Documentation ¶
Index ¶
- Constants
- Variables
- func AppendUniqueImpactPaths(target [][]services.ImpactPathNode, source [][]services.ImpactPathNode, ...) [][]services.ImpactPathNode
- func AppendUniqueImpactPathsForMultipleRoots(target [][]services.ImpactPathNode, source [][]services.ImpactPathNode) [][]services.ImpactPathNode
- func CheckIfFailBuild(results []services.ScanResponse) bool
- func ConvertCvesWithApplicability(cves []services.Cve, entitledForJas bool, applicabilityRuns []*sarif.Run, ...) (convertedCves []formats.CveRow, ...)
- func FindMaxCVEScore(severity severityutils.Severity, ...) (string, error)
- func GetApplicableCveStatus(entitledForJas bool, applicabilityScanResults []*sarif.Run, ...) jasutils.ApplicabilityStatus
- func GetCveApplicabilityField(cveId string, applicabilityScanResults []*sarif.Run, ...) *formats.Applicability
- func GetCveScore(severity severityutils.Severity, ...) (float32, error)
- func GetDependencyId(depName, version string) string
- func GetIssueIdentifier(cvesRow []formats.CveRow, issueId string, delimiter string) string
- func GetResultPropertyMetadata(result *sarif.Result) string
- func GetResultPropertyTokenValidation(result *sarif.Result) string
- func GetRuleUndeterminedReason(rule *sarif.ReportingDescriptor) string
- func GetScaIssueId(depName, version, issueId string) string
- func GetUniqueKey(vulnerableDependency, vulnerableVersion, xrayID string, fixVersionExist bool) string
- func GetViolatedLicenses(allowedLicenses []string, licenses []services.License) (violatedLicenses []services.Violation)
- func NewFailBuildError() error
- func PrepareJasIssues(runs []*sarif.Run, entitledForJas bool, handler ParseJasFunc) error
- func PrepareLicenses(target ScanTarget, licenses []services.License, handler ParseLicensesFunc) error
- func PrepareScaViolations(target ScanTarget, violations []services.Violation, entitledForJas bool, ...) (watches []string, failBuild bool, err error)
- func PrepareScaVulnerabilities(target ScanTarget, vulnerabilities []services.Vulnerability, ...) error
- func SplitComponents(target string, impactedPackages map[string]services.Component) (...)
- type JasScansResults
- func (jsr *JasScansResults) GetResults(scanType jasutils.JasScanType) (results []*sarif.Run)
- func (jsr *JasScansResults) HasFindings() bool
- func (jsr *JasScansResults) HasFindingsByType(scanType jasutils.JasScanType) bool
- func (jsr *JasScansResults) HasInformation() bool
- func (jsr *JasScansResults) HasInformationByType(scanType jasutils.JasScanType) bool
- type ParseJasFunc
- type ParseLicensesFunc
- type ParseScaViolationFunc
- type ParseScaVulnerabilityFunc
- type ScaScanResults
- type ScanTarget
- type SecurityCommandResults
- func (r *SecurityCommandResults) AddGeneralError(err error, allowSkippingError bool) *SecurityCommandResults
- func (r *SecurityCommandResults) GetErrors() (err error)
- func (r *SecurityCommandResults) GetJasScansResults(scanType jasutils.JasScanType) (results []*sarif.Run)
- func (r *SecurityCommandResults) GetScaScansXrayResults() (results []services.ScanResponse)
- func (r *SecurityCommandResults) GetTargetsPaths() (paths []string)
- func (r *SecurityCommandResults) GetTechnologies(additionalTechs ...techutils.Technology) []techutils.Technology
- func (r *SecurityCommandResults) HasFindings() bool
- func (r *SecurityCommandResults) HasInformation() bool
- func (r *SecurityCommandResults) HasMultipleTargets() bool
- func (r *SecurityCommandResults) NewScanResults(target ScanTarget) *TargetResults
- func (r *SecurityCommandResults) SetEntitledForJas(entitledForJas bool) *SecurityCommandResults
- func (r *SecurityCommandResults) SetMultiScanId(multiScanId string) *SecurityCommandResults
- func (r *SecurityCommandResults) SetSecretValidation(secretValidation bool) *SecurityCommandResults
- func (r *SecurityCommandResults) SetStartTime(startTime time.Time) *SecurityCommandResults
- func (r *SecurityCommandResults) SetXrayVersion(xrayVersion string) *SecurityCommandResults
- func (r *SecurityCommandResults) SetXscVersion(xscVersion string) *SecurityCommandResults
- type TargetResults
- func (sr *TargetResults) AddTargetError(err error, allowSkippingError bool) error
- func (sr *TargetResults) GetErrors() (err error)
- func (sr *TargetResults) GetJasScansResults(scanType jasutils.JasScanType) (results []*sarif.Run)
- func (sr *TargetResults) GetScaScansXrayResults() (results []services.ScanResponse)
- func (sr *TargetResults) GetScanIds() []string
- func (sr *TargetResults) GetTechnologies() []techutils.Technology
- func (sr *TargetResults) GetWatches() []string
- func (sr *TargetResults) HasFindings() bool
- func (sr *TargetResults) HasInformation() bool
- func (sr *TargetResults) NewScaScanResults(responses ...services.ScanResponse) *ScaScanResults
- func (sr *TargetResults) SetDescriptors(descriptors ...string) *TargetResults
Constants ¶
const ( RootIndex = 0 DirectDependencyIndex = 1 DirectDependencyPathLength = 2 )
Variables ¶
var ( ErrResetConvertor = fmt.Errorf("reset must be called before parsing new scan results metadata") ErrNoTargetConvertor = fmt.Errorf("ParseNewTargetResults must be called before starting to parse issues") )
Functions ¶
func AppendUniqueImpactPaths ¶
func AppendUniqueImpactPaths(target [][]services.ImpactPathNode, source [][]services.ImpactPathNode, multipleRoots bool) [][]services.ImpactPathNode
appendImpactPathsWithoutDuplicates appends the elements of a source [][]ImpactPathNode struct to a target [][]ImpactPathNode, without adding any duplicate elements. This implementation uses the ComponentId field of the ImpactPathNode struct to check for duplicates, as it is guaranteed to be unique.
func AppendUniqueImpactPathsForMultipleRoots ¶
func AppendUniqueImpactPathsForMultipleRoots(target [][]services.ImpactPathNode, source [][]services.ImpactPathNode) [][]services.ImpactPathNode
AppendUniqueImpactPathsForMultipleRoots appends the source impact path to the target impact path while avoiding duplicates. Specifically, it is designed for handling multiple root projects, such as Maven or Gradle, by comparing each pair of paths and identifying the path that is closest to the direct dependency.
func CheckIfFailBuild ¶
func CheckIfFailBuild(results []services.ScanResponse) bool
In case one (or more) of the violations contains the field FailBuild set to true, CliError with exit code 3 will be returned.
func FindMaxCVEScore ¶
func FindMaxCVEScore(severity severityutils.Severity, applicabilityStatus jasutils.ApplicabilityStatus, cves []formats.CveRow) (string, error)
FindMaxCVEScore returns the maximum CVSS score of the given CVEs or score based on severity and applicability status if not exists.
func GetApplicableCveStatus ¶
func GetCveScore ¶
func GetCveScore(severity severityutils.Severity, applicabilityStatus jasutils.ApplicabilityStatus, cve formats.CveRow) (float32, error)
GetCveScore returns the CVSS score of the given CVE or score based on severity and applicability status if not exists.
func GetDependencyId ¶
func GetIssueIdentifier ¶
func GetRuleUndeterminedReason ¶
func GetRuleUndeterminedReason(rule *sarif.ReportingDescriptor) string
func GetScaIssueId ¶
func GetUniqueKey ¶
func GetUniqueKey(vulnerableDependency, vulnerableVersion, xrayID string, fixVersionExist bool) string
GetUniqueKey returns a unique string key of format "vulnerableDependency:vulnerableVersion:xrayID:fixVersionExist"
func GetViolatedLicenses ¶
func NewFailBuildError ¶
func NewFailBuildError() error
func PrepareJasIssues ¶
func PrepareJasIssues(runs []*sarif.Run, entitledForJas bool, handler ParseJasFunc) error
PrepareJasIssues allows to iterate over the provided SARIF runs and call the provided handler for each issue to process it.
func PrepareLicenses ¶
func PrepareLicenses(target ScanTarget, licenses []services.License, handler ParseLicensesFunc) error
PrepareLicenses allows to iterate over the provided licenses and call the provided handler for each component/package with a license to process it.
func PrepareScaViolations ¶
func PrepareScaViolations(target ScanTarget, violations []services.Violation, entitledForJas bool, applicabilityRuns []*sarif.Run, securityHandler ParseScaViolationFunc, licenseHandler ParseScaViolationFunc, operationalRiskHandler ParseScaViolationFunc) (watches []string, failBuild bool, err error)
PrepareScaViolations allows to iterate over the provided SCA violations and call the provided handler for each impacted component/package with a violation to process it.
func PrepareScaVulnerabilities ¶
func PrepareScaVulnerabilities(target ScanTarget, vulnerabilities []services.Vulnerability, entitledForJas bool, applicabilityRuns []*sarif.Run, handler ParseScaVulnerabilityFunc) error
PrepareScaVulnerabilities allows to iterate over the provided SCA security vulnerabilities and call the provided handler for each impacted component/package with a vulnerability to process it.
func SplitComponents ¶
Types ¶
type JasScansResults ¶
type JasScansResults struct { ApplicabilityScanResults []*sarif.Run `json:"contextual_analysis,omitempty"` SecretsScanResults []*sarif.Run `json:"secrets,omitempty"` IacScanResults []*sarif.Run `json:"iac,omitempty"` SastScanResults []*sarif.Run `json:"sast,omitempty"` }
func (*JasScansResults) GetResults ¶
func (jsr *JasScansResults) GetResults(scanType jasutils.JasScanType) (results []*sarif.Run)
func (*JasScansResults) HasFindings ¶
func (jsr *JasScansResults) HasFindings() bool
func (*JasScansResults) HasFindingsByType ¶
func (jsr *JasScansResults) HasFindingsByType(scanType jasutils.JasScanType) bool
func (*JasScansResults) HasInformation ¶
func (jsr *JasScansResults) HasInformation() bool
func (*JasScansResults) HasInformationByType ¶
func (jsr *JasScansResults) HasInformationByType(scanType jasutils.JasScanType) bool
type ParseJasFunc ¶
type ParseLicensesFunc ¶
type ParseLicensesFunc func(license services.License, impactedPackagesName, impactedPackagesVersion, impactedPackagesType string, directComponents []formats.ComponentRow, impactPaths [][]formats.ComponentRow) error
type ParseScaViolationFunc ¶
type ParseScaViolationFunc func(violation services.Violation, cves []formats.CveRow, applicabilityStatus jasutils.ApplicabilityStatus, severity severityutils.Severity, impactedPackagesName, impactedPackagesVersion, impactedPackagesType string, fixedVersion []string, directComponents []formats.ComponentRow, impactPaths [][]formats.ComponentRow) error
type ParseScaVulnerabilityFunc ¶
type ParseScaVulnerabilityFunc func(vulnerability services.Vulnerability, cves []formats.CveRow, applicabilityStatus jasutils.ApplicabilityStatus, severity severityutils.Severity, impactedPackagesName, impactedPackagesVersion, impactedPackagesType string, fixedVersion []string, directComponents []formats.ComponentRow, impactPaths [][]formats.ComponentRow) error
type ScaScanResults ¶
type ScaScanResults struct { IsMultipleRootProject *bool `json:"is_multiple_root_project,omitempty"` // Target of the scan Descriptors []string `json:"descriptors,omitempty"` // Sca scan results XrayResults []services.ScanResponse `json:"xray_scan,omitempty"` }
func (*ScaScanResults) HasFindings ¶
func (ssr *ScaScanResults) HasFindings() bool
func (*ScaScanResults) HasInformation ¶
func (ssr *ScaScanResults) HasInformation() bool
type ScanTarget ¶
type ScanTarget struct { // Physical location of the target: Working directory (audit) / binary to scan (scan / docker scan) Target string `json:"target,omitempty"` // Logical name of the target (build name / module name / docker image name...) Name string `json:"name,omitempty"` // Optional field (not used only in build scan) to provide the technology of the target Technology techutils.Technology `json:"technology,omitempty"` }
func (ScanTarget) Copy ¶
func (st ScanTarget) Copy(newTarget string) ScanTarget
func (ScanTarget) String ¶
func (st ScanTarget) String() (str string)
type SecurityCommandResults ¶
type SecurityCommandResults struct { // General fields describing the command metadata XrayVersion string `json:"xray_version"` XscVersion string `json:"xsc_version,omitempty"` EntitledForJas bool `json:"jas_entitled"` SecretValidation bool `json:"secret_validation,omitempty"` CmdType utils.CommandType `json:"command_type"` StartTime time.Time `json:"start_time"` // MultiScanId is a unique identifier that is used to group multiple scans together. MultiScanId string `json:"multi_scan_id,omitempty"` // Results for each target in the command Targets []*TargetResults `json:"targets"` // GeneralError that occurred during the command execution GeneralError error `json:"general_error,omitempty"` // contains filtered or unexported fields }
SecurityCommandResults is a struct that holds the results of a security scan/audit command.
func NewCommandResults ¶
func NewCommandResults(cmdType utils.CommandType) *SecurityCommandResults
func (*SecurityCommandResults) AddGeneralError ¶ added in v1.12.4
func (r *SecurityCommandResults) AddGeneralError(err error, allowSkippingError bool) *SecurityCommandResults
--- Aggregated results for all targets --- Adds a general error to the command results in different phases of its execution. Notice that in some usages we pass constant 'false' to the 'allowSkippingError' parameter in some places, where we wish to force propagation of the error when it occurs.
func (*SecurityCommandResults) GetErrors ¶
func (r *SecurityCommandResults) GetErrors() (err error)
func (*SecurityCommandResults) GetJasScansResults ¶
func (r *SecurityCommandResults) GetJasScansResults(scanType jasutils.JasScanType) (results []*sarif.Run)
func (*SecurityCommandResults) GetScaScansXrayResults ¶
func (r *SecurityCommandResults) GetScaScansXrayResults() (results []services.ScanResponse)
func (*SecurityCommandResults) GetTargetsPaths ¶
func (r *SecurityCommandResults) GetTargetsPaths() (paths []string)
func (*SecurityCommandResults) GetTechnologies ¶
func (r *SecurityCommandResults) GetTechnologies(additionalTechs ...techutils.Technology) []techutils.Technology
func (*SecurityCommandResults) HasFindings ¶
func (r *SecurityCommandResults) HasFindings() bool
func (*SecurityCommandResults) HasInformation ¶
func (r *SecurityCommandResults) HasInformation() bool
func (*SecurityCommandResults) HasMultipleTargets ¶
func (r *SecurityCommandResults) HasMultipleTargets() bool
In case multipleRoots is true, the field Component will show the root of each impact path, otherwise it will show the root's child. Set multipleRoots to true in case the given vulnerabilities array contains (or may contain) results of several projects or files (like in binary scan).
func (*SecurityCommandResults) NewScanResults ¶
func (r *SecurityCommandResults) NewScanResults(target ScanTarget) *TargetResults
func (*SecurityCommandResults) SetEntitledForJas ¶ added in v1.12.4
func (r *SecurityCommandResults) SetEntitledForJas(entitledForJas bool) *SecurityCommandResults
func (*SecurityCommandResults) SetMultiScanId ¶
func (r *SecurityCommandResults) SetMultiScanId(multiScanId string) *SecurityCommandResults
func (*SecurityCommandResults) SetSecretValidation ¶ added in v1.12.4
func (r *SecurityCommandResults) SetSecretValidation(secretValidation bool) *SecurityCommandResults
func (*SecurityCommandResults) SetStartTime ¶ added in v1.13.2
func (r *SecurityCommandResults) SetStartTime(startTime time.Time) *SecurityCommandResults
func (*SecurityCommandResults) SetXrayVersion ¶ added in v1.12.4
func (r *SecurityCommandResults) SetXrayVersion(xrayVersion string) *SecurityCommandResults
func (*SecurityCommandResults) SetXscVersion ¶ added in v1.13.2
func (r *SecurityCommandResults) SetXscVersion(xscVersion string) *SecurityCommandResults
type TargetResults ¶
type TargetResults struct { ScanTarget // All scan results for the target ScaResults *ScaScanResults `json:"sca_scans,omitempty"` JasResults *JasScansResults `json:"jas_scans,omitempty"` // Errors that occurred during the scans Errors []error `json:"errors,omitempty"` // contains filtered or unexported fields }
func (*TargetResults) AddTargetError ¶ added in v1.12.4
func (sr *TargetResults) AddTargetError(err error, allowSkippingError bool) error
func (*TargetResults) GetErrors ¶
func (sr *TargetResults) GetErrors() (err error)
func (*TargetResults) GetJasScansResults ¶
func (sr *TargetResults) GetJasScansResults(scanType jasutils.JasScanType) (results []*sarif.Run)
func (*TargetResults) GetScaScansXrayResults ¶
func (sr *TargetResults) GetScaScansXrayResults() (results []services.ScanResponse)
func (*TargetResults) GetScanIds ¶
func (sr *TargetResults) GetScanIds() []string
func (*TargetResults) GetTechnologies ¶
func (sr *TargetResults) GetTechnologies() []techutils.Technology
func (*TargetResults) GetWatches ¶
func (sr *TargetResults) GetWatches() []string
func (*TargetResults) HasFindings ¶
func (sr *TargetResults) HasFindings() bool
func (*TargetResults) HasInformation ¶
func (sr *TargetResults) HasInformation() bool
func (*TargetResults) NewScaScanResults ¶
func (sr *TargetResults) NewScaScanResults(responses ...services.ScanResponse) *ScaScanResults
func (*TargetResults) SetDescriptors ¶
func (sr *TargetResults) SetDescriptors(descriptors ...string) *TargetResults