assembler

package

v0.8.2 Latest Latest Go to latest Published: Aug 30, 2024 License: Apache-2.0 Imports: 3 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/guacsec/guac

Links

Open Source Insights

Documentation ¶

Index ¶

type AssemblerInput
type CertifyBadIngest
type CertifyGoodIngest
type CertifyLegalIngest
type CertifyScorecardIngest
type CertifyVulnIngest
type HasMetadataIngest
type HasSBOMIngest
type HasSlsaIngest
type HasSourceAtIngest
type HashEqualIngest
type IngestPredicates
- func (i IngestPredicates) GetArtifacts(ctx context.Context) map[string]*generated.IDorArtifactInput
- func (i IngestPredicates) GetBuilders(ctx context.Context) map[string]*generated.IDorBuilderInput
- func (i IngestPredicates) GetLicenses(ctx context.Context) map[string]*generated.IDorLicenseInput
- func (i IngestPredicates) GetMaterials(ctx context.Context) map[string]*generated.IDorArtifactInput
- func (i IngestPredicates) GetPackages(ctx context.Context) map[string]*generated.IDorPkgInput
- func (i IngestPredicates) GetSources(ctx context.Context) map[string]*generated.IDorSourceInput
- func (i IngestPredicates) GetVulnerabilities(ctx context.Context) map[string]*generated.IDorVulnerabilityInput
type IsDependencyIngest
type IsOccurrenceIngest
type PkgEqualIngest
type PointOfContactIngest
type VexIngest
type VulnEqualIngest
type VulnMetadataIngest

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

This section is empty.

Types ¶

type AssemblerInput ¶

type AssemblerInput = IngestPredicates

AssemblerInput represents the inputs to add to the graph

type CertifyBadIngest ¶ added in v0.1.0

type CertifyBadIngest struct {
	// certifyBad describes either pkg, src or artifact
	Pkg          *generated.PkgInputSpec        `json:"pkg,omitempty"`
	PkgMatchFlag generated.MatchFlags           `json:"pkgMatchFlag,omitempty"`
	Src          *generated.SourceInputSpec     `json:"src,omitempty"`
	Artifact     *generated.ArtifactInputSpec   `json:"artifact,omitempty"`
	CertifyBad   *generated.CertifyBadInputSpec `json:"certifyBad,omitempty"`
}

type CertifyGoodIngest ¶ added in v0.1.0

type CertifyGoodIngest struct {
	// certifyGood describes either pkg, src or artifact
	Pkg          *generated.PkgInputSpec         `json:"pkg,omitempty"`
	PkgMatchFlag generated.MatchFlags            `json:"pkgMatchFlag,omitempty"`
	Src          *generated.SourceInputSpec      `json:"src,omitempty"`
	Artifact     *generated.ArtifactInputSpec    `json:"artifact,omitempty"`
	CertifyGood  *generated.CertifyGoodInputSpec `json:"certifyGood,omitempty"`
}

type CertifyLegalIngest ¶ added in v0.2.0

type CertifyLegalIngest struct {
	Pkg *generated.PkgInputSpec    `json:"pkg,omitempty"`
	Src *generated.SourceInputSpec `json:"src,omitempty"`

	Declared   []generated.LicenseInputSpec `json:"declared,omitempty"`
	Discovered []generated.LicenseInputSpec `json:"discovered,omitempty"`

	CertifyLegal *generated.CertifyLegalInputSpec `json:"certifyLegal,omitempty"`
}

type CertifyScorecardIngest ¶ added in v0.1.0

type CertifyScorecardIngest struct {
	Source    *generated.SourceInputSpec    `json:"source,omitempty"`
	Scorecard *generated.ScorecardInputSpec `json:"scorecard,omitempty"`
}

type CertifyVulnIngest ¶ added in v0.1.0

type CertifyVulnIngest struct {
	// pkg is required
	Pkg *generated.PkgInputSpec `json:"pkg,omitempty"`

	// vulnerability or noVuln if no vulnerability is found
	Vulnerability *generated.VulnerabilityInputSpec `json:"vulnerability,omitempty"`

	VulnData *generated.ScanMetadataInput `json:"vulnData,omitempty"`
}

type HasMetadataIngest ¶ added in v0.2.0

type HasMetadataIngest struct {
	// hasMetadata describes either pkg, src or artifact metadata
	Pkg          *generated.PkgInputSpec         `json:"pkg,omitempty"`
	PkgMatchFlag generated.MatchFlags            `json:"pkgMatchFlag,omitempty"`
	Src          *generated.SourceInputSpec      `json:"src,omitempty"`
	Artifact     *generated.ArtifactInputSpec    `json:"artifact,omitempty"`
	HasMetadata  *generated.HasMetadataInputSpec `json:"hasMetadata,omitempty"`
}

type HasSBOMIngest ¶ added in v0.1.0

type HasSBOMIngest struct {
	// hasSBOM describes either pkg or artifact
	Pkg      *generated.PkgInputSpec      `json:"pkg,omitempty"`
	Artifact *generated.ArtifactInputSpec `json:"artifact,omitempty"`

	HasSBOM  *generated.HasSBOMInputSpec         `json:"hasSbom,omitempty"`
	Includes *generated.HasSBOMIncludesInputSpec `json:"includes,omitempty"`
}

type HasSlsaIngest ¶ added in v0.1.0

type HasSlsaIngest struct {
	Artifact  *generated.ArtifactInputSpec  `json:",omitempty"`
	HasSlsa   *generated.SLSAInputSpec      `json:",omitempty"`
	Materials []generated.ArtifactInputSpec `json:",omitempty"`
	Builder   *generated.BuilderInputSpec   `json:",omitempty"`
}

type HasSourceAtIngest ¶ added in v0.1.0

type HasSourceAtIngest struct {
	Pkg          *generated.PkgInputSpec         `json:"pkg,omitempty"`
	PkgMatchFlag generated.MatchFlags            `json:"pkgMatchFlag,omitempty"`
	Src          *generated.SourceInputSpec      `json:"src,omitempty"`
	HasSourceAt  *generated.HasSourceAtInputSpec `json:"hasSourceAt,omitempty"`
}

type HashEqualIngest ¶ added in v0.1.1

type HashEqualIngest struct {
	// HashEqualIngest describes two artifacts are the same
	Artifact      *generated.ArtifactInputSpec `json:"artifact,omitempty"`
	EqualArtifact *generated.ArtifactInputSpec `json:"equalArtifact,omitempty"`

	HashEqual *generated.HashEqualInputSpec `json:"hashEqual,omitempty"`
}

type IngestPredicates ¶ added in v0.1.0

type IngestPredicates struct {
	CertifyScorecard []CertifyScorecardIngest `json:"certifyScorecard,omitempty"`
	IsDependency     []IsDependencyIngest     `json:"isDependency,omitempty"`
	IsOccurrence     []IsOccurrenceIngest     `json:"isOccurrence,omitempty"`
	HasSlsa          []HasSlsaIngest          `json:"hasSlsa,omitempty"`
	CertifyVuln      []CertifyVulnIngest      `json:"certifyVuln,omitempty"`
	VulnEqual        []VulnEqualIngest        `json:"vulnEqual,omitempty"`
	HasSourceAt      []HasSourceAtIngest      `json:"hasSourceAt,omitempty"`
	CertifyBad       []CertifyBadIngest       `json:"certifyBad,omitempty"`
	CertifyGood      []CertifyGoodIngest      `json:"certifyGood,omitempty"`
	HasSBOM          []HasSBOMIngest          `json:"hasSBOM,omitempty"`
	HashEqual        []HashEqualIngest        `json:"hashEqual,omitempty"`
	PkgEqual         []PkgEqualIngest         `json:"pkgEqual,omitempty"`
	Vex              []VexIngest              `json:"vex,omitempty"`
	PointOfContact   []PointOfContactIngest   `json:"contact,omitempty"`
	VulnMetadata     []VulnMetadataIngest     `json:"vulnMetadata,omitempty"`
	HasMetadata      []HasMetadataIngest      `json:"hasMetadata,omitempty"`
	CertifyLegal     []CertifyLegalIngest     `json:"certifyLegal,omitempty"`
}

IngestPredicates contains the set of predicates that want to be ingested based on the GUAC ontology. It only has evidence trees as ingestion of the software trees are implicit and handled by the client library. TODO: fix typo in isDepedency

func (IngestPredicates) GetArtifacts ¶ added in v0.1.1

func (i IngestPredicates) GetArtifacts(ctx context.Context) map[string]*generated.IDorArtifactInput

func (IngestPredicates) GetBuilders ¶ added in v0.1.1

func (i IngestPredicates) GetBuilders(ctx context.Context) map[string]*generated.IDorBuilderInput

func (IngestPredicates) GetLicenses ¶ added in v0.2.0

func (i IngestPredicates) GetLicenses(ctx context.Context) map[string]*generated.IDorLicenseInput

func (IngestPredicates) GetMaterials ¶ added in v0.1.1

func (i IngestPredicates) GetMaterials(ctx context.Context) map[string]*generated.IDorArtifactInput

func (IngestPredicates) GetPackages ¶ added in v0.1.1

func (i IngestPredicates) GetPackages(ctx context.Context) map[string]*generated.IDorPkgInput

func (IngestPredicates) GetSources ¶ added in v0.1.1

func (i IngestPredicates) GetSources(ctx context.Context) map[string]*generated.IDorSourceInput

func (IngestPredicates) GetVulnerabilities ¶ added in v0.2.0

func (i IngestPredicates) GetVulnerabilities(ctx context.Context) map[string]*generated.IDorVulnerabilityInput

type IsDependencyIngest ¶ added in v0.1.0

type IsDependencyIngest struct {
	Pkg          *generated.PkgInputSpec          `json:"pkg,omitempty"`
	DepPkg       *generated.PkgInputSpec          `json:"depPkg,omitempty"`
	IsDependency *generated.IsDependencyInputSpec `json:"isDependency,omitempty"`
}

type IsOccurrenceIngest ¶ added in v0.1.0

type IsOccurrenceIngest struct {
	// Occurrence describes either pkg or src
	Pkg *generated.PkgInputSpec    `json:"pkg,omitempty"`
	Src *generated.SourceInputSpec `json:"src,omitempty"`

	// Artifact is the required object of the occurence
	Artifact *generated.ArtifactInputSpec `json:"artifact,omitempty"`

	IsOccurrence *generated.IsOccurrenceInputSpec `json:"isOccurrence,omitempty"`
}

type PkgEqualIngest ¶ added in v0.1.1

type PkgEqualIngest struct {
	// PkgEqualIngest describes two packages are the same
	Pkg      *generated.PkgInputSpec      `json:"pkg,omitempty"`
	EqualPkg *generated.PkgInputSpec      `json:"equalPkg,omitempty"`
	PkgEqual *generated.PkgEqualInputSpec `json:"pkgEqual,omitempty"`
}

type PointOfContactIngest ¶ added in v0.1.1

type PointOfContactIngest struct {
	// pointOfContact describes either pkg, src or artifact
	Pkg            *generated.PkgInputSpec            `json:"pkg,omitempty"`
	PkgMatchFlag   generated.MatchFlags               `json:"pkgMatchFlag,omitempty"`
	Src            *generated.SourceInputSpec         `json:"src,omitempty"`
	Artifact       *generated.ArtifactInputSpec       `json:"artifact,omitempty"`
	PointOfContact *generated.PointOfContactInputSpec `json:"pointOfContact,omitempty"`
}

type VexIngest ¶ added in v0.1.1

type VexIngest struct {
	// pkg or artifact is required
	Pkg      *generated.PkgInputSpec      `json:"pkg,omitempty"`
	Artifact *generated.ArtifactInputSpec `json:"artifact,omitempty"`

	// vulnerability (cannot be set to noVuln)
	Vulnerability *generated.VulnerabilityInputSpec `json:"vulnerability,omitempty"`

	VexData *generated.VexStatementInputSpec `json:"vexData,omitempty"`
}

type VulnEqualIngest ¶ added in v0.2.0

type VulnEqualIngest struct {
	Vulnerability      *generated.VulnerabilityInputSpec `json:"vulnerability,omitempty"`
	EqualVulnerability *generated.VulnerabilityInputSpec `json:"equalVulnerability,omitempty"`
	VulnEqual          *generated.VulnEqualInputSpec     `json:"vulnEqual,omitempty"`
}

type VulnMetadataIngest ¶ added in v0.2.0

type VulnMetadataIngest struct {
	// vulnerability (cannot be set to noVuln)
	Vulnerability *generated.VulnerabilityInputSpec         `json:"vulnerability,omitempty"`
	VulnMetadata  *generated.VulnerabilityMetadataInputSpec `json:"vulnData,omitempty"`
}

Source Files ¶

View all Source files

assembler.go

Directories ¶

Path	Synopsis
backends
arangodb
ent
ent/artifact
ent/backend
ent/backend/cmd
ent/billofmaterials
ent/builder
ent/certification
ent/certifylegal
ent/certifyscorecard
ent/certifyvex
ent/certifyvuln
ent/cmd/cleanup
ent/dependency
ent/enttest
ent/hashequal
ent/hasmetadata
ent/hassourceat
ent/hook
ent/license
ent/migrate
ent/occurrence
ent/packagename
ent/packageversion
ent/pkgequal
ent/pointofcontact
ent/predicate
ent/runtime
ent/schema
ent/slsaattestation
ent/sourcename
ent/testutils
ent/vulnequal
ent/vulnerabilityid
ent/vulnerabilitymetadata
helper
keyvalue
neo4j
neptune
clients
generated
helpers
graphql
generated
model
resolvers
helpers
kv Package kv is an interface that the keyvalue backend uses to store data	Package kv is an interface that the keyvalue backend uses to store data
memmap
redis
tikv

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL