assembler

package
v0.4.0 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Jan 18, 2024 License: Apache-2.0 Imports: 4 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

This section is empty.

Types

type AssemblerInput

type AssemblerInput = IngestPredicates

AssemblerInput represents the inputs to add to the graph

type CertifyBadIngest added in v0.1.0

type CertifyBadIngest struct {
	// certifyBad describes either pkg, src or artifact
	Pkg          *generated.PkgInputSpec        `json:"pkg,omitempty"`
	PkgMatchFlag generated.MatchFlags           `json:"pkgMatchFlag,omitempty"`
	Src          *generated.SourceInputSpec     `json:"src,omitempty"`
	Artifact     *generated.ArtifactInputSpec   `json:"artifact,omitempty"`
	CertifyBad   *generated.CertifyBadInputSpec `json:"certifyBad,omitempty"`
}

type CertifyGoodIngest added in v0.1.0

type CertifyGoodIngest struct {
	// certifyGood describes either pkg, src or artifact
	Pkg          *generated.PkgInputSpec         `json:"pkg,omitempty"`
	PkgMatchFlag generated.MatchFlags            `json:"pkgMatchFlag,omitempty"`
	Src          *generated.SourceInputSpec      `json:"src,omitempty"`
	Artifact     *generated.ArtifactInputSpec    `json:"artifact,omitempty"`
	CertifyGood  *generated.CertifyGoodInputSpec `json:"certifyGood,omitempty"`
}

type CertifyLegalIngest added in v0.2.0

type CertifyLegalIngest struct {
	Pkg *generated.PkgInputSpec    `json:"pkg,omitempty"`
	Src *generated.SourceInputSpec `json:"src,omitempty"`

	Declared   []generated.LicenseInputSpec `json:"declared,omitempty"`
	Discovered []generated.LicenseInputSpec `json:"discovered,omitempty"`

	CertifyLegal *generated.CertifyLegalInputSpec `json:"certifyLegal,omitempty"`
}

type CertifyScorecardIngest added in v0.1.0

type CertifyScorecardIngest struct {
	Source    *generated.SourceInputSpec    `json:"source,omitempty"`
	Scorecard *generated.ScorecardInputSpec `json:"scorecard,omitempty"`
}

type CertifyVulnIngest added in v0.1.0

type CertifyVulnIngest struct {
	// pkg is required
	Pkg *generated.PkgInputSpec `json:"pkg,omitempty"`

	// vulnerability or noVuln if no vulnerability is found
	Vulnerability *generated.VulnerabilityInputSpec `json:"vulnerability,omitempty"`

	VulnData *generated.ScanMetadataInput `json:"vulnData,omitempty"`
}

type HasMetadataIngest added in v0.2.0

type HasMetadataIngest struct {
	// hasMetadata describes either pkg, src or artifact metadata
	Pkg          *generated.PkgInputSpec         `json:"pkg,omitempty"`
	PkgMatchFlag generated.MatchFlags            `json:"pkgMatchFlag,omitempty"`
	Src          *generated.SourceInputSpec      `json:"src,omitempty"`
	Artifact     *generated.ArtifactInputSpec    `json:"artifact,omitempty"`
	HasMetadata  *generated.HasMetadataInputSpec `json:"hasMetadata,omitempty"`
}

type HasSBOMIngest added in v0.1.0

type HasSBOMIngest struct {
	// hasSBOM describes either pkg or artifact
	Pkg      *generated.PkgInputSpec      `json:"pkg,omitempty"`
	Artifact *generated.ArtifactInputSpec `json:"artifact,omitempty"`

	HasSBOM  *generated.HasSBOMInputSpec         `json:"hasSbom,omitempty"`
	Includes *generated.HasSBOMIncludesInputSpec `json:"includes,omitempty"`
}

type HasSlsaIngest added in v0.1.0

type HasSlsaIngest struct {
	Artifact  *generated.ArtifactInputSpec  `json:",omitempty"`
	HasSlsa   *generated.SLSAInputSpec      `json:",omitempty"`
	Materials []generated.ArtifactInputSpec `json:",omitempty"`
	Builder   *generated.BuilderInputSpec   `json:",omitempty"`
}

type HasSourceAtIngest added in v0.1.0

type HasSourceAtIngest struct {
	Pkg          *generated.PkgInputSpec         `json:"pkg,omitempty"`
	PkgMatchFlag generated.MatchFlags            `json:"pkgMatchFlag,omitempty"`
	Src          *generated.SourceInputSpec      `json:"src,omitempty"`
	HasSourceAt  *generated.HasSourceAtInputSpec `json:"hasSourceAt,omitempty"`
}

type HashEqualIngest added in v0.1.1

type HashEqualIngest struct {
	// HashEqualIngest describes two artifacts are the same
	Artifact      *generated.ArtifactInputSpec `json:"artifact,omitempty"`
	EqualArtifact *generated.ArtifactInputSpec `json:"equalArtifact,omitempty"`

	HashEqual *generated.HashEqualInputSpec `json:"hashEqual,omitempty"`
}

type IngestPredicates added in v0.1.0

type IngestPredicates struct {
	CertifyScorecard []CertifyScorecardIngest `json:"certifyScorecard,omitempty"`
	IsDependency     []IsDependencyIngest     `json:"isDependency,omitempty"`
	IsOccurrence     []IsOccurrenceIngest     `json:"isOccurrence,omitempty"`
	HasSlsa          []HasSlsaIngest          `json:"hasSlsa,omitempty"`
	CertifyVuln      []CertifyVulnIngest      `json:"certifyVuln,omitempty"`
	VulnEqual        []VulnEqualIngest        `json:"vulnEqual,omitempty"`
	HasSourceAt      []HasSourceAtIngest      `json:"hasSourceAt,omitempty"`
	CertifyBad       []CertifyBadIngest       `json:"certifyBad,omitempty"`
	CertifyGood      []CertifyGoodIngest      `json:"certifyGood,omitempty"`
	HasSBOM          []HasSBOMIngest          `json:"hasSBOM,omitempty"`
	HashEqual        []HashEqualIngest        `json:"hashEqual,omitempty"`
	PkgEqual         []PkgEqualIngest         `json:"pkgEqual,omitempty"`
	Vex              []VexIngest              `json:"vex,omitempty"`
	PointOfContact   []PointOfContactIngest   `json:"contact,omitempty"`
	VulnMetadata     []VulnMetadataIngest     `json:"vulnMetadata,omitempty"`
	HasMetadata      []HasMetadataIngest      `json:"hasMetadata,omitempty"`
	CertifyLegal     []CertifyLegalIngest     `json:"certifyLegal,omitempty"`
}

IngestPredicates contains the set of predicates that want to be ingested based on the GUAC ontology. It only has evidence trees as ingestion of the software trees are implicit and handled by the client library. TODO: fix typo in isDepedency

func (IngestPredicates) GetArtifacts added in v0.1.1

func (IngestPredicates) GetBuilders added in v0.1.1

func (IngestPredicates) GetLicenses added in v0.2.0

func (IngestPredicates) GetMaterials added in v0.1.1

func (IngestPredicates) GetPackages added in v0.1.1

func (i IngestPredicates) GetPackages(ctx context.Context) []*generated.PkgInputSpec

func (IngestPredicates) GetSources added in v0.1.1

func (IngestPredicates) GetVulnerabilities added in v0.2.0

func (i IngestPredicates) GetVulnerabilities(ctx context.Context) []*generated.VulnerabilityInputSpec

type IsDependencyIngest added in v0.1.0

type IsDependencyIngest struct {
	Pkg             *generated.PkgInputSpec          `json:"pkg,omitempty"`
	DepPkg          *generated.PkgInputSpec          `json:"depPkg,omitempty"`
	DepPkgMatchFlag generated.MatchFlags             `json:"depPkgMatchFlag,omitempty"`
	IsDependency    *generated.IsDependencyInputSpec `json:"isDependency,omitempty"`
}

type IsOccurrenceIngest added in v0.1.0

type IsOccurrenceIngest struct {
	// Occurrence describes either pkg or src
	Pkg *generated.PkgInputSpec    `json:"pkg,omitempty"`
	Src *generated.SourceInputSpec `json:"src,omitempty"`

	// Artifact is the required object of the occurence
	Artifact *generated.ArtifactInputSpec `json:"artifact,omitempty"`

	IsOccurrence *generated.IsOccurrenceInputSpec `json:"isOccurrence,omitempty"`
}

type PkgEqualIngest added in v0.1.1

type PkgEqualIngest struct {
	// PkgEqualIngest describes two packages are the same
	Pkg      *generated.PkgInputSpec      `json:"pkg,omitempty"`
	EqualPkg *generated.PkgInputSpec      `json:"equalPkg,omitempty"`
	PkgEqual *generated.PkgEqualInputSpec `json:"pkgEqual,omitempty"`
}

type PointOfContactIngest added in v0.1.1

type PointOfContactIngest struct {
	// pointOfContact describes either pkg, src or artifact
	Pkg            *generated.PkgInputSpec            `json:"pkg,omitempty"`
	PkgMatchFlag   generated.MatchFlags               `json:"pkgMatchFlag,omitempty"`
	Src            *generated.SourceInputSpec         `json:"src,omitempty"`
	Artifact       *generated.ArtifactInputSpec       `json:"artifact,omitempty"`
	PointOfContact *generated.PointOfContactInputSpec `json:"pointOfContact,omitempty"`
}

type VexIngest added in v0.1.1

type VexIngest struct {
	// pkg or artifact is required
	Pkg      *generated.PkgInputSpec      `json:"pkg,omitempty"`
	Artifact *generated.ArtifactInputSpec `json:"artifact,omitempty"`

	// vulnerability (cannot be set to noVuln)
	Vulnerability *generated.VulnerabilityInputSpec `json:"vulnerability,omitempty"`

	VexData *generated.VexStatementInputSpec `json:"vexData,omitempty"`
}

type VulnEqualIngest added in v0.2.0

type VulnEqualIngest struct {
	Vulnerability      *generated.VulnerabilityInputSpec `json:"vulnerability,omitempty"`
	EqualVulnerability *generated.VulnerabilityInputSpec `json:"equalVulnerability,omitempty"`
	VulnEqual          *generated.VulnEqualInputSpec     `json:"vulnEqual,omitempty"`
}

type VulnMetadataIngest added in v0.2.0

type VulnMetadataIngest struct {
	// vulnerability (cannot be set to noVuln)
	Vulnerability *generated.VulnerabilityInputSpec         `json:"vulnerability,omitempty"`
	VulnMetadata  *generated.VulnerabilityMetadataInputSpec `json:"vulnData,omitempty"`
}

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL