The highest tagged major version is v5.

pkg

package

v4.13.1 Latest Latest Go to latest Published: Oct 20, 2023 License: Apache-2.0 Imports: 26 Imported by: 7

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/ossf/scorecard

Links

Open Source Insights

Documentation ¶

Overview ¶

Package pkg defines fns for running Scorecard checks on a Repo.

Index ¶

func DetailToString(d *checker.CheckDetail, logLevel log.Level) string
func FormatResults(opts *options.Options, results *ScorecardResult, doc checks.Doc, ...) error
type ChangeType
- func (ct ChangeType) IsValid() bool
type DependencyCheckResult
- func (dr *DependencyCheckResult) AsJSON(writer io.Writer) error
type JSONScorecardProbeResult
type JSONScorecardResultV2
type RepoInfo
type ScorecardInfo
type ScorecardResult
- func ExperimentalFromJSON2(r io.Reader) (result ScorecardResult, score float64, err error)
- func RunScorecard(ctx context.Context, repo clients.Repo, commitSHA string, commitDepth int, ...) (ScorecardResult, error)
type ScorecardResultWithError

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

func DetailToString ¶

func DetailToString(d *checker.CheckDetail, logLevel log.Level) string

DetailToString turns a detail information into a string.

func FormatResults ¶ added in v4.2.0

func FormatResults(
	opts *options.Options,
	results *ScorecardResult,
	doc checks.Doc,
	policy *spol.ScorecardPolicy,
) error

FormatResults formats scorecard results.

Types ¶

type ChangeType ¶ added in v4.5.0

type ChangeType string

ChangeType is the change type (added, updated, removed) of a dependency.

const (
	// Added suggests the dependency is a newly added one.
	Added ChangeType = "added"
	// Updated suggests the dependency is updated from an old version.
	Updated ChangeType = "updated"
	// Removed suggests the dependency is removed.
	Removed ChangeType = "removed"
)

func (ChangeType) IsValid ¶ added in v4.5.0

func (ct ChangeType) IsValid() bool

IsValid determines if a ChangeType is valid.

type DependencyCheckResult ¶ added in v4.5.0

type DependencyCheckResult struct {
	// ChangeType indicates whether the dependency is added, updated, or removed.
	ChangeType *ChangeType

	// Package URL is a short link for a package.
	PackageURL *string

	// SourceRepository is the source repository URL of the dependency.
	SourceRepository *string

	// ManifestPath is the path of the manifest file of the dependency, such as go.mod for Go.
	ManifestPath *string

	// Ecosystem is the name of the package management system, such as NPM, GO, PYPI.
	Ecosystem *string

	// Version is the package version of the dependency.
	Version *string

	// ScorecardResultWithError is the scorecard checking result of the dependency.
	ScorecardResultWithError ScorecardResultWithError

	// Name is the name of the dependency.
	Name string
}

DependencyCheckResult is the dependency structure used in the returned results.

func (*DependencyCheckResult) AsJSON ¶ added in v4.5.0

func (dr *DependencyCheckResult) AsJSON(writer io.Writer) error

AsJSON for DependencyCheckResult exports the DependencyCheckResult as a JSON object.

type JSONScorecardProbeResult ¶ added in v4.11.0

type JSONScorecardProbeResult struct {
	Date      string            `json:"date"`
	Repo      jsonRepoV2        `json:"repo"`
	Scorecard jsonScorecardV2   `json:"scorecard"`
	Findings  []finding.Finding `json:"findings"`
}

JSONScorecardProbeResult exports results as JSON for flat findings without checks.

type JSONScorecardResultV2 ¶ added in v4.2.0

type JSONScorecardResultV2 struct {
	Date           string              `json:"date"`
	Repo           jsonRepoV2          `json:"repo"`
	Scorecard      jsonScorecardV2     `json:"scorecard"`
	AggregateScore jsonFloatScore      `json:"score"`
	Checks         []jsonCheckResultV2 `json:"checks"`
	Metadata       []string            `json:"metadata"`
}

JSONScorecardResultV2 exports results as JSON for new detail format.

type RepoInfo ¶

type RepoInfo struct {
	Name      string
	CommitSHA string
}

RepoInfo contains information about the repo that was analyzed.

type ScorecardInfo ¶

type ScorecardInfo struct {
	Version   string
	CommitSHA string
}

ScorecardInfo contains information about the scorecard code that was run.

type ScorecardResult ¶

type ScorecardResult struct {
	Repo       RepoInfo
	Date       time.Time
	Scorecard  ScorecardInfo
	Checks     []checker.CheckResult
	RawResults checker.RawResults
	Findings   []finding.Finding
	Metadata   []string
}

ScorecardResult struct is returned on a successful Scorecard run. nolint

func ExperimentalFromJSON2 ¶ added in v4.13.0

func ExperimentalFromJSON2(r io.Reader) (result ScorecardResult, score float64, err error)

ExperimentalFromJSON2 is experimental. Do not depend on it, it may be removed at any point. Also returns the aggregate score, as the ScorecardResult field does not contain it.

func RunScorecard ¶ added in v4.9.0

func RunScorecard(ctx context.Context,
	repo clients.Repo,
	commitSHA string,
	commitDepth int,
	checksToRun checker.CheckNameToFnMap,
	repoClient clients.RepoClient,
	ossFuzzRepoClient clients.RepoClient,
	ciiClient clients.CIIBestPracticesClient,
	vulnsClient clients.VulnerabilitiesClient,
) (ScorecardResult, error)

RunScorecard runs enabled Scorecard checks on a Repo.

func (*ScorecardResult) AsFJSON ¶ added in v4.11.0

func (r *ScorecardResult) AsFJSON(showDetails bool,
	logLevel log.Level, checkDocs docs.Doc, writer io.Writer,
) error

func (*ScorecardResult) AsJSON ¶

func (r *ScorecardResult) AsJSON(showDetails bool, logLevel log.Level, writer io.Writer) error

AsJSON exports results as JSON for new detail format.

func (*ScorecardResult) AsJSON2 ¶

func (r *ScorecardResult) AsJSON2(showDetails bool,
	logLevel log.Level, checkDocs docs.Doc, writer io.Writer,
) error

AsJSON2 exports results as JSON for new detail format.

func (*ScorecardResult) AsPJSON ¶ added in v4.11.0

func (r *ScorecardResult) AsPJSON(writer io.Writer) error

func (*ScorecardResult) AsRawJSON ¶

func (r *ScorecardResult) AsRawJSON(writer io.Writer) error

AsRawJSON exports results as JSON for raw results.

func (*ScorecardResult) AsSARIF ¶

func (r *ScorecardResult) AsSARIF(showDetails bool, logLevel log.Level,
	writer io.Writer, checkDocs docs.Doc, policy *spol.ScorecardPolicy,
	opts *options.Options,
) error

AsSARIF outputs ScorecardResult in SARIF 2.1.0 format.

func (*ScorecardResult) AsString ¶

func (r *ScorecardResult) AsString(showDetails bool, logLevel log.Level,
	checkDocs checks.Doc, writer io.Writer,
) error

AsString returns ScorecardResult in string format.

func (*ScorecardResult) GetAggregateScore ¶

func (r *ScorecardResult) GetAggregateScore(checkDocs checks.Doc) (float64, error)

GetAggregateScore returns the aggregate score.

type ScorecardResultWithError ¶ added in v4.5.0

type ScorecardResultWithError struct {
	// ScorecardResult is the scorecard result for the dependency repo.
	ScorecardResult *ScorecardResult

	// Error is an error returned when running the scorecard checks. A nil Error indicates the run succeeded.
	Error error
}

ScorecardResultWithError is used for the dependency-diff module to record the scorecard result and a error field to record potential errors when the Scorecard run fails.

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL