Documentation ¶
Index ¶
- Constants
- func CountSecurityVulnerabilities(alerts *[]Alert, cvssSeverityLimit float64) (int, int)
- func CreateCustomVulnerabilityReport(productName string, scan *Scan, alerts *[]Alert, cvssSeverityLimit float64) reporting.ScanReport
- func CreateCycloneSBOM(scan *Scan, libraries *[]Library, alerts *[]Alert) ([]byte, error)
- func CreateSarifResultFile(scan *Scan, alerts *[]Alert) *format.SARIF
- func ReportSha(productName string, scan *Scan) string
- func WriteCustomVulnerabilityReports(productName string, scan *Scan, scanReport reporting.ScanReport, ...) ([]piperutils.Path, error)
- func WriteCycloneSBOM(sbom []byte, utils piperutils.FileUtils) ([]piperutils.Path, error)
- func WriteSarifFile(sarif *format.SARIF, utils piperutils.FileUtils) ([]piperutils.Path, error)
- type Alert
- type Assignment
- type ConfigOption
- type ConfigOptions
- type DownloadedFile
- type File
- type Fix
- type GroupAssignment
- type Library
- type NpmInstall
- type Product
- type Project
- type Reference
- type ReportOptions
- type Request
- type Scan
- func (s *Scan) AppendScannedProject(projectName string) error
- func (s *Scan) AppendScannedProjectVersion(projectName string) error
- func (s *Scan) BlockUntilReportsAreReady(sys whitesourcePoller) error
- func (s *Scan) DownloadReports(options ReportOptions, utils scanUtils, sys whitesource) ([]piperutils.Path, error)
- func (s *Scan) ExecuteMTAScan(config *ScanOptions, utils Utils) error
- func (s *Scan) ExecuteMavenScan(config *ScanOptions, utils Utils) error
- func (s *Scan) ExecuteMavenScanForPomFile(config *ScanOptions, utils Utils, pomPath string) error
- func (s *Scan) ExecuteNpmScan(config *ScanOptions, utils Utils) error
- func (s *Scan) ExecuteUAScan(config *ScanOptions, utils Utils) error
- func (s *Scan) ExecuteUAScanInPath(config *ScanOptions, utils Utils, scanPath string) error
- func (s *Scan) ExecuteYarnScan(config *ScanOptions, utils Utils) error
- func (s *Scan) ProjectByName(projectName string) (Project, bool)
- func (s *Scan) ScanTime(projectName string) time.Time
- func (s *Scan) ScannedProjectNames() []string
- func (s *Scan) ScannedProjectTokens() []string
- func (s *Scan) ScannedProjects() []Project
- func (s *Scan) UpdateProjects(productToken string, sys whitesource) error
- type ScanOptions
- type ScanUtilsMock
- func (m *ScanUtilsMock) DownloadFile(url, filename string, _ http.Header, _ []*http.Cookie) error
- func (m *ScanUtilsMock) FileOpen(name string, flag int, perm os.FileMode) (File, error)
- func (m *ScanUtilsMock) FindPackageJSONFiles(options *ScanOptions) ([]string, error)
- func (m *ScanUtilsMock) InstallAllNPMDependencies(_ *ScanOptions, packageJSONs []string) error
- func (m *ScanUtilsMock) RemoveAll(dir string) error
- type System
- func (s *System) CreateProduct(productName string) (string, error)
- func (s *System) GetProductByName(productName string) (Product, error)
- func (s *System) GetProductName(productToken string) (string, error)
- func (s *System) GetProductsMetaInfo() ([]Product, error)
- func (s *System) GetProjectAlerts(projectToken string) ([]Alert, error)
- func (s *System) GetProjectAlertsByType(projectToken, alertType string) ([]Alert, error)
- func (s *System) GetProjectByName(productToken, projectName string) (Project, error)
- func (s *System) GetProjectByToken(projectToken string) (Project, error)
- func (s *System) GetProjectHierarchy(projectToken string, includeInHouse bool) ([]Library, error)
- func (s *System) GetProjectLibraryLocations(projectToken string) ([]Library, error)
- func (s *System) GetProjectRiskReport(projectToken string) ([]byte, error)
- func (s *System) GetProjectToken(productToken, projectName string) (string, error)
- func (s *System) GetProjectTokens(productToken string, projectNames []string) ([]string, error)
- func (s *System) GetProjectVulnerabilityReport(projectToken string, format string) ([]byte, error)
- func (s *System) GetProjectsByIDs(productToken string, projectIDs []int64) ([]Project, error)
- func (s *System) GetProjectsMetaInfo(productToken string) ([]Project, error)
- func (s *System) SetProductAssignments(productToken string, membership, admins, alertReceivers *Assignment) error
- type SystemMock
- func (m *SystemMock) CreateProduct(productName string) (string, error)
- func (m *SystemMock) GetProductByName(productName string) (Product, error)
- func (m *SystemMock) GetProjectAlerts(projectToken string) ([]Alert, error)
- func (m *SystemMock) GetProjectAlertsByType(projectToken, alertType string) ([]Alert, error)
- func (m *SystemMock) GetProjectByToken(projectToken string) (Project, error)
- func (m *SystemMock) GetProjectHierarchy(projectToken string, inHouse bool) ([]Library, error)
- func (m *SystemMock) GetProjectLibraryLocations(projectToken string) ([]Library, error)
- func (m *SystemMock) GetProjectRiskReport(projectToken string) ([]byte, error)
- func (m *SystemMock) GetProjectToken(productToken, projectName string) (string, error)
- func (m *SystemMock) GetProjectVulnerabilityReport(projectToken string, format string) ([]byte, error)
- func (m *SystemMock) GetProjectsMetaInfo(productToken string) ([]Project, error)
- func (m *SystemMock) SetProductAssignments(productToken string, _, _, _ *Assignment) error
- type UserAssignment
- type Utils
- type Vulnerability
Constants ¶
const DateTimeLayout = "2006-01-02 15:04:05 -0700"
DateTimeLayout is the layout of the time format used by the WhiteSource API.
const ReportsDirectory = "whitesource"
ReportsDirectory defines the subfolder for the WhiteSource reports which are generated
Variables ¶
This section is empty.
Functions ¶
func CountSecurityVulnerabilities ¶ added in v1.199.0
CountSecurityVulnerabilities counts the security vulnerabilities above severityLimit
func CreateCustomVulnerabilityReport ¶ added in v1.199.0
func CreateCustomVulnerabilityReport(productName string, scan *Scan, alerts *[]Alert, cvssSeverityLimit float64) reporting.ScanReport
CreateCustomVulnerabilityReport creates a vulnerability ScanReport to be used for uploading into various sinks
func CreateCycloneSBOM ¶ added in v1.238.0
func CreateSarifResultFile ¶ added in v1.199.0
Creates a SARIF result from the Alerts that were brought up by the scan
func ReportSha ¶ added in v1.199.0
ReportSha creates a SHA unique to the WS product and scan to be used as part of the report filename
func WriteCustomVulnerabilityReports ¶ added in v1.199.0
func WriteCustomVulnerabilityReports(productName string, scan *Scan, scanReport reporting.ScanReport, utils piperutils.FileUtils) ([]piperutils.Path, error)
WriteCustomVulnerabilityReports creates an HTML and a JSON format file based on the alerts brought up by the scan
func WriteCycloneSBOM ¶ added in v1.238.0
func WriteCycloneSBOM(sbom []byte, utils piperutils.FileUtils) ([]piperutils.Path, error)
func WriteSarifFile ¶ added in v1.199.0
func WriteSarifFile(sarif *format.SARIF, utils piperutils.FileUtils) ([]piperutils.Path, error)
WriteSarifFile write a JSON sarif format file for upload into e.g. GCP
Types ¶
type Alert ¶ added in v1.51.0
type Alert struct { Vulnerability Vulnerability `json:"vulnerability"` Type string `json:"type,omitempty"` Level string `json:"level,omitempty"` Library Library `json:"library,omitempty"` Project string `json:"project,omitempty"` DirectDependency bool `json:"directDependency,omitempty"` Description string `json:"description,omitempty"` CreationDate string `json:"date,omitempty"` ModifiedDate string `json:"modifiedDate,omitempty"` Status string `json:"status,omitempty"` }
Alert
func (Alert) ContainedIn ¶ added in v1.238.0
func (a Alert) ContainedIn(assessments *[]format.Assessment) (bool, error)
func (Alert) ToMarkdown ¶ added in v1.199.0
ToMarkdown returns the markdown representation of the contents
type Assignment ¶ added in v1.100.0
type Assignment struct { UserAssignments []UserAssignment `json:"userAssignments,omitempty"` GroupAssignments []GroupAssignment `json:"groupAssignments,omitempty"` }
Assignment describes a list of UserAssignments and GroupAssignments which can be attributed to a WhiteSource Product.
type ConfigOption ¶ added in v1.124.0
type ConfigOption struct { Name string Value interface{} OmitIfPresent string Force bool Append bool }
ConfigOption defines a dedicated WhiteSource config which can be enforced if required
type ConfigOptions ¶ added in v1.124.0
type ConfigOptions []ConfigOption
ConfigOptions contains a list of config options (ConfigOption)
type DownloadedFile ¶ added in v1.95.0
DownloadedFile records what URL has been downloaded to which file.
type Fix ¶ added in v1.125.0
type Fix struct { Vulnerability string `json:"vulnerability,omitempty"` Type string `json:"type,omitempty"` Origin string `json:"origin,omitempty"` URL string `json:"url,omitempty"` FixResolution string `json:"fixResolution,omitempty"` Date string `json:"date,omitempty"` Message string `json:"message,omitempty"` ExtraData string `json:"extraData,omitempty"` }
Fix defines a Fix as returned by WhiteSource
type GroupAssignment ¶ added in v1.100.0
type GroupAssignment struct {
Name string `json:"name,omitempty"`
}
GroupAssignment refers to the name of a particular group in WhiteSource.
type Library ¶ added in v1.51.0
type Library struct { KeyUUID string `json:"keyUuid,omitempty"` KeyID int `json:"keyId,omitempty"` Name string `json:"name,omitempty"` Filename string `json:"filename,omitempty"` ArtifactID string `json:"artifactId,omitempty"` GroupID string `json:"groupId,omitempty"` Version string `json:"version,omitempty"` Sha1 string `json:"sha1,omitempty"` LibType string `json:"type,omitempty"` Coordinates string `json:"coordinates,omitempty"` Dependencies []Library `json:"dependencies,omitempty"` }
Library
func (Library) ToPackageUrl ¶ added in v1.238.0
func (l Library) ToPackageUrl() *packageurl.PackageURL
ToPackageUrl constructs and returns the package URL of the library
type NpmInstall ¶ added in v1.95.0
NpmInstall records in which directory "npm install" has been invoked and for which package.json files.
type Product ¶
type Product struct { Name string `json:"name"` Token string `json:"token"` CreationDate string `json:"creationDate,omitempty"` LastUpdateDate string `json:"lastUpdatedDate,omitempty"` }
Product defines a WhiteSource product with name and token
type Project ¶
type Project struct { ID int64 `json:"id"` Name string `json:"name"` PluginName string `json:"pluginName"` Token string `json:"token"` UploadedBy string `json:"uploadedBy"` CreationDate string `json:"creationDate,omitempty"` LastUpdateDate string `json:"lastUpdatedDate,omitempty"` }
Project defines a WhiteSource project with name and token
type Reference ¶ added in v1.199.0
type Reference struct { URL string `json:"url,omitempty"` Homepage string `json:"homepage,omitempty"` GenericPackageIndex string `json:"genericPackageIndex,omitempty"` }
Reference defines a reference for the library affected
type ReportOptions ¶ added in v1.95.0
type ReportOptions struct { // ReportDirectory defines the target directory for downloading reports. ReportDirectory string // VulnerabilityReportFormat defines the requested file format of the vulnerability report (i.e. pdf). VulnerabilityReportFormat string }
ReportOptions defines options for downloading reports after scanning.
