Documentation ¶
Index ¶
- func ConvertToModelsExploit(es []exploitmodels.Exploit) (exploits []models.Exploit)
- func ConvertToModelsMsf(ms []metasploitmodels.Metasploit) (modules []models.Metasploit)
- func Detect(rs []models.ScanResult, dir string) ([]models.ScanResult, error)
- func DetectCpeURIsCves(r *models.ScanResult, cpes []Cpe, cnf config.GoCveDictConf, ...) error
- func DetectGitHubCves(r *models.ScanResult, githubConfs map[string]config.GitHubConf) error
- func DetectGitHubDependencyGraph(r *models.ScanResult, owner, repo, token string) (err error)
- func DetectGitHubSecurityAlerts(r *models.ScanResult, owner, repo, token string, ignoreDismissed bool) (nCVEs int, err error)
- func DetectLibsCves(r *models.ScanResult, trivyOpts config.TrivyOpts, logOpts logging.LogOpts, ...) (err error)
- func DetectPkgCves(r *models.ScanResult, ovalCnf config.GovalDictConf, gostCnf config.GostConf, ...) error
- func DetectWordPressCves(r *models.ScanResult, wpCnf config.WpScanConf) error
- func FillCvesWithNvdJvnFortinet(r *models.ScanResult, cnf config.GoCveDictConf, logOpts logging.LogOpts) (err error)
- func FillCweDict(r *models.ScanResult)
- func FillWithCTI(r *models.ScanResult, cnf config.CtiConf, logOpts logging.LogOpts) error
- func FillWithExploit(r *models.ScanResult, cnf config.ExploitConf, logOpts logging.LogOpts) (nExploitCve int, err error)
- func FillWithKEVuln(r *models.ScanResult, cnf config.KEVulnConf, logOpts logging.LogOpts) error
- func FillWithMetasploit(r *models.ScanResult, cnf config.MetasploitConf, logOpts logging.LogOpts) (nMetasploitCve int, err error)
- func ListValidJSONDirs(resultsDir string) (dirs []string, err error)
- type Cpe
- type DependencyGraph
- type SecurityAlerts
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func ConvertToModelsExploit ¶ added in v0.18.1
func ConvertToModelsExploit(es []exploitmodels.Exploit) (exploits []models.Exploit)
ConvertToModelsExploit converts exploit model to vuls model
func ConvertToModelsMsf ¶
func ConvertToModelsMsf(ms []metasploitmodels.Metasploit) (modules []models.Metasploit)
ConvertToModelsMsf converts metasploit model to vuls model
func Detect ¶
func Detect(rs []models.ScanResult, dir string) ([]models.ScanResult, error)
Detect vulns and fill CVE detailed information
func DetectCpeURIsCves ¶
func DetectCpeURIsCves(r *models.ScanResult, cpes []Cpe, cnf config.GoCveDictConf, logOpts logging.LogOpts) error
DetectCpeURIsCves detects CVEs of given CPE-URIs
func DetectGitHubCves ¶
func DetectGitHubCves(r *models.ScanResult, githubConfs map[string]config.GitHubConf) error
DetectGitHubCves fetches CVEs from GitHub Security Alerts
func DetectGitHubDependencyGraph ¶ added in v0.22.1
func DetectGitHubDependencyGraph(r *models.ScanResult, owner, repo, token string) (err error)
DetectGitHubDependencyGraph access to owner/repo on GitHub and fetch dependency graph of the repository via GitHub API v4 GraphQL and then set to the given ScanResult. https://docs.github.com/en/code-security/supply-chain-security/understanding-your-software-supply-chain/about-the-dependency-graph
func DetectGitHubSecurityAlerts ¶
func DetectGitHubSecurityAlerts(r *models.ScanResult, owner, repo, token string, ignoreDismissed bool) (nCVEs int, err error)
DetectGitHubSecurityAlerts access to owner/repo on GitHub and fetch security alerts of the repository via GitHub API v4 GraphQL and then set to the given ScanResult. https://help.github.com/articles/about-security-alerts-for-vulnerable-dependencies/
func DetectLibsCves ¶
func DetectLibsCves(r *models.ScanResult, trivyOpts config.TrivyOpts, logOpts logging.LogOpts, noProgress bool) (err error)
DetectLibsCves fills LibraryScanner information
func DetectPkgCves ¶
func DetectPkgCves(r *models.ScanResult, ovalCnf config.GovalDictConf, gostCnf config.GostConf, logOpts logging.LogOpts) error
DetectPkgCves detects OS pkg cves pass 2 configs
func DetectWordPressCves ¶
func DetectWordPressCves(r *models.ScanResult, wpCnf config.WpScanConf) error
DetectWordPressCves detects CVEs of WordPress
func FillCvesWithNvdJvnFortinet ¶ added in v0.24.0
func FillCvesWithNvdJvnFortinet(r *models.ScanResult, cnf config.GoCveDictConf, logOpts logging.LogOpts) (err error)
FillCvesWithNvdJvnFortinet fills CVE detail with NVD, JVN, Fortinet
func FillWithCTI ¶ added in v0.19.8
FillWithCTI :
func FillWithExploit ¶
func FillWithExploit(r *models.ScanResult, cnf config.ExploitConf, logOpts logging.LogOpts) (nExploitCve int, err error)
FillWithExploit fills exploit information that has in Exploit
func FillWithKEVuln ¶ added in v0.19.0
func FillWithKEVuln(r *models.ScanResult, cnf config.KEVulnConf, logOpts logging.LogOpts) error
FillWithKEVuln :
func FillWithMetasploit ¶
func FillWithMetasploit(r *models.ScanResult, cnf config.MetasploitConf, logOpts logging.LogOpts) (nMetasploitCve int, err error)
FillWithMetasploit fills metasploit module information that has in module
func ListValidJSONDirs ¶
ListValidJSONDirs returns valid json directory as array Returned array is sorted so that recent directories are at the head
Types ¶
type DependencyGraph ¶ added in v0.22.1
type DependencyGraph struct { Data struct { Repository struct { URL string `json:"url"` DependencyGraphManifests struct { PageInfo struct { EndCursor string `json:"endCursor"` HasNextPage bool `json:"hasNextPage"` } `json:"pageInfo"` Edges []struct { Node struct { BlobPath string `json:"blobPath"` Filename string `json:"filename"` Repository struct { URL string `json:"url"` } Parseable bool `json:"parseable"` ExceedsMaxSize bool `json:"exceedsMaxSize"` DependenciesCount int `json:"dependenciesCount"` Dependencies struct { PageInfo struct { EndCursor string `json:"endCursor"` HasNextPage bool `json:"hasNextPage"` } `json:"pageInfo"` Edges []struct { Node struct { PackageName string `json:"packageName"` PackageManager string `json:"packageManager"` Repository struct { URL string `json:"url"` } Requirements string `json:"requirements"` HasDependencies bool `json:"hasDependencies"` } `json:"node"` } `json:"edges"` } `json:"dependencies"` } `json:"node"` } `json:"edges"` } `json:"dependencyGraphManifests"` } `json:"repository"` } `json:"data"` Errors []struct { Type string `json:"type,omitempty"` Path []interface{} `json:"path,omitempty"` Locations []struct { Line int `json:"line"` Column int `json:"column"` } `json:"locations,omitempty"` Message string `json:"message"` } `json:"errors,omitempty"` }
DependencyGraph is a GitHub API response
type SecurityAlerts ¶
type SecurityAlerts struct { Data struct { Repository struct { URL string `json:"url"` VulnerabilityAlerts struct { PageInfo struct { EndCursor string `json:"endCursor"` HasNextPage bool `json:"hasNextPage"` StartCursor string `json:"startCursor"` } `json:"pageInfo"` Edges []struct { Node struct { ID string `json:"id"` DismissReason string `json:"dismissReason"` DismissedAt time.Time `json:"dismissedAt"` SecurityVulnerability struct { Package struct { Name string `json:"name"` Ecosystem string `json:"ecosystem"` } `json:"package"` Severity string `json:"severity"` VulnerableVersionRange string `json:"vulnerableVersionRange"` FirstPatchedVersion struct { Identifier string `json:"identifier"` } `json:"firstPatchedVersion"` } `json:"securityVulnerability"` VulnerableManifestFilename string `json:"vulnerableManifestFilename"` VulnerableManifestPath string `json:"vulnerableManifestPath"` VulnerableRequirements string `json:"vulnerableRequirements"` SecurityAdvisory struct { Description string `json:"description"` GhsaID string `json:"ghsaId"` Permalink string `json:"permalink"` PublishedAt time.Time `json:"publishedAt"` Summary string `json:"summary"` UpdatedAt time.Time `json:"updatedAt"` WithdrawnAt time.Time `json:"withdrawnAt"` Origin string `json:"origin"` Severity string `json:"severity"` References []struct { URL string `json:"url"` } `json:"references"` Identifiers []struct { Type string `json:"type"` Value string `json:"value"` } `json:"identifiers"` } `json:"securityAdvisory"` } `json:"node"` } `json:"edges"` } `json:"vulnerabilityAlerts"` } `json:"repository"` } `json:"data"` }
SecurityAlerts has detected CVE-IDs, PackageNames, Refs