remediation

package

v1.8.2 Latest Latest Go to latest Published: Jul 10, 2024 License: Apache-2.0 Imports: 16 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/google/osv-scanner

Links

Open Source Insights

Documentation ¶

Index ¶

func ComputeRelaxPatches(ctx context.Context, cl client.ResolutionClient, ...) ([]resolution.ResolutionDiff, error)
type InPlacePatch
type InPlaceResult
- func ComputeInPlacePatches(ctx context.Context, cl client.ResolutionClient, graph *resolve.Graph, ...) (InPlaceResult, error)
- func (r InPlaceResult) VulnCount() VulnCount
type RemediationOptions
- func (opts RemediationOptions) MatchVuln(v resolution.ResolutionVuln) bool
type VulnCount
- func (vc VulnCount) Total() int

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

func ComputeRelaxPatches ¶

func ComputeRelaxPatches(ctx context.Context, cl client.ResolutionClient, result *resolution.ResolutionResult, opts RemediationOptions) ([]resolution.ResolutionDiff, error)

ComputeRelaxPatches attempts to resolve each vulnerability found in result independently, returning the list of unique possible patches

Types ¶

type InPlacePatch ¶ added in v1.7.0

type InPlacePatch struct {
	lf.DependencyPatch
	ResolvedVulns []resolution.ResolutionVuln
}

type InPlaceResult ¶ added in v1.7.0

type InPlaceResult struct {
	Patches   []InPlacePatch
	Unfixable []resolution.ResolutionVuln
}

func ComputeInPlacePatches ¶ added in v1.7.0

func ComputeInPlacePatches(ctx context.Context, cl client.ResolutionClient, graph *resolve.Graph, opts RemediationOptions) (InPlaceResult, error)

ComputeInPlacePatches finds all possible targeting version changes that would fix vulnerabilities in a resolved graph. TODO: Check for introduced vulnerabilities

func (InPlaceResult) VulnCount ¶ added in v1.7.0

func (r InPlaceResult) VulnCount() VulnCount

type RemediationOptions ¶

type RemediationOptions struct {
	IgnoreVulns   []string // Vulnerability IDs to ignore
	ExplicitVulns []string // If set, only consider these vulnerability IDs & ignore all others

	DevDeps     bool    // Whether to consider vulnerabilities in dev dependencies
	MinSeverity float64 // Minimum vulnerability CVSS score to consider
	MaxDepth    int     // Maximum depth of dependency to consider vulnerabilities for (e.g. 1 for direct only)

	AvoidPkgs  []string // Names of dependencies to avoid upgrading
	AllowMajor bool     // Whether to allow changes to major versions of direct dependencies
}

func (RemediationOptions) MatchVuln ¶

func (opts RemediationOptions) MatchVuln(v resolution.ResolutionVuln) bool

type VulnCount ¶ added in v1.7.0

type VulnCount struct {
	Direct     int
	Transitive int

	// Note: These are metrics that overlap with Direct/Transitive, and with each other.
	Unfixable int
	Dev       int
}

func (VulnCount) Total ¶ added in v1.7.0

func (vc VulnCount) Total() int

Source Files ¶

View all Source files

Directories ¶

Path	Synopsis
relax
suggest

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL