Documentation ¶
Overview ¶
Package vuln attestation parser parses the attestation defined by by the certifier using the predicate type "https://in-toto.io/attestation/vulns/v0.1" Three different types of ingest predicates are created.
- IsOccurences are created mapping between any package purls found in the subject, and any digests found under those.
- CertifyVulnerabilies are created mapping any package purl found in the subject and any vulnerabilites found in the scanner results. The vulnerabilites are treated as OSV.
- IsVulnerabilities are created between any found vulnerability in the scanner results (OSV) and either a CVE or GHSA vulnerability that is created by parsing the OSV ID.
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func NewVulnCertificationParser ¶
func NewVulnCertificationParser() common.DocumentParser
NewVulnCertificationParser initializes the parser
Types ¶
This section is empty.