Documentation ¶
Index ¶
- Variables
- func Execute(version, commitHash, builtAt string)
- type AutomatedToolsList
- type ContributionPolicy
- type Dependencies
- type Header
- type Integration
- type ProjectLifecycle
- type Sbom
- type SecurityArtifacts
- type SecurityAssessments
- type SecurityContacts
- type SecurityInsightsSchema
- type SecurityTesting
- type ThreatModel
- type VulnerabilityReporting
Constants ¶
This section is empty.
Variables ¶
var NewFileName string
Functions ¶
Types ¶
type AutomatedToolsList ¶
type AutomatedToolsList struct { AutomatedTool string `yaml:"automated-tool"` Action string `yaml:"action"` Path []string `yaml:"path"` Comment string `yaml:"comment"` }
AutomatedToolsList is a sub-entry in the ContributionPolicy section of the Security Insights Schema
type ContributionPolicy ¶
type ContributionPolicy struct { AcceptsPullRequests bool `yaml:"accepts-pull-requests"` AcceptsAutomatedPullRequests bool `yaml:"accepts-automated-pull-requests"` AutomatedToolsList []AutomatedToolsList `yaml:"automated-tools-list"` ContributingPolicy string `yaml:"contributing-policy"` CodeOfConduct string `yaml:"code-of-conduct"` }
ContributionPolicy is a top level entry in the Security Insights Schema
type Dependencies ¶
type Dependencies struct { ThirdPartyPackages bool `yaml:"third-party-packages"` DependenciesLists []string `yaml:"dependencies-lists"` Sbom []Sbom `yaml:"sbom"` }
Dependencies is a top level entry in the Security Insights Schema
type Header ¶
type Header struct { SchemaVersion string `yaml:"schema-version"` ParentSecurityYaml string `yaml:"parent-security-yaml"` ExpirationDate string `yaml:"expiration-date"` LastUpdated string `yaml:"last-updated"` LastReviewed string `yaml:"last-reviewed"` CommitHash string `yaml:"commit-hash"` ProjectUrl string `yaml:"project-url"` ProjectRelease string `yaml:"project-release"` Changelog string `yaml:"changelog"` License string `yaml:"license"` }
Header is a top level entry in the Security Insights Schema
type Integration ¶
type Integration struct { AdHoc bool `yaml:"ad-hoc"` Ci bool `yaml:"ci"` BeforeRelease bool `yaml:"before-release"` }
Integration is a sub-entry in the SecurityTesting section of the Security Insights Schema
type ProjectLifecycle ¶
type ProjectLifecycle struct { Stage string `yaml:"stage"` Roadmap string `yaml:"roadmap"` BugFixesOnly bool `yaml:"bug-fixes-only"` CoreMaintainers []string `yaml:"core-maintainers"` }
ProjectLifecycle is a top level entry in the Security Insights Schema
type Sbom ¶
type Sbom struct { SbomFile string `yaml:"sbom-file"` SbomName string `yaml:"sbom-name"` SbomUrl string `yaml:"sbom-url"` }
Sbom is a sub-entry in the Dependencies section of the Security Insights Schema
type SecurityArtifacts ¶
type SecurityArtifacts struct {
ThreatModel ThreatModel `yaml:"threat-model"`
}
SecurityArtifacts is a top level entry in the Security Insights Schema
type SecurityAssessments ¶
type SecurityAssessments struct { AuditorName string `yaml:"auditor-name"` AuditorUrl string `yaml:"auditor-url"` AuditorReport string `yaml:"auditor-report"` ReportYear int `yaml:"report-year"` Comment string `yaml:"comment"` }
SecurityAssessments is a top level entry in the Security Insights Schema
type SecurityContacts ¶
type SecurityContacts struct { Type string `yaml:"type"` Value string `yaml:"value"` Primary bool `yaml:"primary"` }
SecurityContacts is a top level entry in the Security Insights Schema
type SecurityInsightsSchema ¶
type SecurityInsightsSchema struct { Header Header `yaml:"header"` ProjectLifecycle ProjectLifecycle `yaml:"project-lifecycle"` ContributionPolicy ContributionPolicy `yaml:"contribution-policy"` Documentation []string `yaml:"documentation"` DistributionPoints []string `yaml:"distribution-points"` SecurityArtifacts SecurityArtifacts `yaml:"security-artifacts"` SecurityTesting []SecurityTesting `yaml:"security-testing"` SecurityAssessments []SecurityAssessments `yaml:"security-assessments"` SecurityContacts []SecurityContacts `yaml:"security-contacts"` VulnerabilityReporting VulnerabilityReporting `yaml:"vulnerability-reporting"` Dependencies Dependencies `yaml:"dependencies"` }
Struct for the Security Insights Schema
func (*SecurityInsightsSchema) Validate ¶
func (s *SecurityInsightsSchema) Validate() (err error)
Validate validates the SecurityInsightsSchema by 1. Unmarshalling the input file into the SecurityInsightsSchema 2. Marshalling the SecurityInsightsSchema into a new file 3. Diffing the input file and the new file
type SecurityTesting ¶
type SecurityTesting struct { ToolType string `yaml:"tool-type"` ToolName string `yaml:"tool-name"` ToolVersion string `yaml:"tool-version"` ToolUrl string `yaml:"tool-url"` ToolRulesets []string `yaml:"tool-rulesets"` Integration Integration `yaml:"integration"` Comment string `yaml:"comment"` }
SecurityTesting is a top level entry in the Security Insights Schema
type ThreatModel ¶
type ThreatModel struct { ThreatModelCreated bool `yaml:"threat-model-created"` EvidenceUrl []string `yaml:"evidence-url"` Comment string `yaml:"comment"` }
ThreatModel is a sub-entry in the SecurityArtifacts section of the Security Insights Schema
type VulnerabilityReporting ¶
type VulnerabilityReporting struct { AcceptsVulnerabilityReports bool `yaml:"accepts-vulnerability-reports"` EmailContact string `yaml:"email-contact"` SecurityPolicy string `yaml:"security-policy"` BugBountyAvailable bool `yaml:"bug-bounty-available"` BugBountyUrl string `yaml:"bug-bounty-url"` InScope []string `yaml:"in-scope"` InScopeComment string `yaml:"in-scope-comment"` OutScope []string `yaml:"out-scope"` OutScopeComment string `yaml:"out-scope-comment"` }
VulnerabilityReporting is a top level entry in the Security Insights Schema