Documentation ¶
Index ¶
Constants ¶
This section is empty.
Variables ¶
var AllAdvisoryType = []AdvisoryType{ AdvisoryTypeDeprecated, AdvisoryTypeUnmaintained, AdvisoryTypeSecurity, AdvisoryTypePolicy, AdvisoryTypeOther, }
var AllPolicyViolationLevel = []PolicyViolationLevel{ PolicyViolationLevelError, PolicyViolationLevelWarn, }
Functions ¶
This section is empty.
Types ¶
type Advisory ¶
type Advisory struct { // dependency is the underlying dependency that this Advisory is flagged against Dependency *Dependency `json:"dependency"` // advisoryType defines the type of Advisory (https://dmd.tanna.dev/concepts/advisory/) that this Advisory will flagged as AdvisoryType AdvisoryType `json:"advisoryType"` // description is a human-readable explanation of why this advisory is being flagged. The contents will be shown verbatim to a user, and will not be interpreted as markup // // This can be as long and detailed as you wish, and is recommended to include links to (internal) documentation around the finding, any known remediation actions, and communication channels to reach out to for information Description string `json:"description"` // supportedUntil describes the date that this release will be marked as End of Life, and will no longer be maintained from SupportedUntil *string `json:"supportedUntil,omitempty"` // supportedUntil describes the date that this release is (actively) EndOfLifeFrom *string `json:"endOfLifeFrom,omitempty"` }
Advisory (https://dmd.tanna.dev/concepts/advisory/) is an indication of issues flagged against the dependencies this Repository contains, for instance to indicate lack of maintainence upstream, security issues, etc
type AdvisoryType ¶
type AdvisoryType string
AdvisoryType defines the type of Advisory (https://dmd.tanna.dev/concepts/advisory/) that this will flagged as
const ( // The dependency is deprecated, and should ideally be replaced AdvisoryTypeDeprecated AdvisoryType = "DEPRECATED" // The dependency is no longer maintained AdvisoryTypeUnmaintained AdvisoryType = "UNMAINTAINED" // There is a security issue with this dependency AdvisoryTypeSecurity AdvisoryType = "SECURITY" // There is organisational policy that recommends awareness of the use of this // dependency AdvisoryTypePolicy AdvisoryType = "POLICY" // There is no other `AdvisoryType` that makes sense for this type. If you feel there should be, please raise an issue on the issue tracker (https://gitlab.com/tanna.dev/dependency-management-data/-/issues) AdvisoryTypeOther AdvisoryType = "OTHER" )
func (AdvisoryType) IsValid ¶
func (e AdvisoryType) IsValid() bool
func (AdvisoryType) MarshalGQL ¶
func (e AdvisoryType) MarshalGQL(w io.Writer)
func (AdvisoryType) String ¶
func (e AdvisoryType) String() string
func (*AdvisoryType) UnmarshalGQL ¶
func (e *AdvisoryType) UnmarshalGQL(v interface{}) error
type Dependency ¶
type Dependency struct { // packageName contains the name of the package PackageName string `json:"packageName"` // version indicates the version of this dependency // // NOTE this could be a version constraint, such as any of: // // <=1.3.4,>=1.3.0 // "~> 0.9" // latest // ^2.0.6 // =1.0.4 // // As well as a specific value, such as: // // 1.0.4 // 10 // latest // // This versioning will be implementation-specific for the `packageManager` in use Version string `json:"version"` // currentVersion defines the current version that this package's `version` resolves to // // If the `version` is an exact version number, such as `1.0.4`, then `currentVersion` will usually be the same value, `1.0.4` // // If the `version` is a version constraint, then this column MAY indicate the exact version that was resolved at the time of dependency analysis CurrentVersion *string `json:"currentVersion,omitempty"` // packageManager indicates the package manager that the dependency is from PackageManager string `json:"packageManager"` // packageFilePath defines the path within `repo` that defines the `packageName` as a dependency. For example: // // .github/workflows/build.yml // go.mod // build/Dockerfile // // NOTE that this may be empty (https://gitlab.com/tanna.dev/dependency-management-data/-/issues/396) PackageFilePath *string `json:"packageFilePath,omitempty"` // depTypes defines the different dependency types that may be in use. This will always be a JSON array, with 0 or more string elements. For example: // // [] // ["action"] // ["dependencies","lockfile"] // ["dependencies","missing-data"] // ["lockfile","lockfile-yarn-pinning-^21.1.1"] // ["engines"] // // Based on which datasource(s) (https://dmd.tanna.dev/concepts/datasource/) you are using, this will have different values and meanings // // NOTE that in the future these there will be a more consistent naming structure for these (https://gitlab.com/tanna.dev/dependency-management-data/-/issues/379) DepTypes []string `json:"depTypes,omitempty"` }
Dependency models a given package dependency
type DependentOnResponse ¶
type DependentOnResponse struct {
Repositories []DependentOnUsage `json:"repositories,omitempty"`
}
type DependentOnUsage ¶
type Metadata ¶
type Metadata struct { // DMDVersion is the version of the `dmd` CLI that was used to create the underlying database DMDVersion string `json:"DMDVersion"` }
Metadata tracks information about metadata of the dependency-management-data installation
type Owner ¶ added in v0.66.0
type Owner struct { // owner is a free-form identifier for who owns the repository. This could be an email address, a team name, Slack channel name, etc, but should ideally be clear from this column who should be contacted about any queries about the repository Owner *string `json:"owner,omitempty"` // notes allows adding additional, optional, context around the ownership, for instance a link to a Slack channel, Confluence page, internal Service Catalog, etc. The contents will be shown verbatim to a user, and will not be interpreted as markup. Notes *string `json:"notes,omitempty"` }
Owner models the definition of which team / person / vendor / part of your organisation / etc owns a given repository. This data is expected to be sourced through a Service Catalog or through some other means, and will be organisation-specific.
