECOSYSTEM_NPM": ECOSYSTEM_NPM, "ECOSYSTEM_GO": ECOSYSTEM_GO, "ECOSYSTEM_PYPI": ECOSYSTEM_PYPI, }
Ecosystems enumerates the supported ecosystems
Functions ¶
func ConvertDepsToMap ¶
func ConvertDepsToMap(deps []Dependency) map[string]string
ConvertDepsToMap converts a slice of Dependency structs to a map for easier comparison
Types ¶
type Alternative ¶ added in v0.1.0
type Alternative struct {
PackageName string `json:"package_name"`
Score float64 `json:"score"`
PackageNameURL string
}
Alternative is an alternative package returned from the package intelligence API
type AlternativesList ¶ added in v0.1.0
type AlternativesList struct {
Status string `json:"status"`
Packages []Alternative `json:"packages"`
}
AlternativesList is the alternatives block in the trusty API response
type Dependency ¶
Dependency represents a generic dependency structure
type Ecosystem ¶ added in v0.1.0
type Ecosystem int32
Ecosystem is an identifier of a packaging system supported by Trusty
type HistoricalProvenance ¶ added in v0.1.0
type HistoricalProvenance struct {
Tags float64 `json:"tags"`
Common float64 `json:"common"`
Overlap float64 `json:"overlap"`
Versions float64 `json:"versions"`
}
HistoricalProvenance has the historical provenance components from a package
type MaliciousData ¶ added in v0.1.0
type MaliciousData struct {
Summary string `json:"summary"`
Details string `json:"details"`
Published *time.Time `json:"published"`
Modified *time.Time `json:"modified"`
Source string `json:"source"`
}
MaliciousData contains the security details when a dependency is malicious
type PackageData ¶ added in v0.1.0
type PackageData struct {
Archived bool `json:"archived"`
Deprecated bool `json:"is_deprecated"`
Malicious *MaliciousData `json:"malicious"`
}
PackageData contains the data about the queried package
type Provenance ¶ added in v0.1.0
type Provenance struct {
Score float64 `json:"score"`
Description ProvenanceDescription `json:"description"`
}
Provenance has the package's provenance score and provenance type components
type ProvenanceDescription ¶ added in v0.1.0
type ProvenanceDescription struct {
Historical HistoricalProvenance `json:"hp"`
Sigstore SigstoreProvenance `json:"provenance"`
}
ProvenanceDescription contians the provenance types
type Reply ¶ added in v0.1.0
type Reply struct {
PackageName string `json:"package_name"`
PackageType string `json:"package_type"`
Summary ScoreSummary `json:"summary"`
Alternatives AlternativesList `json:"alternatives"`
PackageData PackageData `json:"package_data"`
Provenance *Provenance `json:"provenance"`
}
Reply is the response from the package report API
type ScoreSummary ¶ added in v0.1.0
type ScoreSummary struct {
Score *float64 `json:"score"`
Description map[string]any `json:"description"`
}
ScoreSummary is the summary score returned from the package intelligence API
type SigstoreProvenance ¶ added in v0.1.0
type SigstoreProvenance struct {
Issuer string `json:"issuer"`
Workflow string `json:"workflow"`
SourceRepository string `json:"source_repo"`
TokenIssuer string `json:"token_issuer"`
Transparency string `json:"transparency"`
}
SigstoreProvenance has the sigstore certificate data when a package was signed using a github actions workflow
Source Files