control

package

v0.1.24 Latest Latest Go to latest Published: Jan 30, 2026 License: MPL-2.0 Imports: 8 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/getplumber/plumber

Links

Open Source Insights

Documentation ¶

Index ¶

Constants
type AnalysisResult
- func RunAnalysis(conf *configuration.Configuration) (*AnalysisResult, error)
type BranchProtectionCompliance
type BranchProtectionData
type BranchProtectionIssue
type BranchProtectionMetrics
type GitlabBranchProtectionControl
- func NewGitlabBranchProtectionControl(config *configuration.BranchProtectionControlConfig) *GitlabBranchProtectionControl
- func (c *GitlabBranchProtectionControl) Run(protectionData *collector.GitlabProtectionAnalysisData, ...) *GitlabBranchProtectionResult
type GitlabBranchProtectionResult
type GitlabImageAuthorizedSourcesConf
- func (p *GitlabImageAuthorizedSourcesConf) GetConf(plumberConfig *configuration.PlumberConfig) error
- func (p *GitlabImageAuthorizedSourcesConf) Run(pipelineImageData *collector.GitlabPipelineImageData) *GitlabImageAuthorizedSourcesResult
type GitlabImageAuthorizedSourcesMetrics
type GitlabImageAuthorizedSourcesResult
type GitlabImageForbiddenTagsConf
- func (p *GitlabImageForbiddenTagsConf) GetConf(plumberConfig *configuration.PlumberConfig) error
- func (p *GitlabImageForbiddenTagsConf) Run(pipelineImageData *collector.GitlabPipelineImageData) *GitlabImageForbiddenTagsResult
type GitlabImageForbiddenTagsMetrics
type GitlabImageForbiddenTagsResult
type GitlabPipelineImageIssueTag
type GitlabPipelineImageIssueUnauthorized
type PipelineImageMetricsSummary
type PipelineOriginMetricsSummary

Constants ¶

View Source

const ControlTypeGitlabImageAuthorizedSourcesVersion = "0.1.0"

View Source

const ControlTypeGitlabImageForbiddenTagsVersion = "0.2.0"

View Source

const ControlTypeGitlabProtectionBranchProtectionNotCompliantVersion = "0.2.0"

Variables ¶

This section is empty.

Functions ¶

This section is empty.

Types ¶

type AnalysisResult ¶

type AnalysisResult struct {
	// Project information
	ProjectPath string `json:"projectPath"`
	ProjectID   int    `json:"projectId"`

	// CI configuration status
	CiValid   bool `json:"ciValid"`
	CiMissing bool `json:"ciMissing"`

	// Pipeline origin data
	PipelineOriginMetrics *PipelineOriginMetricsSummary `json:"pipelineOriginMetrics,omitempty"`

	// Pipeline image data
	PipelineImageMetrics *PipelineImageMetricsSummary `json:"pipelineImageMetrics,omitempty"`

	// Control results
	ImageForbiddenTagsResult     *GitlabImageForbiddenTagsResult     `json:"imageForbiddenTagsResult,omitempty"`
	ImageAuthorizedSourcesResult *GitlabImageAuthorizedSourcesResult `json:"imageAuthorizedSourcesResult,omitempty"`
	BranchProtectionResult       *GitlabBranchProtectionResult       `json:"branchProtectionResult,omitempty"`
}

AnalysisResult holds the complete result of a pipeline analysis

func RunAnalysis ¶

func RunAnalysis(conf *configuration.Configuration) (*AnalysisResult, error)

RunAnalysis executes the complete pipeline analysis for a GitLab project

type BranchProtectionCompliance ¶

type BranchProtectionCompliance struct {
	BranchName                string
	Default                   bool
	Protected                 bool
	AllowForcePush            bool
	CodeOwnerApprovalRequired bool
	MinPushAccessLevel        int
	MinMergeAccessLevel       int
	ProtectionPattern         string
	PushAccessLevels          []gitlab.BranchProtectionAccessLevel
	MergeAccessLevels         []gitlab.BranchProtectionAccessLevel
}

BranchProtectionCompliance holds information about a branch's protection compliance

type BranchProtectionData ¶

type BranchProtectionData struct {
	BranchName                    string `json:"branchName"`
	Default                       bool   `json:"default"`
	Protected                     bool   `json:"protected"`
	AllowForcePush                bool   `json:"allowForcePush,omitempty"`
	CodeOwnerApprovalRequired     bool   `json:"codeOwnerApprovalRequired,omitempty"`
	MinMergeAccessLevel           int    `json:"minMergeAccessLevel,omitempty"`
	MinPushAccessLevel            int    `json:"minPushAccessLevel,omitempty"`
	AuthorizedMinMergeAccessLevel int    `json:"authorizedMinMergeAccessLevel,omitempty"`
	AuthorizedMinPushAccessLevel  int    `json:"authorizedMinPushAccessLevel,omitempty"`
}

BranchProtectionData holds information about a branch's protection status

type BranchProtectionIssue ¶

type BranchProtectionIssue struct {
	Type                             string `json:"type"` // "unprotected" or "non_compliant"
	BranchName                       string `json:"branchName"`
	AllowForcePush                   bool   `json:"allowForcePush,omitempty"`
	AllowForcePushDisplay            bool   `json:"allowForcePushDisplay,omitempty"`
	CodeOwnerApprovalRequired        bool   `json:"codeOwnerApprovalRequired,omitempty"`
	CodeOwnerApprovalRequiredDisplay bool   `json:"codeOwnerApprovalRequiredDisplay,omitempty"`
	MinMergeAccessLevel              int    `json:"minMergeAccessLevel,omitempty"`
	MinMergeAccessLevelDisplay       bool   `json:"minMergeAccessLevelDisplay,omitempty"`
	AuthorizedMinMergeAccessLevel    int    `json:"authorizedMinMergeAccessLevel,omitempty"`
	MinPushAccessLevel               int    `json:"minPushAccessLevel,omitempty"`
	MinPushAccessLevelDisplay        bool   `json:"minPushAccessLevelDisplay,omitempty"`
	AuthorizedMinPushAccessLevel     int    `json:"authorizedMinPushAccessLevel,omitempty"`
}

BranchProtectionIssue represents an issue found by the branch protection control

type BranchProtectionMetrics ¶

type BranchProtectionMetrics struct {
	Branches                   int `json:"branches"`
	BranchesToProtect          int `json:"branchesToProtect"`
	UnprotectedBranches        int `json:"unprotectedBranches"`
	NonCompliantBranches       int `json:"nonCompliantBranches"`
	TotalProtectedBranches     int `json:"totalProtectedBranches"`
	ProjectsCorrectlyProtected int `json:"projectsCorrectlyProtected"`
}

BranchProtectionMetrics holds metrics for the branch protection control

type GitlabBranchProtectionControl ¶

type GitlabBranchProtectionControl struct {
	// contains filtered or unexported fields
}

GitlabBranchProtectionControl handles branch protection compliance checking

func NewGitlabBranchProtectionControl ¶

func NewGitlabBranchProtectionControl(config *configuration.BranchProtectionControlConfig) *GitlabBranchProtectionControl

NewGitlabBranchProtectionControl creates a new branch protection control instance

func (*GitlabBranchProtectionControl) Run ¶

func (c *GitlabBranchProtectionControl) Run(
	protectionData *collector.GitlabProtectionAnalysisData,
	project *gitlab.ProjectInfo,
) *GitlabBranchProtectionResult

Run executes the branch protection compliance check

type GitlabBranchProtectionResult ¶

type GitlabBranchProtectionResult struct {
	Enabled    bool                     `json:"enabled"`
	Skipped    bool                     `json:"skipped,omitempty"`
	Compliance float64                  `json:"compliance"`
	Version    string                   `json:"version"`
	Data       []BranchProtectionData   `json:"data,omitempty"`
	Metrics    *BranchProtectionMetrics `json:"metrics,omitempty"`
	Issues     []BranchProtectionIssue  `json:"issues,omitempty"`
	Error      string                   `json:"error,omitempty"`
}

GitlabBranchProtectionResult holds the result of the branch protection control

type GitlabImageAuthorizedSourcesConf ¶

type GitlabImageAuthorizedSourcesConf struct {
	// Enabled controls whether this check runs
	Enabled bool `json:"enabled"`

	// TrustedUrls is a list of authorized registry URLs/patterns
	TrustedUrls []string `json:"trustedUrls"`

	// TrustDockerHubOfficialImages trusts official Docker Hub images (e.g., nginx, alpine)
	TrustDockerHubOfficialImages bool `json:"trustDockerHubOfficialImages"`
}

GitlabImageAuthorizedSourcesConf holds the configuration for image source authorization

func (*GitlabImageAuthorizedSourcesConf) GetConf ¶

func (p *GitlabImageAuthorizedSourcesConf) GetConf(plumberConfig *configuration.PlumberConfig) error

GetConf loads configuration from PlumberConfig Returns error if config is missing or incomplete

func (*GitlabImageAuthorizedSourcesConf) Run ¶

func (p *GitlabImageAuthorizedSourcesConf) Run(pipelineImageData *collector.GitlabPipelineImageData) *GitlabImageAuthorizedSourcesResult

Run executes the image authorized sources control

type GitlabImageAuthorizedSourcesMetrics ¶

type GitlabImageAuthorizedSourcesMetrics struct {
	Total        uint `json:"total"`
	Authorized   uint `json:"authorized"`
	Unauthorized uint `json:"unauthorized"`
	CiInvalid    uint `json:"ciInvalid"`
	CiMissing    uint `json:"ciMissing"`
}

GitlabImageAuthorizedSourcesMetrics holds metrics about image source authorization

type GitlabImageAuthorizedSourcesResult ¶

type GitlabImageAuthorizedSourcesResult struct {
	Issues     []GitlabPipelineImageIssueUnauthorized `json:"issues"`
	Metrics    GitlabImageAuthorizedSourcesMetrics    `json:"metrics"`
	Compliance float64                                `json:"compliance"`
	Version    string                                 `json:"version"`
	CiValid    bool                                   `json:"ciValid"`
	CiMissing  bool                                   `json:"ciMissing"`
	Skipped    bool                                   `json:"skipped"`         // True if control was disabled
	Error      string                                 `json:"error,omitempty"` // Error message if data collection failed
}

GitlabImageAuthorizedSourcesResult holds the result of the image authorized sources control

type GitlabImageForbiddenTagsConf ¶

type GitlabImageForbiddenTagsConf struct {
	// Enabled controls whether this check runs
	Enabled bool `json:"enabled"`

	// ForbiddenTags is a list of tags considered forbidden (e.g., latest, dev)
	ForbiddenTags []string `json:"forbiddenTags"`
}

GitlabImageForbiddenTagsConf holds the configuration for forbidden tag detection

func (*GitlabImageForbiddenTagsConf) GetConf ¶

func (p *GitlabImageForbiddenTagsConf) GetConf(plumberConfig *configuration.PlumberConfig) error

GetConf loads configuration from PlumberConfig Returns error if config is missing or incomplete

func (*GitlabImageForbiddenTagsConf) Run ¶

func (p *GitlabImageForbiddenTagsConf) Run(pipelineImageData *collector.GitlabPipelineImageData) *GitlabImageForbiddenTagsResult

Run executes the forbidden tag detection control

type GitlabImageForbiddenTagsMetrics ¶

type GitlabImageForbiddenTagsMetrics struct {
	Total              uint `json:"total"`
	UsingForbiddenTags uint `json:"usingForbiddenTags"`
	CiInvalid          uint `json:"ciInvalid"`
	CiMissing          uint `json:"ciMissing"`
}

GitlabImageForbiddenTagsMetrics holds metrics about forbidden image tags

type GitlabImageForbiddenTagsResult ¶

type GitlabImageForbiddenTagsResult struct {
	Issues     []GitlabPipelineImageIssueTag   `json:"issues"`
	Metrics    GitlabImageForbiddenTagsMetrics `json:"metrics"`
	Compliance float64                         `json:"compliance"`
	Version    string                          `json:"version"`
	CiValid    bool                            `json:"ciValid"`
	CiMissing  bool                            `json:"ciMissing"`
	Skipped    bool                            `json:"skipped"`         // True if control was disabled
	Error      string                          `json:"error,omitempty"` // Error message if data collection failed
}

GitlabImageForbiddenTagsResult holds the result of the forbidden tags control

type GitlabPipelineImageIssueTag ¶

type GitlabPipelineImageIssueTag struct {
	Link string `json:"link"`
	Tag  string `json:"tag"`
	Job  string `json:"job"`
}

GitlabPipelineImageIssueTag represents an issue with an image using a mutable tag

type GitlabPipelineImageIssueUnauthorized ¶

type GitlabPipelineImageIssueUnauthorized struct {
	Link   string `json:"link"`
	Status string `json:"status"`
	Job    string `json:"job"`
}

GitlabPipelineImageIssueUnauthorized represents an issue with an unauthorized image source

type PipelineImageMetricsSummary ¶

type PipelineImageMetricsSummary struct {
	Total uint `json:"total"`
}

PipelineImageMetricsSummary is a simplified version of image metrics for output

type PipelineOriginMetricsSummary ¶

type PipelineOriginMetricsSummary struct {
	JobTotal            uint `json:"jobTotal"`
	JobHardcoded        uint `json:"jobHardcoded"`
	OriginTotal         uint `json:"originTotal"`
	OriginComponent     uint `json:"originComponent"`
	OriginLocal         uint `json:"originLocal"`
	OriginProject       uint `json:"originProject"`
	OriginRemote        uint `json:"originRemote"`
	OriginTemplate      uint `json:"originTemplate"`
	OriginGitLabCatalog uint `json:"originGitLabCatalog"`
	OriginOutdated      uint `json:"originOutdated"`
}

PipelineOriginMetricsSummary is a simplified version of origin metrics for output

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL