Documentation ¶
Overview ¶
Copyright 2022 Chainguard, Inc. SPDX-License-Identifier: Apache-2.0
Index ¶
Constants ¶
View Source
const ( // MIME type to record in the attestations MimeType = "text/vex" // Impact Statement constants StatusNotAffected Status = "not_affected" StatusAffected Status = "affected" StatusFixed Status = "fixed" StatusUnderInvestigation Status = "under_investigation" // Justification constants ComponentNotPresent Justification = "component_not_present" VulnerableCodeNotPresent Justification = "vulnerable_code_not_present" VulnerableCodeNotInExecutePath Justification = "vulnerable_code_not_in_execute_path" VulnerableCodeCannotBeControlledByAdversary Justification = "vulnerable_code_cannot_be_controlled_by_adversary" InlineMitigationsAlreadyExist Justification = "inline_mitigations_already_exist" )
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type Justification ¶
type Justification string
type Metadata ¶
type Metadata struct { ID string `json:"id"` // Identifier string for the VEX document Format string `json:"format"` // VEX Format Identifier Author string `json:"author"` // Document author AuthorRole string `json:"role"` // Role of author ProductIdentifiers []string `json:"product,omitempty"` // For spec completeness Timestamp time.Time `json:"timestamp"` }
type Statement ¶
type Statement struct { Vulnerability string `json:"vulnerability"` Status Status `json:"impact"` Justification Justification `json:"justification,omitempty"` ActionStatement string `json:"action_statement,omitempty"` // Required if status = AFFECTED References []VulnerabilityReference `json:"references,omitempty"` // Optional list }
Statement
type Status ¶
type Status string
func StatusFromCSAF ¶
StatusFromCSAF returns a vex status from the CSAF status
type VEX ¶
func Sort ¶
Sort sorts a bunch of documents based on their date. VEXes should be applied sequentially in chronogical order as they capture knowledge about an artifact as it changes over time.
func (*VEX) StatementFromID ¶
StatementFromID Returns a statement for a given vulnerability if there is one
type VulnerabilityReference ¶
type VulnerabilityReference struct { RefType string `json:"type"` // URL, OSV, FEDORA, etc Reference string `reference:"ref"` }
VulnerabilityReference captures other identifier assinged to the CVE
Click to show internal directories.
Click to hide internal directories.