dependency

package
v0.15.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: May 9, 2025 License: MIT Imports: 29 Imported by: 0

Documentation

Index

Constants

View Source 
const (
	SEVERITY_CRITICAL = "CRITICAL"
	SEVERITY_HIGH     = "HIGH"
	SEVERITY_MEDIUM   = "MEDIUM"
	SEVERITY_LOW      = "LOW"
	SEVERITY_UNKNOWN  = "UNKNOWN"

	// Default Score
	SCORE_CRITICAL = float32(0.6)
	SCORE_HIGH     = float32(0.5)
	SCORE_MEDIUM   = float32(0.3)
	SCORE_LOW      = float32(0.1)
	SCORE_UNKNOWN  = float32(0.1)

	// CVE Score
	SCORE_CVE_CRITICAL = float32(0.8)
	SCORE_CVE_HIGH     = float32(0.6)
	SCORE_CVE_MEDIUM   = float32(0.4)
	SCORE_CVE_LOW      = float32(0.1)
	SCORE_CVE_UNKNOWN  = float32(0.1)
)
View Source 
const RETRY_NUM uint64 = 3

Variables

This section is empty.

Functions

func NewHandler 

func NewHandler(
	ctx context.Context,
	fc finding.FindingServiceClient,
	ac alert.AlertServiceClient,
	cc code.CodeServiceClient,
	vulnClient *vulnsdk.Client,
	codeDataKey string,
	githubDefaultToken string,
	trivyPath string,
	limitRepositorySizeKb int,
	l logging.Logger,
) (*sqsHandler, error)

Types

type AppConfig 

type AppConfig struct {
	EnvName         string   `default:"local" split_words:"true"`
	TraceExporter   string   `split_words:"true" default:"nop"`
	ProfileExporter string   `split_words:"true" default:"nop"`
	ProfileTypes    []string `split_words:"true"`
	TraceDebug      bool     `split_words:"true" default:"false"`

	// sqs
	Debug string `default:"false"`

	AWSRegion   string `envconfig:"aws_region"    default:"ap-northeast-1"`
	SQSEndpoint string `envconfig:"sqs_endpoint"  default:"http://queue.middleware.svc.cluster.local:9324"`

	CodeDependencyQueueName string `split_words:"true" default:"code-dependency"`
	CodeDependencyQueueURL  string `split_words:"true" default:"http://queue.middleware.svc.cluster.local:9324/queue/code-dependency"`
	MaxNumberOfMessage      int32  `split_words:"true" default:"10"`
	WaitTimeSecond          int32  `split_words:"true" default:"20"`

	// dependency
	GithubDefaultToken string `required:"true" split_words:"true" default:"your-token-here"`
	TrivyPath          string `split_words:"true" default:"/usr/local/bin/trivy"`

	// scan settings
	LimitRepositorySizeKb int `required:"true" split_words:"true" default:"500000"` // 500MB

	// grpc
	CoreSvcAddr          string `split_words:"true" default:"core.core.svc.cluster.local:8080"`
	DataSourceAPISvcAddr string `required:"true" split_words:"true" default:"datasource-api.datasource.svc.cluster.local:8081"`

	// handler
	CodeDataKey string `split_words:"true" required:"true"`
}

type TargetInfo added in v0.15.0 

type TargetInfo struct {
	RepositoryURL   string `json:"repositoryURL"`
	Target          string `json:"target"`
	PackageName     string `json:"packageName"`
	VulnerabilityID string `json:"vulnerabilityID"`
}

type VulnFinding added in v0.15.0 

type VulnFinding struct {
	Target        TargetInfo                       `json:"target"`
	Vulnerability trivytypes.DetectedVulnerability `json:"vulnerability,omitempty"`
	CVEDetail     *vulnmodel.Vulnerability         `json:"cve_detail,omitempty"`
	RiskenTriage  *triage.RiskenTriage             `json:"risken_triage,omitempty"`
}

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.