vdb

package
v3.12.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jun 1, 2026 License: AGPL-3.0 Imports: 22 Imported by: 0

Documentation

Index

Constants

View Source 
const (
	// StaticEnumTTL is the cache TTL for slowly-changing enumeration endpoints.
	StaticEnumTTL = 1 * time.Hour
	// PaginatedEnumTTL is the cache TTL for paginated list endpoints.
	PaginatedEnumTTL = 5 * time.Minute
)
View Source 
const (
	DefaultBaseURL    = "https://api.vdb.vulnetix.com"
	DefaultAPIVersion = "/v2"
	Region            = "us-east-1"
	Service           = "vdb"
	Algorithm         = "AWS4-HMAC-SHA512"
	TokenExpiry       = 15 * time.Minute
	MaxRetries        = 2
	BaseBackoff       = 2 * time.Second
)

Variables

View Source 
var Verbose bool

Verbose controls whether transient retry/backoff progress messages (rate-limit retries, countdown waits) are emitted to stderr. Final errors are always returned to the caller. Set by the cmd layer from the --verbose flag.

Functions

func LoadCredentials 

func LoadCredentials() (orgID, secretKey string, err error)

LoadCredentials loads VDB credentials using the centralized auth package. Returns orgID and secretKey for backward compatibility with existing callers.

func LoadFullCredentials 

func LoadFullCredentials() (*auth.Credentials, error)

LoadFullCredentials loads credentials as a full Credentials struct

Types

type AttackTechniquesSearchParams 

type AttackTechniquesSearchParams struct {
	TechniqueIDs []string
	Tactics      []string
	CveIDs       []string
	Sources      []string
	CapecID      string
	Domain       string
	Subtechnique string
	DerivedBy    string
	Q            string
	Since        string
	Until        string
	Limit        int
	Offset       int
}

AttackTechniquesSearchParams carries the optional filter knobs for the MITRE ATT&CK collection endpoint.

type CVEInfo 

type CVEInfo struct {
	Data interface{} // Store full response for display (array or object)
}

CVEInfo represents vulnerability information for a CVE

type CliControlFlag added in v3.9.0 

type CliControlFlag struct {
	Flag  string `json:"flag"`
	Value string `json:"value"`
}

CliControlFlag is one control flag in effect for the scan (e.g. {"--severity","high"}, {"--block-malware","true"}). Captures every control flag the user set — not only the ones that breached — so the server can reconstruct the full invocation for the build-outcome display.

type CliCweGuidanceRequest added in v3.6.0 

type CliCweGuidanceRequest struct {
	CweIDs []string `json:"cweIds"`
}

CliCweGuidanceRequest accepts CWE-* ids.

type CliEnv added in v3.6.0 

type CliEnv struct {
	CliVersion      string                `json:"cliVersion,omitempty"`
	Commit          string                `json:"commit,omitempty"`
	BuildDate       string                `json:"buildDate,omitempty"`
	Platform        string                `json:"platform,omitempty"`
	Arch            string                `json:"arch,omitempty"`
	OS              string                `json:"os,omitempty"`
	Hostname        string                `json:"hostname,omitempty"`
	Shell           string                `json:"shell,omitempty"`
	Git             *CliGitContext        `json:"git,omitempty"`
	PackageManagers []CliPackageMgr       `json:"packageManagers,omitempty"`
	MemoryPath      string                `json:"memoryPath,omitempty"`
	Licenses        []CliLicenseHit       `json:"licenses,omitempty"`
	Manifests       []CliManifestMetadata `json:"manifests,omitempty"`
	ToolMetadata    *CliSBOMToolMetadata  `json:"toolMetadata,omitempty"`
	Capabilities    []CliPMCapability     `json:"capabilities,omitempty"`
}

CliEnv carries local-machine context. Every field is optional; older CLIs keep working as new fields are added server-side.

func SnapshotEnv added in v3.6.0 

func SnapshotEnv(cwd, cliVersion, cliCommit, cliBuildDate string) CliEnv

SnapshotEnv assembles the CliEnv block from the running CLI process. Safe to call at the start of every CLI command; reads are cheap (gitctx walks the cwd once, ManifestFiles is a static map lookup). Callers should pass the version/commit/buildDate constants the cmd package already plumbs.

type CliFinalizeRequest added in v3.9.0 

type CliFinalizeRequest struct {
	IngestionSnapshotUuid string           `json:"ingestionSnapshotUuid"`
	ExitCode              int              `json:"exitCode"`               // 0 = pass, 1 = break build
	BreakBuild            bool             `json:"breakBuild"`             // true when a gate breached
	Gates                 []CliGateResult  `json:"gates"`                  // per-gate breach detail (empty when clean)
	ControlFlags          []CliControlFlag `json:"controlFlags,omitempty"` // every control flag in effect (incl. non-breaching)
}

CliFinalizeRequest reports the scan's policy-gate decision back to the server, anchored to the IngestionSnapshot.uuid from /v2/cli.sca.

type CliFinalizeResponse added in v3.9.0 

type CliFinalizeResponse struct {
	Persisted bool `json:"persisted"`
}

CliFinalizeResponse is the success body.

type CliFindingResult added in v3.7.0 

type CliFindingResult struct {
	FindingID      string                 `json:"findingId"`
	FindingUuid    string                 `json:"findingUuid"`
	PackageName    string                 `json:"packageName,omitempty"`
	PackageVersion string                 `json:"packageVersion,omitempty"`
	Purl           string                 `json:"purl,omitempty"`
	IntroducedVia  []CliIntroducedViaPath `json:"introducedVia,omitempty"`
}

CliFindingResult mirrors the persisted Finding for reachability correlation.

type CliGateResult added in v3.9.0 

type CliGateResult struct {
	Gate    string `json:"gate"`
	Count   int    `json:"count"`
	Message string `json:"message"`
}

CliGateResult is one gate's decision — mirrors cmd.GateBreach.

type CliGitContext added in v3.6.0 

type CliGitContext struct {
	Branch   string   `json:"branch,omitempty"`
	Commit   string   `json:"commit,omitempty"`
	Author   string   `json:"author,omitempty"`
	Remotes  []string `json:"remotes,omitempty"`
	Dirty    bool     `json:"dirty,omitempty"`
	RepoRoot string   `json:"repoRoot,omitempty"`
}

CliGitContext is the subset of repo state useful for triage correlation.

type CliIDsRequest added in v3.6.0 

type CliIDsRequest struct {
	IDs []string `json:"ids"`
}

CliIDsRequest is the standard { ids: [...] } shape.

type CliIngestionSnapshot added in v3.7.0 

type CliIngestionSnapshot struct {
	Uuid      string `json:"uuid"`
	URL       string `json:"url"`
	CreatedAt int64  `json:"createdAt"`
}

CliIngestionSnapshot is the persistent snapshot the server creates when the authenticated org has a SaaS-side Org row. URL is the user-facing link.

type CliIntroducedViaPath added in v3.7.0 

type CliIntroducedViaPath struct {
	PathIndex      int      `json:"pathIndex"`
	PathLength     int      `json:"pathLength"`
	PackageManager string   `json:"packageManager"`
	ManifestFile   string   `json:"manifestFile"`
	DependencyPath string   `json:"dependencyPath"`
	DependencyKeys []string `json:"dependencyKeys"`
}

CliIntroducedViaPath mirrors FindingIntroducedVia rows.

type CliLicenseHit added in v3.7.0 

type CliLicenseHit struct {
	SPDXID      string `json:"spdxId,omitempty"`
	Name        string `json:"name,omitempty"`
	URL         string `json:"url,omitempty"`
	Source      string `json:"source,omitempty"`
	Acknowledge string `json:"acknowledgement,omitempty"`
	Text        string `json:"text,omitempty"`
}

CliLicenseHit mirrors vdb-api/internal/handler/v2_cli_common.go.

type CliManifestMetadata added in v3.7.0 

type CliManifestMetadata struct {
	Path        string `json:"path"`
	Ecosystem   string `json:"ecosystem,omitempty"`
	IsLock      bool   `json:"isLock,omitempty"`
	SHA256      string `json:"sha256,omitempty"`
	Size        int    `json:"size,omitempty"`
	ContentType string `json:"contentType,omitempty"`
	License     string `json:"license,omitempty"` // declared license from the manifest field
	Provider    string `json:"provider,omitempty"`
	Registry    string `json:"registry,omitempty"`
	Content     string `json:"content,omitempty"` // raw manifest body (chunk-0 only)
}

CliManifestMetadata describes one manifest the CLI parsed. Content is the raw file body; it is populated only on the chunk-0 env (the chunk that carries Packages, where persistence runs) to keep within the request size cap.

type CliPMCapability added in v3.7.0 

type CliPMCapability struct {
	Ecosystem      string  `json:"ecosystem"`
	CapabilityName string  `json:"capabilityName"`
	Supported      bool    `json:"supported"`
	Detected       bool    `json:"detected"`
	Confidence     float64 `json:"confidence,omitempty"`
	Evidence       string  `json:"evidence,omitempty"`
	FilePath       string  `json:"filePath,omitempty"`
	Binary         string  `json:"binary,omitempty"`
	BinaryPath     string  `json:"binaryPath,omitempty"`
	Version        string  `json:"version,omitempty"`
	VersionCommand string  `json:"versionCommand,omitempty"`
	Authoritative  bool    `json:"authoritative,omitempty"`
}

CliPMCapability — one detected package-manager capability on the host. The binary/version fields describe a concrete resolver binary; Authoritative is true when a lockfile narrowed the manifest to this specific binary.

type CliPackageEntry added in v3.7.0 

type CliPackageEntry struct {
	Purl          string     `json:"purl"`
	Name          string     `json:"name,omitempty"`
	Version       string     `json:"version,omitempty"`
	Ecosystem     string     `json:"ecosystem,omitempty"`
	ManifestFile  string     `json:"manifestFile,omitempty"`
	Scope         string     `json:"scope,omitempty"`
	License       string     `json:"license,omitempty"`
	IntroducedVia [][]string `json:"introducedVia,omitempty"`
}

CliPackageEntry — per-package dependency-path context so the server can compute FindingIntroducedVia paths.

type CliPackageInsight added in v3.8.1 

type CliPackageInsight struct {
	Purl           string            `json:"purl"`
	Name           string            `json:"name"`
	Version        string            `json:"version"`
	Ecosystem      string            `json:"ecosystem"`
	PublishedAt    *int64            `json:"publishedAt,omitempty"`    // ms epoch — installed version (--cooldown)
	PublishSource  string            `json:"publishSource,omitempty"`  // "db" | "deps.dev"
	LatestVersions []CliVersionStamp `json:"latestVersions,omitempty"` // newest-first by publish date (--version-lag)
	IsEOL          bool              `json:"isEol,omitempty"`
	EOLFrom        string            `json:"eolFrom,omitempty"`
	IsMalicious    bool              `json:"isMalicious,omitempty"`
	MalwareSource  string            `json:"malwareSource,omitempty"`
}

CliPackageInsight carries per-package policy-gate signals the server computes for --cooldown, --version-lag, --block-eol and --block-malware. Mirrors the vdb-api handler.CliPackageInsight contract.

type CliPackageMgr added in v3.6.0 

type CliPackageMgr struct {
	Ecosystem string `json:"ecosystem"`
	Manifest  string `json:"manifest,omitempty"`
	IsLock    bool   `json:"isLock,omitempty"`
}

CliPackageMgr is one manifest detected near the cwd.

type CliPurlsRequest added in v3.6.0 

type CliPurlsRequest struct {
	Purls []string `json:"purls"`
}

CliPurlsRequest — { purls: [...] }.

type CliReachabilityHit added in v3.6.0 

type CliReachabilityHit struct {
	VulnID      string           `json:"vulnId"`
	Purl        string           `json:"purl,omitempty"`
	Source      string           `json:"source,omitempty"`
	Language    string           `json:"language"`
	Name        string           `json:"name"`
	QueryText   string           `json:"queryText"`
	QueryHash   string           `json:"queryHash,omitempty"`
	Description string           `json:"description,omitempty"`
	DerivedBy   string           `json:"derivedBy,omitempty"`
	Captures    []map[string]any `json:"captures,omitempty"`
	Predicates  []map[string]any `json:"predicates,omitempty"`
}

type CliReachabilityPayload added in v3.7.0 

type CliReachabilityPayload struct {
	CveID                  string `json:"cveId"`
	FindingUuid            string `json:"findingUuid,omitempty"`
	PackageName            string `json:"packageName"`
	PackageVersion         string `json:"packageVersion,omitempty"`
	Purl                   string `json:"purl,omitempty"`
	Language               string `json:"language,omitempty"`
	Ecosystem              string `json:"ecosystem,omitempty"`
	Source                 string `json:"source"`
	Verdict                string `json:"verdict"`
	TreeSitterQueryUuid    string `json:"treeSitterQueryUuid,omitempty"`
	QueryHash              string `json:"queryHash,omitempty"`
	MatchedFile            string `json:"matchedFile,omitempty"`
	MatchedRoutine         string `json:"matchedRoutine,omitempty"`
	MatchedModule          string `json:"matchedModule,omitempty"`
	MatchStartLine         int    `json:"matchStartLine,omitempty"`
	MatchEndLine           int    `json:"matchEndLine,omitempty"`
	EvidenceJSON           string `json:"evidenceJSON,omitempty"`
	MemoryVexStatus        string `json:"memoryVexStatus,omitempty"`
	MemoryVexJustification string `json:"memoryVexJustification,omitempty"`
	MemoryVexAction        string `json:"memoryVexAction,omitempty"`
	Severity               string `json:"severity,omitempty"`
	FixedVersion           string `json:"fixedVersion,omitempty"`
}

CliReachabilityPayload is one local reachability hit (tree-sitter OR grep-symbol).

type CliReachabilityRequest added in v3.6.0 

type CliReachabilityRequest struct {
	IDs       []string `json:"ids"`
	Languages []string `json:"languages,omitempty"`
}

CliReachabilityRequest restricts queries to specific languages.

type CliRemediationRequest added in v3.6.0 

type CliRemediationRequest struct {
	IDs     []string          `json:"ids"`
	Context map[string]string `json:"context,omitempty"`
}

CliRemediationRequest carries per-id context (ecosystem, packageName, etc.).

type CliResponse added in v3.6.0 

type CliResponse[T any] struct {
	Meta CliResponseMeta
	Data T
}

CliResponse couples meta + the typed payload after decode. Returned by every method so callers can surface tier-gated affordances in the CLI output.

type CliResponseMeta added in v3.6.0 

type CliResponseMeta struct {
	Tier            string          `json:"tier"`
	EndpointVersion string          `json:"endpointVersion"`
	RequestID       string          `json:"requestId"`
	Timestamp       int64           `json:"timestamp"`
	TierGated       map[string]bool `json:"tierGated,omitempty"`
}

CliResponseMeta is the top-level meta block on every response.

type CliSARIFFinding added in v3.7.0 

type CliSARIFFinding struct {
	RuleID           string   `json:"ruleId"`
	RuleName         string   `json:"ruleName,omitempty"`
	Message          string   `json:"message,omitempty"`
	Severity         string   `json:"severity,omitempty"`
	Level            string   `json:"level,omitempty"`
	SecuritySeverity string   `json:"securitySeverity,omitempty"`
	File             string   `json:"file,omitempty"`
	PackagePurl      string   `json:"packagePurl,omitempty"`
	StartLine        int      `json:"startLine,omitempty"`
	EndLine          int      `json:"endLine,omitempty"`
	Fingerprint      string   `json:"fingerprint,omitempty"`
	CWEs             []int    `json:"cwes,omitempty"`
	Tags             []string `json:"tags,omitempty"`
	SARIFGuid        string   `json:"sarifGuid,omitempty"`

	CodeSnippet      string `json:"codeSnippet,omitempty"`
	SnippetStartLine int    `json:"snippetStartLine,omitempty"`
	SnippetEndLine   int    `json:"snippetEndLine,omitempty"`

	MemoryVexStatus        string `json:"memoryVexStatus,omitempty"`
	MemoryVexJustification string `json:"memoryVexJustification,omitempty"`
	MemoryVexAction        string `json:"memoryVexAction,omitempty"`
}

CliSARIFFinding mirrors vdb-api/internal/handler/cli_persist_sarif.go.

type CliSARIFRequest added in v3.7.0 

type CliSARIFRequest struct {
	SARIF    map[string]any    `json:"sarif"`
	Findings []CliSARIFFinding `json:"findings"`
}

CliSARIFRequest is the shared payload for every SARIF-shaped subcommand (sast / secrets / iac / containers / license).

type CliSARIFResponse added in v3.7.0 

type CliSARIFResponse struct {
	IngestionSnapshot *CliIngestionSnapshot `json:"ingestionSnapshot,omitempty"`
	Findings          []CliFindingResult    `json:"findings,omitempty"`
	Stats             CliSARIFStats         `json:"stats"`
}

CliSARIFResponse is the typed response from every SARIF endpoint.

type CliSARIFStats added in v3.7.0 

type CliSARIFStats struct {
	Findings   int            `json:"findings"`
	Rules      int            `json:"rules"`
	BySeverity map[string]int `json:"bySeverity"`
}

CliSARIFStats summarises the run for end-of-scan CLI output.

type CliSBOMToolMetadata added in v3.7.0 

type CliSBOMToolMetadata struct {
	ToolName    string `json:"toolName,omitempty"`
	ToolVersion string `json:"toolVersion,omitempty"`
	ToolVendor  string `json:"toolVendor,omitempty"`
	ToolHash    string `json:"toolHash,omitempty"`
}

CliSBOMToolMetadata describes the CLI tool itself for the SBOMToolMetadata row.

type CliSCAOptions added in v3.6.0 

type CliSCAOptions struct {
	IncludeReachability *bool `json:"includeReachability,omitempty"`
	IncludeVEX          *bool `json:"includeVEX,omitempty"`
	// Gate-data toggles: request per-package policy signals (PackageInsights)
	// only when a `scan` gate is active, so a plain scan pays nothing extra.
	IncludeCooldown   bool `json:"includeCooldown,omitempty"`   // installed-version publish dates (--cooldown)
	IncludeVersionLag bool `json:"includeVersionLag,omitempty"` // full version list (--version-lag)
	IncludeEOL        bool `json:"includeEol,omitempty"`        // package-level EOL (--block-eol)
	IncludeMalware    bool `json:"includeMalware,omitempty"`    // malicious-package check (--block-malware)
}

type CliSCAReachabilityRequest added in v3.7.0 

type CliSCAReachabilityRequest struct {
	IngestionSnapshotUuid string                   `json:"ingestionSnapshotUuid"`
	Results               []CliReachabilityPayload `json:"results"`
}

CliSCAReachabilityRequest is the payload for the reachability post-step.

type CliSCAReachabilityResponse added in v3.7.0 

type CliSCAReachabilityResponse struct {
	Persisted   int    `json:"persisted"`
	SBOMUrl     string `json:"sbomUrl,omitempty"`
	VEXUrl      string `json:"vexUrl,omitempty"`
	OpenVexUuid string `json:"openVexUuid,omitempty"`
}

CliSCAReachabilityResponse is the success body.

type CliSCARequest added in v3.6.0 

type CliSCARequest struct {
	Purls    []string          `json:"purls"`
	Packages []CliPackageEntry `json:"packages,omitempty"`
	Options  CliSCAOptions     `json:"options,omitempty"`
	// IngestionSnapshotUuid is set on discovery chunks (i>0) to the snapshot UUID
	// chunk 0 returned, so the server appends each chunk's findings under one run
	// instead of persisting only chunk 0's. Empty on chunk 0.
	IngestionSnapshotUuid string `json:"ingestionSnapshotUuid,omitempty"`
}

type CliSCAResponse added in v3.6.0 

type CliSCAResponse struct {
	CycloneDX         map[string]any        `json:"cyclonedx"`
	Reachability      []CliReachabilityHit  `json:"reachability"`
	Stats             CliSCAStats           `json:"stats"`
	IngestionSnapshot *CliIngestionSnapshot `json:"ingestionSnapshot,omitempty"`
	Findings          []CliFindingResult    `json:"findings,omitempty"`
	PackageInsights   []CliPackageInsight   `json:"packageInsights,omitempty"`
}

type CliSCAStats added in v3.6.0 

type CliSCAStats struct {
	PurlsRequested       int `json:"purlsRequested"`
	PurlsResolved        int `json:"purlsResolved"`
	VulnerabilitiesFound int `json:"vulnerabilitiesFound"`
	ReachabilityQueries  int `json:"reachabilityQueries"`
}

type CliScanRequest added in v3.6.0 

type CliScanRequest struct {
	CliSCARequest
	ContainerImages []string `json:"containerImages,omitempty"`
	IaCFrameworks   []string `json:"iacFrameworks,omitempty"`
	Languages       []string `json:"languages,omitempty"`
}

CliScanRequest is the superset payload for /v2/cli.scan.

type CliTriageRequest added in v3.6.0 

type CliTriageRequest struct {
	Severity []string `json:"severity,omitempty"`
	MinCvss  float64  `json:"minCvss,omitempty"`
	MinEpss  float64  `json:"minEpss,omitempty"`
	InKev    *bool    `json:"inKev,omitempty"`
	Since    string   `json:"since,omitempty"`
	Limit    int      `json:"limit,omitempty"`
	Offset   int      `json:"offset,omitempty"`
}

CliTriageRequest mirrors the /v2/triage filters in body form.

type CliVersionStamp added in v3.8.1 

type CliVersionStamp struct {
	Version     string `json:"version"`
	PublishedAt *int64 `json:"publishedAt,omitempty"`
}

CliVersionStamp is one version + its publish date (ms epoch).

type CliVulnRequest added in v3.6.0 

type CliVulnRequest struct {
	Identifier string `json:"identifier"`
}

CliVulnRequest fetches a single envelope.

type Client 

type Client struct {
	BaseURL         string
	APIVersion      string
	OrgID           string
	SecretKey       string
	AuthMethod      auth.AuthMethod
	APIKey          string // hex digest for Direct API Key auth
	HTTPClient      *http.Client
	LastRateLimit   *RateLimitInfo
	LastCacheStatus string // "HIT", "MISS", "LOCAL", "REVALIDATED", or "" if no X-Cache header
	Cache           *cache.DiskCache
	NoCache         bool
	RefreshCache    bool
	FallbackCreds   *auth.Credentials // community creds to use when quota exhausted; nil = disabled
	UsingFallback   bool              // true after client switched to fallback (readable by cmd layer)
	// contains filtered or unexported fields
}

Client represents a VDB API client

func NewClient 

func NewClient(orgID, secretKey string) *Client

NewClient creates a new VDB API client using SigV4 auth

func NewClientFromCredentials 

func NewClientFromCredentials(creds *auth.Credentials) *Client

NewClientFromCredentials creates a VDB API client from centralized credentials

func (*Client) CliAI added in v3.6.0 

func (c *Client) CliAI(env CliEnv, payload any) (*CliResponse[map[string]any], error)

Remaining stub-class endpoints (ai/trends) — these still use the legacy generic shape; they are not part of the SARIF persistence flow.

func (*Client) CliAdvisories added in v3.6.0 

func (c *Client) CliAdvisories(env CliEnv, ids []string) (*CliResponse[map[string]any], error)

func (*Client) CliAffected added in v3.6.0 

func (c *Client) CliAffected(env CliEnv, ids []string) (*CliResponse[map[string]any], error)

func (*Client) CliAttackTechniques added in v3.6.0 

func (c *Client) CliAttackTechniques(env CliEnv, ids []string) (*CliResponse[map[string]any], error)

func (*Client) CliContainers added in v3.6.0 

func (c *Client) CliContainers(env CliEnv, req CliSARIFRequest) (*CliResponse[CliSARIFResponse], error)

func (*Client) CliCweGuidance added in v3.6.0 

func (c *Client) CliCweGuidance(env CliEnv, cweIDs []string) (*CliResponse[map[string]any], error)

CliCweGuidance — POST /v2/cli.cwe-guidance.

func (*Client) CliExploits added in v3.6.0 

func (c *Client) CliExploits(env CliEnv, ids []string) (*CliResponse[map[string]any], error)

CliExploits — POST /v2/cli.exploits.

func (*Client) CliFinalize added in v3.9.0 

func (c *Client) CliFinalize(env CliEnv, req CliFinalizeRequest) (*CliResponse[CliFinalizeResponse], error)

CliFinalize — POST /v2/cli.finalize. The final leg: report the scan's policy gate decision (exit code + per-gate breaches) anchored to the IngestionSnapshot.uuid so the server records it on the env row.

func (*Client) CliFixes added in v3.6.0 

func (c *Client) CliFixes(env CliEnv, ids []string) (*CliResponse[map[string]any], error)

CliFixes — POST /v2/cli.fixes. Replaces the 3-call registry/distributions/source dance.

func (*Client) CliIAC added in v3.6.0 

func (c *Client) CliIAC(env CliEnv, req CliSARIFRequest) (*CliResponse[CliSARIFResponse], error)

func (*Client) CliIOCs added in v3.6.0 

func (c *Client) CliIOCs(env CliEnv, ids []string) (*CliResponse[map[string]any], error)

func (*Client) CliKev added in v3.6.0 

func (c *Client) CliKev(env CliEnv, ids []string) (*CliResponse[map[string]any], error)

CliKev — POST /v2/cli.kev.

func (*Client) CliLicense added in v3.6.0 

func (c *Client) CliLicense(env CliEnv, req CliSARIFRequest) (*CliResponse[CliSARIFResponse], error)

func (*Client) CliMSRC added in v3.6.0 

func (c *Client) CliMSRC(env CliEnv, ids []string) (*CliResponse[map[string]any], error)

CliMSRC, CliNuclei, CliSnortRules, CliYaraRules, CliAttackTechniques, CliIOCs, CliSightings, CliAdvisories, CliWorkarounds, CliAffected all share the { ids: [...] } shape on the wire.

func (*Client) CliNuclei added in v3.6.0 

func (c *Client) CliNuclei(env CliEnv, ids []string) (*CliResponse[map[string]any], error)

func (*Client) CliReachability added in v3.6.0 

func (c *Client) CliReachability(env CliEnv, req CliReachabilityRequest) (*CliResponse[map[string]any], error)

CliReachability — POST /v2/cli.reachability. Tier-gated on the server.

func (*Client) CliRemediation added in v3.6.0 

func (c *Client) CliRemediation(env CliEnv, req CliRemediationRequest) (*CliResponse[map[string]any], error)

CliRemediation — POST /v2/cli.remediation.

func (*Client) CliSAST added in v3.6.0 

func (c *Client) CliSAST(env CliEnv, req CliSARIFRequest) (*CliResponse[CliSARIFResponse], error)

SARIF-shaped scan endpoints. Each returns the same persistence response (IngestionSnapshot + Findings + Stats) so the CLI's snapshot-URL output is uniform across kinds.

func (*Client) CliSCA added in v3.6.0 

func (c *Client) CliSCA(env CliEnv, req CliSCARequest) (*CliResponse[CliSCAResponse], error)

CliSCA — POST /v2/cli.sca. The flagship: PURLs + env → CycloneDX 1.6 + reachability + stats in a single round-trip.

func (*Client) CliSCAReachability added in v3.7.0 

func (c *Client) CliSCAReachability(env CliEnv, req CliSCAReachabilityRequest) (*CliResponse[CliSCAReachabilityResponse], error)

CliSCAReachability — POST /v2/cli.sca-reachability. The second leg of the SCA round-trip: send per-CVE local reachability evidence anchored to the IngestionSnapshot.uuid returned from /v2/cli.sca.

func (*Client) CliScan added in v3.6.0 

func (c *Client) CliScan(env CliEnv, req CliScanRequest) (*CliResponse[CliSCAResponse], error)

CliScan — POST /v2/cli.scan. Superset of CliSCA with container/IaC inputs.

func (*Client) CliScorecard added in v3.6.0 

func (c *Client) CliScorecard(env CliEnv, purls []string) (*CliResponse[map[string]any], error)

CliScorecard — POST /v2/cli.scorecard.

func (*Client) CliSecrets added in v3.6.0 

func (c *Client) CliSecrets(env CliEnv, req CliSARIFRequest) (*CliResponse[CliSARIFResponse], error)

func (*Client) CliSightings added in v3.6.0 

func (c *Client) CliSightings(env CliEnv, ids []string) (*CliResponse[map[string]any], error)

func (*Client) CliSnortRules added in v3.6.0 

func (c *Client) CliSnortRules(env CliEnv, ids []string) (*CliResponse[map[string]any], error)

func (*Client) CliTrends added in v3.6.0 

func (c *Client) CliTrends(env CliEnv, payload any) (*CliResponse[map[string]any], error)

func (*Client) CliTriage added in v3.6.0 

func (c *Client) CliTriage(env CliEnv, req CliTriageRequest) (*CliResponse[map[string]any], error)

CliTriage — POST /v2/cli.triage.

func (*Client) CliVex added in v3.6.0 

func (c *Client) CliVex(env CliEnv, ids []string) (*CliResponse[map[string]any], error)

CliVex — POST /v2/cli.vex. OpenVEX statements per CVE.

func (*Client) CliVuln added in v3.6.0 

func (c *Client) CliVuln(env CliEnv, identifier string) (*CliResponse[map[string]any], error)

CliVuln — POST /v2/cli.vuln. Single-vuln envelope + metrics.

func (*Client) CliWorkarounds added in v3.6.0 

func (c *Client) CliWorkarounds(env CliEnv, ids []string) (*CliResponse[map[string]any], error)

func (*Client) CliYaraRules added in v3.6.0 

func (c *Client) CliYaraRules(env CliEnv, ids []string) (*CliResponse[map[string]any], error)

func (*Client) CritLookup 

func (c *Client) CritLookup(provider, service, resourceType string) (*CritLookupResponse, error)

CritLookup queries the VDB for vulnerabilities matching a CRIT template. The CRIT template is defined by provider (e.g. "aws"), service (e.g. "ec2"), and resourceType (e.g. "instance").

func (*Client) DoRequest 

func (c *Client) DoRequest(method, path string, body interface{}) ([]byte, error)

DoRequest performs an authenticated API request with retry for transient errors.

func (*Client) DoRequestCached 

func (c *Client) DoRequestCached(method, path string, body interface{}, ttl time.Duration) ([]byte, error)

DoRequestCached performs an authenticated, cached GET request. For non-GET or when cache is disabled, it falls through to DoRequest.

func (*Client) DoRequestMultipart 

func (c *Client) DoRequestMultipart(path, filePath, fileField string, fields map[string]string) ([]byte, error)

DoRequestMultipart performs an authenticated multipart/form-data API request.

func (*Client) DoRequestRawBody 

func (c *Client) DoRequestRawBody(method, path string, body []byte, contentType string) ([]byte, error)

DoRequestRawBody performs an authenticated API request with a raw body (not JSON-marshaled).

func (*Client) EOLPackageVersion 

func (c *Client) EOLPackageVersion(ecosystem, packageName, version string) (*EOLReleaseResponse, error)

EOLPackageVersion retrieves EOL lifecycle data for a specific package version. Returns (nil, nil) when the package/version is not in the VDB EOL database (404). Endpoint: GET /v1/eol/packages/{ecosystem}/{package}/versions/{version}

func (*Client) EOLProduct 

func (c *Client) EOLProduct(product string) (*EOLProductResponse, error)

EOLProduct retrieves product metadata and all releases for an EOL product.

func (*Client) EOLRelease 

func (c *Client) EOLRelease(product, release string) (*EOLReleaseResponse, error)

EOLRelease retrieves lifecycle data for a specific product release.

func (*Client) GetCVE 

func (c *Client) GetCVE(cveID string) (*CVEInfo, error)

GetCVE retrieves full vulnerability data for a specific CVE

func (*Client) GetCVEFixes 

func (c *Client) GetCVEFixes(identifier string) (map[string]interface{}, error)

GetCVEFixes retrieves fix data for a specific CVE identifier

func (*Client) GetCVETimeline 

func (c *Client) GetCVETimeline(identifier string, params TimelineParams) (map[string]interface{}, error)

GetCVETimeline retrieves the vulnerability timeline from the v1 API.

func (*Client) GetCVEsByDateRange 

func (c *Client) GetCVEsByDateRange(start, end string) (map[string]interface{}, error)

GetCVEsByDateRange retrieves paginated CVEs by date range

func (*Client) GetEcosystemGroupPackage 

func (c *Client) GetEcosystemGroupPackage(ecosystem, group, artifact string) (map[string]interface{}, error)

GetEcosystemGroupPackage retrieves Maven-style group/artifact information in a specific ecosystem

func (*Client) GetEcosystemPackage 

func (c *Client) GetEcosystemPackage(ecosystem, pkg string) (map[string]interface{}, error)

GetEcosystemPackage retrieves package information scoped to a specific ecosystem

func (*Client) GetEcosystemPackageVersions 

func (c *Client) GetEcosystemPackageVersions(ecosystem, pkg string) (map[string]interface{}, error)

GetEcosystemPackageVersions retrieves version information for a package in a specific ecosystem

func (*Client) GetEcosystems 

func (c *Client) GetEcosystems() ([]Ecosystem, error)

GetEcosystems retrieves the list of available ecosystems

func (*Client) GetExploitSources 

func (c *Client) GetExploitSources() (map[string]interface{}, error)

GetExploitSources retrieves the list of exploit intelligence sources

func (*Client) GetExploitTypes 

func (c *Client) GetExploitTypes() (map[string]interface{}, error)

GetExploitTypes retrieves the list of exploit type classifications

func (*Client) GetExploits 

func (c *Client) GetExploits(identifier string) (map[string]interface{}, error)

GetExploits retrieves exploit intelligence for a specific CVE identifier

func (*Client) GetFixDistributions 

func (c *Client) GetFixDistributions() (map[string]interface{}, error)

GetFixDistributions retrieves the list of supported Linux distributions for fix advisories

func (*Client) GetGCVEIssuances 

func (c *Client) GetGCVEIssuances(year, month, limit, offset int) (*GCVEIssuancesResponse, error)

GetGCVEIssuances retrieves GCVE issuances for a given year/month with pagination

func (*Client) GetHealth 

func (c *Client) GetHealth() (map[string]interface{}, error)

GetHealth checks the API health endpoint (unauthenticated, root-level path).

func (*Client) GetIdentifiersByMonth 

func (c *Client) GetIdentifiersByMonth(year, month, limit, offset int) (*IdentifiersMonthResponse, error)

GetIdentifiersByMonth retrieves CVE identifiers published in a given year/month

func (*Client) GetMetricTypes 

func (c *Client) GetMetricTypes() (map[string]interface{}, error)

GetMetricTypes retrieves the list of vulnerability metric/scoring types

func (*Client) GetOpenAPISpec 

func (c *Client) GetOpenAPISpec() (map[string]interface{}, error)

GetOpenAPISpec retrieves the OpenAPI specification

func (*Client) GetPackageVersions 

func (c *Client) GetPackageVersions(packageName string) (map[string]interface{}, error)

GetPackageVersions retrieves all known versions for a package across ecosystems

func (*Client) GetPackageVulnerabilities 

func (c *Client) GetPackageVulnerabilities(packageName string, limit, offset int) (*VulnerabilitiesResponse, error)

GetPackageVulnerabilities retrieves vulnerabilities for a package

func (*Client) GetProductVersion 

func (c *Client) GetProductVersion(productName, version string) (map[string]interface{}, error)

GetProductVersion retrieves information for a specific product version

func (*Client) GetProductVersionEcosystem 

func (c *Client) GetProductVersionEcosystem(productName, version, ecosystem string) (map[string]interface{}, error)

GetProductVersionEcosystem retrieves product version information scoped to a specific ecosystem

func (*Client) GetProductVersions 

func (c *Client) GetProductVersions(productName string, limit, offset int) (*ProductVersionsResponse, error)

GetProductVersions retrieves all versions for a product with pagination

func (*Client) GetSources 

func (c *Client) GetSources() (map[string]interface{}, error)

GetSources retrieves the list of vulnerability data sources

func (*Client) GetSummary 

func (c *Client) GetSummary() (map[string]interface{}, error)

GetSummary retrieves global all-time database statistics.

func (*Client) GetToken 

func (c *Client) GetToken() (string, error)

GetToken retrieves a valid JWT token (from cache or by requesting a new one)

func (*Client) GetTrafficFilters 

func (c *Client) GetTrafficFilters(identifier string, limit, offset int) (map[string]interface{}, error)

GetTrafficFilters retrieves IDS/IPS traffic filter rules (Snort) for a vulnerability.

func (*Client) SearchExploits 

func (c *Client) SearchExploits(params ExploitSearchParams) (map[string]interface{}, error)

SearchExploits searches for exploits across CVEs with pagination and filters

func (*Client) SearchIdentifiers 

func (c *Client) SearchIdentifiers(prefix string, limit, offset int) (*IdentifiersSearchResponse, error)

SearchIdentifiers retrieves CVE identifiers matching a prefix

func (*Client) SearchPackages 

func (c *Client) SearchPackages(query, ecosystem string, limit, offset int) (map[string]interface{}, error)

SearchPackages performs a full-text search across packages

func (*Client) V2Advisories 

func (c *Client) V2Advisories(id string) (map[string]interface{}, error)

V2Advisories retrieves advisory data for a vulnerability.

func (*Client) V2Affected 

func (c *Client) V2Affected(id string, p V2QueryParams) (map[string]interface{}, error)

V2Affected retrieves affected product/package data for a vulnerability.

func (*Client) V2AttackTechniques 

func (c *Client) V2AttackTechniques(id string) (map[string]interface{}, error)

V2AttackTechniques retrieves the ATT&CK technique mapping for a single CVE.

func (*Client) V2AttackTechniquesSearch 

func (c *Client) V2AttackTechniquesSearch(p AttackTechniquesSearchParams) (map[string]interface{}, error)

V2AttackTechniquesSearch performs a collection-wide search for ATT&CK technique mappings across CVEs.

func (*Client) V2CloudLocators 

func (c *Client) V2CloudLocators(vendor, product string) (map[string]interface{}, error)

V2CloudLocators retrieves cloud resource locator templates for a vendor/product pair.

func (*Client) V2CweGuidance 

func (c *Client) V2CweGuidance(id string) (map[string]interface{}, error)

V2CweGuidance retrieves CWE-based guidance for a vulnerability.

func (*Client) V2DistributionPatches 

func (c *Client) V2DistributionPatches(id string, p V2QueryParams) (map[string]interface{}, error)

V2DistributionPatches retrieves distribution patch data for a vulnerability.

func (*Client) V2ExploitPoC 

func (c *Client) V2ExploitPoC(exploitUUID string) (body []byte, filename, sha256, originalURL string, err error)

V2ExploitPoC — GET /v2/exploits/{exploitUuid}/poc. Returns raw bytes, the original filename (from Content-Disposition), and the SHA-256 hash (from X-Vulnetix-Sha256). The CLI uses these to write a file with a chain-of-custody-friendly name + integrity check.

func (*Client) V2IOCsSearch 

func (c *Client) V2IOCsSearch(p IOCSearchParams) ([]byte, string, error)

V2IOCsSearch returns the raw response body so the caller can switch on `format` (the STIX bundle is not JSON-shape compatible).

func (*Client) V2Kev 

func (c *Client) V2Kev(id string) (map[string]interface{}, error)

V2Kev retrieves CISA KEV (Known Exploited Vulnerabilities) data.

func (*Client) V2KevSearch 

func (c *Client) V2KevSearch(p KevSearchParams) (map[string]interface{}, error)

func (*Client) V2RawArchive 

func (c *Client) V2RawArchive(source, cveID string) (body []byte, contentType, sha256, r2Path string, err error)

V2RawArchive — GET /v2/raw/{source}/{cveId}. Returns raw bytes + content-type + sha256.

func (*Client) V2RawSources 

func (c *Client) V2RawSources() (map[string]interface{}, error)

V2RawSources — GET /v2/raw/sources.

func (*Client) V2RegistryFixes 

func (c *Client) V2RegistryFixes(id string, p V2QueryParams) (map[string]interface{}, error)

V2RegistryFixes retrieves registry-sourced fixes for a vulnerability.

func (*Client) V2RemediationPlan 

func (c *Client) V2RemediationPlan(id string, p V2RemediationParams) (map[string]interface{}, error)

V2RemediationPlan retrieves a context-aware remediation plan for a vulnerability.

func (*Client) V2ScanCycloneDX 

func (c *Client) V2ScanCycloneDX(filePath string, metadata ...[]byte) (map[string]interface{}, error)

V2ScanCycloneDX uploads a CycloneDX document for scanning. An optional metadata parameter (JSON bytes) is sent as a query parameter.

func (*Client) V2ScanManifest 

func (c *Client) V2ScanManifest(filePath, manifestType, ecosystem string, metadata ...[]byte) (map[string]interface{}, error)

V2ScanManifest uploads a manifest file for scanning. An optional metadata parameter (JSON bytes) is sent as the "metadata" form field.

func (*Client) V2ScanSPDX 

func (c *Client) V2ScanSPDX(filePath string, metadata ...[]byte) (map[string]interface{}, error)

V2ScanSPDX uploads an SPDX document for scanning. An optional metadata parameter (JSON bytes) is sent as a query parameter.

func (*Client) V2ScanStatus 

func (c *Client) V2ScanStatus(scanID string) (map[string]interface{}, error)

V2ScanStatus retrieves the status of a scan.

func (*Client) V2Scorecard 

func (c *Client) V2Scorecard(id string) (map[string]interface{}, error)

V2Scorecard retrieves the vulnerability scorecard.

func (*Client) V2ScorecardSearch 

func (c *Client) V2ScorecardSearch(query string) (map[string]interface{}, error)

V2ScorecardSearch searches scorecards by repository name.

func (*Client) V2SnortRules 

func (c *Client) V2SnortRules(id string) (map[string]interface{}, error)

V2SnortRules retrieves a CVE's Snort rules (per-CVE endpoint).

func (*Client) V2SnortRulesSearch 

func (c *Client) V2SnortRulesSearch(p SnortSearchParams) (map[string]interface{}, error)

V2SnortRulesSearch performs a collection-wide search for Snort rules with expressive filters.

func (*Client) V2SourceFixes 

func (c *Client) V2SourceFixes(id string, p ...V2QueryParams) (map[string]interface{}, error)

V2SourceFixes retrieves upstream source fixes for a vulnerability.

func (*Client) V2Timeline 

func (c *Client) V2Timeline(id string, p V2TimelineParams) (map[string]interface{}, error)

V2Timeline retrieves the vulnerability timeline with optional filters.

func (*Client) V2TreeSitterQueries 

func (c *Client) V2TreeSitterQueries(id string, p V2TreeSitterParams) (*TreeSitterResponse, error)

V2TreeSitterQueries retrieves tree-sitter S-expression queries derived from the named vulnerability. Returns a typed response (unlike most v2 helpers) because the scanner consumes the result programmatically.

func (*Client) V2Triage 

func (c *Client) V2Triage(p TriageParams) (map[string]interface{}, error)

func (*Client) V2VexSearch 

func (c *Client) V2VexSearch(p VexSearchParams) (map[string]interface{}, error)

func (*Client) V2VulnExploits 

func (c *Client) V2VulnExploits(id string) (map[string]interface{}, error)

V2VulnExploits — GET /v2/vuln/{id}/exploits.

func (*Client) V2VulnIOCs 

func (c *Client) V2VulnIOCs(id string) (map[string]interface{}, error)

func (*Client) V2VulnNuclei 

func (c *Client) V2VulnNuclei(id string) (map[string]interface{}, error)

V2VulnNuclei — GET /v2/vuln/{id}/nuclei. The CLI calls without format for the JSON listing, then optionally re-fetches with format=yaml&first=true to print a single template body.

func (*Client) V2VulnNucleiYAML 

func (c *Client) V2VulnNucleiYAML(id string, first bool) ([]byte, error)

V2VulnNucleiYAML — GET /v2/vuln/{id}/nuclei?format=yaml. Returns the raw YAML body. With first=true, returns the first template alone.

func (*Client) V2VulnSightings 

func (c *Client) V2VulnSightings(id string) (map[string]interface{}, error)

V2VulnSightings — GET /v2/vuln/{id}/sightings.

func (*Client) V2VulnVex 

func (c *Client) V2VulnVex(id string) (map[string]interface{}, error)

V2VulnVex — GET /v2/vuln/{id}/vex.

func (*Client) V2Workarounds 

func (c *Client) V2Workarounds(id string) (map[string]interface{}, error)

V2Workarounds retrieves workaround information for a vulnerability.

func (*Client) V2YaraRules 

func (c *Client) V2YaraRules(id string) (map[string]interface{}, error)

V2YaraRules retrieves a CVE's YARA rules (per-CVE endpoint).

func (*Client) V2YaraRulesSearch 

func (c *Client) V2YaraRulesSearch(p YaraSearchParams) (map[string]interface{}, error)

V2YaraRulesSearch performs a collection-wide search for YARA rules.

func (*Client) VulnetixKevGet 

func (c *Client) VulnetixKevGet(cveID string) (map[string]any, error)

VulnetixKevGet fetches a single entry by CVE ID. Implemented client-side as a list + filter since the API exposes the catalogue as a collection. Returns a NotFoundError if the CVE isn't in the catalogue.

func (*Client) VulnetixKevList 

func (c *Client) VulnetixKevList(p VulnetixKevParams) ([]byte, error)

VulnetixKevList fetches the full Vulnetix KEV catalogue. The response bytes are returned verbatim — JSON or CSV per p.Format — so callers can write them straight to stdout or a file.

Forces the V2 API (/v2/vulnetix-kev is V2-only).

type CritLookupExploits 

type CritLookupExploits struct {
	Count   int      `json:"count"`
	Sources []string `json:"sources,omitempty"`
}

CritLookupExploits contains exploit intelligence summary.

type CritLookupKev 

type CritLookupKev struct {
	DateAdded                  string `json:"dateAdded"`
	DueDate                    string `json:"dueDate,omitempty"`
	KnownRansomwareCampaignUse string `json:"knownRansomwareCampaignUse,omitempty"`
	RequiredAction             string `json:"requiredAction,omitempty"`
}

CritLookupKev contains CISA KEV metadata.

type CritLookupMatch 

type CritLookupMatch struct {
	Crit           CritRecord            `json:"crit"`
	VulnID         string                `json:"vuln_id"`
	Aliases        []string              `json:"aliases,omitempty"`
	Kev            *CritLookupKev        `json:"kev,omitempty"`
	ExploitSummary *CritLookupExploits   `json:"exploit_summary,omitempty"`
	SnortRules     []CritLookupSnortRule `json:"snort_rules,omitempty"`
}

CritLookupMatch is a single matched CRIT record with enrichment data.

type CritLookupResponse 

type CritLookupResponse struct {
	Count   int               `json:"count"`
	Matches []CritLookupMatch `json:"matches"`
}

CritLookupResponse is the response from POST /v1/crit/lookup.

type CritLookupSnortRule 

type CritLookupSnortRule struct {
	SnortID           string `json:"snortId"`
	Msg               string `json:"msg"`
	SignatureSeverity string `json:"signatureSeverity,omitempty"`
	RawText           string `json:"rawText,omitempty"`
}

CritLookupSnortRule contains an IDS detection rule.

type CritRecord 

type CritRecord struct {
	VectorString         string `json:"vectorString"`
	VulnID               string `json:"vuln_id"`
	Provider             string `json:"provider"`
	Service              string `json:"service"`
	ResourceType         string `json:"resource_type"`
	VexStatus            string `json:"vex_status"`
	SharedResponsibility string `json:"shared_responsibility"`
}

CritRecord represents a CRIT (Cloud Resource Inventory Template) record.

type EOLProductDetail 

type EOLProductDetail struct {
	Name     string   `json:"name"`
	Label    string   `json:"label"`
	Category string   `json:"category"`
	Tags     []string `json:"tags"`
}

EOLProductDetail contains product metadata.

type EOLProductResponse 

type EOLProductResponse struct {
	Timestamp int64              `json:"timestamp"`
	Product   EOLProductDetail   `json:"product"`
	Releases  []EOLReleaseDetail `json:"releases"`
}

EOLProductResponse is the response from GET /v1/eol/products/{product}.

type EOLReleaseDetail 

type EOLReleaseDetail struct {
	Name             string  `json:"name"`
	Codename         *string `json:"codename,omitempty"`
	Label            string  `json:"label"`
	ReleaseDate      *string `json:"releaseDate,omitempty"`
	IsLts            bool    `json:"isLts"`
	LtsFrom          *string `json:"ltsFrom,omitempty"`
	IsEoas           bool    `json:"isEoas"`
	EoasFrom         *string `json:"eoasFrom,omitempty"`
	IsEol            bool    `json:"isEol"`
	EolFrom          *string `json:"eolFrom,omitempty"`
	IsEoes           *bool   `json:"isEoes,omitempty"`
	EoesFrom         *string `json:"eoesFrom,omitempty"`
	IsDiscontinued   *bool   `json:"isDiscontinued,omitempty"`
	DiscontinuedFrom *string `json:"discontinuedFrom,omitempty"`
	IsMaintained     bool    `json:"isMaintained"`
	LatestVersion    *string `json:"latestVersion,omitempty"`
	LatestDate       *string `json:"latestDate,omitempty"`
}

EOLReleaseDetail contains lifecycle data for a single release.

type EOLReleaseResponse 

type EOLReleaseResponse struct {
	Timestamp   int64            `json:"timestamp"`
	ProductName string           `json:"productName"`
	Release     EOLReleaseDetail `json:"release"`
}

EOLReleaseResponse is the response from GET /v1/eol/products/{product}/releases/{release}.

type Ecosystem 

type Ecosystem struct {
	Name  string `json:"name"`
	Count int    `json:"count"`
}

Ecosystem represents a single ecosystem entry

type EcosystemsResponse 

type EcosystemsResponse struct {
	Timestamp  int64       `json:"timestamp"`
	Ecosystems []Ecosystem `json:"ecosystems"`
}

EcosystemsResponse represents the ecosystems list response

type ErrorResponse 

type ErrorResponse struct {
	Success bool   `json:"success"`
	Error   string `json:"error"`
	Details string `json:"details,omitempty"`
}

ErrorResponse represents an API error response

type ExploitSearchParams 

type ExploitSearchParams struct {
	Limit     int
	Offset    int
	Ecosystem string
	Source    string
	Severity  string
	Sort      string
	Query     string
	InKev     string
	MinEpss   string
}

type GCVEIssuanceIdentifier 

type GCVEIssuanceIdentifier struct {
	GcveID        string `json:"gcveId"`
	CveID         string `json:"cveId"`
	DatePublished int64  `json:"datePublished"`
}

GCVEIssuanceIdentifier represents a single GCVE issuance record

type GCVEIssuancesResponse 

type GCVEIssuancesResponse struct {
	Timestamp   int64                    `json:"timestamp"`
	Year        int                      `json:"year"`
	Month       int                      `json:"month"`
	Total       int                      `json:"total"`
	Limit       int                      `json:"limit"`
	Offset      int                      `json:"offset"`
	HasMore     bool                     `json:"hasMore"`
	Identifiers []GCVEIssuanceIdentifier `json:"identifiers"`
}

GCVEIssuancesResponse represents the paginated GCVE issuances response

type IOCSearchParams 

type IOCSearchParams struct {
	CveIDs     []string
	Countries  []string
	ASNs       []int
	Behavior   string
	Reputation string
	Since      string
	Limit      int
	Offset     int
	Format     string // json | stix
}

IOCSearchParams ─ GET /v2/iocs.

type IdentifiersMonthResponse 

type IdentifiersMonthResponse struct {
	Timestamp   int64    `json:"timestamp"`
	Year        int      `json:"year"`
	Month       int      `json:"month"`
	Total       int      `json:"total"`
	Limit       int      `json:"limit"`
	Offset      int      `json:"offset"`
	HasMore     bool     `json:"hasMore"`
	Identifiers []string `json:"identifiers"`
}

IdentifiersMonthResponse represents the paginated CVE identifiers response by month

type IdentifiersSearchResponse 

type IdentifiersSearchResponse struct {
	Timestamp   int64    `json:"timestamp"`
	Prefix      string   `json:"prefix"`
	Total       int      `json:"total"`
	Limit       int      `json:"limit"`
	Offset      int      `json:"offset"`
	HasMore     bool     `json:"hasMore"`
	Identifiers []string `json:"identifiers"`
}

IdentifiersSearchResponse represents the paginated CVE identifiers search response

type KevSearchParams 

type KevSearchParams struct {
	CveIDs    []string
	Sources   []string // CISA | vulnetix | enisa | vulncheck (repeat for OR; default = all four)
	Reason    string
	Since     string
	Until     string
	DueBefore string
	DueAfter  string
	Vendor    string
	Product   string
	Sort      string // due | added | cve
	Limit     int
	Offset    int
}

KevSearchParams ─ GET /v2/kev (the 4-source merged collection).

type NotFoundError 

type NotFoundError struct {
	Message string
}

NotFoundError is returned when the API responds with 404.

func (*NotFoundError) Error 

func (e *NotFoundError) Error() string

type ProductVersionsResponse 

type ProductVersionsResponse struct {
	PackageName string          `json:"packageName"`
	Timestamp   int64           `json:"timestamp"`
	Total       int             `json:"total"`
	Limit       int             `json:"limit"`
	Offset      int             `json:"offset"`
	HasMore     bool            `json:"hasMore"`
	Versions    []VersionRecord `json:"versions"`
}

ProductVersionsResponse represents product versions with pagination

type RateLimitInfo 

type RateLimitInfo struct {
	DayLimit   int    // RateLimit-DayLimit  (0 = unlimited)
	Remaining  int    // RateLimit-Remaining (-1 = unlimited)
	Reset      int    // RateLimit-Reset     (Unix epoch seconds)
	Plan       string // X-VDB-Plan          (community/pro/teams/enterprise)
	SoftLimits bool   // X-Softlimits        (true = advisory only, never blocked)
	Present    bool
}

RateLimitInfo holds rate limit data returned in API response headers. Headers are informational — the CLI never enforces limits based on them; only actual HTTP 429 responses trigger retry/backoff.

type SnortSearchParams 

type SnortSearchParams struct {
	CveIDs           []string
	Sources          []string
	Techniques       []string // MITRE ATT&CK T-id (any of)
	Tactics          []string // MITRE ATT&CK TA-id (any of)
	Classtype        string
	Severity         string
	Protocol         string
	Action           string
	DstPort          string
	SrcPort          string
	Disabled         string // "true" / "false" / ""
	Q                string // free-text on msg + rawText
	AffectedProducts []string
	Tags             []string
	Since            string // RFC3339
	Until            string // RFC3339
	Sort             string // recent | severity | id
	Limit            int
	Offset           int
}

SnortSearchParams carries the optional filter knobs for V2SnortRulesSearch. All fields are optional; zero-valued slices and strings are skipped.

type TimelineParams 

type TimelineParams struct {
	Include     string // comma-separated event types to include
	Exclude     string // comma-separated event types to exclude
	Dates       string // comma-separated CVE date fields: published,modified,reserved
	ScoresLimit int    // max score-change events (default 30, max 365)
}

ExploitSearchParams holds parameters for the exploit search endpoint TimelineParams holds filter parameters for the /vuln/{id}/timeline endpoint.

type TokenCache 

type TokenCache struct {
	Token     string
	ExpiresAt time.Time
}

TokenCache stores the JWT token and its expiration

type TokenResponse 

type TokenResponse struct {
	Token string `json:"token"`
	Iss   string `json:"iss"`
	Sub   string `json:"sub"`
	Exp   int64  `json:"exp"`
}

TokenResponse represents the JWT token response

type TreeSitterCapture 

type TreeSitterCapture struct {
	Name string `json:"name"`
	Kind string `json:"kind,omitempty"`
}

TreeSitterCapture describes a named capture inside a tree-sitter query.

type TreeSitterFilters 

type TreeSitterFilters struct {
	Language  string `json:"language,omitempty"`
	Ecosystem string `json:"ecosystem,omitempty"`
	VulnID    string `json:"vulnId,omitempty"`
}

TreeSitterFilters echoes the filter parameters back on the response.

type TreeSitterPredicate 

type TreeSitterPredicate struct {
	Kind    string   `json:"kind"`
	Name    string   `json:"name"`
	Negated bool     `json:"negated"`
	Args    []string `json:"args"`
}

TreeSitterPredicate describes a predicate or directive attached to a query (e.g. #eq?, #match?, #set!).

type TreeSitterQuery 

type TreeSitterQuery struct {
	VulnID      string                `json:"vulnId,omitempty"`
	Source      string                `json:"source,omitempty"`
	Ecosystems  []string              `json:"ecosystems,omitempty"`
	Language    string                `json:"language"`
	Name        string                `json:"name"`
	Description string                `json:"description,omitempty"`
	QueryText   string                `json:"queryText"`
	QueryHash   string                `json:"queryHash,omitempty"`
	DerivedBy   string                `json:"derivedBy,omitempty"`
	CreatedAt   int64                 `json:"createdAt,omitempty"`
	Captures    []TreeSitterCapture   `json:"captures,omitempty"`
	Predicates  []TreeSitterPredicate `json:"predicates,omitempty"`
	Directives  []TreeSitterPredicate `json:"directives,omitempty"`
}

TreeSitterQuery is a single S-expression query derived from CVE/OSV data by vdb-manager. The CLI runs these against source files to determine reachability of a vulnerable pattern.

type TreeSitterResponse 

type TreeSitterResponse struct {
	Identifier string            `json:"identifier"`
	Filters    TreeSitterFilters `json:"filters"`
	Queries    []TreeSitterQuery `json:"queries"`
}

TreeSitterResponse is the body of GET /vuln/{id}/tree-sitter.

type TriageParams 

type TriageParams struct {
	MinEpss           *float64
	MinEpssPercentile *float64
	MinCess           *float64
	MinCvss           *float64
	Severity          string
	InKev             string // "true" / "false" / ""
	KevSources        []string
	CWEs              []string
	Vendor            string
	Product           string
	Since             string
	WindowDays        int // 0 = unset; 1..30
	Sort              string
	Limit             int
	Offset            int
}

TriageParams ─ GET /v2/triage.

type V2QueryParams 

type V2QueryParams struct {
	Ecosystem   string
	PackageName string
	Vendor      string
	Product     string
	Distro      string
	Purl        string
	Limit       int
	Offset      int
}

V2QueryParams holds common context-filter query parameters for V2 endpoints.

type V2RemediationParams 

type V2RemediationParams struct {
	V2QueryParams
	CurrentVersion           string
	PackageManager           string
	ContainerImage           string
	OS                       string
	Registry                 string
	IncludeGuidance          bool
	IncludeVerificationSteps bool
}

V2RemediationParams extends V2QueryParams with remediation-plan-specific parameters.

type V2TimelineParams 

type V2TimelineParams struct {
	Include     string // comma-separated event types to include
	Exclude     string // comma-separated event types to exclude
	Dates       string // comma-separated CVE date fields: published,modified,reserved
	ScoresLimit int    // max score-change events (default 30, max 365)
}

V2TimelineParams holds filter parameters for the v2 timeline endpoint.

type V2TreeSitterParams 

type V2TreeSitterParams struct {
	Language  string
	Ecosystem string
}

V2TreeSitterParams filters the tree-sitter query endpoint.

type VersionRecord 

type VersionRecord struct {
	Version   string          `json:"version"`
	Ecosystem string          `json:"ecosystem"`
	Sources   []VersionSource `json:"sources"`
	CVEIDs    []string        `json:"cveIds,omitempty"`
}

VersionRecord represents a single version entry with ecosystem and sources

type VersionSource 

type VersionSource struct {
	SourceTable string                 `json:"sourceTable"`
	SourceID    string                 `json:"sourceId"`
	Metadata    map[string]interface{} `json:"metadata,omitempty"`
}

VersionSource represents a data source entry for a product version

func (*VersionSource) UnmarshalJSON added in v3.8.1 

func (s *VersionSource) UnmarshalJSON(data []byte) error

UnmarshalJSON tolerates both shapes the API uses for a version "source": the structured object ({"sourceTable":..,"sourceId":..}) emitted by /product, and the bare string (e.g. "nvd", "GHSA") emitted by /vulns. A bare string is stored as SourceTable so callers see a non-empty source either way.

type VexSearchParams 

type VexSearchParams struct {
	CveIDs   []string
	Status   string
	Supplier string
	Since    string
	Limit    int
	Offset   int
}

VexSearchParams ─ GET /v2/vex.

type VulnerabilitiesResponse 

type VulnerabilitiesResponse struct {
	PackageName     string          `json:"packageName"`
	Timestamp       int64           `json:"timestamp"`
	TotalCVEs       int             `json:"totalCVEs"`
	Total           int             `json:"total"`
	Limit           int             `json:"limit"`
	Offset          int             `json:"offset"`
	HasMore         bool            `json:"hasMore"`
	Versions        []VersionRecord `json:"versions"`
	Vulnerabilities []VersionRecord `json:"vulnerabilities"` // alternative key used by some API paths
	RawData         interface{}     `json:"-"`               // full parsed response for fallback display
}

VulnerabilitiesResponse represents vulnerabilities for a package

type VulnetixKevParams 

type VulnetixKevParams struct {
	Format            string   // "json" | "csv"
	Reasons           []string // filter by VulnetixKevReason enum values
	FilterMode        string   // "any" | "all" (default: any)
	Limit             int      // JSON pagination
	Offset            int      // JSON pagination
	IncludeReferences bool     // JSON-only; adds the `references` bucket per item
}

VulnetixKevParams holds filter options for GET /v2/vulnetix-kev.

type YaraSearchParams 

type YaraSearchParams struct {
	CveIDs      []string
	Sources     []string
	RuleName    string
	Tags        []string
	Imports     []string
	Author      string
	Q           string
	MatchString string
	MatchMeta   string
	Since       string
	Until       string
	Sort        string // recent | name
	Limit       int
	Offset      int
}

YaraSearchParams carries the optional filter knobs for V2YaraRulesSearch.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.