Documentation
¶
Index ¶
- func AddTarEntry(tw *tar.Writer, name string, data []byte) error
- func ApplyBaselineDiff(report *model.Report, baseline model.Report, diffOnly bool)
- func BuildEvidenceManifest(report model.Report, reportJSON []byte) map[string]any
- func BuildEvidenceSnippets(report model.Report) []map[string]any
- func BuildSARIFRun(report model.Report) map[string]any
- func FindingIdentityKey(f model.Finding) string
- func FindingIdentityKeyV1(f model.Finding) string
- func LoadBaselineReport(path string) (model.Report, error)
- func ParseEd25519PrivateKeyPEM(data []byte) (ed25519.PrivateKey, error)
- func ParseEd25519PublicKeyPEM(data []byte) (ed25519.PublicKey, error)
- func RunBundle(stdout io.Writer, stderr io.Writer, opts BundleOptions) int
- func RunExportEvidence(stdout io.Writer, stderr io.Writer, opts ExportEvidenceOptions) int
- func RunVerifyBundle(stdout io.Writer, stderr io.Writer, opts VerifyBundleOptions) int
- func SARIFLevelFromSeverity(sev model.Severity) string
- func SignWithEd25519(privKeyPath string, data []byte) ([]byte, error)
- func WriteJSONReport(path string, report model.Report) error
- func WriteMarkdown(out io.Writer, report model.Report)
- func WriteSARIFReport(out io.Writer, report model.Report) error
- func WriteTextReport(out io.Writer, report model.Report)
- type BundleOptions
- type ExportEvidenceOptions
- type VerifyBundleOptions
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func AddTarEntry ¶
AddTarEntry writes one file entry to a tar archive.
func ApplyBaselineDiff ¶
ApplyBaselineDiff annotates current findings against baseline identity keys.
func BuildEvidenceManifest ¶
BuildEvidenceManifest builds manifest metadata for an evidence bundle.
func BuildEvidenceSnippets ¶
BuildEvidenceSnippets builds per-finding snippet records for an evidence bundle.
func BuildSARIFRun ¶
BuildSARIFRun converts findings into SARIF rules/results payloads.
func FindingIdentityKey ¶
FindingIdentityKey builds a stable identity for baseline comparisons from rule id, file path, and a short SHA256 prefix of the match text (line-independent).
func FindingIdentityKeyV1 ¶
FindingIdentityKeyV1 is the legacy identity (rule id, file, line) for migrating old baselines.
func LoadBaselineReport ¶
LoadBaselineReport reads a prior JSON report used for finding diffing.
func ParseEd25519PrivateKeyPEM ¶
func ParseEd25519PrivateKeyPEM(data []byte) (ed25519.PrivateKey, error)
ParseEd25519PrivateKeyPEM delegates to security.ParseEd25519PrivateKeyPEM.
func ParseEd25519PublicKeyPEM ¶
ParseEd25519PublicKeyPEM delegates to security.ParseEd25519PublicKeyPEM.
func RunExportEvidence ¶
RunExportEvidence bundles scan findings into a signed .tar.gz for incident response handoff.
func RunVerifyBundle ¶
RunVerifyBundle verifies a distribution bundle's signature and integrity.
func SARIFLevelFromSeverity ¶
SARIFLevelFromSeverity maps scanner severities into SARIF result levels.
func SignWithEd25519 ¶
SignWithEd25519 signs data using an Ed25519 private key from a PEM file.
func WriteJSONReport ¶
WriteJSONReport writes a JSON report file and creates parent directories when needed.
func WriteMarkdown ¶
WriteMarkdown renders a scan report as a GitHub-flavored Markdown summary suitable for PR comments or CI job summaries.
func WriteSARIFReport ¶
WriteSARIFReport renders the scan report using SARIF 2.1.0 schema.
Types ¶
type BundleOptions ¶
type BundleOptions struct {
Platform string
OutPath string
SignBundle bool
PrivKeyPath string
Rules []model.Rule
GoVersion string
Commit string
}
BundleOptions configures distribution bundle creation; Rules must be supplied by the caller (e.g. default rules from rules.DefaultRules()).
type ExportEvidenceOptions ¶
type ExportEvidenceOptions struct {
ReportPath string
OutPath string
SignBundle bool
PrivKeyPath string
}
ExportEvidenceOptions configures evidence bundle creation (CLI fills this after flag parsing).
type VerifyBundleOptions ¶
VerifyBundleOptions configures bundle signature verification.
Source Files