ctl

package

v0.1.0 Latest Latest Go to latest Published: Jan 10, 2023 License: Apache-2.0 Imports: 25 Imported by: 1

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/chainguard-dev/vex

Links

Open Source Insights

Documentation ¶

Constants ¶

View Source

const IntotoPayloadType = "application/vnd.in-toto+json"

Variables ¶

This section is empty.

Functions ¶

This section is empty.

Types ¶

type Implementation ¶

type Implementation interface {
	ApplySingleVEX(*sarif.Report, *vex.VEX) (*sarif.Report, error)
	SortDocuments([]*vex.VEX) []*vex.VEX
	OpenVexData(Options, []string) ([]*vex.VEX, error)
	Sort(docs []*vex.VEX) []*vex.VEX
	AttestationBytes(*attestation.Attestation) ([]byte, error)
	Attach(context.Context, *attestation.Attestation, string) error
	SourceType(uri string) (string, error)
	ReadImageAttestations(context.Context, Options, string) ([]*vex.VEX, error)
	Merge(context.Context, *MergeOptions, []*vex.VEX) (*vex.VEX, error)
	LoadFiles(context.Context, []string) ([]*vex.VEX, error)
}

type MergeOptions ¶ added in v0.1.0

type MergeOptions struct {
	DocumentID      string   // ID to use in the new document
	Author          string   // Author to use in the new document
	AuthorRole      string   // Role of the document author
	Products        []string // Product IDs to consider
	Vulnerabilities []string // IDs of vulnerabilities to merge
}

type Options ¶

type Options struct {
	Products []string // List of products to match in CSAF docs
	Format   string   // Firmat of the vex documents
	Sign     bool     // When true, attestations will be signed before attaching
}

type VexCtl ¶

type VexCtl struct {
	Options Options
	// contains filtered or unexported fields
}

func New ¶

func New() *VexCtl

func (*VexCtl) Apply ¶

func (vexctl *VexCtl) Apply(r *sarif.Report, vexDocs []*vex.VEX) (finalReport *sarif.Report, err error)

Apply takes a sarif report and applies one or more vex documents

func (*VexCtl) ApplyFiles ¶

func (vexctl *VexCtl) ApplyFiles(r *sarif.Report, files []string) (*sarif.Report, error)

ApplyFiles takes a list of paths to vex files and applies them to a report

func (*VexCtl) Attach ¶

func (vexctl *VexCtl) Attach(ctx context.Context, att *attestation.Attestation, imageRefs []string) (err error)

Attach attaches an attestation to a list of images

func (*VexCtl) Attest ¶

func (vexctl *VexCtl) Attest(vexDataPath string, imageRefs []string) (*attestation.Attestation, error)

Generate an attestation from a VEX

func (*VexCtl) Merge ¶ added in v0.1.0

func (vexctl *VexCtl) Merge(ctx context.Context, opts *MergeOptions, vexes []*vex.VEX) (*vex.VEX, error)

Merge combines several documents into one

func (*VexCtl) MergeFiles ¶ added in v0.1.0

func (vexctl *VexCtl) MergeFiles(ctx context.Context, opts *MergeOptions, filePaths []string) (*vex.VEX, error)

MergeFiles is like Merge but takes filepaths instead of actual VEX documents

func (*VexCtl) VexFromURI ¶

func (vexctl *VexCtl) VexFromURI(ctx context.Context, uri string) (vexData *vex.VEX, err error)

VexFromURI return a vex doc from a path, image ref or URI

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL