dtrack

package module
v0.13.1 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Nov 7, 2024 License: Apache-2.0 Imports: 18 Imported by: 0

README

client-go

CI PkgGoDev License

Go client library for OWASP Dependency-Track

Introduction

client-go is a Go library to interact with Dependency-Track's REST API, making it easy to implement custom automation around Dependency-Track.

Example use-cases include:

  • Interacting with Dependency-Track in CI/CD pipelines
    • e.g. to implement quality gates, or generate build reports
  • Uploading BOMs of various origins
    • e.g. from all containers running in a Kubernetes cluster, see sbom-operator
  • Reacting to Webhook notifications
    • e.g. to automate analysis decisions on findings, see dtapac
  • Reporting and tracking of portfolio metrics in specialized systems

Installation

go get github.com/ad8-adriant/deptrack-client-go

Compatibility

client-go Version Go Version Dependency-Track Version
v0.8.0 1.18+ 4.0.0+
v0.9.0+ 1.19+ 4.0.0+

Usage

Please refer to the documentation.

API Coverage

client-go primarily covers those parts of the Dependency-Track API that the community has an explicit need for. If you'd like to use this library, and your desired functionality is not yet available, please consider creating a PR.

Documentation

Overview

Example (FetchAllFindings)

This example demonstrates how to fetch all findings for a given project.

package main

import (
	"context"

	dtrack "github.com/ad8-adriant/deptrack-client-go"
	"github.com/google/uuid"
)

func main() {
	client, _ := dtrack.NewClient("https://dtrack.example.com", dtrack.WithAPIKey("..."))
	projectUUID := uuid.MustParse("2d16089e-6d3a-437e-b334-f27eb2cbd7f4")

	_, err := dtrack.FetchAll(func(po dtrack.PageOptions) (dtrack.Page[dtrack.Finding], error) {
		return client.Finding.GetAll(context.TODO(), projectUUID, false, po)
	})
	if err != nil {
		panic(err)
	}
}
Output:

Example (UploadBOM)

This example demonstrates how to upload a Bill of Materials and wait for its processing to complete.

package main

import (
	"context"
	"encoding/base64"
	"fmt"
	"os"
	"time"

	dtrack "github.com/ad8-adriant/deptrack-client-go"
)

func main() {
	client, _ := dtrack.NewClient("https://dtrack.example.com", dtrack.WithAPIKey("..."))

	bomContent, err := os.ReadFile("bom.xml")
	if err != nil {
		panic(err)
	}

	uploadToken, err := client.BOM.Upload(context.TODO(), dtrack.BOMUploadRequest{
		ProjectName:    "acme-app",
		ProjectVersion: "1.0.0",
		AutoCreate:     true,
		BOM:            base64.StdEncoding.EncodeToString(bomContent),
	})
	if err != nil {
		panic(err)
	}

	var (
		doneChan = make(chan struct{})
		errChan  = make(chan error)
		ticker   = time.NewTicker(1 * time.Second)
		timeout  = time.After(30 * time.Second)
	)

	go func() {
		defer func() {
			close(doneChan)
			close(errChan)
		}()

		for {
			select {
			case <-ticker.C:
				processing, err := client.BOM.IsBeingProcessed(context.TODO(), uploadToken)
				if err != nil {
					errChan <- err
					return
				}
				if !processing {
					doneChan <- struct{}{}
					return
				}
			case <-timeout:
				errChan <- fmt.Errorf("timeout exceeded")
				return
			}
		}
	}()

	select {
	case <-doneChan:
		fmt.Println("bom processing completed")
	case <-errChan:
		fmt.Printf("failed to wait for bom processing: %v\n", err)
	}
}
Output:

Index

Examples

Constants

View Source
const (
	DefaultTimeout   = 10 * time.Second
	DefaultUserAgent = "github.com/ad8-adriant/deptrack-client-go"
)
View Source
const (
	RepositoryTypeCargo       = "CARGO"
	RepositoryTypeComposer    = "COMPOSER"
	RepositoryTypeCpan        = "CPAN"
	RepositoryTypeGem         = "GEM"
	RepositoryTypeGoModules   = "GO_MODULES"
	RepositoryTypeHex         = "HEX"
	RepositoryTypeMaven       = "MAVEN"
	RepositoryTypeNpm         = "NPM"
	RepositoryTypeNuget       = "NUGET"
	RepositoryTypePypi        = "PYPI"
	RepositoryTypeUnsupported = "UNSUPPORTED"
)

Variables

This section is empty.

Functions

func FetchAll

func FetchAll[T any](pageFetchFunc func(po PageOptions) (Page[T], error)) (items []T, err error)

FetchAll is a convenience function to retrieve all items of a paginated API resource.

func ForEach

func ForEach[T any](pageFetchFunc func(po PageOptions) (Page[T], error), handlerFunc func(item T) error) (err error)

ForEach is a convenience function to perform an action on every item of a paginated API resource.

Types

type APIError

type APIError struct {
	StatusCode int
	Message    string
}

func (APIError) Error

func (e APIError) Error() string

type APIKey

type APIKey struct {
	Key string `json:"key"`
}

type About

type About struct {
	UUID        uuid.UUID      `json:"uuid"`
	SystemUUID  uuid.UUID      `json:"systemUuid"`
	Application string         `json:"application"`
	Version     string         `json:"version"`
	Timestamp   string         `json:"timestamp"`
	Framework   AboutFramework `json:"framework"`
}

type AboutFramework

type AboutFramework struct {
	UUID      uuid.UUID `json:"uuid"`
	Name      string    `json:"name"`
	Version   string    `json:"version"`
	Timestamp string    `json:"timestamp"`
}

type AboutService

type AboutService struct {
	// contains filtered or unexported fields
}

func (AboutService) Get

func (as AboutService) Get(ctx context.Context) (a About, err error)

type Analysis

type Analysis struct {
	Comments      []AnalysisComment     `json:"analysisComments"`
	State         AnalysisState         `json:"analysisState"`
	Justification AnalysisJustification `json:"analysisJustification"`
	Response      AnalysisResponse      `json:"analysisResponse"`
	Details       string                `json:"analysisDetails"`
	Suppressed    bool                  `json:"isSuppressed"`
}

type AnalysisComment

type AnalysisComment struct {
	Comment   string `json:"comment"`
	Commenter string `json:"commenter"`
	Timestamp int    `json:"timestamp"`
}

type AnalysisJustification

type AnalysisJustification string
const (
	AnalysisJustificationCodeNotPresent               AnalysisJustification = "CODE_NOT_PRESENT"
	AnalysisJustificationCodeNotReachable             AnalysisJustification = "CODE_NOT_REACHABLE"
	AnalysisJustificationNotSet                       AnalysisJustification = "NOT_SET"
	AnalysisJustificationProtectedAtPerimeter         AnalysisJustification = "PROTECTED_AT_PERIMETER"
	AnalysisJustificationProtectedAtRuntime           AnalysisJustification = "PROTECTED_AT_RUNTIME"
	AnalysisJustificationProtectedByCompiler          AnalysisJustification = "PROTECTED_BY_COMPILER"
	AnalysisJustificationProtectedByMitigatingControl AnalysisJustification = "PROTECTED_BY_MITIGATING_CONTROL"
	AnalysisJustificationRequiresConfiguration        AnalysisJustification = "REQUIRES_CONFIGURATION"
	AnalysisJustificationRequiresDependency           AnalysisJustification = "REQUIRES_DEPENDENCY"
	AnalysisJustificationRequiresEnvironment          AnalysisJustification = "REQUIRES_ENVIRONMENT"
)

type AnalysisRequest

type AnalysisRequest struct {
	Component     uuid.UUID             `json:"component"`
	Project       uuid.UUID             `json:"project"`
	Vulnerability uuid.UUID             `json:"vulnerability"`
	Comment       string                `json:"comment,omitempty"`
	State         AnalysisState         `json:"analysisState,omitempty"`
	Justification AnalysisJustification `json:"analysisJustification,omitempty"`
	Response      AnalysisResponse      `json:"analysisResponse,omitempty"`
	Details       string                `json:"analysisDetails,omitempty"`
	Suppressed    *bool                 `json:"isSuppressed,omitempty"`
}

type AnalysisResponse

type AnalysisResponse string
const (
	AnalysisResponseCanNotFix           AnalysisResponse = "CAN_NOT_FIX"
	AnalysisResponseNotSet              AnalysisResponse = "NOT_SET"
	AnalysisResponseRollback            AnalysisResponse = "ROLLBACK"
	AnalysisResponseUpdate              AnalysisResponse = "UPDATE"
	AnalysisResponseWillNotFix          AnalysisResponse = "WILL_NOT_FIX"
	AnalysisResponseWorkaroundAvailable AnalysisResponse = "WORKAROUND_AVAILABLE"
)

type AnalysisService

type AnalysisService struct {
	// contains filtered or unexported fields
}

func (AnalysisService) Create

func (as AnalysisService) Create(ctx context.Context, analysisReq AnalysisRequest) (a Analysis, err error)

func (AnalysisService) Get

func (as AnalysisService) Get(ctx context.Context, component, project, vulnerability uuid.UUID) (a Analysis, err error)

type AnalysisState

type AnalysisState string
const (
	AnalysisStateExploitable   AnalysisState = "EXPLOITABLE"
	AnalysisStateFalsePositive AnalysisState = "FALSE_POSITIVE"
	AnalysisStateInTriage      AnalysisState = "IN_TRIAGE"
	AnalysisStateNotAffected   AnalysisState = "NOT_AFFECTED"
	AnalysisStateNotSet        AnalysisState = "NOT_SET"
	AnalysisStateResolved      AnalysisState = "RESOLVED"
)

type BOMFormat

type BOMFormat string
const (
	BOMFormatJSON BOMFormat = "JSON"
	BOMFormatXML  BOMFormat = "XML"
)

type BOMService

type BOMService struct {
	// contains filtered or unexported fields
}

func (BOMService) ExportComponent

func (bs BOMService) ExportComponent(ctx context.Context, componentUUID uuid.UUID, format BOMFormat) (bom string, err error)

func (BOMService) ExportProject

func (bs BOMService) ExportProject(ctx context.Context, projectUUID uuid.UUID, format BOMFormat, variant BOMVariant) (bom string, err error)

func (BOMService) IsBeingProcessed

func (bs BOMService) IsBeingProcessed(ctx context.Context, token BOMUploadToken) (bool, error)

func (BOMService) PostBom

func (bs BOMService) PostBom(ctx context.Context, uploadReq BOMUploadRequest) (token BOMUploadToken, err error)

func (BOMService) Upload

func (bs BOMService) Upload(ctx context.Context, uploadReq BOMUploadRequest) (token BOMUploadToken, err error)

type BOMUploadRequest

type BOMUploadRequest struct {
	ProjectUUID    *uuid.UUID `json:"project,omitempty"`
	ProjectName    string     `json:"projectName,omitempty"`
	ProjectVersion string     `json:"projectVersion,omitempty"`
	ParentUUID     *uuid.UUID `json:"parentUUID,omitempty"`    // Since v4.8.0
	ParentName     string     `json:"parentName,omitempty"`    // Since v4.8.0
	ParentVersion  string     `json:"parentVersion,omitempty"` // Since v4.8.0
	AutoCreate     bool       `json:"autoCreate"`
	BOM            string     `json:"bom"`
}

type BOMUploadToken

type BOMUploadToken string

type BOMVariant

type BOMVariant string
const (
	BOMVariantInventory           BOMVariant = "inventory"
	BOMVariantVDR                 BOMVariant = "vdr" // Since v4.7.0
	BOMVariantWithVulnerabilities BOMVariant = "withVulnerabilities"
)

type CWE

type CWE struct {
	ID   int    `json:"cweId"`
	Name string `json:"name"`
}

type Client

type Client struct {
	About             AboutService
	Analysis          AnalysisService
	BOM               BOMService
	Component         ComponentService
	Finding           FindingService
	License           LicenseService
	Metrics           MetricsService
	OIDC              OIDCService
	Permission        PermissionService
	Policy            PolicyService
	PolicyCondition   PolicyConditionService
	PolicyViolation   PolicyViolationService
	Project           ProjectService
	ProjectProperty   ProjectPropertyService
	Repository        RepositoryService
	Team              TeamService
	User              UserService
	VEX               VEXService
	ViolationAnalysis ViolationAnalysisService
	Vulnerability     VulnerabilityService
	// contains filtered or unexported fields
}

func NewClient

func NewClient(baseURL string, options ...ClientOption) (*Client, error)

func (Client) BaseURL

func (c Client) BaseURL() *url.URL

BaseURL provides a copy of the Dependency-Track base URL.

type ClientOption

type ClientOption func(*Client) error

func WithAPIKey

func WithAPIKey(apiKey string) ClientOption

func WithBearerToken

func WithBearerToken(token string) ClientOption

func WithDebug

func WithDebug(debug bool) ClientOption

WithDebug toggles the debug mode. When enabled, HTTP requests and responses will be logged to stderr. DO NOT USE IN PRODUCTION, authorization headers are not cleared!

func WithHttpClient

func WithHttpClient(client *http.Client) ClientOption

WithHttpClient overrides the default HttpClient.

func WithMTLS

func WithMTLS(caCertFile string, clientCertFile string, clientKeyFile string) ClientOption

WithMTLS configures the http client to use client certificates

func WithTimeout

func WithTimeout(timeout time.Duration) ClientOption

WithTimeout overrides the default timeout.

func WithUserAgent

func WithUserAgent(userAgent string) ClientOption

WithUserAgent overrides the default user agent.

type Component

type Component struct {
	UUID               uuid.UUID           `json:"uuid,omitempty"`
	Author             string              `json:"author,omitempty"`
	Publisher          string              `json:"publisher,omitempty"`
	Group              string              `json:"group,omitempty"`
	Name               string              `json:"name"`
	Version            string              `json:"version"`
	Classifier         string              `json:"classifier,omitempty"`
	FileName           string              `json:"filename,omitempty"`
	Extension          string              `json:"extension,omitempty"`
	MD5                string              `json:"md5,omitempty"`
	SHA1               string              `json:"sha1,omitempty"`
	SHA256             string              `json:"sha256,omitempty"`
	SHA384             string              `json:"sha384,omitempty"`
	SHA512             string              `json:"sha512,omitempty"`
	SHA3_256           string              `json:"sha3_256,omitempty"`
	SHA3_384           string              `json:"sha3_384,omitempty"`
	SHA3_512           string              `json:"sha3_512,omitempty"`
	BLAKE2b_256        string              `json:"blake2b_256,omitempty"`
	BLAKE2b_384        string              `json:"blake2b_384,omitempty"`
	BLAKE2b_512        string              `json:"blake2b_512,omitempty"`
	BLAKE3             string              `json:"blake3,omitempty"`
	CPE                string              `json:"cpe,omitempty"`
	PURL               string              `json:"purl,omitempty"`
	SWIDTagID          string              `json:"swidTagId,omitempty"`
	Internal           bool                `json:"isInternal,omitempty"`
	Description        string              `json:"description,omitempty"`
	Copyright          string              `json:"copyright,omitempty"`
	License            string              `json:"license,omitempty"`
	ResolvedLicense    *License            `json:"resolvedLicense,omitempty"`
	DirectDependencies string              `json:"directDependencies,omitempty"`
	Notes              string              `json:"notes,omitempty"`
	ExternalReferences []ExternalReference `json:"externalReferences,omitempty"`
}

type ComponentService

type ComponentService struct {
	// contains filtered or unexported fields
}

func (ComponentService) Create

func (cs ComponentService) Create(ctx context.Context, projectUUID string, component Component) (c Component, err error)

func (ComponentService) Get

func (cs ComponentService) Get(ctx context.Context, componentUUID uuid.UUID) (c Component, err error)

func (ComponentService) GetAll

func (cs ComponentService) GetAll(ctx context.Context, projectUUID uuid.UUID, po PageOptions) (p Page[Component], err error)

func (ComponentService) Update

func (cs ComponentService) Update(ctx context.Context, component Component) (c Component, err error)

type ExternalReference

type ExternalReference struct {
	Type    string `json:"type,omitempty"`
	URL     string `json:"url,omitempty"`
	Comment string `json:"comment,omitempty"`
}

type Finding

type Finding struct {
	Attribution   FindingAttribution   `json:"attribution"`
	Analysis      FindingAnalysis      `json:"analysis"`
	Component     FindingComponent     `json:"component"`
	Matrix        string               `json:"matrix"`
	Vulnerability FindingVulnerability `json:"vulnerability"`
}

type FindingAnalysis

type FindingAnalysis struct {
	State      string `json:"state"`
	Suppressed bool   `json:"isSuppressed"`
}

type FindingAttribution

type FindingAttribution struct {
	AlternateIdentifier string    `json:"alternateIdentifier"`
	AnalyzerIdentity    string    `json:"analyzerIdentity"`
	AttributedOn        int       `json:"attributedOn"`
	ReferenceURL        string    `json:"referenceUrl"`
	UUID                uuid.UUID `json:"uuid"`
}

type FindingComponent

type FindingComponent struct {
	UUID          uuid.UUID `json:"uuid"`
	Group         string    `json:"group"`
	Name          string    `json:"name"`
	Version       string    `json:"version"`
	CPE           string    `json:"cpe"`
	PURL          string    `json:"purl"`
	LatestVersion string    `json:"latestVersion"`
	Project       uuid.UUID `json:"project"`
}

type FindingService

type FindingService struct {
	// contains filtered or unexported fields
}

func (FindingService) AnalyzeProject

func (f FindingService) AnalyzeProject(ctx context.Context, projectUUID uuid.UUID) (token BOMUploadToken, err error)

AnalyzeProject triggers an analysis for a given project. This feature is available in Dependency-Track v4.7.0 and newer.

func (FindingService) ExportFPF

func (f FindingService) ExportFPF(ctx context.Context, projectUUID uuid.UUID) (d []byte, err error)

ExportFPF exports the findings of a given project in the File Packaging Format (FPF).

func (FindingService) GetAll

func (f FindingService) GetAll(ctx context.Context, projectUUID uuid.UUID, suppressed bool, po PageOptions) (p Page[Finding], err error)

GetAll fetches all findings for a given project.

