Documentation
¶
Index ¶
- type Affected
- type AnalysisInfo
- type Credit
- type CreditType
- type Ecosystem
- type Event
- type GroupInfo
- type Package
- type PackageInfo
- type PackageSource
- type PackageVulns
- type Range
- type RangeType
- type Reference
- type ReferenceType
- type Severity
- type SeverityType
- type SourceInfo
- type Vulnerability
- type VulnerabilityFlattened
- type VulnerabilityResults
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type Affected ¶ added in v1.3.0
type Affected struct {
Package Package `json:"package"`
Severity []Severity `json:"severity,omitempty"`
Ranges []Range `json:"ranges,omitempty"`
Versions []string `json:"versions,omitempty"`
DatabaseSpecific map[string]interface{} `json:"database_specific,omitempty"`
EcosystemSpecific map[string]interface{} `json:"ecosystem_specific,omitempty"`
}
Affected describes an affected package version, meaning one instance that contains the vulnerability.
type AnalysisInfo ¶ added in v1.3.0
type AnalysisInfo struct {
Called bool `json:"called"`
}
type Credit ¶ added in v1.3.0
type Credit struct {
Name string `json:"name"`
Contact []string `json:"contact,omitempty"`
Type CreditType `json:"type"`
}
Credit gives credit for the discovery, confirmation, patch, or other events in the life cycle of a vulnerability.
type CreditType ¶ added in v1.3.0
type CreditType string
const ( CreditFinder CreditType = "FINDER" CreditReporter CreditType = "REPORTER" CreditAnalyst CreditType = "ANALYST" CreditCoordinator CreditType = "COORDINATOR" CreditRemediationDeveloper CreditType = "REMEDIATION_DEVELOPER" //nolint:gosec CreditRemediationReviewer CreditType = "REMEDIATION_REVIEWER" //nolint:gosec CreditRemediationVerifier CreditType = "REMEDIATION_VERIFIER" //nolint:gosec CreditTool CreditType = "TOOL" CreditSponsor CreditType = "SPONSOR" CreditOther CreditType = "OTHER" )
type Ecosystem ¶ added in v1.3.0
type Ecosystem string
const ( EcosystemGo Ecosystem = "Go" EcosystemNPM Ecosystem = "npm" EcosystemOSSFuzz Ecosystem = "OSS-Fuzz" EcosystemPyPI Ecosystem = "PyPI" EcosystemRubyGems Ecosystem = "RubyGems" EcosystemCratesIO Ecosystem = "crates.io" EcosystemPackagist Ecosystem = "Packagist" EcosystemMaven Ecosystem = "Maven" EcosystemNuGet Ecosystem = "NuGet" EcosystemLinux Ecosystem = "Linux" EcosystemDebian Ecosystem = "Debian" EcosystemAlpine Ecosystem = "Alpine" EcosystemHex Ecosystem = "Hex" EcosystemAndroid Ecosystem = "Android" EcosystemGitHubActions Ecosystem = "GitHub Actions" EcosystemPub Ecosystem = "Pub" EcosystemConanCenter Ecosystem = "ConanCenter" )
type Event ¶ added in v1.3.0
type Event struct {
Introduced string `json:"introduced,omitempty"`
Fixed string `json:"fixed,omitempty"`
LastAffected string `json:"last_affected,omitempty"`
Limit string `json:"limit,omitempty"`
}
Event describes a single version that either:
- Introduces a vulnerability: {"introduced": string}
- Fixes a vulnerability: {"fixed": string}
- Describes the last known affected version: {"last_affected": string}
- Sets an upper limit on the range being described: {"limit": string}
Event instances form part of a “timeline” of status changes for the affected package described by the Affected struct.
See: https://ossf.github.io/osv-schema/#affectedrangesevents-fields
type GroupInfo ¶
type GroupInfo struct {
IDs []string `json:"ids"`
// Map of Vulnerability IDs to AnalysisInfo
ExperimentalAnalysis map[string]AnalysisInfo `json:"experimentalAnalysis,omitempty"`
}
type Package ¶ added in v1.3.0
type Package struct {
Ecosystem Ecosystem `json:"ecosystem,omitempty"`
Name string `json:"name,omitempty"`
Purl string `json:"purl,omitempty"`
}
Package identifies the affected code library or command provided by the package.
See: https://ossf.github.io/osv-schema/#affectedpackage-field
type PackageInfo ¶
type PackageInfo struct {
Name string `json:"name"`
Version string `json:"version"`
Ecosystem string `json:"ecosystem"`
}
Specific package information
type PackageSource ¶
type PackageSource struct {
Source SourceInfo `json:"source"`
Packages []PackageVulns `json:"packages"`
}
Vulnerabilities grouped by sources
type PackageVulns ¶
type PackageVulns struct {
Package PackageInfo `json:"package"`
Vulnerabilities []Vulnerability `json:"vulnerabilities"`
Groups []GroupInfo `json:"groups"`
}
Vulnerabilities grouped by package
type Range ¶ added in v1.3.0
type Range struct {
Type RangeType `json:"type"`
Events []Event `json:"events"`
DatabaseSpecific map[string]interface{} `json:"database_specific,omitempty"`
}
Range describes the affected range of given version for a specific package.
See: https://ossf.github.io/osv-schema/#affectedranges-field
type Reference ¶ added in v1.3.0
type Reference struct {
Type ReferenceType `json:"type"`
URL string `json:"url"`
}
Reference links to additional information, advisories, issue tracker entries, and so on about the vulnerability itself.
type ReferenceType ¶ added in v1.3.0
type ReferenceType string
const ( ReferenceAdvisory ReferenceType = "ADVISORY" ReferenceArticle ReferenceType = "ARTICLE" ReferenceReport ReferenceType = "REPORT" ReferenceFix ReferenceType = "FIX" ReferencePackage ReferenceType = "PACKAGE" ReferenceEvidence ReferenceType = "EVIDENCE" ReferenceWeb ReferenceType = "WEB" )
type Severity ¶ added in v1.3.0
type Severity struct {
Type SeverityType `json:"type"`
Score string `json:"score"`
}
Severity is used to describe the severity of a vulnerability for an affected package using one or more quantitative scoring methods.
type SeverityType ¶ added in v1.3.0
type SeverityType string
const ( SeverityCVSSV2 SeverityType = "CVSS_V2" SeverityCVSSV3 SeverityType = "CVSS_V3" )
type SourceInfo ¶
func (SourceInfo) String ¶
func (s SourceInfo) String() string
type Vulnerability ¶
type Vulnerability struct {
SchemaVersion string `json:"schema_version"`
ID string `json:"id"`
Modified time.Time `json:"modified"`
Published time.Time `json:"published"`
Aliases []string `json:"aliases,omitempty"`
Summary string `json:"summary"`
Details string `json:"details"`
Affected []Affected `json:"affected"`
Severity []Severity `json:"severity,omitempty"`
References []Reference `json:"references,omitempty"`
Credits []Credit `json:"credits,omitempty"`
DatabaseSpecific map[string]interface{} `json:"database_specific,omitempty"`
}
Vulnerability is the core Open Source Vulnerability (OSV) data type.
The full documentation for the schema is available at https://ossf.github.io/osv-schema.
type VulnerabilityFlattened ¶
type VulnerabilityFlattened struct {
Source SourceInfo
Package PackageInfo
Vulnerability Vulnerability
GroupInfo GroupInfo
}
Flattened Vulnerability Information.
type VulnerabilityResults ¶
type VulnerabilityResults struct {
Results []PackageSource `json:"results"`
}
Combined vulnerabilities found for the scanned packages
func (*VulnerabilityResults) Flatten ¶
func (vulns *VulnerabilityResults) Flatten() []VulnerabilityFlattened
Flatten the grouped/nested vulnerability results into one flat array.
Source Files