assembler

package

v0.1.1 Latest Latest Go to latest Published: Jul 24, 2023 License: Apache-2.0 Imports: 6 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/guacsec/guac

Links

Open Source Insights

Documentation ¶

Index ¶

func NewObjectMetadata(s processor.SourceInformation) *objectMetadata
type AssemblerInput
type CertifyBadIngest
type CertifyGoodIngest
type CertifyScorecardIngest
type CertifyVulnIngest
type HasSBOMIngest
type HasSlsaIngest
type HasSourceAtIngest
type HashEqualIngest
type IngestPredicates
type IsDependencyIngest
type IsOccurrenceIngest
type IsVulnIngest
type PkgEqualIngest
type PointOfContactIngest
type VexIngest

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

func NewObjectMetadata ¶

func NewObjectMetadata(s processor.SourceInformation) *objectMetadata

NewObjectMetadata creates a new instance to add metadata to nodes

Types ¶

type AssemblerInput ¶

type AssemblerInput = IngestPredicates

AssemblerInput represents the inputs to add to the graph

type CertifyBadIngest ¶ added in v0.1.0

type CertifyBadIngest struct {
	// certifyBad describes either pkg, src or artifact
	Pkg          *generated.PkgInputSpec        `json:"pkg,omitempty"`
	PkgMatchFlag generated.MatchFlags           `json:"pkgMatchFlag,omitempty"`
	Src          *generated.SourceInputSpec     `json:"src,omitempty"`
	Artifact     *generated.ArtifactInputSpec   `json:"artifact,omitempty"`
	CertifyBad   *generated.CertifyBadInputSpec `json:"certifyBad,omitempty"`
}

type CertifyGoodIngest ¶ added in v0.1.0

type CertifyGoodIngest struct {
	// certifyGood describes either pkg, src or artifact
	Pkg          *generated.PkgInputSpec         `json:"pkg,omitempty"`
	PkgMatchFlag generated.MatchFlags            `json:"pkgMatchFlag,omitempty"`
	Src          *generated.SourceInputSpec      `json:"src,omitempty"`
	Artifact     *generated.ArtifactInputSpec    `json:"artifact,omitempty"`
	CertifyGood  *generated.CertifyGoodInputSpec `json:"certifyGood,omitempty"`
}

type CertifyScorecardIngest ¶ added in v0.1.0

type CertifyScorecardIngest struct {
	Source    *generated.SourceInputSpec    `json:"source,omitempty"`
	Scorecard *generated.ScorecardInputSpec `json:"scorecard,omitempty"`
}

type CertifyVulnIngest ¶ added in v0.1.0

type CertifyVulnIngest struct {
	// pkg is required
	Pkg *generated.PkgInputSpec `json:"pkg,omitempty"`

	// vulnerability should be either OSV, CVE, GHSA, or none if no vulnerability is found
	OSV  *generated.OSVInputSpec  `json:"osv,omitempty"`
	CVE  *generated.CVEInputSpec  `json:"cve,omitempty"`
	GHSA *generated.GHSAInputSpec `json:"ghsa,omitempty"`

	VulnData *generated.VulnerabilityMetaDataInput `json:"vulnData,omitempty"`
}

type HasSBOMIngest ¶ added in v0.1.0

type HasSBOMIngest struct {
	// hasSBOM describes either pkg or artifact
	Pkg      *generated.PkgInputSpec      `json:"pkg,omitempty"`
	Artifact *generated.ArtifactInputSpec `json:"artifact,omitempty"`

	HasSBOM *generated.HasSBOMInputSpec `json:"hasSbom,omitempty"`
}

type HasSlsaIngest ¶ added in v0.1.0

type HasSlsaIngest struct {
	Artifact  *generated.ArtifactInputSpec  `json:",omitempty"`
	HasSlsa   *generated.SLSAInputSpec      `json:",omitempty"`
	Materials []generated.ArtifactInputSpec `json:",omitempty"`
	Builder   *generated.BuilderInputSpec   `json:",omitempty"`
}

type HasSourceAtIngest ¶ added in v0.1.0

type HasSourceAtIngest struct {
	Pkg          *generated.PkgInputSpec         `json:"pkg,omitempty"`
	PkgMatchFlag generated.MatchFlags            `json:"pkgMatchFlag,omitempty"`
	Src          *generated.SourceInputSpec      `json:"src,omitempty"`
	HasSourceAt  *generated.HasSourceAtInputSpec `json:"hasSourceAt,omitempty"`
}

type HashEqualIngest ¶ added in v0.1.1

type HashEqualIngest struct {
	// HashEqualIngest describes two artifacts are the same
	Artifact      *generated.ArtifactInputSpec `json:"artifact,omitempty"`
	EqualArtifact *generated.ArtifactInputSpec `json:"equalArtifact,omitempty"`

	HashEqual *generated.HashEqualInputSpec `json:"hashEqual,omitempty"`
}

type IngestPredicates ¶ added in v0.1.0

type IngestPredicates struct {
	CertifyScorecard []CertifyScorecardIngest `json:"certifyScorecard,omitempty"`
	IsDependency     []IsDependencyIngest     `json:"isDependency,omitempty"`
	IsOccurrence     []IsOccurrenceIngest     `json:"isOccurrence,omitempty"`
	HasSlsa          []HasSlsaIngest          `json:"hasSlsa,omitempty"`
	CertifyVuln      []CertifyVulnIngest      `json:"certifyVuln,omitempty"`
	IsVuln           []IsVulnIngest           `json:"isVuln,omitempty"`
	HasSourceAt      []HasSourceAtIngest      `json:"hasSourceAt,omitempty"`
	CertifyBad       []CertifyBadIngest       `json:"certifyBad,omitempty"`
	CertifyGood      []CertifyGoodIngest      `json:"certifyGood,omitempty"`
	HasSBOM          []HasSBOMIngest          `json:"hasSBOM,omitempty"`
	HashEqual        []HashEqualIngest        `json:"hashEqual,omitempty"`
	PkgEqual         []PkgEqualIngest         `json:"pkgEqual,omitempty"`
	Vex              []VexIngest              `json:"vex,omitempty"`
	PointOfContact   []PointOfContactIngest   `json:"contact,omitempty"`
}

IngestPredicates contains the set of predicates that want to be ingested based on the GUAC ontology. It only has evidence trees as ingestion of the software trees are implicit and handled by the client library. TODO: fix typo in isDepedency

func (IngestPredicates) GetArtifacts ¶ added in v0.1.1

func (i IngestPredicates) GetArtifacts(ctx context.Context) []*generated.ArtifactInputSpec

func (IngestPredicates) GetBuilders ¶ added in v0.1.1

func (i IngestPredicates) GetBuilders(ctx context.Context) []*generated.BuilderInputSpec

func (IngestPredicates) GetCVEs ¶ added in v0.1.1

func (i IngestPredicates) GetCVEs(ctx context.Context) []*generated.CVEInputSpec

func (IngestPredicates) GetGHSAs ¶ added in v0.1.1

func (i IngestPredicates) GetGHSAs(ctx context.Context) []*generated.GHSAInputSpec

func (IngestPredicates) GetMaterials ¶ added in v0.1.1

func (i IngestPredicates) GetMaterials(ctx context.Context) []generated.ArtifactInputSpec

func (IngestPredicates) GetOSVs ¶ added in v0.1.1

func (i IngestPredicates) GetOSVs(ctx context.Context) []*generated.OSVInputSpec

func (IngestPredicates) GetPackages ¶ added in v0.1.1

func (i IngestPredicates) GetPackages(ctx context.Context) []*generated.PkgInputSpec

func (IngestPredicates) GetSources ¶ added in v0.1.1

func (i IngestPredicates) GetSources(ctx context.Context) []*generated.SourceInputSpec

type IsDependencyIngest ¶ added in v0.1.0

type IsDependencyIngest struct {
	Pkg          *generated.PkgInputSpec          `json:"pkg,omitempty"`
	DepPkg       *generated.PkgInputSpec          `json:"depPkg,omitempty"`
	IsDependency *generated.IsDependencyInputSpec `json:"isDependency,omitempty"`
}

type IsOccurrenceIngest ¶ added in v0.1.0

type IsOccurrenceIngest struct {
	// Occurrence describes either pkg or src
	Pkg *generated.PkgInputSpec    `json:"pkg,omitempty"`
	Src *generated.SourceInputSpec `json:"src,omitempty"`

	// Artifact is the required object of the occurence
	Artifact *generated.ArtifactInputSpec `json:"artifact,omitempty"`

	IsOccurrence *generated.IsOccurrenceInputSpec `json:"isOccurrence,omitempty"`
}

type IsVulnIngest ¶ added in v0.1.0

type IsVulnIngest struct {
	OSV    *generated.OSVInputSpec             `json:"osv,omitempty"`
	CVE    *generated.CVEInputSpec             `json:"cve,omitempty"`
	GHSA   *generated.GHSAInputSpec            `json:"ghsa,omitempty"`
	IsVuln *generated.IsVulnerabilityInputSpec `json:"isVuln,omitempty"`
}

Only CVE or GHSA needed, not both

type PkgEqualIngest ¶ added in v0.1.1

type PkgEqualIngest struct {
	// PkgEqualIngest describes two packages are the same
	Pkg      *generated.PkgInputSpec      `json:"pkg,omitempty"`
	EqualPkg *generated.PkgInputSpec      `json:"equalPkg,omitempty"`
	PkgEqual *generated.PkgEqualInputSpec `json:"pkgEqual,omitempty"`
}

type PointOfContactIngest ¶ added in v0.1.1

type PointOfContactIngest struct {
	// pointOfContact describes either pkg, src or artifact
	Pkg            *generated.PkgInputSpec            `json:"pkg,omitempty"`
	PkgMatchFlag   generated.MatchFlags               `json:"pkgMatchFlag,omitempty"`
	Src            *generated.SourceInputSpec         `json:"src,omitempty"`
	Artifact       *generated.ArtifactInputSpec       `json:"artifact,omitempty"`
	PointOfContact *generated.PointOfContactInputSpec `json:"pointOfContact,omitempty"`
}

type VexIngest ¶ added in v0.1.1

type VexIngest struct {
	// pkg or artifact is required
	Pkg      *generated.PkgInputSpec      `json:"pkg,omitempty"`
	Artifact *generated.ArtifactInputSpec `json:"artifact,omitempty"`

	// vulnerability should be either OSV, CVE, GHSA
	OSV  *generated.OSVInputSpec  `json:"osv,omitempty"`
	CVE  *generated.CVEInputSpec  `json:"cve,omitempty"`
	GHSA *generated.GHSAInputSpec `json:"ghsa,omitempty"`

	VexData *generated.VexStatementInputSpec `json:"vexData,omitempty"`
}

Source Files ¶

View all Source files

Directories ¶

Path	Synopsis
backends
arangodb
helper
inmem
neo4j
clients
generated
helpers
graphql
generated
model
resolvers
helpers

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL