Documentation
¶
Index ¶
- Constants
- Variables
- func LoadCredentials() (orgID, secretKey string, err error)
- func LoadFullCredentials() (*auth.Credentials, error)
- type AttackTechniquesSearchParams
- type CVEInfo
- type CliCweGuidanceRequest
- type CliEnv
- type CliFindingResult
- type CliGitContext
- type CliIDsRequest
- type CliIngestionSnapshot
- type CliIntroducedViaPath
- type CliLicenseHit
- type CliManifestMetadata
- type CliPMCapability
- type CliPackageEntry
- type CliPackageInsight
- type CliPackageMgr
- type CliPurlsRequest
- type CliReachabilityHit
- type CliReachabilityPayload
- type CliReachabilityRequest
- type CliRemediationRequest
- type CliResponse
- type CliResponseMeta
- type CliSARIFFinding
- type CliSARIFRequest
- type CliSARIFResponse
- type CliSARIFStats
- type CliSBOMToolMetadata
- type CliSCAOptions
- type CliSCAReachabilityRequest
- type CliSCAReachabilityResponse
- type CliSCARequest
- type CliSCAResponse
- type CliSCAStats
- type CliScanRequest
- type CliTriageRequest
- type CliVersionStamp
- type CliVulnRequest
- type Client
- func (c *Client) CliAI(env CliEnv, payload any) (*CliResponse[map[string]any], error)
- func (c *Client) CliAdvisories(env CliEnv, ids []string) (*CliResponse[map[string]any], error)
- func (c *Client) CliAffected(env CliEnv, ids []string) (*CliResponse[map[string]any], error)
- func (c *Client) CliAttackTechniques(env CliEnv, ids []string) (*CliResponse[map[string]any], error)
- func (c *Client) CliContainers(env CliEnv, req CliSARIFRequest) (*CliResponse[CliSARIFResponse], error)
- func (c *Client) CliCweGuidance(env CliEnv, cweIDs []string) (*CliResponse[map[string]any], error)
- func (c *Client) CliExploits(env CliEnv, ids []string) (*CliResponse[map[string]any], error)
- func (c *Client) CliFixes(env CliEnv, ids []string) (*CliResponse[map[string]any], error)
- func (c *Client) CliIAC(env CliEnv, req CliSARIFRequest) (*CliResponse[CliSARIFResponse], error)
- func (c *Client) CliIOCs(env CliEnv, ids []string) (*CliResponse[map[string]any], error)
- func (c *Client) CliKev(env CliEnv, ids []string) (*CliResponse[map[string]any], error)
- func (c *Client) CliLicense(env CliEnv, req CliSARIFRequest) (*CliResponse[CliSARIFResponse], error)
- func (c *Client) CliMSRC(env CliEnv, ids []string) (*CliResponse[map[string]any], error)
- func (c *Client) CliNuclei(env CliEnv, ids []string) (*CliResponse[map[string]any], error)
- func (c *Client) CliReachability(env CliEnv, req CliReachabilityRequest) (*CliResponse[map[string]any], error)
- func (c *Client) CliRemediation(env CliEnv, req CliRemediationRequest) (*CliResponse[map[string]any], error)
- func (c *Client) CliSAST(env CliEnv, req CliSARIFRequest) (*CliResponse[CliSARIFResponse], error)
- func (c *Client) CliSCA(env CliEnv, req CliSCARequest) (*CliResponse[CliSCAResponse], error)
- func (c *Client) CliSCAReachability(env CliEnv, req CliSCAReachabilityRequest) (*CliResponse[CliSCAReachabilityResponse], error)
- func (c *Client) CliScan(env CliEnv, req CliScanRequest) (*CliResponse[CliSCAResponse], error)
- func (c *Client) CliScorecard(env CliEnv, purls []string) (*CliResponse[map[string]any], error)
- func (c *Client) CliSecrets(env CliEnv, req CliSARIFRequest) (*CliResponse[CliSARIFResponse], error)
- func (c *Client) CliSightings(env CliEnv, ids []string) (*CliResponse[map[string]any], error)
- func (c *Client) CliSnortRules(env CliEnv, ids []string) (*CliResponse[map[string]any], error)
- func (c *Client) CliTrends(env CliEnv, payload any) (*CliResponse[map[string]any], error)
- func (c *Client) CliTriage(env CliEnv, req CliTriageRequest) (*CliResponse[map[string]any], error)
- func (c *Client) CliVex(env CliEnv, ids []string) (*CliResponse[map[string]any], error)
- func (c *Client) CliVuln(env CliEnv, identifier string) (*CliResponse[map[string]any], error)
- func (c *Client) CliWorkarounds(env CliEnv, ids []string) (*CliResponse[map[string]any], error)
- func (c *Client) CliYaraRules(env CliEnv, ids []string) (*CliResponse[map[string]any], error)
- func (c *Client) CritLookup(provider, service, resourceType string) (*CritLookupResponse, error)
- func (c *Client) DoRequest(method, path string, body interface{}) ([]byte, error)
- func (c *Client) DoRequestCached(method, path string, body interface{}, ttl time.Duration) ([]byte, error)
- func (c *Client) DoRequestMultipart(path, filePath, fileField string, fields map[string]string) ([]byte, error)
- func (c *Client) DoRequestRawBody(method, path string, body []byte, contentType string) ([]byte, error)
- func (c *Client) EOLPackageVersion(ecosystem, packageName, version string) (*EOLReleaseResponse, error)
- func (c *Client) EOLProduct(product string) (*EOLProductResponse, error)
- func (c *Client) EOLRelease(product, release string) (*EOLReleaseResponse, error)
- func (c *Client) GetCVE(cveID string) (*CVEInfo, error)
- func (c *Client) GetCVEFixes(identifier string) (map[string]interface{}, error)
- func (c *Client) GetCVETimeline(identifier string, params TimelineParams) (map[string]interface{}, error)
- func (c *Client) GetCVEsByDateRange(start, end string) (map[string]interface{}, error)
- func (c *Client) GetEcosystemGroupPackage(ecosystem, group, artifact string) (map[string]interface{}, error)
- func (c *Client) GetEcosystemPackage(ecosystem, pkg string) (map[string]interface{}, error)
- func (c *Client) GetEcosystemPackageVersions(ecosystem, pkg string) (map[string]interface{}, error)
- func (c *Client) GetEcosystems() ([]Ecosystem, error)
- func (c *Client) GetExploitSources() (map[string]interface{}, error)
- func (c *Client) GetExploitTypes() (map[string]interface{}, error)
- func (c *Client) GetExploits(identifier string) (map[string]interface{}, error)
- func (c *Client) GetFixDistributions() (map[string]interface{}, error)
- func (c *Client) GetGCVEIssuances(year, month, limit, offset int) (*GCVEIssuancesResponse, error)
- func (c *Client) GetHealth() (map[string]interface{}, error)
- func (c *Client) GetIdentifiersByMonth(year, month, limit, offset int) (*IdentifiersMonthResponse, error)
- func (c *Client) GetMetricTypes() (map[string]interface{}, error)
- func (c *Client) GetOpenAPISpec() (map[string]interface{}, error)
- func (c *Client) GetPackageVersions(packageName string) (map[string]interface{}, error)
- func (c *Client) GetPackageVulnerabilities(packageName string, limit, offset int) (*VulnerabilitiesResponse, error)
- func (c *Client) GetProductVersion(productName, version string) (map[string]interface{}, error)
- func (c *Client) GetProductVersionEcosystem(productName, version, ecosystem string) (map[string]interface{}, error)
- func (c *Client) GetProductVersions(productName string, limit, offset int) (*ProductVersionsResponse, error)
- func (c *Client) GetSources() (map[string]interface{}, error)
- func (c *Client) GetSummary() (map[string]interface{}, error)
- func (c *Client) GetToken() (string, error)
- func (c *Client) GetTrafficFilters(identifier string, limit, offset int) (map[string]interface{}, error)
- func (c *Client) SearchExploits(params ExploitSearchParams) (map[string]interface{}, error)
- func (c *Client) SearchIdentifiers(prefix string, limit, offset int) (*IdentifiersSearchResponse, error)
- func (c *Client) SearchPackages(query, ecosystem string, limit, offset int) (map[string]interface{}, error)
