resolution

package

v1.6.2 Latest Latest Go to latest Published: Jan 31, 2024 License: Apache-2.0 Imports: 13 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/google/osv-scanner

Links

Open Source Insights

Documentation ¶

Index ¶

func ChainIsDev(dc DependencyChain, m manifest.Manifest) bool
type DependencyChain
- func (dc DependencyChain) DirectDependency() (resolve.VersionKey, string)
- func (dc DependencyChain) EndDependency() (resolve.VersionKey, string)
type ResolutionDiff
- func (a ResolutionDiff) Compare(b ResolutionDiff) int
type ResolutionResult
- func Resolve(ctx context.Context, cl client.ResolutionClient, m manifest.Manifest) (*ResolutionResult, error)
- func (res *ResolutionResult) CalculateDiff(other *ResolutionResult) ResolutionDiff
- func (res *ResolutionResult) FilterVulns(matchFn func(ResolutionVuln) bool)
type ResolutionVuln

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

func ChainIsDev ¶

func ChainIsDev(dc DependencyChain, m manifest.Manifest) bool

Types ¶

type DependencyChain ¶

type DependencyChain struct {
	Graph *resolve.Graph
	Edges []resolve.Edge // Edge from root node is at the end of the list
}

func (DependencyChain) DirectDependency ¶

func (dc DependencyChain) DirectDependency() (resolve.VersionKey, string)

func (DependencyChain) EndDependency ¶

func (dc DependencyChain) EndDependency() (resolve.VersionKey, string)

type ResolutionDiff ¶

type ResolutionDiff struct {
	Original     *ResolutionResult
	New          *ResolutionResult
	RemovedVulns []ResolutionVuln
	AddedVulns   []ResolutionVuln
	manifest.ManifestPatch
}

func (ResolutionDiff) Compare ¶

func (a ResolutionDiff) Compare(b ResolutionDiff) int

Compare compares ResolutionDiffs based on 'effectiveness' (best first):

Sort order:

(number of fixed vulns - introduced vulns) / (number of changed direct dependencies) [descending] (i.e. more efficient first)
number of fixed vulns [descending]
number of changed direct dependencies [ascending]
changed direct dependency name package names [ascending]
size of changed direct dependency bump [ascending]

type ResolutionResult ¶

type ResolutionResult struct {
	Manifest        manifest.Manifest
	Graph           *resolve.Graph
	Vulns           []ResolutionVuln
	UnfilteredVulns []ResolutionVuln
}

func Resolve ¶

func Resolve(ctx context.Context, cl client.ResolutionClient, m manifest.Manifest) (*ResolutionResult, error)

func (*ResolutionResult) CalculateDiff ¶

func (res *ResolutionResult) CalculateDiff(other *ResolutionResult) ResolutionDiff

func (*ResolutionResult) FilterVulns ¶

func (res *ResolutionResult) FilterVulns(matchFn func(ResolutionVuln) bool)

FilterVulns populates Vulns with the UnfilteredVulns that satisfy matchFn

type ResolutionVuln ¶

type ResolutionVuln struct {
	Vulnerability models.Vulnerability
	DevOnly       bool
	// Chains are paths through requirements from direct dependency to vulnerable package.
	// A 'Problem' chain constrains the package to a vulnerable version.
	// 'NonProblem' chains re-use the vulnerable version, but would not resolve to a vulnerable version in isolation.
	ProblemChains    []DependencyChain
	NonProblemChains []DependencyChain
}

Source Files ¶

View all Source files

Directories ¶

Path	Synopsis
client
datasource
manifest
util

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL