Directories
¶
| Path | Synopsis |
|---|---|
|
analyzers
|
|
|
govulncheck
Package govulncheck implements a reachability analyzer for Go modules backed by govulncheck (https://pkg.go.dev/golang.org/x/vuln/cmd/govulncheck).
|
Package govulncheck implements a reachability analyzer for Go modules backed by govulncheck (https://pkg.go.dev/golang.org/x/vuln/cmd/govulncheck). |
|
jsreach
Package jsreach implements a Tier-3 (package-level) reachability analyzer for npm packages.
|
Package jsreach implements a Tier-3 (package-level) reachability analyzer for npm packages. |
|
jvmreach
Package jvmreach implements a Tier-3 (package-level) reachability analyzer for JVM-ecosystem packages (Maven, Gradle, SBT).
|
Package jvmreach implements a Tier-3 (package-level) reachability analyzer for JVM-ecosystem packages (Maven, Gradle, SBT). |
|
pyreach
Package pyreach implements a Tier-3 (package-level) reachability analyzer for Python packages.
|
Package pyreach implements a Tier-3 (package-level) reachability analyzer for Python packages. |
|
auditors
|
|
|
Package benchmark owns Bomly's hidden local dependency-graph benchmark.
|
Package benchmark owns Bomly's hidden local dependency-graph benchmark. |
|
opts
Package opts resolves +/- selector expressions used by the CLI to filter detectors, auditors, matchers, and ecosystems.
|
Package opts resolves +/- selector expressions used by the CLI to filter detectors, auditors, matchers, and ecosystems. |
|
render
Package render owns CLI presentation primitives: ANSI styling, the startup logo, and SBOM output spec parsing.
|
Package render owns CLI presentation primitives: ANSI styling, the startup logo, and SBOM output spec parsing. |
|
Package config defines Bomly's resolved CLI configuration shape.
|
Package config defines Bomly's resolved CLI configuration shape. |
|
diff
Package diff runs two engine pipelines and classifies their audit deltas.
|
Package diff runs two engine pipelines and classifies their audit deltas. |
|
scan
Package scan exposes the command-facing scan pipeline API.
|
Package scan exposes the command-facing scan pipeline API. |
|
Package matchers contain shared contracts and helper functions for matcher implementations.
|
Package matchers contain shared contracts and helper functions for matcher implementations. |
|
cache
Package cache provides shared on-disk caching helpers for matcher implementations.
|
Package cache provides shared on-disk caching helpers for matcher implementations. |
|
depsdev
Package depsdev implements a Bomly license matcher backed by the deps.dev API.
|
Package depsdev implements a Bomly license matcher backed by the deps.dev API. |
|
grype
Package grype implements a Matcher that uses the Grype vulnerability library (builtin) or the grype CLI binary (external), selected via build tags.
|
Package grype implements a Matcher that uses the Grype vulnerability library (builtin) or the grype CLI binary (external), selected via build tags. |
|
osv
Package osv implements an engine.Auditor backed by the OSV (Open Source Vulnerabilities) API.
|
Package osv implements an engine.Auditor backed by the OSV (Open Source Vulnerabilities) API. |
|
scorecard
Package scorecard implements an sdk.Matcher that enriches packages with upstream-project security-posture data from the OpenSSF Scorecard public API (api.scorecard.dev).
|
Package scorecard implements an sdk.Matcher that enriches packages with upstream-project security-posture data from the OpenSSF Scorecard public API (api.scorecard.dev). |
|
Package progress renders a CLI progress display: a live region of per-step lines, each animating its own spinner and bubbles-rendered progress bar, plus a stream of completed steps that get promoted in place (rewritten as a past-tense title with their child tree) and scroll into history as new steps start.
|
Package progress renders a CLI progress display: a live region of per-step lines, each animating its own spinner and bubbles-rendered progress bar, plus a stream of completed steps that get promoted in place (rewritten as a past-tense title with their child tree) and scroll into history as new steps start. |
|
cmd/componentdocs
command
|
|
|
cmd/configref
command
|
|
|
cmd/schemadocs
command
|
|
|
cmd/schemajson
command
|
|
|
cmd/supportmatrix
command
|
|
|
tools
|
|
|
benchmarkreport
command
|
|
|
gofmtcheck
command
|
|
Click to show internal directories.
Click to hide internal directories.