Documentation ¶
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func ChainIsDev ¶
func ChainIsDev(dc DependencyChain, m manifest.Manifest) bool
Types ¶
type DependencyChain ¶
type DependencyChain struct { Graph *resolve.Graph Edges []resolve.Edge // Edge from root node is at the end of the list }
func (DependencyChain) DirectDependency ¶
func (dc DependencyChain) DirectDependency() (resolve.VersionKey, string)
func (DependencyChain) EndDependency ¶
func (dc DependencyChain) EndDependency() (resolve.VersionKey, string)
type ResolutionDiff ¶
type ResolutionDiff struct { Original *ResolutionResult New *ResolutionResult RemovedVulns []ResolutionVuln AddedVulns []ResolutionVuln manifest.ManifestPatch }
func (ResolutionDiff) Compare ¶
func (a ResolutionDiff) Compare(b ResolutionDiff) int
Compare compares ResolutionDiffs based on 'effectiveness' (best first):
Sort order:
- (number of fixed vulns - introduced vulns) / (number of changed direct dependencies) [descending] (i.e. more efficient first)
- number of fixed vulns [descending]
- number of changed direct dependencies [ascending]
- changed direct dependency name package names [ascending]
- size of changed direct dependency bump [ascending]
type ResolutionResult ¶
type ResolutionResult struct { Manifest manifest.Manifest Graph *resolve.Graph Vulns []ResolutionVuln UnfilteredVulns []ResolutionVuln }
func Resolve ¶
func Resolve(ctx context.Context, cl client.ResolutionClient, m manifest.Manifest) (*ResolutionResult, error)
func (*ResolutionResult) CalculateDiff ¶
func (res *ResolutionResult) CalculateDiff(other *ResolutionResult) ResolutionDiff
func (*ResolutionResult) FilterVulns ¶
func (res *ResolutionResult) FilterVulns(matchFn func(ResolutionVuln) bool)
FilterVulns populates Vulns with the UnfilteredVulns that satisfy matchFn
type ResolutionVuln ¶
type ResolutionVuln struct { Vulnerability models.Vulnerability DevOnly bool // Chains are paths through requirements from direct dependency to vulnerable package. // A 'Problem' chain constrains the package to a vulnerable version. // 'NonProblem' chains re-use the vulnerable version, but would not resolve to a vulnerable version in isolation. ProblemChains []DependencyChain NonProblemChains []DependencyChain }
Click to show internal directories.
Click to hide internal directories.