scan

package
v1.13.4 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Mar 24, 2026 License: AGPL-3.0 Imports: 13 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

View Source 
var ManifestFiles = map[string]ManifestInfo{

	"package-lock.json": {Type: "package-lock.json", Ecosystem: "npm", Language: "javascript", IsLock: true},
	"package.json":      {Type: "package.json", Ecosystem: "npm", Language: "javascript", IsLock: false},
	"yarn.lock":         {Type: "yarn.lock", Ecosystem: "npm", Language: "javascript", IsLock: true},
	"pnpm-lock.yaml":    {Type: "pnpm-lock.yaml", Ecosystem: "npm", Language: "javascript", IsLock: true},

	"requirements.txt": {Type: "requirements.txt", Ecosystem: "pypi", Language: "python", IsLock: false},
	"Pipfile.lock":     {Type: "Pipfile.lock", Ecosystem: "pypi", Language: "python", IsLock: true},
	"poetry.lock":      {Type: "poetry.lock", Ecosystem: "pypi", Language: "python", IsLock: true},
	"uv.lock":          {Type: "uv.lock", Ecosystem: "pypi", Language: "python", IsLock: true},

	"go.sum": {Type: "go.sum", Ecosystem: "golang", Language: "go", IsLock: true},
	"go.mod": {Type: "go.mod", Ecosystem: "golang", Language: "go", IsLock: false},

	"Gemfile.lock": {Type: "Gemfile.lock", Ecosystem: "rubygems", Language: "ruby", IsLock: true},

	"Cargo.lock": {Type: "Cargo.lock", Ecosystem: "cargo", Language: "rust", IsLock: true},

	"pom.xml":         {Type: "pom.xml", Ecosystem: "maven", Language: "java", IsLock: false},
	"gradle.lockfile": {Type: "gradle.lockfile", Ecosystem: "maven", Language: "java", IsLock: true},

	"composer.lock": {Type: "composer.lock", Ecosystem: "composer", Language: "php", IsLock: true},

	"packages.lock.json": {Type: "packages.lock.json", Ecosystem: "nuget", Language: "c#", IsLock: true},

	"Package.resolved": {Type: "Package.resolved", Ecosystem: "swift", Language: "swift", IsLock: true},

	"pubspec.lock": {Type: "pubspec.lock", Ecosystem: "pub", Language: "dart", IsLock: true},

	"mix.lock": {Type: "mix.lock", Ecosystem: "hex", Language: "elixir", IsLock: true},

	"build.lock": {Type: "build.lock", Ecosystem: "maven", Language: "scala", IsLock: true},

	"build.gradle.kts": {Type: "build.gradle.kts", Ecosystem: "maven", Language: "kotlin", IsLock: false},
}

ManifestFiles maps known manifest filenames to their metadata.

View Source 
var SupportedManifestTypes = map[string]bool{
	"package.json":      true,
	"package-lock.json": true,
	"requirements.txt":  true,
	"Pipfile.lock":      true,
	"go.sum":            true,
	"go.mod":            true,
	"Cargo.lock":        true,
	"Gemfile.lock":      true,
	"pom.xml":           true,
	"composer.lock":     true,
	"yarn.lock":         true,
	"pnpm-lock.yaml":    true,
}

SupportedManifestTypes lists manifest types accepted by the V2 scan endpoint.

Functions

func BuildPayload added in v1.13.2 

func BuildPayload(file DetectedFile, gitCtx *gitctx.GitContext, repoRoot string) ([]byte, error)

BuildPayload constructs a ScanPayload for a manifest file and marshals it to JSON. gitCtx may be nil (non-git directory). repoRoot may be empty.

func SeverityRank added in v1.13.0 

func SeverityRank(severity string) int

SeverityRank returns a numeric rank for severity (lower = more severe).

Types

type CLIInfo added in v1.13.2 

type CLIInfo struct {
	Version  string `json:"version"`
	Platform string `json:"platform"`
}

CLIInfo identifies the CLI version and platform.

type DetectedFile 

type DetectedFile struct {
	Path         string
	RelPath      string // relative to scan root
	FileType     FileType
	ManifestInfo *ManifestInfo // non-nil for manifest files
	SBOMVersion  string        // e.g. "SPDX-2.3", "1.5" for CycloneDX
	Supported    bool          // whether the backend accepts this file type
}

DetectedFile represents a detected scannable file

func WalkForScanFiles 

func WalkForScanFiles(opts WalkOptions) ([]DetectedFile, error)

WalkForScanFiles walks the filesystem from root, up to maxDepth, looking for manifest files and potential SBOM documents.

type FileType 

type FileType string

FileType represents the detected type of a file 

const (
	FileTypeManifest  FileType = "manifest"
	FileTypeSPDX      FileType = "spdx"
	FileTypeCycloneDX FileType = "cyclonedx"
	FileTypeUnknown   FileType = "unknown"
)

func DetectSBOM 

func DetectSBOM(filePath string) (FileType, string, bool)

DetectSBOM reads the first bytes of a JSON file and determines if it's an SPDX or CycloneDX document. Returns the file type, version string, and whether it's valid/supported.

type FixesMerged added in v1.13.0 

type FixesMerged struct {
	Registry      map[string]interface{}
	Distributions map[string]interface{}
	Source        map[string]interface{}
}

FixesMerged holds merged fix data from three V2 endpoints.

type ManifestInfo 

type ManifestInfo struct {
	Type      string // canonical filename used as the manifest "type" parameter
	Ecosystem string
	Language  string
	IsLock    bool
}

ManifestInfo describes a known manifest file

func DetectManifest 

func DetectManifest(filename string) (*ManifestInfo, bool)

DetectManifest checks if a filename is a known manifest file.

type PollEngine added in v1.13.0 

type PollEngine struct {
	Client     *vdb.Client
	Interval   time.Duration   // polling interval (default 5s)
	OnProgress func(*ScanTask) // callback for UI updates (called from goroutines)
}

PollEngine handles concurrent polling for scan results.

func (*PollEngine) PollAll added in v1.13.0 

func (p *PollEngine) PollAll(ctx context.Context, tasks []*ScanTask)

PollAll polls all tasks with a scan ID until they are complete or errored. Tasks without a scan ID are skipped.

type ScanError added in v1.13.0 

type ScanError struct {
	Message string
}

ScanError represents a scan-side error returned by the API.

func (*ScanError) Error added in v1.13.0 

func (e *ScanError) Error() string

type ScanPayload added in v1.13.2 

type ScanPayload struct {
	Version      string                    `json:"version"`
	CLI          CLIInfo                   `json:"cli"`
	Git          *gitctx.GitContext        `json:"git,omitempty"`
	FileTree     *filetree.FileTreeContext `json:"fileTree,omitempty"`
	ManifestType string                    `json:"manifestType"`
	Ecosystem    string                    `json:"ecosystem"`
	Timestamp    int64                     `json:"timestamp"`
}

ScanPayload is the JSON metadata sent alongside manifest files.

type ScanSummary added in v1.13.0 

type ScanSummary struct {
	TotalFiles    int
	TotalVulns    int
	MalwareCount  int
	CriticalCount int
	HighCount     int
	MediumCount   int
	LowCount      int
	ErrorCount    int
}

ScanSummary aggregates results across all tasks.

func Summarize added in v1.13.0 

func Summarize(tasks []*ScanTask) ScanSummary

Summarize computes a summary from completed scan tasks.

func (ScanSummary) FormatSummary added in v1.13.0 

func (s ScanSummary) FormatSummary() string

FormatSummary returns a human-readable summary string.

type ScanTask added in v1.13.0 

type ScanTask struct {
	File        DetectedFile
	ScanID      string
	Status      string // "queued","uploading","uploaded","polling","complete","error"
	UploadStart time.Time
	UploadEnd   time.Time
	PollStart   time.Time
	PollEnd     time.Time
	Error       error
	RawResult   map[string]interface{}
	Vulns       []VulnSummary
}

ScanTask tracks one file's lifecycle through upload -> poll -> results.

func (*ScanTask) PollDuration added in v1.13.0 

func (t *ScanTask) PollDuration() time.Duration

PollDuration returns the time spent polling.

func (*ScanTask) TotalDuration added in v1.13.0 

func (t *ScanTask) TotalDuration() time.Duration

TotalDuration returns the total time from upload start to poll completion.

func (*ScanTask) UploadDuration added in v1.13.0 

func (t *ScanTask) UploadDuration() time.Duration

UploadDuration returns the time spent uploading.

type ScoreEntry added in v1.13.0 

type ScoreEntry struct {
	Type   string // "epss","coalition_ess","cvssv4","cvssv3.1","cvssv3.0","cvssv2"
	Score  float64
	Source string
}

ScoreEntry represents a single vulnerability score.

type UnsupportedFileError added in v1.13.0 

type UnsupportedFileError struct {
	Path string
}

UnsupportedFileError is returned when a file type is not supported for upload.

func (*UnsupportedFileError) Error added in v1.13.0 

func (e *UnsupportedFileError) Error() string

type UploadEngine added in v1.13.0 

type UploadEngine struct {
	Client      *vdb.Client
	Concurrency int                // max concurrent uploads (default 5)
	OnProgress  func(*ScanTask)    // callback for UI updates (called from goroutines)
	GitContext  *gitctx.GitContext // shared git context (collected once, may be nil)
	RepoRoot    string             // git repo root path (may be empty)
}

UploadEngine handles concurrent file uploads to the VDB API.

func (*UploadEngine) UploadAll added in v1.13.0 

func (e *UploadEngine) UploadAll(ctx context.Context, files []DetectedFile) []*ScanTask

UploadAll uploads all detected files concurrently using a bounded semaphore. Returns a ScanTask for each file with status "uploaded" or "error".

type VulnSummary added in v1.13.0 

type VulnSummary struct {
	VulnID      string
	IsMalicious bool
	Scores      []ScoreEntry // ordered: EPSS > Coalition ESS > CVSSv4 > CVSS3 > CVSS2
	Severity    string
	PackageName string
	PackageVer  string
	SourceFile  string // which scanned file this came from
	// Lazy-loaded detail fields (nil until fetched)
	Exploits    *map[string]interface{}
	Timeline    *map[string]interface{}
	Fixes       *FixesMerged
	Remediation *map[string]interface{}
	Advisories  *map[string]interface{}
	Workarounds *map[string]interface{}
	Kev         *map[string]interface{}
}

VulnSummary is a parsed vulnerability from scan results.

func AllVulns added in v1.13.0 

func AllVulns(tasks []*ScanTask) []VulnSummary

AllVulns returns all vulnerabilities across all tasks, sorted by severity.

func ParseVulnsFromScanResult added in v1.13.0 

func ParseVulnsFromScanResult(raw map[string]interface{}, sourceFile string) []VulnSummary

ParseVulnsFromScanResult extracts vulnerability summaries from a scan status API response.

func (*VulnSummary) TopScore added in v1.13.0 

func (v *VulnSummary) TopScore() (string, float64)

TopScore returns the highest-priority score, or 0 if none.

type WalkOptions 

type WalkOptions struct {
	RootPath string
	MaxDepth int
	Excludes []string // glob patterns to exclude
}

WalkOptions configures the filesystem walk behavior.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.