Documentation
¶
Overview ¶
Package types is the collection of main data types used by the Trusty libraries
Index ¶
- Constants
- Variables
- func ConvertDepsToMap(deps []Dependency) map[string]string
- func DiffDependencies(oldDeps, newDeps map[string]string) map[string]string
- type Activity
- type ActivityDescription
- type Alternative
- type AlternativesList
- type Dependency
- type Ecosystem
- type HistoricalProvenance
- type MaliciousData
- type PackageData
- type Provenance
- type ProvenanceDescription
- type Reply
- type ScoreSummary
- type SigstoreProvenance
- type Typosquatting
- type TyposquattingDescription
Constants ¶
const ( // ECOSYSTEM_NPM identifies the NPM ecosystem ECOSYSTEM_NPM Ecosystem = 1 // ECOSYSTEM_GO identifies the Go language ECOSYSTEM_GO Ecosystem = 2 // ECOSYSTEM_PYPI identifies the Python Package Index ECOSYSTEM_PYPI Ecosystem = 3 // IngestStatusFailed ingestion failed permanently IngestStatusFailed = "failed" // IngestStatusComplete means ingestion is done, data available IngestStatusComplete = "complete" // IngestStatusPending means that the ingestion process is waiting to start IngestStatusPending = "pending" // IngestStatusScoring means the scoring process is underway IngestStatusScoring = "scoring" )
Variables ¶
var Ecosystems = map[string]Ecosystem{ "ECOSYSTEM_NPM": ECOSYSTEM_NPM, "ECOSYSTEM_GO": ECOSYSTEM_GO, "ECOSYSTEM_PYPI": ECOSYSTEM_PYPI, }
Ecosystems enumerates the supported ecosystems
Functions ¶
func ConvertDepsToMap ¶
func ConvertDepsToMap(deps []Dependency) map[string]string
ConvertDepsToMap converts a slice of Dependency structs to a map for easier comparison
Types ¶
type Activity ¶
type Activity struct {
Score float64 `json:"score"`
Description ActivityDescription `json:"description"`
}
Activity captures a package's activity score
type ActivityDescription ¶
ActivityDescription captures the fields of the activuty score
type Alternative ¶
type Alternative struct {
PackageName string `json:"package_name"`
Score float64 `json:"score"`
PackageNameURL string
}
Alternative is an alternative package returned from the package intelligence API
type AlternativesList ¶
type AlternativesList struct {
Status string `json:"status"`
Packages []Alternative `json:"packages"`
}
AlternativesList is the alternatives block in the trusty API response
type Dependency ¶
Dependency represents a generic dependency structure
type Ecosystem ¶
type Ecosystem int32
Ecosystem is an identifier of a packaging system supported by Trusty
type HistoricalProvenance ¶
type HistoricalProvenance struct {
Tags float64 `json:"tags"`
Common float64 `json:"common"`
Overlap float64 `json:"overlap"`
Versions float64 `json:"versions"`
}
HistoricalProvenance has the historical provenance components from a package
type MaliciousData ¶
type MaliciousData struct {
Summary string `json:"summary"`
Details string `json:"details"`
Published *time.Time `json:"published"`
Modified *time.Time `json:"modified"`
Source string `json:"source"`
}
MaliciousData contains the security details when a dependency is malicious
type PackageData ¶
type PackageData struct {
Archived bool `json:"archived"`
Deprecated bool `json:"is_deprecated"`
Malicious *MaliciousData `json:"malicious"`
Status string `json:"status"`
StatusCode string `json:"status_code"`
}
PackageData contains the data about the queried package
type Provenance ¶
type Provenance struct {
Score float64 `json:"score"`
Description ProvenanceDescription `json:"description"`
}
Provenance has the package's provenance score and provenance type components
type ProvenanceDescription ¶
type ProvenanceDescription struct {
Historical HistoricalProvenance `json:"hp"`
Sigstore SigstoreProvenance `json:"sigstore"`
}
ProvenanceDescription contians the provenance types
type Reply ¶
type Reply struct {
PackageName string `json:"package_name"`
PackageType string `json:"package_type"`
PackageVersion string `json:"package_version"`
Status string `json:"status"`
Summary ScoreSummary `json:"summary"`
Provenance *Provenance `json:"provenance"`
Activity *Activity `json:"activity"`
Typosquatting *Typosquatting `json:"typosquatting"`
Alternatives AlternativesList `json:"alternatives"`
PackageData PackageData `json:"package_data"`
SameOriginPackagesCount int `json:"same_origin_packages_count"`
}
Reply is the response from the package report API
type ScoreSummary ¶
type ScoreSummary struct {
Score *float64 `json:"score"`
Description map[string]any `json:"description"`
}
ScoreSummary is the summary score returned from the package intelligence API
type SigstoreProvenance ¶
type SigstoreProvenance struct {
Issuer string `json:"issuer"`
Workflow string `json:"workflow"`
SourceRepository string `json:"source_repo"`
TokenIssuer string `json:"token_issuer"`
Transparency string `json:"transparency"`
}
SigstoreProvenance has the sigstore certificate data when a package was signed using a github actions workflow
type Typosquatting ¶
type Typosquatting struct {
Score float64 `json:"score"`
Description TyposquattingDescription `json:"description"`
}
Typosquatting score for the package's name
type TyposquattingDescription ¶
type TyposquattingDescription struct {
TotalSimilarNames int `json:"total_similar_names"`
}
TyposquattingDescription captures the dat details of the typosquatting score
Source Files