engine

package
v0.14.2 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jun 16, 2026 License: Apache-2.0 Imports: 13 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

View Source 
var (
	// ErrNoAuditor indicates no auditor supports a request.
	ErrNoAuditor = errors.New("no auditor available")
	// ErrNoMatcher indicates no matcher supports a request.
	ErrNoMatcher = errors.New("no matcher available")
)

Functions

func DeduplicateFindings 

func DeduplicateFindings(findings []sdk.Finding) []sdk.Finding

DeduplicateFindings removes duplicate package/vulnerability findings, keeping the highest-priority source.

func SingleGraphContainer 

func SingleGraphContainer(g *sdk.Graph, manifest sdk.ManifestMetadata) *sdk.GraphContainer

SingleGraphContainer wraps a single graph entry.

Types

type ComponentOptions 

type ComponentOptions = registry.ComponentOptions

ComponentOptions records Bomly-owned registry behavior for a component.

type ConsolidatedGraphResult 

type ConsolidatedGraphResult struct {
	ExecutionTarget sdk.ExecutionTarget
	Graph           *sdk.Graph
	Subprojects     []sdk.ConsolidatedSubproject
}

ConsolidatedGraphResult describes a merged view above per-subproject graph results.

type DetailProgressReporter 

type DetailProgressReporter interface {
	Detail(label, detail string)
}

DetailProgressReporter is optionally implemented by progress renderers that can show the current subproject or detector without expanding the public coarse progress contract.

type DetectorDiscoveryPlan 

type DetectorDiscoveryPlan = registry.DetectorDiscoveryPlan

DetectorDiscoveryPlan describes how one detector participates in runtime planning.

type Engine 

type Engine struct {
	// contains filtered or unexported fields
}

Engine orchestrates detector and auditor execution.

func NewEngine 

func NewEngine(registry *Registry) *Engine

NewEngine creates a scan engine with the provided registry.

func (*Engine) Analyze 

func (e *Engine) Analyze(ctx context.Context, req sdk.AnalyzeRequest) (sdk.AnalyzeResult, error)

Analyze runs registered analyzers against the graph and returns the reachability-annotated graph. Unlike Audit, Analyze does NOT error when zero analyzers apply — reachability is opt-in and a request with no applicable analyzers is a normal outcome.

func (*Engine) Audit 

func (e *Engine) Audit(ctx context.Context, req sdk.AuditRequest) (sdk.AuditResult, error)

Audit selects auditors by priority and aggregates their findings.

func (*Engine) Match 

func (e *Engine) Match(ctx context.Context, req sdk.MatchRequest) (MatchResult, error)

Match runs registered matchers against the graph and returns the enriched graph.

type ExplainRequest 

type ExplainRequest struct {
	Query    string
	Pipeline PipelineRequest
}

ExplainRequest defines input for an explain pipeline run.

type ExplainResult 

type ExplainResult struct {
	PipelineResult
	Targets             []ExplainTarget
	FocusedConsolidated sdk.ConsolidatedGraph
	FocusedGraph        *sdk.Graph
}

ExplainResult contains full and focused explain pipeline output.

type ExplainTarget 

type ExplainTarget struct {
	Manifest     sdk.ConsolidatedManifest
	Dependency   *sdk.Dependency
	Paths        []explain.Path
	Findings     []sdk.Finding
	FocusedGraph *sdk.Graph
}

ExplainTarget contains one selected manifest where the queried dependency exists.

type MatchResult 

type MatchResult struct {
	Registry     *sdk.PackageRegistry
	MatcherStats []sdk.MatcherStats
}

MatchResult contains aggregate matcher output after the engine runs all selected matchers for a pipeline stage.

type Pipeline 

type Pipeline struct {
	Registry *Registry
	Logger   *zap.Logger
	// contains filtered or unexported fields
}

Pipeline orchestrates a full scan through a sequence of typed stages: detect (resolve + consolidate) -> match -> analyze -> audit.

func NewPipeline 

func NewPipeline(registry *Registry, logger *zap.Logger) *Pipeline

NewPipeline creates a pipeline backed by the given registry.

func (*Pipeline) Run 

func (p *Pipeline) Run(ctx context.Context, req PipelineRequest) (PipelineResult, error)

Run executes the full pipeline and returns a consolidated result.

func (*Pipeline) RunAuditGraph 

func (p *Pipeline) RunAuditGraph(ctx context.Context, graph *sdk.Graph, registry *sdk.PackageRegistry, req PipelineRequest) (sdk.AuditResult, []PipelineWarning)

RunAuditGraph evaluates policy for graph using req's configured auditors.

func (*Pipeline) RunExplain 

func (p *Pipeline) RunExplain(ctx context.Context, req ExplainRequest) (ExplainResult, error)

RunExplain resolves, enriches, and optionally audits selected manifests for an explain query.

func (*Pipeline) RunPreAudit 

func (p *Pipeline) RunPreAudit(ctx context.Context, req PipelineRequest) (PipelineResult, error)

RunPreAudit executes the pipeline through enrichment and analysis, stopping before policy evaluation.

type PipelineRequest 

type PipelineRequest struct {
	ProjectPath                string
	ExecutionTarget            sdk.ExecutionTarget
	Subprojects                []sdk.Subproject
	EnrichEnabled              bool
	MatchEnabled               bool
	AuditEnabled               bool
	AnalyzeReachabilityEnabled bool
	ScopeFilter                sdk.Scope
	AuditorFilter              sdk.AuditorFilter
	MatcherFilter              sdk.MatcherFilter
	AnalyzerFilter             sdk.AnalyzerFilter
	DetectorFilter             sdk.DetectorFilter
	FailOn                     []sdk.FailOnConstraint
	AllowVulnerabilityIDs      []string
	AllowLicenses              []string
	DenyLicenses               []string
	LicenseExemptPackages      []string
	DenyPackages               []string
	DenyGroups                 []string
	ProtectedPackages          []string
	TyposquatThreshold         float64
	TyposquatMode              string
	WarnOnly                   bool
	BaselineGraph              *sdk.Graph
	InstallFirst               bool
	InstallArgs                []string
	CoreVersion                string
	Stderr                     io.Writer
	Verbose                    bool
	Progress                   ProgressReporter
}

PipelineRequest defines input for a full pipeline run.

type PipelineResult 

type PipelineResult struct {
	ResolveResults   []sdk.DetectionResult
	Consolidated     sdk.ConsolidatedGraph
	Graph            *sdk.Graph
	Registry         *sdk.PackageRegistry
	Findings         []sdk.Finding
	RiskScores       []sdk.RiskScore
	DetectorWarnings []PipelineWarning
	AuditWarnings    []PipelineWarning
	MatchWarnings    []PipelineWarning
	AnalyzeWarnings  []PipelineWarning
	MatcherStats     []sdk.MatcherStats
	AuditorRuns      []string
	AnalyzerRuns     []string
	AuditorFindings  map[string]int
	AnalyzerStats    map[string]sdk.ReachabilityStats
	PartialErrors    error
}

PipelineResult contains the full output of a pipeline run.

type PipelineWarning 

type PipelineWarning struct {
	Source  string // detector, auditor, or matcher name
	Message string // human-readable warning text
}

PipelineWarning is a structured warning captured during a pipeline stage.

func PipelineWarningsFromError 

func PipelineWarningsFromError(err error, prefix string) []PipelineWarning

PipelineWarningsFromError converts a (possibly joined) error into structured pipeline warnings. It extracts the source name from error messages that follow the pattern "<prefix> <name>: <message>" (e.g. "auditor osv: not ready").

type ProgressReporter 

type ProgressReporter interface {
	StartStage(label string, total int)
	AdvanceStage(label string, completed, total int)
	CompleteStage(label string, total int)
}

ProgressReporter receives coarse pipeline progress events.

type Registry 

type Registry struct {
	*registry.Registry
}

Registry wraps the shared registry with scan-specific registration helpers.

func NewRegistry 

func NewRegistry(configs RegistryConfigs, logger zap.Logger) *Registry

NewRegistry creates an empty scan registry.

func (*Registry) Filter 

func (r *Registry) Filter(filter RegistryFilter) *Registry

Filter returns a copy of the registry filtered by the supplied detector, auditor, matcher, and ecosystem selections.

type RegistryConfigs 

type RegistryConfigs = registry.Configs

RegistryConfigs holds built-in registry wiring options resolved by the CLI layer.

type RegistryFilter 

type RegistryFilter = registry.Filter

RegistryFilter narrows a registry down to the runtime-relevant selections.

Source Files

View all Source files

Directories

Path Synopsis
Package diff runs two engine pipelines and classifies their audit deltas.
 Package diff runs two engine pipelines and classifies their audit deltas.
Package scan exposes the command-facing scan pipeline API.
 Package scan exposes the command-facing scan pipeline API.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.