Documentation ¶
Index ¶
- Variables
- type Artifact
- type ArtifactConnection
- type ArtifactEdge
- type ArtifactInputSpec
- type ArtifactSpec
- type Builder
- type BuilderConnection
- type BuilderEdge
- type BuilderInputSpec
- type BuilderSpec
- type CertifyBad
- type CertifyBadConnection
- type CertifyBadEdge
- type CertifyBadInputSpec
- type CertifyBadSpec
- type CertifyGood
- type CertifyGoodConnection
- type CertifyGoodEdge
- type CertifyGoodInputSpec
- type CertifyGoodSpec
- type CertifyLegal
- type CertifyLegalConnection
- type CertifyLegalEdge
- type CertifyLegalInputSpec
- type CertifyLegalSpec
- type CertifyScorecard
- type CertifyScorecardConnection
- type CertifyScorecardEdge
- type CertifyScorecardSpec
- type CertifyVEXStatement
- type CertifyVEXStatementSpec
- type CertifyVuln
- type CertifyVulnConnection
- type CertifyVulnEdge
- type CertifyVulnSpec
- type Comparator
- type DependencyType
- type Edge
- type FilterOperation
- type FindSoftwareConnection
- type HasMetadata
- type HasMetadataConnection
- type HasMetadataEdge
- type HasMetadataInputSpec
- type HasMetadataSpec
- type HasSBOMConnection
- type HasSBOMEdge
- type HasSBOMIncludesInputSpec
- type HasSBOMInputSpec
- type HasSBOMSpec
- type HasSLSAConnection
- type HasSLSAEdge
- type HasSLSASpec
- type HasSbom
- type HasSlsa
- type HasSourceAt
- type HasSourceAtConnection
- type HasSourceAtEdge
- type HasSourceAtInputSpec
- type HasSourceAtSpec
- type HashEqual
- type HashEqualConnection
- type HashEqualEdge
- type HashEqualInputSpec
- type HashEqualSpec
- type IDorArtifactInput
- type IDorBuilderInput
- type IDorLicenseInput
- type IDorPkgInput
- type IDorSourceInput
- type IDorVulnerabilityInput
- type IsDependency
- type IsDependencyConnection
- type IsDependencyEdge
- type IsDependencyInputSpec
- type IsDependencySpec
- type IsOccurrence
- type IsOccurrenceConnection
- type IsOccurrenceEdge
- type IsOccurrenceInputSpec
- type IsOccurrenceSpec
- type License
- type LicenseConnection
- type LicenseEdge
- type LicenseInputSpec
- type LicenseSpec
- type MatchFlags
- type Mutation
- type NeighborConnection
- type NeighborEdge
- type Node
- type Package
- type PackageConnection
- type PackageEdge
- type PackageIDs
- type PackageName
- type PackageNamespace
- type PackageOrArtifact
- type PackageOrArtifactInput
- type PackageOrArtifactInputs
- type PackageOrArtifactSpec
- type PackageOrSource
- type PackageOrSourceInput
- type PackageOrSourceInputs
- type PackageOrSourceSpec
- type PackageQualifier
- type PackageQualifierInputSpec
- type PackageQualifierSpec
- type PackageSourceOrArtifact
- type PackageSourceOrArtifactInput
- type PackageSourceOrArtifactInputs
- type PackageSourceOrArtifactSpec
- type PackageVersion
- type PageInfo
- type PkgEqual
- type PkgEqualConnection
- type PkgEqualEdge
- type PkgEqualInputSpec
- type PkgEqualSpec
- type PkgInputSpec
- type PkgMatchType
- type PkgSpec
- type PointOfContact
- type PointOfContactConnection
- type PointOfContactEdge
- type PointOfContactInputSpec
- type PointOfContactSpec
- type Query
- type SLSAInputSpec
- type SLSAPredicate
- type SLSAPredicateInputSpec
- type SLSAPredicateSpec
- type ScanMetadata
- type ScanMetadataInput
- type Scorecard
- type ScorecardCheck
- type ScorecardCheckInputSpec
- type ScorecardCheckSpec
- type ScorecardInputSpec
- type Slsa
- type SoftwareEdge
- type Source
- type SourceConnection
- type SourceEdge
- type SourceIDs
- type SourceInputSpec
- type SourceName
- type SourceNamespace
- type SourceSpec
- type VEXConnection
- type VEXEdge
- type VexJustification
- type VexStatementInputSpec
- type VexStatus
- type VulnEqual
- type VulnEqualConnection
- type VulnEqualEdge
- type VulnEqualInputSpec
- type VulnEqualSpec
- type Vulnerability
- type VulnerabilityConnection
- type VulnerabilityEdge
- type VulnerabilityID
- type VulnerabilityIDs
- type VulnerabilityInputSpec
- type VulnerabilityMetadata
- type VulnerabilityMetadataConnection
- type VulnerabilityMetadataEdge
- type VulnerabilityMetadataInputSpec
- type VulnerabilityMetadataSpec
- type VulnerabilityScoreType
- type VulnerabilitySpec
Constants ¶
This section is empty.
Variables ¶
var AllComparator = []Comparator{ ComparatorGreater, ComparatorEqual, ComparatorLess, ComparatorGreaterEqual, ComparatorLessEqual, }
var AllDependencyType = []DependencyType{ DependencyTypeDirect, DependencyTypeIndirect, DependencyTypeUnknown, }
var AllEdge = []Edge{ EdgeArtifactCertifyBad, EdgeArtifactCertifyGood, EdgeArtifactCertifyVexStatement, EdgeArtifactHashEqual, EdgeArtifactHasMetadata, EdgeArtifactHasSbom, EdgeArtifactHasSlsa, EdgeArtifactIsOccurrence, EdgeArtifactPointOfContact, EdgeBuilderHasSlsa, EdgeLicenseCertifyLegal, EdgePackageCertifyBad, EdgePackageCertifyGood, EdgePackageCertifyLegal, EdgePackageCertifyVexStatement, EdgePackageCertifyVuln, EdgePackageHasMetadata, EdgePackageHasSbom, EdgePackageHasSourceAt, EdgePackageIsDependency, EdgePackageIsOccurrence, EdgePackageNamePackageNamespace, EdgePackageNamePackageVersion, EdgePackageNamespacePackageName, EdgePackageNamespacePackageType, EdgePackagePkgEqual, EdgePackagePointOfContact, EdgePackageTypePackageNamespace, EdgePackageVersionPackageName, EdgeSourceCertifyBad, EdgeSourceCertifyGood, EdgeSourceCertifyLegal, EdgeSourceCertifyScorecard, EdgeSourceHasMetadata, EdgeSourceHasSourceAt, EdgeSourceIsOccurrence, EdgeSourceNameSourceNamespace, EdgeSourceNamespaceSourceName, EdgeSourceNamespaceSourceType, EdgeSourcePointOfContact, EdgeSourceTypeSourceNamespace, EdgeVulnerabilityCertifyVexStatement, EdgeVulnerabilityCertifyVuln, EdgeVulnerabilityIDVulnerabilityType, EdgeVulnerabilityTypeVulnerabilityID, EdgeVulnerabilityVulnEqual, EdgeVulnerabilityVulnMetadata, EdgeCertifyBadArtifact, EdgeCertifyBadPackage, EdgeCertifyBadSource, EdgeCertifyGoodArtifact, EdgeCertifyGoodPackage, EdgeCertifyGoodSource, EdgeCertifyLegalLicense, EdgeCertifyLegalPackage, EdgeCertifyLegalSource, EdgeCertifyScorecardSource, EdgeCertifyVexStatementArtifact, EdgeCertifyVexStatementPackage, EdgeCertifyVexStatementVulnerability, EdgeCertifyVulnPackage, EdgeCertifyVulnVulnerability, EdgeHashEqualArtifact, EdgeHasMetadataArtifact, EdgeHasMetadataPackage, EdgeHasMetadataSource, EdgeHasSbomArtifact, EdgeHasSbomPackage, EdgeHasSbomIncludedSoftware, EdgeHasSbomIncludedDependencies, EdgeHasSbomIncludedOccurrences, EdgeHasSlsaBuiltBy, EdgeHasSlsaMaterials, EdgeHasSlsaSubject, EdgeHasSourceAtPackage, EdgeHasSourceAtSource, EdgeIsDependencyPackage, EdgeIsOccurrenceArtifact, EdgeIsOccurrencePackage, EdgeIsOccurrenceSource, EdgePkgEqualPackage, EdgePointOfContactArtifact, EdgePointOfContactPackage, EdgePointOfContactSource, EdgeVulnEqualVulnerability, EdgeVulnMetadataVulnerability, }
var AllFilterOperation = []FilterOperation{ FilterOperationContains, FilterOperationStartswith, }
var AllPkgMatchType = []PkgMatchType{ PkgMatchTypeAllVersions, PkgMatchTypeSpecificVersion, }
var AllVexJustification = []VexJustification{ VexJustificationComponentNotPresent, VexJustificationVulnerableCodeNotPresent, VexJustificationVulnerableCodeNotInExecutePath, VexJustificationVulnerableCodeCannotBeControlledByAdversary, VexJustificationInlineMitigationsAlreadyExist, VexJustificationNotProvided, }
var AllVexStatus = []VexStatus{ VexStatusNotAffected, VexStatusAffected, VexStatusFixed, VexStatusUnderInvestigation, }
var AllVulnerabilityScoreType = []VulnerabilityScoreType{ VulnerabilityScoreTypeCVSSv2, VulnerabilityScoreTypeCVSSv3, VulnerabilityScoreTypeEPSSv1, VulnerabilityScoreTypeEPSSv2, VulnerabilityScoreTypeCVSSv31, VulnerabilityScoreTypeCVSSv4, VulnerabilityScoreTypeOwasp, VulnerabilityScoreTypeSsvc, }
Functions ¶
This section is empty.
Types ¶
type Artifact ¶
type Artifact struct { ID string `json:"id"` Algorithm string `json:"algorithm"` Digest string `json:"digest"` }
Artifact represents an artifact identified by a checksum hash.
The checksum is split into the digest value and the algorithm used to generate it. Both fields are mandatory and canonicalized to be lowercase.
If having a checksum Go object, algorithm can be strings.ToLower(string(checksum.Algorithm)) and digest can be checksum.Value.
func (Artifact) IsPackageOrArtifact ¶
func (Artifact) IsPackageOrArtifact()
func (Artifact) IsPackageSourceOrArtifact ¶
func (Artifact) IsPackageSourceOrArtifact()
type ArtifactConnection ¶ added in v0.6.0
type ArtifactConnection struct { TotalCount int `json:"totalCount"` PageInfo *PageInfo `json:"pageInfo"` Edges []*ArtifactEdge `json:"edges"` }
ArtifactConnection returns the paginated results for artifact.
totalCount is the total number of results returned.
pageInfo provides information to the client if there is a next page of results and the starting and ending cursor for the current set.
edges contains the ArtifactEdge which contains the current cursor and the artifact node itself
type ArtifactEdge ¶ added in v0.6.0
ArtifactEdge contains the cursor for the resulting node and the artifact node itself.
type ArtifactInputSpec ¶
ArtifactInputSpec specifies an artifact for mutations.
The checksum fields are canonicalized to be lowercase.
type ArtifactSpec ¶
type ArtifactSpec struct { ID *string `json:"id,omitempty"` Algorithm *string `json:"algorithm,omitempty"` Digest *string `json:"digest,omitempty"` }
ArtifactSpec allows filtering the list of artifacts to return in a query.
The checksum fields are canonicalized to be lowercase.
type Builder ¶
Builder represents the builder (e.g., FRSCA or GitHub Actions).
Currently builders are identified by the uri field.
type BuilderConnection ¶ added in v0.6.0
type BuilderConnection struct { TotalCount int `json:"totalCount"` PageInfo *PageInfo `json:"pageInfo"` Edges []*BuilderEdge `json:"edges"` }
BuilderConnection returns the paginated results for builder.
totalCount is the total number of results returned.
pageInfo provides information to the client if there is a next page of results and the starting and ending cursor for the current set.
edges contains the BuilderEdge which contains the current cursor and the Builder node itself
type BuilderEdge ¶ added in v0.6.0
BuilderEdge contains the cursor for the resulting node and the Builder node itself.
type BuilderInputSpec ¶
type BuilderInputSpec struct {
URI string `json:"uri"`
}
BuilderInputSpec specifies a builder for mutations.
type BuilderSpec ¶
BuilderSpec allows filtering the list of builders to return in a query.
type CertifyBad ¶
type CertifyBad struct { ID string `json:"id"` // The package, source or artifact that is attested Subject PackageSourceOrArtifact `json:"subject"` // The justification for the subject being certified bad Justification string `json:"justification"` // Timestamp when the certification was created (in RFC 3339 format) KnownSince time.Time `json:"knownSince"` // Document from which this attestation is generated from Origin string `json:"origin"` // GUAC collector for the document Collector string `json:"collector"` // Reference location of the document in the persistent blob store (if that is configured) DocumentRef string `json:"documentRef"` }
CertifyBad is an attestation that a package, source, or artifact is considered bad.
All evidence trees record a justification for the property they represent as well as the document that contains the attestation (origin) and the collector that collected the document (collector).
The certification applies to a subject which is a package, source, or artifact. If the attestation targets a package, it must target a PackageName or a PackageVersion. If the attestation targets a source, it must target a SourceName.
func (CertifyBad) IsNode ¶
func (CertifyBad) IsNode()
type CertifyBadConnection ¶ added in v0.6.0
type CertifyBadConnection struct { TotalCount int `json:"totalCount"` PageInfo *PageInfo `json:"pageInfo"` Edges []*CertifyBadEdge `json:"edges"` }
CertifyBadConnection returns the paginated results for CertifyBad.
totalCount is the total number of results returned.
pageInfo provides information to the client if there is a next page of results and the starting and ending cursor for the current set.
edges contains the CertifyBadEdge which contains the current cursor and the CertifyBad node itself
type CertifyBadEdge ¶ added in v0.6.0
type CertifyBadEdge struct { Cursor string `json:"cursor"` Node *CertifyBad `json:"node"` }
CertifyBadEdge contains the cursor for the resulting node and the CertifyBad node itself.
type CertifyBadInputSpec ¶
type CertifyBadInputSpec struct { Justification string `json:"justification"` KnownSince time.Time `json:"knownSince"` Origin string `json:"origin"` Collector string `json:"collector"` DocumentRef string `json:"documentRef"` }
CertifyBadInputSpec represents the mutation input to ingest a CertifyBad evidence.
type CertifyBadSpec ¶
type CertifyBadSpec struct { ID *string `json:"id,omitempty"` Subject *PackageSourceOrArtifactSpec `json:"subject,omitempty"` Justification *string `json:"justification,omitempty"` KnownSince *time.Time `json:"knownSince,omitempty"` Origin *string `json:"origin,omitempty"` Collector *string `json:"collector,omitempty"` DocumentRef *string `json:"documentRef,omitempty"` }
CertifyBadSpec allows filtering the list of CertifyBad evidence to return in a query.
If a package is specified in the subject filter, then it must be specified up to PackageName or PackageVersion. That is, user must specify package name, or name and one of version, qualifiers, or subpath.
If a source is specified in the subject filter, then it must specify a name, and optionally a tag and a commit.
If KnownSince is specified, the returned value will be after or equal to the specified time. Any nodes time that is before KnownSince is excluded.
type CertifyGood ¶
type CertifyGood struct { ID string `json:"id"` // The package, source or artifact that is attested Subject PackageSourceOrArtifact `json:"subject"` // The justification for the subject being certified good Justification string `json:"justification"` // Timestamp when the certification was created (in RFC 3339 format) KnownSince time.Time `json:"knownSince"` // Document from which this attestation is generated from Origin string `json:"origin"` // GUAC collector for the document Collector string `json:"collector"` // Reference location of the document in the persistent blob store (if that is configured) DocumentRef string `json:"documentRef"` }
CertifyGood is an attestation that a package, source, or artifact is considered good.
All evidence trees record a justification for the property they represent as well as the document that contains the attestation (origin) and the collector that collected the document (collector).
The certification applies to a subject which is a package, source, or artifact. If the attestation targets a package, it must target a PackageName or a PackageVersion. If the attestation targets a source, it must target a SourceName.
func (CertifyGood) IsNode ¶
func (CertifyGood) IsNode()
type CertifyGoodConnection ¶ added in v0.6.0
type CertifyGoodConnection struct { TotalCount int `json:"totalCount"` PageInfo *PageInfo `json:"pageInfo"` Edges []*CertifyGoodEdge `json:"edges"` }
CertifyGoodConnection returns the paginated results for CertifyGood.
totalCount is the total number of results returned.
pageInfo provides information to the client if there is a next page of results and the starting and ending cursor for the current set.
edges contains the CertifyGoodEdge which contains the current cursor and the CertifyGood node itself
type CertifyGoodEdge ¶ added in v0.6.0
type CertifyGoodEdge struct { Cursor string `json:"cursor"` Node *CertifyGood `json:"node"` }
CertifyGoodEdge contains the cursor for the resulting node and the CertifyGood node itself.
type CertifyGoodInputSpec ¶
type CertifyGoodInputSpec struct { Justification string `json:"justification"` KnownSince time.Time `json:"knownSince"` Origin string `json:"origin"` Collector string `json:"collector"` DocumentRef string `json:"documentRef"` }
CertifyGoodInputSpec represents the mutation input to ingest a CertifyGood evidence.
type CertifyGoodSpec ¶
type CertifyGoodSpec struct { ID *string `json:"id,omitempty"` Subject *PackageSourceOrArtifactSpec `json:"subject,omitempty"` Justification *string `json:"justification,omitempty"` KnownSince *time.Time `json:"knownSince,omitempty"` Origin *string `json:"origin,omitempty"` Collector *string `json:"collector,omitempty"` DocumentRef *string `json:"documentRef,omitempty"` }
CertifyBadSpec allows filtering the list of CertifyBad evidence to return in a query.
If a package is specified in the subject filter, then it must be specified up to PackageName or PackageVersion. That is, user must specify package name, or name and one of version, qualifiers, or subpath.
If a source is specified in the subject filter, then it must specify a name, and optionally a tag and a commit.
If KnownSince is specified, the returned value will be after or equal to the specified time. Any nodes time that is before KnownSince is excluded.
type CertifyLegal ¶ added in v0.2.0
type CertifyLegal struct { ID string `json:"id"` // The package version or source that is attested Subject PackageOrSource `json:"subject"` // The license expression as delcared DeclaredLicense string `json:"declaredLicense"` // A list of license objects found in the declared license expression DeclaredLicenses []*License `json:"declaredLicenses"` // The license expression as discovered by scan DiscoveredLicense string `json:"discoveredLicense"` // A list of license objects found in the discovered license expression DiscoveredLicenses []*License `json:"discoveredLicenses"` // Attribution text of the subject Attribution string `json:"attribution"` // Extra justification for the certification Justification string `json:"justification"` // Time of scan (in RFC 3339 format) TimeScanned time.Time `json:"timeScanned"` // Document from which this attestation is generated from Origin string `json:"origin"` // GUAC collector for the document Collector string `json:"collector"` // Reference location of the document in the persistent blob store (if that is configured) DocumentRef string `json:"documentRef"` }
CertifyLegal is an attestation to attach legal information to a package or source.
The certification information is either copied from an attestation found in an SBOM or created by a collector/scanner.
Discovered license is also known as Concluded. More information: https://docs.clearlydefined.io/curation-guidelines#the-difference-between-declared-and-discovered-licenses
Attribution is also known as Copyright Text. It is what could be displayed to comply with notice requirements. https://www.nexb.com/oss-attribution-best-practices/
License expressions follow this format: https://spdx.github.io/spdx-spec/v2.3/SPDX-license-expressions/
func (CertifyLegal) IsNode ¶ added in v0.2.0
func (CertifyLegal) IsNode()
type CertifyLegalConnection ¶ added in v0.6.0
type CertifyLegalConnection struct { TotalCount int `json:"totalCount"` PageInfo *PageInfo `json:"pageInfo"` Edges []*CertifyLegalEdge `json:"edges"` }
CertifyLegalConnection returns the paginated results for CertifyLegal.
totalCount is the total number of results returned.
pageInfo provides information to the client if there is a next page of results and the starting and ending cursor for the current set.
edges contains the CertifyLegalEdge which contains the current cursor and the CertifyLegal node itself
type CertifyLegalEdge ¶ added in v0.6.0
type CertifyLegalEdge struct { Cursor string `json:"cursor"` Node *CertifyLegal `json:"node"` }
CertifyLegalEdge contains the cursor for the resulting node and the CertifyLegal node itself.
type CertifyLegalInputSpec ¶ added in v0.2.0
type CertifyLegalInputSpec struct { DeclaredLicense string `json:"declaredLicense"` DiscoveredLicense string `json:"discoveredLicense"` Attribution string `json:"attribution"` Justification string `json:"justification"` TimeScanned time.Time `json:"timeScanned"` Origin string `json:"origin"` Collector string `json:"collector"` DocumentRef string `json:"documentRef"` }
CertifyLegalInputSpec represents the input for certifying legal information in mutations.
type CertifyLegalSpec ¶ added in v0.2.0
type CertifyLegalSpec struct { ID *string `json:"id,omitempty"` Subject *PackageOrSourceSpec `json:"subject,omitempty"` DeclaredLicense *string `json:"declaredLicense,omitempty"` DeclaredLicenses []*LicenseSpec `json:"declaredLicenses,omitempty"` DiscoveredLicense *string `json:"discoveredLicense,omitempty"` DiscoveredLicenses []*LicenseSpec `json:"discoveredLicenses,omitempty"` Attribution *string `json:"attribution,omitempty"` Justification *string `json:"justification,omitempty"` TimeScanned *time.Time `json:"timeScanned,omitempty"` Origin *string `json:"origin,omitempty"` Collector *string `json:"collector,omitempty"` DocumentRef *string `json:"documentRef,omitempty"` }
CertifyLegalSpec allows filtering the list of legal certifications to return in a query.
Specifying just the package allows to query for all certifications associated with the package.
type CertifyScorecard ¶
type CertifyScorecard struct { ID string `json:"id"` // The source repository that is being scanned (attestation subject) Source *Source `json:"source"` // The Scorecard attached to the repository (attestation object) Scorecard *Scorecard `json:"scorecard"` }
CertifyScorecard is an attestation to attach a Scorecard analysis to a particular source repository.
func (CertifyScorecard) IsNode ¶
func (CertifyScorecard) IsNode()
type CertifyScorecardConnection ¶ added in v0.6.0
type CertifyScorecardConnection struct { TotalCount int `json:"totalCount"` PageInfo *PageInfo `json:"pageInfo"` Edges []*CertifyScorecardEdge `json:"edges"` }
CertifyScorecardConnection returns the paginated results for CertifyScorecard.
totalCount is the total number of results returned.
pageInfo provides information to the client if there is a next page of results and the starting and ending cursor for the current set.
edges contains the CertifyScorecardEdge which contains the current cursor and the CertifyScorecard node itself
type CertifyScorecardEdge ¶ added in v0.6.0
type CertifyScorecardEdge struct { Cursor string `json:"cursor"` Node *CertifyScorecard `json:"node"` }
CertifyScorecardEdge contains the cursor for the resulting node and the CertifyScorecard node itself.
type CertifyScorecardSpec ¶
type CertifyScorecardSpec struct { ID *string `json:"id,omitempty"` Source *SourceSpec `json:"source,omitempty"` TimeScanned *time.Time `json:"timeScanned,omitempty"` AggregateScore *float64 `json:"aggregateScore,omitempty"` Checks []*ScorecardCheckSpec `json:"checks,omitempty"` ScorecardVersion *string `json:"scorecardVersion,omitempty"` ScorecardCommit *string `json:"scorecardCommit,omitempty"` Origin *string `json:"origin,omitempty"` Collector *string `json:"collector,omitempty"` DocumentRef *string `json:"documentRef,omitempty"` }
CertifyScorecardSpec allows filtering the list of Scorecards to return.
type CertifyVEXStatement ¶
type CertifyVEXStatement struct { ID string `json:"id"` // Subject of attestation Subject PackageOrArtifact `json:"subject"` // Attested vulnerability Vulnerability *Vulnerability `json:"vulnerability"` // Status of the vulnerabilities with respect to the subject Status VexStatus `json:"status"` // Justification from VEX statement VexJustification VexJustification `json:"vexJustification"` // VEX statement: impact_statement or action_statement depending on status Statement string `json:"statement"` // statusNotes may convey information about how status was determined StatusNotes string `json:"statusNotes"` // Timestamp (exact time in RFC 3339 format) for the VEX statement KnownSince time.Time `json:"knownSince"` // Document from which this attestation is generated from Origin string `json:"origin"` // GUAC collector for the document Collector string `json:"collector"` // Reference location of the document in the persistent blob store (if that is configured) DocumentRef string `json:"documentRef"` }
CertifyVEXStatement is an attestation to attach VEX statements to a package or artifact to clarify the impact of a specific vulnerability.
func (CertifyVEXStatement) IsNode ¶
func (CertifyVEXStatement) IsNode()
type CertifyVEXStatementSpec ¶
type CertifyVEXStatementSpec struct { ID *string `json:"id,omitempty"` Subject *PackageOrArtifactSpec `json:"subject,omitempty"` Vulnerability *VulnerabilitySpec `json:"vulnerability,omitempty"` Status *VexStatus `json:"status,omitempty"` VexJustification *VexJustification `json:"vexJustification,omitempty"` Statement *string `json:"statement,omitempty"` StatusNotes *string `json:"statusNotes,omitempty"` KnownSince *time.Time `json:"knownSince,omitempty"` Origin *string `json:"origin,omitempty"` Collector *string `json:"collector,omitempty"` DocumentRef *string `json:"documentRef,omitempty"` }
CertifyVEXStatementSpec allows filtering the list of VEX statements to return in a query.
Only one subject type (package or artifact) and one vulnerability may be specified.
Note that setting noVuln vulnerability type is invalid for VEX statements!
type CertifyVuln ¶
type CertifyVuln struct { ID string `json:"id"` // The package that is attested Package *Package `json:"package"` // The vulnerability can be an be a specific vulnerability or NoVuln type. Vulnerability *Vulnerability `json:"vulnerability"` // Metadata attached to the certification Metadata *ScanMetadata `json:"metadata"` }
CertifyVuln is an attestation to attach vulnerability information to a package.
This information is obtained via a scanner. If there is no vulnerability detected, we attach the a vulnerability with "NoVuln" type and an empty string for the vulnerability ID.
func (CertifyVuln) IsNode ¶
func (CertifyVuln) IsNode()
type CertifyVulnConnection ¶ added in v0.6.0
type CertifyVulnConnection struct { TotalCount int `json:"totalCount"` PageInfo *PageInfo `json:"pageInfo"` Edges []*CertifyVulnEdge `json:"edges"` }
CertifyVulnConnection returns the paginated results for CertifyVuln.
totalCount is the total number of results returned.
pageInfo provides information to the client if there is a next page of results and the starting and ending cursor for the current set.
edges contains the CertifyVulnEdge which contains the current cursor and the CertifyVuln node itself
type CertifyVulnEdge ¶ added in v0.6.0
type CertifyVulnEdge struct { Cursor string `json:"cursor"` Node *CertifyVuln `json:"node"` }
CertifyVulnEdge contains the cursor for the resulting node and the CertifyVuln node itself.
type CertifyVulnSpec ¶
type CertifyVulnSpec struct { ID *string `json:"id,omitempty"` Package *PkgSpec `json:"package,omitempty"` Vulnerability *VulnerabilitySpec `json:"vulnerability,omitempty"` TimeScanned *time.Time `json:"timeScanned,omitempty"` DbURI *string `json:"dbUri,omitempty"` DbVersion *string `json:"dbVersion,omitempty"` ScannerURI *string `json:"scannerUri,omitempty"` ScannerVersion *string `json:"scannerVersion,omitempty"` Origin *string `json:"origin,omitempty"` Collector *string `json:"collector,omitempty"` DocumentRef *string `json:"documentRef,omitempty"` }
CertifyVulnSpec allows filtering the list of vulnerability certifications to return in a query.
Specifying just the package allows to query for all vulnerabilities associated with the package.
Only one vulnerability (or NoVuln vulnerability type) may be specified.
type Comparator ¶ added in v0.2.0
type Comparator string
The Comparator is used by the vulnerability score filter on ranges
const ( ComparatorGreater Comparator = "GREATER" ComparatorEqual Comparator = "EQUAL" ComparatorLess Comparator = "LESS" ComparatorGreaterEqual Comparator = "GREATER_EQUAL" ComparatorLessEqual Comparator = "LESS_EQUAL" )
func (Comparator) IsValid ¶ added in v0.2.0
func (e Comparator) IsValid() bool
func (Comparator) MarshalGQL ¶ added in v0.2.0
func (e Comparator) MarshalGQL(w io.Writer)
func (Comparator) String ¶ added in v0.2.0
func (e Comparator) String() string
func (*Comparator) UnmarshalGQL ¶ added in v0.2.0
func (e *Comparator) UnmarshalGQL(v interface{}) error
type DependencyType ¶
type DependencyType string
DependencyType determines the type of the dependency.
const ( // direct dependency DependencyTypeDirect DependencyType = "DIRECT" // indirect dependency DependencyTypeIndirect DependencyType = "INDIRECT" // type not known/not specified DependencyTypeUnknown DependencyType = "UNKNOWN" )
func (DependencyType) IsValid ¶
func (e DependencyType) IsValid() bool
func (DependencyType) MarshalGQL ¶
func (e DependencyType) MarshalGQL(w io.Writer)
func (DependencyType) String ¶
func (e DependencyType) String() string
func (*DependencyType) UnmarshalGQL ¶
func (e *DependencyType) UnmarshalGQL(v interface{}) error
type Edge ¶
type Edge string
Edge allows filtering path/neighbors output to only contain a subset of all possible GUAC links.
Each member of the enum is formed by merging two Node names with _. Each name is converted from CamelCase to CAPITALS_WITH_UNDERSCORES. Only valid edges (pairs from Node to Node) are included. Edges are defined in both directions, which means nodes can be traversed from either direction.
The only exception to the above rule is for links out of HasSLSA. The names are HAS_SLSA_SUBJECT, HAS_SLSA_BUILT_BY, and HAS_SLSA_MATERIALS. This is because ARTIFACT_HAS_SLSA is only from subject Artifact to HasSLSA.
const ( EdgeArtifactCertifyBad Edge = "ARTIFACT_CERTIFY_BAD" EdgeArtifactCertifyGood Edge = "ARTIFACT_CERTIFY_GOOD" EdgeArtifactCertifyVexStatement Edge = "ARTIFACT_CERTIFY_VEX_STATEMENT" EdgeArtifactHashEqual Edge = "ARTIFACT_HASH_EQUAL" EdgeArtifactHasMetadata Edge = "ARTIFACT_HAS_METADATA" EdgeArtifactHasSbom Edge = "ARTIFACT_HAS_SBOM" EdgeArtifactHasSlsa Edge = "ARTIFACT_HAS_SLSA" EdgeArtifactIsOccurrence Edge = "ARTIFACT_IS_OCCURRENCE" EdgeArtifactPointOfContact Edge = "ARTIFACT_POINT_OF_CONTACT" EdgeBuilderHasSlsa Edge = "BUILDER_HAS_SLSA" EdgeLicenseCertifyLegal Edge = "LICENSE_CERTIFY_LEGAL" EdgePackageCertifyBad Edge = "PACKAGE_CERTIFY_BAD" EdgePackageCertifyGood Edge = "PACKAGE_CERTIFY_GOOD" EdgePackageCertifyLegal Edge = "PACKAGE_CERTIFY_LEGAL" EdgePackageCertifyVexStatement Edge = "PACKAGE_CERTIFY_VEX_STATEMENT" EdgePackageCertifyVuln Edge = "PACKAGE_CERTIFY_VULN" EdgePackageHasMetadata Edge = "PACKAGE_HAS_METADATA" EdgePackageHasSbom Edge = "PACKAGE_HAS_SBOM" EdgePackageHasSourceAt Edge = "PACKAGE_HAS_SOURCE_AT" EdgePackageIsDependency Edge = "PACKAGE_IS_DEPENDENCY" EdgePackageIsOccurrence Edge = "PACKAGE_IS_OCCURRENCE" EdgePackageNamePackageNamespace Edge = "PACKAGE_NAME_PACKAGE_NAMESPACE" EdgePackageNamePackageVersion Edge = "PACKAGE_NAME_PACKAGE_VERSION" EdgePackageNamespacePackageName Edge = "PACKAGE_NAMESPACE_PACKAGE_NAME" EdgePackageNamespacePackageType Edge = "PACKAGE_NAMESPACE_PACKAGE_TYPE" EdgePackagePkgEqual Edge = "PACKAGE_PKG_EQUAL" EdgePackagePointOfContact Edge = "PACKAGE_POINT_OF_CONTACT" EdgePackageTypePackageNamespace Edge = "PACKAGE_TYPE_PACKAGE_NAMESPACE" EdgePackageVersionPackageName Edge = "PACKAGE_VERSION_PACKAGE_NAME" EdgeSourceCertifyBad Edge = "SOURCE_CERTIFY_BAD" EdgeSourceCertifyGood Edge = "SOURCE_CERTIFY_GOOD" EdgeSourceCertifyLegal Edge = "SOURCE_CERTIFY_LEGAL" EdgeSourceCertifyScorecard Edge = "SOURCE_CERTIFY_SCORECARD" EdgeSourceHasMetadata Edge = "SOURCE_HAS_METADATA" EdgeSourceHasSourceAt Edge = "SOURCE_HAS_SOURCE_AT" EdgeSourceIsOccurrence Edge = "SOURCE_IS_OCCURRENCE" EdgeSourceNameSourceNamespace Edge = "SOURCE_NAME_SOURCE_NAMESPACE" EdgeSourceNamespaceSourceName Edge = "SOURCE_NAMESPACE_SOURCE_NAME" EdgeSourceNamespaceSourceType Edge = "SOURCE_NAMESPACE_SOURCE_TYPE" EdgeSourcePointOfContact Edge = "SOURCE_POINT_OF_CONTACT" EdgeSourceTypeSourceNamespace Edge = "SOURCE_TYPE_SOURCE_NAMESPACE" EdgeVulnerabilityCertifyVexStatement Edge = "VULNERABILITY_CERTIFY_VEX_STATEMENT" EdgeVulnerabilityCertifyVuln Edge = "VULNERABILITY_CERTIFY_VULN" EdgeVulnerabilityIDVulnerabilityType Edge = "VULNERABILITY_ID_VULNERABILITY_TYPE" EdgeVulnerabilityTypeVulnerabilityID Edge = "VULNERABILITY_TYPE_VULNERABILITY_ID" EdgeVulnerabilityVulnEqual Edge = "VULNERABILITY_VULN_EQUAL" EdgeVulnerabilityVulnMetadata Edge = "VULNERABILITY_VULN_METADATA" EdgeCertifyBadArtifact Edge = "CERTIFY_BAD_ARTIFACT" EdgeCertifyBadPackage Edge = "CERTIFY_BAD_PACKAGE" EdgeCertifyBadSource Edge = "CERTIFY_BAD_SOURCE" EdgeCertifyGoodArtifact Edge = "CERTIFY_GOOD_ARTIFACT" EdgeCertifyGoodPackage Edge = "CERTIFY_GOOD_PACKAGE" EdgeCertifyGoodSource Edge = "CERTIFY_GOOD_SOURCE" EdgeCertifyLegalLicense Edge = "CERTIFY_LEGAL_LICENSE" EdgeCertifyLegalPackage Edge = "CERTIFY_LEGAL_PACKAGE" EdgeCertifyLegalSource Edge = "CERTIFY_LEGAL_SOURCE" EdgeCertifyScorecardSource Edge = "CERTIFY_SCORECARD_SOURCE" EdgeCertifyVexStatementArtifact Edge = "CERTIFY_VEX_STATEMENT_ARTIFACT" EdgeCertifyVexStatementPackage Edge = "CERTIFY_VEX_STATEMENT_PACKAGE" EdgeCertifyVexStatementVulnerability Edge = "CERTIFY_VEX_STATEMENT_VULNERABILITY" EdgeCertifyVulnPackage Edge = "CERTIFY_VULN_PACKAGE" EdgeCertifyVulnVulnerability Edge = "CERTIFY_VULN_VULNERABILITY" EdgeHashEqualArtifact Edge = "HASH_EQUAL_ARTIFACT" EdgeHasMetadataArtifact Edge = "HAS_METADATA_ARTIFACT" EdgeHasMetadataPackage Edge = "HAS_METADATA_PACKAGE" EdgeHasMetadataSource Edge = "HAS_METADATA_SOURCE" EdgeHasSbomArtifact Edge = "HAS_SBOM_ARTIFACT" EdgeHasSbomPackage Edge = "HAS_SBOM_PACKAGE" EdgeHasSbomIncludedSoftware Edge = "HAS_SBOM_INCLUDED_SOFTWARE" EdgeHasSbomIncludedDependencies Edge = "HAS_SBOM_INCLUDED_DEPENDENCIES" EdgeHasSbomIncludedOccurrences Edge = "HAS_SBOM_INCLUDED_OCCURRENCES" EdgeHasSlsaBuiltBy Edge = "HAS_SLSA_BUILT_BY" EdgeHasSlsaMaterials Edge = "HAS_SLSA_MATERIALS" EdgeHasSlsaSubject Edge = "HAS_SLSA_SUBJECT" EdgeHasSourceAtPackage Edge = "HAS_SOURCE_AT_PACKAGE" EdgeHasSourceAtSource Edge = "HAS_SOURCE_AT_SOURCE" EdgeIsDependencyPackage Edge = "IS_DEPENDENCY_PACKAGE" EdgeIsOccurrenceArtifact Edge = "IS_OCCURRENCE_ARTIFACT" EdgeIsOccurrencePackage Edge = "IS_OCCURRENCE_PACKAGE" EdgeIsOccurrenceSource Edge = "IS_OCCURRENCE_SOURCE" EdgePkgEqualPackage Edge = "PKG_EQUAL_PACKAGE" EdgePointOfContactArtifact Edge = "POINT_OF_CONTACT_ARTIFACT" EdgePointOfContactPackage Edge = "POINT_OF_CONTACT_PACKAGE" EdgePointOfContactSource Edge = "POINT_OF_CONTACT_SOURCE" EdgeVulnEqualVulnerability Edge = "VULN_EQUAL_VULNERABILITY" EdgeVulnMetadataVulnerability Edge = "VULN_METADATA_VULNERABILITY" )
func (Edge) MarshalGQL ¶
func (*Edge) UnmarshalGQL ¶
type FilterOperation ¶ added in v0.4.0
type FilterOperation string
const ( FilterOperationContains FilterOperation = "CONTAINS" FilterOperationStartswith FilterOperation = "STARTSWITH" )
func (FilterOperation) IsValid ¶ added in v0.4.0
func (e FilterOperation) IsValid() bool
func (FilterOperation) MarshalGQL ¶ added in v0.4.0
func (e FilterOperation) MarshalGQL(w io.Writer)
func (FilterOperation) String ¶ added in v0.4.0
func (e FilterOperation) String() string
func (*FilterOperation) UnmarshalGQL ¶ added in v0.4.0
func (e *FilterOperation) UnmarshalGQL(v interface{}) error
type FindSoftwareConnection ¶ added in v0.6.0
type FindSoftwareConnection struct { TotalCount int `json:"totalCount"` PageInfo *PageInfo `json:"pageInfo"` Edges []*SoftwareEdge `json:"edges"` }
FindSoftwareConnection returns the paginated results for FindSoftware.
totalCount is the total number of results returned.
pageInfo provides information to the client if there is a next page of results and the starting and ending cursor for the current set.
edges contains the SoftwareEdge which contains the current cursor and the PackageSourceOrArtifact node itself
type HasMetadata ¶ added in v0.1.1
type HasMetadata struct { ID string `json:"id"` // The package, source or artifact that is attested Subject PackageSourceOrArtifact `json:"subject"` // Key in the key value pair Key string `json:"key"` // Value in the key value pair Value string `json:"value"` // Timestamp when the certification was created (in RFC 3339 format) Timestamp time.Time `json:"timestamp"` // The justification for the metadata Justification string `json:"justification"` // Document from which this attestation is generated from Origin string `json:"origin"` // GUAC collector for the document Collector string `json:"collector"` // Reference location of the document in the persistent blob store (if that is configured) DocumentRef string `json:"documentRef"` }
HasMetadata is an attestation that a package, source, or artifact has a certain attested property (key) with value (value). For example, a source may have metadata "SourceRepo2FAEnabled=true".
The intent of this evidence tree predicate is to allow extensibility of metadata expressible within the GUAC ontology. Metadata that is commonly used will then be promoted to a predicate on its own.
Justification indicates how the metadata was determined.
The metadata applies to a subject which is a package, source, or artifact. If the attestation targets a package, it must target a PackageName or a PackageVersion. If the attestation targets a source, it must target a SourceName.
func (HasMetadata) IsNode ¶ added in v0.1.1
func (HasMetadata) IsNode()
type HasMetadataConnection ¶ added in v0.6.0
type HasMetadataConnection struct { TotalCount int `json:"totalCount"` PageInfo *PageInfo `json:"pageInfo"` Edges []*HasMetadataEdge `json:"edges"` }
HasMetadataConnection returns the paginated results for HasMetadata.
totalCount is the total number of results returned.
pageInfo provides information to the client if there is a next page of results and the starting and ending cursor for the current set.
edges contains the HasMetadataEdge which contains the current cursor and the HasMetadata node itself
type HasMetadataEdge ¶ added in v0.6.0
type HasMetadataEdge struct { Cursor string `json:"cursor"` Node *HasMetadata `json:"node"` }
HasMetadataEdge contains the cursor for the resulting node and the HasMetadata node itself.
type HasMetadataInputSpec ¶ added in v0.1.1
type HasMetadataInputSpec struct { Key string `json:"key"` Value string `json:"value"` Timestamp time.Time `json:"timestamp"` Justification string `json:"justification"` Origin string `json:"origin"` Collector string `json:"collector"` DocumentRef string `json:"documentRef"` }
HasMetadataInputSpec represents the mutation input to ingest a CertifyGood evidence.
type HasMetadataSpec ¶ added in v0.1.1
type HasMetadataSpec struct { ID *string `json:"id,omitempty"` Subject *PackageSourceOrArtifactSpec `json:"subject,omitempty"` Since *time.Time `json:"since,omitempty"` Key *string `json:"key,omitempty"` Value *string `json:"value,omitempty"` Justification *string `json:"justification,omitempty"` Origin *string `json:"origin,omitempty"` Collector *string `json:"collector,omitempty"` DocumentRef *string `json:"documentRef,omitempty"` }
HasMetadataSpec allows filtering the list of HasMetadata evidence to return in a query.
If a package is specified in the subject filter, then it must be specified up to PackageName or PackageVersion. That is, user must specify package name, or name and one of version, qualifiers, or subpath.
If a source is specified in the subject filter, then it must specify a name, and optionally a tag and a commit.
since specified indicates filtering timestamps after the specified time
type HasSBOMConnection ¶ added in v0.6.0
type HasSBOMConnection struct { TotalCount int `json:"totalCount"` PageInfo *PageInfo `json:"pageInfo"` Edges []*HasSBOMEdge `json:"edges"` }
HasSBOMConnection returns the paginated results for HasSBOM.
totalCount is the total number of results returned.
pageInfo provides information to the client if there is a next page of results and the starting and ending cursor for the current set.
edges contains the HasSBOMEdge which contains the current cursor and the HasSBOM node itself
type HasSBOMEdge ¶ added in v0.6.0
HasSBOMEdge contains the cursor for the resulting node and the HasSBOMEdge node itself.
type HasSBOMIncludesInputSpec ¶ added in v0.4.0
type HasSBOMInputSpec ¶
type HasSBOMInputSpec struct { URI string `json:"uri"` Algorithm string `json:"algorithm"` Digest string `json:"digest"` DownloadLocation string `json:"downloadLocation"` KnownSince time.Time `json:"knownSince"` Origin string `json:"origin"` Collector string `json:"collector"` DocumentRef string `json:"documentRef"` }
HasSBOMInputSpec is similar to HasSBOM but for mutation input.
type HasSBOMSpec ¶
type HasSBOMSpec struct { ID *string `json:"id,omitempty"` Subject *PackageOrArtifactSpec `json:"subject,omitempty"` URI *string `json:"uri,omitempty"` Algorithm *string `json:"algorithm,omitempty"` Digest *string `json:"digest,omitempty"` DownloadLocation *string `json:"downloadLocation,omitempty"` KnownSince *time.Time `json:"knownSince,omitempty"` Origin *string `json:"origin,omitempty"` Collector *string `json:"collector,omitempty"` DocumentRef *string `json:"documentRef,omitempty"` IncludedSoftware []*PackageOrArtifactSpec `json:"includedSoftware,omitempty"` IncludedDependencies []*IsDependencySpec `json:"includedDependencies,omitempty"` IncludedOccurrences []*IsOccurrenceSpec `json:"includedOccurrences,omitempty"` }
HasSBOMSpec allows filtering the list of HasSBOM to return.
Only the package or artifact can be added, not both.
If KnownSince is specified, the returned value will be after or equal to the specified time. Any nodes time that is before KnownSince is excluded.
type HasSLSAConnection ¶ added in v0.6.0
type HasSLSAConnection struct { TotalCount int `json:"totalCount"` PageInfo *PageInfo `json:"pageInfo"` Edges []*HasSLSAEdge `json:"edges"` }
HasSLSAConnection returns the paginated results for HasSLSA.
totalCount is the total number of results returned.
pageInfo provides information to the client if there is a next page of results and the starting and ending cursor for the current set.
edges contains the HasSLSAEdge which contains the current cursor and the HasSLSA node itself
type HasSLSAEdge ¶ added in v0.6.0
HasSLSAEdge contains the cursor for the resulting node and the HasSLSA node itself.
type HasSLSASpec ¶
type HasSLSASpec struct { ID *string `json:"id,omitempty"` Subject *ArtifactSpec `json:"subject,omitempty"` BuiltFrom []*ArtifactSpec `json:"builtFrom,omitempty"` BuiltBy *BuilderSpec `json:"builtBy,omitempty"` BuildType *string `json:"buildType,omitempty"` Predicate []*SLSAPredicateSpec `json:"predicate,omitempty"` SlsaVersion *string `json:"slsaVersion,omitempty"` StartedOn *time.Time `json:"startedOn,omitempty"` FinishedOn *time.Time `json:"finishedOn,omitempty"` Origin *string `json:"origin,omitempty"` Collector *string `json:"collector,omitempty"` DocumentRef *string `json:"documentRef,omitempty"` }
HasSLSASpec allows filtering the list of HasSLSA to return.
type HasSbom ¶
type HasSbom struct { ID string `json:"id"` // SBOM subject Subject PackageOrArtifact `json:"subject"` // Identifier for the SBOM document URI string `json:"uri"` // Algorithm by which SBOMs digest was computed Algorithm string `json:"algorithm"` // Digest of SBOM Digest string `json:"digest"` // Location from which the SBOM can be downloaded DownloadLocation string `json:"downloadLocation"` // Timestamp for SBOM creation KnownSince time.Time `json:"knownSince"` // Document from which this attestation is generated from Origin string `json:"origin"` // GUAC collector for the document Collector string `json:"collector"` // Reference location of the document in the persistent blob store (if that is configured) DocumentRef string `json:"documentRef"` // Included packages and artifacts IncludedSoftware []PackageOrArtifact `json:"includedSoftware"` // Included dependencies IncludedDependencies []*IsDependency `json:"includedDependencies"` // Included occurrences IncludedOccurrences []*IsOccurrence `json:"includedOccurrences"` }
type HasSlsa ¶
type HasSlsa struct { ID string `json:"id"` // The subject of SLSA attestation Subject *Artifact `json:"subject"` // The SLSA attestation Slsa *Slsa `json:"slsa"` }
HasSLSA records that a subject node has a SLSA attestation.
type HasSourceAt ¶
type HasSourceAt struct { ID string `json:"id"` // The subject of the attestation: can be a PackageName or a PackageVersion Package *Package `json:"package"` // Source repository from which the package is built Source *Source `json:"source"` // Timestamp since this link between package and source was certified KnownSince time.Time `json:"knownSince"` // Justification for the attested relationship Justification string `json:"justification"` // Document from which this attestation is generated from Origin string `json:"origin"` // GUAC collector for the document Collector string `json:"collector"` // Reference location of the document in the persistent blob store (if that is configured) DocumentRef string `json:"documentRef"` }
HasSourceAt records that a package's repository is a given source.
func (HasSourceAt) IsNode ¶
func (HasSourceAt) IsNode()
type HasSourceAtConnection ¶ added in v0.6.0
type HasSourceAtConnection struct { TotalCount int `json:"totalCount"` PageInfo *PageInfo `json:"pageInfo"` Edges []*HasSourceAtEdge `json:"edges"` }
HasSourceAtConnection returns the paginated results for HasSourceAt.
totalCount is the total number of results returned.
pageInfo provides information to the client if there is a next page of results and the starting and ending cursor for the current set.
edges contains the HasSourceAtEdge which contains the current cursor and the HasSourceAt node itself
type HasSourceAtEdge ¶ added in v0.6.0
type HasSourceAtEdge struct { Cursor string `json:"cursor"` Node *HasSourceAt `json:"node"` }
HasSourceAtEdge contains the cursor for the resulting node and the HasSourceAt node itself.
type HasSourceAtInputSpec ¶
type HasSourceAtInputSpec struct { KnownSince time.Time `json:"knownSince"` Justification string `json:"justification"` Origin string `json:"origin"` Collector string `json:"collector"` DocumentRef string `json:"documentRef"` }
HasSourceAtInputSpec is the same as HasSourceAt but for mutation input.
type HasSourceAtSpec ¶
type HasSourceAtSpec struct { ID *string `json:"id,omitempty"` Package *PkgSpec `json:"package,omitempty"` Source *SourceSpec `json:"source,omitempty"` KnownSince *time.Time `json:"knownSince,omitempty"` Justification *string `json:"justification,omitempty"` Origin *string `json:"origin,omitempty"` Collector *string `json:"collector,omitempty"` DocumentRef *string `json:"documentRef,omitempty"` }
HasSourceAtSpec allows filtering the list of HasSourceAt to return.
type HashEqual ¶
type HashEqual struct { ID string `json:"id"` // Two artifacts that are similar Artifacts []*Artifact `json:"artifacts"` // Justification for the claim that the artifacts are similar Justification string `json:"justification"` // Document from which this attestation is generated from Origin string `json:"origin"` // GUAC collector for the document Collector string `json:"collector"` // Reference location of the document in the persistent blob store (if that is configured) DocumentRef string `json:"documentRef"` }
HashEqual is an attestation that two artifacts are identical.
type HashEqualConnection ¶ added in v0.6.0
type HashEqualConnection struct { TotalCount int `json:"totalCount"` PageInfo *PageInfo `json:"pageInfo"` Edges []*HashEqualEdge `json:"edges"` }
HashEqualConnection returns the paginated results for HashEqual.
totalCount is the total number of results returned.
pageInfo provides information to the client if there is a next page of results and the starting and ending cursor for the current set.
edges contains the HashEqualEdge which contains the current cursor and the HashEqual node itself
type HashEqualEdge ¶ added in v0.6.0
HashEqualEdge contains the cursor for the resulting node and the HashEqual node itself.
type HashEqualInputSpec ¶
type HashEqualInputSpec struct { Justification string `json:"justification"` Origin string `json:"origin"` Collector string `json:"collector"` DocumentRef string `json:"documentRef"` }
HashEqualInputSpec represents the input to certify that packages are similar.
type HashEqualSpec ¶
type HashEqualSpec struct { ID *string `json:"id,omitempty"` Artifacts []*ArtifactSpec `json:"artifacts,omitempty"` Justification *string `json:"justification,omitempty"` Origin *string `json:"origin,omitempty"` Collector *string `json:"collector,omitempty"` DocumentRef *string `json:"documentRef,omitempty"` }
HashEqualSpec allows filtering the list of artifact equality statements to return in a query.
Specifying just one artifact allows to query for all similar artifacts (if any exists).
type IDorArtifactInput ¶ added in v0.5.0
type IDorArtifactInput struct { ArtifactID *string `json:"artifactID,omitempty"` ArtifactInput *ArtifactInputSpec `json:"artifactInput,omitempty"` }
IDorArtifactInput allows for specifying either the artifact ID or the ArtifactInputSpec.
Either the ID or the ArtifactInputSpec must be specified. Both cannot be nil.
If the ID is specified, the ArtifactInputSpec is not used.
type IDorBuilderInput ¶ added in v0.5.0
type IDorBuilderInput struct { BuilderID *string `json:"builderID,omitempty"` BuilderInput *BuilderInputSpec `json:"builderInput,omitempty"` }
IDorBuilderInput allows for specifying either the builder ID or the BuilderInputSpec.
Either the ID or the BuilderInputSpec must be specified. Both cannot be nil.
If the ID is specified, the BuilderInputSpec is not used.
type IDorLicenseInput ¶ added in v0.5.0
type IDorLicenseInput struct { LicenseID *string `json:"licenseID,omitempty"` LicenseInput *LicenseInputSpec `json:"licenseInput,omitempty"` }
IDorLicenseInput allows for specifying either the license ID or the LicenseInputSpec.
Either the ID or the LicenseInputSpec must be specified. Both cannot be nil.
If the ID is specified, the LicenseInputSpec is not used.
type IDorPkgInput ¶ added in v0.5.0
type IDorPkgInput struct { PackageTypeID *string `json:"packageTypeID,omitempty"` PackageNamespaceID *string `json:"packageNamespaceID,omitempty"` PackageNameID *string `json:"packageNameID,omitempty"` PackageVersionID *string `json:"packageVersionID,omitempty"` PackageInput *PkgInputSpec `json:"packageInput,omitempty"` }
IDorPkgInput allows for specifying either the package IDs or the PkgInputSpec.
Either the IDs or the PkgInputSpec must be specified. Both cannot be nil.
If the IDs are specified, the PkgInputSpec is not used.
type IDorSourceInput ¶ added in v0.5.0
type IDorSourceInput struct { SourceTypeID *string `json:"sourceTypeID,omitempty"` SourceNamespaceID *string `json:"sourceNamespaceID,omitempty"` SourceNameID *string `json:"sourceNameID,omitempty"` SourceInput *SourceInputSpec `json:"sourceInput,omitempty"` }
IDorSourceInput allows for specifying either the source IDs or the SourceInputSpec.
Either the IDs or the SourceInputSpec must be specified. Both cannot be nil.
If the IDs are specified, the SourceInputSpec is not used.
type IDorVulnerabilityInput ¶ added in v0.5.0
type IDorVulnerabilityInput struct { VulnerabilityTypeID *string `json:"vulnerabilityTypeID,omitempty"` VulnerabilityNodeID *string `json:"vulnerabilityNodeID,omitempty"` VulnerabilityInput *VulnerabilityInputSpec `json:"vulnerabilityInput,omitempty"` }
IDorVulnerabilityInput allows for specifying either the vulnerability IDs or the VulnerabilityInputSpec.
Either the IDs or the VulnerabilityInputSpec must be specified. Both cannot be nil.
If the IDs are specified, the VulnerabilityInputSpec is not used.
type IsDependency ¶
type IsDependency struct { ID string `json:"id"` // Package that has the dependency Package *Package `json:"package"` // Package for the dependency; MUST be PackageName or PackageVersion DependencyPackage *Package `json:"dependencyPackage"` // Version range for the dependency link, required if depedentPackage points to PackageName VersionRange string `json:"versionRange"` // Type of dependency DependencyType DependencyType `json:"dependencyType"` // Justification for the attested relationship Justification string `json:"justification"` // Document from which this attestation is generated from Origin string `json:"origin"` // GUAC collector for the document Collector string `json:"collector"` // Reference location of the document in the persistent blob store (if that is configured) DocumentRef string `json:"documentRef"` }
IsDependency is an attestation to record that a package depends on another.
func (IsDependency) IsNode ¶
func (IsDependency) IsNode()
type IsDependencyConnection ¶ added in v0.6.0
type IsDependencyConnection struct { TotalCount int `json:"totalCount"` PageInfo *PageInfo `json:"pageInfo"` Edges []*IsDependencyEdge `json:"edges"` }
IsDependencyConnection returns the paginated results for IsDependency.
totalCount is the total number of results returned.
pageInfo provides information to the client if there is a next page of results and the starting and ending cursor for the current set.
edges contains the IsDependencyEdge which contains the current cursor and the IsDependency node itself
type IsDependencyEdge ¶ added in v0.6.0
type IsDependencyEdge struct { Cursor string `json:"cursor"` Node *IsDependency `json:"node"` }
IsDependencyEdge contains the cursor for the resulting node and the IsDependency node itself.
type IsDependencyInputSpec ¶
type IsDependencyInputSpec struct { // versionRange should be specified for depedentPackages that point to PackageName VersionRange string `json:"versionRange"` DependencyType DependencyType `json:"dependencyType"` Justification string `json:"justification"` Origin string `json:"origin"` Collector string `json:"collector"` DocumentRef string `json:"documentRef"` }
IsDependencyInputSpec is the input to record a new dependency.
type IsDependencySpec ¶
type IsDependencySpec struct { ID *string `json:"id,omitempty"` Package *PkgSpec `json:"package,omitempty"` DependencyPackage *PkgSpec `json:"dependencyPackage,omitempty"` VersionRange *string `json:"versionRange,omitempty"` DependencyType *DependencyType `json:"dependencyType,omitempty"` Justification *string `json:"justification,omitempty"` Origin *string `json:"origin,omitempty"` Collector *string `json:"collector,omitempty"` DocumentRef *string `json:"documentRef,omitempty"` }
IsDependencySpec allows filtering the list of dependencies to return.
To obtain the list of dependency packages, caller must fill in the package field.
Dependency packages must be defined at PackageName, not PackageVersion.
type IsOccurrence ¶
type IsOccurrence struct { ID string `json:"id"` // Package or source from which the artifact originates Subject PackageOrSource `json:"subject"` // The artifact in the relationship Artifact *Artifact `json:"artifact"` // Justification for the attested relationship Justification string `json:"justification"` // Document from which this attestation is generated from Origin string `json:"origin"` // GUAC collector for the document Collector string `json:"collector"` // Reference location of the document in the persistent blob store (if that is configured) DocumentRef string `json:"documentRef"` }
IsOccurrence is an attestation to link an artifact to a package or source.
Attestation must occur at the PackageVersion or at the SourceName.
func (IsOccurrence) IsNode ¶
func (IsOccurrence) IsNode()
type IsOccurrenceConnection ¶ added in v0.6.0
type IsOccurrenceConnection struct { TotalCount int `json:"totalCount"` PageInfo *PageInfo `json:"pageInfo"` Edges []*IsOccurrenceEdge `json:"edges"` }
IsOccurrenceConnection returns the paginated results for IsOccurrence.
totalCount is the total number of results returned.
pageInfo provides information to the client if there is a next page of results and the starting and ending cursor for the current set.
edges contains the IsOccurrenceEdge which contains the current cursor and the IsOccurrence node itself
type IsOccurrenceEdge ¶ added in v0.6.0
type IsOccurrenceEdge struct { Cursor string `json:"cursor"` Node *IsOccurrence `json:"node"` }
IsOccurrenceEdge contains the cursor for the resulting node and the IsOccurrence node itself.
type IsOccurrenceInputSpec ¶
type IsOccurrenceInputSpec struct { Justification string `json:"justification"` Origin string `json:"origin"` Collector string `json:"collector"` DocumentRef string `json:"documentRef"` }
IsOccurrenceInputSpec represents the input to record an artifact's origin.
type IsOccurrenceSpec ¶
type IsOccurrenceSpec struct { ID *string `json:"id,omitempty"` Subject *PackageOrSourceSpec `json:"subject,omitempty"` Artifact *ArtifactSpec `json:"artifact,omitempty"` Justification *string `json:"justification,omitempty"` Origin *string `json:"origin,omitempty"` Collector *string `json:"collector,omitempty"` DocumentRef *string `json:"documentRef,omitempty"` }
IsOccurrenceSpec allows filtering the list of artifact occurences to return in a query.
type License ¶ added in v0.2.0
type License struct { ID string `json:"id"` Name string `json:"name"` Inline *string `json:"inline,omitempty"` ListVersion *string `json:"listVersion,omitempty"` }
License represents a particular license. If the license is found on the SPDX license list (https://spdx.org/licenses/) then the fields should be:
Name: SPDX license identifier Inline: empty ListVersion: SPDX license list version
example:
Name: AGPL-3.0-or-later Inline: "" ListVersion: 3.21 2023-06-18
If the license is not on the SPDX license list, then a new guid should be created and the license text placed inline:
Name: LicenseRef-<guid> Inline: Full license text ListVersion: empty
example:
Name: LicenseRef-1a2b3c Inline: Permission to use, copy, modify, and/or distribute ... ListVersion: ""
type LicenseConnection ¶ added in v0.6.0
type LicenseConnection struct { TotalCount int `json:"totalCount"` PageInfo *PageInfo `json:"pageInfo"` Edges []*LicenseEdge `json:"edges"` }
LicenseConnection returns the paginated results for License.
totalCount is the total number of results returned.
pageInfo provides information to the client if there is a next page of results and the starting and ending cursor for the current set.
edges contains the LicenseEdge which contains the current cursor and the License node itself
type LicenseEdge ¶ added in v0.6.0
LicenseEdge contains the cursor for the resulting node and the License node itself.
type LicenseInputSpec ¶ added in v0.2.0
type LicenseInputSpec struct { Name string `json:"name"` Inline *string `json:"inline,omitempty"` ListVersion *string `json:"listVersion,omitempty"` }
LicenseInputSpec specifies an license for mutations. One of inline or listVersion should be empty or missing.
type LicenseSpec ¶ added in v0.2.0
type LicenseSpec struct { ID *string `json:"id,omitempty"` Name *string `json:"name,omitempty"` Inline *string `json:"inline,omitempty"` ListVersion *string `json:"listVersion,omitempty"` }
LicenseSpec allows filtering the list of licenses to return in a query.
type MatchFlags ¶
type MatchFlags struct {
Pkg PkgMatchType `json:"pkg"`
}
MatchFlags is used to input the PkgMatchType enum.
type NeighborConnection ¶ added in v0.6.0
type NeighborConnection struct { TotalCount int `json:"totalCount"` PageInfo *PageInfo `json:"pageInfo"` Edges []*NeighborEdge `json:"edges"` }
NeighborConnection returns the paginated results for Neighbor.
totalCount is the total number of results returned.
pageInfo provides information to the client if there is a next page of results and the starting and ending cursor for the current set.
edges contains the NeighborEdge which contains the current cursor and the node itself
type NeighborEdge ¶ added in v0.6.0
NeighborEdge contains the cursor for the resulting node and the node itself.
type Node ¶
type Node interface {
IsNode()
}
Node is a union type of all the possible nodes.
It encapsulates the software tree nodes along with the evidence nodes. In a path query, all connecting evidence nodes along with their intermediate subject nodes need to be returned in order to create a complete graph.
type Package ¶
type Package struct { ID string `json:"id"` Type string `json:"type"` Namespaces []*PackageNamespace `json:"namespaces"` }
Package represents the root of the package trie/tree.
We map package information to a trie, closely matching the pURL specification (https://github.com/package-url/purl-spec/blob/0dd92f26f8bb11956ffdf5e8acfcee71e8560407/README.rst), but deviating from it where GUAC heuristics allow for better representation of package information. Each path in the trie fully represents a package; we split the trie based on the pURL components.
This node matches a pkg:<type> partial pURL. The type field matches the pURL types but we might also use "guac" for the cases where the pURL representation is not complete or when we have custom rules.
Since this node is at the root of the package trie, it is named Package, not PackageType.
func (Package) IsPackageOrArtifact ¶
func (Package) IsPackageOrArtifact()
func (Package) IsPackageOrSource ¶
func (Package) IsPackageOrSource()
func (Package) IsPackageSourceOrArtifact ¶
func (Package) IsPackageSourceOrArtifact()
type PackageConnection ¶ added in v0.6.0
type PackageConnection struct { TotalCount int `json:"totalCount"` PageInfo *PageInfo `json:"pageInfo"` Edges []*PackageEdge `json:"edges"` }
PackageConnection returns the paginated results for Package.
totalCount is the total number of results returned.
pageInfo provides information to the client if there is a next page of results and the starting and ending cursor for the current set.
edges contains the PackageEdge which contains the current cursor and the Package node itself
type PackageEdge ¶ added in v0.6.0
PackageEdge contains the cursor for the resulting node and the Package node itself.
type PackageIDs ¶ added in v0.4.0
type PackageIDs struct { PackageTypeID string `json:"packageTypeID"` PackageNamespaceID string `json:"packageNamespaceID"` PackageNameID string `json:"packageNameID"` PackageVersionID string `json:"packageVersionID"` }
The IDs of the ingested package
type PackageName ¶
type PackageName struct { ID string `json:"id"` Name string `json:"name"` Versions []*PackageVersion `json:"versions"` }
PackageName is a name for packages.
In the pURL representation, each PackageName matches the pkg:<type>/<namespace>/<name> pURL.
Names are always mandatory.
This is the first node in the trie that can be referred to by other parts of GUAC.
type PackageNamespace ¶
type PackageNamespace struct { ID string `json:"id"` Namespace string `json:"namespace"` Names []*PackageName `json:"names"` }
PackageNamespace is a namespace for packages.
In the pURL representation, each PackageNamespace matches the pkg:<type>/<namespace>/ partial pURL.
Namespaces are optional and type specific. Because they are optional, we use empty string to denote missing namespaces.
type PackageOrArtifact ¶
type PackageOrArtifact interface {
IsPackageOrArtifact()
}
PackageOrArtifact is a union of Package and Artifact.
type PackageOrArtifactInput ¶
type PackageOrArtifactInput struct { Package *IDorPkgInput `json:"package,omitempty"` Artifact *IDorArtifactInput `json:"artifact,omitempty"` }
PackageOrArtifactInput allows using PackageOrArtifact union as input type to be used in mutations.
Exactly one of the value must be set to non-nil.
type PackageOrArtifactInputs ¶ added in v0.1.2
type PackageOrArtifactInputs struct { Packages []*IDorPkgInput `json:"packages,omitempty"` Artifacts []*IDorArtifactInput `json:"artifacts,omitempty"` }
PackageOrArtifactInputs allows using packages and artifacts as input for batch mutations. Exactly one list must be specified.
type PackageOrArtifactSpec ¶
type PackageOrArtifactSpec struct { Package *PkgSpec `json:"package,omitempty"` Artifact *ArtifactSpec `json:"artifact,omitempty"` }
PackageOrArtifactSpec allows using PackageOrArtifact union as input type to be used in read queries.
Exactly one of the value must be set to non-nil.
type PackageOrSource ¶
type PackageOrSource interface {
IsPackageOrSource()
}
PackageOrSource is a union of Package and Source.
type PackageOrSourceInput ¶
type PackageOrSourceInput struct { Package *IDorPkgInput `json:"package,omitempty"` Source *IDorSourceInput `json:"source,omitempty"` }
PackageOrSourceInput allows using PackageOrSource union as input for mutations.
Exactly one field must be specified.
type PackageOrSourceInputs ¶ added in v0.1.1
type PackageOrSourceInputs struct { Packages []*IDorPkgInput `json:"packages,omitempty"` Sources []*IDorSourceInput `json:"sources,omitempty"` }
PackageOrSourceInputs allows using packages and sources as input for batch mutations. Exactly one list must be specified.
type PackageOrSourceSpec ¶
type PackageOrSourceSpec struct { Package *PkgSpec `json:"package,omitempty"` Source *SourceSpec `json:"source,omitempty"` }
PackageOrSourceSpec allows using PackageOrSource union as input for queries.
Exactly one field must be specified.
type PackageQualifier ¶
PackageQualifier is a qualifier for a package, a key-value pair.
In the pURL representation, it is a part of the <qualifiers> part of the pkg:<type>/<namespace>/<name>@<version>?<qualifiers> pURL.
Qualifiers are optional, each Package type defines own rules for handling them, and multiple qualifiers could be attached to the same package.
This node cannot be directly referred by other parts of GUAC.
type PackageQualifierInputSpec ¶
PackageQualifierInputSpec allows specifying package qualifiers in mutations.
type PackageQualifierSpec ¶
PackageQualifierSpec allows filtering package qualifiers in a query.
Keys are mandatory, but values could also be null if we want to match all values for a specific key.
NOTE: Before the schema becomes stable, we might change the nulability requirements of these fields.
type PackageSourceOrArtifact ¶
type PackageSourceOrArtifact interface {
IsPackageSourceOrArtifact()
}
PackageSourceOrArtifact is a union of Package, Source, and Artifact.
type PackageSourceOrArtifactInput ¶
type PackageSourceOrArtifactInput struct { Package *IDorPkgInput `json:"package,omitempty"` Source *IDorSourceInput `json:"source,omitempty"` Artifact *IDorArtifactInput `json:"artifact,omitempty"` }
PackageSourceOrArtifactInput allows using PackageSourceOrArtifact union as input type to be used in mutations.
Exactly one of the value must be set to non-nil.
type PackageSourceOrArtifactInputs ¶ added in v0.1.2
type PackageSourceOrArtifactInputs struct { Packages []*IDorPkgInput `json:"packages,omitempty"` Sources []*IDorSourceInput `json:"sources,omitempty"` Artifacts []*IDorArtifactInput `json:"artifacts,omitempty"` }
PackageSourceOrArtifactInputs allows using PackageSourceOrArtifact union as input type to be used in bulk mutations.
Exactly one list must be specified.
type PackageSourceOrArtifactSpec ¶
type PackageSourceOrArtifactSpec struct { Package *PkgSpec `json:"package,omitempty"` Source *SourceSpec `json:"source,omitempty"` Artifact *ArtifactSpec `json:"artifact,omitempty"` }
PackageSourceOrArtifactSpec allows using PackageSourceOrArtifact union as input type to be used in read queries.
Exactly one of the value must be set to non-nil.
type PackageVersion ¶
type PackageVersion struct { ID string `json:"id"` Purl string `json:"purl"` Version string `json:"version"` Qualifiers []*PackageQualifier `json:"qualifiers"` Subpath string `json:"subpath"` }
PackageVersion is a package version.
In the pURL representation, each PackageName matches the pkg:<type>/<namespace>/<name>@<version> pURL.
Versions are optional and each Package type defines own rules for handling them. For this level of GUAC, these are just opaque strings.
NOTE: The handling of versions might change before this schema becomes stable.
This node can be referred to by other parts of GUAC.
Subpath and qualifiers are optional. Lack of qualifiers is represented by an empty list and lack of subpath by empty string (to be consistent with optionality of namespace and version). Two nodes that have different qualifiers and/or subpath but the same version mean two different packages in the trie (they are different). Two nodes that have same version but qualifiers of one are a subset of the qualifier of the other also mean two different packages in the trie.
type PageInfo ¶ added in v0.6.0
type PageInfo struct { HasNextPage bool `json:"hasNextPage"` StartCursor *string `json:"startCursor,omitempty"` EndCursor *string `json:"endCursor,omitempty"` }
PageInfo serves the client information about the paginated query results.
hasNextPage is true when there are results to be returned.
hasPreviousPage is true when there is a previous page to return to.
startCursor is the ID where the query started from.
endCursor is where the query ended.
type PkgEqual ¶
type PkgEqual struct { ID string `json:"id"` // Two packages that are similar Packages []*Package `json:"packages"` // Justification for the claim that the packages are similar Justification string `json:"justification"` // Document from which this attestation is generated from Origin string `json:"origin"` // GUAC collector for the document Collector string `json:"collector"` // Reference location of the document in the persistent blob store (if that is configured) DocumentRef string `json:"documentRef"` }
PkgEqual is an attestation that two packages are similar.
type PkgEqualConnection ¶ added in v0.6.0
type PkgEqualConnection struct { TotalCount int `json:"totalCount"` PageInfo *PageInfo `json:"pageInfo"` Edges []*PkgEqualEdge `json:"edges"` }
PkgEqualConnection returns the paginated results for PkgEqual.
totalCount is the total number of results returned.
pageInfo provides information to the client if there is a next page of results and the starting and ending cursor for the current set.
edges contains the PkgEqualEdge which contains the current cursor and the PkgEqual node itself
type PkgEqualEdge ¶ added in v0.6.0
PkgEqualEdge contains the cursor for the resulting node and the PkgEqual node itself.
type PkgEqualInputSpec ¶
type PkgEqualInputSpec struct { Justification string `json:"justification"` Origin string `json:"origin"` Collector string `json:"collector"` DocumentRef string `json:"documentRef"` }
PkgEqualInputSpec represents the input to certify that packages are similar.
type PkgEqualSpec ¶
type PkgEqualSpec struct { ID *string `json:"id,omitempty"` Packages []*PkgSpec `json:"packages,omitempty"` Justification *string `json:"justification,omitempty"` Origin *string `json:"origin,omitempty"` Collector *string `json:"collector,omitempty"` DocumentRef *string `json:"documentRef,omitempty"` }
PkgEqualSpec allows filtering the list of package equality statements to return in a query.
Specifying just one package allows to query for all similar packages (if any exists).
type PkgInputSpec ¶
type PkgInputSpec struct { Type string `json:"type"` Namespace *string `json:"namespace,omitempty"` Name string `json:"name"` Version *string `json:"version,omitempty"` Qualifiers []*PackageQualifierInputSpec `json:"qualifiers,omitempty"` Subpath *string `json:"subpath,omitempty"` }
PkgInputSpec specifies a package for mutations.
This is different than PkgSpec because we want to encode mandatory fields: type and name. All optional fields are given empty default values.
type PkgMatchType ¶
type PkgMatchType string
PkgMatchType is an enum to determine if the attestation should be done at the specific version or package name.
const ( PkgMatchTypeAllVersions PkgMatchType = "ALL_VERSIONS" PkgMatchTypeSpecificVersion PkgMatchType = "SPECIFIC_VERSION" )
func (PkgMatchType) IsValid ¶
func (e PkgMatchType) IsValid() bool
func (PkgMatchType) MarshalGQL ¶
func (e PkgMatchType) MarshalGQL(w io.Writer)
func (PkgMatchType) String ¶
func (e PkgMatchType) String() string
func (*PkgMatchType) UnmarshalGQL ¶
func (e *PkgMatchType) UnmarshalGQL(v interface{}) error
type PkgSpec ¶
type PkgSpec struct { ID *string `json:"id,omitempty"` Type *string `json:"type,omitempty"` Namespace *string `json:"namespace,omitempty"` Name *string `json:"name,omitempty"` Version *string `json:"version,omitempty"` Qualifiers []*PackageQualifierSpec `json:"qualifiers,omitempty"` MatchOnlyEmptyQualifiers *bool `json:"matchOnlyEmptyQualifiers,omitempty"` Subpath *string `json:"subpath,omitempty"` }
PkgSpec allows filtering the list of sources to return in a query.
Each field matches a qualifier from pURL. Use null to match on all values at that level. For example, to get all packages in GUAC backend, use a PkgSpec where every field is null.
The id field can be used to match on a specific node in the trie to match packageTypeID, packageNamespaceID, packageNameID, or packageVersionID.
Empty string at a field means matching with the empty string. If passing in qualifiers, all of the values in the list must match. Since we want to return nodes with any number of qualifiers if no qualifiers are passed in the input, we must also return the same set of nodes it the qualifiers list is empty. To match on nodes that don't contain any qualifier, set matchOnlyEmptyQualifiers to true. If this field is true, then the qualifiers argument is ignored.
type PointOfContact ¶ added in v0.1.1
type PointOfContact struct { ID string `json:"id"` // The package, source or artifact that is attested Subject PackageSourceOrArtifact `json:"subject"` // Email for the POC Email string `json:"email"` // Generic info for the POC Info string `json:"info"` // Timestamp when the certification for POC was created (in RFC 3339 format) Since time.Time `json:"since"` // The justification for the POC attestation Justification string `json:"justification"` // Document from which this attestation is generated from Origin string `json:"origin"` // GUAC collector for the document Collector string `json:"collector"` // Reference location of the document in the persistent blob store (if that is configured) DocumentRef string `json:"documentRef"` }
PointOfContact is an attestation of how to get in touch with the person(s) responsible for a package, source, or artifact.
All evidence trees record a justification for the property they represent as well as the document that contains the attestation (origin) and the collector that collected the document (collector).
The attestation applies to a subject which is a package, source, or artifact. If the attestation targets a package, it must target a PackageName or a PackageVersion. If the attestation targets a source, it must target a SourceName.
email is the email address (singular) of the point of contact.
info is additional contact information other than email address. This is free form.
NOTE: the identifiers for point of contact should be part of software trees. This will benefit from identifier look up and traversal as well as organization hierarchy. However, until the use case arises, PointOfContact will be a flat reference to the contact details.
func (PointOfContact) IsNode ¶ added in v0.1.1
func (PointOfContact) IsNode()
type PointOfContactConnection ¶ added in v0.6.0
type PointOfContactConnection struct { TotalCount int `json:"totalCount"` PageInfo *PageInfo `json:"pageInfo"` Edges []*PointOfContactEdge `json:"edges"` }
PointOfContactConnection returns the paginated results for PointOfContact.
totalCount is the total number of results returned.
pageInfo provides information to the client if there is a next page of results and the starting and ending cursor for the current set.
edges contains the PointOfContactEdge which contains the current cursor and the PointOfContact node itself
type PointOfContactEdge ¶ added in v0.6.0
type PointOfContactEdge struct { Cursor string `json:"cursor"` Node *PointOfContact `json:"node"` }
PointOfContactEdge contains the cursor for the resulting node and the PointOfContact node itself.
type PointOfContactInputSpec ¶ added in v0.1.1
type PointOfContactInputSpec struct { Email string `json:"email"` Info string `json:"info"` Since time.Time `json:"since"` Justification string `json:"justification"` Origin string `json:"origin"` Collector string `json:"collector"` DocumentRef string `json:"documentRef"` }
PointOfContactInputSpec represents the mutation input to ingest a PointOfContact evidence.
type PointOfContactSpec ¶ added in v0.1.1
type PointOfContactSpec struct { ID *string `json:"id,omitempty"` Subject *PackageSourceOrArtifactSpec `json:"subject,omitempty"` Email *string `json:"email,omitempty"` Info *string `json:"info,omitempty"` Since *time.Time `json:"since,omitempty"` Justification *string `json:"justification,omitempty"` Origin *string `json:"origin,omitempty"` Collector *string `json:"collector,omitempty"` DocumentRef *string `json:"documentRef,omitempty"` }
PointOfContactSpec allows filtering the list of PointOfContact evidence to return in a query.
If a package is specified in the subject filter, then it must be specified up to PackageName or PackageVersion. That is, user must specify package name, or name and one of version, qualifiers, or subpath.
If a source is specified in the subject filter, then it must specify a name, and optionally a tag and a commit.
since filters attestations with a value of since later or equal to the provided filter.
type SLSAInputSpec ¶
type SLSAInputSpec struct { BuildType string `json:"buildType"` SlsaPredicate []*SLSAPredicateInputSpec `json:"slsaPredicate"` SlsaVersion string `json:"slsaVersion"` StartedOn *time.Time `json:"startedOn,omitempty"` FinishedOn *time.Time `json:"finishedOn,omitempty"` Origin string `json:"origin"` Collector string `json:"collector"` DocumentRef string `json:"documentRef"` }
SLSAInputSpec is the same as SLSA but for mutation input.
type SLSAPredicate ¶
SLSAPredicate are the values from the SLSA predicate in key-value pair form.
For example, given the following predicate ¶
```
"predicate": { "buildDefinition": { "externalParameters": { "repository": "https://github.com/octocat/hello-world", ... }, ... }, ... }
```
we have
``` key = "buildDefinition.externalParameters.repository" value = "https://github.com/octocat/hello-world" ```
This node cannot be directly referred by other parts of GUAC.
type SLSAPredicateInputSpec ¶
SLSAPredicateInputSpec allows ingesting SLSAPredicateSpec.
type SLSAPredicateSpec ¶
SLSAPredicateSpec is the same as SLSAPredicate, but usable as query input.
type ScanMetadata ¶ added in v0.2.0
type ScanMetadata struct { // Time of scan (in RFC 3339 format) TimeScanned time.Time `json:"timeScanned"` // URI of the vulnerability database used by the scanner DbURI string `json:"dbUri"` // Version of the vulnerability database used by the scanner DbVersion string `json:"dbVersion"` // URI of the scanner ScannerURI string `json:"scannerUri"` // Version of the scanner ScannerVersion string `json:"scannerVersion"` // Document from which this attestation is generated from Origin string `json:"origin"` // GUAC collector for the document Collector string `json:"collector"` // Reference location of the document in the persistent blob store (if that is configured) DocumentRef string `json:"documentRef"` }
ScanMetadata is the metadata attached to vulnerability certification.
It contains metadata about the scanner process that created the certification.
type ScanMetadataInput ¶ added in v0.2.0
type ScanMetadataInput struct { TimeScanned time.Time `json:"timeScanned"` DbURI string `json:"dbUri"` DbVersion string `json:"dbVersion"` ScannerURI string `json:"scannerUri"` ScannerVersion string `json:"scannerVersion"` Origin string `json:"origin"` Collector string `json:"collector"` DocumentRef string `json:"documentRef"` }
ScanMetadataInput represents the input for certifying vulnerability scans in mutations.
type Scorecard ¶
type Scorecard struct { // Individual Scorecard check scores (Branch-Protection, Code-Review, ...) Checks []*ScorecardCheck `json:"checks"` // Overall Scorecard score for the source AggregateScore float64 `json:"aggregateScore"` // Exact timestamp when the source was last scanned (in RFC 3339 format) TimeScanned time.Time `json:"timeScanned"` // Version of the Scorecard scanner used to analyze the source ScorecardVersion string `json:"scorecardVersion"` // Commit of the Scorecards repository at the time of scanning the source ScorecardCommit string `json:"scorecardCommit"` // Document from which this attestation is generated from Origin string `json:"origin"` // GUAC collector for the document Collector string `json:"collector"` // Reference location of the document in the persistent blob store (if that is configured) DocumentRef string `json:"documentRef"` }
Scorecard contains all of the fields present in a Scorecard attestation.
We also include fields to specify under what conditions the check was performed (time of scan, version of scanners, etc.) as well as how this information got included into GUAC (origin document and the collector for that document).
type ScorecardCheck ¶
ScorecardCheck are the individual checks from scorecard and their values as a key-value pair.
For example: Branch-Protection, Code-Review...etc
Based off scorecard's:
type jsonCheckResultV2 struct { Details []string `json:"details"` Score int `json:"score"` Reason string `json:"reason"` Name string `json:"name"` Doc jsonCheckDocumentationV2 `json:"documentation"` }
This node cannot be directly referred by other parts of GUAC.
type ScorecardCheckInputSpec ¶
ScorecardCheckInputSpec represents the mutation input for a Scorecard check.
type ScorecardCheckSpec ¶
ScorecardCheckSpec is the same as ScorecardCheck, but usable as query input.
type ScorecardInputSpec ¶
type ScorecardInputSpec struct { Checks []*ScorecardCheckInputSpec `json:"checks"` AggregateScore float64 `json:"aggregateScore"` TimeScanned time.Time `json:"timeScanned"` ScorecardVersion string `json:"scorecardVersion"` ScorecardCommit string `json:"scorecardCommit"` Origin string `json:"origin"` Collector string `json:"collector"` DocumentRef string `json:"documentRef"` }
ScorecardInputSpec represents the mutation input to ingest a Scorecard.
type Slsa ¶
type Slsa struct { // Materials of the build resulting in subject BuiltFrom []*Artifact `json:"builtFrom"` // Builder performing the build BuiltBy *Builder `json:"builtBy"` // Type of the builder BuildType string `json:"buildType"` // Individual predicates found in the attestation SlsaPredicate []*SLSAPredicate `json:"slsaPredicate"` // Version of the SLSA predicate SlsaVersion string `json:"slsaVersion"` // Timestamp (RFC3339Nano format) of build start time StartedOn *time.Time `json:"startedOn,omitempty"` // Timestamp (RFC3339Nano format) of build end time FinishedOn *time.Time `json:"finishedOn,omitempty"` // Document from which this attestation is generated from Origin string `json:"origin"` // GUAC collector for the document Collector string `json:"collector"` // Reference location of the document in the persistent blob store (if that is configured) DocumentRef string `json:"documentRef"` }
SLSA contains all of the fields present in a SLSA attestation.
The materials and builders are objects of the HasSLSA predicate, everything else are properties extracted from the attestation.
We also include fields to specify under what conditions the check was performed (time of scan, version of scanners, etc.) as well as how this information got included into GUAC (origin document and the collector for that document).
type SoftwareEdge ¶ added in v0.6.0
type SoftwareEdge struct { Cursor string `json:"cursor"` Node PackageSourceOrArtifact `json:"node"` }
SoftwareEdge contains the cursor for the resulting node and the PackageSourceOrArtifact node itself.
type Source ¶
type Source struct { ID string `json:"id"` Type string `json:"type"` Namespaces []*SourceNamespace `json:"namespaces"` }
Source represents the root of the source trie/tree.
We map source information to a trie, as a derivative of the pURL specification: each path in the trie represents a type, namespace, name and an optional qualifier that stands for tag/commit information.
This node represents the type part of the trie path. It is used to represent the version control system that is being used.
Since this node is at the root of the source trie, it is named Source, not SourceType.
func (Source) IsPackageOrSource ¶
func (Source) IsPackageOrSource()
func (Source) IsPackageSourceOrArtifact ¶
func (Source) IsPackageSourceOrArtifact()
type SourceConnection ¶ added in v0.6.0
type SourceConnection struct { TotalCount int `json:"totalCount"` PageInfo *PageInfo `json:"pageInfo"` Edges []*SourceEdge `json:"edges"` }
SourceConnection returns the paginated results for Source.
totalCount is the total number of results returned.
pageInfo provides information to the client if there is a next page of results and the starting and ending cursor for the current set.
edges contains the SourceEdge which contains the current cursor and the Source node itself
type SourceEdge ¶ added in v0.6.0
SourceEdge contains the cursor for the resulting node and the Source node itself.
type SourceIDs ¶ added in v0.4.0
type SourceIDs struct { SourceTypeID string `json:"sourceTypeID"` SourceNamespaceID string `json:"sourceNamespaceID"` SourceNameID string `json:"sourceNameID"` }
The IDs of the ingested source
type SourceInputSpec ¶
type SourceInputSpec struct { Type string `json:"type"` Namespace string `json:"namespace"` Name string `json:"name"` Tag *string `json:"tag,omitempty"` Commit *string `json:"commit,omitempty"` }
SourceInputSpec specifies a source for mutations.
This is different than SourceSpec because we want to encode that all fields except tag and commit are mandatory fields. All optional fields are given empty default values.
It is an error to set both tag and commit fields to values different than the default.
type SourceName ¶
type SourceName struct { ID string `json:"id"` Name string `json:"name"` Tag *string `json:"tag,omitempty"` Commit *string `json:"commit,omitempty"` }
SourceName represents the url of the repository.
The name field is mandatory. The tag and commit fields are optional, but it is an error to specify both.
This is the only source trie node that can be referenced by other parts of GUAC.
type SourceNamespace ¶
type SourceNamespace struct { ID string `json:"id"` Namespace string `json:"namespace"` Names []*SourceName `json:"names"` }
SourceNamespace is a namespace for sources.
This is the location of the repository (such as github/gitlab/bitbucket).
The namespace field is mandatory.
type SourceSpec ¶
type SourceSpec struct { ID *string `json:"id,omitempty"` Type *string `json:"type,omitempty"` Namespace *string `json:"namespace,omitempty"` Name *string `json:"name,omitempty"` Tag *string `json:"tag,omitempty"` Commit *string `json:"commit,omitempty"` }
SourceSpec allows filtering the list of sources to return in a query.
Empty string at a field means matching with the empty string. Missing field means retrieving all possible matches.
