Documentation
¶
Index ¶
- Constants
- func AllInfrastructureProvidersString() (providers []string)
- func AllPartitionsString() (partitions []string)
- func AllRegionsString() (regions []string)
- func AllResilienceZonesString() (rzs []string)
- func HasRegion(partition Partition, region Region) bool
- func IntPointer(i int) *int
- type Affects
- type Analysis
- type CVSS
- type CVSSDCDX
- type Component
- type Dependency
- type Exploits
- type InfrastructureProvider
- type InfrastructureProviders
- type License
- type Metadata
- type Partition
- type Partitions
- type PkgIdentifier
- type Problem
- type Property
- type Region
- type Regions
- type ResilienceZone
- type ResilienceZones
- type ResultDCDX
- type SBOMCDX
- type ScoreCDX
- type Tool
- type ToolsComponent
- type VEXCDX
- type VEXCDXFile
- type Vulnerability
- type VulnerabilityAnalyticEntry
- type VulnerabilityAnalytics
- type VulnerabilityCDX
- type VulnerabilityCDXFile
- type VulnerabilityDCDX
- type VulnerabilityVector
Constants ¶
View Source
const ( MediaTypeProblemJson = "application/problem+json" MediaTypeLDJson = "application/ld+json" )
Variables ¶
This section is empty.
Functions ¶
func AllInfrastructureProvidersString ¶
func AllInfrastructureProvidersString() (providers []string)
func AllPartitionsString ¶
func AllPartitionsString() (partitions []string)
func AllRegionsString ¶
func AllRegionsString() (regions []string)
func AllResilienceZonesString ¶
func AllResilienceZonesString() (rzs []string)
Types ¶
type Affects ¶ added in v0.18.2
type Affects struct {
Ref string `json:"ref"`
}
Affects represents the affected component in the referenced SBOM
type Analysis ¶ added in v0.18.2
type Analysis struct {
State string `json:"state"`
Justification string `json:"justification"`
Response []string `json:"response"`
Detail string `json:"detail"`
}
Analysis represents the analysis of a vulnerability in the VEX that can be provided to the reader of a VEX entry
type CVSSDCDX ¶ added in v0.18.2
type CVSSDCDX struct {
NVD ScoreCDX `json:"nvd,omitempty"`
REDHAT ScoreCDX `json:"redhat,omitempty"`
GHSA ScoreCDX `json:"ghsa,omitempty"`
}
CVSSDCDX represents the CVSS data in the CycloneDX Vulnerability 3 supported vector formats
type Component ¶ added in v0.18.2
type Component struct {
SBOMRef string `json:"bom-ref" yaml:"bom-ref"`
Type string `json:"type" yaml:"type"`
Name string `json:"name" yaml:"name"`
Purl string `json:"purl" yaml:"purl"`
Version string `json:"version" yaml:"version"`
Description string `json:"description" yaml:"description"`
Licenses []License `json:"licenses" yaml:"licenses"`
Properties []Property `json:"properties" yaml:"properties"`
}
Component represents a component information of the SBOM
type Dependency ¶ added in v0.18.2
type Dependency struct {
Ref string `json:"ref" yaml:"ref"`
DependsOn []string `json:"dependsOn" yaml:"dependsOn"`
}
Dependency represents a dependency in SBOM
type InfrastructureProvider ¶
type InfrastructureProvider string
const ( NeticInfrastructureProvider InfrastructureProvider = "netic" AzureInfrastructureProvider InfrastructureProvider = "azure" AWSInfrastructureProvider InfrastructureProvider = "aws" )
func ParseInfrastructureProvider ¶
func ParseInfrastructureProvider(name string) (InfrastructureProvider, bool)
func (InfrastructureProvider) String ¶
func (p InfrastructureProvider) String() string
type InfrastructureProviders ¶
type InfrastructureProviders []InfrastructureProvider
func AllInfrastructureProviders ¶
func AllInfrastructureProviders() InfrastructureProviders
type License ¶ added in v0.18.2
type License struct {
ID string `json:"id" yaml:"id"`
Name string `json:"name" yaml:"name"`
Text string `json:"text" yaml:"text"`
}
License representartion
type Metadata ¶ added in v0.18.2
type Metadata struct {
Timestamp string `json:"timestamp" yaml:"timestamp"`
Tools Tool `json:"tools" yaml:"tools"`
Component Component `json:"component" yaml:"component"`
}
Metadata represents the metadata of the SBOM
type PkgIdentifier ¶ added in v0.18.2
type PkgIdentifier struct {
PURL string `json:"PURL"`
UID string `json:"UID"`
BOMRef string `json:"BOMRef"`
}
PkgIdentifier represents the package identifier in the CycloneDX Vulnerability format
type Problem ¶
type Problem struct {
// Type identify problem type RFC-9457#3.1.1
//schema:format uri
Type string `json:"type,omitempty"`
// Status is the http status code and must be consistent with the server status code RFC-9457#3.1.2
Status *int `json:"status,omitempty"`
// Title is short humanreadable summary RFC-9457#3.1.3
Title string `json:"title,omitempty"`
// Detail is humanreadable explanation of the specific occurrence of the problem RFC-9457#3.1.4
Detail string `json:"detail,omitempty"`
// Instance identifies the specific instance of the problem RFC-9457#3.1.5
Instance string `json:"instance,omitempty"`
// Err is containing wrapped error and will not be serialized to JSON
Err error `json:"-"`
}
Problem is simple implementation of RFC9457
type Property ¶ added in v0.18.2
type Property struct {
Name string `json:"name" yaml:"name"`
Value string `json:"value" yaml:"value"`
}
Property represents a generic name value construct
type Region ¶
type Region string
const ( NeticRegionDKNorth Region = "dk-north" AzureRegionAustraliacentral Region = "australiacentral" AzureRegionAustraliaeast Region = "australiaeast" AzureRegionAustraliasoutheast Region = "australiasoutheast" AzureRegionAustriaeast Region = "austriaeast" AzureRegionBelgiumcentral Region = "belgiumcentral" AzureRegionBrazilsouth Region = "brazilsouth" AzureRegionCanadacentral Region = "canadacentral" AzureRegionCanadaeast Region = "canadaeast" AzureRegionCentralindia Region = "centralindia" AzureRegionCentralus Region = "centralus" AzureRegionChilecentral Region = "chilecentral" AzureRegionChinaeast Region = "chinaeast" AzureRegionChinaeast2 Region = "chinaeast2" AzureRegionChinanorth Region = "chinanorth" AzureRegionChinanorth2 Region = "chinanorth2" AzureRegionChinanorth3 Region = "chinanorth3" AzureRegionDenmarkeast Region = "denmarkeast" AzureRegionEastasia Region = "eastasia" AzureRegionEastus Region = "eastus" AzureRegionEastus2 Region = "eastus2" AzureRegionEastus3 Region = "eastus3" AzureRegionFinlandcentral Region = "finlandcentral" AzureRegionFrancecentral Region = "francecentral" AzureRegionGermanywestcentral Region = "germanywestcentral" AzureRegionGreececentral Region = "greececentral" AzureRegionIndiasouthcentral Region = "indiasouthcentral" AzureRegionIndonesiacentral Region = "indonesiacentral" AzureRegionIsraelcentral Region = "israelcentral" AzureRegionItalynorth Region = "italynorth" AzureRegionJapaneast Region = "japaneast" AzureRegionJapanwest Region = "japanwest" AzureRegionKoreacentral Region = "koreacentral" AzureRegionMalaysiawest Region = "malaysiawest" AzureRegionMexicocentral Region = "mexicocentral" AzureRegionNewzealandnorth Region = "newzealandnorth" AzureRegionNorthcentralus Region = "northcentralus" AzureRegionNortheurope Region = "northeurope" AzureRegionNorwayeast Region = "norwayeast" AzureRegionPolandcentral Region = "polandcentral" AzureRegionQatarcentral Region = "qatarcentral" AzureRegionSaudiarabiacentral Region = "saudiarabiacentral" AzureRegionSouthafricanorth Region = "southafricanorth" AzureRegionSouthcentralus Region = "southcentralus" AzureRegionSoutheastasia