model

package
v0.70.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jan 16, 2024 License: Apache-2.0 Imports: 3 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

View Source 
var AllAdvisoryType = []AdvisoryType{
	AdvisoryTypeDeprecated,
	AdvisoryTypeUnmaintained,
	AdvisoryTypeSecurity,
	AdvisoryTypePolicy,
	AdvisoryTypeOther,
}
View Source 
var AllPolicyViolationLevel = []PolicyViolationLevel{
	PolicyViolationLevelError,
	PolicyViolationLevelWarn,
}
View Source 
var AllRepositoryVisibility = []RepositoryVisibility{
	RepositoryVisibilityPublic,
	RepositoryVisibilityPrivate,
	RepositoryVisibilityInternal,
}

Functions

This section is empty.

Types

type Advisory 

type Advisory struct {
	// dependency is the underlying dependency that this Advisory is flagged against
	Dependency *Dependency `json:"dependency"`
	// advisoryType defines the type of Advisory (https://dmd.tanna.dev/concepts/advisory/) that this Advisory will flagged as
	AdvisoryType AdvisoryType `json:"advisoryType"`
	// description is a human-readable explanation of why this advisory is being flagged. The contents will be shown verbatim to a user, and will not be interpreted as markup
	//
	// This can be as long and detailed as you wish, and is recommended to include links to (internal) documentation around the finding, any known remediation actions, and communication channels to reach out to for information
	Description string `json:"description"`
	// supportedUntil describes the date that this release will be marked as End of Life, and will no longer be maintained from
	SupportedUntil *string `json:"supportedUntil,omitempty"`
	// endOfLifeFrom describes the date that this release will be marked as End of Life, and will no longer be maintained from
	EndOfLifeFrom *string `json:"endOfLifeFrom,omitempty"`
}

Advisory (https://dmd.tanna.dev/concepts/advisory/) is an indication of issues flagged against the dependencies this Repository contains, for instance to indicate lack of maintainence upstream, security issues, etc

type AdvisoryType 

type AdvisoryType string

AdvisoryType defines the type of Advisory (https://dmd.tanna.dev/concepts/advisory/) that this will flagged as 

const (
	// The dependency is deprecated, and should ideally be replaced
	AdvisoryTypeDeprecated AdvisoryType = "DEPRECATED"
	// The dependency is no longer maintained
	AdvisoryTypeUnmaintained AdvisoryType = "UNMAINTAINED"
	// There is a security issue with this dependency
	AdvisoryTypeSecurity AdvisoryType = "SECURITY"
	// There is organisational policy that recommends awareness of the use of this
	// dependency
	AdvisoryTypePolicy AdvisoryType = "POLICY"
	// There is no other `AdvisoryType` that makes sense for this type. If you feel there should be, please raise an issue on the issue tracker (https://gitlab.com/tanna.dev/dependency-management-data/-/issues)
	AdvisoryTypeOther AdvisoryType = "OTHER"
)

func (AdvisoryType) IsValid 

func (e AdvisoryType) IsValid() bool

func (AdvisoryType) MarshalGQL 

func (e AdvisoryType) MarshalGQL(w io.Writer)

func (AdvisoryType) String 

func (e AdvisoryType) String() string

func (*AdvisoryType) UnmarshalGQL 

func (e *AdvisoryType) UnmarshalGQL(v interface{}) error

type Dependency 

type Dependency struct {
	// packageName contains the name of the package
	PackageName string `json:"packageName"`
	// version indicates the version of this dependency
	//
	// NOTE this could be a version constraint, such as any of:
	//
	//     <=1.3.4,>=1.3.0
	//     "~> 0.9"
	//     latest
	//     ^2.0.6
	//     =1.0.4
	//
	// As well as a specific value, such as:
	//
	//     1.0.4
	//     10
	//     latest
	//
	// This versioning will be implementation-specific for the `packageManager` in use
	Version string `json:"version"`
	// currentVersion defines the current version that this package's `version` resolves to
	//
	// If the `version` is an exact version number, such as `1.0.4`, then `currentVersion` will usually be the same value, `1.0.4`
	//
	// If the `version` is a version constraint, then this column MAY indicate the exact version that was resolved at the time of dependency analysis
	CurrentVersion *string `json:"currentVersion,omitempty"`
	// packageManager indicates the package manager that the dependency is from
	PackageManager string `json:"packageManager"`
	// packageFilePath defines the path within `repo` that defines the `packageName` as a dependency. For example:
	//
	//     .github/workflows/build.yml
	//     go.mod
	//     build/Dockerfile
	//
	// NOTE that this may be empty (https://gitlab.com/tanna.dev/dependency-management-data/-/issues/396)
	PackageFilePath *string `json:"packageFilePath,omitempty"`
	// depTypes defines the different dependency types that may be in use. This will always be a JSON array, with 0 or more string elements. For example:
	//
	//     []
	//     ["action"]
	//     ["dependencies","lockfile"]
	//     ["dependencies","missing-data"]
	//     ["lockfile","lockfile-yarn-pinning-^21.1.1"]
	//     ["engines"]
	//
	// Based on which datasource(s) (https://dmd.tanna.dev/concepts/datasource/) you are using, this will have different values and meanings
	//
	// NOTE that in the future these there will be a more consistent naming structure for these (https://gitlab.com/tanna.dev/dependency-management-data/-/issues/379)
	DepTypes []string `json:"depTypes,omitempty"`
}

Dependency models a given package dependency

type DependentOnResponse 

type DependentOnResponse struct {
	Repositories []DependentOnUsage `json:"repositories,omitempty"`
}

type DependentOnUsage 

type DependentOnUsage struct {
	Platform        string   `json:"platform"`
	Organisation    string   `json:"organisation"`
	Repo            string   `json:"repo"`
	DepTypes        []string `json:"depTypes,omitempty"`
	PackageFilePath *string  `json:"packageFilePath,omitempty"`
	Owner           *Owner   `json:"owner,omitempty"`
}

type Metadata 

type Metadata struct {
	// DMDVersion is the version of the `dmd` CLI that was used to create the underlying database
	DMDVersion string `json:"DMDVersion"`
}

Metadata tracks information about metadata of the dependency-management-data installation

type Owner added in v0.66.0 

type Owner struct {
	// owner is a free-form identifier for who owns the repository. This could be an email address, a team name, Slack channel name, etc, but should ideally be clear from this column who should be contacted about any queries about the repository
	Owner *string `json:"owner,omitempty"`
	// notes allows adding additional, optional, context around the ownership, for instance a link to a Slack channel, Confluence page, internal Service Catalog, etc. The contents will be shown verbatim to a user, and will not be interpreted as markup.
	Notes *string `json:"notes,omitempty"`
}

Owner models the definition of which team / person / vendor / part of your organisation / etc owns a given repository. This data is expected to be sourced through a Service Catalog or through some other means, and will be organisation-specific.

type PolicyViolation 

type PolicyViolation struct {
	// dependency is the underlying dependency that this Policy Violation is flagged against
	Dependency *Dependency `json:"dependency"`
	// level defines the severity of the Policy Violation. This will be organisation-specific in terms of what you deem most critical, but an example of what this could look like is:
	Level PolicyViolationLevel `json:"level"`
	// advisoryType defines the type of Advisory (https://dmd.tanna.dev/concepts/advisory/) that this Policy Violation will flagged as
	AdvisoryType AdvisoryType `json:"advisoryType"`
	// description is a human-readable explanation of why this advisory is being flagged. The contents will be shown verbatim to a user, and will not be interpreted as markup
	//
	// This can be as long and detailed as you wish, and is recommended to include links to (internal) documentation around the finding, any known remediation actions, and communication channels to reach out to for information
	Description string `json:"description"`
}

PolicyViolation is a violation of organisational policy (https://dmd.tanna.dev/concepts/policy/)

type PolicyViolationLevel 

type PolicyViolationLevel string

PolicyViolationLevel defines the severity of the Policy Violation. This will be organisation-specific in terms of what you deem most critical, but an example of what this could look like is: 

ERROR: "Use of AGPL-3.0 licensed dependencies anywhere is a high-severity"
WARN:  "Using a dependency that hasn't been updated in 1 year should be avoided"

const (
	PolicyViolationLevelError PolicyViolationLevel = "ERROR"
	PolicyViolationLevelWarn  PolicyViolationLevel = "WARN"
)

func (PolicyViolationLevel) IsValid 

func (e PolicyViolationLevel) IsValid() bool

func (PolicyViolationLevel) MarshalGQL 

func (e PolicyViolationLevel) MarshalGQL(w io.Writer)

func (PolicyViolationLevel) String 

func (e PolicyViolationLevel) String() string

func (*PolicyViolationLevel) UnmarshalGQL 

func (e *PolicyViolationLevel) UnmarshalGQL(v interface{}) error

type RepositoriesResponse 

type RepositoriesResponse struct {
	Repositories          []Repository `json:"repositories,omitempty"`
	TotalAdvisories       int          `json:"totalAdvisories"`
	TotalDependencies     int          `json:"totalDependencies"`
	TotalPolicyViolations int          `json:"totalPolicyViolations"`
}

type Repository 

type Repository struct {
	// what platform hosts the source code that this repository is for? i.e. `github`, `gitlab`, `gitea`, etc
	Platform string `json:"platform"`
	// what organisation manages the source code that this repository is for? Can include `/` for nested organisations
	Organisation string `json:"organisation"`
	// what is the repo name?
	Repo string `json:"repo"`
	// owner contains information about the owner of a given repository
	Owner *Owner `json:"owner,omitempty"`
	// totalDependencies is the total number of dependencies that this Repository contains
	TotalDependencies int `json:"totalDependencies"`
	// dependencies are the dependencies that this Repository contains
	Dependencies []Dependency `json:"dependencies,omitempty"`
	// totalAdvisories is the total number of Advisories (https://dmd.tanna.dev/concepts/advisory/) flagged against the dependencies this Repository contains, for instance to indicate lack of maintainence upstream, security issues, etc
	//
	// NOTE: This will include `totalPolicyViolations`
	//
	// TODO: https://gitlab.com/tanna.dev/dependency-management-data/-/issues/400
	TotalAdvisories int `json:"totalAdvisories"`
	// advisories are the Advisories (https://dmd.tanna.dev/concepts/advisory/) flagged against the dependencies this Repository contains, for instance to indicate lack of maintainence upstream, security issues, etc. Will include the results of `policyViolations`
	//
	// NOTE: This will includes the results of `policyViolations`
	//
	// TODO: https://gitlab.com/tanna.dev/dependency-management-data/-/issues/400
	Advisories []Advisory `json:"advisories,omitempty"`
	// totalPolicyViolations are the number of `PolicyViolation`s that have been flagged against this Repository, based on configured policies
	//
	// NOTE: This does not include all values of `advisories`, only those that have an `AdvisoryType == POLICY`
	//
	// TODO: https://gitlab.com/tanna.dev/dependency-management-data/-/issues/400
	TotalPolicyViolations int `json:"totalPolicyViolations"`
	// policyViolations are the `PolicyViolation`s that have been flagged against this Repository, based on configured policies
	//
	// NOTE: This does not include all values of `advisories`, only those that have an `AdvisoryType == POLICY`
	//
	// TODO: https://gitlab.com/tanna.dev/dependency-management-data/-/issues/400
	PolicyViolations []PolicyViolation `json:"policyViolations,omitempty"`
	// metadata provides additional metadata about the underlying repository
	Metadata *RepositoryMetadata `json:"metadata,omitempty"`
}

Repository is a source repository

type RepositoryAdditionalMetadatum added in v0.67.0 

type RepositoryAdditionalMetadatum struct {
	Key   string `json:"key"`
	Value string `json:"value"`
}

additionalMetadata contains additional key-value data that can be used to provide custom organisation-specific configuration, and augment any queries for data with information around this additional metadata.

For instance:

  • `last_commit_date` - the last commit date to the project
  • `pci_environment` - the PCI environment the application is deployed to
  • `customer_type` - i.e. whether it's used for government, financial users, etc

type RepositoryKey 

type RepositoryKey struct {
	Platform     string `json:"platform"`
	Organisation string `json:"organisation"`
	Repo         string `json:"repo"`
}

type RepositoryMetadata added in v0.67.0 

type RepositoryMetadata struct {
	// isMonorepo indicates whether the repository is treated as a monorepo
	IsMonorepo bool `json:"isMonorepo"`
	// isFork indicates whether this is a forked repository. This could indicate that this is a temporary repository, a long-standing fork for security + supply-chain hygiene purposes, or some other reason.
	IsFork bool `json:"isFork"`
	// repositoryType is a free-form field to create enum-style data, for instance `LIBRARY` or `SERVICE`, or `EXAMPLE_CODE`.
	//
	// This may track with your Developer Portal's own definition of a repository's type.
	RepositoryType string `json:"repositoryType"`
	// repositoryUsage is a free-form field to note additional information
	// around the repository's usage, which is organisation-specific.
	//
	// For instance, this may be enum-style data, a space-separated list of
	// enum-style data, or a long human-readable description.
	RepositoryUsage *string `json:"repositoryUsage,omitempty"`
	// visibility indicates the repository's visibility in the source forge
	Visibility RepositoryVisibility `json:"visibility"`
	// description is a textual description of the repo for more context, which can include links out to other systems i.e. a Service Catalog. The contents will be shown verbatim to a user, and will not be interpreted as markup
	Description *string `json:"description,omitempty"`
	// additionalMetadata contains additional key-value data that can be used to provide custom organisation-specific configuration, and augment any queries for data with information around this additional metadata.
	AddititionalMetadata []RepositoryAdditionalMetadatum `json:"addititionalMetadata"`
}

type RepositoryVisibility added in v0.67.0 

type RepositoryVisibility string

RepositoryVisibility indicates the repository's visibility in the source forge.

NOTE that this may be straightforward if you're using a publicly hosted source forge, but if you're running on an internally run, i.e. VPN'd off source force, this field may have a slightly different interpretation 

const (
	RepositoryVisibilityPublic   RepositoryVisibility = "PUBLIC"
	RepositoryVisibilityPrivate  RepositoryVisibility = "PRIVATE"
	RepositoryVisibilityInternal RepositoryVisibility = "INTERNAL"
)

func (RepositoryVisibility) IsValid added in v0.67.0 

func (e RepositoryVisibility) IsValid() bool

func (RepositoryVisibility) MarshalGQL added in v0.67.0 

func (e RepositoryVisibility) MarshalGQL(w io.Writer)

func (RepositoryVisibility) String added in v0.67.0 

func (e RepositoryVisibility) String() string

func (*RepositoryVisibility) UnmarshalGQL added in v0.67.0 

func (e *RepositoryVisibility) UnmarshalGQL(v interface{}) error

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.