vex

Documentation

Index

• type CycloneDX
  • func (v *CycloneDX) Filter(vulns []types.DetectedVulnerability) []types.DetectedVulnerability
• type OpenVEX
  • func (v *OpenVEX) Filter(vulns []types.DetectedVulnerability) []types.DetectedVulnerability
• type Statement
• type Status
• type VEX
  • func New(filePath string, report types.Report) (VEX, error)

Types

type CycloneDX

type CycloneDX struct {
	// contains filtered or unexported fields
}

func (*CycloneDX) Filter

func (v *CycloneDX) Filter(vulns []types.DetectedVulnerability) []types.DetectedVulnerability

type OpenVEX

type OpenVEX struct {
	// contains filtered or unexported fields
}

func (*OpenVEX) Filter

func (v *OpenVEX) Filter(vulns []types.DetectedVulnerability) []types.DetectedVulnerability

type Statement

type Statement struct {
	VulnerabilityID string
	Affects         []string
	Status          Status
	Justification   string // TODO: define a type
}

type Status

type Status string

const (
	StatusNotAffected        Status = "not_affected"
	StatusAffected           Status = "affected"
	StatusFixed              Status = "fixed"
	StatusUnderInvestigation Status = "under_investigation"
	StatusUnknown            Status = "unknown"
)

type VEX

type VEX interface {
	Filter([]types.DetectedVulnerability) []types.DetectedVulnerability
}

VEX represents Vulnerability Exploitability eXchange. It abstracts multiple VEX formats. Note: This is in the experimental stage and does not yet support many specifications. The implementation may change significantly.

func New

func New(filePath string, report types.Report) (VEX, error)