Region = "southeastasia" AzureRegionSouthindia Region = "southindia" AzureRegionSpaincentral Region = "spaincentral" AzureRegionSwedencentral Region = "swedencentral" AzureRegionSwitzerlandnorth Region = "switzerlandnorth" AzureRegionTaiwannorth Region = "taiwannorth" AzureRegionUaenorth Region = "uaenorth" AzureRegionUksouth Region = "uksouth" AzureRegionUkwest Region = "ukwest" AzureRegionUsdodcentral Region = "usdodcentral" AzureRegionUsdodeast Region = "usdodeast" AzureRegionUsgovarizona Region = "usgovarizona" AzureRegionUsgovtexas Region = "usgovtexas" AzureRegionUsgovvirginia Region = "usgovvirginia" AzureRegionUsseceast Region = "usseceast" AzureRegionUssecwest Region = "ussecwest" AzureRegionUssecwestcentral Region = "ussecwestcentral" AzureRegionWestcentralus Region = "westcentralus" AzureRegionWesteurope Region = "westeurope" AzureRegionWestus Region = "westus" AzureRegionWestus2 Region = "westus2" AzureRegionWestus3 Region = "westus3" AWSRegionAPEast1 Region = "ap-east-1" AWSRegionAPNortheast1 Region = "ap-northeast-1" AWSRegionAPNortheast3 Region = "ap-northeast-3" AWSRegionAPSouth1 Region = "ap-south-1" AWSRegionAPSouth2 Region = "ap-south-2" AWSRegionAPSoutheast1 Region = "ap-southeast-1" AWSRegionAPSoutheast2 Region = "ap-southeast-2" AWSRegionAPSoutheast3 Region = "ap-southeast-3" AWSRegionAPSoutheast4 Region = "ap-southeast-4" AWSRegionCACentral1 Region = "ca-central-1" AWSRegionEUCentral1 Region = "eu-central-1" AWSRegionEUCentral2 Region = "eu-central-2" AWSRegionEUNorth1 Region = "eu-north-1" AWSRegionEUSouth1 Region = "eu-south-1" AWSRegionEUSouth2 Region = "eu-south-2" AWSRegionEUWest1 Region = "eu-west-1" AWSRegionEUWest3 Region = "eu-west-3" AWSRegionMESouth1 Region = "me-south-1" AWSRegionSAEast1 Region = "sa-east-1" )
func ParseAWSRegion ¶
func ParseAzureRegion ¶
func ParseNeticRegion ¶
func ParseRegion ¶
type Regions ¶
type Regions []Region
func AllRegions ¶
func AllRegions() Regions
func PartitionRegions ¶
type ResilienceZone ¶
type ResilienceZone string
const ( PlatformResilienceZone ResilienceZone = "platform" Internal1ResilienceZone ResilienceZone = "internal-1" Innovators1ResilienceZone ResilienceZone = "innovators-1" EarlyAdopters1ResilienceZone ResilienceZone = "early-adopters-1" EarlyMajority1ResilienceZone ResilienceZone = "early-majority-1" EarlyMajority2ResilienceZone ResilienceZone = "early-majority-2" LateMajority1ResilienceZone ResilienceZone = "late-majority-1" LateMajority2ResilienceZone ResilienceZone = "late-majority-2" Laggards1ResilienceZone ResilienceZone = "laggards-1" )
func ParseResilienceZone ¶
func ParseResilienceZone(name string) (ResilienceZone, bool)
func (ResilienceZone) String ¶
func (r ResilienceZone) String() string
type ResilienceZones ¶
type ResilienceZones []ResilienceZone
func AllResilienceZones ¶
func AllResilienceZones() ResilienceZones
type ResultDCDX ¶ added in v0.18.2
type ResultDCDX struct {
Target string `json:"Target"`
Class string `json:"Class"`
Type string `json:"Type"`
CDXVulnerabilities []VulnerabilityDCDX `json:"Vulnerabilities,omitempty"`
}
ResultDCDX represents the result of a vulnerability scan
type SBOMCDX ¶ added in v0.18.2
type SBOMCDX struct {
BOMFormat string `json:"bomFormat" yaml:"bomFormat"`
SpecVersion string `json:"specVersion" yaml:"specVersion"`
SerialNumber string `json:"serialNumber" yaml:"serialNumber"`
Version int `json:"version" yaml:"version"`
Metadata Metadata `json:"metadata" yaml:"metadata"`
Components []Component `json:"components" yaml:"components"`
Dependencies []Dependency `json:"dependencies" yaml:"dependencies"`
}
The SBOMCDX struct represents the CycloneDX Software Bill of Materials (SBOM) format.
type ScoreCDX ¶ added in v0.18.2
type ScoreCDX struct {
V3Vector string `json:"V3Vector,omitempty"`
V3Score float64 `json:"V3Score,omitempty"`
V2Vector string `json:"V2Vector,omitempty"`
V2Score float64 `json:"V2Score,omitempty"`
}
ScoreCDX represents the score data in the CycloneDX Vulnerability 3 supported vector formats versions
type Tool ¶ added in v0.18.2
type Tool struct {
Vendor string `json:"vendor" yaml:"vendor"`
Name string `json:"name" yaml:"name"`
Version string `json:"version" yaml:"version"`
Components []ToolsComponent `json:"components" yaml:"components"`
}
Tool represents the tool information of the SBOM
type ToolsComponent ¶ added in v0.18.2
type ToolsComponent struct {
Type string `json:"type" yaml:"type"`
Group string `json:"group" yaml:"group"`
Name string `json:"name" yaml:"name"`
Version string `json:"version" yaml:"version"`
}
ToolsComponent represents a component part of the SBOM tool
type VEXCDX ¶ added in v0.18.2
type VEXCDX struct {
ID string `json:"id"`
Analysis Analysis `json:"analysis"`
Affects []Affects `json:"affects"`
}
Metadata represents the core data from the VEX file in CycloneDX format
type VEXCDXFile ¶ added in v0.18.2
type VEXCDXFile struct {
BOMFormat string `json:"bomFormat"`
SpecVersion string `json:"specVersion"`
Version int `json:"version"`
Metadata Metadata `json:"metadata"`
Vulnerabilities []VEXCDX `json:"vulnerabilities"`
}
Vulnerability Exploitation File format in CycloneDX format
type Vulnerability ¶ added in v0.2.0
type Vulnerability struct {
ID string
PackageName string
Description string
Severity string
FixState string
CVSS *CVSS
}
Vulnerability represents a vulnerability
type VulnerabilityAnalyticEntry ¶ added in v0.18.2
type VulnerabilityAnalyticEntry struct {
ReleaseName string `json:"release"`
ReleasedAt string `json:"releasedAt"`
ScannedAt string `json:"scannedAt"`
SBOMCreated string `json:"sbomCreatedAt"`
VEXCreated string `json:"vexCreatedAt"`
Vex []VEXCDX `json:"vex"`
Criticals []VulnerabilityVector `json:"criticals"`
Highs []VulnerabilityVector `json:"highs"`
Mediums []VulnerabilityVector `json:"mediums"`
Lows []VulnerabilityVector `json:"lows"`
}
VulnerabilityAnalyticEntry represents the analytics of a vulnerability set for a single release for the concrete
type VulnerabilityAnalytics ¶ added in v0.18.2
type VulnerabilityAnalytics struct {
Entries []VulnerabilityAnalyticEntry `json:"entries"`
Summary string `json:"summary"`
Verdict string `json:"verdict"`
}
VulnerabilityAnalytics represents the analytics of a set of vulnerabilities across releases of an upstream project. This represents the observed analytics data for a set of releases for a single upstream project.
type VulnerabilityCDX ¶ added in v0.18.2
type VulnerabilityCDX struct {
ID string `json:"cveID"`
Vexed string `json:"vexed"`
Exploited string `json:"exploited"`
Dependency string `json:"dependency"`
PackageName string `json:"packageName"`
Description string `json:"description"`
Severity string `json:"severity"`
FixState string `json:"fixState"`
Published string `json:"published"`
Modified string `json:"modified"`
CVSS CVSSDCDX `json:"cvss"`
CWEs []string `json:"cweIDs"`
References []string `json:"references"`
}
VulnerabilityCDX represents the vulnerability in an evaluation from the CycloneDX format
type VulnerabilityCDXFile ¶ added in v0.18.2
type VulnerabilityCDXFile struct {
CreatedAt string `json:"CreatedAt"`
CDXResult []ResultDCDX `json:"Results"`
}
VulnerabilityCDXFile represents the vulnerability file format
type VulnerabilityDCDX ¶ added in v0.18.2
type VulnerabilityDCDX struct {
ID string `json:"VulnerabilityID"`
PackageName string `json:"PkgName"`
PackageId PkgIdentifier `json:"PkgIdentifier"`
Description string `json:"Title"`
Severity string `json:"Severity"`
Status string `json:"Status,omitempty"`
PublishedDate string `json:"PublishedDate,omitempty"`
LastModifiedDate string `json:"LastModifiedDate,omitempty"`
CWEs []string `json:"CweIDs,omitempty"`
CVSS CVSSDCDX `json:"CVSS,omitempty"`
References []string `json:"References,omitempty"`
}
VulnerabilityDCDX represents a vulnerability in the CycloneDX Vulnerability format
type VulnerabilityVector ¶ added in v0.18.2
type VulnerabilityVector struct {
Severity string `json:"severity"`
FixState string `json:"fixState"`
FixTime string `json:"fixTime"`
Published string `json:"published"`
Modified string `json:"modified"`
CVEAge string `json:"age"`
CVE string `json:"cve"`
CWEs []string `json:"cWEs"`
SinceRelease []string `json:"since"`
CVSS CVSSDCDX `json:"cVSs"`
}
VulnerabilityVector represents the vector of a single set of vulnerability
Source Files
Click to show internal directories.
Click to hide internal directories.