Documentation
¶
Index ¶
- Variables
- func ApplyExplicitIgnoreRules(provider ExclusionProvider, matches Matches) (Matches, []IgnoredMatch)
- func ApplyIgnoreRules(matches Matches, rules []IgnoreRule) (Matches, []IgnoredMatch)
- func ConvertToIndirectMatches(matches []Match, p pkg.Package)
- type ByElements
- type Detail
- type Details
- type ExclusionProvider
- type Fingerprint
- type IgnoreRule
- type IgnoreRulePackage
- type IgnoredMatch
- type Match
- type MatcherType
- type Matches
- func (r *Matches) Add(matches ...Match)
- func (r *Matches) AllByPkgID() map[pkg.ID][]Match
- func (r *Matches) Count() int
- func (r *Matches) Diff(other Matches) *Matches
- func (r *Matches) Enumerate() <-chan Match
- func (r *Matches) GetByPkgID(id pkg.ID) (matches []Match)
- func (r *Matches) Merge(other Matches)
- func (r *Matches) Sorted() []Match
- type Type
Constants ¶
This section is empty.
Variables ¶
var AllMatcherTypes = []MatcherType{ ApkMatcher, RubyGemMatcher, DpkgMatcher, RpmMatcher, JavaMatcher, PythonMatcher, DotnetMatcher, JavascriptMatcher, MsrcMatcher, PortageMatcher, GoModuleMatcher, OpenVexMatcher, RustMatcher, }
var ErrCannotMerge = fmt.Errorf("unable to merge vulnerability matches")
Functions ¶
func ApplyExplicitIgnoreRules ¶ added in v0.28.0
func ApplyExplicitIgnoreRules(provider ExclusionProvider, matches Matches) (Matches, []IgnoredMatch)
ApplyExplicitIgnoreRules Filters out matches meeting the criteria defined above and those within the grype database
func ApplyIgnoreRules ¶ added in v0.21.1
func ApplyIgnoreRules(matches Matches, rules []IgnoreRule) (Matches, []IgnoredMatch)
ApplyIgnoreRules iterates through the provided matches and, for each match, determines if the match should be ignored, by evaluating if any of the provided IgnoreRules apply to the match. If any rules apply to the match, all applicable rules are attached to the Match to form an IgnoredMatch. ApplyIgnoreRules returns two collections: the matches that are not being ignored, and the matches that are being ignored.
func ConvertToIndirectMatches ¶ added in v0.33.0
Types ¶
type ByElements ¶ added in v0.13.0
type ByElements []Match
func (ByElements) Len ¶ added in v0.13.0
func (m ByElements) Len() int
Len is the number of elements in the collection.
func (ByElements) Less ¶ added in v0.13.0
func (m ByElements) Less(i, j int) bool
Less reports whether the element with index i should sort before the element with index j.
func (ByElements) Swap ¶ added in v0.13.0
func (m ByElements) Swap(i, j int)
Swap swaps the elements with indexes i and j.
type Detail ¶ added in v0.33.0
type Detail struct {
Type Type // The kind of match made (an exact match, fuzzy match, indirect vs direct, etc).
SearchedBy interface{} // The specific attributes that were used to search (other than package name and version) --this indicates "how" the match was made.
Found interface{} // The specific attributes on the vulnerability object that were matched with --this indicates "what" was matched on / within.
Matcher MatcherType // The matcher object that discovered the match.
Confidence float64 // The certainty of the match as a ratio (currently unused, reserved for future use).