- func (c *Client) V2Advisories(id string) (map[string]interface{}, error)
- func (c *Client) V2Affected(id string, p V2QueryParams) (map[string]interface{}, error)
- func (c *Client) V2AttackTechniques(id string) (map[string]interface{}, error)
- func (c *Client) V2AttackTechniquesSearch(p AttackTechniquesSearchParams) (map[string]interface{}, error)
- func (c *Client) V2CloudLocators(vendor, product string) (map[string]interface{}, error)
- func (c *Client) V2CweGuidance(id string) (map[string]interface{}, error)
- func (c *Client) V2DistributionPatches(id string, p V2QueryParams) (map[string]interface{}, error)
- func (c *Client) V2ExploitPoC(exploitUUID string) (body []byte, filename, sha256, originalURL string, err error)
- func (c *Client) V2IOCsSearch(p IOCSearchParams) ([]byte, string, error)
- func (c *Client) V2Kev(id string) (map[string]interface{}, error)
- func (c *Client) V2KevSearch(p KevSearchParams) (map[string]interface{}, error)
- func (c *Client) V2RawArchive(source, cveID string) (body []byte, contentType, sha256, r2Path string, err error)
- func (c *Client) V2RawSources() (map[string]interface{}, error)
- func (c *Client) V2RegistryFixes(id string, p V2QueryParams) (map[string]interface{}, error)
- func (c *Client) V2RemediationPlan(id string, p V2RemediationParams) (map[string]interface{}, error)
- func (c *Client) V2ScanCycloneDX(filePath string, metadata ...[]byte) (map[string]interface{}, error)
- func (c *Client) V2ScanManifest(filePath, manifestType, ecosystem string, metadata ...[]byte) (map[string]interface{}, error)
- func (c *Client) V2ScanSPDX(filePath string, metadata ...[]byte) (map[string]interface{}, error)
- func (c *Client) V2ScanStatus(scanID string) (map[string]interface{}, error)
- func (c *Client) V2Scorecard(id string) (map[string]interface{}, error)
- func (c *Client) V2ScorecardSearch(query string) (map[string]interface{}, error)
- func (c *Client) V2SnortRules(id string) (map[string]interface{}, error)
- func (c *Client) V2SnortRulesSearch(p SnortSearchParams) (map[string]interface{}, error)
- func (c *Client) V2SourceFixes(id string, p ...V2QueryParams) (map[string]interface{}, error)
- func (c *Client) V2Timeline(id string, p V2TimelineParams) (map[string]interface{}, error)
- func (c *Client) V2TreeSitterQueries(id string, p V2TreeSitterParams) (*TreeSitterResponse, error)
- func (c *Client) V2Triage(p TriageParams) (map[string]interface{}, error)
- func (c *Client) V2VexSearch(p VexSearchParams) (map[string]interface{}, error)
- func (c *Client) V2VulnExploits(id string) (map[string]interface{}, error)
- func (c *Client) V2VulnIOCs(id string) (map[string]interface{}, error)
- func (c *Client) V2VulnNuclei(id string) (map[string]interface{}, error)
- func (c *Client) V2VulnNucleiYAML(id string, first bool) ([]byte, error)
- func (c *Client) V2VulnSightings(id string) (map[string]interface{}, error)
- func (c *Client) V2VulnVex(id string) (map[string]interface{}, error)
- func (c *Client) V2Workarounds(id string) (map[string]interface{}, error)
- func (c *Client) V2YaraRules(id string) (map[string]interface{}, error)
- func (c *Client) V2YaraRulesSearch(p YaraSearchParams) (map[string]interface{}, error)
- func (c *Client) VulnetixKevGet(cveID string) (map[string]any, error)
- func (c *Client) VulnetixKevList(p VulnetixKevParams) ([]byte, error)
- type CritLookupExploits
- type CritLookupKev
- type CritLookupMatch
- type CritLookupResponse
- type CritLookupSnortRule
- type CritRecord
- type EOLProductDetail
- type EOLProductResponse
- type EOLReleaseDetail
- type EOLReleaseResponse
- type Ecosystem
- type EcosystemsResponse
- type ErrorResponse
- type ExploitSearchParams
- type GCVEIssuanceIdentifier
- type GCVEIssuancesResponse
- type IOCSearchParams
- type IdentifiersMonthResponse
- type IdentifiersSearchResponse
- type KevSearchParams
- type NotFoundError
- type ProductVersionsResponse
- type RateLimitInfo
- type SnortSearchParams
- type TimelineParams
- type TokenCache
- type TokenResponse
- type TreeSitterCapture
- type TreeSitterFilters
- type TreeSitterPredicate
- type TreeSitterQuery
- type TreeSitterResponse
- type TriageParams
- type V2QueryParams
- type V2RemediationParams
- type V2TimelineParams
- type V2TreeSitterParams
- type VersionRecord
- type VersionSource
- type VexSearchParams
- type VulnerabilitiesResponse
- type VulnetixKevParams
- type YaraSearchParams
Constants ¶
const ( // StaticEnumTTL is the cache TTL for slowly-changing enumeration endpoints. StaticEnumTTL = 1 * time.Hour // PaginatedEnumTTL is the cache TTL for paginated list endpoints. PaginatedEnumTTL = 5 * time.Minute )
const ( DefaultBaseURL = "https://api.vdb.vulnetix.com" DefaultAPIVersion = "/v2" Region = "us-east-1" Service = "vdb" Algorithm = "AWS4-HMAC-SHA512" TokenExpiry = 15 * time.Minute MaxRetries = 2 BaseBackoff = 2 * time.Second )
Variables ¶
var Verbose bool
Verbose controls whether transient retry/backoff progress messages (rate-limit retries, countdown waits) are emitted to stderr. Final errors are always returned to the caller. Set by the cmd layer from the --verbose flag.
Functions ¶
func LoadCredentials ¶
LoadCredentials loads VDB credentials using the centralized auth package. Returns orgID and secretKey for backward compatibility with existing callers.
func LoadFullCredentials ¶
func LoadFullCredentials() (*auth.Credentials, error)
LoadFullCredentials loads credentials as a full Credentials struct
Types ¶
type AttackTechniquesSearchParams ¶
type AttackTechniquesSearchParams struct {
TechniqueIDs []string
Tactics []string
CveIDs []string
Sources []string
CapecID string
Domain string
Subtechnique string
DerivedBy string
Q string
Since string
Until string
Limit int
Offset int
}
AttackTechniquesSearchParams carries the optional filter knobs for the MITRE ATT&CK collection endpoint.
type CVEInfo ¶
type CVEInfo struct {
Data interface{} // Store full response for display (array or object)
}
CVEInfo represents vulnerability information for a CVE
type CliCweGuidanceRequest ¶ added in v3.6.0
type CliCweGuidanceRequest struct {
CweIDs []string `json:"cweIds"`
}
CliCweGuidanceRequest accepts CWE-* ids.
type CliEnv ¶ added in v3.6.0
type CliEnv struct {
CliVersion string `json:"cliVersion,omitempty"`
Commit string `json:"commit,omitempty"`
BuildDate string `json:"buildDate,omitempty"`
Platform string `json:"platform,omitempty"`
Arch string `json:"arch,omitempty"`
OS string `json:"os,omitempty"`
Hostname string `json:"hostname,omitempty"`
Shell string `json:"shell,omitempty"`
Git *CliGitContext `json:"git,omitempty"`
PackageManagers []CliPackageMgr `json:"packageManagers,omitempty"`
MemoryPath string `json:"memoryPath,omitempty"`
Licenses []CliLicenseHit `json:"licenses,omitempty"`
Manifests []CliManifestMetadata `json:"manifests,omitempty"`
ToolMetadata *CliSBOMToolMetadata `json:"toolMetadata,omitempty"`
Capabilities []CliPMCapability `json:"capabilities,omitempty"`
}
CliEnv carries local-machine context. Every field is optional; older CLIs keep working as new fields are added server-side.
func SnapshotEnv ¶ added in v3.6.0
SnapshotEnv assembles the CliEnv block from the running CLI process. Safe to call at the start of every CLI command; reads are cheap (gitctx walks the cwd once, ManifestFiles is a static map lookup). Callers should pass the version/commit/buildDate constants the cmd package already plumbs.
type CliFindingResult ¶ added in v3.7.0
type CliFindingResult struct {
FindingID string `json:"findingId"`
FindingUuid string `json:"findingUuid"`
PackageName string `json:"packageName,omitempty"`
PackageVersion string `json:"packageVersion,omitempty"`
Purl string `json:"purl,omitempty"`
IntroducedVia []CliIntroducedViaPath `json:"introducedVia,omitempty"`
}
CliFindingResult mirrors the persisted Finding for reachability correlation.
type CliGitContext ¶ added in v3.6.0
type CliGitContext struct {
Branch string `json:"branch,omitempty"`
Commit string `json:"commit,omitempty"`
Author string `json:"author,omitempty"`
Remotes []string `json:"remotes,omitempty"`
Dirty bool `json:"dirty,omitempty"`
RepoRoot string `json:"repoRoot,omitempty"`
}
CliGitContext is the subset of repo state useful for triage correlation.
type CliIDsRequest ¶ added in v3.6.0
type CliIDsRequest struct {
IDs []string `json:"ids"`
}
CliIDsRequest is the standard { ids: [...] } shape.
type CliIngestionSnapshot ¶ added in v3.7.0
type CliIngestionSnapshot struct {
Uuid string `json:"uuid"`
URL string `json:"url"`
CreatedAt int64 `json:"createdAt"`
}
CliIngestionSnapshot is the persistent snapshot the server creates when the authenticated org has a SaaS-side Org row. URL is the user-facing link.
type CliIntroducedViaPath ¶ added in v3.7.0
type CliIntroducedViaPath struct {
PathIndex int `json:"pathIndex"`
PathLength int `json:"pathLength"`
PackageManager string `json:"packageManager"`
ManifestFile string `json:"manifestFile"`
DependencyPath string `json:"dependencyPath"`
DependencyKeys []string `json:"dependencyKeys"`
}
CliIntroducedViaPath mirrors FindingIntroducedVia rows.
type CliLicenseHit ¶ added in v3.7.0
type CliLicenseHit struct {
SPDXID string `json:"spdxId,omitempty"`
Name string `json:"name,omitempty"`
URL string `json:"url,omitempty"`
Source string `json:"source,omitempty"`
Acknowledge string `json:"acknowledgement,omitempty"`
Text string `json:"text,omitempty"`
}
CliLicenseHit mirrors vdb-api/internal/handler/v2_cli_common.go.
type CliManifestMetadata ¶ added in v3.7.0
type CliManifestMetadata struct {
Path string `json:"path"`
Ecosystem string `json:"ecosystem,omitempty"`
IsLock bool `json:"isLock,omitempty"`
SHA256 string `json:"sha256,omitempty"`
Size int `json:"size,omitempty"`
ContentType string `json:"contentType,omitempty"`
License string `json:"license,omitempty"` // declared license from the manifest field
Provider string `json:"provider,omitempty"`
Registry string `json:"registry,omitempty"`
Content string `json:"content,omitempty"` // raw manifest body (chunk-0 only)
}
CliManifestMetadata describes one manifest the CLI parsed. Content is the raw file body; it is populated only on the chunk-0 env (the chunk that carries Packages, where persistence runs) to keep within the request size cap.
type CliPMCapability ¶ added in v3.7.0
type CliPMCapability struct {
Ecosystem string `json:"ecosystem"`
CapabilityName string `json:"capabilityName"`
Supported bool `json:"supported"`
Detected bool `json:"detected"`
Confidence float64 `json:"confidence,omitempty"`
Evidence string `json:"evidence,omitempty"`
FilePath string `json:"filePath,omitempty"`
Binary string `json:"binary,omitempty"`
BinaryPath string `json:"binaryPath,omitempty"`
Version string `json:"version,omitempty"`
VersionCommand string `json:"versionCommand,omitempty"`
Authoritative bool `json:"authoritative,omitempty"`
}
CliPMCapability — one detected package-manager capability on the host. The binary/version fields describe a concrete resolver binary; Authoritative is true when a lockfile narrowed the manifest to this specific binary.
type CliPackageEntry ¶ added in v3.7.0
type CliPackageEntry struct {
Purl string `json:"purl"`
Name string `json:"name,omitempty"`
Version string `json:"version,omitempty"`
Ecosystem string `json:"ecosystem,omitempty"`
ManifestFile string `json:"manifestFile,omitempty"`
Scope string `json:"scope,omitempty"`
License string `json:"license,omitempty"`
IntroducedVia [][]string `json:"introducedVia,omitempty"`
}
CliPackageEntry — per-package dependency-path context so the server can compute FindingIntroducedVia paths.
type CliPackageInsight ¶ added in v3.8.1
type CliPackageInsight struct {
Purl string `json:"purl"`
Name string `json:"name"`
Version string `json:"version"`
Ecosystem string `json:"ecosystem"`
PublishedAt *int64 `json:"publishedAt,omitempty"` // ms epoch — installed version (--cooldown)
PublishSource string `json:"publishSource,omitempty"` // "db" | "deps.dev"
LatestVersions []CliVersionStamp `json:"latestVersions,omitempty"` // newest-first by publish date (--version-lag)
IsEOL bool `json:"isEol,omitempty"`
EOLFrom string `json:"eolFrom,omitempty"`
IsMalicious bool `json:"isMalicious,omitempty"`
MalwareSource string `json:"malwareSource,omitempty"`
}
CliPackageInsight carries per-package policy-gate signals the server computes for --cooldown, --version-lag, --block-eol and --block-malware. Mirrors the vdb-api handler.CliPackageInsight contract.
type CliPackageMgr ¶ added in v3.6.0
type CliPackageMgr struct {
Ecosystem string `json:"ecosystem"`
Manifest string `json:"manifest,omitempty"`
IsLock bool `json:"isLock,omitempty"`
}
CliPackageMgr is one manifest detected near the cwd.
type CliPurlsRequest ¶ added in v3.6.0
type CliPurlsRequest struct {
Purls []string `json:"purls"`
}
CliPurlsRequest — { purls: [...] }.
type CliReachabilityHit ¶ added in v3.6.0
type CliReachabilityHit struct {
VulnID string `json:"vulnId"`
Purl string `json:"purl,omitempty"`
Source string `json:"source,omitempty"`
Language string `json:"language"`
Name string `json:"name"`
QueryText string `json:"queryText"`
QueryHash string `json:"queryHash,omitempty"`
Description string `json:"description,omitempty"`
DerivedBy string `json:"derivedBy,omitempty"`
Captures []map[string]any `json:"captures,omitempty"`
Predicates []map[string]any `json:"predicates,omitempty"`
}
type CliReachabilityPayload ¶ added in v3.7.0
type CliReachabilityPayload struct {
CveID string `json:"cveId"`
FindingUuid string `json:"findingUuid,omitempty"`
PackageName string `json:"packageName"`
PackageVersion string `json:"packageVersion,omitempty"`
Purl string `json:"purl,omitempty"`
Language string `json:"language,omitempty"`
Ecosystem string `json:"ecosystem,omitempty"`
Source string `json:"source"`
Verdict string `json:"verdict"`
TreeSitterQueryUuid string `json:"treeSitterQueryUuid,omitempty"`
QueryHash string `json:"queryHash,omitempty"`
MatchedFile string `json:"matchedFile,omitempty"`
MatchedRoutine string `json:"matchedRoutine,omitempty"`
MatchedModule string `json:"matchedModule,omitempty"`
MatchStartLine int `json:"matchStartLine,omitempty"`
MatchEndLine int `json:"matchEndLine,omitempty"`
EvidenceJSON string `json:"evidenceJSON,omitempty"`
MemoryVexStatus string `json:"memoryVexStatus,omitempty"`
MemoryVexJustification string `json:"memoryVexJustification,omitempty"`
MemoryVexAction string `json:"memoryVexAction,omitempty"`
Severity string `json:"severity,omitempty"`
FixedVersion string `json:"fixedVersion,omitempty"`
}
CliReachabilityPayload is one local reachability hit (tree-sitter OR grep-symbol).
type CliReachabilityRequest ¶ added in v3.6.0
type CliReachabilityRequest struct {
IDs []string `json:"ids"`
Languages []string `json:"languages,omitempty"`
}
CliReachabilityRequest restricts queries to specific languages.
type CliRemediationRequest ¶ added in v3.6.0
type CliRemediationRequest struct {
IDs []string `json:"ids"`
Context map[string]string `json:"context,omitempty"`
}
CliRemediationRequest carries per-id context (ecosystem, packageName, etc.).
type CliResponse ¶ added in v3.6.0
type CliResponse[T any] struct { Meta CliResponseMeta Data T }
CliResponse couples meta + the typed payload after decode. Returned by every method so callers can surface tier-gated affordances in the CLI output.
type CliResponseMeta ¶ added in v3.6.0
type CliResponseMeta struct {
Tier string `json:"tier"`
EndpointVersion string `json:"endpointVersion"`
RequestID string `json:"requestId"`
Timestamp int64 `json:"timestamp"`
TierGated map[string]bool `json:"tierGated,omitempty"`
}
CliResponseMeta is the top-level meta block on every response.
type CliSARIFFinding ¶ added in v3.7.0
type CliSARIFFinding struct {
RuleID string `json:"ruleId"`
RuleName string `json:"ruleName,omitempty"`
Message string `json:"message,omitempty"`
Severity string `json:"severity,omitempty"`
Level string `json:"level,omitempty"`
SecuritySeverity string `json:"securitySeverity,omitempty"`
File string `json:"file,omitempty"`
PackagePurl string `json:"packagePurl,omitempty"`
StartLine int `json:"startLine,omitempty"`
EndLine int `json:"endLine,omitempty"`
Fingerprint string `json:"fingerprint,omitempty"`
CWEs []int `json:"cwes,omitempty"`
Tags []string `json:"tags,omitempty"`
SARIFGuid string `json:"sarifGuid,omitempty"`
CodeSnippet string `json:"codeSnippet,omitempty"`
SnippetStartLine int `json:"snippetStartLine,omitempty"`
SnippetEndLine int `json:"snippetEndLine,omitempty"`
MemoryVexStatus string `json:"memoryVexStatus,omitempty"`
MemoryVexJustification string `json:"memoryVexJustification,omitempty"`
MemoryVexAction string `json:"memoryVexAction,omitempty"`
}
CliSARIFFinding mirrors vdb-api/internal/handler/cli_persist_sarif.go.
type CliSARIFRequest ¶ added in v3.7.0
type CliSARIFRequest struct {
SARIF map[string]any `json:"sarif"`
Findings []CliSARIFFinding `json:"findings"`
}
CliSARIFRequest is the shared payload for every SARIF-shaped subcommand (sast / secrets / iac / containers / license).
type CliSARIFResponse ¶ added in v3.7.0
type CliSARIFResponse struct {
IngestionSnapshot *CliIngestionSnapshot `json:"ingestionSnapshot,omitempty"`
Findings []CliFindingResult `json:"findings,omitempty"`
Stats CliSARIFStats `json:"stats"`
}
CliSARIFResponse is the typed response from every SARIF endpoint.
type CliSARIFStats ¶ added in v3.7.0
type CliSARIFStats struct {
Findings int `json:"findings"`
Rules int `json:"rules"`
BySeverity map[string]int `json:"bySeverity"`
}
CliSARIFStats summarises the run for end-of-scan CLI output.
type CliSBOMToolMetadata ¶ added in v3.7.0
type CliSBOMToolMetadata struct {
ToolName string `json:"toolName,omitempty"`
ToolVersion string `json:"toolVersion,omitempty"`
ToolVendor string `json:"toolVendor,omitempty"`
ToolHash string `json:"toolHash,omitempty"`
}
CliSBOMToolMetadata describes the CLI tool itself for the SBOMToolMetadata row.
type CliSCAOptions ¶ added in v3.6.0
type CliSCAOptions struct {
IncludeReachability *bool `json:"includeReachability,omitempty"`
IncludeVEX *bool `json:"includeVEX,omitempty"`
// Gate-data toggles: request per-package policy signals (PackageInsights)
// only when a `scan` gate is active, so a plain scan pays nothing extra.
IncludeCooldown bool `json:"includeCooldown,omitempty"` // installed-version publish dates (--cooldown)
IncludeVersionLag bool `json:"includeVersionLag,omitempty"` // full version list (--version-lag)
IncludeEOL bool `json:"includeEol,omitempty"` // package-level EOL (--block-eol)
IncludeMalware bool `json:"includeMalware,omitempty"` // malicious-package check (--block-malware)
}
type CliSCAReachabilityRequest ¶ added in v3.7.0
type CliSCAReachabilityRequest struct {
IngestionSnapshotUuid string `json:"ingestionSnapshotUuid"`
Results []CliReachabilityPayload `json:"results"`
}
CliSCAReachabilityRequest is the payload for the reachability post-step.
type CliSCAReachabilityResponse ¶ added in v3.7.0
type CliSCAReachabilityResponse struct {
Persisted int `json:"persisted"`
SBOMUrl string `json:"sbomUrl,omitempty"`
VEXUrl string `json:"vexUrl,omitempty"`
OpenVexUuid string `json:"openVexUuid,omitempty"`
}
CliSCAReachabilityResponse is the success body.
type CliSCARequest ¶ added in v3.6.0
type CliSCARequest struct {
Purls []string `json:"purls"`
Packages []CliPackageEntry `json:"packages,omitempty"`
Options CliSCAOptions `json:"options,omitempty"`
}
type CliSCAResponse ¶ added in v3.6.0
type CliSCAResponse struct {
CycloneDX map[string]any `json:"cyclonedx"`
Reachability []CliReachabilityHit `json:"reachability"`
Stats CliSCAStats `json:"stats"`
IngestionSnapshot *CliIngestionSnapshot `json:"ingestionSnapshot,omitempty"`
Findings []CliFindingResult `json:"findings,omitempty"`
PackageInsights []CliPackageInsight `json:"packageInsights,omitempty"`
}
type CliSCAStats ¶ added in v3.6.0
type CliScanRequest ¶ added in v3.6.0
type CliScanRequest struct {
CliSCARequest
ContainerImages []string `json:"containerImages,omitempty"`
IaCFrameworks []string `json:"iacFrameworks,omitempty"`
Languages []string `json:"languages,omitempty"`
}
CliScanRequest is the superset payload for /v2/cli.scan.
type CliTriageRequest ¶ added in v3.6.0
type CliTriageRequest struct {
Severity []string `json:"severity,omitempty"`
MinCvss float64 `json:"minCvss,omitempty"`
MinEpss float64 `json:"minEpss,omitempty"`
InKev *bool `json:"inKev,omitempty"`
Since string `json:"since,omitempty"`
Limit int `json:"limit,omitempty"`
Offset int `json:"offset,omitempty"`
}
CliTriageRequest mirrors the /v2/triage filters in body form.
type CliVersionStamp ¶ added in v3.8.1
type CliVersionStamp struct {
Version string `json:"version"`
PublishedAt *int64 `json:"publishedAt,omitempty"`
}
CliVersionStamp is one version + its publish date (ms epoch).
type CliVulnRequest ¶ added in v3.6.0
type CliVulnRequest struct {
Identifier string `json:"identifier"`
}
CliVulnRequest fetches a single envelope.
type Client ¶
type Client struct {
BaseURL string
APIVersion string
OrgID string
SecretKey string
AuthMethod auth.AuthMethod
APIKey string // hex digest for Direct API Key auth
HTTPClient *http.Client
LastRateLimit *RateLimitInfo
LastCacheStatus string // "HIT", "MISS", "LOCAL", "REVALIDATED", or "" if no X-Cache header
Cache *cache.DiskCache
NoCache bool
RefreshCache bool
FallbackCreds *auth.Credentials // community creds to use when quota exhausted; nil = disabled
UsingFallback bool // true after client switched to fallback (readable by cmd layer)
// contains filtered or unexported fields
}
Client represents a VDB API client
func NewClientFromCredentials ¶
func NewClientFromCredentials(creds *auth.Credentials) *Client
NewClientFromCredentials creates a VDB API client from centralized credentials
func (*Client) CliAI ¶ added in v3.6.0
Remaining stub-class endpoints (ai/trends) — these still use the legacy generic shape; they are not part of the SARIF persistence flow.
func (*Client) CliAdvisories ¶ added in v3.6.0
func (*Client) CliAffected ¶ added in v3.6.0
func (*Client) CliAttackTechniques ¶ added in v3.6.0
func (*Client) CliContainers ¶ added in v3.6.0
func (c *Client) CliContainers(env CliEnv, req CliSARIFRequest) (*CliResponse[CliSARIFResponse], error)
func (*Client) CliCweGuidance ¶ added in v3.6.0
CliCweGuidance — POST /v2/cli.cwe-guidance.
func (*Client) CliExploits ¶ added in v3.6.0
CliExploits — POST /v2/cli.exploits.
func (*Client) CliFixes ¶ added in v3.6.0
CliFixes — POST /v2/cli.fixes. Replaces the 3-call registry/distributions/source dance.
func (*Client) CliIAC ¶ added in v3.6.0
func (c *Client) CliIAC(env CliEnv, req CliSARIFRequest) (*CliResponse[CliSARIFResponse], error)
func (*Client) CliLicense ¶ added in v3.6.0
func (c *Client) CliLicense(env CliEnv, req CliSARIFRequest) (*CliResponse[CliSARIFResponse], error)
func (*Client) CliMSRC ¶ added in v3.6.0
CliMSRC, CliNuclei, CliSnortRules, CliYaraRules, CliAttackTechniques, CliIOCs, CliSightings, CliAdvisories, CliWorkarounds, CliAffected all share the { ids: [...] } shape on the wire.
func (*Client) CliReachability ¶ added in v3.6.0
func (c *Client) CliReachability(env CliEnv, req CliReachabilityRequest) (*CliResponse[map[string]any], error)
CliReachability — POST /v2/cli.reachability. Tier-gated on the server.
func (*Client) CliRemediation ¶ added in v3.6.0
func (c *Client) CliRemediation(env CliEnv, req CliRemediationRequest) (*CliResponse[map[string]any], error)
CliRemediation — POST /v2/cli.remediation.
func (*Client) CliSAST ¶ added in v3.6.0
func (c *Client) CliSAST(env CliEnv, req CliSARIFRequest) (*CliResponse[CliSARIFResponse], error)
SARIF-shaped scan endpoints. Each returns the same persistence response (IngestionSnapshot + Findings + Stats) so the CLI's snapshot-URL output is uniform across kinds.
func (*Client) CliSCA ¶ added in v3.6.0
func (c *Client) CliSCA(env CliEnv, req CliSCARequest) (*CliResponse[CliSCAResponse], error)
CliSCA — POST /v2/cli.sca. The flagship: PURLs + env → CycloneDX 1.6 + reachability + stats in a single round-trip.
func (*Client) CliSCAReachability ¶ added in v3.7.0
func (c *Client) CliSCAReachability(env CliEnv, req CliSCAReachabilityRequest) (*CliResponse[CliSCAReachabilityResponse], error)
CliSCAReachability — POST /v2/cli.sca-reachability. The second leg of the SCA round-trip: send per-CVE local reachability evidence anchored to the IngestionSnapshot.uuid returned from /v2/cli.sca.
func (*Client) CliScan ¶ added in v3.6.0
func (c *Client) CliScan(env CliEnv, req CliScanRequest) (*CliResponse[CliSCAResponse], error)
CliScan — POST /v2/cli.scan. Superset of CliSCA with container/IaC inputs.
func (*Client) CliScorecard ¶ added in v3.6.0
CliScorecard — POST /v2/cli.scorecard.
func (*Client) CliSecrets ¶ added in v3.6.0
func (c *Client) CliSecrets(env CliEnv, req CliSARIFRequest) (*CliResponse[CliSARIFResponse], error)
func (*Client) CliSightings ¶ added in v3.6.0
func (*Client) CliSnortRules ¶ added in v3.6.0
func (*Client) CliTriage ¶ added in v3.6.0
func (c *Client) CliTriage(env CliEnv, req CliTriageRequest) (*CliResponse[map[string]any], error)
CliTriage — POST /v2/cli.triage.
func (*Client) CliVuln ¶ added in v3.6.0
CliVuln — POST /v2/cli.vuln. Single-vuln envelope + metrics.
func (*Client) CliWorkarounds ¶ added in v3.6.0
func (*Client) CliYaraRules ¶ added in v3.6.0
func (*Client) CritLookup ¶
func (c *Client) CritLookup(provider, service, resourceType string) (*CritLookupResponse, error)
CritLookup queries the VDB for vulnerabilities matching a CRIT template. The CRIT template is defined by provider (e.g. "aws"), service (e.g. "ec2"), and resourceType (e.g. "instance").
func (*Client) DoRequest ¶
DoRequest performs an authenticated API request with retry for transient errors.
func (*Client) DoRequestCached ¶
func (c *Client) DoRequestCached(method, path string, body interface{}, ttl time.Duration) ([]byte, error)
DoRequestCached performs an authenticated, cached GET request. For non-GET or when cache is disabled, it falls through to DoRequest.
func (*Client) DoRequestMultipart ¶
func (c *Client) DoRequestMultipart(path, filePath, fileField string, fields map[string]string) ([]byte, error)
DoRequestMultipart performs an authenticated multipart/form-data API request.
func (*Client) DoRequestRawBody ¶
func (c *Client) DoRequestRawBody(method, path string, body []byte, contentType string) ([]byte, error)
DoRequestRawBody performs an authenticated API request with a raw body (not JSON-marshaled).
func (*Client) EOLPackageVersion ¶
func (c *Client) EOLPackageVersion(ecosystem, packageName, version string) (*EOLReleaseResponse, error)
EOLPackageVersion retrieves EOL lifecycle data for a specific package version. Returns (nil, nil) when the package/version is not in the VDB EOL database (404). Endpoint: GET /v1/eol/packages/{ecosystem}/{package}/versions/{version}
func (*Client) EOLProduct ¶
func (c *Client) EOLProduct(product string) (*EOLProductResponse, error)
EOLProduct retrieves product metadata and all releases for an EOL product.
func (*Client) EOLRelease ¶
func (c *Client) EOLRelease(product, release string) (*EOLReleaseResponse, error)
EOLRelease retrieves lifecycle data for a specific product release.
func (*Client) GetCVEFixes ¶
GetCVEFixes retrieves fix data for a specific CVE identifier
func (*Client) GetCVETimeline ¶
func (c *Client) GetCVETimeline(identifier string, params TimelineParams) (map[string]interface{}, error)
GetCVETimeline retrieves the vulnerability timeline from the v1 API.
func (*Client) GetCVEsByDateRange ¶
GetCVEsByDateRange retrieves paginated CVEs by date range
func (*Client) GetEcosystemGroupPackage ¶
func (c *Client) GetEcosystemGroupPackage(ecosystem, group, artifact string) (map[string]interface{}, error)
GetEcosystemGroupPackage retrieves Maven-style group/artifact information in a specific ecosystem
func (*Client) GetEcosystemPackage ¶
GetEcosystemPackage retrieves package information scoped to a specific ecosystem
func (*Client) GetEcosystemPackageVersions ¶
GetEcosystemPackageVersions retrieves version information for a package in a specific ecosystem
func (*Client) GetEcosystems ¶
GetEcosystems retrieves the list of available ecosystems
func (*Client) GetExploitSources ¶
GetExploitSources retrieves the list of exploit intelligence sources
func (*Client) GetExploitTypes ¶
GetExploitTypes retrieves the list of exploit type classifications
func (*Client) GetExploits ¶
GetExploits retrieves exploit intelligence for a specific CVE identifier
func (*Client) GetFixDistributions ¶
GetFixDistributions retrieves the list of supported Linux distributions for fix advisories
func (*Client) GetGCVEIssuances ¶
func (c *Client) GetGCVEIssuances(year, month, limit, offset int) (*GCVEIssuancesResponse, error)
GetGCVEIssuances retrieves GCVE issuances for a given year/month with pagination
func (*Client) GetHealth ¶
GetHealth checks the API health endpoint (unauthenticated, root-level path).
func (*Client) GetIdentifiersByMonth ¶
func (c *Client) GetIdentifiersByMonth(year, month, limit, offset int) (*IdentifiersMonthResponse, error)
GetIdentifiersByMonth retrieves CVE identifiers published in a given year/month
func (*Client) GetMetricTypes ¶
GetMetricTypes retrieves the list of vulnerability metric/scoring types
func (*Client) GetOpenAPISpec ¶
GetOpenAPISpec retrieves the OpenAPI specification
func (*Client) GetPackageVersions ¶
GetPackageVersions retrieves all known versions for a package across ecosystems
func (*Client) GetPackageVulnerabilities ¶
func (c *Client) GetPackageVulnerabilities(packageName string, limit, offset int) (*VulnerabilitiesResponse, error)
GetPackageVulnerabilities retrieves vulnerabilities for a package
func (*Client) GetProductVersion ¶
GetProductVersion retrieves information for a specific product version
func (*Client) GetProductVersionEcosystem ¶
func (c *Client) GetProductVersionEcosystem(productName, version, ecosystem string) (map[string]interface{}, error)
GetProductVersionEcosystem retrieves product version information scoped to a specific ecosystem
func (*Client) GetProductVersions ¶
func (c *Client) GetProductVersions(productName string, limit, offset int) (*ProductVersionsResponse, error)
GetProductVersions retrieves all versions for a product with pagination
func (*Client) GetSources ¶
GetSources retrieves the list of vulnerability data sources
func (*Client) GetSummary ¶
GetSummary retrieves global all-time database statistics.
func (*Client) GetToken ¶
GetToken retrieves a valid JWT token (from cache or by requesting a new one)
func (*Client) GetTrafficFilters ¶
func (c *Client) GetTrafficFilters(identifier string, limit, offset int) (map[string]interface{}, error)
GetTrafficFilters retrieves IDS/IPS traffic filter rules (Snort) for a vulnerability.
func (*Client) SearchExploits ¶
func (c *Client) SearchExploits(params ExploitSearchParams) (map[string]interface{}, error)
SearchExploits searches for exploits across CVEs with pagination and filters
func (*Client) SearchIdentifiers ¶
func (c *Client) SearchIdentifiers(prefix string, limit, offset int) (*IdentifiersSearchResponse, error)
SearchIdentifiers retrieves CVE identifiers matching a prefix
func (*Client) SearchPackages ¶
func (c *Client) SearchPackages(query, ecosystem string, limit, offset int) (map[string]interface{}, error)
SearchPackages performs a full-text search across packages
func (*Client) V2Advisories ¶
V2Advisories retrieves advisory data for a vulnerability.
func (*Client) V2Affected ¶
func (c *Client) V2Affected(id string, p V2QueryParams) (map[string]interface{}, error)
V2Affected retrieves affected product/package data for a vulnerability.
func (*Client) V2AttackTechniques ¶
V2AttackTechniques retrieves the ATT&CK technique mapping for a single CVE.
func (*Client) V2AttackTechniquesSearch ¶
func (c *Client) V2AttackTechniquesSearch(p AttackTechniquesSearchParams) (map[string]interface{}, error)
V2AttackTechniquesSearch performs a collection-wide search for ATT&CK technique mappings across CVEs.
func (*Client) V2CloudLocators ¶
V2CloudLocators retrieves cloud resource locator templates for a vendor/product pair.
func (*Client) V2CweGuidance ¶
V2CweGuidance retrieves CWE-based guidance for a vulnerability.
func (*Client) V2DistributionPatches ¶
func (c *Client) V2DistributionPatches(id string, p V2QueryParams) (map[string]interface{}, error)
V2DistributionPatches retrieves distribution patch data for a vulnerability.
func (*Client) V2ExploitPoC ¶
func (c *Client) V2ExploitPoC(exploitUUID string) (body []byte, filename, sha256, originalURL string, err error)
V2ExploitPoC — GET /v2/exploits/{exploitUuid}/poc. Returns raw bytes, the original filename (from Content-Disposition), and the SHA-256 hash (from X-Vulnetix-Sha256). The CLI uses these to write a file with a chain-of-custody-friendly name + integrity check.
func (*Client) V2IOCsSearch ¶
func (c *Client) V2IOCsSearch(p IOCSearchParams) ([]byte, string, error)
V2IOCsSearch returns the raw response body so the caller can switch on `format` (the STIX bundle is not JSON-shape compatible).
func (*Client) V2KevSearch ¶
func (c *Client) V2KevSearch(p KevSearchParams) (map[string]interface{}, error)
func (*Client) V2RawArchive ¶
func (c *Client) V2RawArchive(source, cveID string) (body []byte, contentType, sha256, r2Path string, err error)
V2RawArchive — GET /v2/raw/{source}/{cveId}. Returns raw bytes + content-type + sha256.
func (*Client) V2RawSources ¶
V2RawSources — GET /v2/raw/sources.
func (*Client) V2RegistryFixes ¶
func (c *Client) V2RegistryFixes(id string, p V2QueryParams) (map[string]interface{}, error)
V2RegistryFixes retrieves registry-sourced fixes for a vulnerability.
func (*Client) V2RemediationPlan ¶
func (c *Client) V2RemediationPlan(id string, p V2RemediationParams) (map[string]interface{}, error)
V2RemediationPlan retrieves a context-aware remediation plan for a vulnerability.
func (*Client) V2ScanCycloneDX ¶
func (c *Client) V2ScanCycloneDX(filePath string, metadata ...[]byte) (map[string]interface{}, error)
V2ScanCycloneDX uploads a CycloneDX document for scanning. An optional metadata parameter (JSON bytes) is sent as a query parameter.
func (*Client) V2ScanManifest ¶
func (c *Client) V2ScanManifest(filePath, manifestType, ecosystem string, metadata ...[]byte) (map[string]interface{}, error)
V2ScanManifest uploads a manifest file for scanning. An optional metadata parameter (JSON bytes) is sent as the "metadata" form field.
func (*Client) V2ScanSPDX ¶
V2ScanSPDX uploads an SPDX document for scanning. An optional metadata parameter (JSON bytes) is sent as a query parameter.
func (*Client) V2ScanStatus ¶
V2ScanStatus retrieves the status of a scan.
func (*Client) V2Scorecard ¶
V2Scorecard retrieves the vulnerability scorecard.
func (*Client) V2ScorecardSearch ¶
V2ScorecardSearch searches scorecards by repository name.
func (*Client) V2SnortRules ¶
V2SnortRules retrieves a CVE's Snort rules (per-CVE endpoint).
func (*Client) V2SnortRulesSearch ¶
func (c *Client) V2SnortRulesSearch(p SnortSearchParams) (map[string]interface{}, error)
V2SnortRulesSearch performs a collection-wide search for Snort rules with expressive filters.
func (*Client) V2SourceFixes ¶
func (c *Client) V2SourceFixes(id string, p ...V2QueryParams) (map[string]interface{}, error)
V2SourceFixes retrieves upstream source fixes for a vulnerability.
func (*Client) V2Timeline ¶
func (c *Client) V2Timeline(id string, p V2TimelineParams) (map[string]interface{}, error)
V2Timeline retrieves the vulnerability timeline with optional filters.
func (*Client) V2TreeSitterQueries ¶
func (c *Client) V2TreeSitterQueries(id string, p V2TreeSitterParams) (*TreeSitterResponse, error)
V2TreeSitterQueries retrieves tree-sitter S-expression queries derived from the named vulnerability. Returns a typed response (unlike most v2 helpers) because the scanner consumes the result programmatically.
func (*Client) V2VexSearch ¶
func (c *Client) V2VexSearch(p VexSearchParams) (map[string]interface{}, error)
func (*Client) V2VulnExploits ¶
V2VulnExploits — GET /v2/vuln/{id}/exploits.
func (*Client) V2VulnNuclei ¶
V2VulnNuclei — GET /v2/vuln/{id}/nuclei. The CLI calls without format for the JSON listing, then optionally re-fetches with format=yaml&first=true to print a single template body.
func (*Client) V2VulnNucleiYAML ¶
V2VulnNucleiYAML — GET /v2/vuln/{id}/nuclei?format=yaml. Returns the raw YAML body. With first=true, returns the first template alone.
func (*Client) V2VulnSightings ¶
V2VulnSightings — GET /v2/vuln/{id}/sightings.
func (*Client) V2Workarounds ¶
V2Workarounds retrieves workaround information for a vulnerability.
func (*Client) V2YaraRules ¶
V2YaraRules retrieves a CVE's YARA rules (per-CVE endpoint).
func (*Client) V2YaraRulesSearch ¶
func (c *Client) V2YaraRulesSearch(p YaraSearchParams) (map[string]interface{}, error)
V2YaraRulesSearch performs a collection-wide search for YARA rules.
func (*Client) VulnetixKevGet ¶
VulnetixKevGet fetches a single entry by CVE ID. Implemented client-side as a list + filter since the API exposes the catalogue as a collection. Returns a NotFoundError if the CVE isn't in the catalogue.
func (*Client) VulnetixKevList ¶
func (c *Client) VulnetixKevList(p VulnetixKevParams) ([]byte, error)
VulnetixKevList fetches the full Vulnetix KEV catalogue. The response bytes are returned verbatim — JSON or CSV per p.Format — so callers can write them straight to stdout or a file.
Forces the V2 API (/v2/vulnetix-kev is V2-only).
type CritLookupExploits ¶
type CritLookupExploits struct {
Count int `json:"count"`
Sources []string `json:"sources,omitempty"`
}
CritLookupExploits contains exploit intelligence summary.
type CritLookupKev ¶
type CritLookupKev struct {
DateAdded string `json:"dateAdded"`
DueDate string `json:"dueDate,omitempty"`
KnownRansomwareCampaignUse string `json:"knownRansomwareCampaignUse,omitempty"`
RequiredAction string `json:"requiredAction,omitempty"`
}
CritLookupKev contains CISA KEV metadata.
type CritLookupMatch ¶
type CritLookupMatch struct {
Crit CritRecord `json:"crit"`
VulnID string `json:"vuln_id"`
Aliases []string `json:"aliases,omitempty"`
Kev *CritLookupKev `json:"kev,omitempty"`
ExploitSummary *CritLookupExploits `json:"exploit_summary,omitempty"`
SnortRules []CritLookupSnortRule `json:"snort_rules,omitempty"`
}
CritLookupMatch is a single matched CRIT record with enrichment data.
type CritLookupResponse ¶
type CritLookupResponse struct {
Count int `json:"count"`
Matches []CritLookupMatch `json:"matches"`
}
CritLookupResponse is the response from POST /v1/crit/lookup.
type CritLookupSnortRule ¶
type CritLookupSnortRule struct {
SnortID string `json:"snortId"`
Msg string `json:"msg"`
SignatureSeverity string `json:"signatureSeverity,omitempty"`
RawText string `json:"rawText,omitempty"`
}
CritLookupSnortRule contains an IDS detection rule.
type CritRecord ¶
type CritRecord struct {
VectorString string `json:"vectorString"`
VulnID string `json:"vuln_id"`
Provider string `json:"provider"`
Service string `json:"service"`
ResourceType string `json:"resource_type"`
VexStatus string `json:"vex_status"`
}
CritRecord represents a CRIT (Cloud Resource Inventory Template) record.
type EOLProductDetail ¶
type EOLProductDetail struct {
Name string `json:"name"`
Label string `json:"label"`
Category string `json:"category"`
Tags []string `json:"tags"`
}
EOLProductDetail contains product metadata.
type EOLProductResponse ¶
type EOLProductResponse struct {
Timestamp int64 `json:"timestamp"`
Product EOLProductDetail `json:"product"`
Releases []EOLReleaseDetail `json:"releases"`
}
EOLProductResponse is the response from GET /v1/eol/products/{product}.
type EOLReleaseDetail ¶
type EOLReleaseDetail struct {
Name string `json:"name"`
Codename *string `json:"codename,omitempty"`
Label string `json:"label"`
ReleaseDate *string `json:"releaseDate,omitempty"`
IsLts bool `json:"isLts"`
LtsFrom *string `json:"ltsFrom,omitempty"`
IsEoas bool `json:"isEoas"`
EoasFrom *string `json:"eoasFrom,omitempty"`
IsEol bool `json:"isEol"`
EolFrom *string `json:"eolFrom,omitempty"`
IsEoes *bool `json:"isEoes,omitempty"`
EoesFrom *string `json:"eoesFrom,omitempty"`
IsDiscontinued *bool `json:"isDiscontinued,omitempty"`
DiscontinuedFrom *string `json:"discontinuedFrom,omitempty"`
IsMaintained bool `json:"isMaintained"`
LatestVersion *string `json:"latestVersion,omitempty"`
LatestDate *string `json:"latestDate,omitempty"`
}
EOLReleaseDetail contains lifecycle data for a single release.
type EOLReleaseResponse ¶
type EOLReleaseResponse struct {
Timestamp int64 `json:"timestamp"`
ProductName string `json:"productName"`
Release EOLReleaseDetail `json:"release"`
}
EOLReleaseResponse is the response from GET /v1/eol/products/{product}/releases/{release}.
type EcosystemsResponse ¶
type EcosystemsResponse struct {
Timestamp int64 `json:"timestamp"`
Ecosystems []Ecosystem `json:"ecosystems"`
}
EcosystemsResponse represents the ecosystems list response
type ErrorResponse ¶
type ErrorResponse struct {
Success bool `json:"success"`
Error string `json:"error"`
Details string `json:"details,omitempty"`
}
ErrorResponse represents an API error response
type ExploitSearchParams ¶
type GCVEIssuanceIdentifier ¶
type GCVEIssuanceIdentifier struct {
GcveID string `json:"gcveId"`
CveID string `json:"cveId"`
DatePublished int64 `json:"datePublished"`
}
GCVEIssuanceIdentifier represents a single GCVE issuance record
type GCVEIssuancesResponse ¶
type GCVEIssuancesResponse struct {
Timestamp int64 `json:"timestamp"`
Year int `json:"year"`
Month int `json:"month"`
Total int `json:"total"`
Limit int `json:"limit"`
Offset int `json:"offset"`
HasMore bool `json:"hasMore"`
Identifiers []GCVEIssuanceIdentifier `json:"identifiers"`
}
GCVEIssuancesResponse represents the paginated GCVE issuances response
type IOCSearchParams ¶
type IOCSearchParams struct {
CveIDs []string
Countries []string
ASNs []int
Behavior string
Reputation string
Since string
Limit int
Offset int
Format string // json | stix
}
IOCSearchParams ─ GET /v2/iocs.
type IdentifiersMonthResponse ¶
type IdentifiersMonthResponse struct {
Timestamp int64 `json:"timestamp"`
Year int `json:"year"`
Month int `json:"month"`
Total int `json:"total"`
Limit int `json:"limit"`
Offset int `json:"offset"`
HasMore bool `json:"hasMore"`
Identifiers []string `json:"identifiers"`
}
IdentifiersMonthResponse represents the paginated CVE identifiers response by month
type IdentifiersSearchResponse ¶
type IdentifiersSearchResponse struct {
Timestamp int64 `json:"timestamp"`
Prefix string `json:"prefix"`
Total int `json:"total"`
Limit int `json:"limit"`
Offset int `json:"offset"`
HasMore bool `json:"hasMore"`
Identifiers []string `json:"identifiers"`
}
IdentifiersSearchResponse represents the paginated CVE identifiers search response
type KevSearchParams ¶
type KevSearchParams struct {
CveIDs []string
Sources []string // CISA | vulnetix | enisa | vulncheck (repeat for OR; default = all four)
Reason string
Since string
Until string
DueBefore string
DueAfter string
Vendor string
Product string
Sort string // due | added | cve
Limit int
Offset int
}
KevSearchParams ─ GET /v2/kev (the 4-source merged collection).
type NotFoundError ¶
type NotFoundError struct {
Message string
}
NotFoundError is returned when the API responds with 404.
func (*NotFoundError) Error ¶
func (e *NotFoundError) Error() string
type ProductVersionsResponse ¶
type ProductVersionsResponse struct {
PackageName string `json:"packageName"`
Timestamp int64 `json:"timestamp"`
Total int `json:"total"`
Limit int `json:"limit"`
Offset int `json:"offset"`
HasMore bool `json:"hasMore"`
Versions []VersionRecord `json:"versions"`
}
ProductVersionsResponse represents product versions with pagination
type RateLimitInfo ¶
type RateLimitInfo struct {
DayLimit int // RateLimit-DayLimit (0 = unlimited)
Remaining int // RateLimit-Remaining (-1 = unlimited)
Reset int // RateLimit-Reset (Unix epoch seconds)
Plan string // X-VDB-Plan (community/pro/teams/enterprise)
SoftLimits bool // X-Softlimits (true = advisory only, never blocked)
Present bool
}
RateLimitInfo holds rate limit data returned in API response headers. Headers are informational — the CLI never enforces limits based on them; only actual HTTP 429 responses trigger retry/backoff.
type SnortSearchParams ¶
type SnortSearchParams struct {
CveIDs []string
Sources []string
Techniques []string // MITRE ATT&CK T-id (any of)
Tactics []string // MITRE ATT&CK TA-id (any of)
Classtype string
Severity string
Protocol string
Action string
DstPort string
SrcPort string
Disabled string // "true" / "false" / ""
Q string // free-text on msg + rawText
AffectedProducts []string
Tags []string
Since string // RFC3339
Until string // RFC3339
Sort string // recent | severity | id
Limit int
Offset int
}
SnortSearchParams carries the optional filter knobs for V2SnortRulesSearch. All fields are optional; zero-valued slices and strings are skipped.
type TimelineParams ¶
type TimelineParams struct {
Include string // comma-separated event types to include
Exclude string // comma-separated event types to exclude
Dates string // comma-separated CVE date fields: published,modified,reserved
ScoresLimit int // max score-change events (default 30, max 365)
}
ExploitSearchParams holds parameters for the exploit search endpoint TimelineParams holds filter parameters for the /vuln/{id}/timeline endpoint.
type TokenCache ¶
TokenCache stores the JWT token and its expiration
type TokenResponse ¶
type TokenResponse struct {
Token string `json:"token"`
Iss string `json:"iss"`
Sub string `json:"sub"`
Exp int64 `json:"exp"`
}
TokenResponse represents the JWT token response
type TreeSitterCapture ¶
TreeSitterCapture describes a named capture inside a tree-sitter query.
type TreeSitterFilters ¶
type TreeSitterFilters struct {
Language string `json:"language,omitempty"`
Ecosystem string `json:"ecosystem,omitempty"`
VulnID string `json:"vulnId,omitempty"`
}
TreeSitterFilters echoes the filter parameters back on the response.
type TreeSitterPredicate ¶
type TreeSitterPredicate struct {
Kind string `json:"kind"`
Name string `json:"name"`
Negated bool `json:"negated"`
Args []string `json:"args"`
}
TreeSitterPredicate describes a predicate or directive attached to a query (e.g. #eq?, #match?, #set!).
type TreeSitterQuery ¶
type TreeSitterQuery struct {
VulnID string `json:"vulnId,omitempty"`
Source string `json:"source,omitempty"`
Ecosystems []string `json:"ecosystems,omitempty"`
Language string `json:"language"`
Name string `json:"name"`
Description string `json:"description,omitempty"`
QueryText string `json:"queryText"`
QueryHash string `json:"queryHash,omitempty"`
DerivedBy string `json:"derivedBy,omitempty"`
CreatedAt int64 `json:"createdAt,omitempty"`
Captures []TreeSitterCapture `json:"captures,omitempty"`
Predicates []TreeSitterPredicate `json:"predicates,omitempty"`
Directives []TreeSitterPredicate `json:"directives,omitempty"`
}
TreeSitterQuery is a single S-expression query derived from CVE/OSV data by vdb-manager. The CLI runs these against source files to determine reachability of a vulnerable pattern.
type TreeSitterResponse ¶
type TreeSitterResponse struct {
Identifier string `json:"identifier"`
Filters TreeSitterFilters `json:"filters"`
Queries []TreeSitterQuery `json:"queries"`
}
TreeSitterResponse is the body of GET /vuln/{id}/tree-sitter.
type TriageParams ¶
type TriageParams struct {
MinEpss *float64
MinEpssPercentile *float64
MinCess *float64
MinCvss *float64
Severity string
InKev string // "true" / "false" / ""
KevSources []string
CWEs []string
Vendor string
Product string
Since string
WindowDays int // 0 = unset; 1..30
Sort string
Limit int
Offset int
}
TriageParams ─ GET /v2/triage.
type V2QueryParams ¶
type V2QueryParams struct {
Ecosystem string
PackageName string
Vendor string
Product string
Distro string
Purl string
Limit int
Offset int
}
V2QueryParams holds common context-filter query parameters for V2 endpoints.
type V2RemediationParams ¶
type V2RemediationParams struct {
V2QueryParams
CurrentVersion string
PackageManager string
ContainerImage string
OS string
Registry string
IncludeGuidance bool
IncludeVerificationSteps bool
}
V2RemediationParams extends V2QueryParams with remediation-plan-specific parameters.
type V2TimelineParams ¶
type V2TimelineParams struct {
Include string // comma-separated event types to include
Exclude string // comma-separated event types to exclude
Dates string // comma-separated CVE date fields: published,modified,reserved
ScoresLimit int // max score-change events (default 30, max 365)
}
V2TimelineParams holds filter parameters for the v2 timeline endpoint.
type V2TreeSitterParams ¶
V2TreeSitterParams filters the tree-sitter query endpoint.
type VersionRecord ¶
type VersionRecord struct {
Version string `json:"version"`
Ecosystem string `json:"ecosystem"`
Sources []VersionSource `json:"sources"`
CVEIDs []string `json:"cveIds,omitempty"`
}
VersionRecord represents a single version entry with ecosystem and sources
type VersionSource ¶
type VersionSource struct {
SourceTable string `json:"sourceTable"`
SourceID string `json:"sourceId"`
Metadata map[string]interface{} `json:"metadata,omitempty"`
}
VersionSource represents a data source entry for a product version
func (*VersionSource) UnmarshalJSON ¶ added in v3.8.1
func (s *VersionSource) UnmarshalJSON(data []byte) error
UnmarshalJSON tolerates both shapes the API uses for a version "source": the structured object ({"sourceTable":..,"sourceId":..}) emitted by /product, and the bare string (e.g. "nvd", "GHSA") emitted by /vulns. A bare string is stored as SourceTable so callers see a non-empty source either way.
type VexSearchParams ¶
type VexSearchParams struct {
CveIDs []string
Status string
Supplier string
Since string
Limit int
Offset int
}
VexSearchParams ─ GET /v2/vex.
type VulnerabilitiesResponse ¶
type VulnerabilitiesResponse struct {
PackageName string `json:"packageName"`
Timestamp int64 `json:"timestamp"`
TotalCVEs int `json:"totalCVEs"`
Total int `json:"total"`
Limit int `json:"limit"`
Offset int `json:"offset"`
HasMore bool `json:"hasMore"`
Versions []VersionRecord `json:"versions"`
Vulnerabilities []VersionRecord `json:"vulnerabilities"` // alternative key used by some API paths
RawData interface{} `json:"-"` // full parsed response for fallback display
}
VulnerabilitiesResponse represents vulnerabilities for a package
type VulnetixKevParams ¶
type VulnetixKevParams struct {
Format string // "json" | "csv"
Reasons []string // filter by VulnetixKevReason enum values
FilterMode string // "any" | "all" (default: any)
Limit int // JSON pagination
Offset int // JSON pagination
IncludeReferences bool // JSON-only; adds the `references` bucket per item
}
VulnetixKevParams holds filter options for GET /v2/vulnetix-kev.
type YaraSearchParams ¶
type YaraSearchParams struct {
CveIDs []string
Sources []string
RuleName string
Tags []string
Imports []string
Author string
Q string
MatchString string
MatchMeta string
Since string
Until string
Sort string // recent | name
Limit int
Offset int
}
YaraSearchParams carries the optional filter knobs for V2YaraRulesSearch.
Source Files