models

package
v1.0.19 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Apr 10, 2026 License: Apache-2.0 Imports: 24 Imported by: 1

Documentation

Overview

Package models provides custom object definitions for the core api

Index

Constants

View Source 
const (
	// DefaultRevision is the default revision to be used for new records
	DefaultRevision = "v0.0.1"
)
View Source 
const (
	// MaxRunsInBetween defines how much time each job must have between runs
	// Maybe make this configurable or maybe we need to take this down to like
	// 5/10 minutes
	MaxRunsInBetween = 30 * time.Minute
)

Variables

View Source 
var (
	ErrUnsupportedDateTimeType = errors.New("unsupported time format")
	ErrInvalidTimeType         = errors.New("invalid date format, expected YYYY-MM-DD or full ISO8601")
)
View Source 
var (
	// ErrInvalidURL defines an invalid url
	ErrInvalidURL = errors.New("invalid url provided")
	// ErrLocalHostNotAllowed defines an error where a user tries to run ssl checks on a localhost address
	ErrLocalHostNotAllowed = errors.New("cannot use localhost url")
	// ErrNoLoopbackAddressAllowed defines an error when a user tries to use loopback address
	ErrNoLoopbackAddressAllowed = errors.New("no loopback address acceptable")
	// ErrUnsupportedJobConfig defines an error for a job type we do not support at the moment
	ErrUnsupportedJobConfig = errors.New("we do not support this job type")
	// ErrHTTPSOnlyURL defines an error where a non https url is being used for a ssl check
	ErrHTTPSOnlyURL = errors.New("you can only check ssl of a domain with https")
)
View Source 
var AllAuditLogOrderField = []AuditLogOrderField{
	AuditLogOrderFieldHistoryTime,
}

AllAuditLogOrderField contains all valid AuditLogOrderField values.

View Source 
var AllOrgModules = []OrgModule{CatalogBaseModule, CatalogComplianceModule, CatalogDomainScanningAddon, CatalogEntityManagementModule, CatalogExtraEvidenceStorageAddon, CatalogPolicyManagementAddon, CatalogRiskManagementAddon, CatalogTrustCenterModule, CatalogVulnerabilityManagementModule}
View Source 
var DefaultRiskThresholds = []RiskThreshold{
	{Rating: enums.VendorRiskRatingNone, MaxScore: 0},
	{Rating: enums.VendorRiskRatingVeryLow, MaxScore: 3},
	{Rating: enums.VendorRiskRatingLow, MaxScore: 5},
	{Rating: enums.VendorRiskRatingMedium, MaxScore: 11},
	{Rating: enums.VendorRiskRatingHigh, MaxScore: 15},
	{Rating: enums.VendorRiskRatingCritical, MaxScore: 20},
}

DefaultRiskThresholds defines the system-default risk rating bands

View Source 
var DefaultVendorScoringQuestions = []VendorScoringQuestionDef{

	{
		Key:             "IAM-05.1",
		Name:            "Is the least privilege principle employed when implementing information system access?",
		Description:     "Users and systems are granted only the minimum access required to perform their function.",
		Category:        enums.VendorScoringCategorySecurityPractices,
		AnswerType:      enums.VendorScoringAnswerTypeBoolean,
		SuggestedImpact: enums.VendorRiskImpactMedium,
		Enabled:         true,
	},
	{
		Key:             "IAM-07.1",
		Name:            "Is a process in place to de-provision or modify access in a timely manner for movers and leavers?",
		Description:     "Access is revoked or adjusted promptly when employees change roles or leave the organization.",
		Category:        enums.VendorScoringCategorySecurityPractices,
		AnswerType:      enums.VendorScoringAnswerTypeBoolean,
		SuggestedImpact: enums.VendorRiskImpactHigh,
		Enabled:         true,
	},
	{
		Key:             "IAM-08.1",
		Name:            "Are reviews and revalidation of user access for least privilege and separation of duties completed with a frequency commensurate with organizational risk tolerance?",
		Description:     "Periodic access reviews ensure permissions remain appropriate over time.",
		Category:        enums.VendorScoringCategorySecurityPractices,
		AnswerType:      enums.VendorScoringAnswerTypeBoolean,
		SuggestedImpact: enums.VendorRiskImpactHigh,
		Enabled:         true,
	},
	{
		Key:             "IAM-09.1",
		Name:            "Are processes for the segregation of privileged access roles defined and implemented such that administrative data access, encryption, key management, and logging capabilities are distinct and separate?",
		Description:     "Privileged access is segregated to prevent any single account from controlling all critical functions.",
		Category:        enums.VendorScoringCategorySecurityPractices,
		AnswerType:      enums.VendorScoringAnswerTypeBoolean,
		SuggestedImpact: enums.VendorRiskImpactHigh,
		Enabled:         true,
	},
	{
		Key:             "IAM-14.1",
		Name:            "Are processes for authenticating access to systems, applications, and data assets including multi-factor authentication for least-privileged users and sensitive data access defined, implemented, and evaluated?",
		Description:     "MFA is enforced for access to systems and sensitive data, not just administrative accounts.",
		Category:        enums.VendorScoringCategorySecurityPractices,
		AnswerType:      enums.VendorScoringAnswerTypeBoolean,
		SuggestedImpact: enums.VendorRiskImpactCritical,
		Enabled:         true,
	},

	{
		Key:             "CEK-03.1",
		Name:            "Are data at-rest and in-transit cryptographically protected using cryptographic libraries certified to approved standards?",
		Description:     "All data is encrypted both when stored and when transmitted using industry-approved cryptographic standards.",
		Category:        enums.VendorScoringCategorySecurityPractices,
		AnswerType:      enums.VendorScoringAnswerTypeBoolean,
		SuggestedImpact: enums.VendorRiskImpactCritical,
		Enabled:         true,
	},
	{
		Key:             "CEK-12.1",
		Name:            "Are cryptographic keys rotated based on a cryptoperiod calculated while considering information disclosure risks and legal and regulatory requirements?",
		Description:     "Cryptographic keys are rotated on a defined schedule to limit exposure from key compromise.",
		Category:        enums.VendorScoringCategorySecurityPractices,
		AnswerType:      enums.VendorScoringAnswerTypeBoolean,
		SuggestedImpact: enums.VendorRiskImpactHigh,
		Enabled:         true,
	},

	{
		Key:             "DSP-02.1",
		Name:            "Are industry-accepted methods applied for secure data disposal from storage media so information is not recoverable by any forensic means?",
		Description:     "Data is securely and irrecoverably destroyed when no longer needed.",
		Category:        enums.VendorScoringCategoryDataAccess,
		AnswerType:      enums.VendorScoringAnswerTypeBoolean,
		SuggestedImpact: enums.VendorRiskImpactHigh,
		Enabled:         true,
	},
	{
		Key:             "DSP-03.1",
		Name:            "Is a data inventory created and maintained for sensitive and personal information?",
		Description:     "The vendor maintains an up-to-date inventory of where sensitive and personal data is stored and processed.",
		Category:        enums.VendorScoringCategoryDataAccess,
		AnswerType:      enums.VendorScoringAnswerTypeBoolean,
		SuggestedImpact: enums.VendorRiskImpactHigh,
		Enabled:         true,
	},
	{
		Key:             "DSP-16.1",
		Name:            "Do data retention, archiving, and deletion practices follow business requirements, applicable laws, and regulations?",
		Description:     "Data is retained only for the period required and deleted in accordance with legal obligations.",
		Category:        enums.VendorScoringCategoryDataAccess,
		AnswerType:      enums.VendorScoringAnswerTypeBoolean,
		SuggestedImpact: enums.VendorRiskImpactMedium,
		Enabled:         true,
	},
	{
		Key:             "DSP-19.1",
		Name:            "Are processes defined and implemented to specify and document physical data locations, including locales where data is processed or backed up?",
		Description:     "The vendor can identify and document all geographic locations where data is stored or processed.",
		Category:        enums.VendorScoringCategoryDataAccess,
		AnswerType:      enums.VendorScoringAnswerTypeBoolean,
		SuggestedImpact: enums.VendorRiskImpactHigh,
		Enabled:         true,
	},

	{
		Key:             "DSP-08.1",
		Name:            "Are systems, products, and business practices based on privacy principles by design and according to industry best practices?",
		Description:     "Privacy is built into systems and processes from the outset rather than added as an afterthought.",
		Category:        enums.VendorScoringCategoryDataPrivacy,
		AnswerType:      enums.VendorScoringAnswerTypeBoolean,
		SuggestedImpact: enums.VendorRiskImpactMedium,
		Enabled:         true,
	},
	{
		Key:             "DSP-09.1",
		Name:            "Is a data protection impact assessment (DPIA) conducted when processing personal data and evaluating the origin, nature, particularity, and severity of risks?",
		Description:     "Formal DPIAs are conducted before processing personal data to identify and mitigate privacy risks.",
		Category:        enums.VendorScoringCategoryDataPrivacy,
		AnswerType:      enums.VendorScoringAnswerTypeBoolean,
		SuggestedImpact: enums.VendorRiskImpactHigh,
		Enabled:         true,
	},
	{
		Key:             "DSP-10.1",
		Name:            "Are processes defined to ensure any transfer of personal or sensitive data is protected from unauthorized access and only processed within scope?",
		Description:     "Personal data transfers are controlled, authorized, and protected in transit.",
		Category:        enums.VendorScoringCategoryDataPrivacy,
		AnswerType:      enums.VendorScoringAnswerTypeBoolean,
		SuggestedImpact: enums.VendorRiskImpactHigh,
		Enabled:         true,
	},
	{
		Key:             "DSP-11.1",
		Name:            "Are processes defined to enable data subjects to request access to, modify, or delete personal data per applicable laws and regulations?",
		Description:     "The vendor supports data subject rights including access, rectification, and erasure requests.",
		Category:        enums.VendorScoringCategoryDataPrivacy,
		AnswerType:      enums.VendorScoringAnswerTypeBoolean,
		SuggestedImpact: enums.VendorRiskImpactHigh,
		Enabled:         true,
	},

	{
		Key:             "BCR-06.1",
		Name:            "Are the business continuity and operational resilience plans exercised and tested at least annually and when significant changes occur?",
		Description:     "BCP is tested regularly to verify it is effective and that staff know how to execute it.",
		Category:        enums.VendorScoringCategoryBusinessContinuity,
		AnswerType:      enums.VendorScoringAnswerTypeBoolean,
		SuggestedImpact: enums.VendorRiskImpactHigh,
		Enabled:         true,
	},
	{
		Key:             "BCR-08.1",
		Name:            "Is cloud data periodically backed up?",
		Description:     "Data is backed up on a regular schedule to enable recovery from data loss events.",
		Category:        enums.VendorScoringCategoryBusinessContinuity,
		AnswerType:      enums.VendorScoringAnswerTypeBoolean,
		SuggestedImpact: enums.VendorRiskImpactHigh,
		Enabled:         true,
	},
	{
		Key:             "BCR-09.1",
		Name:            "Is a disaster response plan established, documented, approved, and maintained to ensure recovery from natural and man-made disasters?",
		Description:     "A formal disaster recovery plan exists and is kept current.",
		Category:        enums.VendorScoringCategoryBusinessContinuity,
		AnswerType:      enums.VendorScoringAnswerTypeBoolean,
		SuggestedImpact: enums.VendorRiskImpactHigh,
		Enabled:         true,
	},
	{
		Key:             "BCR-10.1",
		Name:            "Is the disaster response plan exercised annually or when significant changes occur?",
		Description:     "DR plan effectiveness is validated through regular exercises.",
		Category:        enums.VendorScoringCategoryBusinessContinuity,
		AnswerType:      enums.VendorScoringAnswerTypeBoolean,
		SuggestedImpact: enums.VendorRiskImpactHigh,
		Enabled:         true,
	},

	{
		Key:             "TVM-03.1",
		Name:            "Are processes defined, implemented, and evaluated to enable scheduled and emergency responses to vulnerability identifications based on identified risk?",
		Description:     "Vulnerabilities are remediated on a risk-based schedule with a defined process for emergency response.",
		Category:        enums.VendorScoringCategorySecurityPractices,
		AnswerType:      enums.VendorScoringAnswerTypeBoolean,
		SuggestedImpact: enums.VendorRiskImpactHigh,
		Enabled:         true,
	},
	{
		Key:             "TVM-06.1",
		Name:            "Are processes defined, implemented, and evaluated for periodic, independent, third-party penetration testing?",
		Description:     "Independent penetration tests are conducted regularly by qualified third parties.",
		Category:        enums.VendorScoringCategorySecurityPractices,
		AnswerType:      enums.VendorScoringAnswerTypeBoolean,
		SuggestedImpact: enums.VendorRiskImpactHigh,
		Enabled:         true,
	},
	{
		Key:             "TVM-07.1",
		Name:            "Are processes defined, implemented, and evaluated for vulnerability detection on organizationally managed assets at least monthly?",
		Description:     "Vulnerability scanning is performed at least monthly across managed assets.",
		Category:        enums.VendorScoringCategorySecurityPractices,
		AnswerType:      enums.VendorScoringAnswerTypeBoolean,
		SuggestedImpact: enums.VendorRiskImpactHigh,
		Enabled:         true,
	},

	{
		Key:             "SEF-03.1",
		Name:            "Is a security incident response plan that includes relevant internal departments, impacted customers, and supply-chain relationships established, documented, and maintained?",
		Description:     "A comprehensive incident response plan covers internal teams, customers, and supply chain partners.",
		Category:        enums.VendorScoringCategoryIncidentResponse,
		AnswerType:      enums.VendorScoringAnswerTypeBoolean,
		SuggestedImpact: enums.VendorRiskImpactHigh,
		Enabled:         true,
	},
	{
		Key:             "SEF-04.1",
		Name:            "Is the security incident response plan tested and updated for effectiveness at planned intervals or upon significant organizational or environmental changes?",
		Description:     "The incident response plan is validated through testing and kept current.",
		Category:        enums.VendorScoringCategoryIncidentResponse,
		AnswerType:      enums.VendorScoringAnswerTypeBoolean,
		SuggestedImpact: enums.VendorRiskImpactHigh,
		Enabled:         true,
	},
	{
		Key:             "SEF-07.1",
		Name:            "Are processes, procedures, and technical measures for security breach notifications defined and implemented?",
		Description:     "A defined breach notification process exists with clear procedures for notifying affected parties.",
		Category:        enums.VendorScoringCategoryIncidentResponse,
		AnswerType:      enums.VendorScoringAnswerTypeBoolean,
		SuggestedImpact: enums.VendorRiskImpactCritical,
		Enabled:         true,
	},
	{
		Key:             "SEF-07.2",
		Name:            "Are security breaches and assumed security breaches reported, including any relevant supply chain breaches, per applicable SLAs, laws, and regulations?",
		Description:     "Breaches are reported to affected parties and regulators within legally required timeframes.",
		Category:        enums.VendorScoringCategoryIncidentResponse,
		AnswerType:      enums.VendorScoringAnswerTypeBoolean,
		SuggestedImpact: enums.VendorRiskImpactCritical,
		Enabled:         true,
	},

	{
		Key:             "A&A-02.1",
		Name:            "Are independent audit and assurance assessments conducted according to relevant standards at least annually?",
		Description:     "Third-party audits (e.g. SOC 2, ISO 27001) are conducted at least annually by qualified independent assessors.",
		Category:        enums.VendorScoringCategoryRegulatoryCompliance,
		AnswerType:      enums.VendorScoringAnswerTypeBoolean,
		SuggestedImpact: enums.VendorRiskImpactHigh,
		Enabled:         true,
	},

	{
		Key:             "STA-07.1",
		Name:            "Is an inventory of all supply chain relationships developed and maintained?",
		Description:     "The vendor maintains a current inventory of their own subprocessors and supply chain partners.",
		Category:        enums.VendorScoringCategorySupplyChainRisk,
		AnswerType:      enums.VendorScoringAnswerTypeBoolean,
		SuggestedImpact: enums.VendorRiskImpactMedium,
		Enabled:         true,
	},
	{
		Key:             "STA-09.1",
		Name:            "Do service agreements between the vendor and their customers incorporate security requirements, incident management, right to audit, and data privacy provisions?",
		Description:     "Contractual agreements with customers include substantive security and privacy obligations.",
		Category:        enums.VendorScoringCategorySupplyChainRisk,
		AnswerType:      enums.VendorScoringAnswerTypeBoolean,
		SuggestedImpact: enums.VendorRiskImpactHigh,
		Enabled:         true,
	},
	{
		Key:             "STA-14.1",
		Name:            "Is a process to conduct periodic security assessments for all supply chain organizations defined and implemented?",
		Description:     "The vendor actively assesses security risk across their own supply chain, not just their direct controls.",
		Category:        enums.VendorScoringCategorySupplyChainRisk,
		AnswerType:      enums.VendorScoringAnswerTypeBoolean,
		SuggestedImpact: enums.VendorRiskImpactHigh,
		Enabled:         true,
	},

	{
		Key:             "GRC-05.1",
		Name:            "Has an information security program been developed and implemented?",
		Description:     "A formal, operational information security program exists covering all relevant control domains.",
		Category:        enums.VendorScoringCategoryRegulatoryCompliance,
		AnswerType:      enums.VendorScoringAnswerTypeBoolean,
		SuggestedImpact: enums.VendorRiskImpactHigh,
		Enabled:         true,
	},

	{
		Key:             "HRS-01.1",
		Name:            "Are background verification policies and procedures established for all new employees, contractors, and third parties?",
		Description:     "Background checks are conducted for all personnel with access to organizational systems or data.",
		Category:        enums.VendorScoringCategorySecurityPractices,
		AnswerType:      enums.VendorScoringAnswerTypeBoolean,
		SuggestedImpact: enums.VendorRiskImpactMedium,
		Enabled:         true,
	},
	{
		Key:             "HRS-11.1",
		Name:            "Is a security awareness training program established, documented, and maintained for all employees?",
		Description:     "All employees receive regular security awareness training.",
		Category:        enums.VendorScoringCategorySecurityPractices,
		AnswerType:      enums.VendorScoringAnswerTypeBoolean,
		SuggestedImpact: enums.VendorRiskImpactMedium,
		Enabled:         true,
	},

	{
		Key:             "AIS-04.1",
		Name:            "Is an SDLC process defined and implemented for application design, development, deployment, and operation per organizationally designed security requirements?",
		Description:     "Security is integrated throughout the software development lifecycle, not applied only at release.",
		Category:        enums.VendorScoringCategorySecurityPractices,
		AnswerType:      enums.VendorScoringAnswerTypeBoolean,
		SuggestedImpact: enums.VendorRiskImpactHigh,
		Enabled:         true,
	},
	{
		Key:             "AIS-07.1",
		Name:            "Are application security vulnerabilities remediated following defined processes?",
		Description:     "A defined process exists for tracking and remediating application security vulnerabilities to closure.",
		Category:        enums.VendorScoringCategorySecurityPractices,
		AnswerType:      enums.VendorScoringAnswerTypeBoolean,
		SuggestedImpact: enums.VendorRiskImpactHigh,
		Enabled:         true,
	},

	{
		Key:             "IVS-03.2",
		Name:            "Are communications between environments encrypted?",
		Description:     "All inter-environment communications (prod, staging, cloud, on-prem) are encrypted in transit.",
		Category:        enums.VendorScoringCategorySecurityPractices,
		AnswerType:      enums.VendorScoringAnswerTypeBoolean,
		SuggestedImpact: enums.VendorRiskImpactCritical,
		Enabled:         true,
	},

	{
		Key:             "LOG-03.1",
		Name:            "Are security-related events identified and monitored within applications and the underlying infrastructure?",
		Description:     "Security events are actively monitored across applications and infrastructure with alerting in place.",
		Category:        enums.VendorScoringCategorySecurityPractices,
		AnswerType:      enums.VendorScoringAnswerTypeBoolean,
		SuggestedImpact: enums.VendorRiskImpactHigh,
		Enabled:         true,
	},
}

DefaultVendorScoringQuestions is a curated subset of CAIQ v4.0.3 questions selected for TPRM scoring. Only outcome-oriented questions are included — policy-existence questions ("are policies established and documented?") are excluded as they do not differentiate vendors.

Keys are CAIQ question IDs and are stable permanent identifiers.

IMPORTANT: never change or remove a Key once it has been used in production — VendorRiskScore rows reference questions by Key, and removing a Key orphans those records. To retire a question, set Enabled: false so the key still resolves in All() and existing answers remain displayable.

View Source 
var (
	// ErrComputeNextRunInvalid is used to define an error when a weekly run cannot be
	// computed
	ErrComputeNextRunInvalid = errors.New("could not compute next run time in weekly cadence")
)
View Source 
var ErrUnsupportedDataType = errors.New("unsupported aaguid format")
View Source 
var SSOAuthorizationsContextKey = contextx.NewKey[*SSOAuthorizationMap]()
View Source 
var TrialModules = []OrgModule{CatalogBaseModule, CatalogComplianceModule, CatalogTrustCenterModule}
View Source 
var VersionBumpContextKey = contextx.NewKey[*VersionBump]()

Functions

func BumpMajor 

func BumpMajor(v string) (string, error)

BumpMajor increments the major version by 1 It resets the minor and patch versions to 0 For example if the version is v1.7.1 the new version will be v2.0.0 It resets the pre-release version to empty

func BumpMinor 

func BumpMinor(v string) (string, error)

BumpMinor increments the minor version by 1 It resets the patch version to 0 For example if the version is v1.7.1 the new version will be v1.8.0 It resets the pre-release version to empty

func BumpPatch 

func BumpPatch(v string) (string, error)

BumpPatch increments the patch version by 1 For example if the version is v1.7.1 the new version will be v1.7.2 If the version has a pre-release version, it clears the pre-release version

func IsCustomKey added in v1.0.18 

func IsCustomKey(key string) bool

IsCustomKey reports whether a key belongs to the custom question namespace

func SetPreRelease 

func SetPreRelease(v string) (string, error)

SetPreRelease sets the pre-release version to "draft" For example if the version is v1.7.1 the new version will be v1.7.2-draft

func Sort 

func Sort[T Sortable](items []T) []T

Sort a slice of Sortable items by their sort field

func ValidateIP 

func ValidateIP(s string) error

ValidateIP takes in an ip address and checks if it is usable for a job runner node

func ValidateURL 

func ValidateURL(s string) (string, error)

ValidateURL takes in url and makes sure it is a valid url - it must be https - it must not be localhost - it must not be a loopback address to our machine

func WithVersionBumpContext 

func WithVersionBumpContext(ctx context.Context, v *VersionBump) context.Context

WithVersionBumpContext stores the bump in ctx.

func WithVersionBumpRequestContext 

func WithVersionBumpRequestContext(ctx context.Context, v *VersionBump)

WithVersionBumpRequestContext stores the bump inside the request context (if available).

Types

type AAGUID 

type AAGUID []byte

AAGUID is a custom type representing an authenticator attestation uuid.

func ToAAGUID 

func ToAAGUID(b []byte) *AAGUID

func (AAGUID) MarshalGQL 

func (a AAGUID) MarshalGQL(w io.Writer)

func (*AAGUID) Scan 

func (a *AAGUID) Scan(value interface{}) error

func (AAGUID) String 

func (a AAGUID) String() string

func (*AAGUID) UnmarshalGQL 

func (a *AAGUID) UnmarshalGQL(v any) error

func (AAGUID) Value 

func (a AAGUID) Value() (driver.Value, error)

type Address 

type Address struct {
	// Line1 is the first line of the address
	Line1 string `json:"line1"`
	// Line2 is the second line of the address
	Line2 string `json:"line2"`
	// City is the city of the address
	City string `json:"city"`
	// State is the state of the address
	State string `json:"state"`
	// PostalCode is the postal code of the address
	PostalCode string `json:"postalCode"`
	// Country is the country of the address
	Country string `json:"country"`
}

Address is a custom type for Address

func (Address) MarshalGQL 

func (a Address) MarshalGQL(w io.Writer)

MarshalGQL implement the Marshaler interface for gqlgen

func (Address) String 

func (a Address) String() string

String returns a string representation of the address

func (*Address) UnmarshalGQL 

func (a *Address) UnmarshalGQL(v interface{}) error

UnmarshalGQL implement the Unmarshaler interface for gqlgen

type AssessmentMethod 

type AssessmentMethod struct {
	// ID is the unique identifier for the assessment method
	ID string `json:"id,omitempty"`
	// Type is the type of assessment being performed, e.g. Interview, Test, etc.
	Type string `json:"type,omitempty"`
	// Method is the associated language describing the assessment method
	Method string `json:"method,omitempty"`
}

AssessmentMethod are methods that can be used during the audit to assess the control implementation

func (AssessmentMethod) GetSortField 

func (a AssessmentMethod) GetSortField() string

GetSortField returns the field to sort on for the Sortable interface

func (AssessmentMethod) MarshalGQL 

func (a AssessmentMethod) MarshalGQL(w io.Writer)

MarshalGQL implements the Marshaler interface for gqlgen

func (*AssessmentMethod) UnmarshalGQL 

func (a *AssessmentMethod) UnmarshalGQL(v any) error

UnmarshalGQL implements the Unmarshaler interface for gqlgen

type AssessmentObjective 

type AssessmentObjective struct {
	// Class is the class of the assessment objective which is typically what framework it origins from
	Class string `json:"class,omitempty"`
	// ID is the unique identifier for the assessment objective
	ID string `json:"id,omitempty"`
	// Objective is the associated language describing the assessment objective
	Objective string `json:"objective,omitempty" `
}

AssessmentObjective are objectives that are validated during the audit to ensure the control is implemented

func (AssessmentObjective) GetSortField 

func (a AssessmentObjective) GetSortField() string

GetSortField returns the field to sort on for the Sortable interface

func (AssessmentObjective) MarshalGQL 

func (a AssessmentObjective) MarshalGQL(w io.Writer)

MarshalGQL implements the Marshaler interface for gqlgen

func (*AssessmentObjective) UnmarshalGQL 

func (a *AssessmentObjective) UnmarshalGQL(v any) error

UnmarshalGQL implements the Unmarshaler interface for gqlgen

type AuditLogOrderField 

type AuditLogOrderField string

Properties by which AuditLog connections can be ordered. 

const (
	AuditLogOrderFieldHistoryTime AuditLogOrderField = "history_time"
)

func (AuditLogOrderField) IsValid 

func (e AuditLogOrderField) IsValid() bool

IsValid checks if the AuditLogOrderField is valid.

func (AuditLogOrderField) MarshalGQL 

func (e AuditLogOrderField) MarshalGQL(w io.Writer)

MarshalGQL implements the Marshaler interface for gqlgen.

func (AuditLogOrderField) MarshalJSON 

func (e AuditLogOrderField) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaler interface for AuditLogOrderField.

func (AuditLogOrderField) String 

func (e AuditLogOrderField) String() string

String returns the string representation of the AuditLogOrderField.

func (*AuditLogOrderField) UnmarshalGQL 

func (e *AuditLogOrderField) UnmarshalGQL(v any) error

UnmarshalGQL implements the Unmarshaler interface for gqlgen.

func (*AuditLogOrderField) UnmarshalJSON 

func (e *AuditLogOrderField) UnmarshalJSON(b []byte) error

UnmarshalJSON implements the json.Unmarshaler interface for AuditLogOrderField.

type Billing 

type Billing struct {
	// Prices is a list of price options for the feature, each with its own billing interval and amount
	Prices []ItemPrice `json:"prices" yaml:"prices" jsonschema:"description=List of price options for this feature"`
}

Billing contains one or more price options for a module or addon

type Catalog 

type Catalog struct {
	// Version is the version of the catalog, following semantic versioning
	// It is used to track changes and updates to the catalog structure and content.
	// Example: "1.0.0", "2.3.1"
	Version string `json:"version" yaml:"version" jsonschema:"description=Catalog version,example=1.0.0"`
	// SHA is the SHA256 hash of the catalog version string, used to verify integrity
	SHA string `json:"sha" yaml:"sha" jsonschema:"description=SHA of the catalog version"`
	// Modules is a set of purchasable modules available in the catalog
	// Each module has its own set of features, pricing, and audience targeting.
	// Example: "compliance", "reporting", "analytics"
	Modules FeatureSet `json:"modules" yaml:"modules" jsonschema:"description=Set of modules available in the catalog"`
	// Addons is a set of purchasable addons available in the catalog
	Addons FeatureSet `json:"addons" yaml:"addons" jsonschema:"description=Set of addons available in the catalog"`
}

Catalog contains all modules and addons offered by Openlane

type Change 

type Change struct {
	// FieldName is the name of the field that changed.
	FieldName string
	// Old is the old value of the field.
	Old any
	// New is the new value of the field.
	New any
}

Change represents a change in an entity's field.

func (Change) MarshalGQL 

func (c Change) MarshalGQL(w io.Writer)

MarshalGQL implement the Marshaler interface for gqlgen

func (*Change) UnmarshalGQL 

func (c *Change) UnmarshalGQL(v interface{}) error

UnmarshalGQL implement the Unmarshaler interface for gqlgen

type CredentialSet 

type CredentialSet struct {
	// Data is the opaque provider-owned persisted credential JSON
	Data json.RawMessage `json:"data,omitempty"`
}

CredentialSet is an opaque provider-owned persisted credential JSON envelope

func (CredentialSet) MarshalGQL 

func (c CredentialSet) MarshalGQL(w io.Writer)

MarshalGQL implements the graphql.Marshaler interface for gqlgen scalar serialization

func (*CredentialSet) UnmarshalGQL 

func (c *CredentialSet) UnmarshalGQL(v any) error

UnmarshalGQL implements the graphql.Unmarshaler interface for gqlgen scalar deserialization

type Cron 

type Cron string

Cron defines the syntax for the job execution

func (Cron) MarshalGQL 

func (c Cron) MarshalGQL(w io.Writer)

MarshalGQL implement the Marshaler interface for gqlgen

func (Cron) Next 

func (c Cron) Next(from time.Time) (time.Time, error)

Next returns the next scheduled time after `from` based on the cron expression.

func (*Cron) Scan 

func (c *Cron) Scan(value interface{}) error

func (Cron) String 

func (c Cron) String() string

String returns a string representation of the cron

func (*Cron) UnmarshalGQL 

func (c *Cron) UnmarshalGQL(v any) error

UnmarshalGQL implement the Unmarshaler interface for gqlgen

func (Cron) Validate 

func (c Cron) Validate() error

Validate checks a cron to make sure it is valid . It also limits concurrent runs to 30 minutes interval of the last run so it parses the cron - look at next few executions and check the elapsed time

func (Cron) Value 

func (c Cron) Value() (driver.Value, error)

Value returns human readable cron from the database

type DateTime 

type DateTime time.Time

DateTime is a custom GraphQL scalar that converts to/from time.Time

func ToDateTime 

func ToDateTime(s string) (*DateTime, error)

ToDateTime converts a string to a DateTime pointer. It accepts both "YYYY-MM-DD" and "YYYY-MM-DDTHH:MM:SSZ" formats. Returns an error if the string is empty or in an invalid format.

func (DateTime) IsZero 

func (d DateTime) IsZero() bool

IsZero checks if the DateTime is zero (equivalent to time.Time.IsZero)

func (DateTime) MarshalGQL 

func (d DateTime) MarshalGQL(w io.Writer)

MarshalGQL writes the datetime as "YYYY-MM-DD"

func (DateTime) MarshalJSON 

func (d DateTime) MarshalJSON() ([]byte, error)

MarshalJSON formats the DateTime as a JSON string

func (DateTime) MarshalText 

func (d DateTime) MarshalText() ([]byte, error)

MarshalText formats the DateTime as "YYYY-MM-DD" for text representation this function is used by the cursor pagination to correctly format the date into the cursor string

func (*DateTime) Scan 

func (d *DateTime) Scan(value interface{}) error

Scan implements the sql.Scanner interface for DateTime

func (DateTime) String 

func (d DateTime) String() string

String formats the given datetime into a human readable version

func (*DateTime) UnmarshalCSV 

func (d *DateTime) UnmarshalCSV(s string) error

UnmarshalCSV allows the DateTime to accept both "YYYY-MM-DD" and "YYYY-MM-DDTHH:MM:SSZ"

func (*DateTime) UnmarshalGQL 

func (d *DateTime) UnmarshalGQL(v any) error

UnmarshalGQL allows the DateTime to accept both "YYYY-MM-DD" and "YYYY-MM-DDTHH:MM:SSZ"

func (*DateTime) UnmarshalJSON 

func (d *DateTime) UnmarshalJSON(b []byte) error

UnmarshalJSON parses the DateTime from a JSON string it accepts both "YYYY-MM-DD" and "YYYY-MM-DDTHH:MM:SSZ" formats and returns an error if the format is invalid

func (*DateTime) UnmarshalText 

func (d *DateTime) UnmarshalText(b []byte) error

UnmarshalText parses the DateTime from a byte slice this function is used by the cursor pagination to correctly parse the date from the cursor string

func (DateTime) Value 

func (d DateTime) Value() (driver.Value, error)

Value implements the driver.Valuer interface for DateTime

type Days 

type Days []enums.JobWeekday

Days is used to provide a human readable version of weekdays

type EmailBranding added in v1.0.7 

type EmailBranding struct {
	BrandName       string `json:"brandName,omitempty"`
	LogoURL         string `json:"logoURL,omitempty"`
	PrimaryColor    string `json:"primaryColor,omitempty"`
	SecondaryColor  string `json:"secondaryColor,omitempty"`
	BackgroundColor string `json:"backgroundColor,omitempty"`
	TextColor       string `json:"textColor,omitempty"`
	ButtonColor     string `json:"buttonColor,omitempty"`
	ButtonTextColor string `json:"buttonTextColor,omitempty"`
	LinkColor       string `json:"linkColor,omitempty"`
	FontFamily      string `json:"fontFamily,omitempty"`
}

EmailBranding defines optional branding overrides for email templates.

func (EmailBranding) IsZero added in v1.0.7 

func (b EmailBranding) IsZero() bool

IsZero reports whether the branding struct has no overrides set.

type EvidenceRequests 

type EvidenceRequests struct {
	// EvidenceRequestID is the unique identifier for where the evidence requests were sourced from
	EvidenceRequestID string `json:"evidenceRequestID,omitempty"`
	// DocumentationArtifact is a description of the documentation you'd produce as evidence
	DocumentationArtifact string `json:"documentationArtifact,omitempty"`
	// ArtifactDescription is a description of the evidence artifact
	ArtifactDescription string `json:"artifactDescription,omitempty"`
	// AreaOfFocus is the area of focus for the evidence request
	AreaOfFocus string `json:"areaOfFocus,omitempty"`
}

EvidenceRequests are common evidence requests typically collected to demonstrate control implementation

func (EvidenceRequests) GetSortField 

func (e EvidenceRequests) GetSortField() string

GetSortField returns the field to sort on for the Sortable interface

func (EvidenceRequests) MarshalGQL 

func (e EvidenceRequests) MarshalGQL(w io.Writer)

MarshalGQL implements the Marshaler interface for gqlgen

func (*EvidenceRequests) UnmarshalGQL 

func (e *EvidenceRequests) UnmarshalGQL(v any) error

UnmarshalGQL implements the Unmarshaler interface for gqlgen

type ExampleEvidence 

type ExampleEvidence struct {
	// DocumentationType is the documentation artifact type for the example evidence
	DocumentationType string `json:"documentationType,omitempty"`
	// Description is the description of the example documentation artifact for the evidence
	Description string `json:"description,omitempty"`
}

ExampleEvidence is example evidence that can be used to satisfy the control

func (ExampleEvidence) GetSortField 

func (e ExampleEvidence) GetSortField() string

GetSortField returns the field to sort on for the Sortable interface

func (ExampleEvidence) MarshalGQL 

func (e ExampleEvidence) MarshalGQL(w io.Writer)

MarshalGQL implements the Marshaler interface for gqlgen

func (*ExampleEvidence) UnmarshalGQL 

func (e *ExampleEvidence) UnmarshalGQL(v any) error

UnmarshalGQL implements the Unmarshaler interface for gqlgen

type ExportMetadata added in v1.0.11 

type ExportMetadata struct {
	KeepFileOriginalName bool `json:"keepFileOriginalName,omitempty"`
}

ExportMetadata contains metadata for an export record.

func (ExportMetadata) MarshalGQL added in v1.0.11 

func (e ExportMetadata) MarshalGQL(w io.Writer)

func (*ExportMetadata) UnmarshalGQL added in v1.0.11 

func (e *ExportMetadata) UnmarshalGQL(v interface{}) error

type Feature 

type Feature struct {
	// DisplayName is the human-readable name for the feature
	DisplayName string `` /* 127-byte string literal not displayed */
	// LookupKey is a stable identifier for the feature, used for referencing in Stripe
	// and other systems. It should be lowercase, alphanumeric, and can include underscores or dashes.
	// Example: "compliance", "advanced_reporting"
	// Pattern: ^[a-z0-9_-]+$
	LookupKey string `` /* 155-byte string literal not displayed */
	// Description provides additional context about the feature
	Description string `` /* 171-byte string literal not displayed */
	// MarketingDescription is a longer description of the feature used for marketing material
	MarketingDescription string `` /* 263-byte string literal not displayed */
	// Billing contains the pricing information for the feature
	Billing Billing `json:"billing" yaml:"billing" jsonschema:"description=Billing information for the feature"`
	// Audience indicates the intended audience for the feature - it can either be "public", "private", or "beta".
	// - "public" features are available to all users
	// - "private" features are restricted to specific users or organizations
	// - "beta" features are in testing and may not be fully stable
	Audience string `` /* 140-byte string literal not displayed */
	// Usage defines the usage limits granted by the feature, such as storage or record counts
	Usage *Usage `json:"usage,omitempty" yaml:"usage,omitempty" jsonschema:"description=Usage limits granted by the feature"`
	// ProductID is the Stripe product ID associated with this feature
	ProductID string `json:"product_id,omitempty" yaml:"product_id,omitempty" jsonschema:"description=Stripe product ID"`
	// PersonalOrg indicates if the feature should be automatically added to personal organizations
	PersonalOrg bool `` /* 126-byte string literal not displayed */
	// IncludeWithTrial indicates if the feature should be automatically included with trial subscriptions
	IncludeWithTrial bool `` /* 137-byte string literal not displayed */
}

Feature defines a purchasable module or addon feature

type FeatureSet 

type FeatureSet map[string]Feature

FeatureSet is a mapping of feature identifiers to metadata

type ImplementationGuidance 

type ImplementationGuidance struct {
	// ReferenceID is the unique identifier for where the guidance was sourced from
	ReferenceID string `json:"referenceId,omitempty"`
	// Guidance are the steps to take to implement the control
	Guidance []string `json:"guidance,omitempty"`
}

ImplementationGuidance is the steps to take to implement the control they can come directly from the control source or pulled from external sources if the reference id matches the control ref code, the guidance is directly from the control if the reference id is different, the guidance is from an external source

func (ImplementationGuidance) GetSortField 

func (i ImplementationGuidance) GetSortField() string

GetSortField returns the field to sort on for the Sortable interface

func (ImplementationGuidance) MarshalGQL 

func (i ImplementationGuidance) MarshalGQL(w io.Writer)

MarshalGQL implements the Marshaler interface for gqlgen

func (*ImplementationGuidance) UnmarshalGQL 

func (i *ImplementationGuidance) UnmarshalGQL(v any) error

UnmarshalGQL implements the Unmarshaler interface for gqlgen

type ItemPrice 

type ItemPrice struct {
	Interval   string            `json:"interval" yaml:"interval" jsonschema:"enum=year,enum=month,description=Billing interval for the price,example=month"`
	UnitAmount int64             `json:"unit_amount" yaml:"unit_amount" jsonschema:"description=Amount to be charged per interval,example=1000"`
	Nickname   string            `` /* 141-byte string literal not displayed */
	LookupKey  string            `` /* 180-byte string literal not displayed */
	Metadata   map[string]string `` /* 141-byte string literal not displayed */
	PriceID    string            `json:"price_id,omitempty" yaml:"price_id,omitempty" jsonschema:"description=Stripe price ID,example=price_1N2Yw2A1b2c3d4e5"`
}

ItemPrice describes a single price option for a module or addon

type JobCadence 

type JobCadence struct {
	Days      Days                      `json:"days,omitempty"`
	Time      string                    `json:"time,omitempty"`
	Frequency enums.JobCadenceFrequency `json:"frequency,omitempty"`
}

JobCadence defines the logic for the execution of a job

func (JobCadence) IsZero 

func (c JobCadence) IsZero() bool

IsZero checks if the cadence is not set yet

func (JobCadence) MarshalGQL 

func (c JobCadence) MarshalGQL(w io.Writer)

MarshalGQL implement the Marshaler interface for gqlgen

func (JobCadence) Next 

func (c JobCadence) Next(from time.Time) (time.Time, error)

Next calculates the next execution time for a JobCadence

func (JobCadence) String 

func (c JobCadence) String() string

String marshals the cadence into a human readable version

func (*JobCadence) UnmarshalGQL 

func (c *JobCadence) UnmarshalGQL(v interface{}) error

UnmarshalGQL implement the Unmarshaler interface for gqlgen

func (*JobCadence) Validate 

func (c *JobCadence) Validate() error

Validate makes sure we have a usable job cadence setting

type JobConfiguration 

type JobConfiguration json.RawMessage

JobConfiguration allows users configure the parameters that will be templated into their scripts that runs in the automated jobs

func (JobConfiguration) MarshalGQL 

func (job JobConfiguration) MarshalGQL(w io.Writer)

MarshalGQL implement the Marshaler interface for gqlgen

func (JobConfiguration) MarshalJSON 

func (job JobConfiguration) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaler interface

func (*JobConfiguration) UnmarshalGQL 

func (job *JobConfiguration) UnmarshalGQL(v interface{}) error

UnmarshalGQL implement the Unmarshaler interface for gqlgen

func (*JobConfiguration) UnmarshalJSON 

func (job *JobConfiguration) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaler interface

type OrgModule 

type OrgModule string

OrgModule identifies a purchasable module 

const (
	CatalogBaseModule                    OrgModule = "base_module"
	CatalogComplianceModule              OrgModule = "compliance_module"
	CatalogDomainScanningAddon           OrgModule = "domain_scanning_addon"
	CatalogEntityManagementModule        OrgModule = "entity_management_module"
	CatalogExtraEvidenceStorageAddon     OrgModule = "extra_evidence_storage_addon"
	CatalogPolicyManagementAddon         OrgModule = "policy_management_addon"
	CatalogRiskManagementAddon           OrgModule = "risk_management_addon"
	CatalogTrustCenterModule             OrgModule = "trust_center_module"
	CatalogVulnerabilityManagementModule OrgModule = "vulnerability_management_module"
)

func (OrgModule) IsValid 

func (m OrgModule) IsValid() bool

IsValid reports whether m is a known module constant

func (OrgModule) MarshalGQL 

func (m OrgModule) MarshalGQL(w io.Writer)

MarshalGQL implements the graphql.Marshaler interface

func (OrgModule) MarshalText 

func (m OrgModule) MarshalText() ([]byte, error)

MarshalText implements encoding.TextMarshaler

func (OrgModule) String 

func (m OrgModule) String() string

String returns the string representation of the OrgModule

func (*OrgModule) UnmarshalGQL 

func (m *OrgModule) UnmarshalGQL(v any) error

UnmarshalGQL implements the graphql.Unmarshaler interface

func (*OrgModule) UnmarshalText 

func (m *OrgModule) UnmarshalText(text []byte) error

UnmarshalText implements encoding.TextUnmarshaler

type Price 

type Price struct {
	// Amount is the dollar amount of the price (e.g 100)
	Amount float64 `json:"amount"`
	// Interval is the interval of the price (e.g monthly, yearly)
	Interval string `json:"interval"`
	// Currency is the currency of the price that is being charged (e.g USD)
	Currency string `json:"currency"`
}

Price is a custom type for pricing data

func (Price) MarshalGQL 

func (p Price) MarshalGQL(w io.Writer)

MarshalGQL implement the Marshaler interface for gqlgen

func (Price) String 

func (p Price) String() string

String returns a string representation of the price

func (*Price) UnmarshalGQL 

func (p *Price) UnmarshalGQL(v interface{}) error

UnmarshalGQL implement the Unmarshaler interface for gqlgen

type Reference 

type Reference struct {
	// Name is the name of the reference
	Name string `json:"name,omitempty"`
	// URL is the link to the reference
	URL string `json:"url,omitempty"`
}

Reference are links to external sources that can be used to gain more information about the control

func (Reference) GetSortField 

func (r Reference) GetSortField() string

GetSortField returns the field to sort on for the Sortable interface

func (Reference) MarshalGQL 

func (r Reference) MarshalGQL(w io.Writer)

MarshalGQL implements the Marshaler interface for gqlgen

func (*Reference) UnmarshalGQL 

func (r *Reference) UnmarshalGQL(v any) error

UnmarshalGQL implements the Unmarshaler interface for gqlgen

type RiskThreshold added in v1.0.18 

type RiskThreshold struct {
	// Rating is the risk rating tier
	Rating enums.VendorRiskRating `json:"rating"`
	// MaxScore is the upper bound (inclusive) for this tier
	MaxScore float64 `json:"maxScore"`
}

RiskThreshold maps a VendorRiskRating to its upper score bound

type RiskThresholdsConfig added in v1.0.18 

type RiskThresholdsConfig struct {
	// Custom holds org-specific threshold overrides keyed by Rating
	Custom []RiskThreshold `json:"custom"`
}

RiskThresholdsConfig is stored as a JSON field on VendorScoringConfig. Only org-custom overrides are persisted; system defaults come from DefaultRiskThresholds. Custom entries with the same Rating as a default replace the default's MaxScore.

func (RiskThresholdsConfig) All added in v1.0.18 

func (v RiskThresholdsConfig) All() []RiskThreshold

All returns the merged set of default and custom thresholds sorted by MaxScore ascending. Custom entries with the same Rating as a default replace the default entry.

func (RiskThresholdsConfig) MarshalGQL added in v1.0.18 

func (v RiskThresholdsConfig) MarshalGQL(w io.Writer)

MarshalGQL implements the Marshaler interface for gqlgen

func (RiskThresholdsConfig) Resolve added in v1.0.18 

func (v RiskThresholdsConfig) Resolve(score float64) string

Resolve returns the risk rating for a given score by finding the first threshold where score <= MaxScore. If the score exceeds all thresholds, the highest tier is returned.

func (*RiskThresholdsConfig) UnmarshalGQL added in v1.0.18 

func (v *RiskThresholdsConfig) UnmarshalGQL(val any) error

UnmarshalGQL implements the Unmarshaler interface for gqlgen

type SSOAuthorizationMap 

type SSOAuthorizationMap map[string]time.Time

SSOAuthorizationMap tracks SSO verification timestamps per organization ID.

func (SSOAuthorizationMap) MarshalGQL 

func (m SSOAuthorizationMap) MarshalGQL(w io.Writer)

MarshalGQL implements the gqlgen Marshaler interface.

func (*SSOAuthorizationMap) UnmarshalGQL 

func (m *SSOAuthorizationMap) UnmarshalGQL(v any) error

UnmarshalGQL implements the gqlgen Unmarshaler interface.

type SearchContext 

type SearchContext struct {
	EntityID      string           `json:"entityID"`
	EntityType    string           `json:"entityType"`
	MatchedFields []string         `json:"matchedFields"`
	Snippets      []*SearchSnippet `json:"snippets,omitempty"`
}

SearchContext provides information about why a particular entity matched the search query

type SearchSnippet 

type SearchSnippet struct {
	Field string `json:"field"`
	Text  string `json:"text"`
}

SearchSnippet represents a piece of matched content with surrounding context

type SemverVersion 

type SemverVersion struct {
	// Major is the major version
	Major int `json:"major,omitempty"`
	// Minor is the minor version
	Minor int `json:"minor,omitempty"`
	// Patch is the patch version
	Patch int `json:"patch,omitempty"`
	// PreRelease is the pre-release version (used for draft versions)
	PreRelease string `json:"preRelease,omitempty"`
}

SemverVersion is a custom type for semantic versioning It is used to represent the version of objects stored in the database

func ToSemverVersion 

func ToSemverVersion(version *string) (*SemverVersion, error)

ToSemverVersion converts a string to a SemverVersion It parses the string and returns a SemverVersion object It supports the following formats: - v1.0.0 - 1.0.0 - v1.0.0-alpha - 1.0.0-alpha anything after the first "-" is considered a pre-release version

func (*SemverVersion) BumpPatchSemver 

func (s *SemverVersion) BumpPatchSemver()

BumpPatch increments the patch version by 1 For example if the version is v1.7.1 the new version will be v1.7.2 It resets the pre-release version to empty

func (SemverVersion) String 

func (s SemverVersion) String() string

String returns a string representation of the version

type Sortable 

type Sortable interface {
	GetSortField() string
}

type TestingProcedures 

type TestingProcedures struct {
	// ReferenceID is the unique identifier for where the procedures were sourced from
	ReferenceID string `json:"referenceId,omitempty"`
	// Procedures are the steps to take to test the control
	Procedures []string `json:"procedures,omitempty"`
}

TestingProcedures are the steps to take to test the control implementation and are typically a part of enriched data sources

func (TestingProcedures) GetSortField 

func (t TestingProcedures) GetSortField() string

GetSortField returns the field to sort on for the Sortable interface

func (TestingProcedures) MarshalGQL 

func (t TestingProcedures) MarshalGQL(w io.Writer)

MarshalGQL implements the Marshaler interface for gqlgen

func (*TestingProcedures) UnmarshalGQL 

func (t *TestingProcedures) UnmarshalGQL(v any) error

UnmarshalGQL implements the Unmarshaler interface for gqlgen

type Usage 

type Usage struct {
	// EvidenceStorageGB is the storage limit in GB for evidence related to the feature
	EvidenceStorageGB int64 `` /* 142-byte string literal not displayed */
	// RecordCount is the maximum number of records allowed for the feature
	RecordCount int64 `` /* 131-byte string literal not displayed */
}

Usage defines usage limits granted by a feature.

type VendorScoringQuestionDef added in v1.0.18 

type VendorScoringQuestionDef struct {
	// Key is the stable identifier used in VendorRiskScore.question_key; never changes after initial use.
	// For CAIQ-sourced questions this is the CAIQ question ID (e.g. "IAM-14.1").
	Key string `json:"key"`
	// Name is the human-readable label for this question
	Name string `json:"name"`
	// Description explains what the question is evaluating
	Description string `json:"description,omitempty"`
	// Category is the taxonomy grouping for this question
	Category enums.VendorScoringCategory `json:"category"`
	// AnswerType defines the expected input format for the answer field
	AnswerType enums.VendorScoringAnswerType `json:"answerType"`
	// AnswerOptions lists valid values for SINGLE_SELECT questions; empty for all other types
	AnswerOptions []string `json:"answerOptions,omitempty"`
	// SuggestedImpact is the default impact pre-populated on VendorRiskScore at creation;
	// assessors override per vendor based on the vendor's specific risk context
	SuggestedImpact enums.VendorRiskImpact `json:"suggestedImpact"`
	// Enabled controls whether this question is active; set to false to retire a question
	// without removing it (removing a key orphans existing VendorRiskScore rows)
	Enabled bool `json:"enabled"`
}

VendorScoringQuestionDef defines a single vendor scoring question. Impact and likelihood are not stored here — both are per-vendor on VendorRiskScore.

type VendorScoringQuestionsConfig added in v1.0.18 

type VendorScoringQuestionsConfig struct {
	// Custom holds org-specific question additions and overrides of system defaults
	Custom []VendorScoringQuestionDef `json:"custom"`
}

VendorScoringQuestionsConfig is stored as a JSON field on VendorScoringConfig. Only org-custom questions are persisted; system defaults always come from DefaultVendorScoringQuestions. Custom entries with the same Key as a system default replace the default entry, allowing per-org wording changes, impact adjustments, or disabling of system defaults.

func (VendorScoringQuestionsConfig) All added in v1.0.18 

func (v VendorScoringQuestionsConfig) All() []VendorScoringQuestionDef

All returns the merged set of system defaults and org-custom questions. Custom entries with the same Key as a system default replace the default entry. Pure custom-key entries (not in defaults) are appended after the defaults.

func (*VendorScoringQuestionsConfig) AssignCustomKeys added in v1.0.18 

func (v *VendorScoringQuestionsConfig) AssignCustomKeys()

AssignCustomKeys generates stable keys for custom questions that have an empty Key field Keys follow the format {CUST-prefix}-{nn}.01 where nn is zero-padded and scoped to the category prefix. Keys that match a system default are preserved as intentional overrides; all other non-CUST keys are reassigned to prevent collisions

func (VendorScoringQuestionsConfig) MarshalGQL added in v1.0.18 

func (v VendorScoringQuestionsConfig) MarshalGQL(w io.Writer)

MarshalGQL implements the Marshaler interface for gqlgen

func (*VendorScoringQuestionsConfig) UnmarshalGQL added in v1.0.18 

func (v *VendorScoringQuestionsConfig) UnmarshalGQL(val any) error

UnmarshalGQL implements the Unmarshaler interface for gqlgen

type VersionBump 

type VersionBump string

VersionBump is a custom type for version bumping It is used to represent the type of version bumping 

var (
	// Major is the major version
	Major VersionBump = "MAJOR"
	// Minor is the minor version
	Minor VersionBump = "MINOR"
	// Patch is the patch version
	Patch VersionBump = "PATCH"
	// PreRelease is the pre-release version
	PreRelease VersionBump = "DRAFT"
)

func ToVersionBump 

func ToVersionBump(r string) *VersionBump

ToVersionBump returns the version bump enum based on string input

func VersionBumpFromContext 

func VersionBumpFromContext(ctx context.Context) (*VersionBump, bool)

VersionBumpFromContext retrieves the bump from ctx.

func VersionBumpFromRequestContext 

func VersionBumpFromRequestContext(ctx context.Context) (*VersionBump, bool)

VersionBumpFromRequestContext returns the bump previously stored on the request context.

func (VersionBump) MarshalGQL 

func (v VersionBump) MarshalGQL(w io.Writer)

MarshalGQL implement the Marshaler interface for gqlgen

func (VersionBump) String 

func (v VersionBump) String() string

String returns the role as a string

func (*VersionBump) UnmarshalGQL 

func (v *VersionBump) UnmarshalGQL(a any) error

UnmarshalGQL implement the Unmarshaler interface for gqlgen

func (VersionBump) Values 

func (VersionBump) Values() (kinds []string)

Values returns a slice of strings that represents all the possible values of the VersionBump enum. Possible default values are "MAJOR", "MINOR", "PATCH", "DRAFT"

type WorkflowAction 

type WorkflowAction struct {
	// Key is the unique action key within the workflow
	Key string `json:"key,omitempty"`
	// Type is the action type such as REQUEST_APPROVAL or NOTIFY
	Type string `json:"type,omitempty"`
	// Params contains action-specific configuration payload
	Params json.RawMessage `json:"params,omitempty"`
	// When is an optional CEL expression that conditionally executes the action
	When string `json:"when,omitempty"`
	// Description is a human-readable action description
	Description string `json:"description,omitempty"`
}

WorkflowAction represents an action performed by the workflow.

type WorkflowAssignmentApproval added in v1.0.2 

type WorkflowAssignmentApproval struct {
	// ActionKey is the workflow action key this assignment belongs to
	ActionKey string `json:"action_key,omitempty"`
	// Required indicates if this assignment is required for workflow progression
	Required bool `json:"required,omitempty"`
	// RequiredCount is the quorum count needed if using count-based approval
	RequiredCount int `json:"required_count,omitempty"`
	// Label is an optional human-readable label for the assignment
	Label string `json:"label,omitempty"`
	// ProposedHash is the hash of the proposal changes when this assignment was created
	ProposedHash string `json:"proposed_hash,omitempty"`
	// ApprovedAt captures when the assignment was approved
	ApprovedAt string `json:"approved_at,omitempty"`
	// ApprovedByUserID is the user who approved the assignment
	ApprovedByUserID string `json:"approved_by_user_id,omitempty"`
}

WorkflowAssignmentApproval captures structured metadata for workflow assignments

func (WorkflowAssignmentApproval) MarshalGQL added in v1.0.2 

func (d WorkflowAssignmentApproval) MarshalGQL(w io.Writer)

MarshalGQL implements the Marshaler interface for gqlgen.

func (*WorkflowAssignmentApproval) UnmarshalGQL added in v1.0.2 

func (d *WorkflowAssignmentApproval) UnmarshalGQL(v any) error

UnmarshalGQL implements the Unmarshaler interface for gqlgen.

type WorkflowAssignmentContext 

type WorkflowAssignmentContext struct {
	// AssignmentKey is the workflow action key that produced this assignment
	AssignmentKey string `json:"assignmentKey,omitempty"`
	// Status is the current assignment status
	Status enums.WorkflowAssignmentStatus `json:"status,omitempty"`
	// ActorUserID is the user actor associated with the decision when available
	ActorUserID string `json:"actorUserId,omitempty"`
	// ActorGroupID is the group actor associated with the decision when available
	ActorGroupID string `json:"actorGroupId,omitempty"`
	// DecidedAt is when the assignment transitioned to a decided state
	DecidedAt *time.Time `json:"decidedAt,omitempty"`
	// Notes stores optional assignment decision notes
	Notes string `json:"notes,omitempty"`
}

WorkflowAssignmentContext tracks an assignment decision within an instance.

type WorkflowAssignmentInvalidation added in v1.0.2 

type WorkflowAssignmentInvalidation struct {
	// Reason explains why the approval was invalidated
	Reason string `json:"reason,omitempty"`
	// PreviousStatus is the status before invalidation such as APPROVED
	PreviousStatus string `json:"previous_status,omitempty"`
	// InvalidatedAt is when the invalidation occurred
	InvalidatedAt string `json:"invalidated_at,omitempty"`
	// InvalidatedByUserID is the user who made the change that triggered invalidation
	InvalidatedByUserID string `json:"invalidated_by_user_id,omitempty"`
	// ApprovedHash is the hash that was approved before invalidation
	ApprovedHash string `json:"approved_hash,omitempty"`
	// NewProposedHash is the new hash after the changes that triggered invalidation
	NewProposedHash string `json:"new_proposed_hash,omitempty"`
}

WorkflowAssignmentInvalidation captures details when an approval is invalidated (approvals are invalidated when there is a subsequent change to the proposed changes)

func (WorkflowAssignmentInvalidation) MarshalGQL added in v1.0.2 

func (d WorkflowAssignmentInvalidation) MarshalGQL(w io.Writer)

MarshalGQL implements the Marshaler interface for gqlgen.

func (*WorkflowAssignmentInvalidation) UnmarshalGQL added in v1.0.2 

func (d *WorkflowAssignmentInvalidation) UnmarshalGQL(v any) error

UnmarshalGQL implements the Unmarshaler interface for gqlgen.

type WorkflowAssignmentRejection added in v1.0.2 

type WorkflowAssignmentRejection struct {
	// ActionKey is the workflow action key this assignment belongs to
	ActionKey string `json:"action_key,omitempty"`
	// RejectionReason stores an optional rejection reason
	RejectionReason string `json:"rejection_reason,omitempty"`
	// RejectedAt is when the rejection occurred
	RejectedAt string `json:"rejected_at,omitempty"`
	// RejectedByUserID is the user who made the rejection decision
	RejectedByUserID string `json:"rejected_by_user_id,omitempty"`
	// RejectedHash is the hash that was rejected encapsulating the changes that were not merged
	RejectedHash string `json:"rejected_hash,omitempty"`
	// ChangeRequestInputs stores optional structured inputs for change requests
	ChangeRequestInputs map[string]any `json:"change_request_inputs,omitempty"`
}

