scan

package
v0.0.1 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: May 15, 2024 License: Apache-2.0 Imports: 43 Imported by: 0

Documentation

Index

Constants

View Source 
const (
	AdvisoriesSetResolved  = "resolved"
	AdvisoriesSetAll       = "all"
	AdvisoriesSetConcluded = "concluded"
)
View Source 
const TriageSourceGovulncheck = "govulncheck"

Variables

View Source 
var ValidAdvisoriesSets = []string{AdvisoriesSetResolved, AdvisoriesSetAll, AdvisoriesSetConcluded}

Functions

func NewGrypeVulnerabilityMatcher 

func NewGrypeVulnerabilityMatcher(datastore store.Store, useCPEs bool) *grype.VulnerabilityMatcher

Types

type Finding 

type Finding struct {
	Package           Package
	Vulnerability     Vulnerability
	TriageAssessments []TriageAssessment
}

Finding represents a vulnerability finding for a single package.

func FilterWithAdvisories 

func FilterWithAdvisories(_ context.Context, result Result, advisoryDocIndex *configs.Index[v2.Document], advisoryFilterSet string) ([]Finding, error)

FilterWithAdvisories filters the findings in the result based on the advisories for the target APK.

func Triage 

func Triage(ctx context.Context, result Result, apkFile io.ReadSeeker) ([]Finding, error)

Triage inspects an existing scan Result and attempts to triage each finding, returning a copy of the Result's list of findings, modified to include TriageAssessments where applicable.

type GoVulnDBIndex 

type GoVulnDBIndex struct {
	// contains filtered or unexported fields
}

func BuildIndexForGoVulnDB 

func BuildIndexForGoVulnDB(ctx context.Context) (*GoVulnDBIndex, error)

BuildIndexForGoVulnDB builds an index of GoVulnDB entries, keyed by aliases (like CVE IDs and GHSA IDs).

func (*GoVulnDBIndex) Get 

func (i *GoVulnDBIndex) Get(id string) (GoVulnDBIndexEntry, bool)

Get returns the GoVulnDB index entry for the given ID, or false if it doesn't exist.

type GoVulnDBIndexEntry 

type GoVulnDBIndexEntry struct {
	ID       string    `json:"id"`
	Modified time.Time `json:"modified"`
	Aliases  []string  `json:"aliases,omitempty"`
}

type Package 

type Package struct {
	ID       string
	Name     string
	Version  string
	Type     string
	Location string
}

type Result 

type Result struct {
	TargetAPK     TargetAPK
	Findings      []Finding
	GrypeDBStatus *db.Status
}

type Scanner 

type Scanner struct {
	// contains filtered or unexported fields
}

func NewScanner 

func NewScanner(localDBFilePath string, useCPEs bool) (*Scanner, error)

NewScanner initializes the grype DB for reuse across multiple scans.

func (*Scanner) APKSBOM 

func (s *Scanner) APKSBOM(ctx context.Context, ssbom *sbomSyft.SBOM) (*Result, error)

APKSBOM scans an SBOM of an APK for vulnerabilities.

func (*Scanner) ScanAPK 

func (s *Scanner) ScanAPK(ctx context.Context, apk fs.File, distroID string) (*Result, error)

ScanAPK scans an APK file for vulnerabilities.

type TargetAPK 

type TargetAPK struct {
	Name              string
	Version           string
	OriginPackageName string
}

func (TargetAPK) Origin 

func (t TargetAPK) Origin() string

Origin returns the name of the origin package, if the package's metadata indicates an origin package. Otherwise, it returns the package name.

type TriageAssessment 

type TriageAssessment struct {
	// Source is the name of the source of the triage assessment, e.g.
	// "govulncheck".
	Source string

	// TruePositive indicates whether the vulnerability is a true positive. A value
	// of false indicates that the vulnerability has been assessed to be a false
	// positive.
	TruePositive bool

	// Reason is the explanation of the triage assessment.
	Reason string
}

type Vulnerability 

type Vulnerability struct {
	ID           string
	Severity     string
	Aliases      []string
	FixedVersion string
}

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.