gogrype

package module

v0.1.2 Latest Latest Go to latest Published: Jan 5, 2025 License: MIT Imports: 9 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/grokify/gogrype

Links

Open Source Insights

README ¶

Go Grype

gogrype is a package to interact with github.com/anchore/grype.

Usage

Generate Grype JSON output from SBOM

% grype sbom:./sbom.spdx.json --add-cpes-if-none > grypeout.json

Generate Grype JSON output from JAR

% grype log4shell-vulnerable-app-all.jar -o json > grypeout.json

Convert Grype JSON output to XLSX file

% go run cmd/json2xlsx/main.go grypeout.json grypeout.xlsx

Integrate with GoVEX

import (
    "github.com/grokify/gogrype"
	"github.com/grokify/mogo/fmt/fmtutil"
	"github.com/grokify/mogo/log/logutil"
)

g, err := gogrype.ReadFileGrypeOutputJSON(f)
logutil.FatalErr(err)
fmtutil.PrintJSON(g)
fmtutil.PrintJSON(g.GoVEXes())

Documentation ¶

Index ¶

Constants
func DefaultTableColumnDefinitionSet() table.ColumnDefinitionSet
type Artifact
type CVSS
type CVSSMetrics
type Fix
- func (f Fix) VersionsFixed() []string
type GrypeOutputJSON
- func ReadFileGrypeOutputJSON(filename string) (*GrypeOutputJSON, error)
- func (out GrypeOutputJSON) GoVEXes() govex.Vulnerabilities
- func (out GrypeOutputJSON) Len() int
type Match
type Matches
- func (ms Matches) Table(colDefs *table.ColumnDefinitionSet) *table.Table
- func (ms Matches) WriteFileXLSX(filename string, colDefs *table.ColumnDefinitionSet) error
type VendorMetadata
type Vulnerability
- func (v Vulnerability) IDLinkMarkdown() string

Constants ¶

View Source

const (
	KeyArtifactName             = "artifact_name"
	KeyArtifactVersion          = "artifact_version"
	KeyArtifactType             = "artifact_type"
	KeyVulnerabilityID          = "vulnerability_id"
	KeyVulnerabilityIDLinkMD    = "vulnerability_id_link_markdown"
	KeyVulnerabilityFixVersions = "vulnerability_fix_versions"
	KeyVulnerabiltyNVDURL       = "vulnerability_nvd_url"
	KeyVulnerabilitySeverity    = "vulnerability_severity"
)

View Source

const StateFixed = "fixed"

Variables ¶

This section is empty.

Functions ¶

func DefaultTableColumnDefinitionSet ¶ added in v0.1.1

func DefaultTableColumnDefinitionSet() table.ColumnDefinitionSet

Types ¶

type Artifact ¶

type Artifact struct {
	Name    string `json:"name"`
	Version string `json:"version"`
	Type    string `json:"type"`
}

type CVSS ¶ added in v0.1.2

type CVSS struct {
	Version        string         `json:"version"`
	Vector         string         `json:"vector"`
	Metrics        CVSSMetrics    `json:"metrics"`
	VendorMetadata VendorMetadata `json:"vendorMetadata"`
}

type CVSSMetrics ¶ added in v0.1.2

type CVSSMetrics struct {
	BaseScore           float32 `json:"baseScore"`
	ExploitabilityScore float32 `json:"exploitabilityScore"`
	ImpactScore         float32 `json:"impactScore"`
}

type Fix ¶

type Fix struct {
	Versions []string `json:"versions"`
	State    string   `json:"state"`
}

func (Fix) VersionsFixed ¶

func (f Fix) VersionsFixed() []string

type GrypeOutputJSON ¶

type GrypeOutputJSON struct {
	Matches Matches `json:"matches"`
}

func ReadFileGrypeOutputJSON ¶

func ReadFileGrypeOutputJSON(filename string) (*GrypeOutputJSON, error)

func (GrypeOutputJSON) GoVEXes ¶ added in v0.1.2

func (out GrypeOutputJSON) GoVEXes() govex.Vulnerabilities

func (GrypeOutputJSON) Len ¶

func (out GrypeOutputJSON) Len() int

type Match ¶

type Match struct {
	Vulnerability Vulnerability `json:"vulnerability"`
	Artifact      Artifact      `json:"artifact"`
}

func (Match) Get ¶

func (m Match) Get(key string) string

func (Match) GoVex ¶ added in v0.1.2

func (m Match) GoVex() govex.Vulnerability

func (Match) Slice ¶

func (m Match) Slice(keys []string) []string

type Matches ¶

type Matches []Match

func (Matches) Table ¶

func (ms Matches) Table(colDefs *table.ColumnDefinitionSet) *table.Table

func (Matches) WriteFileXLSX ¶

func (ms Matches) WriteFileXLSX(filename string, colDefs *table.ColumnDefinitionSet) error

type VendorMetadata ¶ added in v0.1.2

type VendorMetadata struct {
	BaseSeverity string `json:"base_severity"`
	Status       string `json:"status"`
}

type Vulnerability ¶

type Vulnerability struct {
	ID          string   `json:"id"`
	CVSS        []CVSS   `json:"cvss"`
	DataSource  string   `json:"dataSource"`
	Description string   `json:"description"`
	Fix         Fix      `json:"fix"`
	Namespace   string   `json:"namespace"`
	Severity    string   `json:"severity"`
	URLs        []string `json:"urls"`
}

func (Vulnerability) IDLinkMarkdown ¶

func (v Vulnerability) IDLinkMarkdown() string

Source Files ¶

View all Source files

Directories ¶

Path	Synopsis
cmd
json2xlsx
examples
log4shell

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL