Documentation
¶
Overview ¶
Package deps provides analysis of dependencies and potential secrets.
Package deps provides analysis of dependency licenses in Go modules.
Package deps provides audit of known vulnerabilities using osv.dev.
Package deps provides combined dependency scanning logic for CodexSentinel.
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type DependencyReport ¶
type DependencyReport struct {
Module string // e.g. github.com/foo/bar
Version string // e.g. v1.2.3
License string // e.g. MIT
LicenseStatus string // ALLOWED / DENIED / UNKNOWN
LicenseFile string // path/to/LICENSE
Vulnerabilities []Vulnerability // CVE / GHSA results from osv.dev
SuspiciousFiles []EntropyFinding // High-entropy values in vendored code
// A06:2025 - Additional fields for vulnerable and outdated components
IsOutdated bool // Component is outdated
LatestVersion string // Latest available version
UpdateStatus string // UPDATE_AVAILABLE / UP_TO_DATE / DEPRECATED
DeprecationMsg string // Deprecation warning if applicable
SecurityScore int // Security score (0-100)
}
DependencyReport aggregates all security and license information per module.
func ScanDependencies ¶
func ScanDependencies(goModPath string, allowLicenses, denyLicenses []string) ([]DependencyReport, error)
ScanDependencies performs full dependency audit: - license classification - CVE lookup (via osv-scanner) - secret-like strings
type EntropyFinding ¶
type EntropyFinding struct {
Value string // The actual string value
Entropy float64 // Shannon entropy score
File string // Source file path
Line int // Line number
IsComment bool // Whether it was found in a comment
}
EntropyFinding represents a high-entropy string found in code.
func AnalyzeHighEntropyStrings ¶
func AnalyzeHighEntropyStrings(files []string, minLength int, threshold float64) ([]EntropyFinding, error)
AnalyzeHighEntropyStrings scans files for suspiciously random strings with improved accuracy
type GHSAResponse ¶ added in v1.4.1
type GHSAResponse struct {
Data struct {
SecurityVulnerabilities struct {
Nodes []struct {
Package struct {
Name string `json:"name"`
} `json:"package"`
Advisory struct {
GHSAID string `json:"ghsaId"`
Summary string `json:"summary"`
Severity string `json:"severity"`
Permalink string `json:"permalink"`
References []struct {
URL string `json:"url"`
} `json:"references"`
} `json:"advisory"`
VulnerableVersionRange string `json:"vulnerableVersionRange"`
} `json:"nodes"`
} `json:"securityVulnerabilities"`
} `json:"data"`
}
type GoModule ¶ added in v1.4.1
func ParseGoModModules ¶ added in v1.4.1
ParseGoModModules parses go.mod and returns a list of modules
type LicenseFinding ¶
type LicenseFinding struct {
Module string // Module path (e.g. github.com/foo/bar)
Version string // Version (e.g. v1.2.3)
License string // Detected license (e.g. MIT, GPL-3.0)
Allowed bool // Whether it's in allow-list
Denied bool // Whether it's in deny-list
LicenseFile string // Path to license file if found
}
LicenseFinding represents a dependency and its associated license.
func AnalyzeLicenses ¶
func AnalyzeLicenses(goModPath string, allowList, denyList []string) ([]LicenseFinding, error)
AnalyzeLicenses analyzes go.mod and go.sum for dependency licenses.
type Vulnerability ¶
type Vulnerability struct {
Module string `json:"module"` // Module name (e.g., github.com/foo/bar)
Version string `json:"version"` // Vulnerable version
ID string `json:"id"` // CVE or GHSA ID
Details string `json:"details"` // Description or summary
Severity string `json:"severity"` // "LOW", "MEDIUM", "HIGH", "CRITICAL"
FixedVersion string `json:"fixed"` // Version where fixed (if available)
Aliases []string `json:"aliases"` // Alternative IDs
Reference string `json:"reference"` // Reference URL
}
Vulnerability represents a CVE or known vulnerability for a Go module.
func AuditVulnerabilities ¶
func AuditVulnerabilities(goModPath string) ([]Vulnerability, error)
AuditVulnerabilities runs osv-scanner against the given go.mod path and returns a list of vulnerabilities.
Requires:
- Installed `osv-scanner` CLI (https://github.com/google/osv-scanner)
func FetchGHSAAdvisories ¶ added in v1.4.1
func FetchGHSAAdvisories(goModPath string) ([]Vulnerability, error)
FetchGHSAAdvisories fetches advisories from GitHub Advisory Database for Go modules in go.mod
Source Files