type PolicyViolation ¶
type PolicyViolation struct { // dependency is the underlying dependency that this Policy Violation is flagged against Dependency *Dependency `json:"dependency"` // level defines the severity of the Policy Violation. This will be organisation-specific in terms of what you deem most critical, but an example of what this could look like is: Level PolicyViolationLevel `json:"level"` // advisoryType defines the type of Advisory (https://dmd.tanna.dev/concepts/advisory/) that this Policy Violation will flagged as AdvisoryType AdvisoryType `json:"advisoryType"` // description is a human-readable explanation of why this advisory is being flagged. The contents will be shown verbatim to a user, and will not be interpreted as markup // // This can be as long and detailed as you wish, and is recommended to include links to (internal) documentation around the finding, any known remediation actions, and communication channels to reach out to for information Description string `json:"description"` }
PolicyViolation is a violation of organisational policy (https://dmd.tanna.dev/concepts/policy/)
type PolicyViolationLevel ¶
type PolicyViolationLevel string
PolicyViolationLevel defines the severity of the Policy Violation. This will be organisation-specific in terms of what you deem most critical, but an example of what this could look like is:
ERROR: "Use of AGPL-3.0 licensed dependencies anywhere is a high-severity" WARN: "Using a dependency that hasn't been updated in 1 year should be avoided"
const ( PolicyViolationLevelError PolicyViolationLevel = "ERROR" PolicyViolationLevelWarn PolicyViolationLevel = "WARN" )
func (PolicyViolationLevel) IsValid ¶
func (e PolicyViolationLevel) IsValid() bool
func (PolicyViolationLevel) MarshalGQL ¶
func (e PolicyViolationLevel) MarshalGQL(w io.Writer)
func (PolicyViolationLevel) String ¶
func (e PolicyViolationLevel) String() string
func (*PolicyViolationLevel) UnmarshalGQL ¶
func (e *PolicyViolationLevel) UnmarshalGQL(v interface{}) error
type RepositoriesResponse ¶
type RepositoriesResponse struct { Repositories []Repository `json:"repositories,omitempty"` TotalAdvisories int `json:"totalAdvisories"` TotalDependencies int `json:"totalDependencies"` TotalPolicyViolations int `json:"totalPolicyViolations"` }
type Repository ¶
type Repository struct { // what platform hosts the source code that this repository is for? i.e. `github`, `gitlab`, `gitea`, etc Platform string `json:"platform"` // what organisation manages the source code that this repository is for? Can include `/` for nested organisations Organisation string `json:"organisation"` // what is the repo name? Repo string `json:"repo"` // owner contains information about the owner of a given repository Owner *Owner `json:"owner,omitempty"` // totalDependencies is the total number of dependencies that this Repository contains TotalDependencies int `json:"totalDependencies"` // dependencies are the dependencies that this Repository contains Dependencies []Dependency `json:"dependencies,omitempty"` // totalAdvisories is the total number of Advisories (https://dmd.tanna.dev/concepts/advisory/) flagged against the dependencies this Repository contains, for instance to indicate lack of maintainence upstream, security issues, etc // // NOTE: This will include `totalPolicyViolations` // // TODO: https://gitlab.com/tanna.dev/dependency-management-data/-/issues/400 TotalAdvisories int `json:"totalAdvisories"` // advisories are the Advisories (https://dmd.tanna.dev/concepts/advisory/) flagged against the dependencies this Repository contains, for instance to indicate lack of maintainence upstream, security issues, etc. Will include the results of `policyViolations` // // NOTE: This will includes the results of `policyViolations` // // TODO: https://gitlab.com/tanna.dev/dependency-management-data/-/issues/400 Advisories []Advisory `json:"advisories,omitempty"` // totalPolicyViolations are the number of `PolicyViolation`s that have been flagged against this Repository, based on configured policies // // NOTE: This does not include all values of `advisories`, only those that have an `AdvisoryType == POLICY` // // TODO: https://gitlab.com/tanna.dev/dependency-management-data/-/issues/400 TotalPolicyViolations int `json:"totalPolicyViolations"` // policyViolations are the `PolicyViolation`s that have been flagged against this Repository, based on configured policies // // NOTE: This does not include all values of `advisories`, only those that have an `AdvisoryType == POLICY` // // TODO: https://gitlab.com/tanna.dev/dependency-management-data/-/issues/400 PolicyViolations []PolicyViolation `json:"policyViolations,omitempty"` }
Repository is a source repository