Directories
¶
| Path | Synopsis |
|---|---|
|
adapters
|
|
|
clojure
Package clojure implements a gorisk analyzer for Clojure projects.
|
Package clojure implements a gorisk analyzer for Clojure projects. |
|
cpp
Package cpp implements a gorisk analyzer for C/C++ projects.
|
Package cpp implements a gorisk analyzer for C/C++ projects. |
|
dart
Package dart implements a gorisk analyzer for Dart/Flutter projects.
|
Package dart implements a gorisk analyzer for Dart/Flutter projects. |
|
dotnet
Package dotnet implements a gorisk analyzer for C#/.NET projects.
|
Package dotnet implements a gorisk analyzer for C#/.NET projects. |
|
elixir
Package elixir implements a gorisk analyzer for Elixir/Erlang projects.
|
Package elixir implements a gorisk analyzer for Elixir/Erlang projects. |
|
erlang
Package erlang implements a gorisk analyzer for Erlang projects.
|
Package erlang implements a gorisk analyzer for Erlang projects. |
|
haskell
Package haskell implements a gorisk analyzer for Haskell projects.
|
Package haskell implements a gorisk analyzer for Haskell projects. |
|
java
Package java implements a gorisk analyzer for Java projects.
|
Package java implements a gorisk analyzer for Java projects. |
|
julia
Package julia implements a gorisk analyzer for Julia projects.
|
Package julia implements a gorisk analyzer for Julia projects. |
|
kotlin
Package kotlin implements a gorisk analyzer for Kotlin/Gradle projects.
|
Package kotlin implements a gorisk analyzer for Kotlin/Gradle projects. |
|
lua
Package lua implements a gorisk analyzer for Lua projects.
|
Package lua implements a gorisk analyzer for Lua projects. |
|
ocaml
Package ocaml implements a gorisk analyzer for OCaml/opam projects.
|
Package ocaml implements a gorisk analyzer for OCaml/opam projects. |
|
perl
Package perl implements a gorisk analyzer for Perl projects.
|
Package perl implements a gorisk analyzer for Perl projects. |
|
python
Package python implements a gorisk analyzer for Python projects.
|
Package python implements a gorisk analyzer for Python projects. |
|
r
Package r implements a gorisk analyzer for R projects.
|
Package r implements a gorisk analyzer for R projects. |
|
ruby
Package ruby implements a gorisk analyzer for Ruby projects.
|
Package ruby implements a gorisk analyzer for Ruby projects. |
|
rust
Package rust implements a gorisk analyzer for Rust projects.
|
Package rust implements a gorisk analyzer for Rust projects. |
|
scala
Package scala implements a gorisk analyzer for Scala/sbt projects.
|
Package scala implements a gorisk analyzer for Scala/sbt projects. |
|
swift
Package swift implements a gorisk analyzer for Swift / Swift Package Manager (SPM) projects.
|
Package swift implements a gorisk analyzer for Swift / Swift Package Manager (SPM) projects. |
|
engines
|
|
|
integrity
Package integrity validates checksum and integrity metadata in lockfiles.
|
Package integrity validates checksum and integrity metadata in lockfiles. |
|
topology
Package topology computes lockfile-structure risk signals.
|
Package topology computes lockfile-structure risk signals. |
|
versiondiff
Package versiondiff compares lockfile states to compute per-package risk deltas.
|
Package versiondiff compares lockfile states to compute per-package risk deltas. |
|
Package interproc provides interprocedural analysis capabilities for context-sensitive call graph analysis and taint tracking.
|
Package interproc provides interprocedural analysis capabilities for context-sensitive call graph analysis and taint tracking. |
|
Package plugin provides gorisk's plugin loading infrastructure.
|
Package plugin provides gorisk's plugin loading infrastructure. |
|
Package priority computes composite risk scores combining capability, reachability, CVE, and taint analysis signals.
|
Package priority computes composite risk scores combining capability, reachability, CVE, and taint analysis signals. |
|
Package taint identifies packages that act as source→sink conduits — the highest-signal supply-chain finding: capabilities that both receive untrusted input and perform a dangerous operation.
|
Package taint identifies packages that act as source→sink conduits — the highest-signal supply-chain finding: capabilities that both receive untrusted input and perform a dangerous operation. |
Click to show internal directories.
Click to hide internal directories.