Documentation ¶
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type Advisories ¶
type Advisories struct {
Advisory []string `xml:"v:advisory"`
}
Advisories holds all the links for a vulnerability
type Component ¶
type Component struct { syftCDX.Component Vulnerabilities *[]Vulnerability `xml:"v:vulnerabilities>v:vulnerability,omitempty"` }
Component represents the a single software/package that has vulnerabilities.
type Document ¶
type Document struct { XMLName xml.Name `xml:"bom"` XMLNs string `xml:"xmlns,attr"` XMLNsBd string `xml:"xmlns:bd,attr"` XMLNsV string `xml:"xmlns:v,attr"` Version int `xml:"version,attr"` SerialNumber string `xml:"serialNumber,attr"` BomDescriptor *syftCDX.BomDescriptor `xml:"metadata"` Components []Component `xml:"components>component"` }
Document represents a CycloneDX Vulnerability Document.
func NewDocument ¶
func NewDocument(packages []pkg.Package, matches match.Matches, srcMetadata *source.Metadata, provider vulnerability.MetadataProvider) (Document, error)
NewDocument returns a CycloneDX Document object populated with the SBOM and vulnerability findings.
type Presenter ¶
type Presenter struct {
// contains filtered or unexported fields
}
Presenter writes a CycloneDX report from the given Catalog and Scope contents
func NewPresenter ¶
func NewPresenter(results match.Matches, packages []pkg.Package, srcMetadata *source.Metadata, metadataProvider vulnerability.MetadataProvider) *Presenter
NewPresenter is a *Presenter constructor
type Rating ¶
type Rating struct { Score Score `xml:"v:score"` Severity string `xml:"v:severity,omitempty"` Method string `xml:"v:method,omitempty"` Vector string `xml:"v:vector,omitempty"` }
Rating has information about the intensity of a vulnerability
type Score ¶
type Score struct { Base float64 `xml:"v:base"` Impact float64 `xml:"v:impact"` Exploitability float64 `xml:"v:exploitability"` }
Score provides the different ways to measure how serious a vulnerability is
type Source ¶
Source is the origin of the vulnerability, like Github Advisories or NVD, along with a URL constructed with the vulnerability ID
type Vulnerability ¶
type Vulnerability struct { Ref string `xml:"ref,attr"` ID string `xml:"v:id"` Source Source `xml:"v:source"` Ratings []Rating `xml:"v:ratings>v:rating"` // We do not capture Common Weakness Enumeration //Cwes Cwes `xml:"v:cwes"` Description string `xml:"v:description,omitempty"` // We don't have recommendations (e.g. "upgrade") //Recommendations *Recommendations `xml:"v:recommendations"` Advisories *Advisories `xml:"v:advisories,omitempty"` }
Vulnerability is the actual description of a vulnerable artifact
func NewVulnerability ¶
func NewVulnerability(m match.Match, p vulnerability.MetadataProvider) (Vulnerability, error)
NewVulnerability creates a Vulnerability document from a match and the metadata provider