Documentation ¶
Index ¶
- Constants
- Variables
- func AggregateMultipleRunsIntoSingle(runs []*sarif.Run, destination *sarif.Run)
- func ApplicabilityRuleIdToCve(sarifRuleId string) string
- func CheckIfFailBuild(results []services.ScanResponse) bool
- func ConvertToSarifLevel(severity string) string
- func CreateXrayServiceManager(serviceDetails *config.ServerDetails) (*xray.XrayServicesManager, error)
- func CreateXrayServiceManagerAndGetVersion(serviceDetails *config.ServerDetails) (*xray.XrayServicesManager, string, error)
- func CveToApplicabilityRuleId(cveId string) string
- func ExtractRelativePath(resultPath string, projectRoot string) string
- func FilterResultsByRuleIdAndMsgText(source []*sarif.Result, ruleId, msgText string) (results []*sarif.Result)
- func GenerateSarifContentFromResults(extendedResults *ExtendedScanResults, ...) (sarifStr string, err error)
- func GetAnalyzerManagerDirAbsolutePath() (string, error)
- func GetAnalyzerManagerDownloadPath() (string, error)
- func GetAnalyzerManagerExecutable() (analyzerManagerPath string, err error)
- func GetAnalyzerManagerExecutableName() string
- func GetAnalyzerManagerVersion() string
- func GetDiffFromRun(sources []*sarif.Run, targets []*sarif.Run) (runWithNewOnly *sarif.Run)
- func GetInvocationWorkingDirectory(invocation *sarif.Invocation) string
- func GetLevelResultsLocationCount(run *sarif.Run, level SarifLevel) (count int)
- func GetLocationEndColumn(location *sarif.Location) int
- func GetLocationEndLine(location *sarif.Location) int
- func GetLocationFileName(location *sarif.Location) string
- func GetLocationRelatedCodeFlowsFromResult(location *sarif.Location, result *sarif.Result) (codeFlows []*sarif.CodeFlow)
- func GetLocationSnippet(location *sarif.Location) string
- func GetLocationSnippetPointer(location *sarif.Location) *string
- func GetLocationStartColumn(location *sarif.Location) int
- func GetLocationStartLine(location *sarif.Location) int
- func GetRelativeLocationFileName(location *sarif.Location, invocations []*sarif.Invocation) string
- func GetResultMsgText(result *sarif.Result) string
- func GetResultSeverity(result *sarif.Result) string
- func GetResultsByRuleId(run *sarif.Run, ruleId string) (results []*sarif.Result)
- func GetResultsLocationCount(runs ...*sarif.Run) (count int)
- func GetRuleFullDescription(rule *sarif.ReportingDescriptor) string
- func GetRunRules(run *sarif.Run) []*sarif.ReportingDescriptor
- func GetSeveritiesFormat(severity string) (string, error)
- func GetStartLocationInFile(location *sarif.Location) string
- func GetUniqueKey(vulnerableDependency, vulnerableVersion, xrayID string, fixVersionExist bool) string
- func IsApplicableResult(result *sarif.Result) bool
- func IsEmptyScanResponse(results []services.ScanResponse) bool
- func IsSastSupported() bool
- func NewFailBuildError() error
- func NewReport() (*sarif.Report, error)
- func ParseAnalyzerManagerError(scanner JasScanType, err error) error
- func PrepareIacs(iacs []*sarif.Run) []formats.SourceCodeRow
- func PrepareLicenses(licenses []services.License) ([]formats.LicenseRow, error)
- func PrepareSast(sasts []*sarif.Run) []formats.SourceCodeRow
- func PrepareSecrets(secrets []*sarif.Run) []formats.SourceCodeRow
- func PrepareViolations(violations []services.Violation, extendedResults *ExtendedScanResults, ...) ([]formats.VulnerabilityOrViolationRow, []formats.LicenseViolationRow, ...)
- func PrepareVulnerabilities(vulnerabilities []services.Vulnerability, extendedResults *ExtendedScanResults, ...) ([]formats.VulnerabilityOrViolationRow, error)
- func PrintIacTable(iacs []*sarif.Run, entitledForIacScan bool) error
- func PrintJson(output interface{}) error
- func PrintLicensesTable(licenses []services.License, printExtended, isBinaryScan bool) error
- func PrintSastTable(sast []*sarif.Run, entitledForSastScan bool) error
- func PrintScanResults(results *ExtendedScanResults, simpleJsonError []formats.SimpleJsonError, ...) error
- func PrintSecretsTable(secrets []*sarif.Run, entitledForSecretsScan bool) error
- func PrintViolationsTable(violations []services.Violation, extendedResults *ExtendedScanResults, ...) error
- func PrintVulnerabilitiesTable(vulnerabilities []services.Vulnerability, extendedResults *ExtendedScanResults, ...) error
- func ReadScanRunsFromFile(fileName string) (sarifRuns []*sarif.Run, err error)
- func SetAnalyzerManagerEnvVariables(serverDetails *config.ServerDetails) error
- func SetLocationFileName(location *sarif.Location, fileName string)
- func SetLocationSnippet(location *sarif.Location, snippet string)
- func SplitComponentId(componentId string) (string, string, string)
- func SplitScanResults(results []services.ScanResponse) ([]services.Violation, []services.Vulnerability, []services.License)
- type AnalyzerManager
- type ApplicabilityStatus
- type AuditBasicParams
- func (abp *AuditBasicParams) AppendDirectDependencies(directDependencies []string) *AuditBasicParams
- func (abp *AuditBasicParams) Args() []string
- func (abp *AuditBasicParams) DepsRepo() string
- func (abp *AuditBasicParams) DirectDependencies() []string
- func (abp *AuditBasicParams) ExcludeTestDependencies() bool
- func (abp *AuditBasicParams) IgnoreConfigFile() bool
- func (abp *AuditBasicParams) InsecureTls() bool
- func (abp *AuditBasicParams) OutputFormat() OutputFormat
- func (abp *AuditBasicParams) PipRequirementsFile() string
- func (abp *AuditBasicParams) Progress() ioUtils.ProgressMgr
- func (abp *AuditBasicParams) ServerDetails() (*config.ServerDetails, error)
- func (abp *AuditBasicParams) SetDepsRepo(depsRepo string) *AuditBasicParams
- func (abp *AuditBasicParams) SetExcludeTestDependencies(excludeTestDependencies bool) *AuditBasicParams
- func (abp *AuditBasicParams) SetIgnoreConfigFile(ignoreConfigFile bool) *AuditBasicParams
- func (abp *AuditBasicParams) SetInsecureTls(insecureTls bool) *AuditBasicParams
- func (abp *AuditBasicParams) SetNpmScope(depType string) *AuditBasicParams
- func (abp *AuditBasicParams) SetOutputFormat(format OutputFormat) *AuditBasicParams
- func (abp *AuditBasicParams) SetPipRequirementsFile(requirementsFile string) *AuditBasicParams
- func (abp *AuditBasicParams) SetProgress(progress ioUtils.ProgressMgr)
- func (abp *AuditBasicParams) SetServerDetails(serverDetails *config.ServerDetails) *AuditBasicParams
- func (abp *AuditBasicParams) SetTechnologies(technologies []string) *AuditBasicParams
- func (abp *AuditBasicParams) SetUseWrapper(useWrapper bool) *AuditBasicParams
- func (abp *AuditBasicParams) Technologies() []string
- func (abp *AuditBasicParams) UseWrapper() bool
- type ExtendedScanResults
- type JasScanType
- type OutputFormat
- type SarifLevel
- type Severity
Constants ¶
const ( EntitlementsMinVersion = "3.66.5" ApplicabilityFeatureId = "contextual_analysis" AnalyzerManagerZipName = "analyzerManager.zip" ErrFailedScannerRun = "failed to run %s scan. Exit code received: %s" )
const MissingCveScore = "0"
const (
SeverityDefaultValue = "Medium"
)
Variables ¶
var OutputFormats = []string{string(Table), string(Json), string(SimpleJson), string(Sarif)}
var Severities = map[string]map[ApplicabilityStatus]*Severity{ "Critical": { Applicable: {/* contains filtered or unexported fields */}, ApplicabilityUndetermined: {/* contains filtered or unexported fields */}, NotApplicable: {/* contains filtered or unexported fields */}, }, "High": { Applicable: {/* contains filtered or unexported fields */}, ApplicabilityUndetermined: {/* contains filtered or unexported fields */}, NotApplicable: {/* contains filtered or unexported fields */}, }, "Medium": { Applicable: {/* contains filtered or unexported fields */}, ApplicabilityUndetermined: {/* contains filtered or unexported fields */}, NotApplicable: {/* contains filtered or unexported fields */}, }, "Low": { Applicable: {/* contains filtered or unexported fields */}, ApplicabilityUndetermined: {/* contains filtered or unexported fields */}, NotApplicable: {/* contains filtered or unexported fields */}, }, "Unknown": { Applicable: {/* contains filtered or unexported fields */}, ApplicabilityUndetermined: {/* contains filtered or unexported fields */}, NotApplicable: {/* contains filtered or unexported fields */}, }, }
Functions ¶
func AggregateMultipleRunsIntoSingle ¶ added in v2.41.5
func ApplicabilityRuleIdToCve ¶ added in v2.41.6
func CheckIfFailBuild ¶ added in v2.7.0
func CheckIfFailBuild(results []services.ScanResponse) bool
func ConvertToSarifLevel ¶ added in v2.41.5
func CreateXrayServiceManager ¶ added in v2.41.5
func CreateXrayServiceManager(serviceDetails *config.ServerDetails) (*xray.XrayServicesManager, error)
func CreateXrayServiceManagerAndGetVersion ¶ added in v2.41.5
func CreateXrayServiceManagerAndGetVersion(serviceDetails *config.ServerDetails) (*xray.XrayServicesManager, string, error)
func CveToApplicabilityRuleId ¶ added in v2.41.6
func ExtractRelativePath ¶ added in v2.36.0
func FilterResultsByRuleIdAndMsgText ¶ added in v2.41.5
func GenerateSarifContentFromResults ¶ added in v2.41.5
func GenerateSarifContentFromResults(extendedResults *ExtendedScanResults, isMultipleRoots, includeLicenses, markdownOutput bool) (sarifStr string, err error)
func GetAnalyzerManagerDirAbsolutePath ¶ added in v2.34.1
func GetAnalyzerManagerDownloadPath ¶ added in v2.34.1
func GetAnalyzerManagerExecutable ¶ added in v2.41.0
func GetAnalyzerManagerExecutableName ¶ added in v2.34.1
func GetAnalyzerManagerExecutableName() string
func GetAnalyzerManagerVersion ¶ added in v2.41.5
func GetAnalyzerManagerVersion() string
func GetDiffFromRun ¶ added in v2.41.5
Calculate new information that exists at the run and not at the source
func GetInvocationWorkingDirectory ¶ added in v2.41.5
func GetInvocationWorkingDirectory(invocation *sarif.Invocation) string
func GetLevelResultsLocationCount ¶ added in v2.41.5
func GetLevelResultsLocationCount(run *sarif.Run, level SarifLevel) (count int)
func GetLocationEndColumn ¶ added in v2.41.5
func GetLocationEndLine ¶ added in v2.41.5
func GetLocationFileName ¶ added in v2.41.5
func GetLocationRelatedCodeFlowsFromResult ¶ added in v2.41.5
func GetLocationSnippet ¶ added in v2.41.5
func GetLocationSnippetPointer ¶ added in v2.41.5
func GetLocationStartColumn ¶ added in v2.41.5
func GetLocationStartLine ¶ added in v2.41.5
func GetRelativeLocationFileName ¶ added in v2.41.6
func GetRelativeLocationFileName(location *sarif.Location, invocations []*sarif.Invocation) string
func GetResultMsgText ¶ added in v2.41.5
func GetResultSeverity ¶ added in v2.36.0
func GetResultsByRuleId ¶ added in v2.41.5
func GetResultsLocationCount ¶ added in v2.41.5
func GetRuleFullDescription ¶ added in v2.41.5
func GetRuleFullDescription(rule *sarif.ReportingDescriptor) string
func GetRunRules ¶ added in v2.41.5
func GetRunRules(run *sarif.Run) []*sarif.ReportingDescriptor
func GetSeveritiesFormat ¶ added in v2.32.0
func GetStartLocationInFile ¶ added in v2.41.5
func GetUniqueKey ¶ added in v2.40.0
func GetUniqueKey(vulnerableDependency, vulnerableVersion, xrayID string, fixVersionExist bool) string
GetUniqueKey returns a unique string key of format "vulnerableDependency:vulnerableVersion:xrayID:fixVersionExist"
func IsApplicableResult ¶ added in v2.41.6
func IsEmptyScanResponse ¶ added in v2.19.0
func IsEmptyScanResponse(results []services.ScanResponse) bool
func IsSastSupported ¶ added in v2.41.5
func IsSastSupported() bool
func NewFailBuildError ¶ added in v2.7.0
func NewFailBuildError() error
func ParseAnalyzerManagerError ¶ added in v2.39.3
func ParseAnalyzerManagerError(scanner JasScanType, err error) error
func PrepareIacs ¶ added in v2.36.0
func PrepareIacs(iacs []*sarif.Run) []formats.SourceCodeRow
Prepare iacs for all non-table formats (without style or emoji)
func PrepareLicenses ¶ added in v2.12.2
func PrepareLicenses(licenses []services.License) ([]formats.LicenseRow, error)
func PrepareSast ¶ added in v2.41.5
func PrepareSast(sasts []*sarif.Run) []formats.SourceCodeRow
func PrepareSecrets ¶ added in v2.36.0
func PrepareSecrets(secrets []*sarif.Run) []formats.SourceCodeRow
Prepare secrets for all non-table formats (without style or emoji)
func PrepareViolations ¶ added in v2.12.2
func PrepareViolations(violations []services.Violation, extendedResults *ExtendedScanResults, multipleRoots, simplifiedOutput bool) ([]formats.VulnerabilityOrViolationRow, []formats.LicenseViolationRow, []formats.OperationalRiskViolationRow, error)
Prepare violations for all non-table formats (without style or emoji)
func PrepareVulnerabilities ¶ added in v2.12.2
func PrepareVulnerabilities(vulnerabilities []services.Vulnerability, extendedResults *ExtendedScanResults, multipleRoots, simplifiedOutput bool) ([]formats.VulnerabilityOrViolationRow, error)
Prepare vulnerabilities for all non-table formats (without style or emoji)
func PrintIacTable ¶ added in v2.36.0
func PrintLicensesTable ¶ added in v2.1.0
PrintLicensesTable prints the licenses in a table. Set multipleRoots to true in case the given licenses array contains (or may contain) results of several projects or files (like in binary scan). In case multipleRoots is true, the field Component will show the root of each impact path, otherwise it will show the root's child. Set printExtended to true to print fields with 'extended' tag. If the scan argument is set to true, print the scan tables.
func PrintSastTable ¶ added in v2.41.5
func PrintScanResults ¶ added in v2.4.0
func PrintScanResults(results *ExtendedScanResults, simpleJsonError []formats.SimpleJsonError, format OutputFormat, includeVulnerabilities, includeLicenses, isMultipleRoots, printExtended, isBinaryScan bool, messages []string) error
PrintScanResults prints the scan results in the specified format. Note that errors are printed only with SimpleJson format.
results - The scan results. simpleJsonError - Errors to be added to output of the SimpleJson format. format - The output format. includeVulnerabilities - If trie, include all vulnerabilities as part of the output. Else, include violations only. includeLicenses - If true, also include license violations as part of the output. isMultipleRoots - multipleRoots is set to true, in case the given results array contains (or may contain) results of several projects (like in binary scan). printExtended -If true, show extended results. scan - If true, use an output layout suitable for `jf scan` or `jf docker scan` results. Otherwise, use a layout compatible for `jf audit` . messages - Option array of messages, to be displayed if the format is Table
func PrintSecretsTable ¶ added in v2.36.0
func PrintViolationsTable ¶
func PrintViolationsTable(violations []services.Violation, extendedResults *ExtendedScanResults, multipleRoots, printExtended, isBinaryScan bool) error
PrintViolationsTable prints the violations in 4 tables: security violations, license compliance violations, operational risk violations and ignore rule URLs. Set multipleRoots to true in case the given violations array contains (or may contain) results of several projects or files (like in binary scan). In case multipleRoots is true, the field Component will show the root of each impact path, otherwise it will show the root's child. In case one (or more) of the violations contains the field FailBuild set to true, CliError with exit code 3 will be returned. Set printExtended to true to print fields with 'extended' tag. If the scan argument is set to true, print the scan tables.
func PrintVulnerabilitiesTable ¶
func PrintVulnerabilitiesTable(vulnerabilities []services.Vulnerability, extendedResults *ExtendedScanResults, multipleRoots, printExtended, isBinaryScan bool) error
PrintVulnerabilitiesTable prints the vulnerabilities in a table. Set multipleRoots to true in case the given vulnerabilities array contains (or may contain) results of several projects or files (like in binary scan). In case multipleRoots is true, the field Component will show the root of each impact path, otherwise it will show the root's child. Set printExtended to true to print fields with 'extended' tag. If the scan argument is set to true, print the scan tables.
func ReadScanRunsFromFile ¶ added in v2.41.5
func SetAnalyzerManagerEnvVariables ¶ added in v2.33.0
func SetAnalyzerManagerEnvVariables(serverDetails *config.ServerDetails) error
func SetLocationFileName ¶ added in v2.41.5
func SetLocationSnippet ¶ added in v2.41.5
func SplitComponentId ¶ added in v2.27.0
SplitComponentId splits a Xray component ID to the component name, version and package type. In case componentId doesn't contain a version, the returned version will be an empty string. In case componentId's format is invalid, it will be returned as the component name and empty strings will be returned instead of the version and the package type. Examples:
- componentId: "gav://antparent:ant:1.6.5" Returned values: Component name: "antparent:ant" Component version: "1.6.5" Package type: "Maven"
- componentId: "generic://sha256:244fd47e07d1004f0aed9c156aa09083c82bf8944eceb67c946ff7430510a77b/foo.jar" Returned values: Component name: "foo.jar" Component version: "" Package type: "Generic"
- componentId: "invalid-comp-id" Returned values: Component name: "invalid-comp-id" Component version: "" Package type: ""
func SplitScanResults ¶ added in v2.29.2
func SplitScanResults(results []services.ScanResponse) ([]services.Violation, []services.Vulnerability, []services.License)
Splits scan responses into aggregated lists of violations, vulnerabilities and licenses.
Types ¶
type AnalyzerManager ¶ added in v2.33.0
func (*AnalyzerManager) Exec ¶ added in v2.33.0
func (am *AnalyzerManager) Exec(configFile, scanCommand, workingDir string, serverDetails *config.ServerDetails) (err error)
type ApplicabilityStatus ¶ added in v2.41.5
type ApplicabilityStatus string
const ( Applicable ApplicabilityStatus = "Applicable" NotApplicable ApplicabilityStatus = "Not Applicable" ApplicabilityUndetermined ApplicabilityStatus = "Undetermined" NotScanned ApplicabilityStatus = "" )
type AuditBasicParams ¶ added in v2.41.5
type AuditBasicParams struct {
// contains filtered or unexported fields
}
func (*AuditBasicParams) AppendDirectDependencies ¶ added in v2.41.5
func (abp *AuditBasicParams) AppendDirectDependencies(directDependencies []string) *AuditBasicParams
func (*AuditBasicParams) Args ¶ added in v2.41.5
func (abp *AuditBasicParams) Args() []string
func (*AuditBasicParams) DepsRepo ¶ added in v2.41.5
func (abp *AuditBasicParams) DepsRepo() string
func (*AuditBasicParams) DirectDependencies ¶ added in v2.41.5
func (abp *AuditBasicParams) DirectDependencies() []string
func (*AuditBasicParams) ExcludeTestDependencies ¶ added in v2.41.5
func (abp *AuditBasicParams) ExcludeTestDependencies() bool
func (*AuditBasicParams) IgnoreConfigFile ¶ added in v2.41.5
func (abp *AuditBasicParams) IgnoreConfigFile() bool
func (*AuditBasicParams) InsecureTls ¶ added in v2.41.5
func (abp *AuditBasicParams) InsecureTls() bool
func (*AuditBasicParams) OutputFormat ¶ added in v2.41.5
func (abp *AuditBasicParams) OutputFormat() OutputFormat
func (*AuditBasicParams) PipRequirementsFile ¶ added in v2.41.5
func (abp *AuditBasicParams) PipRequirementsFile() string
func (*AuditBasicParams) Progress ¶ added in v2.41.5
func (abp *AuditBasicParams) Progress() ioUtils.ProgressMgr
func (*AuditBasicParams) ServerDetails ¶ added in v2.41.5
func (abp *AuditBasicParams) ServerDetails() (*config.ServerDetails, error)
func (*AuditBasicParams) SetDepsRepo ¶ added in v2.41.5
func (abp *AuditBasicParams) SetDepsRepo(depsRepo string) *AuditBasicParams
func (*AuditBasicParams) SetExcludeTestDependencies ¶ added in v2.41.5
func (abp *AuditBasicParams) SetExcludeTestDependencies(excludeTestDependencies bool) *AuditBasicParams
func (*AuditBasicParams) SetIgnoreConfigFile ¶ added in v2.41.5
func (abp *AuditBasicParams) SetIgnoreConfigFile(ignoreConfigFile bool) *AuditBasicParams
func (*AuditBasicParams) SetInsecureTls ¶ added in v2.41.5
func (abp *AuditBasicParams) SetInsecureTls(insecureTls bool) *AuditBasicParams
func (*AuditBasicParams) SetNpmScope ¶ added in v2.41.5
func (abp *AuditBasicParams) SetNpmScope(depType string) *AuditBasicParams
func (*AuditBasicParams) SetOutputFormat ¶ added in v2.41.5
func (abp *AuditBasicParams) SetOutputFormat(format OutputFormat) *AuditBasicParams
func (*AuditBasicParams) SetPipRequirementsFile ¶ added in v2.41.5
func (abp *AuditBasicParams) SetPipRequirementsFile(requirementsFile string) *AuditBasicParams
func (*AuditBasicParams) SetProgress ¶ added in v2.41.5
func (abp *AuditBasicParams) SetProgress(progress ioUtils.ProgressMgr)
func (*AuditBasicParams) SetServerDetails ¶ added in v2.41.5
func (abp *AuditBasicParams) SetServerDetails(serverDetails *config.ServerDetails) *AuditBasicParams
func (*AuditBasicParams) SetTechnologies ¶ added in v2.41.5
func (abp *AuditBasicParams) SetTechnologies(technologies []string) *AuditBasicParams
func (*AuditBasicParams) SetUseWrapper ¶ added in v2.41.5
func (abp *AuditBasicParams) SetUseWrapper(useWrapper bool) *AuditBasicParams
func (*AuditBasicParams) Technologies ¶ added in v2.41.5
func (abp *AuditBasicParams) Technologies() []string
func (*AuditBasicParams) UseWrapper ¶ added in v2.41.5
func (abp *AuditBasicParams) UseWrapper() bool
type ExtendedScanResults ¶ added in v2.33.0
type JasScanType ¶ added in v2.41.5
type JasScanType string
const ( Applicability JasScanType = "Applicability" Secrets JasScanType = "Secrets" IaC JasScanType = "IaC" Sast JasScanType = "Sast" )
func (JasScanType) FormattedError ¶ added in v2.41.5
func (st JasScanType) FormattedError(err error) error
type OutputFormat ¶ added in v2.7.0
type OutputFormat string
const ( // OutputFormat values Table OutputFormat = "table" Json OutputFormat = "json" SimpleJson OutputFormat = "simple-json" Sarif OutputFormat = "sarif" )
type SarifLevel ¶ added in v2.41.5
type SarifLevel string
type Severity ¶ added in v2.32.0
type Severity struct {
// contains filtered or unexported fields
}
func GetSeverity ¶ added in v2.32.0
func GetSeverity(severityTitle string, applicable ApplicabilityStatus) *Severity