whitesource

package
v1.303.0 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Aug 4, 2023 License: Apache-2.0 Imports: 30 Imported by: 2

Documentation

Index

Constants

View Source
const DateTimeLayout = "2006-01-02 15:04:05 -0700"

DateTimeLayout is the layout of the time format used by the WhiteSource API.

View Source
const ReportsDirectory = "whitesource"

ReportsDirectory defines the subfolder for the WhiteSource reports which are generated

Variables

This section is empty.

Functions

func CountSecurityVulnerabilities added in v1.199.0

func CountSecurityVulnerabilities(alerts *[]Alert, cvssSeverityLimit float64) (int, int)

CountSecurityVulnerabilities counts the security vulnerabilities above severityLimit

func CreateCustomVulnerabilityReport added in v1.199.0

func CreateCustomVulnerabilityReport(productName string, scan *Scan, alerts *[]Alert, cvssSeverityLimit float64) reporting.ScanReport

CreateCustomVulnerabilityReport creates a vulnerability ScanReport to be used for uploading into various sinks

func CreateCycloneSBOM added in v1.238.0

func CreateCycloneSBOM(scan *Scan, libraries *[]Library, alerts, assessedAlerts *[]Alert) ([]byte, error)

func CreateSarifResultFile added in v1.199.0

func CreateSarifResultFile(scan *Scan, alerts *[]Alert) *format.SARIF

Creates a SARIF result from the Alerts that were brought up by the scan

func ReportSha added in v1.199.0

func ReportSha(productName string, scan *Scan) string

ReportSha creates a SHA unique to the WS product and scan to be used as part of the report filename

func WriteCustomVulnerabilityReports added in v1.199.0

func WriteCustomVulnerabilityReports(productName string, scan *Scan, scanReport reporting.ScanReport, utils piperutils.FileUtils) ([]piperutils.Path, error)

WriteCustomVulnerabilityReports creates an HTML and a JSON format file based on the alerts brought up by the scan

func WriteCycloneSBOM added in v1.238.0

func WriteCycloneSBOM(sbom []byte, utils piperutils.FileUtils) ([]piperutils.Path, error)

func WriteSarifFile added in v1.199.0

func WriteSarifFile(sarif *format.SARIF, utils piperutils.FileUtils) ([]piperutils.Path, error)

WriteSarifFile write a JSON sarif format file for upload into e.g. GCP

Types

type Alert added in v1.51.0

type Alert struct {
	*format.Assessment
	Vulnerability    Vulnerability `json:"vulnerability"`
	Type             string        `json:"type,omitempty"`
	Level            string        `json:"level,omitempty"`
	Library          Library       `json:"library,omitempty"`
	Project          string        `json:"project,omitempty"`
	DirectDependency bool          `json:"directDependency,omitempty"`
	Description      string        `json:"description,omitempty"`
	CreationDate     string        `json:"date,omitempty"`
	ModifiedDate     string        `json:"modifiedDate,omitempty"`
	Status           string        `json:"status,omitempty"`
}

Alert

func (*Alert) ContainedIn added in v1.238.0

func (a *Alert) ContainedIn(assessments *[]format.Assessment) (bool, error)

func (*Alert) DependencyType added in v1.260.0

func (a *Alert) DependencyType() string

DependencyType returns type of dependency: direct/transitive

func (Alert) Title added in v1.204.0

func (a Alert) Title() string

Title returns the issue title representation of the contents

func (Alert) ToMarkdown added in v1.199.0

func (a Alert) ToMarkdown() ([]byte, error)

ToMarkdown returns the markdown representation of the contents

func (Alert) ToTxt added in v1.204.0

func (a Alert) ToTxt() string

ToTxt returns the textual representation of the contents

type Assignment added in v1.100.0

type Assignment struct {
	UserAssignments  []UserAssignment  `json:"userAssignments,omitempty"`
	GroupAssignments []GroupAssignment `json:"groupAssignments,omitempty"`
}

Assignment describes a list of UserAssignments and GroupAssignments which can be attributed to a WhiteSource Product.

type ConfigOption added in v1.124.0

type ConfigOption struct {
	Name          string
	Value         interface{}
	OmitIfPresent string
	Force         bool
	Append        bool
}

ConfigOption defines a dedicated WhiteSource config which can be enforced if required

type ConfigOptions added in v1.124.0

type ConfigOptions []ConfigOption

ConfigOptions contains a list of config options (ConfigOption)

type DownloadedFile added in v1.95.0

type DownloadedFile struct {
	SourceURL string
	FilePath  string
}

DownloadedFile records what URL has been downloaded to which file.

type File added in v1.95.0

type File interface {
	io.Writer
	io.StringWriter
	io.Closer
}

File defines the method subset we use from os.File

type Fix added in v1.125.0

type Fix struct {
	Vulnerability string `json:"vulnerability,omitempty"`
	Type          string `json:"type,omitempty"`
	Origin        string `json:"origin,omitempty"`
	URL           string `json:"url,omitempty"`
	FixResolution string `json:"fixResolution,omitempty"`
	Date          string `json:"date,omitempty"`
	Message       string `json:"message,omitempty"`
	ExtraData     string `json:"extraData,omitempty"`
}

Fix defines a Fix as returned by WhiteSource

type GroupAssignment added in v1.100.0

type GroupAssignment struct {
	Name string `json:"name,omitempty"`
}

GroupAssignment refers to the name of a particular group in WhiteSource.

type Library added in v1.51.0

type Library struct {
	KeyUUID      string    `json:"keyUuid,omitempty"`
	KeyID        int       `json:"keyId,omitempty"`
	Name         string    `json:"name,omitempty"`
	Filename     string    `json:"filename,omitempty"`
	ArtifactID   string    `json:"artifactId,omitempty"`
	GroupID      string    `json:"groupId,omitempty"`
	Version      string    `json:"version,omitempty"`
	Sha1         string    `json:"sha1,omitempty"`
	LibType      string    `json:"type,omitempty"`
	Coordinates  string    `json:"coordinates,omitempty"`
	Dependencies []Library `json:"dependencies,omitempty"`
}

Library

func (Library) ToPackageUrl added in v1.238.0

func (l Library) ToPackageUrl() *packageurl.PackageURL

ToPackageUrl constructs and returns the package URL of the library

type NpmInstall added in v1.95.0

type NpmInstall struct {
	CurrentDir  string
	PackageJSON []string
}

NpmInstall records in which directory "npm install" has been invoked and for which package.json files.

type Product

type Product struct {
	Name           string `json:"name"`
	Token          string `json:"token"`
	CreationDate   string `json:"creationDate,omitempty"`
	LastUpdateDate string `json:"lastUpdatedDate,omitempty"`
}

Product defines a WhiteSource product with name and token

type Project

type Project struct {
	ID             int64  `json:"id"`
	Name           string `json:"name"`
	PluginName     string `json:"pluginName"`
	Token          string `json:"token"`
	UploadedBy     string `json:"uploadedBy"`
	CreationDate   string `json:"creationDate,omitempty"`
	LastUpdateDate string `json:"lastUpdatedDate,omitempty"`
}

Project defines a WhiteSource project with name and token

type Reference added in v1.199.0

type Reference struct {
	URL                 string `json:"url,omitempty"`
	Homepage            string `json:"homepage,omitempty"`
	GenericPackageIndex string `json:"genericPackageIndex,omitempty"`
}

Reference defines a reference for the library affected

type ReportOptions added in v1.95.0

type ReportOptions struct {
	// ReportDirectory defines the target directory for downloading reports.
	ReportDirectory string
	// VulnerabilityReportFormat defines the requested file format of the vulnerability report (i.e. pdf).
	VulnerabilityReportFormat string
}

ReportOptions defines options for downloading reports after scanning.

type Request

type Request struct {
	RequestType          string      `json:"requestType,omitempty"`
	UserKey              string      `json:"userKey,omitempty"`
	ProductToken         string      `json:"productToken,omitempty"`
	ProductName          string      `json:"productName,omitempty"`
	ProjectToken         string      `json:"projectToken,omitempty"`
	OrgToken             string      `json:"orgToken,omitempty"`
	Format               string      `json:"format,omitempty"`
	AlertType            string      `json:"alertType,omitempty"`
	ProductAdmins        *Assignment `json:"productAdmins,omitempty"`
	ProductMembership    *Assignment `json:"productMembership,omitempty"`
	AlertsEmailReceivers *Assignment `json:"alertsEmailReceivers,omitempty"`
	ProductApprovers     *Assignment `json:"productApprovers,omitempty"`
	ProductIntegrators   *Assignment `json:"productIntegrators,omitempty"`
	IncludeInHouseData   bool        `json:"includeInHouseData,omitempty"`
}

Request defines a request object to be sent to the WhiteSource system

type Scan added in v1.95.0

type Scan struct {
	// AggregateProjectName stores the name of the WhiteSource project where scans shall be aggregated.
	// It does not include the ProductVersion.
	AggregateProjectName string
	// ProductVersion is the global version that is used across all Projects (modules) during the scan.
	BuildTool      string
	ProductToken   string
	ProductVersion string

	AgentName    string
	AgentVersion string
	Coordinates  versioning.Coordinates
	// contains filtered or unexported fields
}

Scan stores information about scanned WhiteSource projects (modules).

func (*Scan) AppendScannedProject added in v1.95.0

func (s *Scan) AppendScannedProject(projectName string) error

AppendScannedProject checks that no Project with the same name is already contained in the list of scanned projects, and appends a new Project with the given name. The global product version is appended to the name.

func (*Scan) AppendScannedProjectVersion added in v1.95.0

func (s *Scan) AppendScannedProjectVersion(projectName string) error

AppendScannedProjectVersion checks that no Project with the same name is already contained in the list of scanned projects, and appends a new Project with the given name (which is expected to include the product version).

func (*Scan) BlockUntilReportsAreReady added in v1.107.0

func (s *Scan) BlockUntilReportsAreReady(sys whitesourcePoller) error

BlockUntilReportsAreReady polls the WhiteSource system for all projects known to the Scan and blocks until their LastUpdateDate time stamp is from within the last 20 seconds.

func (*Scan) DownloadReports added in v1.95.0

func (s *Scan) DownloadReports(options ReportOptions, utils scanUtils, sys whitesource) ([]piperutils.Path, error)

DownloadReports downloads a Project's risk and vulnerability reports

func (*Scan) ExecuteMTAScan added in v1.95.0

func (s *Scan) ExecuteMTAScan(config *ScanOptions, utils Utils) error

ExecuteMTAScan executes a scan for the Java part with maven, and performs a scan for each NPM module.

func (*Scan) ExecuteMavenScan added in v1.95.0

func (s *Scan) ExecuteMavenScan(config *ScanOptions, utils Utils) error

ExecuteMavenScan constructs maven parameters from the given configuration, and executes the maven goal "org.whitesource:whitesource-maven-plugin:19.5.1:update".

func (*Scan) ExecuteMavenScanForPomFile added in v1.95.0

func (s *Scan) ExecuteMavenScanForPomFile(config *ScanOptions, utils Utils, pomPath string) error

ExecuteMavenScanForPomFile constructs maven parameters from the given configuration, and executes the maven goal "org.whitesource:whitesource-maven-plugin:19.5.1:update" for the given pom file.

func (*Scan) ExecuteNpmScan added in v1.95.0

func (s *Scan) ExecuteNpmScan(config *ScanOptions, utils Utils) error

ExecuteNpmScan iterates over all found npm modules and performs a scan in each one.

func (*Scan) ExecuteUAScan added in v1.95.0

func (s *Scan) ExecuteUAScan(config *ScanOptions, utils Utils) error

ExecuteUAScan executes a scan with the Whitesource Unified Agent.

func (*Scan) ExecuteUAScanInPath added in v1.124.0

func (s *Scan) ExecuteUAScanInPath(config *ScanOptions, utils Utils, scanPath string) error

ExecuteUAScanInPath executes a scan with the Whitesource Unified Agent in a dedicated scanPath.

func (*Scan) ExecuteYarnScan added in v1.95.0

func (s *Scan) ExecuteYarnScan(config *ScanOptions, utils Utils) error

ExecuteYarnScan generates a configuration file whitesource.config.json with appropriate values from config, installs whitesource yarn plugin and executes the scan.

func (*Scan) ProjectByName added in v1.95.0

func (s *Scan) ProjectByName(projectName string) (Project, bool)

ProjectByName returns a WhiteSource Project previously established via AppendScannedProject().

func (*Scan) ScanTime added in v1.95.0

func (s *Scan) ScanTime(projectName string) time.Time

ScanTime returns the time at which the respective WhiteSource Project was scanned, or the the zero value of time.Time, if AppendScannedProject() was not called with that name.

func (*Scan) ScannedProjectNames added in v1.135.0

func (s *Scan) ScannedProjectNames() []string

ScannedProjectNames returns a sorted list of all scanned project names

func (*Scan) ScannedProjectTokens added in v1.238.0

func (s *Scan) ScannedProjectTokens() []string

ScannedProjectTokens returns a sorted list of all scanned project's tokens

func (*Scan) ScannedProjects added in v1.95.0

func (s *Scan) ScannedProjects() []Project

ScannedProjects returns the WhiteSource projects that have been added via AppendScannedProject() as a slice.

func (*Scan) UpdateProjects added in v1.95.0

func (s *Scan) UpdateProjects(productToken string, sys whitesource) error

UpdateProjects pulls the current backend metadata for all WhiteSource projects in the product with the given productToken, and updates all scanned projects with the obtained information.

type ScanOptions added in v1.95.0

type ScanOptions struct {
	BuildTool string
	// ScanType defines the type of scan. Can be "maven" or "mta" for scanning with Maven or "npm"/"yarn".
	ScanType       string
	OrgToken       string
	UserToken      string
	ProductName    string
	ProductToken   string
	ProductVersion string
	// ProjectName is an optional name for an "aggregator" project.
	// All scanned maven modules will be reflected in the aggregate project.
	ProjectName string

	BuildDescriptorFile        string
	BuildDescriptorExcludeList []string
	// PomPath is the path to root build descriptor file.
	PomPath string
	// M2Path is the path to the local maven repository.
	M2Path string
	// GlobalSettingsFile is an optional path to a global maven settings file.
	GlobalSettingsFile string
	// ProjectSettingsFile is an optional path to a local maven settings file.
	ProjectSettingsFile string
	// InstallArtifacts installs artifacts from all maven modules to the local repository
	InstallArtifacts bool

	// DefaultNpmRegistry is an optional default registry for NPM.
	DefaultNpmRegistry string

	AgentDownloadURL string
	AgentFileName    string
	ConfigFilePath   string

	JreDownloadURL string

	Includes []string
	Excludes []string

	AgentURL   string
	ServiceURL string

	ScanPath string

	InstallCommand string

	Verbose bool
}

ScanOptions contains parameters needed during the scan.

func (*ScanOptions) RewriteUAConfigurationFile added in v1.124.0

func (s *ScanOptions) RewriteUAConfigurationFile(utils Utils, projectName string) (string, error)

RewriteUAConfigurationFile updates the user's Unified Agent configuration with configuration which should be enforced or just eases the overall configuration It then returns the path to the file containing the updated configuration

type ScanUtilsMock added in v1.95.0

type ScanUtilsMock struct {
	*mock.FilesMock
	*mock.ExecMockRunner
	NpmInstalledModules []NpmInstall
	DownloadedFiles     []DownloadedFile
	DownloadError       map[string]error
	RemoveAllDirs       []string
	RemoveAllError      map[string]error
}

ScanUtilsMock is an implementation of the Utils interface that can be used during tests.

func NewScanUtilsMock added in v1.95.0

func NewScanUtilsMock() *ScanUtilsMock

NewScanUtilsMock returns an initialized ScanUtilsMock instance.

func (*ScanUtilsMock) DownloadFile added in v1.95.0

func (m *ScanUtilsMock) DownloadFile(url, filename string, _ http.Header, _ []*http.Cookie) error

DownloadFile mimics http.Downloader and records the downloaded file.

func (*ScanUtilsMock) FileOpen added in v1.95.0

func (m *ScanUtilsMock) FileOpen(name string, flag int, perm os.FileMode) (File, error)

FileOpen mimics os.FileOpen() based on FilesMock OpenFile().

func (*ScanUtilsMock) FindPackageJSONFiles added in v1.95.0

func (m *ScanUtilsMock) FindPackageJSONFiles(options *ScanOptions) ([]string, error)

FindPackageJSONFiles mimics npm.FindPackageJSONFiles() based on the FilesMock setup.

func (*ScanUtilsMock) InstallAllNPMDependencies added in v1.95.0

func (m *ScanUtilsMock) InstallAllNPMDependencies(_ *ScanOptions, packageJSONs []string) error

InstallAllNPMDependencies mimics npm.InstallAllNPMDependencies() and records the "npm install".

func (*ScanUtilsMock) RemoveAll added in v1.95.0

func (m *ScanUtilsMock) RemoveAll(dir string) error

RemoveAll mimics os.RemoveAll().

type System

type System struct {
	// contains filtered or unexported fields
}

System defines a WhiteSource System including respective tokens (e.g. org token, user token)

func NewSystem added in v1.51.0

func NewSystem(serverURL, orgToken, userToken string, timeout time.Duration) *System

NewSystem constructs a new System instance

func (*System) CreateProduct added in v1.100.0

func (s *System) CreateProduct(productName string) (string, error)

CreateProduct creates a new WhiteSource product and returns its product token.

func (*System) GetProductByName added in v1.51.0

func (s *System) GetProductByName(productName string) (Product, error)

GetProductByName retrieves meta information for a specific WhiteSource product

func (*System) GetProductName

func (s *System) GetProductName(productToken string) (string, error)

GetProductName returns the product name for a given product token

func (*System) GetProductsMetaInfo

func (s *System) GetProductsMetaInfo() ([]Product, error)

GetProductsMetaInfo retrieves meta information for all WhiteSource products a user has access to

func (*System) GetProjectAlerts added in v1.51.0

func (s *System) GetProjectAlerts(projectToken string) ([]Alert, error)

GetProjectAlerts

func (*System) GetProjectAlertsByType added in v1.125.0

func (s *System) GetProjectAlertsByType(projectToken, alertType string) ([]Alert, error)

GetProjectAlertsByType returns all alerts of a certain type for a given project

func (*System) GetProjectByName added in v1.51.0

func (s *System) GetProjectByName(productToken, projectName string) (Project, error)

GetProjectByName fetches all projects and returns the one matching the given projectName, or none, if not found

func (*System) GetProjectByToken added in v1.85.0

func (s *System) GetProjectByToken(projectToken string) (Project, error)

GetProjectByToken returns project meta info given a project token

func (*System) GetProjectHierarchy added in v1.238.0

func (s *System) GetProjectHierarchy(projectToken string, includeInHouse bool) ([]Library, error)

GetProjectHierarchy retrieves the full set of libraries that the project depends on

func (*System) GetProjectLibraryLocations added in v1.51.0

func (s *System) GetProjectLibraryLocations(projectToken string) ([]Library, error)

GetProjectLibraryLocations

func (*System) GetProjectRiskReport added in v1.51.0

func (s *System) GetProjectRiskReport(projectToken string) ([]byte, error)

GetProjectRiskReport

func (*System) GetProjectToken

func (s *System) GetProjectToken(productToken, projectName string) (string, error)

GetProjectToken returns the project token for a project with a given name

func (*System) GetProjectTokens

func (s *System) GetProjectTokens(productToken string, projectNames []string) ([]string, error)

GetProjectTokens returns the project tokens matching a given a slice of project names

func (*System) GetProjectVulnerabilityReport added in v1.51.0

func (s *System) GetProjectVulnerabilityReport(projectToken string, format string) ([]byte, error)

GetProjectVulnerabilityReport

func (*System) GetProjectsByIDs added in v1.51.0

func (s *System) GetProjectsByIDs(productToken string, projectIDs []int64) ([]Project, error)

GetProjectsByIDs retrieves all projects for the given productToken and filters them by the given project ids

func (*System) GetProjectsMetaInfo

func (s *System) GetProjectsMetaInfo(productToken string) ([]Project, error)

GetProjectsMetaInfo retrieves the registered projects for a specific WhiteSource product

func (*System) SetProductAssignments added in v1.100.0

func (s *System) SetProductAssignments(productToken string, membership, admins, alertReceivers *Assignment) error

SetProductAssignments assigns various types of membership to a WhiteSource Product.

type SystemMock added in v1.95.0

type SystemMock struct {
	ProductName         string
	Products            []Product
	Projects            []Project
	Alerts              []Alert
	AlertType           string
	AlertError          error
	Libraries           []Library
	RiskReport          []byte
	VulnerabilityReport []byte
}

SystemMock stores a number of WhiteSource objects and, based on that, mocks the behavior of System.

func NewSystemMock added in v1.95.0

func NewSystemMock(lastUpdateDate string) *SystemMock

NewSystemMock returns a pointer to a new instance of SystemMock.

func NewSystemMockWithProjectName added in v1.125.0

func NewSystemMockWithProjectName(lastUpdateDate, projectName string) *SystemMock

NewSystemMockWithProjectName returns a pointer to a new instance of SystemMock using a project with a defined name.

func (*SystemMock) CreateProduct added in v1.100.0

func (m *SystemMock) CreateProduct(productName string) (string, error)

CreateProduct appends a new Product to the system mock and returns its token ("mock-product-token-<index>").

func (*SystemMock) GetProductByName added in v1.95.0

func (m *SystemMock) GetProductByName(productName string) (Product, error)

GetProductByName mimics retrieving a Product by name. It returns an error of no Product is stored in the mock.

func (*SystemMock) GetProjectAlerts added in v1.95.0

func (m *SystemMock) GetProjectAlerts(projectToken string) ([]Alert, error)

GetProjectAlerts returns the alerts stored in the SystemMock.

func (*SystemMock) GetProjectAlertsByType added in v1.125.0

func (m *SystemMock) GetProjectAlertsByType(projectToken, alertType string) ([]Alert, error)

GetProjectAlertsByType returns the alerts stored in the SystemMock and records the type.

func (*SystemMock) GetProjectByToken added in v1.95.0

func (m *SystemMock) GetProjectByToken(projectToken string) (Project, error)

GetProjectByToken checks the Projects stored in the mock and returns the one with the given token or an error.

func (*SystemMock) GetProjectHierarchy added in v1.238.0

func (m *SystemMock) GetProjectHierarchy(projectToken string, inHouse bool) ([]Library, error)

GetProjectHierarchy returns the libraries stored in the SystemMock.

func (*SystemMock) GetProjectLibraryLocations added in v1.95.0

func (m *SystemMock) GetProjectLibraryLocations(projectToken string) ([]Library, error)

GetProjectLibraryLocations returns the libraries stored in the SystemMock.

func (*SystemMock) GetProjectRiskReport added in v1.95.0

func (m *SystemMock) GetProjectRiskReport(projectToken string) ([]byte, error)

GetProjectRiskReport mocks retrieving a risc report.

func (*SystemMock) GetProjectToken added in v1.95.0

func (m *SystemMock) GetProjectToken(productToken, projectName string) (string, error)

GetProjectToken checks the Projects stored in the mock and returns a valid token, or an empty token and no error.

func (*SystemMock) GetProjectVulnerabilityReport added in v1.95.0

func (m *SystemMock) GetProjectVulnerabilityReport(projectToken string, format string) ([]byte, error)

GetProjectVulnerabilityReport mocks retrieving a vulnerability report. Behavior depends on what is stored in the mock.

func (*SystemMock) GetProjectsMetaInfo added in v1.95.0

func (m *SystemMock) GetProjectsMetaInfo(productToken string) ([]Project, error)

GetProjectsMetaInfo returns the list of Projects stored in the mock or an error if token is unknown.

func (*SystemMock) SetProductAssignments added in v1.100.0

func (m *SystemMock) SetProductAssignments(productToken string, _, _, _ *Assignment) error

SetProductAssignments checks if the system mock contains a product with the given token and returns an error depending on that, but otherwise does nothing with the provided arguments.

type UserAssignment added in v1.100.0

type UserAssignment struct {
	Email string `json:"email,omitempty"`
}

UserAssignment holds an email address for a WhiteSource user which can be assigned to a WhiteSource Product in a specific role.

type Utils added in v1.95.0

type Utils interface {
	maven.Utils

	Chdir(path string) error
	Getwd() (string, error)
	FileRead(path string) ([]byte, error)
	FileWrite(path string, content []byte, perm os.FileMode) error
	FileRemove(path string) error
	FileRename(oldPath, newPath string) error
	GetExitCode() int
	RemoveAll(path string) error
	FileOpen(name string, flag int, perm os.FileMode) (File, error)

	FindPackageJSONFiles(config *ScanOptions) ([]string, error)
	InstallAllNPMDependencies(config *ScanOptions, packageJSONFiles []string) error
}

Utils captures all external functionality that needs to be exchangeable in tests.

type Vulnerability added in v1.51.0

type Vulnerability struct {
	Name              string      `json:"name,omitempty"`
	Type              string      `json:"type,omitempty"`
	Severity          string      `json:"severity,omitempty"`
	Score             float64     `json:"score,omitempty"`
	CVSS3Severity     string      `json:"cvss3_severity,omitempty"`
	CVSS3Score        float64     `json:"cvss3_score,omitempty"`
	PublishDate       string      `json:"publishDate,omitempty"`
	URL               string      `json:"url,omitempty"`
	Description       string      `json:"description,omitempty"`
	TopFix            Fix         `json:"topFix,omitempty"`
	AllFixes          []Fix       `json:"allFixes,omitempty"`
	FixResolutionText string      `json:"fixResolutionText,omitempty"`
	References        []Reference `json:"references,omitempty"`
}

Vulnerability defines a vulnerability as returned by WhiteSource

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL