priority

package

v0.4.9 Latest Latest Go to latest Published: Feb 24, 2026 License: MIT Imports: 2 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/1homsi/gorisk

Links

Open Source Insights

Documentation ¶

Overview ¶

Package priority computes composite risk scores combining capability, reachability, CVE, and taint analysis signals.

Index ¶

type CompositeScore
- func Compute(caps capability.CapabilitySet, reachable *bool, cveCount int, ...) CompositeScore
type FinalScore
- func ComputeFinal(caps capability.CapabilitySet, reachable *bool, ...) FinalScore

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

This section is empty.

Types ¶

type CompositeScore ¶

type CompositeScore struct {
	CapabilityScore float64 // Base capability score
	ReachabilityMod float64 // 1.0=unknown, 0.5=unreachable, 1.3=reachable
	CVEMod          float64 // 1.0 + 0.3 per HIGH CVE, capped at 2.0
	TaintMod        float64 // 1.0 + 0.25 per HIGH + 0.15 per MEDIUM taint
	Composite       float64 // Product of all modifiers, capped at 100
	Level           string  // Derived from Composite using standard thresholds (LOW, MEDIUM, HIGH)
}

CompositeScore combines multiple risk signals into a single prioritization score.

func Compute ¶

func Compute(
	caps capability.CapabilitySet,
	reachable *bool,
	cveCount int,
	taintFindings []taint.TaintFinding,
) CompositeScore

Compute calculates the composite score from capability set, reachability, CVE count, and taint findings.

Parameters:

caps: the capability set with its base score
reachable: nil = unknown (mod 1.0), false = unreachable (mod 0.5), true = reachable (mod 1.3)
cveCount: number of CVEs affecting the package/module
taintFindings: taint findings for this package

Returns:

CompositeScore with all modifiers and final composite value

type FinalScore ¶ added in v0.3.6

type FinalScore struct {
	Semantic  float64 // cap_score × reach_mod × taint_mod
	Diff      float64 // version-diff engine contribution (0 unless --base given)
	Integrity float64 // integrity engine contribution
	Topology  float64 // topology engine contribution
	Final     float64 // sum of above, capped at 100
	Level     string  // LOW / MEDIUM / HIGH
}

FinalScore holds the additive multi-engine score breakdown.

func ComputeFinal ¶ added in v0.3.6

func ComputeFinal(
	caps capability.CapabilitySet,
	reachable *bool,
	taintFindings []taint.TaintFinding,
	diffScore, integrityScore, topologyScore float64,
) FinalScore

ComputeFinal calculates the additive multi-engine final score. The CVE modifier is intentionally omitted (requires OSV network call).

caps: capability set for this package
reachable: nil = unknown, false = unreachable (0.5×), true = reachable (1.3×)
taintFindings: taint findings for this package
diffScore: per-package portion of the diff engine score (0 if --base not given)
integrityScore: per-package integrity contribution
topologyScore: project-wide topology score (shared across all packages)

Source Files ¶

View all Source files

score.go

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL