scanner

package
v1.0.2 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Dec 30, 2025 License: Apache-2.0 Imports: 2 Imported by: 0

Documentation

Index

Constants

View Source 
const VirtualPathSeparator = "::"

VirtualPathSeparator is used to delimit components in virtual paths.

Variables

This section is empty.

Functions

func BuildVirtualPath 

func BuildVirtualPath(components ...string) string

BuildVirtualPath constructs a virtual path from components. Example: BuildVirtualPath("image.tar", "layer-abc", "etc/app.yaml") -> "image.tar::layer-abc::etc/app.yaml"

func GetArtifactRoot 

func GetArtifactRoot(path string) string

GetArtifactRoot extracts the root artifact from a virtual path. Example: "image.tar::layer-abc::etc/app.yaml" -> "image.tar"

func GetDepth 

func GetDepth(path string) int

GetDepth returns the nesting depth of a virtual path. Example: "image.tar::layer-abc::etc/app.yaml" -> 3

func IsVirtualPath 

func IsVirtualPath(path string) bool

IsVirtualPath checks if a path contains virtual path separators.

func ParseVirtualPath 

func ParseVirtualPath(path string) []string

ParseVirtualPath splits a virtual path into its components. Example: "image.tar::layer-abc::etc/app.yaml" -> ["image.tar", "layer-abc", "etc/app.yaml"]

Types

type BatchInput 

type BatchInput struct {
	Path    string
	Data    []byte
	Context ScanContext
}

BatchInput represents a single unit of work for batch scanning.

type ScanContext 

type ScanContext struct {
	// VirtualPath is the display path showing the artifact chain.
	// Example: "myapp.tar::layer-sha256:abc123::etc/secrets/config.yaml"
	VirtualPath string

	// RealPath is the actual filesystem path (if content is on disk).
	// For in-memory scanning, this may be empty or a temp file path.
	RealPath string

	// Metadata contains artifact-specific context.
	// Examples:
	//   - "archive": "myapp.zip"
	//   - "layer_digest": "sha256:abc123..."
	//   - "layer_index": "5"
	//   - "kubernetes_kind": "Secret"
	//   - "kubernetes_namespace": "default"
	Metadata map[string]string
}

ScanContext provides additional context for scanning artifacts. It allows scanners to enrich findings with metadata about where the content originated (layer, archive entry, manifest, etc.).

type Scanner 

type Scanner interface {
	// Scan scans content at the given path and returns findings.
	// The path is used for context and may be a real file path or virtual path.
	Scan(path string, data []byte) ([]types.Finding, error)

	// ScanWithContext scans content with additional artifact context.
	// This is useful for nested artifacts where the path needs to show
	// the full chain (e.g., "archive.zip::inner.tar::file.txt").
	ScanWithContext(ctx ScanContext, data []byte) ([]types.Finding, error)

	// ScanBatch scans multiple inputs in a single invocation. Implementations
	// should process all inputs in one subprocess execution when possible to
	// reduce overhead and return aggregated findings.
	ScanBatch(inputs []BatchInput) ([]types.Finding, error)

	// Version returns the scanner version information.
	Version() (string, error)

	// Detectors returns the list of detector IDs supported by this scanner.
	Detectors() ([]string, error)
}

Scanner defines the interface for secret detection engines. Implementations include Gitleaks integration and potential future scanners.

Source Files

View all Source files

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.