It is an error to specify both tag and commit fields, except it both are set as empty string (in which case the returned sources are only those for which there is no tag/commit information).
type VEXConnection ¶ added in v0.6.0
type VEXConnection struct { TotalCount int `json:"totalCount"` PageInfo *PageInfo `json:"pageInfo"` Edges []*VEXEdge `json:"edges"` }
VEXConnection returns the paginated results for CertifyVEXStatement.
totalCount is the total number of results returned.
pageInfo provides information to the client if there is a next page of results and the starting and ending cursor for the current set.
edges contains the VEXEdge which contains the current cursor and the CertifyVEXStatement node itself
type VEXEdge ¶ added in v0.6.0
type VEXEdge struct { Cursor string `json:"cursor"` Node *CertifyVEXStatement `json:"node"` }
VEXEdge contains the cursor for the resulting node and the CertifyVEXStatement node itself.
type VexJustification ¶
type VexJustification string
Records the justification included in the VEX statement.
const ( VexJustificationComponentNotPresent VexJustification = "COMPONENT_NOT_PRESENT" VexJustificationVulnerableCodeNotPresent VexJustification = "VULNERABLE_CODE_NOT_PRESENT" VexJustificationVulnerableCodeNotInExecutePath VexJustification = "VULNERABLE_CODE_NOT_IN_EXECUTE_PATH" VexJustificationVulnerableCodeCannotBeControlledByAdversary VexJustification = "VULNERABLE_CODE_CANNOT_BE_CONTROLLED_BY_ADVERSARY" VexJustificationInlineMitigationsAlreadyExist VexJustification = "INLINE_MITIGATIONS_ALREADY_EXIST" VexJustificationNotProvided VexJustification = "NOT_PROVIDED" )
func (VexJustification) IsValid ¶
func (e VexJustification) IsValid() bool
func (VexJustification) MarshalGQL ¶
func (e VexJustification) MarshalGQL(w io.Writer)
func (VexJustification) String ¶
func (e VexJustification) String() string
func (*VexJustification) UnmarshalGQL ¶
func (e *VexJustification) UnmarshalGQL(v interface{}) error
type VexStatementInputSpec ¶
type VexStatementInputSpec struct { Status VexStatus `json:"status"` VexJustification VexJustification `json:"vexJustification"` Statement string `json:"statement"` StatusNotes string `json:"statusNotes"` KnownSince time.Time `json:"knownSince"` Origin string `json:"origin"` Collector string `json:"collector"` DocumentRef string `json:"documentRef"` }
VexStatementInputSpec represents the input to ingest VEX statements.
type VexStatus ¶
type VexStatus string
Records the status of a VEX statement subject.
func (VexStatus) MarshalGQL ¶
func (*VexStatus) UnmarshalGQL ¶
type VulnEqual ¶ added in v0.2.0
type VulnEqual struct { ID string `json:"id"` // Two vulnerabilities that are similar Vulnerabilities []*Vulnerability `json:"vulnerabilities"` // Justification for the attested relationship Justification string `json:"justification"` // Document from which this attestation is generated from Origin string `json:"origin"` // GUAC collector for the document Collector string `json:"collector"` // Reference location of the document in the persistent blob store (if that is configured) DocumentRef string `json:"documentRef"` }
VulnEqual is an attestation to link two vulnerabilities together as being equal"
Note that setting noVuln vulnerability type is invalid for VulnEqual!
type VulnEqualConnection ¶ added in v0.6.0
type VulnEqualConnection struct { TotalCount int `json:"totalCount"` PageInfo *PageInfo `json:"pageInfo"` Edges []*VulnEqualEdge `json:"edges"` }
VulnEqualConnection returns the paginated results for VulnEqual.
totalCount is the total number of results returned.
pageInfo provides information to the client if there is a next page of results and the starting and ending cursor for the current set.
edges contains the VulnEqualEdge which contains the current cursor and the VulnEqual node itself
type VulnEqualEdge ¶ added in v0.6.0
VulnEqualEdge contains the cursor for the resulting node and the VulnEqual node itself.
type VulnEqualInputSpec ¶ added in v0.2.0
type VulnEqualInputSpec struct { Justification string `json:"justification"` Origin string `json:"origin"` Collector string `json:"collector"` DocumentRef string `json:"documentRef"` }
VulnEqualInputSpec represents the input to link vulnerabilities to each other.
type VulnEqualSpec ¶ added in v0.2.0
type VulnEqualSpec struct { ID *string `json:"id,omitempty"` Vulnerabilities []*VulnerabilitySpec `json:"vulnerabilities,omitempty"` Justification *string `json:"justification,omitempty"` Origin *string `json:"origin,omitempty"` Collector *string `json:"collector,omitempty"` DocumentRef *string `json:"documentRef,omitempty"` }
VulnEqualSpec allows filtering the list of vulnerability links to return in a query.
type Vulnerability ¶
type Vulnerability struct { ID string `json:"id"` Type string `json:"type"` VulnerabilityIDs []*VulnerabilityID `json:"vulnerabilityIDs"` }
Vulnerability represents the root of the vulnerability trie/tree.
We map vulnerability information to a trie, as a derivative of the pURL specification: each path in the trie represents a type and a vulnerability ID. This allows for generic representation of the various vulnerabilities and does not limit to just cve, ghsa or osv. This would be in the general format: vuln://<general-type>/<vuln-id>
Examples:
CVE, using path separator: vuln://cve/cve-2023-20753 OSV, representing its knowledge of a GHSA: vuln://osv/ghsa-205hk Random vendor: vuln://snyk/sn-whatever NoVuln: vuln://novuln/
This node represents the type part of the trie path. It is used to represent the specific type of the vulnerability: cve, ghsa, osv or some other vendor specific
Since this node is at the root of the vulnerability trie, it is named Vulnerability, not VulnerabilityType.
NoVuln is a special vulnerability node to attest that no vulnerability has been found during a vulnerability scan. It will have the type "novuln" and contain an empty string for vulnerabilityID
The resolvers will enforce that both the type and vulnerability IDs are lower case.
func (Vulnerability) IsNode ¶ added in v0.2.0
func (Vulnerability) IsNode()
type VulnerabilityConnection ¶ added in v0.6.0
type VulnerabilityConnection struct { TotalCount int `json:"totalCount"` PageInfo *PageInfo `json:"pageInfo"` Edges []*VulnerabilityEdge `json:"edges"` }
VulnerabilityConnection returns the paginated results for Vulnerability.
totalCount is the total number of results returned.
pageInfo provides information to the client if there is a next page of results and the starting and ending cursor for the current set.
edges contains the VulnerabilityEdge which contains the current cursor and the Vulnerability node itself
type VulnerabilityEdge ¶ added in v0.6.0
type VulnerabilityEdge struct { Cursor string `json:"cursor"` Node *Vulnerability `json:"node"` }
VulnerabilityEdge contains the cursor for the resulting node and the Vulnerability node itself.
type VulnerabilityID ¶ added in v0.2.0
type VulnerabilityID struct { ID string `json:"id"` VulnerabilityID string `json:"vulnerabilityID"` }
VulnerabilityID is a specific vulnerability ID associated with the type of the vulnerability.
This will be enforced to be all lowercase.
The namespace field is mandatory.
type VulnerabilityIDs ¶ added in v0.4.0
type VulnerabilityIDs struct { VulnerabilityTypeID string `json:"vulnerabilityTypeID"` VulnerabilityNodeID string `json:"vulnerabilityNodeID"` }
The IDs of the ingested vulnerability
type VulnerabilityInputSpec ¶ added in v0.2.0
type VulnerabilityInputSpec struct { Type string `json:"type"` VulnerabilityID string `json:"vulnerabilityID"` }
VulnInputSpec specifies a vulnerability for mutations.
This is different than VulnSpec because we want to encode mandatory fields: type and vulnerabilityID.
type VulnerabilityMetadata ¶ added in v0.2.0
type VulnerabilityMetadata struct { ID string `json:"id"` // The subject vulnerability that the metadata applies to Vulnerability *Vulnerability `json:"vulnerability"` // The specific score type for the score value ScoreType VulnerabilityScoreType `json:"scoreType"` // The score value based on the score type ScoreValue float64 `json:"scoreValue"` // Timestamp when the certification was created (in RFC 3339 format) Timestamp time.Time `json:"timestamp"` // Document from which this attestation is generated from Origin string `json:"origin"` // GUAC collector for the document Collector string `json:"collector"` // Reference location of the document in the persistent blob store (if that is configured) DocumentRef string `json:"documentRef"` }
VulnerabilityMetadata is an attestation that a vulnerability has a related score associated with it.
The intent of this evidence tree predicate is to allow extensibility of vulnerability score (one-to-one mapping) with a specific vulnerability ID.
A vulnerability ID can have a one-to-many relationship with the VulnerabilityMetadata node as a vulnerability ID can have multiple scores (in various frameworks).
Examples:
scoreType: EPSSv1 scoreValue: 0.960760000
scoreType: CVSSv2 scoreValue: 5.0
scoreType: CVSSv3 scoreValue: 7.5
The timestamp is used to determine when the score was evaluated for the specific vulnerability.
func (VulnerabilityMetadata) IsNode ¶ added in v0.2.0
func (VulnerabilityMetadata) IsNode()
type VulnerabilityMetadataConnection ¶ added in v0.6.0
type VulnerabilityMetadataConnection struct { TotalCount int `json:"totalCount"` PageInfo *PageInfo `json:"pageInfo"` Edges []*VulnerabilityMetadataEdge `json:"edges"` }
VulnerabilityMetadataConnection returns the paginated results for VulnerabilityMetadata.
totalCount is the total number of results returned.
pageInfo provides information to the client if there is a next page of results and the starting and ending cursor for the current set.
edges contains the VulnerabilityMetadataEdge which contains the current cursor and the VulnerabilityMetadata node itself
type VulnerabilityMetadataEdge ¶ added in v0.6.0
type VulnerabilityMetadataEdge struct { Cursor string `json:"cursor"` Node *VulnerabilityMetadata `json:"node"` }
VulnerabilityMetadataEdge contains the cursor for the resulting node and the VulnerabilityMetadata node itself.
type VulnerabilityMetadataInputSpec ¶ added in v0.2.0
type VulnerabilityMetadataInputSpec struct { ScoreType VulnerabilityScoreType `json:"scoreType"` ScoreValue float64 `json:"scoreValue"` Timestamp time.Time `json:"timestamp"` Origin string `json:"origin"` Collector string `json:"collector"` DocumentRef string `json:"documentRef"` }
VulnerabilityMetadataInputSpec represents the mutation input to ingest a vulnerability metadata.
type VulnerabilityMetadataSpec ¶ added in v0.2.0
type VulnerabilityMetadataSpec struct { ID *string `json:"id,omitempty"` Vulnerability *VulnerabilitySpec `json:"vulnerability,omitempty"` ScoreType *VulnerabilityScoreType `json:"scoreType,omitempty"` ScoreValue *float64 `json:"scoreValue,omitempty"` Comparator *Comparator `json:"comparator,omitempty"` Timestamp *time.Time `json:"timestamp,omitempty"` Origin *string `json:"origin,omitempty"` Collector *string `json:"collector,omitempty"` DocumentRef *string `json:"documentRef,omitempty"` }
VulnerabilityMetadataSpec allows filtering the list of VulnerabilityMetadata evidence to return in a query.
Comparator field is an enum that be set to filter the score and return a range that matches. If the comparator is not specified, it will default to equal operation.
Timestamp specified indicates filtering timestamps after the specified time
type VulnerabilityScoreType ¶ added in v0.2.0
type VulnerabilityScoreType string
Records the type of the score being captured by the score node
const ( VulnerabilityScoreTypeCVSSv2 VulnerabilityScoreType = "CVSSv2" VulnerabilityScoreTypeCVSSv3 VulnerabilityScoreType = "CVSSv3" VulnerabilityScoreTypeEPSSv1 VulnerabilityScoreType = "EPSSv1" VulnerabilityScoreTypeEPSSv2 VulnerabilityScoreType = "EPSSv2" VulnerabilityScoreTypeCVSSv31 VulnerabilityScoreType = "CVSSv31" VulnerabilityScoreTypeCVSSv4 VulnerabilityScoreType = "CVSSv4" VulnerabilityScoreTypeOwasp VulnerabilityScoreType = "OWASP" VulnerabilityScoreTypeSsvc VulnerabilityScoreType = "SSVC" )
func (VulnerabilityScoreType) IsValid ¶ added in v0.2.0
func (e VulnerabilityScoreType) IsValid() bool
func (VulnerabilityScoreType) MarshalGQL ¶ added in v0.2.0
func (e VulnerabilityScoreType) MarshalGQL(w io.Writer)
func (VulnerabilityScoreType) String ¶ added in v0.2.0
func (e VulnerabilityScoreType) String() string
func (*VulnerabilityScoreType) UnmarshalGQL ¶ added in v0.2.0
func (e *VulnerabilityScoreType) UnmarshalGQL(v interface{}) error
type VulnerabilitySpec ¶
type VulnerabilitySpec struct { ID *string `json:"id,omitempty"` Type *string `json:"type,omitempty"` VulnerabilityID *string `json:"vulnerabilityID,omitempty"` NoVuln *bool `json:"noVuln,omitempty"` }
VulnerabilitySpec allows filtering the list of vulnerabilities to return in a query.
Use null to match on all values at that level. For example, to get all vulnerabilities in GUAC backend, use a VulnSpec where every field is null.
Setting the noVuln boolean true will ignore the other inputs for type and vulnerabilityID. Setting noVuln to true means retrieving only nodes where the type of the vulnerability is "novuln" and the it has an empty string for vulnerabilityID. Setting it to false filters out all results that are "novuln". Setting one of the other fields and omitting the noVuln means retrieving vulnerabilities for the corresponding type and vulnerabilityID. Omission of noVuln field will return all vulnerabilities and novuln.