Documentation
¶
Index ¶
- Constants
- func ReadAssessments(assessmentFile io.ReadCloser) (*[]Assessment, error)
- type Artifact
- type ArtifactLocation
- type Assessment
- type AssessmentAnalysis
- type AssessmentStatus
- type AutomationDetails
- type CodeFlow
- type ContextRegion
- type Conversion
- type DefaultConfiguration
- type DefaultProperties
- type Descriptor
- type Driver
- type Help
- type Invocation
- type InvocationProperties
- type Location
- type Locations
- type LogicalLocation
- type Message
- type OriginalUriBaseIds
- type ParseError
- type PartialFingerprints
- type PhysicalLocation
- type Purl
- type Region
- type RelatedLocation
- type RelatedPhysicalLocation
- type RelatedRegion
- type Relationships
- type Results
- type Runs
- type SARIF
- type SarifLocation
- type SarifProperties
- type SarifRule
- type SarifRuleProperties
- type SnippetSarif
- type SrcRoot
- type SupportedTaxonomies
- type Target
- type Taxa
- type Taxonomies
- type ThreadFlow
- type Tool
- type ToolComponent
- type ToolExecutionNotifications
Constants ¶
View Source
const AUDIT_REQUIREMENT_GROUP_1_DESC = "Audit All"
View Source
const AUDIT_REQUIREMENT_GROUP_1_INDEX = 1
View Source
const AUDIT_REQUIREMENT_GROUP_2_DESC = "Spot Check"
View Source
const AUDIT_REQUIREMENT_GROUP_2_INDEX = 2
View Source
const AUDIT_REQUIREMENT_GROUP_3_DESC = "Optional"
View Source
const AUDIT_REQUIREMENT_GROUP_3_INDEX = 3
Variables ¶
This section is empty.
Functions ¶
func ReadAssessments ¶
func ReadAssessments(assessmentFile io.ReadCloser) (*[]Assessment, error)
ReadAssessment loads the assessments and returns their contents
Types ¶
type Artifact ¶
type Artifact struct {
Location SarifLocation `json:"location"`
Length int `json:"length,omitempty"`
MimeType string `json:"mimeType,omitempty"`
Encoding string `json:"encoding,omitempty"`
}
Artifact These structs are relevant to the artifacts object
type ArtifactLocation ¶
type ArtifactLocation struct {
URI string `json:"uri"`
URIBaseId string `json:"uriBaseId,omitempty"`
Index int `json:"index,omitempty"`
}
ArtifactLocation describing the path of the artifact
type Assessment ¶
type Assessment struct {
Vulnerability string `json:"vulnerability"`
Status AssessmentStatus `json:"status"`
Analysis AssessmentAnalysis `json:"analysis"`
Purls []Purl `json:"purls"`
}
func (Assessment) ToImpactAnalysisResponse ¶
func (a Assessment) ToImpactAnalysisResponse() *[]cdx.ImpactAnalysisResponse
func (Assessment) ToImpactAnalysisState ¶
func (a Assessment) ToImpactAnalysisState() cdx.ImpactAnalysisState
func (Assessment) ToImpactJustification ¶
func (a Assessment) ToImpactJustification() cdx.ImpactAnalysisJustification
type AssessmentAnalysis ¶
type AssessmentAnalysis string
const ( WaitingForFix AssessmentAnalysis = "waitingForFix" //"Waiting for OSS community fix" RiskAccepted AssessmentAnalysis = "riskAccepted" //"Risk Accepted" NotPresent AssessmentAnalysis = "notPresent" //"Affected parts of the OSS library are not present" NotUsed AssessmentAnalysis = "notUsed" //"Affected parts of the OSS library are not used" AssessmentPropagation AssessmentAnalysis = "assessmentPropagation" //"Assessment Propagation" FixedByDevTeam AssessmentAnalysis = "fixedByDevTeam" //"OSS Component fixed by development team" Mitigated AssessmentAnalysis = "mitigated" //"Mitigated by the Application" WronglyReported AssessmentAnalysis = "wronglyReported" //"Wrongly reported CVE" )
type AssessmentStatus ¶
type AssessmentStatus string
const ( //NotAssessed AssessmentStatus = "notAssessed" //"Not Assessed" Relevant AssessmentStatus = "relevant" //"Relevant (True Positive)" NotRelevant AssessmentStatus = "notRelevant" //"Not Relevant (False Positive)" InProcess AssessmentStatus = "inProcess" //"In Process" )
type AutomationDetails ¶
type AutomationDetails struct {
Id string `json:"id"`
}
AutomationDetails These structs are relevant to the automationDetails object
type ContextRegion ¶
type ContextRegion struct {
StartLine int `json:"startLine,omitempty"`
EndLine int `json:"endLine,omitempty"`
Snippet *SnippetSarif `json:"snippet,omitempty"`
}
ContextRegion provides the context for the finding
type Conversion ¶
type Conversion struct {
Tool Tool `json:"tool,omitempty"`
Invocation Invocation `json:"invocation,omitempty"`
}
Conversion object
type DefaultConfiguration ¶
type DefaultConfiguration struct {
Properties DefaultProperties `json:"properties,omitempty"`
Level string `json:"level,omitempty"` //This exists in the template, but not sure how it is populated. TODO.
Enabled bool `json:"enabled,omitempty"`
Rank float64 `json:"rank,omitempty"`
}
DefaultConfiguration
type DefaultProperties ¶
type DefaultProperties struct {
DefaultSeverity string `json:"defaultSeverity,omitempty"`
}
DefaultProperties
type Driver ¶
type Driver struct {
Name string `json:"name"`
Version string `json:"version,omitempty"`
GUID string `json:"guid,omitempty"`
InformationUri string `json:"informationUri,omitempty"`
Rules []SarifRule `json:"rules,omitempty"`
SupportedTaxonomies []SupportedTaxonomies `json:"supportedTaxonomies,omitempty"`
}
Driver meta information for the scan and tool context
type Help ¶
type Help struct {
Text string `json:"text,omitempty"`
Markdown string `json:"markdown,omitempty"`
}
Help provides additional guidance to resolve the finding
type Invocation ¶
type Invocation struct {
CommandLine string `json:"commandLine,omitempty"`
StartTimeUtc string `json:"startTimeUtc,omitempty"`
ToolExecutionNotifications []ToolExecutionNotifications `json:"toolExecutionNotifications,omitempty"`
ExecutionSuccessful bool `json:"executionSuccessful"`
Machine string `json:"machine,omitempty"`
Account string `json:"account,omitempty"`
Properties *InvocationProperties `json:"properties,omitempty"`
}
Invocation These structs are relevant to the Invocation object
type InvocationProperties ¶
type InvocationProperties struct {
Platform string `json:"platform"`
}
InvocationProperties
type Location ¶
type Location struct {
PhysicalLocation PhysicalLocation `json:"physicalLocation"`
Message *Message `json:"message,omitempty"`
}
Location of the finding
type Locations ¶
type Locations struct {
Location *Location `json:"location,omitempty"`
Kinds []string `json:"kinds,omitempty"`
Index int `json:"index,omitempty"`
}
Locations
type LogicalLocation ¶
type LogicalLocation struct {
FullyQualifiedName string `json:"fullyQualifiedName"`
}
LogicalLocation of the finding
type Message ¶
type Message struct {
Text string `json:"text,omitempty"`
}
Message to detail the finding
type OriginalUriBaseIds ¶
type OriginalUriBaseIds struct {
SrcRoot SrcRoot `json:"%SRCROOT%"`
}
OriginalUriBaseIds These structs are relevant to the originalUriBaseIds object
type ParseError ¶
type ParseError struct {
