Documentation ¶
Index ¶
- type AsffRecommendation
- type AwsAccountInfo
- type AwsSecurityFinding
- type Compliance
- type Component
- type Components
- type CycloneDxReport
- type GitlabSASTReport
- type Hash
- type Issue
- type JUnitReport
- type Location
- type Metadata
- type Range
- type Rating
- type Recommendation
- type Remediation
- type Resource
- type SarifReport
- type SarifRun
- type Severity
- type SonarQubeReport
- type SonarQubeReportBuilder
- type Source
- type Tool
- type Vulnerability
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type AsffRecommendation ¶ added in v1.5.0
type AsffRecommendation struct {
Text string
}
AsffRecommendation includes the recommendation to avoid the finding
type AwsAccountInfo ¶ added in v1.5.0
AwsAccountInfo contains all the relevant information of the user AWS account
type AwsSecurityFinding ¶ added in v1.5.0
type AwsSecurityFinding struct { AwsAccountID string `json:"AwsAccountId"` Compliance Compliance CreatedAt string Description string GeneratorID string `json:"GeneratorId"` ID string `json:"Id"` ProductArn string Remediation Remediation Resources []Resource SchemaVersion string Severity Severity Title string Types []string UpdatedAt string }
AwsSecurityFinding contains all the relevant information to build a finding
func BuildASFF ¶ added in v1.5.0
func BuildASFF(summary *model.Summary) []AwsSecurityFinding
BuildASFF builds the ASFF report
type Compliance ¶ added in v1.5.0
type Compliance struct {
Status string
}
Compliance contains the status of the finding
type Component ¶ added in v1.4.9
type Component struct { // component tag information Type string `xml:"type,attr"` BomRef string `xml:"bom-ref,attr"` // component body information Name string `xml:"name"` Version string `xml:"version"` Hashes []Hash `xml:"hashes>hash"` Purl string `xml:"purl"` Vulnerabilities []Vulnerability `xml:"v:vulnerabilities>v:vulnerability"` }
Component includes the CycloneDX component structure properties considered relevant
type Components ¶ added in v1.4.9
type Components struct {
Components []Component `xml:"component"`
}
Components is a list of components
type CycloneDxReport ¶ added in v1.4.9
type CycloneDxReport struct { XMLName xml.Name `xml:"bom"` // bom tag information XMLNS string `xml:"xmlns,attr"` SerialNumber string `xml:"serialNumber,attr"` XMLNSV string `xml:"xmlns:v,attr"` Version int `xml:"version,attr"` // bom body information Metadata *Metadata `xml:"metadata"` Components Components `xml:"components"` }
CycloneDxReport includes all the properties considered relevant for the CycloneDX Report
func BuildCycloneDxReport ¶ added in v1.4.9
func BuildCycloneDxReport(summary *model.Summary) *CycloneDxReport
BuildCycloneDxReport builds the CycloneDX report
func InitCycloneDxReport ¶ added in v1.4.9
func InitCycloneDxReport() *CycloneDxReport
InitCycloneDxReport inits the CycloneDx report with no components (consequently, no vulnerabilities)
type GitlabSASTReport ¶
type GitlabSASTReport interface {
BuildGitlabSASTVulnerability(issue *model.QueryResult, file *model.VulnerableFile)
}
GitlabSASTReport represents a usable gitlab sast report reference
func NewGitlabSASTReport ¶
func NewGitlabSASTReport(start, end time.Time) GitlabSASTReport
NewGitlabSASTReport initializes a new instance of GitlabSASTReport to be uses
type Hash ¶ added in v1.4.9
Hash includes the algorithm used in the HASH function and the output of it (content)
type Issue ¶ added in v1.4.8
type Issue struct { EngineID string `json:"engineId"` RuleID string `json:"ruleId"` Severity string `json:"severity"` Type string `json:"type"` PrimaryLocation *Location `json:"primaryLocation"` SecondaryLocations []*Location `json:"secondaryLocations,omitempty"` }
Issue is a single issue for SonarQube Report
type JUnitReport ¶ added in v1.4.9
type JUnitReport interface { GenerateTestEntry(query *model.QueryResult) FinishReport() }
JUnitReport is a JUnit report representation
func NewJUnitReport ¶ added in v1.4.9
func NewJUnitReport(time string) JUnitReport
NewJUnitReport creates a new JUnit report instance
type Location ¶ added in v1.4.8
type Location struct { Message string `json:"message"` FilePath string `json:"filePath"` TextRange *Range `json:"textRange"` }
Location is the location for the vulnerability in the SonarQube Report
type Metadata ¶ added in v1.4.9
type Metadata struct { Timestamp string `xml:"timestamp"` // the timestamp when the CycloneDX report is created Tools *[]Tool `xml:"tools>tool"` // array of tools used to create the CycloneDX report }
Metadata includes the relevant additional information about the CycloneDX report
type Range ¶ added in v1.4.8
type Range struct {
StartLine int `json:"startLine"`
}
Range is the range for the vulnerability in the SonarQube Report
type Rating ¶ added in v1.4.9
Rating includes the severity of the vulnerability and the method used to classify it
type Recommendation ¶ added in v1.4.9
type Recommendation struct {
Recommendation string `xml:""`
}
Recommendation describes how the vulnerability should be avoided
type Remediation ¶ added in v1.5.0
type Remediation struct {
Recommendation AsffRecommendation
}
Remediation contains the recommendation
type SarifReport ¶
type SarifReport interface {
BuildSarifIssue(issue *model.QueryResult)
}
SarifReport represents a usable sarif report reference
func NewSarifReport ¶
func NewSarifReport() SarifReport
NewSarifReport creates and start a new sarif report with default values respecting SARIF schema 2.1.0
type SarifRun ¶ added in v1.3.3
type SarifRun struct { Tool sarifTool `json:"tool"` Results []sarifResult `json:"results"` Taxonomies []sarifTaxonomy `json:"taxonomies"` }
SarifRun - sarifRun is a component of the SARIF report
type Severity ¶ added in v1.5.0
Severity contains the original severity (KICS severity) and the label severity (ASFF severity)
type SonarQubeReport ¶ added in v1.4.8
type SonarQubeReport struct {
Issues []Issue `json:"issues"`
}
SonarQubeReport is a list of issues for SonarQube Report
type SonarQubeReportBuilder ¶ added in v1.4.8
type SonarQubeReportBuilder struct {
// contains filtered or unexported fields
}
SonarQubeReportBuilder is the builder for the SonarQubeReport struct
func NewSonarQubeRepory ¶ added in v1.4.8
func NewSonarQubeRepory() *SonarQubeReportBuilder
NewSonarQubeRepory creates a new SonarQubeReportBuilder instance
func (*SonarQubeReportBuilder) BuildReport ¶ added in v1.4.8
func (s *SonarQubeReportBuilder) BuildReport(summary *model.Summary) *SonarQubeReport
BuildReport builds the SonarQubeReport from the given QueryResults
type Source ¶ added in v1.4.9
Source includes information about the origin where the vulnerability was reported
type Tool ¶ added in v1.4.9
type Tool struct { Vendor string `xml:"vendor"` Name string `xml:"name"` Version string `xml:"version"` }
Tool includes the information about the tool used to create the CycloneDX report
type Vulnerability ¶ added in v1.4.9
type Vulnerability struct { // vulnerability tag information Ref string `xml:"ref,attr"` // vulnerability body information ID string `xml:"v:id"` Source Source `xml:"v:source"` Ratings []Rating `xml:"v:ratings>v:rating"` Description string `xml:"v:description"` Recommendations []Recommendation `xml:"v:recommendations>v:recommendation"` }
Vulnerability includes all the relevant information about the vulnerability