type Request ¶
type Request struct { RequestType string `json:"requestType,omitempty"` UserKey string `json:"userKey,omitempty"` ProductToken string `json:"productToken,omitempty"` ProductName string `json:"productName,omitempty"` ProjectToken string `json:"projectToken,omitempty"` OrgToken string `json:"orgToken,omitempty"` Format string `json:"format,omitempty"` AlertType string `json:"alertType,omitempty"` ProductAdmins *Assignment `json:"productAdmins,omitempty"` ProductMembership *Assignment `json:"productMembership,omitempty"` AlertsEmailReceivers *Assignment `json:"alertsEmailReceivers,omitempty"` ProductApprovers *Assignment `json:"productApprovers,omitempty"` ProductIntegrators *Assignment `json:"productIntegrators,omitempty"` IncludeInHouseData bool `json:"includeInHouseData,omitempty"` }
Request defines a request object to be sent to the WhiteSource system
type Scan ¶ added in v1.95.0
type Scan struct { // AggregateProjectName stores the name of the WhiteSource project where scans shall be aggregated. // It does not include the ProductVersion. AggregateProjectName string // ProductVersion is the global version that is used across all Projects (modules) during the scan. BuildTool string ProductToken string ProductVersion string AgentName string AgentVersion string Coordinates versioning.Coordinates // contains filtered or unexported fields }
Scan stores information about scanned WhiteSource projects (modules).
func (*Scan) AppendScannedProject ¶ added in v1.95.0
AppendScannedProject checks that no Project with the same name is already contained in the list of scanned projects, and appends a new Project with the given name. The global product version is appended to the name.
func (*Scan) AppendScannedProjectVersion ¶ added in v1.95.0
AppendScannedProjectVersion checks that no Project with the same name is already contained in the list of scanned projects, and appends a new Project with the given name (which is expected to include the product version).
func (*Scan) BlockUntilReportsAreReady ¶ added in v1.107.0
BlockUntilReportsAreReady polls the WhiteSource system for all projects known to the Scan and blocks until their LastUpdateDate time stamp is from within the last 20 seconds.
func (*Scan) DownloadReports ¶ added in v1.95.0
func (s *Scan) DownloadReports(options ReportOptions, utils scanUtils, sys whitesource) ([]piperutils.Path, error)
DownloadReports downloads a Project's risk and vulnerability reports
func (*Scan) ExecuteMTAScan ¶ added in v1.95.0
func (s *Scan) ExecuteMTAScan(config *ScanOptions, utils Utils) error
ExecuteMTAScan executes a scan for the Java part with maven, and performs a scan for each NPM module.
func (*Scan) ExecuteMavenScan ¶ added in v1.95.0
func (s *Scan) ExecuteMavenScan(config *ScanOptions, utils Utils) error
ExecuteMavenScan constructs maven parameters from the given configuration, and executes the maven goal "org.whitesource:whitesource-maven-plugin:19.5.1:update".
func (*Scan) ExecuteMavenScanForPomFile ¶ added in v1.95.0
func (s *Scan) ExecuteMavenScanForPomFile(config *ScanOptions, utils Utils, pomPath string) error
ExecuteMavenScanForPomFile constructs maven parameters from the given configuration, and executes the maven goal "org.whitesource:whitesource-maven-plugin:19.5.1:update" for the given pom file.
func (*Scan) ExecuteNpmScan ¶ added in v1.95.0
func (s *Scan) ExecuteNpmScan(config *ScanOptions, utils Utils) error
ExecuteNpmScan iterates over all found npm modules and performs a scan in each one.
func (*Scan) ExecuteUAScan ¶ added in v1.95.0
func (s *Scan) ExecuteUAScan(config *ScanOptions, utils Utils) error
ExecuteUAScan executes a scan with the Whitesource Unified Agent.
func (*Scan) ExecuteUAScanInPath ¶ added in v1.124.0
func (s *Scan) ExecuteUAScanInPath(config *ScanOptions, utils Utils, scanPath string) error
ExecuteUAScanInPath executes a scan with the Whitesource Unified Agent in a dedicated scanPath.
func (*Scan) ExecuteYarnScan ¶ added in v1.95.0
func (s *Scan) ExecuteYarnScan(config *ScanOptions, utils Utils) error
ExecuteYarnScan generates a configuration file whitesource.config.json with appropriate values from config, installs whitesource yarn plugin and executes the scan.
func (*Scan) ProjectByName ¶ added in v1.95.0
ProjectByName returns a WhiteSource Project previously established via AppendScannedProject().
func (*Scan) ScanTime ¶ added in v1.95.0
ScanTime returns the time at which the respective WhiteSource Project was scanned, or the the zero value of time.Time, if AppendScannedProject() was not called with that name.
func (*Scan) ScannedProjectNames ¶ added in v1.135.0
ScannedProjectNames returns a sorted list of all scanned project names
func (*Scan) ScannedProjectTokens ¶ added in v1.238.0
ScannedProjectTokens returns a sorted list of all scanned project's tokens
func (*Scan) ScannedProjects ¶ added in v1.95.0
ScannedProjects returns the WhiteSource projects that have been added via AppendScannedProject() as a slice.
func (*Scan) UpdateProjects ¶ added in v1.95.0
UpdateProjects pulls the current backend metadata for all WhiteSource projects in the product with the given productToken, and updates all scanned projects with the obtained information.
type ScanOptions ¶ added in v1.95.0
type ScanOptions struct { BuildTool string // ScanType defines the type of scan. Can be "maven" or "mta" for scanning with Maven or "npm"/"yarn". ScanType string OrgToken string UserToken string ProductName string ProductToken string ProductVersion string // ProjectName is an optional name for an "aggregator" project. // All scanned maven modules will be reflected in the aggregate project. ProjectName string BuildDescriptorFile string BuildDescriptorExcludeList []string // PomPath is the path to root build descriptor file. PomPath string // M2Path is the path to the local maven repository. M2Path string // GlobalSettingsFile is an optional path to a global maven settings file. GlobalSettingsFile string // ProjectSettingsFile is an optional path to a local maven settings file. ProjectSettingsFile string // InstallArtifacts installs artifacts from all maven modules to the local repository InstallArtifacts bool // DefaultNpmRegistry is an optional default registry for NPM. DefaultNpmRegistry string AgentDownloadURL string AgentFileName string ConfigFilePath string JreDownloadURL string Includes []string Excludes []string AgentURL string ServiceURL string ScanPath string Verbose bool }
ScanOptions contains parameters needed during the scan.
func (*ScanOptions) RewriteUAConfigurationFile ¶ added in v1.124.0
func (s *ScanOptions) RewriteUAConfigurationFile(utils Utils, projectName string) (string, error)
RewriteUAConfigurationFile updates the user's Unified Agent configuration with configuration which should be enforced or just eases the overall configuration It then returns the path to the file containing the updated configuration
type ScanUtilsMock ¶ added in v1.95.0
type ScanUtilsMock struct { *mock.FilesMock *mock.ExecMockRunner NpmInstalledModules []NpmInstall DownloadedFiles []DownloadedFile DownloadError map[string]error RemoveAllDirs []string RemoveAllError map[string]error }
ScanUtilsMock is an implementation of the Utils interface that can be used during tests.
func NewScanUtilsMock ¶ added in v1.95.0
func NewScanUtilsMock() *ScanUtilsMock
NewScanUtilsMock returns an initialized ScanUtilsMock instance.
func (*ScanUtilsMock) DownloadFile ¶ added in v1.95.0
DownloadFile mimics http.Downloader and records the downloaded file.
func (*ScanUtilsMock) FileOpen ¶ added in v1.95.0
FileOpen mimics os.FileOpen() based on FilesMock OpenFile().
func (*ScanUtilsMock) FindPackageJSONFiles ¶ added in v1.95.0
func (m *ScanUtilsMock) FindPackageJSONFiles(options *ScanOptions) ([]string, error)
FindPackageJSONFiles mimics npm.FindPackageJSONFiles() based on the FilesMock setup.
func (*ScanUtilsMock) InstallAllNPMDependencies ¶ added in v1.95.0
func (m *ScanUtilsMock) InstallAllNPMDependencies(_ *ScanOptions, packageJSONs []string) error
InstallAllNPMDependencies mimics npm.InstallAllNPMDependencies() and records the "npm install".
func (*ScanUtilsMock) RemoveAll ¶ added in v1.95.0
func (m *ScanUtilsMock) RemoveAll(dir string) error
RemoveAll mimics os.RemoveAll().
type System ¶
type System struct {
// contains filtered or unexported fields
}
System defines a WhiteSource System including respective tokens (e.g. org token, user token)
func (*System) CreateProduct ¶ added in v1.100.0
CreateProduct creates a new WhiteSource product and returns its product token.
func (*System) GetProductByName ¶ added in v1.51.0
GetProductByName retrieves meta information for a specific WhiteSource product
func (*System) GetProductName ¶
GetProductName returns the product name for a given product token
func (*System) GetProductsMetaInfo ¶
GetProductsMetaInfo retrieves meta information for all WhiteSource products a user has access to
func (*System) GetProjectAlerts ¶ added in v1.51.0
GetProjectAlerts
func (*System) GetProjectAlertsByType ¶ added in v1.125.0
GetProjectAlertsByType returns all alerts of a certain type for a given project
func (*System) GetProjectByName ¶ added in v1.51.0
GetProjectByName fetches all projects and returns the one matching the given projectName, or none, if not found
func (*System) GetProjectByToken ¶ added in v1.85.0
GetProjectByToken returns project meta info given a project token
func (*System) GetProjectHierarchy ¶ added in v1.238.0
GetProjectHierarchy retrieves the full set of libraries that the project depends on
func (*System) GetProjectLibraryLocations ¶ added in v1.51.0
GetProjectLibraryLocations
func (*System) GetProjectRiskReport ¶ added in v1.51.0
GetProjectRiskReport
func (*System) GetProjectToken ¶
GetProjectToken returns the project token for a project with a given name
func (*System) GetProjectTokens ¶
GetProjectTokens returns the project tokens matching a given a slice of project names
func (*System) GetProjectVulnerabilityReport ¶ added in v1.51.0
GetProjectVulnerabilityReport
func (*System) GetProjectsByIDs ¶ added in v1.51.0
GetProjectsByIDs retrieves all projects for the given productToken and filters them by the given project ids
func (*System) GetProjectsMetaInfo ¶
GetProjectsMetaInfo retrieves the registered projects for a specific WhiteSource product
func (*System) SetProductAssignments ¶ added in v1.100.0
func (s *System) SetProductAssignments(productToken string, membership, admins, alertReceivers *Assignment) error
SetProductAssignments assigns various types of membership to a WhiteSource Product.
type SystemMock ¶ added in v1.95.0
type SystemMock struct { ProductName string Products []Product Projects []Project Alerts []Alert AlertType string AlertError error Libraries []Library RiskReport []byte VulnerabilityReport []byte }
SystemMock stores a number of WhiteSource objects and, based on that, mocks the behavior of System.
func NewSystemMock ¶ added in v1.95.0
func NewSystemMock(lastUpdateDate string) *SystemMock
NewSystemMock returns a pointer to a new instance of SystemMock.
func NewSystemMockWithProjectName ¶ added in v1.125.0
func NewSystemMockWithProjectName(lastUpdateDate, projectName string) *SystemMock
NewSystemMockWithProjectName returns a pointer to a new instance of SystemMock using a project with a defined name.
func (*SystemMock) CreateProduct ¶ added in v1.100.0
func (m *SystemMock) CreateProduct(productName string) (string, error)
CreateProduct appends a new Product to the system mock and returns its token ("mock-product-token-<index>").
func (*SystemMock) GetProductByName ¶ added in v1.95.0
func (m *SystemMock) GetProductByName(productName string) (Product, error)
GetProductByName mimics retrieving a Product by name. It returns an error of no Product is stored in the mock.
func (*SystemMock) GetProjectAlerts ¶ added in v1.95.0
func (m *SystemMock) GetProjectAlerts(projectToken string) ([]Alert, error)
GetProjectAlerts returns the alerts stored in the SystemMock.
func (*SystemMock) GetProjectAlertsByType ¶ added in v1.125.0
func (m *SystemMock) GetProjectAlertsByType(projectToken, alertType string) ([]Alert, error)
GetProjectAlertsByType returns the alerts stored in the SystemMock and records the type.
func (*SystemMock) GetProjectByToken ¶ added in v1.95.0
func (m *SystemMock) GetProjectByToken(projectToken string) (Project, error)
GetProjectByToken checks the Projects stored in the mock and returns the one with the given token or an error.
func (*SystemMock) GetProjectHierarchy ¶ added in v1.238.0
func (m *SystemMock) GetProjectHierarchy(projectToken string, inHouse bool) ([]Library, error)
GetProjectHierarchy returns the libraries stored in the SystemMock.
func (*SystemMock) GetProjectLibraryLocations ¶ added in v1.95.0
func (m *SystemMock) GetProjectLibraryLocations(projectToken string) ([]Library, error)
GetProjectLibraryLocations returns the libraries stored in the SystemMock.
func (*SystemMock) GetProjectRiskReport ¶ added in v1.95.0
func (m *SystemMock) GetProjectRiskReport(projectToken string) ([]byte, error)
GetProjectRiskReport mocks retrieving a risc report.
func (*SystemMock) GetProjectToken ¶ added in v1.95.0
func (m *SystemMock) GetProjectToken(productToken, projectName string) (string, error)
GetProjectToken checks the Projects stored in the mock and returns a valid token, or an empty token and no error.
func (*SystemMock) GetProjectVulnerabilityReport ¶ added in v1.95.0
func (m *SystemMock) GetProjectVulnerabilityReport(projectToken string, format string) ([]byte, error)
GetProjectVulnerabilityReport mocks retrieving a vulnerability report. Behavior depends on what is stored in the mock.
func (*SystemMock) GetProjectsMetaInfo ¶ added in v1.95.0
func (m *SystemMock) GetProjectsMetaInfo(productToken string) ([]Project, error)
GetProjectsMetaInfo returns the list of Projects stored in the mock or an error if token is unknown.
func (*SystemMock) SetProductAssignments ¶ added in v1.100.0
func (m *SystemMock) SetProductAssignments(productToken string, _, _, _ *Assignment) error
SetProductAssignments checks if the system mock contains a product with the given token and returns an error depending on that, but otherwise does nothing with the provided arguments.
type UserAssignment ¶ added in v1.100.0
type UserAssignment struct {
Email string `json:"email,omitempty"`
}
UserAssignment holds an email address for a WhiteSource user which can be assigned to a WhiteSource Product in a specific role.
type Utils ¶ added in v1.95.0
type Utils interface { maven.Utils Chdir(path string) error Getwd() (string, error) FileRead(path string) ([]byte, error) FileWrite(path string, content []byte, perm os.FileMode) error FileRemove(path string) error FileRename(oldPath, newPath string) error GetExitCode() int RemoveAll(path string) error FileOpen(name string, flag int, perm os.FileMode) (File, error) FindPackageJSONFiles(config *ScanOptions) ([]string, error) InstallAllNPMDependencies(config *ScanOptions, packageJSONFiles []string) error }
Utils captures all external functionality that needs to be exchangeable in tests.
type Vulnerability ¶ added in v1.51.0
type Vulnerability struct { Name string `json:"name,omitempty"` Type string `json:"type,omitempty"` Severity string `json:"severity,omitempty"` Score float64 `json:"score,omitempty"` CVSS3Severity string `json:"cvss3_severity,omitempty"` CVSS3Score float64 `json:"cvss3_score,omitempty"` PublishDate string `json:"publishDate,omitempty"` URL string `json:"url,omitempty"` Description string `json:"description,omitempty"` TopFix Fix `json:"topFix,omitempty"` AllFixes []Fix `json:"allFixes,omitempty"` FixResolutionText string `json:"fixResolutionText,omitempty"` References []Reference `json:"references,omitempty"` }
Vulnerability defines a vulnerability as returned by WhiteSource