scope

package
v0.1.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Feb 12, 2026 License: Apache-2.0 Imports: 9 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

View Source 
var (
	// Target errors
	ErrInvalidTenantID     = errors.New("invalid tenant ID")
	ErrInvalidTargetType   = errors.New("invalid target type")
	ErrTargetNotFound      = errors.New("scope target not found")
	ErrTargetAlreadyExists = errors.New("scope target already exists")

	// Exclusion errors
	ErrInvalidExclusionType   = errors.New("invalid exclusion type")
	ErrExclusionNotFound      = errors.New("scope exclusion not found")
	ErrExclusionAlreadyExists = errors.New("scope exclusion already exists")
	ErrReasonRequired         = errors.New("reason is required for exclusion")

	// Schedule errors
	ErrInvalidScanType       = errors.New("invalid scan type")
	ErrInvalidScheduleType   = errors.New("invalid schedule type")
	ErrScheduleNotFound      = errors.New("scan schedule not found")
	ErrScheduleAlreadyExists = errors.New("scan schedule already exists")
	ErrNameRequired          = errors.New("name is required")

	// Pattern errors
	ErrInvalidPattern = errors.New("invalid pattern")
	ErrPatternTooLong = errors.New("pattern too long")
)

Domain errors for scope operations.

Functions

func MatchesPattern 

func MatchesPattern(targetType TargetType, pattern, value string) bool

MatchesPattern checks if a value matches a pattern.

func ValidatePattern 

func ValidatePattern(targetType TargetType, pattern string) error

ValidatePattern validates a pattern for the given target type.

Types

type Coverage 

type Coverage struct {
	TotalAssets    int64                   `json:"total_assets"`
	InScopeAssets  int64                   `json:"in_scope_assets"`
	ExcludedAssets int64                   `json:"excluded_assets"`
	Percentage     float64                 `json:"percentage"`
	ByType         map[string]TypeCoverage `json:"by_type"`
}

Coverage represents scope coverage breakdown.

type Exclusion 

type Exclusion struct {
	// contains filtered or unexported fields
}

Exclusion represents an exclusion from scope for security scanning.

func NewExclusion 

func NewExclusion(
	tenantID shared.ID,
	exclusionType ExclusionType,
	pattern string,
	reason string,
	expiresAt *time.Time,
	createdBy string,
) (*Exclusion, error)

NewExclusion creates a new scope exclusion.

func ReconstituteExclusion 

func ReconstituteExclusion(
	id shared.ID,
	tenantID shared.ID,
	exclusionType ExclusionType,
	pattern string,
	reason string,
	status Status,
	expiresAt *time.Time,
	approvedBy string,
	approvedAt *time.Time,
	createdBy string,
	createdAt time.Time,
	updatedAt time.Time,
) *Exclusion

ReconstituteExclusion creates an Exclusion from persistence data.

func (*Exclusion) Activate 

func (e *Exclusion) Activate()

func (*Exclusion) Approve 

func (e *Exclusion) Approve(approvedBy string)

func (*Exclusion) ApprovedAt 

func (e *Exclusion) ApprovedAt() *time.Time

func (*Exclusion) ApprovedBy 

func (e *Exclusion) ApprovedBy() string

func (*Exclusion) CreatedAt 

func (e *Exclusion) CreatedAt() time.Time

func (*Exclusion) CreatedBy 

func (e *Exclusion) CreatedBy() string

func (*Exclusion) Deactivate 

func (e *Exclusion) Deactivate()

func (*Exclusion) ExclusionType 

func (e *Exclusion) ExclusionType() ExclusionType

func (*Exclusion) ExpiresAt 

func (e *Exclusion) ExpiresAt() *time.Time

func (*Exclusion) ID 

func (e *Exclusion) ID() shared.ID

Getters

func (*Exclusion) IsActive 

func (e *Exclusion) IsActive() bool

IsActive returns true if the exclusion is active and not expired.

func (*Exclusion) IsApproved 

func (e *Exclusion) IsApproved() bool

IsApproved returns true if the exclusion has been approved.

func (*Exclusion) MarkExpired 

func (e *Exclusion) MarkExpired()

func (*Exclusion) Matches 

func (e *Exclusion) Matches(value string) bool

Matches checks if a value matches this exclusion's pattern.

func (*Exclusion) Pattern 

func (e *Exclusion) Pattern() string

func (*Exclusion) Reason 

func (e *Exclusion) Reason() string

func (*Exclusion) Status 

func (e *Exclusion) Status() Status

func (*Exclusion) TenantID 

func (e *Exclusion) TenantID() shared.ID

func (*Exclusion) UpdateExpiresAt 

func (e *Exclusion) UpdateExpiresAt(expiresAt *time.Time)

func (*Exclusion) UpdateReason 

func (e *Exclusion) UpdateReason(reason string)

Update methods

func (*Exclusion) UpdatedAt 

func (e *Exclusion) UpdatedAt() time.Time

type ExclusionFilter 

type ExclusionFilter struct {
	TenantID       *string
	ExclusionTypes []ExclusionType
	Statuses       []Status
	IsApproved     *bool
	Search         *string
}

ExclusionFilter defines the filtering options for listing exclusions.

type ExclusionRepository 

type ExclusionRepository interface {
	// Create persists a new scope exclusion.
	Create(ctx context.Context, exclusion *Exclusion) error

	// GetByID retrieves a scope exclusion by its ID.
	GetByID(ctx context.Context, id shared.ID) (*Exclusion, error)

	// Update updates an existing scope exclusion.
	Update(ctx context.Context, exclusion *Exclusion) error

	// Delete removes a scope exclusion by its ID.
	Delete(ctx context.Context, id shared.ID) error

	// List retrieves scope exclusions with filtering and pagination.
	List(ctx context.Context, filter ExclusionFilter, page pagination.Pagination) (pagination.Result[*Exclusion], error)

	// ListActive retrieves all active scope exclusions for a tenant.
	ListActive(ctx context.Context, tenantID shared.ID) ([]*Exclusion, error)

	// Count returns the total number of scope exclusions matching the filter.
	Count(ctx context.Context, filter ExclusionFilter) (int64, error)

	// ExpireOld marks expired exclusions as expired.
	ExpireOld(ctx context.Context) error
}

ExclusionRepository defines the interface for scope exclusion persistence.

type ExclusionType 

type ExclusionType string

ExclusionType represents the type of scope exclusion. 

const (
	ExclusionTypeDomain      ExclusionType = "domain"
	ExclusionTypeSubdomain   ExclusionType = "subdomain"
	ExclusionTypeIPAddress   ExclusionType = "ip_address"
	ExclusionTypeIPRange     ExclusionType = "ip_range"
	ExclusionTypeCIDR        ExclusionType = "cidr"
	ExclusionTypeURL         ExclusionType = "url"
	ExclusionTypePath        ExclusionType = "path"
	ExclusionTypeRepository  ExclusionType = "repository"
	ExclusionTypeFindingType ExclusionType = "finding_type"
	ExclusionTypeScanner     ExclusionType = "scanner"
)

func ParseExclusionType 

func ParseExclusionType(s string) (ExclusionType, error)

ParseExclusionType parses a string into an ExclusionType.

func (ExclusionType) IsValid 

func (t ExclusionType) IsValid() bool

IsValid returns true if the exclusion type is valid.

func (ExclusionType) String 

func (t ExclusionType) String() string

String returns the string representation of the exclusion type.

type ListOptions 

type ListOptions struct {
	Sort *pagination.SortOption
}

ListOptions contains common options for listing (sorting).

func NewListOptions 

func NewListOptions() ListOptions

NewListOptions creates empty list options.

func (ListOptions) WithSort 

func (o ListOptions) WithSort(sort *pagination.SortOption) ListOptions

WithSort adds sorting options.

type MatchResult 

type MatchResult struct {
	InScope             bool        `json:"in_scope"`
	Excluded            bool        `json:"excluded"`
	MatchedTargetIDs    []shared.ID `json:"matched_target_ids,omitempty"`
	MatchedExclusionIDs []shared.ID `json:"matched_exclusion_ids,omitempty"`
}

MatchResult represents the result of matching an asset against scope.

type ScanType 

type ScanType string

ScanType represents the type of scan. 

const (
	ScanTypeFull          ScanType = "full"
	ScanTypeIncremental   ScanType = "incremental"
	ScanTypeTargeted      ScanType = "targeted"
	ScanTypeVulnerability ScanType = "vulnerability"
	ScanTypeCompliance    ScanType = "compliance"
	ScanTypeSecret        ScanType = "secret"
	ScanTypeSAST          ScanType = "sast"
	ScanTypeDAST          ScanType = "dast"
	ScanTypeSCA           ScanType = "sca"
)

func ParseScanType 

func ParseScanType(s string) (ScanType, error)

ParseScanType parses a string into a ScanType.

func (ScanType) IsValid 

func (t ScanType) IsValid() bool

IsValid returns true if the scan type is valid.

func (ScanType) String 

func (t ScanType) String() string

String returns the string representation of the scan type.

type Schedule 

type Schedule struct {
	// contains filtered or unexported fields
}

Schedule represents an automated scan schedule.

func NewSchedule 

func NewSchedule(
	tenantID shared.ID,
	name string,
	scanType ScanType,
	scheduleType ScheduleType,
	createdBy string,
) (*Schedule, error)

NewSchedule creates a new scan schedule.

func ReconstituteSchedule 

func ReconstituteSchedule(
	id shared.ID,
	tenantID shared.ID,
	name string,
	description string,
	scanType ScanType,
	targetScope TargetScope,
	targetIDs []shared.ID,
	targetTags []string,
	scannerConfigs map[string]interface{},
	scheduleType ScheduleType,
	cronExpression string,
	intervalHours int,
	enabled bool,
	lastRunAt *time.Time,
	lastRunStatus string,
	nextRunAt *time.Time,
	notifyOnCompletion bool,
	notifyOnFindings bool,
	notificationChannels []string,
	createdBy string,
	createdAt time.Time,
	updatedAt time.Time,
) *Schedule

ReconstituteSchedule creates a Schedule from persistence data.

func (*Schedule) CreatedAt 

func (s *Schedule) CreatedAt() time.Time

func (*Schedule) CreatedBy 

func (s *Schedule) CreatedBy() string

func (*Schedule) CronExpression 

func (s *Schedule) CronExpression() string

func (*Schedule) Description 

func (s *Schedule) Description() string

func (*Schedule) Disable 

func (s *Schedule) Disable()

func (*Schedule) Enable 

func (s *Schedule) Enable()

func (*Schedule) Enabled 

func (s *Schedule) Enabled() bool

func (*Schedule) ID 

func (s *Schedule) ID() shared.ID

Getters

func (*Schedule) IntervalHours 

func (s *Schedule) IntervalHours() int

func (*Schedule) LastRunAt 

func (s *Schedule) LastRunAt() *time.Time

func (*Schedule) LastRunStatus 

func (s *Schedule) LastRunStatus() string

func (*Schedule) Name 

func (s *Schedule) Name() string

func (*Schedule) NextRunAt 

func (s *Schedule) NextRunAt() *time.Time

func (*Schedule) NotificationChannels 

func (s *Schedule) NotificationChannels() []string

func (*Schedule) NotifyOnCompletion 

func (s *Schedule) NotifyOnCompletion() bool

func (*Schedule) NotifyOnFindings 

func (s *Schedule) NotifyOnFindings() bool

func (*Schedule) RecordRun 

func (s *Schedule) RecordRun(status string, nextRunAt *time.Time)

func (*Schedule) ScanType 

func (s *Schedule) ScanType() ScanType

func (*Schedule) ScannerConfigs 

func (s *Schedule) ScannerConfigs() map[string]interface{}

func (*Schedule) ScheduleType 

func (s *Schedule) ScheduleType() ScheduleType

func (*Schedule) SetCronSchedule 

func (s *Schedule) SetCronSchedule(cronExpression string)

func (*Schedule) SetIntervalSchedule 

func (s *Schedule) SetIntervalSchedule(hours int)

func (*Schedule) SetTargetScope 

func (s *Schedule) SetTargetScope(scope TargetScope, ids []shared.ID, tags []string)

func (*Schedule) TargetIDs 

func (s *Schedule) TargetIDs() []shared.ID

func (*Schedule) TargetScope 

func (s *Schedule) TargetScope() TargetScope

func (*Schedule) TargetTags 

func (s *Schedule) TargetTags() []string

func (*Schedule) TenantID 

func (s *Schedule) TenantID() shared.ID

func (*Schedule) UpdateDescription 

func (s *Schedule) UpdateDescription(description string)

func (*Schedule) UpdateName 

func (s *Schedule) UpdateName(name string)

Update methods

func (*Schedule) UpdateNotifications 

func (s *Schedule) UpdateNotifications(onCompletion, onFindings bool, channels []string)

func (*Schedule) UpdateScannerConfigs 

func (s *Schedule) UpdateScannerConfigs(configs map[string]interface{})

func (*Schedule) UpdatedAt 

func (s *Schedule) UpdatedAt() time.Time

type ScheduleFilter 

type ScheduleFilter struct {
	TenantID      *string
	ScanTypes     []ScanType
	ScheduleTypes []ScheduleType
	Enabled       *bool
	Search        *string
}

ScheduleFilter defines the filtering options for listing schedules.

type ScheduleRepository 

type ScheduleRepository interface {
	// Create persists a new scan schedule.
	Create(ctx context.Context, schedule *Schedule) error

	// GetByID retrieves a scan schedule by its ID.
	GetByID(ctx context.Context, id shared.ID) (*Schedule, error)

	// Update updates an existing scan schedule.
	Update(ctx context.Context, schedule *Schedule) error

	// Delete removes a scan schedule by its ID.
	Delete(ctx context.Context, id shared.ID) error

	// List retrieves scan schedules with filtering and pagination.
	List(ctx context.Context, filter ScheduleFilter, page pagination.Pagination) (pagination.Result[*Schedule], error)

	// ListDue retrieves all enabled schedules that are due to run.
	ListDue(ctx context.Context) ([]*Schedule, error)

	// Count returns the total number of scan schedules matching the filter.
	Count(ctx context.Context, filter ScheduleFilter) (int64, error)
}

ScheduleRepository defines the interface for scan schedule persistence.

type ScheduleType 

type ScheduleType string

ScheduleType represents how a scan is scheduled. 

const (
	ScheduleTypeCron     ScheduleType = "cron"
	ScheduleTypeInterval ScheduleType = "interval"
	ScheduleTypeManual   ScheduleType = "manual"
)

func (ScheduleType) IsValid 

func (t ScheduleType) IsValid() bool

IsValid returns true if the schedule type is valid.

func (ScheduleType) String 

func (t ScheduleType) String() string

String returns the string representation of the schedule type.

type Stats 

type Stats struct {
	TotalTargets     int64   `json:"total_targets"`
	ActiveTargets    int64   `json:"active_targets"`
	TotalExclusions  int64   `json:"total_exclusions"`
	ActiveExclusions int64   `json:"active_exclusions"`
	TotalSchedules   int64   `json:"total_schedules"`
	EnabledSchedules int64   `json:"enabled_schedules"`
	Coverage         float64 `json:"coverage"`
}

Stats represents scope configuration statistics.

type Status 

type Status string

Status represents the status of a scope target or exclusion. 

const (
	StatusActive   Status = "active"
	StatusInactive Status = "inactive"
	StatusExpired  Status = "expired" // Only for exclusions
)

func (Status) IsValid 

func (s Status) IsValid() bool

IsValid returns true if the status is valid.

func (Status) String 

func (s Status) String() string

String returns the string representation of the status.

type Target 

type Target struct {
	// contains filtered or unexported fields
}

Target represents an in-scope target for security scanning.

func NewTarget 

func NewTarget(
	tenantID shared.ID,
	targetType TargetType,
	pattern string,
	description string,
	createdBy string,
) (*Target, error)

NewTarget creates a new scope target.

func ReconstituteTarget 

func ReconstituteTarget(
	id shared.ID,
	tenantID shared.ID,
	targetType TargetType,
	pattern string,
	description string,
	priority int,
	status Status,
	tags []string,
	createdBy string,
	createdAt time.Time,
	updatedAt time.Time,
) *Target

ReconstituteTarget creates a Target from persistence data.

func (*Target) Activate 

func (t *Target) Activate()

func (*Target) CreatedAt 

func (t *Target) CreatedAt() time.Time

func (*Target) CreatedBy 

func (t *Target) CreatedBy() string

func (*Target) Deactivate 

func (t *Target) Deactivate()

func (*Target) Description 

func (t *Target) Description() string

func (*Target) ID 

func (t *Target) ID() shared.ID

Getters

func (*Target) IsActive 

func (t *Target) IsActive() bool

IsActive returns true if the target is active.

func (*Target) Matches 

func (t *Target) Matches(value string) bool

Matches checks if a value matches this target's pattern.

func (*Target) Pattern 

func (t *Target) Pattern() string

func (*Target) Priority 

func (t *Target) Priority() int

func (*Target) Status 

func (t *Target) Status() Status

func (*Target) Tags 

func (t *Target) Tags() []string

func (*Target) TargetType 

func (t *Target) TargetType() TargetType

func (*Target) TenantID 

func (t *Target) TenantID() shared.ID

func (*Target) UpdateDescription 

func (t *Target) UpdateDescription(description string)

Update methods

func (*Target) UpdatePriority 

func (t *Target) UpdatePriority(priority int)

func (*Target) UpdateTags 

func (t *Target) UpdateTags(tags []string)

func (*Target) UpdatedAt 

func (t *Target) UpdatedAt() time.Time

type TargetFilter 

type TargetFilter struct {
	TenantID    *string
	TargetTypes []TargetType
	Statuses    []Status
	Tags        []string
	Search      *string
}

TargetFilter defines the filtering options for listing targets.

type TargetRepository 

type TargetRepository interface {
	// Create persists a new scope target.
	Create(ctx context.Context, target *Target) error

	// GetByID retrieves a scope target by its ID.
	GetByID(ctx context.Context, id shared.ID) (*Target, error)

	// Update updates an existing scope target.
	Update(ctx context.Context, target *Target) error

	// Delete removes a scope target by its ID.
	Delete(ctx context.Context, id shared.ID) error

	// List retrieves scope targets with filtering and pagination.
	List(ctx context.Context, filter TargetFilter, page pagination.Pagination) (pagination.Result[*Target], error)

	// ListActive retrieves all active scope targets for a tenant.
	ListActive(ctx context.Context, tenantID shared.ID) ([]*Target, error)

	// Count returns the total number of scope targets matching the filter.
	Count(ctx context.Context, filter TargetFilter) (int64, error)

	// ExistsByPattern checks if a target with the given pattern exists.
	ExistsByPattern(ctx context.Context, tenantID shared.ID, targetType TargetType, pattern string) (bool, error)
}

TargetRepository defines the interface for scope target persistence.

type TargetScope 

type TargetScope string

TargetScope defines what targets to include in a scan. 

const (
	TargetScopeAll      TargetScope = "all"
	TargetScopeSelected TargetScope = "selected"
	TargetScopeTag      TargetScope = "tag"
)

func (TargetScope) String 

func (t TargetScope) String() string

String returns the string representation of the target scope.

type TargetType 

type TargetType string

TargetType represents the type of scope target. 

const (
	TargetTypeDomain        TargetType = "domain"
	TargetTypeSubdomain     TargetType = "subdomain"
	TargetTypeIPAddress     TargetType = "ip_address"
	TargetTypeIPRange       TargetType = "ip_range"
	TargetTypeCIDR          TargetType = "cidr"
	TargetTypeURL           TargetType = "url"
	TargetTypeAPI           TargetType = "api"
	TargetTypeWebsite       TargetType = "website"
	TargetTypeRepository    TargetType = "repository"
	TargetTypeProject       TargetType = "project"
	TargetTypeCloudAccount  TargetType = "cloud_account"
	TargetTypeCloudResource TargetType = "cloud_resource"
	TargetTypeContainer     TargetType = "container"
	TargetTypeHost          TargetType = "host"
	TargetTypeDatabase      TargetType = "database"
	TargetTypeNetwork       TargetType = "network"
	TargetTypeCertificate   TargetType = "certificate"
	TargetTypeMobileApp     TargetType = "mobile_app"
	TargetTypeEmailDomain   TargetType = "email_domain"
)

func AllTargetTypes 

func AllTargetTypes() []TargetType

AllTargetTypes returns all valid target types.

func ParseTargetType 

func ParseTargetType(s string) (TargetType, error)

ParseTargetType parses a string into a TargetType.

func (TargetType) IsValid 

func (t TargetType) IsValid() bool

IsValid returns true if the target type is valid.

func (TargetType) String 

func (t TargetType) String() string

String returns the string representation of the target type.

type TypeCoverage 

type TypeCoverage struct {
	Total    int64   `json:"total"`
	InScope  int64   `json:"in_scope"`
	Excluded int64   `json:"excluded"`
	Percent  float64 `json:"percent"`
}

TypeCoverage represents coverage for a specific asset type.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.