WorkflowAssignmentRejection captures details when an approval is rejected / denied

func (WorkflowAssignmentRejection) MarshalGQL added in v1.0.2 

func (d WorkflowAssignmentRejection) MarshalGQL(w io.Writer)

MarshalGQL implements the Marshaler interface for gqlgen.

func (*WorkflowAssignmentRejection) UnmarshalGQL added in v1.0.2 

func (d *WorkflowAssignmentRejection) UnmarshalGQL(v any) error

UnmarshalGQL implements the Unmarshaler interface for gqlgen.

type WorkflowCondition 

type WorkflowCondition struct {
	// Expression is the CEL condition that must evaluate to true
	Expression string `json:"expression,omitempty"`
	// Description is a human-readable condition description
	Description string `json:"description,omitempty"`
}

WorkflowCondition describes a CEL condition that must pass.

type WorkflowDefinitionDocument 

type WorkflowDefinitionDocument struct {
	// Name is the workflow definition name
	Name string `json:"name,omitempty"`
	// Description describes what the workflow does
	Description string `json:"description,omitempty"`
	// SchemaType is the primary schema/object type targeted by the workflow
	SchemaType string `json:"schemaType,omitempty"`
	// WorkflowKind selects the workflow execution behavior
	WorkflowKind enums.WorkflowKind `json:"workflowKind,omitempty"`
	// ApprovalSubmissionMode controls draft vs auto-submit behavior for approval domains
	ApprovalSubmissionMode enums.WorkflowApprovalSubmissionMode `json:"approvalSubmissionMode,omitempty"`
	// ApprovalTiming controls whether approvals block changes or happen after commit
	ApprovalTiming enums.WorkflowApprovalTiming `json:"approvalTiming,omitempty"`
	// Version tracks the definition document version
	Version string `json:"version,omitempty"`
	// Targets scopes which objects are eligible for this definition
	Targets WorkflowSelector `json:"targets,omitempty"`
	// Triggers defines which events start workflow evaluation
	Triggers []WorkflowTrigger `json:"triggers,omitempty"`
	// Conditions defines CEL predicates that must pass for execution
	Conditions []WorkflowCondition `json:"conditions,omitempty"`
	// Actions defines the ordered workflow steps to execute
	Actions []WorkflowAction `json:"actions,omitempty"`
	// Metadata stores optional extensible workflow metadata
	Metadata map[string]any `json:"metadata,omitempty"`
}

WorkflowDefinitionDocument represents the stored workflow definition with typed fields.

func (WorkflowDefinitionDocument) MarshalGQL 

func (d WorkflowDefinitionDocument) MarshalGQL(w io.Writer)

MarshalGQL implements the Marshaler interface for gqlgen.

func (*WorkflowDefinitionDocument) UnmarshalGQL 

func (d *WorkflowDefinitionDocument) UnmarshalGQL(v any) error

UnmarshalGQL implements the Unmarshaler interface for gqlgen.

type WorkflowDefinitionSchema 

type WorkflowDefinitionSchema struct {
	// Version tracks the schema document version
	Version string `json:"version,omitempty"`
	// Schema contains the optional JSONSchema used to validate definitions
	Schema json.RawMessage `json:"schema,omitempty"`
}

WorkflowDefinitionSchema represents a template schema for definitions.

func (WorkflowDefinitionSchema) MarshalGQL 

func (d WorkflowDefinitionSchema) MarshalGQL(w io.Writer)

MarshalGQL implements the Marshaler interface for gqlgen.

func (*WorkflowDefinitionSchema) UnmarshalGQL 

func (d *WorkflowDefinitionSchema) UnmarshalGQL(v any) error

UnmarshalGQL implements the Unmarshaler interface for gqlgen.

type WorkflowEventPayload 

type WorkflowEventPayload struct {
	// EventType identifies the workflow event kind
	EventType enums.WorkflowEventType `json:"eventType,omitempty"`
	// ActionKey identifies the related action when applicable
	ActionKey string `json:"actionKey,omitempty"`
	// Details stores event-specific payload data
	Details json.RawMessage `json:"details,omitempty"`
}

WorkflowEventPayload stores workflow event payloads.

func (WorkflowEventPayload) MarshalGQL 

func (p WorkflowEventPayload) MarshalGQL(w io.Writer)

MarshalGQL implements the Marshaler interface for gqlgen.

func (*WorkflowEventPayload) UnmarshalGQL 

func (p *WorkflowEventPayload) UnmarshalGQL(v any) error

UnmarshalGQL implements the Unmarshaler interface for gqlgen.

type WorkflowInstanceContext 

type WorkflowInstanceContext struct {
	// WorkflowDefinitionID is the definition that produced this instance
	WorkflowDefinitionID string `json:"workflowDefinitionId,omitempty"`
	// ObjectType is the workflow object type under evaluation
	ObjectType enums.WorkflowObjectType `json:"objectType,omitempty"`
	// ObjectID is the concrete object identifier under evaluation
	ObjectID string `json:"objectId,omitempty"`
	// Version increments as instance context evolves
	Version int `json:"version,omitempty"`
	// Assignments snapshots assignment decisions for context-aware evaluation
	Assignments []WorkflowAssignmentContext `json:"assignments,omitempty"`
	// TriggerEventType is the source event type that triggered this instance
	TriggerEventType string `json:"triggerEventType,omitempty"`
	// TriggerChangedFields lists fields changed by the triggering mutation
	TriggerChangedFields []string `json:"triggerChangedFields,omitempty"`
	// TriggerChangedEdges lists relationships changed by the triggering mutation
	TriggerChangedEdges []string `json:"triggerChangedEdges,omitempty"`
	// TriggerAddedIDs maps relationship names to added identifiers from the triggering mutation
	TriggerAddedIDs map[string][]string `json:"triggerAddedIds,omitempty"`
	// TriggerRemovedIDs maps relationship names to removed identifiers from the triggering mutation
	TriggerRemovedIDs map[string][]string `json:"triggerRemovedIds,omitempty"`
	// TriggerUserID is the actor that initiated the triggering mutation
	TriggerUserID string `json:"triggerUserId,omitempty"`
	// TriggerProposedChanges contains normalized proposed field values from the triggering mutation
	TriggerProposedChanges map[string]any `json:"triggerProposedChanges,omitempty"`
	// ParallelApprovalKeys tracks approval action keys that can execute concurrently
	ParallelApprovalKeys []string `json:"parallelApprovalKeys,omitempty"`
	// ExecutedNotifications tracks conditional notification action keys that have already fired
	ExecutedNotifications []string `json:"executedNotifications,omitempty"`
}

WorkflowInstanceContext holds runtime context for a workflow instance.

func (WorkflowInstanceContext) MarshalGQL 

func (c WorkflowInstanceContext) MarshalGQL(w io.Writer)

MarshalGQL implements the Marshaler interface for gqlgen.

func (*WorkflowInstanceContext) UnmarshalGQL 

func (c *WorkflowInstanceContext) UnmarshalGQL(v any) error

UnmarshalGQL implements the Unmarshaler interface for gqlgen.

type WorkflowSelector 

type WorkflowSelector struct {
	// TagIDs scopes matching to objects carrying any of these tags
	TagIDs []string `json:"tagIds,omitempty"`
	// GroupIDs scopes matching to objects associated with any of these groups
	GroupIDs []string `json:"groupIds,omitempty"`
	// ObjectTypes scopes matching to specific workflow object types
	ObjectTypes []enums.WorkflowObjectType `json:"objectTypes,omitempty"`
}

WorkflowSelector scopes workflows to tags, groups, or object types.

type WorkflowTrigger 

type WorkflowTrigger struct {
	// Operation is the mutation operation that triggers evaluation such as CREATE UPDATE or DELETE
	Operation string `json:"operation,omitempty"`
	// Interval is the schedule interval for periodic triggers such as 1h
	Interval string `json:"interval,omitempty"`
	// ObjectType is the schema/object type targeted by this trigger
	ObjectType enums.WorkflowObjectType `json:"objectType,omitempty"`
	// Fields limits evaluation to changes on specific fields
	Fields []string `json:"fields,omitempty"`
	// Edges limits evaluation to changes on specific relationships
	Edges []string `json:"edges,omitempty"`
	// Selector further scopes trigger matching using tags groups or object types
	Selector WorkflowSelector `json:"selector,omitempty"`
	// Expression is an optional CEL expression gate for trigger matching
	Expression string `json:"expression,omitempty"`
	// Description is a human-readable trigger description
	Description string `json:"description,omitempty"`
}

WorkflowTrigger describes when to run a workflow.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.