The highest tagged major version is
Documentation
¶
Overview ¶
Package triage provides a provider abstraction for fetching vulnerability alerts from external sources (GitHub Dependabot, Snyk, etc.) and enriching them with VDB remediation data.
Index ¶
Constants ¶
This section is empty.
Variables ¶
var Providers = map[string]func() Provider{ "github": NewGitHubProvider, }
Providers is the registry of available providers.
Functions ¶
func DetectRepo ¶
func DetectRepo() string
DetectRepo attempts to detect the current repository from various sources.
func RequireGHAuth ¶
func RequireGHAuth() error
RequireGHAuth returns an error if the gh CLI is not available or not authenticated.
Types ¶
type Alert ¶
type Alert struct {
// Number or ID of the alert in the provider system
Number string
// State: "open", "dismissed", "fixed"
State string
// CVE identifier
CVE string
// Severity: "critical", "high", "medium", "low"
Severity string
// Package name (e.g. "lodash", "express")
Package string
// Current vulnerable version
Version string
// Ecosystem as reported by the provider (needs mapping to VDB format)
Ecosystem string
// Path to the manifest file containing the vulnerable dependency
Manifest string
// URL to the alert in the provider's UI
URL string
}
Alert represents a normalized vulnerability alert from any provider.
type EnrichedAlert ¶
type EnrichedAlert struct {
Alert Alert `json:"alert"`
Remediation *map[string]any `json:"remediation,omitempty"`
Fixes *FixesMerged `json:"fixes,omitempty"`
Error string `json:"error,omitempty"`
}
EnrichedAlert holds a provider alert with VDB enrichment data.
type FetchOptions ¶
FetchOptions controls which alerts are retrieved.
type FixesMerged ¶
type FixesMerged struct {
Registry map[string]any
Distributions map[string]any
Source map[string]any
}
FixesMerged holds fix data from multiple sources.
func (*FixesMerged) HasFix ¶
func (f *FixesMerged) HasFix() bool
HasFix returns true if any fix source has fixes available.
type GHStatus ¶
type GHStatus struct {
BinaryFound bool `json:"binary_found"`
BinaryPath string `json:"binary_path,omitempty"`
Authenticated bool `json:"authenticated"`
User string `json:"user,omitempty"`
Host string `json:"host,omitempty"`
TokenSource string `json:"token_source,omitempty"`
TokenScopes string `json:"token_scopes,omitempty"`
RepoDetected bool `json:"repo_detected"`
Repo string `json:"repo,omitempty"`
BinaryError string `json:"binary_error,omitempty"`
AuthError string `json:"auth_error,omitempty"`
}
GHStatus holds the results of GitHub CLI health checks.
func CheckGHAuth ¶
func CheckGHAuth() GHStatus
CheckGHAuth verifies the gh CLI is available and the user is authenticated.
type GitHubProvider ¶
type GitHubProvider struct{}
GitHubProvider fetches Dependabot alerts using the gh CLI.
func (*GitHubProvider) FetchAlerts ¶
func (p *GitHubProvider) FetchAlerts(ctx context.Context, opts FetchOptions) ([]Alert, error)
FetchAlerts retrieves Dependabot alerts from the given repository.
type Provider ¶
type Provider interface {
// FetchAlerts retrieves vulnerability alerts from the provider.
FetchAlerts(ctx context.Context, opts FetchOptions) ([]Alert, error)
}
Provider is the interface that all triage providers must implement.
func GetProvider ¶
GetProvider returns the provider for the given name, or an error if unknown.
func NewGitHubProvider ¶
func NewGitHubProvider() Provider
NewGitHubProvider creates a new GitHub provider.
Source Files