type FindingVulnerability

type FindingVulnerability struct {
	UUID                        uuid.UUID            `json:"uuid"`
	VulnID                      string               `json:"vulnId"`
	Source                      string               `json:"source"`
	Aliases                     []VulnerabilityAlias `json:"aliases"`
	Title                       string               `json:"title"`
	SubTitle                    string               `json:"subTitle"`
	Description                 string               `json:"description"`
	Recommendation              string               `json:"recommendation"`
	CVSSV2BaseScore             float64              `json:"cvssV2BaseScore"`
	CVSSV3BaseScore             float64              `json:"cvssV3BaseScore"`
	Severity                    string               `json:"severity"`
	SeverityRank                int                  `json:"severityRank"`
	OWASPRRBusinessImpactScore  float64              `json:"owaspBusinessImpactScore"`
	OWASPRRLikelihoodScore      float64              `json:"owaspLikelihoodScore"`
	OWASPRRTechnicalImpactScore float64              `json:"owaspTechnicalImpactScore"`
	EPSSScore                   float64              `json:"epssScore"`
	EPSSPercentile              float64              `json:"epssPercentile"`
	CWEs                        []CWE                `json:"cwes"`
}

type License

type License struct {
	UUID                uuid.UUID `json:"uuid"`
	Name                string    `json:"name"`
	Text                string    `json:"text"`
	Template            string    `json:"template"`
	Header              string    `json:"header"`
	Comment             string    `json:"comment"`
	LicenseID           string    `json:"licenseId"`
	OSIApproved         bool      `json:"isOsiApproved"`
	FSFLibre            bool      `json:"isFsfLibre"`
	DeprecatedLicenseID bool      `json:"isDeprecatedLicenseId"`
	SeeAlso             []string  `json:"seeAlso"`
}

type LicenseService

type LicenseService struct {
	// contains filtered or unexported fields
}

func (LicenseService) GetAll

func (l LicenseService) GetAll(ctx context.Context, po PageOptions) (p Page[License], err error)

type MetricsService

type MetricsService struct {
	// contains filtered or unexported fields
}

func (MetricsService) LatestPortfolioMetrics

func (ms MetricsService) LatestPortfolioMetrics(ctx context.Context) (m PortfolioMetrics, err error)

func (MetricsService) LatestProjectMetrics

func (ms MetricsService) LatestProjectMetrics(ctx context.Context, projectUUID uuid.UUID) (m ProjectMetrics, err error)

func (MetricsService) PortfolioMetricsSince

func (ms MetricsService) PortfolioMetricsSince(ctx context.Context, date time.Time) (m []PortfolioMetrics, err error)

func (MetricsService) PortfolioMetricsSinceDays

func (ms MetricsService) PortfolioMetricsSinceDays(ctx context.Context, days uint) (m []PortfolioMetrics, err error)

func (MetricsService) ProjectMetricsSince

func (ms MetricsService) ProjectMetricsSince(ctx context.Context, projectUUID uuid.UUID, date time.Time) (m []ProjectMetrics, err error)

func (MetricsService) ProjectMetricsSinceDays

func (ms MetricsService) ProjectMetricsSinceDays(ctx context.Context, projectUUID uuid.UUID, days uint) (m []ProjectMetrics, err error)

func (MetricsService) RefreshPortfolioMetrics

func (ms MetricsService) RefreshPortfolioMetrics(ctx context.Context) (err error)

func (MetricsService) RefreshProjectMetrics

func (ms MetricsService) RefreshProjectMetrics(ctx context.Context, projectUUID uuid.UUID) (err error)

type OIDCGroup

type OIDCGroup struct {
	Name string    `json:"name,omitempty"`
	UUID uuid.UUID `json:"uuid,omitempty"`
}

type OIDCMapping

type OIDCMapping struct {
	Group OIDCGroup `json:"group"`
	UUID  uuid.UUID `json:"uuid"`
}

type OIDCMappingRequest

type OIDCMappingRequest struct {
	Team  uuid.UUID `json:"team"`
	Group uuid.UUID `json:"group"`
}

type OIDCService

type OIDCService struct {
	// contains filtered or unexported fields
}

func (OIDCService) AddTeamMapping

func (s OIDCService) AddTeamMapping(ctx context.Context, mapping OIDCMappingRequest) (m OIDCMapping, err error)

func (OIDCService) Available

func (s OIDCService) Available(ctx context.Context) (available bool, err error)

func (OIDCService) CreateGroup

func (s OIDCService) CreateGroup(ctx context.Context, name string) (g OIDCGroup, err error)

func (OIDCService) DeleteGroup

func (s OIDCService) DeleteGroup(ctx context.Context, groupUUID uuid.UUID) (err error)

func (OIDCService) GetAllGroups

func (s OIDCService) GetAllGroups(ctx context.Context, po PageOptions) (p Page[OIDCGroup], err error)

func (OIDCService) GetAllTeamsOf

func (s OIDCService) GetAllTeamsOf(ctx context.Context, group OIDCGroup, po PageOptions) (p Page[Team], err error)

func (OIDCService) RemoveTeamMapping

func (s OIDCService) RemoveTeamMapping(ctx context.Context, mappingID uuid.UUID) (err error)

func (OIDCService) UpdateGroup

func (s OIDCService) UpdateGroup(ctx context.Context, group OIDCGroup) (g OIDCGroup, err error)

type Page

type Page[T any] struct {
	Items      []T // Items on this page
	TotalCount int // Total number of items
}

type PageOptions

type PageOptions struct {
	Offset     int // Offset of the elements to return
	PageNumber int // Page to return
	PageSize   int // Amount of elements to return per page
}

type ParentRef

type ParentRef struct {
	UUID uuid.UUID `json:"uuid,omitempty"`
}

type Permission

type Permission struct {
	Name        string `json:"name"`
	Description string `json:"description"`
}

type PermissionService

type PermissionService struct {
	// contains filtered or unexported fields
}

func (PermissionService) AddPermissionToTeam

func (ps PermissionService) AddPermissionToTeam(ctx context.Context, permission Permission, team uuid.UUID) (t Team, err error)

func (PermissionService) GetAll

func (ps PermissionService) GetAll(ctx context.Context, po PageOptions) (p Page[Permission], err error)

func (PermissionService) RemovePermissionFromTeam

func (ps PermissionService) RemovePermissionFromTeam(ctx context.Context, permission Permission, team uuid.UUID) (t Team, err error)

type Policy

type Policy struct {
	UUID             uuid.UUID            `json:"uuid,omitempty"`
	Name             string               `json:"name"`
	Operator         PolicyOperator       `json:"operator"`
	ViolationState   PolicyViolationState `json:"violationState"`
	PolicyConditions []PolicyCondition    `json:"policyConditions,omitempty"`
	IncludeChildren  bool                 `json:"includeChildren,omitempty"`
	Global           bool                 `json:"global,omitempty"`
	Projects         []Project            `json:"projects,omitempty"`
	Tags             []Tag                `json:"tags,omitempty"`
}

type PolicyCondition

type PolicyCondition struct {
	UUID     uuid.UUID               `json:"uuid,omitempty"`
	Policy   *Policy                 `json:"policy,omitempty"`
	Operator PolicyConditionOperator `json:"operator"`
	Subject  PolicyConditionSubject  `json:"subject"`
	Value    string                  `json:"value"`
}

type PolicyConditionOperator

type PolicyConditionOperator string
const (
	PolicyConditionOperatorIs                        PolicyConditionOperator = "IS"
	PolicyConditionOperatorIsNot                     PolicyConditionOperator = "IS_NOT"
	PolicyConditionOperatorMatches                   PolicyConditionOperator = "MATCHES"
	PolicyConditionOperatorNoMatch                   PolicyConditionOperator = "NO_MATCH"
	PolicyConditionOperatorNumericGreaterThan        PolicyConditionOperator = "NUMERIC_GREATER_THAN"
	PolicyConditionOperatorNumericLessThan           PolicyConditionOperator = "NUMERIC_LESS_THAN"
	PolicyConditionOperatorNumericEqual              PolicyConditionOperator = "NUMERIC_EQUAL"
	PolicyConditionOperatorNumericNotEqual           PolicyConditionOperator = "NUMERIC_NOT_EQUAL"
	PolicyConditionOperatorNumericGreaterThanOrEqual PolicyConditionOperator = "NUMERIC_GREATER_THAN_OR_EQUAL"
	PolicyConditionOperatorNumericLesserThanOrEqual  PolicyConditionOperator = "NUMERIC_LESSER_THAN_OR_EQUAL"
	PolicyConditionOperatorContainsAll               PolicyConditionOperator = "CONTAINS_ALL"
	PolicyConditionOperatorContainsAny               PolicyConditionOperator = "CONTAINS_ANY"
)

type PolicyConditionService

type PolicyConditionService struct {
	// contains filtered or unexported fields
}

func (PolicyConditionService) Create

func (pcs PolicyConditionService) Create(ctx context.Context, policyUUID uuid.UUID, policyCondition PolicyCondition) (p PolicyCondition, err error)

func (PolicyConditionService) Delete

func (pcs PolicyConditionService) Delete(ctx context.Context, policyConditionUUID uuid.UUID) (err error)

func (PolicyConditionService) Update

func (pcs PolicyConditionService) Update(ctx context.Context, policyCondition PolicyCondition) (p PolicyCondition, err error)

type PolicyConditionSubject

type PolicyConditionSubject string
const (
	PolicyConditionSubjectAge             PolicyConditionSubject = "AGE"
	PolicyConditionSubjectCoordinates     PolicyConditionSubject = "COORDINATES"
	PolicyConditionSubjectCPE             PolicyConditionSubject = "CPE"
	PolicyConditionSubjectLicense         PolicyConditionSubject = "LICENSE"
	PolicyConditionSubjectLicenseGroup    PolicyConditionSubject = "LICENSE_GROUP"
	PolicyConditionSubjectPackageURL      PolicyConditionSubject = "PACKAGE_URL"
	PolicyConditionSubjectSeverity        PolicyConditionSubject = "SEVERITY"
	PolicyConditionSubjectSWIDTagID       PolicyConditionSubject = "SWID_TAGID"
	PolicyConditionSubjectVersion         PolicyConditionSubject = "VERSION"
	PolicyConditionSubjectComponentHash   PolicyConditionSubject = "COMPONENT_HASH"
	PolicyConditionSubjectCWE             PolicyConditionSubject = "CWE"
	PolicyConditionSubjectVulnerabilityID PolicyConditionSubject = "VULNERABILITY_ID"
)

type PolicyOperator

type PolicyOperator string
const (
	PolicyOperatorAll PolicyOperator = "ALL"
	PolicyOperatorAny PolicyOperator = "ANY"
)

type PolicyService

type PolicyService struct {
	// contains filtered or unexported fields
}

func (PolicyService) AddProject

func (ps PolicyService) AddProject(ctx context.Context, policyUUID, projectUUID uuid.UUID) (p Policy, err error)

func (PolicyService) AddTag

func (ps PolicyService) AddTag(ctx context.Context, policyUUID uuid.UUID, tagName string) (p Policy, err error)

func (PolicyService) Create

func (ps PolicyService) Create(ctx context.Context, policy Policy) (p Policy, err error)

func (PolicyService) Delete

func (ps PolicyService) Delete(ctx context.Context, policyUUID uuid.UUID) (err error)

func (PolicyService) DeleteProject

func (ps PolicyService) DeleteProject(ctx context.Context, policyUUID, projectUUID uuid.UUID) (p Policy, err error)

func (PolicyService) DeleteTag

func (ps PolicyService) DeleteTag(ctx context.Context, policyUUID uuid.UUID, tagName string) (p Policy, err error)

func (PolicyService) Get

func (ps PolicyService) Get(ctx context.Context, policyUUID uuid.UUID) (p Policy, err error)

func (PolicyService) GetAll

func (ps PolicyService) GetAll(ctx context.Context, po PageOptions) (p Page[Policy], err error)

func (PolicyService) Update

func (ps PolicyService) Update(ctx context.Context, policy Policy) (p Policy, err error)

type PolicyViolation

type PolicyViolation struct {
	UUID            uuid.UUID
	Component       Component          `json:"component"`
	Project         Project            `json:"project"`
	PolicyCondition *PolicyCondition   `json:"policyCondition,omitempty"`
	Type            string             `json:"type"`
	Text            string             `json:"text"`
	Analysis        *ViolationAnalysis `json:"analysis,omitempty"`
}

type PolicyViolationService

type PolicyViolationService struct {
	// contains filtered or unexported fields
}

func (PolicyViolationService) GetAll

func (pvs PolicyViolationService) GetAll(ctx context.Context, suppressed bool, po PageOptions) (p Page[PolicyViolation], err error)

func (PolicyViolationService) GetAllForComponent

func (pvs PolicyViolationService) GetAllForComponent(ctx context.Context, componentUUID uuid.UUID, suppressed bool, po PageOptions) (p Page[PolicyViolation], err error)

func (PolicyViolationService) GetAllForProject

func (pvs PolicyViolationService) GetAllForProject(ctx context.Context, projectUUID uuid.UUID, suppressed bool, po PageOptions) (p Page[PolicyViolation], err error)

type PolicyViolationState

type PolicyViolationState string
const (
	PolicyViolationStateInfo PolicyViolationState = "INFO"
	PolicyViolationStateWarn PolicyViolationState = "WARN"
	PolicyViolationStateFail PolicyViolationState = "FAIL"
)

type PortfolioMetrics

type PortfolioMetrics struct {
	FirstOccurrence                      int     `json:"firstOccurrence"`
	LastOccurrence                       int     `json:"lastOccurrence"`
	InheritedRiskScore                   float64 `json:"inheritedRiskScore"`
	Vulnerabilities                      int     `json:"vulnerabilities"`
	VulnerableProjects                   int     `json:"vulnerableProjects"`
	VulnerableComponents                 int     `json:"vulnerableComponents"`
	Projects                             int     `json:"projects"`
	Components                           int     `json:"components"`
	Suppressed                           int     `json:"suppressed"`
	Critical                             int     `json:"critical"`
	High                                 int     `json:"high"`
	Medium                               int     `json:"medium"`
	Low                                  int     `json:"low"`
	Unassigned                           int     `json:"unassigned"`
	FindingsTotal                        int     `json:"findingsTotal"`
	FindingsAudited                      int     `json:"findingsAudited"`
	FindingsUnaudited                    int     `json:"findingsUnaudited"`
	PolicyViolationsTotal                int     `json:"policyViolationsTotal"`
	PolicyViolationsFail                 int     `json:"policyViolationsFail"`
	PolicyViolationsWarn                 int     `json:"policyViolationsWarn"`
	PolicyViolationsInfo                 int     `json:"policyViolationsInfo"`
	PolicyViolationsAudited              int     `json:"policyViolationsAudited"`
	PolicyViolationsUnaudited            int     `json:"policyViolationsUnaudited"`
	PolicyViolationsSecurityTotal        int     `json:"policyViolationsSecurityTotal"`
	PolicyViolationsSecurityAudited      int     `json:"policyViolationsSecurityAudited"`
	PolicyViolationsSecurityUnaudited    int     `json:"policyViolationsSecurityUnaudited"`
	PolicyViolationsLicenseTotal         int     `json:"policyViolationsLicenseTotal"`
	PolicyViolationsLicenseAudited       int     `json:"policyViolationsLicenseAudited"`
	PolicyViolationsLicenseUnaudited     int     `json:"policyViolationsLicenseUnaudited"`
	PolicyViolationsOperationalTotal     int     `json:"policyViolationsOperationalTotal"`
	PolicyViolationsOperationalAudited   int     `json:"policyViolationsOperationalAudited"`
	PolicyViolationsOperationalUnaudited int     `json:"policyViolationsOperationalUnaudited"`
}

type Project

type Project struct {
	UUID               uuid.UUID         `json:"uuid,omitempty"`
	Author             string            `json:"author,omitempty"`
	Publisher          string            `json:"publisher,omitempty"`
	Group              string            `json:"group,omitempty"`
	Name               string            `json:"name,omitempty"`
	Description        string            `json:"description,omitempty"`
	Version            string            `json:"version,omitempty"`
	Classifier         string            `json:"classifier,omitempty"`
	CPE                string            `json:"cpe,omitempty"`
	PURL               string            `json:"purl,omitempty"`
	SWIDTagID          string            `json:"swidTagId,omitempty"`
	DirectDependencies string            `json:"directDependencies,omitempty"`
	Properties         []ProjectProperty `json:"properties,omitempty"`
	Tags               []Tag             `json:"tags,omitempty"`
	Active             bool              `json:"active"`
	Metrics            ProjectMetrics    `json:"metrics"`
	ParentRef          *ParentRef        `json:"parent,omitempty"`
	LastBOMImport      int               `json:"lastBomImport"`
}

type ProjectCloneRequest

type ProjectCloneRequest struct {
	ProjectUUID         uuid.UUID `json:"project"`
	Version             string    `json:"version"`
	IncludeAuditHistory bool      `json:"includeAuditHistory"`
	IncludeComponents   bool      `json:"includeComponents"`
	IncludeProperties   bool      `json:"includeProperties"`
	IncludeServices     bool      `json:"includeServices"`
	IncludeTags         bool      `json:"includeTags"`
}

type ProjectMetrics

type ProjectMetrics struct {
	FirstOccurrence                      int     `json:"firstOccurrence"`
	LastOccurrence                       int     `json:"lastOccurrence"`
	InheritedRiskScore                   float64 `json:"inheritedRiskScore"`
	Vulnerabilities                      int     `json:"vulnerabilities"`
	VulnerableComponents                 int     `json:"vulnerableComponents"`
	Components                           int     `json:"components"`
	Suppressed                           int     `json:"suppressed"`
	Critical                             int     `json:"critical"`
	High                                 int     `json:"high"`
	Medium                               int     `json:"medium"`
	Low                                  int     `json:"low"`
	Unassigned                           int     `json:"unassigned"`
	FindingsTotal                        int     `json:"findingsTotal"`
	FindingsAudited                      int     `json:"findingsAudited"`
	FindingsUnaudited                    int     `json:"findingsUnaudited"`
	PolicyViolationsTotal                int     `json:"policyViolationsTotal"`
	PolicyViolationsFail                 int     `json:"policyViolationsFail"`
	PolicyViolationsWarn                 int     `json:"policyViolationsWarn"`
	PolicyViolationsInfo                 int     `json:"policyViolationsInfo"`
	PolicyViolationsAudited              int     `json:"policyViolationsAudited"`
	PolicyViolationsUnaudited            int     `json:"policyViolationsUnaudited"`
	PolicyViolationsSecurityTotal        int     `json:"policyViolationsSecurityTotal"`
	PolicyViolationsSecurityAudited      int     `json:"policyViolationsSecurityAudited"`
	PolicyViolationsSecurityUnaudited    int     `json:"policyViolationsSecurityUnaudited"`
	PolicyViolationsLicenseTotal         int     `json:"policyViolationsLicenseTotal"`
	PolicyViolationsLicenseAudited       int     `json:"policyViolationsLicenseAudited"`
	PolicyViolationsLicenseUnaudited     int     `json:"policyViolationsLicenseUnaudited"`
	PolicyViolationsOperationalTotal     int     `json:"policyViolationsOperationalTotal"`
	PolicyViolationsOperationalAudited   int     `json:"policyViolationsOperationalAudited"`
	PolicyViolationsOperationalUnaudited int     `json:"policyViolationsOperationalUnaudited"`
}

type ProjectProperty

type ProjectProperty struct {
	Group       string `json:"groupName"`
	Name        string `json:"propertyName"`
	Value       string `json:"propertyValue"`
	Type        string `json:"propertyType"`
	Description string `json:"description"`
}

type ProjectPropertyService

type ProjectPropertyService struct {
	// contains filtered or unexported fields
}

func (ProjectPropertyService) Create

func (ps ProjectPropertyService) Create(ctx context.Context, projectUUID uuid.UUID, property ProjectProperty) (p ProjectProperty, err error)

func (ProjectPropertyService) Delete

func (ps ProjectPropertyService) Delete(ctx context.Context, projectUUID uuid.UUID, groupName, propertyName string) (err error)

func (ProjectPropertyService) GetAll

func (ps ProjectPropertyService) GetAll(ctx context.Context, projectUUID uuid.UUID, po PageOptions) (p Page[ProjectProperty], err error)

func (ProjectPropertyService) Update

func (ps ProjectPropertyService) Update(ctx context.Context, projectUUID uuid.UUID, property ProjectProperty) (p ProjectProperty, err error)

type ProjectService

type ProjectService struct {
	// contains filtered or unexported fields
}

func (ProjectService) Clone

func (ps ProjectService) Clone(ctx context.Context, cloneReq ProjectCloneRequest) (err error)

func (ProjectService) Create

func (ps ProjectService) Create(ctx context.Context, project Project) (p Project, err error)

func (ProjectService) Delete

func (ps ProjectService) Delete(ctx context.Context, projectUUID uuid.UUID) (err error)

func (ProjectService) Get

func (ps ProjectService) Get(ctx context.Context, projectUUID uuid.UUID) (p Project, err error)

func (ProjectService) GetAll

func (ps ProjectService) GetAll(ctx context.Context, po PageOptions) (p Page[Project], err error)

func (ProjectService) GetAllByTag

func (ps ProjectService) GetAllByTag(ctx context.Context, tag string, excludeInactive, onlyRoot bool, po PageOptions) (p Page[Project], err error)

func (ProjectService) GetProjectsForName

func (ps ProjectService) GetProjectsForName(ctx context.Context, name string, excludeInactive, onlyRoot bool) (p []Project, err error)

func (ProjectService) Lookup

func (ps ProjectService) Lookup(ctx context.Context, name, version string) (p Project, err error)

func (ProjectService) Patch

func (ps ProjectService) Patch(ctx context.Context, projectUUID uuid.UUID, project Project) (p Project, err error)

func (ProjectService) Update

func (ps ProjectService) Update(ctx context.Context, project Project) (p Project, err error)

type Repository

type Repository struct {
	Type            RepositoryType `json:"type"`
	Identifier      string         `json:"identifier"`
	Url             string         `json:"url"`
	ResolutionOrder int            `json:"resolutionOrder"`
	Enabled         bool           `json:"enabled"`
	Internal        bool           `json:"internal"`
	Username        string         `json:"username,omitempty"`
	Password        string         `json:"password,omitempty"`
	UUID            uuid.UUID      `json:"uuid,omitempty"`
}

type RepositoryMetaComponent

type RepositoryMetaComponent struct {
	LatestVersion string `json:"latestVersion"`
}

type RepositoryService

type RepositoryService struct {
	// contains filtered or unexported fields
}

func (RepositoryService) Create

func (rs RepositoryService) Create(ctx context.Context, repo Repository) (r Repository, err error)

func (RepositoryService) Delete

func (rs RepositoryService) Delete(ctx context.Context, reposUUID uuid.UUID) (err error)

func (RepositoryService) GetAll

func (rs RepositoryService) GetAll(ctx context.Context, po PageOptions) (p Page[Repository], err error)

func (RepositoryService) GetByType

func (rs RepositoryService) GetByType(ctx context.Context, repoType RepositoryType, po PageOptions) (p Page[Repository], err error)

func (RepositoryService) GetMetaComponent

func (rs RepositoryService) GetMetaComponent(ctx context.Context, purl string) (r RepositoryMetaComponent, err error)

func (RepositoryService) Update

func (rs RepositoryService) Update(ctx context.Context, repo Repository) (r Repository, err error)

type RepositoryType

type RepositoryType string

type Tag

type Tag struct {
	Name string `json:"name"`
}

type Team

type Team struct {
	UUID             uuid.UUID     `json:"uuid,omitempty"`
	Name             string        `json:"name,omitempty"`
	APIKeys          []APIKey      `json:"apiKeys,omitempty"`
	Permissions      []Permission  `json:"permissions,omitempty"`
	MappedOIDCGroups []OIDCMapping `json:"mappedOidcGroups,omitempty"`
}

type TeamService

type TeamService struct {
	// contains filtered or unexported fields
}

func (TeamService) Create

func (ts TeamService) Create(ctx context.Context, team Team) (t Team, err error)

func (TeamService) Delete

func (ts TeamService) Delete(ctx context.Context, team Team) (err error)

func (TeamService) GenerateAPIKey

func (ts TeamService) GenerateAPIKey(ctx context.Context, teamUUID uuid.UUID) (key string, err error)

func (TeamService) Get

func (ts TeamService) Get(ctx context.Context, teamUUID uuid.UUID) (t Team, err error)

func (TeamService) GetAll

func (ts TeamService) GetAll(ctx context.Context, po PageOptions) (p Page[Team], err error)

func (TeamService) Update

func (ts TeamService) Update(ctx context.Context, team Team) (t Team, err error)

type UserService

type UserService struct {
	// contains filtered or unexported fields
}

func (UserService) ForceChangePassword

func (us UserService) ForceChangePassword(ctx context.Context, username, password, newPassword string) (err error)

func (UserService) Login

func (us UserService) Login(ctx context.Context, username, password string) (token string, err error)

type VEXService

type VEXService struct {
	// contains filtered or unexported fields
}

func (VEXService) ExportCycloneDX

func (vs VEXService) ExportCycloneDX(ctx context.Context, projectUUID uuid.UUID) (vex string, err error)

func (VEXService) Upload

func (vs VEXService) Upload(ctx context.Context, uploadReq VEXUploadRequest) (err error)

type VEXUploadRequest

type VEXUploadRequest struct {
	ProjectUUID    *uuid.UUID `json:"project,omitempty"`
	ProjectName    string     `json:"projectName,omitempty"`
	ProjectVersion string     `json:"projectVersion,omitempty"`
	VEX            string     `json:"vex"`
}

type ViolationAnalysis

type ViolationAnalysis struct {
	Comments   []ViolationAnalysisComment `json:"analysisComments"`
	State      ViolationAnalysisState     `json:"analysisState"`
	Suppressed bool                       `json:"isSuppressed"`
}

type ViolationAnalysisComment

type ViolationAnalysisComment struct {
	Comment   string `json:"comment"`
	Commenter string `json:"commenter"`
	Timestamp int    `json:"timestamp"`
}

type ViolationAnalysisRequest

type ViolationAnalysisRequest struct {
	Component       uuid.UUID              `json:"component"`
	PolicyViolation uuid.UUID              `json:"policyViolation"`
	Comment         string                 `json:"comment,omitempty"`
	State           ViolationAnalysisState `json:"analysisState,omitempty"`
	Suppressed      *bool                  `json:"isSuppressed,omitempty"`
}

type ViolationAnalysisService

type ViolationAnalysisService struct {
	// contains filtered or unexported fields
}

func (ViolationAnalysisService) Get

func (vas ViolationAnalysisService) Get(ctx context.Context, componentUUID, policyViolationUUID uuid.UUID) (va ViolationAnalysis, err error)

func (ViolationAnalysisService) Update

type ViolationAnalysisState

type ViolationAnalysisState string
const (
	ViolationAnalysisStateNotSet   ViolationAnalysisState = "NOT_SET"
	ViolationAnalysisStateApproved ViolationAnalysisState = "APPROVED"
	ViolationAnalysisStateRejected ViolationAnalysisState = "REJECTED"
)

type Vulnerability

type Vulnerability struct {
	UUID                         uuid.UUID            `json:"uuid"`
	VulnID                       string               `json:"vulnId"`
	Source                       string               `json:"source"`
	Aliases                      []VulnerabilityAlias `json:"aliases"`
	Title                        string               `json:"title"`
	SubTitle                     string               `json:"subTitle"`
	Description                  string               `json:"description"`
	Recommendation               string               `json:"recommendation"`
	References                   string               `json:"references"`
	Credits                      string               `json:"credits"`
	Created                      string               `json:"created"`
	Published                    string               `json:"published"`
	Updated                      string               `json:"updated"`
	CWE                          CWE                  `json:"cwe"`
	CWEs                         []CWE                `json:"cwes"`
	CVSSV2BaseScore              float64              `json:"cvssV2BaseScore"`
	CVSSV2ImpactSubScore         float64              `json:"cvssV2ImpactSubScore"`
	CVSSV2ExploitabilitySubScore float64              `json:"cvssV2ExploitabilitySubScore"`
	CVSSV2Vector                 string               `json:"cvssV2Vector"`
	CVSSV3BaseScore              float64              `json:"cvssV3BaseScore"`
	CVSSV3ImpactSubScore         float64              `json:"cvssV3ImpactSubScore"`
	CVSSV3ExploitabilitySubScore float64              `json:"cvssV3ExploitabilitySubScore"`
	CVSSV3Vector                 string               `json:"cvssV3Vector"`
	OWASPRRBusinessImpactScore   float64              `json:"owaspRRBusinessImpactScore"`
	OWASPRRLikelihoodScore       float64              `json:"owaspRRLikelihoodScore"`
	OWASPRRTechnicalImpactScore  float64              `json:"owaspRRTechnicalImpactScore"`
	OWASPRRVector                string               `json:"owaspRRVector"`
	Severity                     string               `json:"severity"`
	EPSSScore                    float64              `json:"epssScore"`
	EPSSPercentile               float64              `json:"epssPercentile"`
	VulnerableVersions           string               `json:"vulnerableVersions"`
	PatchedVersions              string               `json:"patchedVersions"`
	Components                   *[]Component         `json:"components,omitempty"`
}

type VulnerabilityAlias

type VulnerabilityAlias struct {
	CveID      string `json:"cveId"`      // ID of the vuln in the NVD
	GhsaID     string `json:"ghsaId"`     // ID of the vuln in GitHub
	GsdID      string `json:"gsdId"`      // ID of the vuln in the GSD
	InternalID string `json:"internalId"` // ID of the vuln in DT's internal database
	OsvID      string `json:"osvId"`      // ID of the vuln in OSV
	SonatypeId string `json:"sonatypeId"` // ID of the vuln in Sonatype's database
	SnykID     string `json:"snykId"`     // ID of the vuln in Snyk's database
	VulnDbID   string `json:"vulnDbId"`   // ID of the vuln in VulnDB
}

type VulnerabilityService

type VulnerabilityService struct {
	// contains filtered or unexported fields
}

func (VulnerabilityService) Assign

func (vs VulnerabilityService) Assign(ctx context.Context, vulnUUID, componentUUID uuid.UUID) (err error)

func (VulnerabilityService) Get

func (vs VulnerabilityService) Get(ctx context.Context, vulnUUID uuid.UUID) (v Vulnerability, err error)

func (VulnerabilityService) GetAllForComponent

func (vs VulnerabilityService) GetAllForComponent(ctx context.Context, componentUUID uuid.UUID, suppressed bool, po PageOptions) (p Page[Vulnerability], err error)

func (VulnerabilityService) GetAllForProject

func (vs VulnerabilityService) GetAllForProject(ctx context.Context, projectUUID uuid.UUID, suppressed bool, po PageOptions) (p Page[Vulnerability], err error)

func (VulnerabilityService) Unassign

func (vs VulnerabilityService) Unassign(ctx context.Context, vulnUUID, componentUUID uuid.UUID) (err error)

Directories

Path Synopsis
Package notification provides the functionality to process notifications sent by Dependency-Track.
Package notification provides the functionality to process notifications sent by Dependency-Track.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL