Documentation
¶
Index ¶
- Constants
- type AnalysisResult
- type BranchProtectionCompliance
- type BranchProtectionData
- type BranchProtectionIssue
- type BranchProtectionMetrics
- type ComponentGroupStatus
- type GitlabBranchProtectionControl
- type GitlabBranchProtectionResult
- type GitlabImageAuthorizedSourcesConf
- type GitlabImageAuthorizedSourcesMetrics
- type GitlabImageAuthorizedSourcesResult
- type GitlabImageForbiddenTagsConf
- type GitlabImageForbiddenTagsMetrics
- type GitlabImageForbiddenTagsResult
- type GitlabImagePinnedByDigestConf
- type GitlabImagePinnedByDigestMetrics
- type GitlabImagePinnedByDigestResult
- type GitlabPipelineHardcodedJobIssue
- type GitlabPipelineHardcodedJobsConf
- type GitlabPipelineHardcodedJobsMetrics
- type GitlabPipelineHardcodedJobsResult
- type GitlabPipelineImageIssueNotPinnedByDigest
- type GitlabPipelineImageIssueTag
- type GitlabPipelineImageIssueUnauthorized
- type GitlabPipelineIncludesForbiddenVersionConf
- type GitlabPipelineIncludesForbiddenVersionIssue
- type GitlabPipelineIncludesForbiddenVersionMetrics
- type GitlabPipelineIncludesForbiddenVersionResult
- type GitlabPipelineIncludesOutdatedConf
- type GitlabPipelineIncludesOutdatedIssue
- type GitlabPipelineIncludesOutdatedMetrics
- type GitlabPipelineIncludesOutdatedResult
- type GitlabPipelineRequiredComponentsConf
- type GitlabPipelineRequiredComponentsMetrics
- type GitlabPipelineRequiredComponentsResult
- type GitlabPipelineRequiredTemplatesConf
- type GitlabPipelineRequiredTemplatesMetrics
- type GitlabPipelineRequiredTemplatesResult
- type PipelineImageMetricsSummary
- type PipelineOriginMetricsSummary
- type RequiredComponentIssue
- type RequiredTemplateIssue
- type TemplateGroupStatus
Constants ¶
View Source
const ControlTypeGitlabImageAuthorizedSourcesVersion = "0.1.0"
View Source
const ControlTypeGitlabImageForbiddenTagsVersion = "0.2.0"
View Source
const ControlTypeGitlabImagePinnedByDigestVersion = "0.1.0"
View Source
const ControlTypeGitlabPipelineOriginHardcodedJobsVersion = "0.1.0"
View Source
const ControlTypeGitlabPipelineOriginOutdatedVersion = "0.1.0"
View Source
const ControlTypeGitlabPipelineOriginRequiredComponentsVersion = "0.1.0"
View Source
const ControlTypeGitlabPipelineOriginRequiredTemplatesVersion = "0.1.0"
View Source
const ControlTypeGitlabPipelineOriginVersionVersion = "0.1.0"
View Source
const ControlTypeGitlabProtectionBranchProtectionNotCompliantVersion = "0.2.0"
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type AnalysisResult ¶
type AnalysisResult struct {
// Project information
ProjectPath string `json:"projectPath"`
ProjectID int `json:"projectId"`
// CI configuration status
CiValid bool `json:"ciValid"`
CiMissing bool `json:"ciMissing"`
// Pipeline origin data
PipelineOriginMetrics *PipelineOriginMetricsSummary `json:"pipelineOriginMetrics,omitempty"`
// Pipeline image data
PipelineImageMetrics *PipelineImageMetricsSummary `json:"pipelineImageMetrics,omitempty"`
// Control results
ImageForbiddenTagsResult *GitlabImageForbiddenTagsResult `json:"imageForbiddenTagsResult,omitempty"`
ImagePinnedByDigestResult *GitlabImagePinnedByDigestResult `json:"imagePinnedByDigestResult,omitempty"`
ImageAuthorizedSourcesResult *GitlabImageAuthorizedSourcesResult `json:"imageAuthorizedSourcesResult,omitempty"`
BranchProtectionResult *GitlabBranchProtectionResult `json:"branchProtectionResult,omitempty"`
HardcodedJobsResult *GitlabPipelineHardcodedJobsResult `json:"hardcodedJobsResult,omitempty"`
OutdatedIncludesResult *GitlabPipelineIncludesOutdatedResult `json:"outdatedIncludesResult,omitempty"`
ForbiddenVersionsIncludesResult *GitlabPipelineIncludesForbiddenVersionResult `json:"forbiddenVersionsIncludesResult,omitempty"`
RequiredComponentsResult *GitlabPipelineRequiredComponentsResult `json:"requiredComponentsResult,omitempty"`
RequiredTemplatesResult *GitlabPipelineRequiredTemplatesResult `json:"requiredTemplatesResult,omitempty"`
// Raw collected data (not included in JSON output, used for PBOM generation)
PipelineImageData *collector.GitlabPipelineImageData `json:"-"`
PipelineOriginData *collector.GitlabPipelineOriginData `json:"-"`
}
AnalysisResult holds the complete result of a pipeline analysis
func RunAnalysis ¶
func RunAnalysis(conf *configuration.Configuration) (*AnalysisResult, error)
RunAnalysis executes the complete pipeline analysis for a GitLab project
type BranchProtectionCompliance ¶
type BranchProtectionCompliance struct {
BranchName string
Default bool
Protected bool
AllowForcePush bool
CodeOwnerApprovalRequired bool
MinPushAccessLevel int
MinMergeAccessLevel int
ProtectionPattern string
PushAccessLevels []gitlab.BranchProtectionAccessLevel
MergeAccessLevels []gitlab.BranchProtectionAccessLevel
}
BranchProtectionCompliance holds information about a branch's protection compliance
type BranchProtectionData ¶
type BranchProtectionData struct {
BranchName string `json:"branchName"`
Default bool `json:"default"`
Protected bool `json:"protected"`
AllowForcePush bool `json:"allowForcePush,omitempty"`
CodeOwnerApprovalRequired bool `json:"codeOwnerApprovalRequired,omitempty"`
MinMergeAccessLevel int `json:"minMergeAccessLevel,omitempty"`
MinPushAccessLevel int `json:"minPushAccessLevel,omitempty"`
AuthorizedMinMergeAccessLevel int `json:"authorizedMinMergeAccessLevel,omitempty"`
AuthorizedMinPushAccessLevel int `json:"authorizedMinPushAccessLevel,omitempty"`
}
BranchProtectionData holds information about a branch's protection status
type BranchProtectionIssue ¶
type BranchProtectionIssue struct {
Type string `json:"type"` // "unprotected" or "non_compliant"
BranchName string `json:"branchName"`
AllowForcePush bool `json:"allowForcePush,omitempty"`
AllowForcePushDisplay bool `json:"allowForcePushDisplay,omitempty"`
CodeOwnerApprovalRequired bool `json:"codeOwnerApprovalRequired,omitempty"`
CodeOwnerApprovalRequiredDisplay bool `json:"codeOwnerApprovalRequiredDisplay,omitempty"`
MinMergeAccessLevel int `json:"minMergeAccessLevel,omitempty"`
MinMergeAccessLevelDisplay bool `json:"minMergeAccessLevelDisplay,omitempty"`
AuthorizedMinMergeAccessLevel int `json:"authorizedMinMergeAccessLevel,omitempty"`
MinPushAccessLevel int `json:"minPushAccessLevel,omitempty"`
MinPushAccessLevelDisplay bool `json:"minPushAccessLevelDisplay,omitempty"`
AuthorizedMinPushAccessLevel int `json:"authorizedMinPushAccessLevel,omitempty"`
}
BranchProtectionIssue represents an issue found by the branch protection control
type BranchProtectionMetrics ¶
type BranchProtectionMetrics struct {
Branches int `json:"branches"`
BranchesToProtect int `json:"branchesToProtect"`
UnprotectedBranches int `json:"unprotectedBranches"`
NonCompliantBranches int `json:"nonCompliantBranches"`
TotalProtectedBranches int `json:"totalProtectedBranches"`
ProjectsCorrectlyProtected int `json:"projectsCorrectlyProtected"`
}
BranchProtectionMetrics holds metrics for the branch protection control
type ComponentGroupStatus ¶ added in v0.1.31
type ComponentGroupStatus struct {
GroupIndex int `json:"groupIndex"` // Which requirement group (0-based)
RequiredOrigins []string `json:"requiredOrigins"` // Components required in this group
FoundOrigins []string `json:"foundOrigins"` // Components found
MissingOrigins []string `json:"missingOrigins"` // Components missing from this group
IsFullySatisfied bool `json:"isFullySatisfied"` // All components in group present
}
ComponentGroupStatus tracks the status of a single requirement group (AND clause)
type GitlabBranchProtectionControl ¶
type GitlabBranchProtectionControl struct {
// contains filtered or unexported fields
}
GitlabBranchProtectionControl handles branch protection compliance checking
func NewGitlabBranchProtectionControl ¶
func NewGitlabBranchProtectionControl(config *configuration.BranchProtectionControlConfig) *GitlabBranchProtectionControl
NewGitlabBranchProtectionControl creates a new branch protection control instance
func (*GitlabBranchProtectionControl) Run ¶
func (c *GitlabBranchProtectionControl) Run( protectionData *collector.GitlabProtectionAnalysisData, project *gitlab.ProjectInfo, ) *GitlabBranchProtectionResult
Run executes the branch protection compliance check
type GitlabBranchProtectionResult ¶
type GitlabBranchProtectionResult struct {
Enabled bool `json:"enabled"`
Skipped bool `json:"skipped,omitempty"`
Compliance float64 `json:"compliance"`
Version string `json:"version"`
Data []BranchProtectionData `json:"data,omitempty"`
Metrics *BranchProtectionMetrics `json:"metrics,omitempty"`
Issues []BranchProtectionIssue `json:"issues,omitempty"`
Error string `json:"error,omitempty"`
}
GitlabBranchProtectionResult holds the result of the branch protection control
type GitlabImageAuthorizedSourcesConf ¶
type GitlabImageAuthorizedSourcesConf struct {
// Enabled controls whether this check runs
Enabled bool `json:"enabled"`
// TrustedUrls is a list of authorized registry URLs/patterns
TrustedUrls []string `json:"trustedUrls"`
// TrustDockerHubOfficialImages trusts official Docker Hub images (e.g., nginx, alpine)
TrustDockerHubOfficialImages bool `json:"trustDockerHubOfficialImages"`
}
GitlabImageAuthorizedSourcesConf holds the configuration for image source authorization
func (*GitlabImageAuthorizedSourcesConf) GetConf ¶
func (p *GitlabImageAuthorizedSourcesConf) GetConf(plumberConfig *configuration.PlumberConfig) error
GetConf loads configuration from PlumberConfig Returns error if config is missing or incomplete
func (*GitlabImageAuthorizedSourcesConf) Run ¶
func (p *GitlabImageAuthorizedSourcesConf) Run(pipelineImageData *collector.GitlabPipelineImageData) *GitlabImageAuthorizedSourcesResult
Run executes the image authorized sources control
type GitlabImageAuthorizedSourcesMetrics ¶
type GitlabImageAuthorizedSourcesMetrics struct {
Total uint `json:"total"`
Authorized uint `json:"authorized"`
CiInvalid uint `json:"ciInvalid"`
CiMissing uint `json:"ciMissing"`
}
GitlabImageAuthorizedSourcesMetrics holds metrics about image source authorization
type GitlabImageAuthorizedSourcesResult ¶
type GitlabImageAuthorizedSourcesResult struct {
Issues []GitlabPipelineImageIssueUnauthorized `json:"issues"`
Metrics GitlabImageAuthorizedSourcesMetrics `json:"metrics"`
Compliance float64 `json:"compliance"`
Version string `json:"version"`
CiValid bool `json:"ciValid"`
CiMissing bool `json:"ciMissing"`
Skipped bool `json:"skipped"` // True if control was disabled
Error string `json:"error,omitempty"` // Error message if data collection failed
}
GitlabImageAuthorizedSourcesResult holds the result of the image authorized sources control
type GitlabImageForbiddenTagsConf ¶
type GitlabImageForbiddenTagsConf struct {
// Enabled controls whether this check runs
Enabled bool `json:"enabled"`
// ForbiddenTags is a list of tags considered forbidden (e.g., latest, dev)
ForbiddenTags []string `json:"forbiddenTags"`
}
GitlabImageForbiddenTagsConf holds the configuration for forbidden tag detection
func (*GitlabImageForbiddenTagsConf) GetConf ¶
func (p *GitlabImageForbiddenTagsConf) GetConf(plumberConfig *configuration.PlumberConfig) error
GetConf loads configuration from PlumberConfig Returns error if config is missing or incomplete
func (*GitlabImageForbiddenTagsConf) Run ¶
func (p *GitlabImageForbiddenTagsConf) Run(pipelineImageData *collector.GitlabPipelineImageData) *GitlabImageForbiddenTagsResult
Run executes the forbidden tag detection control
type GitlabImageForbiddenTagsMetrics ¶
type GitlabImageForbiddenTagsMetrics struct {
Total uint `json:"total"`
UsingForbiddenTags uint `json:"usingForbiddenTags"`
CiInvalid uint `json:"ciInvalid"`
CiMissing uint `json:"ciMissing"`
}
GitlabImageForbiddenTagsMetrics holds metrics about forbidden image tags
type GitlabImageForbiddenTagsResult ¶
type GitlabImageForbiddenTagsResult struct {
Issues []GitlabPipelineImageIssueTag `json:"issues"`
Metrics GitlabImageForbiddenTagsMetrics `json:"metrics"`
Compliance float64 `json:"compliance"`
Version string `json:"version"`
CiValid bool `json:"ciValid"`
CiMissing bool `json:"ciMissing"`
Skipped bool `json:"skipped"` // True if control was disabled
Error string `json:"error,omitempty"` // Error message if data collection failed
}
GitlabImageForbiddenTagsResult holds the result of the forbidden tags control
type GitlabImagePinnedByDigestConf ¶ added in v0.1.38
type GitlabImagePinnedByDigestConf struct {
// Enabled controls whether this check runs.
Enabled bool `json:"enabled"`
}
GitlabImagePinnedByDigestConf holds the configuration for digest pinning detection.
func (*GitlabImagePinnedByDigestConf) GetConf ¶ added in v0.1.38
func (p *GitlabImagePinnedByDigestConf) GetConf(plumberConfig *configuration.PlumberConfig) error
GetConf loads configuration from PlumberConfig. Returns error if config is missing or incomplete.
func (*GitlabImagePinnedByDigestConf) Run ¶ added in v0.1.38
func (p *GitlabImagePinnedByDigestConf) Run(pipelineImageData *collector.GitlabPipelineImageData) *GitlabImagePinnedByDigestResult
Run executes the digest pinning control.
type GitlabImagePinnedByDigestMetrics ¶ added in v0.1.38
type GitlabImagePinnedByDigestMetrics struct {
Total uint `json:"total"`
PinnedByDigest uint `json:"pinnedByDigest"`
NotPinnedByDigest uint `json:"notPinnedByDigest"`
CiInvalid uint `json:"ciInvalid"`
CiMissing uint `json:"ciMissing"`
}
GitlabImagePinnedByDigestMetrics holds metrics about digest pinning.
type GitlabImagePinnedByDigestResult ¶ added in v0.1.38
type GitlabImagePinnedByDigestResult struct {
Issues []GitlabPipelineImageIssueNotPinnedByDigest `json:"issues"`
Metrics GitlabImagePinnedByDigestMetrics `json:"metrics"`
Compliance float64 `json:"compliance"`
Version string `json:"version"`
CiValid bool `json:"ciValid"`
CiMissing bool `json:"ciMissing"`
Skipped bool `json:"skipped"` // True if control was disabled
Error string `json:"error,omitempty"` // Error message if data collection failed
}
GitlabImagePinnedByDigestResult holds the result of the digest pinning control.
type GitlabPipelineHardcodedJobIssue ¶ added in v0.1.31
type GitlabPipelineHardcodedJobIssue struct {
JobName string `json:"jobName"`
}
GitlabPipelineHardcodedJobIssue represents an issue with a hardcoded job
type GitlabPipelineHardcodedJobsConf ¶ added in v0.1.31
type GitlabPipelineHardcodedJobsConf struct {
// Enabled controls whether this check runs
Enabled bool `json:"enabled"`
}
GitlabPipelineHardcodedJobsConf holds the configuration for hardcoded job detection
func (*GitlabPipelineHardcodedJobsConf) GetConf ¶ added in v0.1.31
func (p *GitlabPipelineHardcodedJobsConf) GetConf(plumberConfig *configuration.PlumberConfig) error
GetConf loads configuration from PlumberConfig Returns error if config is nil (but control can still be disabled)
func (*GitlabPipelineHardcodedJobsConf) Run ¶ added in v0.1.31
func (p *GitlabPipelineHardcodedJobsConf) Run(pipelineOriginData *collector.GitlabPipelineOriginData) *GitlabPipelineHardcodedJobsResult
Run executes the hardcoded job detection control
type GitlabPipelineHardcodedJobsMetrics ¶ added in v0.1.31
type GitlabPipelineHardcodedJobsMetrics struct {
Total uint `json:"total"`
HardcodedJobs uint `json:"hardcodedJobs"`
CiInvalid uint `json:"ciInvalid"`
CiMissing uint `json:"ciMissing"`
}
GitlabPipelineHardcodedJobsMetrics holds metrics about hardcoded jobs
type GitlabPipelineHardcodedJobsResult ¶ added in v0.1.31
type GitlabPipelineHardcodedJobsResult struct {
Issues []GitlabPipelineHardcodedJobIssue `json:"issues"`
Metrics GitlabPipelineHardcodedJobsMetrics `json:"metrics"`
Compliance float64 `json:"compliance"`
Version string `json:"version"`
CiValid bool `json:"ciValid"`
CiMissing bool `json:"ciMissing"`
Skipped bool `json:"skipped"` // True if control was disabled
Error string `json:"error,omitempty"` // Error message if data collection failed
}
GitlabPipelineHardcodedJobsResult holds the result of the hardcoded jobs control
type GitlabPipelineImageIssueNotPinnedByDigest ¶ added in v0.1.38
type GitlabPipelineImageIssueNotPinnedByDigest struct {
Link string `json:"link"`
Job string `json:"job"`
}
GitlabPipelineImageIssueNotPinnedByDigest represents an image reference without an immutable digest.
type GitlabPipelineImageIssueTag ¶
type GitlabPipelineImageIssueTag struct {
Link string `json:"link"`
Tag string `json:"tag"`
Job string `json:"job"`
}
GitlabPipelineImageIssueTag represents an issue with an image using a mutable tag
type GitlabPipelineImageIssueUnauthorized ¶
type GitlabPipelineImageIssueUnauthorized struct {
}
GitlabPipelineImageIssueUnauthorized represents an issue with an unauthorized image source
type GitlabPipelineIncludesForbiddenVersionConf ¶ added in v0.1.31
type GitlabPipelineIncludesForbiddenVersionConf struct {
// Enabled controls whether this check runs
Enabled bool `json:"enabled"`
// ForbiddenVersions is a list of version patterns considered forbidden (e.g., latest, main, HEAD)
ForbiddenVersions []string `json:"forbiddenVersions"`
// DefaultBranchIsForbiddenVersion when true, adds the project's default branch to forbidden versions
DefaultBranchIsForbiddenVersion bool `json:"defaultBranchIsForbiddenVersion"`
}
GitlabPipelineIncludesForbiddenVersionConf holds the configuration for forbidden version detection
func (*GitlabPipelineIncludesForbiddenVersionConf) GetConf ¶ added in v0.1.31
func (p *GitlabPipelineIncludesForbiddenVersionConf) GetConf(plumberConfig *configuration.PlumberConfig) error
GetConf loads configuration from PlumberConfig
func (*GitlabPipelineIncludesForbiddenVersionConf) Run ¶ added in v0.1.31
func (p *GitlabPipelineIncludesForbiddenVersionConf) Run(pipelineOriginData *collector.GitlabPipelineOriginData, projectDefaultBranch string) *GitlabPipelineIncludesForbiddenVersionResult
Run executes the forbidden version detection control
type GitlabPipelineIncludesForbiddenVersionIssue ¶ added in v0.1.31
type GitlabPipelineIncludesForbiddenVersionIssue struct {
Version string `json:"version"`
LatestVersion string `json:"latestVersion,omitempty"`
PlumberOriginPath string `json:"plumberOriginPath,omitempty"`
GitlabIncludeLocation string `json:"gitlabIncludeLocation"`
GitlabIncludeType string `json:"gitlabIncludeType"`
GitlabIncludeProject string `json:"gitlabIncludeProject,omitempty"`
Nested bool `json:"nested"`
ComponentName string `json:"componentName,omitempty"`
PlumberTemplateName string `json:"plumberTemplateName,omitempty"`
OriginHash uint64 `json:"originHash"`
}
GitlabPipelineIncludesForbiddenVersionIssue represents an issue with a forbidden version Issue data for mutable version usage - PolicyIssueTypeId = [11]
type GitlabPipelineIncludesForbiddenVersionMetrics ¶ added in v0.1.31
type GitlabPipelineIncludesForbiddenVersionMetrics struct {
Total uint `json:"total"`
UsingForbiddenVersion uint `json:"usingForbiddenVersion"`
UsingAuthorizedVersion uint `json:"usingAuthorizedVersion"`
}
GitlabPipelineIncludesForbiddenVersionMetrics holds metrics about forbidden version usage
type GitlabPipelineIncludesForbiddenVersionResult ¶ added in v0.1.31
type GitlabPipelineIncludesForbiddenVersionResult struct {
Issues []GitlabPipelineIncludesForbiddenVersionIssue `json:"issues"`
Metrics GitlabPipelineIncludesForbiddenVersionMetrics `json:"metrics"`
Compliance float64 `json:"compliance"`
Version string `json:"version"`
CiValid bool `json:"ciValid"`
CiMissing bool `json:"ciMissing"`
Skipped bool `json:"skipped"`
Error string `json:"error,omitempty"`
}
GitlabPipelineIncludesForbiddenVersionResult holds the result of the forbidden version control
type GitlabPipelineIncludesOutdatedConf ¶ added in v0.1.31
type GitlabPipelineIncludesOutdatedConf struct {
// Enabled controls whether this check runs
Enabled bool `json:"enabled"`
}
GitlabPipelineIncludesOutdatedConf holds the configuration for outdated includes detection No specific configuration needed for outdated detection The logic uses the UpToDate field from the analysis data
func (*GitlabPipelineIncludesOutdatedConf) GetConf ¶ added in v0.1.31
func (p *GitlabPipelineIncludesOutdatedConf) GetConf(plumberConfig *configuration.PlumberConfig) error
GetConf loads configuration from PlumberConfig
func (*GitlabPipelineIncludesOutdatedConf) Run ¶ added in v0.1.31
func (p *GitlabPipelineIncludesOutdatedConf) Run(pipelineOriginData *collector.GitlabPipelineOriginData) *GitlabPipelineIncludesOutdatedResult
Run executes the outdated includes detection control
type GitlabPipelineIncludesOutdatedIssue ¶ added in v0.1.31
type GitlabPipelineIncludesOutdatedIssue struct {
Version string `json:"version"`
LatestVersion string `json:"latestVersion"`
PlumberOriginPath string `json:"plumberOriginPath,omitempty"`
GitlabIncludeLocation string `json:"gitlabIncludeLocation"`
GitlabIncludeType string `json:"gitlabIncludeType"`
GitlabIncludeProject string `json:"gitlabIncludeProject,omitempty"`
Nested bool `json:"nested"`
ComponentName string `json:"componentName,omitempty"`
PlumberTemplateName string `json:"plumberTemplateName,omitempty"`
OriginHash uint64 `json:"originHash"`
}
GitlabPipelineIncludesOutdatedIssue represents an issue with an outdated include Issue data for outdated origin - PolicyIssueTypeId = [10]
type GitlabPipelineIncludesOutdatedMetrics ¶ added in v0.1.31
type GitlabPipelineIncludesOutdatedMetrics struct {
Total uint `json:"total"`
OriginOutdated uint `json:"originOutdated"`
CiInvalid uint `json:"ciInvalid"`
CiMissing uint `json:"ciMissing"`
}
GitlabPipelineIncludesOutdatedMetrics holds metrics about outdated includes
type GitlabPipelineIncludesOutdatedResult ¶ added in v0.1.31
type GitlabPipelineIncludesOutdatedResult struct {
Issues []GitlabPipelineIncludesOutdatedIssue `json:"issues"`
Metrics GitlabPipelineIncludesOutdatedMetrics `json:"metrics"`
Compliance float64 `json:"compliance"`
Version string `json:"version"`
CiValid bool `json:"ciValid"`
CiMissing bool `json:"ciMissing"`
Skipped bool `json:"skipped"`
Error string `json:"error,omitempty"`
}
GitlabPipelineIncludesOutdatedResult holds the result of the outdated control
type GitlabPipelineRequiredComponentsConf ¶ added in v0.1.31
type GitlabPipelineRequiredComponentsConf struct {
// Enabled controls whether this check runs
Enabled bool `json:"enabled"`
// DNF (Disjunctive Normal Form) format:
// Outer array = OR (at least one group must be satisfied)
// Inner array = AND (all components in group must be present)
// Example: [["comp-a", "comp-b"], ["comp-c"]] means:
// "must have (comp-a AND comp-b) OR (comp-c)"
RequiredGroups [][]string `json:"requiredGroups"`
}
GitlabPipelineRequiredComponentsConf holds the configuration for required components check
func (*GitlabPipelineRequiredComponentsConf) GetConf ¶ added in v0.1.31
func (p *GitlabPipelineRequiredComponentsConf) GetConf(plumberConfig *configuration.PlumberConfig) error
GetConf loads configuration from PlumberConfig
func (*GitlabPipelineRequiredComponentsConf) Run ¶ added in v0.1.31
func (p *GitlabPipelineRequiredComponentsConf) Run(pipelineOriginData *collector.GitlabPipelineOriginData, gitlabURL string) *GitlabPipelineRequiredComponentsResult
Run executes the required components control
type GitlabPipelineRequiredComponentsMetrics ¶ added in v0.1.31
type GitlabPipelineRequiredComponentsMetrics struct {
TotalGroups uint `json:"totalGroups"` // Total number of requirement groups
SatisfiedGroups uint `json:"satisfiedGroups"` // Number of fully satisfied groups
AnySatisfiedGroup bool `json:"anySatisfiedGroup"` // True if at least one group satisfied
CiInvalid uint `json:"ciInvalid"`
CiMissing uint `json:"ciMissing"`
}
GitlabPipelineRequiredComponentsMetrics holds metrics about required components
type GitlabPipelineRequiredComponentsResult ¶ added in v0.1.31
type GitlabPipelineRequiredComponentsResult struct {
RequirementGroups []ComponentGroupStatus `json:"requirementGroups"`
Issues []RequiredComponentIssue `json:"issues"`
Metrics GitlabPipelineRequiredComponentsMetrics `json:"metrics"`
Compliance float64 `json:"compliance"`
Version string `json:"version"`
CiValid bool `json:"ciValid"`
CiMissing bool `json:"ciMissing"`
Skipped bool `json:"skipped"`
Error string `json:"error,omitempty"`
}
GitlabPipelineRequiredComponentsResult holds the result of the required components control
type GitlabPipelineRequiredTemplatesConf ¶ added in v0.1.31
type GitlabPipelineRequiredTemplatesConf struct {
// Enabled controls whether this check runs
Enabled bool `json:"enabled"`
// DNF (Disjunctive Normal Form) format:
// Outer array = OR (at least one group must be satisfied)
// Inner array = AND (all templates in group must be present)
// Example: [["go", "helm"], ["go_helm_unified"]] means:
// "must have (go AND helm) OR (go_helm_unified)"
RequiredGroups [][]string `json:"requiredGroups"`
}
GitlabPipelineRequiredTemplatesConf holds the configuration for required templates check
func (*GitlabPipelineRequiredTemplatesConf) GetConf ¶ added in v0.1.31
func (p *GitlabPipelineRequiredTemplatesConf) GetConf(plumberConfig *configuration.PlumberConfig) error
GetConf loads configuration from PlumberConfig
func (*GitlabPipelineRequiredTemplatesConf) Run ¶ added in v0.1.31
func (p *GitlabPipelineRequiredTemplatesConf) Run(pipelineOriginData *collector.GitlabPipelineOriginData) *GitlabPipelineRequiredTemplatesResult
Run executes the required templates control
type GitlabPipelineRequiredTemplatesMetrics ¶ added in v0.1.31
type GitlabPipelineRequiredTemplatesMetrics struct {
TotalGroups uint `json:"totalGroups"` // Total number of requirement groups
SatisfiedGroups uint `json:"satisfiedGroups"` // Number of fully satisfied groups
AnySatisfiedGroup bool `json:"anySatisfiedGroup"` // True if at least one group satisfied
CiInvalid uint `json:"ciInvalid"`
CiMissing uint `json:"ciMissing"`
}
GitlabPipelineRequiredTemplatesMetrics holds metrics about required templates
type GitlabPipelineRequiredTemplatesResult ¶ added in v0.1.31
type GitlabPipelineRequiredTemplatesResult struct {
RequirementGroups []TemplateGroupStatus `json:"requirementGroups"`
Issues []RequiredTemplateIssue `json:"issues"`
Metrics GitlabPipelineRequiredTemplatesMetrics `json:"metrics"`
Compliance float64 `json:"compliance"`
Version string `json:"version"`
CiValid bool `json:"ciValid"`
CiMissing bool `json:"ciMissing"`
Skipped bool `json:"skipped"`
Error string `json:"error,omitempty"`
}
GitlabPipelineRequiredTemplatesResult holds the result of the required templates control
type PipelineImageMetricsSummary ¶
type PipelineImageMetricsSummary struct {
Total uint `json:"total"`
}
PipelineImageMetricsSummary is a simplified version of image metrics for output
type PipelineOriginMetricsSummary ¶
type PipelineOriginMetricsSummary struct {
JobTotal uint `json:"jobTotal"`
JobHardcoded uint `json:"jobHardcoded"`
OriginTotal uint `json:"originTotal"`
OriginComponent uint `json:"originComponent"`
OriginLocal uint `json:"originLocal"`
OriginProject uint `json:"originProject"`
OriginRemote uint `json:"originRemote"`
OriginTemplate uint `json:"originTemplate"`
OriginGitLabCatalog uint `json:"originGitLabCatalog"`
OriginOutdated uint `json:"originOutdated"`
}
PipelineOriginMetricsSummary is a simplified version of origin metrics for output
type RequiredComponentIssue ¶ added in v0.1.31
type RequiredComponentIssue struct {
ComponentPath string `json:"componentPath"`
GroupIndex int `json:"groupIndex"`
}
RequiredComponentIssue represents an issue with a missing required component
type RequiredTemplateIssue ¶ added in v0.1.31
type RequiredTemplateIssue struct {
TemplatePath string `json:"templatePath"`
GroupIndex int `json:"groupIndex"`
}
RequiredTemplateIssue represents an issue with a missing required template
type TemplateGroupStatus ¶ added in v0.1.31
type TemplateGroupStatus struct {
GroupIndex int `json:"groupIndex"` // Which requirement group (0-based)
RequiredOrigins []string `json:"requiredOrigins"` // Templates required in this group
FoundOrigins []string `json:"foundOrigins"` // Templates found
MissingOrigins []string `json:"missingOrigins"` // Templates missing from this group
IsFullySatisfied bool `json:"isFullySatisfied"` // All templates in group present
}
TemplateGroupStatus tracks the status of a single requirement group (AND clause)
Source Files
¶
- controlGitlabImageMutable.go
- controlGitlabImagePinnedByDigest.go
- controlGitlabImageUntrusted.go
- controlGitlabPipelineOriginHardcodedJobs.go
- controlGitlabPipelineOriginOutdated.go
- controlGitlabPipelineOriginRequiredComponents.go
- controlGitlabPipelineOriginRequiredTemplates.go
- controlGitlabPipelineOriginVersion.go
- controlGitlabProtectionBranchProtectionNotCompliant.go
- task.go
- types.go
Click to show internal directories.
Click to hide internal directories.