// contains filtered or unexported fields
}
ParseError defines an error type for assessment file parsing errors
func NewParseError ¶
func NewParseError(message string) *ParseError
NewParseError creates a new ParseError
func (*ParseError) Error ¶
func (e *ParseError) Error() string
Error returns the message of the ParseError
type PartialFingerprints ¶
type PartialFingerprints struct {
FortifyInstanceID string `json:"fortifyInstanceID,omitempty"`
CheckmarxSimilarityID string `json:"checkmarxSimilarityID,omitempty"`
PrimaryLocationLineHash string `json:"primaryLocationLineHash,omitempty"`
PackageURLPlusCVEHash string `json:"packageUrlPlusCveHash,omitempty"`
}
PartialFingerprints
type PhysicalLocation ¶
type PhysicalLocation struct {
ArtifactLocation ArtifactLocation `json:"artifactLocation"`
Region Region `json:"region"`
ContextRegion *ContextRegion `json:"contextRegion,omitempty"`
LogicalLocations []LogicalLocation `json:"logicalLocations,omitempty"`
}
PhysicalLocation
type Region ¶
type Region struct {
StartLine int `json:"startLine,omitempty"`
StartColumn int `json:"startColumn,omitempty"`
EndLine int `json:"endLine,omitempty"`
EndColumn int `json:"endColumn,omitempty"`
ByteOffset int `json:"byteOffset,omitempty"`
ByteLength int `json:"byteLength,omitempty"`
Snippet *SnippetSarif `json:"snippet,omitempty"`
}
Region where the finding was detected
type RelatedLocation ¶
type RelatedLocation struct {
ID int `json:"id"`
PhysicalLocation RelatedPhysicalLocation `json:"physicalLocation"`
}
RelatedLocation
type RelatedPhysicalLocation ¶
type RelatedPhysicalLocation struct {
ArtifactLocation ArtifactLocation `json:"artifactLocation"`
Region RelatedRegion `json:"region"`
}
RelatedPhysicalLocation
type RelatedRegion ¶
type RelatedRegion struct {
StartLine int `json:"startLine,omitempty"`
StartColumn int `json:"startColumn,omitempty"`
}
RelatedRegion
type Relationships ¶
Relationships
type Results ¶
type Results struct {
RuleID string `json:"ruleId"`
RuleIndex int `json:"ruleIndex,omitempty"`
Kind string `json:"kind,omitempty"`
Level string `json:"level,omitempty"`
Message *Message `json:"message,omitempty"`
AnalysisTarget *ArtifactLocation `json:"analysisTarget,omitempty"`
Locations []Location `json:"locations,omitempty"`
CodeFlows []CodeFlow `json:"codeFlows,omitempty"`
RelatedLocations []RelatedLocation `json:"relatedLocations,omitempty"`
PartialFingerprints PartialFingerprints `json:"partialFingerprints,omitempty"`
Properties *SarifProperties `json:"properties,omitempty"`
}
Results these structs are relevant to the Results object
type Runs ¶
type Runs struct {
Results []Results `json:"results"`
Tool Tool `json:"tool"`
Invocations []Invocation `json:"invocations,omitempty"`
OriginalUriBaseIds *OriginalUriBaseIds `json:"originalUriBaseIds,omitempty"`
Artifacts []Artifact `json:"artifacts,omitempty"`
AutomationDetails *AutomationDetails `json:"automationDetails,omitempty"`
ColumnKind string `json:"columnKind,omitempty" default:"utf16CodeUnits"`
ThreadFlowLocations []Locations `json:"threadFlowLocations,omitempty"`
Taxonomies []Taxonomies `json:"taxonomies,omitempty"`
Conversion *Conversion `json:"conversion,omitempty"`
}
Runs of a Tool and related Results
type SARIF ¶
type SARIF struct {
Schema string `json:"$schema" default:"https://docs.oasis-open.org/sarif/sarif/v2.1.0/cos02/schemas/sarif-schema-2.1.0.json"`
Version string `json:"version" default:"2.1.0"`
Runs []Runs `json:"runs"`
}
SARIF format related JSON structs
type SarifLocation ¶
SarifLocation
type SarifProperties ¶
type SarifProperties struct {
// common
RuleGUID string `json:"ruleGUID,omitempty"`
InstanceID string `json:"instanceID,omitempty"`
Audited bool `json:"audited"`
ToolSeverity string `json:"toolSeverity"`
ToolSeverityIndex int `json:"toolSeverityIndex"`
ToolState string `json:"toolState"`
ToolStateIndex int `json:"toolStateIndex"`
ToolAuditMessage string `json:"toolAuditMessage"`
UnifiedAuditState string `json:"unifiedAuditState,omitempty"`
UnifiedSeverity string `json:"unifiedSeverity,omitempty"`
UnifiedCriticality float32 `json:"unifiedCriticality,omitempty"`
UnifiedAuditUser string `json:"unifiedAuditUser,omitempty"`
AuditRequirement string `json:"auditRequirement"`
AuditRequirementIndex int `json:"auditRequirementIndex"`
// specific
InstanceSeverity string `json:"instanceSeverity"`
Confidence string `json:"confidence"`
FortifyCategory string `json:"fortifyCategory"`
CheckmarxSimilarityID string `json:"checkmarxSimilarityID"`
}
SarifProperties adding additional information/context to the finding
type SarifRule ¶
type SarifRule struct {
ID string `json:"id"`
GUID string `json:"guid,omitempty"`
Name string `json:"name,omitempty"`
ShortDescription *Message `json:"shortDescription,omitempty"`
FullDescription *Message `json:"fullDescription,omitempty"`
DefaultConfiguration *DefaultConfiguration `json:"defaultConfiguration,omitempty"`
HelpURI string `json:"helpUri,omitempty"`
Help *Help `json:"help,omitempty"`
Relationships []Relationships `json:"relationships,omitempty"`
Properties *SarifRuleProperties `json:"properties,omitempty"`
}
SarifRule related rule use to identify the finding
type SarifRuleProperties ¶
type SarifRuleProperties struct {
Accuracy string `json:"accuracy,omitempty"`
Impact string `json:"impact,omitempty"`
Probability string `json:"probability,omitempty"`
Tags []string `json:"tags,omitempty"`
Precision string `json:"precision,omitempty"`
SecuritySeverity string `json:"security-severity,omitempty"` //used by GHAS to defined the tag (low,medium,high)
}
SarifRuleProperties
type SnippetSarif ¶
type SnippetSarif struct {
Text string `json:"text"`
}
SnippetSarif holds the code snippet where the finding appears
type SupportedTaxonomies ¶
type SupportedTaxonomies struct {
Name string `json:"name"`
Index int `json:"index"`
Guid string `json:"guid"`
}
SupportedTaxonomies
type Target ¶
type Target struct {
Id string `json:"id"`
ToolComponent ToolComponent `json:"toolComponent"`
}
Target
type Taxonomies ¶
type Taxonomies struct {
GUID string `json:"guid,omitempty"`
Name string `json:"name"`
Organization string `json:"organization"`
ShortDescription Message `json:"shortDescription"`
Taxa []Taxa `json:"taxa"`
}
Taxonomies These structs are relevant to the taxonomies object
type Tool ¶
type Tool struct {
Driver Driver `json:"driver"`
Extensions []Driver `json:"extensions,omitempty"`
}
Tool these structs are relevant to the Tool object
type ToolComponent ¶
ToolComponent
type ToolExecutionNotifications ¶
type ToolExecutionNotifications struct {
Message Message `json:"message"`
Descriptor Descriptor `json:"descriptor"`
}
ToolExecutionNotifications
Source Files
Click to show internal directories.
Click to hide internal directories.