Documentation
¶
Overview ¶
Package scanner provides a built-in engine plugin that registers the security.scanner module type, implementing SecurityScannerProvider. It supports mock mode for testing. CLI mode (shelling out to semgrep, trivy, grype) is not yet implemented.
Index ¶
- type Plugin
- type ScannerModule
- func (m *ScannerModule) Init(app modular.Application) error
- func (m *ScannerModule) Name() string
- func (m *ScannerModule) ScanContainer(_ context.Context, opts module.ContainerScanOpts) (*module.ScanResult, error)
- func (m *ScannerModule) ScanDeps(_ context.Context, opts module.DepsScanOpts) (*module.ScanResult, error)
- func (m *ScannerModule) ScanSAST(_ context.Context, opts module.SASTScanOpts) (*module.ScanResult, error)
- func (m *ScannerModule) Start(_ context.Context) error
- func (m *ScannerModule) Stop(_ context.Context) error
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type Plugin ¶
type Plugin struct {
plugin.BaseEnginePlugin
}
Plugin registers the security.scanner module type.
func (*Plugin) Capabilities ¶
func (p *Plugin) Capabilities() []capability.Contract
Capabilities returns the plugin's capability contracts.
func (*Plugin) ModuleFactories ¶
func (p *Plugin) ModuleFactories() map[string]plugin.ModuleFactory
ModuleFactories returns the security.scanner module factory.
func (*Plugin) ModuleSchemas ¶
func (p *Plugin) ModuleSchemas() []*schema.ModuleSchema
ModuleSchemas returns schemas for the security.scanner module.
type ScannerModule ¶
type ScannerModule struct {
// contains filtered or unexported fields
}
ScannerModule implements SecurityScannerProvider and registers itself in the service registry so that scan steps can find it.
func NewScannerModule ¶
func NewScannerModule(name string, cfg map[string]any) (*ScannerModule, error)
NewScannerModule creates a ScannerModule from config.
func (*ScannerModule) Init ¶
func (m *ScannerModule) Init(app modular.Application) error
Init registers the module as a SecurityScannerProvider in the service registry. Only one security.scanner module may be loaded at a time; this is intentional — the engine uses a single provider under the "security-scanner" service key.
func (*ScannerModule) ScanContainer ¶
func (m *ScannerModule) ScanContainer(_ context.Context, opts module.ContainerScanOpts) (*module.ScanResult, error)
ScanContainer performs a container image scan. In mock mode, returns preconfigured findings.
func (*ScannerModule) ScanDeps ¶
func (m *ScannerModule) ScanDeps(_ context.Context, opts module.DepsScanOpts) (*module.ScanResult, error)
ScanDeps performs a dependency vulnerability scan. In mock mode, returns preconfigured findings.
func (*ScannerModule) ScanSAST ¶
func (m *ScannerModule) ScanSAST(_ context.Context, opts module.SASTScanOpts) (*module.ScanResult, error)
ScanSAST performs a SAST scan. In mock mode, returns preconfigured findings.
Source Files