Documentation
¶
Index ¶
- Variables
- func Execute(version, commitHash, builtAt string)
- type AutomatedToolsList
- type ContributionPolicy
- type Dependencies
- type Header
- type Integration
- type ProjectLifecycle
- type Sbom
- type SecurityArtifacts
- type SecurityAssessments
- type SecurityContacts
- type SecurityInsightsSchema
- type SecurityTesting
- type ThreatModel
- type VulnerabilityReporting
Constants ¶
This section is empty.
Variables ¶
var NewFileName string
Functions ¶
Types ¶
type AutomatedToolsList ¶
type AutomatedToolsList struct {
AutomatedTool string `yaml:"automated-tool"`
Action string `yaml:"action"`
Path []string `yaml:"path"`
Comment string `yaml:"comment"`
}
AutomatedToolsList is a sub-entry in the ContributionPolicy section of the Security Insights Schema
type ContributionPolicy ¶
type ContributionPolicy struct {
AcceptsPullRequests bool `yaml:"accepts-pull-requests"`
AcceptsAutomatedPullRequests bool `yaml:"accepts-automated-pull-requests"`
AutomatedToolsList []AutomatedToolsList `yaml:"automated-tools-list"`
ContributingPolicy string `yaml:"contributing-policy"`
CodeOfConduct string `yaml:"code-of-conduct"`
}
ContributionPolicy is a top level entry in the Security Insights Schema
type Dependencies ¶
type Dependencies struct {
ThirdPartyPackages bool `yaml:"third-party-packages"`
DependenciesLists []string `yaml:"dependencies-lists"`
Sbom []Sbom `yaml:"sbom"`
}
Dependencies is a top level entry in the Security Insights Schema
type Header ¶
type Header struct {
SchemaVersion string `yaml:"schema-version"`
ParentSecurityYaml string `yaml:"parent-security-yaml"`
ExpirationDate string `yaml:"expiration-date"`
LastUpdated string `yaml:"last-updated"`
LastReviewed string `yaml:"last-reviewed"`
CommitHash string `yaml:"commit-hash"`
ProjectUrl string `yaml:"project-url"`
ProjectRelease string `yaml:"project-release"`
Changelog string `yaml:"changelog"`
License string `yaml:"license"`
}
Header is a top level entry in the Security Insights Schema
type Integration ¶
type Integration struct {
AdHoc bool `yaml:"ad-hoc"`
Ci bool `yaml:"ci"`
BeforeRelease bool `yaml:"before-release"`
}
Integration is a sub-entry in the SecurityTesting section of the Security Insights Schema
type ProjectLifecycle ¶
type ProjectLifecycle struct {
Stage string `yaml:"stage"`
Roadmap string `yaml:"roadmap"`
BugFixesOnly bool `yaml:"bug-fixes-only"`
CoreMaintainers []string `yaml:"core-maintainers"`
}
ProjectLifecycle is a top level entry in the Security Insights Schema
type Sbom ¶
type Sbom struct {
SbomFile string `yaml:"sbom-file"`
SbomName string `yaml:"sbom-name"`
SbomUrl string `yaml:"sbom-url"`
}
Sbom is a sub-entry in the Dependencies section of the Security Insights Schema
type SecurityArtifacts ¶
type SecurityArtifacts struct {
ThreatModel ThreatModel `yaml:"threat-model"`
}
SecurityArtifacts is a top level entry in the Security Insights Schema
type SecurityAssessments ¶
type SecurityAssessments struct {
AuditorName string `yaml:"auditor-name"`
AuditorUrl string `yaml:"auditor-url"`
AuditorReport string `yaml:"auditor-report"`
ReportYear int `yaml:"report-year"`
Comment string `yaml:"comment"`
}
SecurityAssessments is a top level entry in the Security Insights Schema
type SecurityContacts ¶
type SecurityContacts struct {
Type string `yaml:"type"`
Value string `yaml:"value"`
Primary bool `yaml:"primary"`
}
SecurityContacts is a top level entry in the Security Insights Schema
type SecurityInsightsSchema ¶
type SecurityInsightsSchema struct {
Header Header `yaml:"header"`
ProjectLifecycle ProjectLifecycle `yaml:"project-lifecycle"`
ContributionPolicy ContributionPolicy `yaml:"contribution-policy"`
Documentation []string `yaml:"documentation"`
DistributionPoints []string `yaml:"distribution-points"`
SecurityArtifacts SecurityArtifacts `yaml:"security-artifacts"`
SecurityTesting []SecurityTesting `yaml:"security-testing"`
SecurityAssessments []SecurityAssessments `yaml:"security-assessments"`
SecurityContacts []SecurityContacts `yaml:"security-contacts"`
VulnerabilityReporting VulnerabilityReporting `yaml:"vulnerability-reporting"`
Dependencies Dependencies `yaml:"dependencies"`
}
Struct for the Security Insights Schema
func (*SecurityInsightsSchema) Validate ¶
func (s *SecurityInsightsSchema) Validate() (err error)
Validate validates the SecurityInsightsSchema by 1. Unmarshalling the input file into the SecurityInsightsSchema 2. Marshalling the SecurityInsightsSchema into a new file 3. Diffing the input file and the new file
type SecurityTesting ¶
type SecurityTesting struct {
ToolType string `yaml:"tool-type"`
ToolName string `yaml:"tool-name"`
ToolVersion string `yaml:"tool-version"`
ToolUrl string `yaml:"tool-url"`
ToolRulesets []string `yaml:"tool-rulesets"`
Integration Integration `yaml:"integration"`
Comment string `yaml:"comment"`
}
SecurityTesting is a top level entry in the Security Insights Schema
type ThreatModel ¶
type ThreatModel struct {
ThreatModelCreated bool `yaml:"threat-model-created"`
EvidenceUrl []string `yaml:"evidence-url"`
Comment string `yaml:"comment"`
}
ThreatModel is a sub-entry in the SecurityArtifacts section of the Security Insights Schema
type VulnerabilityReporting ¶
type VulnerabilityReporting struct {
AcceptsVulnerabilityReports bool `yaml:"accepts-vulnerability-reports"`
EmailContact string `yaml:"email-contact"`
SecurityPolicy string `yaml:"security-policy"`
BugBountyAvailable bool `yaml:"bug-bounty-available"`
BugBountyUrl string `yaml:"bug-bounty-url"`
InScope []string `yaml:"in-scope"`
InScopeComment string `yaml:"in-scope-comment"`
OutScope []string `yaml:"out-scope"`
OutScopeComment string `yaml:"out-scope-comment"`
}
VulnerabilityReporting is a top level entry in the Security Insights Schema
Source Files