}
type Details ¶ added in v0.13.0
type Details []Detail
func (Details) Matchers ¶ added in v0.33.0
func (m Details) Matchers() (tys []MatcherType)
type ExclusionProvider ¶ added in v0.41.0
type ExclusionProvider interface {
GetRules(vulnerabilityID string) ([]IgnoreRule, error)
}
type Fingerprint ¶ added in v0.13.0
type Fingerprint struct {
// contains filtered or unexported fields
}
func (Fingerprint) ID ¶ added in v0.33.0
func (m Fingerprint) ID() string
func (Fingerprint) String ¶ added in v0.33.0
func (m Fingerprint) String() string
type IgnoreRule ¶ added in v0.21.1
type IgnoreRule struct {
Vulnerability string `yaml:"vulnerability" json:"vulnerability" mapstructure:"vulnerability"`
Reason string `yaml:"reason" json:"reason" mapstructure:"reason"`
Namespace string `yaml:"namespace" json:"namespace" mapstructure:"namespace"`
FixState string `yaml:"fix-state" json:"fix-state" mapstructure:"fix-state"`
Package IgnoreRulePackage `yaml:"package" json:"package" mapstructure:"package"`
VexStatus string `yaml:"vex-status" json:"vex-status" mapstructure:"vex-status"`
VexJustification string `yaml:"vex-justification" json:"vex-justification" mapstructure:"vex-justification"`
MatchType Type `yaml:"match-type" json:"match-type" mapstructure:"match-type"`
}
An IgnoreRule specifies criteria for a vulnerability match to meet in order to be ignored. Not all criteria (fields) need to be specified, but all specified criteria must be met by the vulnerability match in order for the rule to apply.
func (IgnoreRule) HasConditions ¶ added in v0.68.0
func (ir IgnoreRule) HasConditions() bool
HasConditions returns true if the ignore rule has conditions that can cause a match to be ignored
type IgnoreRulePackage ¶ added in v0.21.1
type IgnoreRulePackage struct {
Name string `yaml:"name" json:"name" mapstructure:"name"`
Version string `yaml:"version" json:"version" mapstructure:"version"`
Language string `yaml:"language" json:"language" mapstructure:"language"`
Type string `yaml:"type" json:"type" mapstructure:"type"`
Location string `yaml:"location" json:"location" mapstructure:"location"`
UpstreamName string `yaml:"upstream-name" json:"upstream-name" mapstructure:"upstream-name"`
}
IgnoreRulePackage describes the Package-specific fields that comprise the IgnoreRule.
type IgnoredMatch ¶ added in v0.21.1
type IgnoredMatch struct {
Match
// AppliedIgnoreRules are the rules that were applied to the match that caused Grype to ignore it.
AppliedIgnoreRules []IgnoreRule
}
An IgnoredMatch is a vulnerability Match that has been ignored because one or more IgnoreRules applied to the match.
type Match ¶
type Match struct {
Vulnerability vulnerability.Vulnerability // The vulnerability details of the match.
Package pkg.Package // The package used to search for a match.
Details Details // all the ways this particular match was made.
}
Match represents a finding in the vulnerability matching process, pairing a single package and a single vulnerability object.
func (Match) Fingerprint ¶ added in v0.13.0
func (m Match) Fingerprint() Fingerprint
type MatcherType ¶
type MatcherType string
const ( UnknownMatcherType MatcherType = "UnknownMatcherType" StockMatcher MatcherType = "stock-matcher" ApkMatcher MatcherType = "apk-matcher" RubyGemMatcher MatcherType = "ruby-gem-matcher" DpkgMatcher MatcherType = "dpkg-matcher" RpmMatcher MatcherType = "rpm-matcher" JavaMatcher MatcherType = "java-matcher" PythonMatcher MatcherType = "python-matcher" DotnetMatcher MatcherType = "dotnet-matcher" JavascriptMatcher MatcherType = "javascript-matcher" MsrcMatcher MatcherType = "msrc-matcher" PortageMatcher MatcherType = "portage-matcher" GoModuleMatcher MatcherType = "go-module-matcher" OpenVexMatcher MatcherType = "openvex-matcher" RustMatcher MatcherType = "rust-matcher" )
type Matches ¶
type Matches struct {
// contains filtered or unexported fields
}
func NewMatches ¶
func (*Matches) AllByPkgID ¶ added in v0.36.0
AllByPkgID returns a map of all matches organized by package ID
func (*Matches) GetByPkgID ¶
GetByPkgID returns a slice of potential matches from an ID
Source Files