Documentation
¶
Index ¶
- Constants
- func Filter(ctx context.Context, report types.Report, opts FilterOptions) error
- func FilterResult(ctx context.Context, result *types.Result, ignoreConf IgnoreConfig, ...) error
- type FilterOptions
- type IgnoreConfig
- func (c *IgnoreConfig) MatchLicense(licenseID, filePath string) *IgnoreFinding
- func (c *IgnoreConfig) MatchMisconfiguration(misconfID, avdID, filePath string) *IgnoreFinding
- func (c *IgnoreConfig) MatchSecret(secretID, filePath string) *IgnoreFinding
- func (c *IgnoreConfig) MatchVulnerability(vulnID, filePath, pkgPath string, pkg *packageurl.PackageURL) *IgnoreFinding
- type IgnoreFinding
- type IgnoreFindings
Constants ¶
View Source
const (
// DefaultIgnoreFile is the file name to be evaluated
DefaultIgnoreFile = ".tunnelignore"
)
Variables ¶
This section is empty.
Functions ¶
func FilterResult ¶
func FilterResult(ctx context.Context, result *types.Result, ignoreConf IgnoreConfig, opt FilterOptions) error
FilterResult filters out the result
Types ¶
type FilterOptions ¶
type IgnoreConfig ¶
type IgnoreConfig struct {
FilePath string
Vulnerabilities IgnoreFindings `yaml:"vulnerabilities"`
Misconfigurations IgnoreFindings `yaml:"misconfigurations"`
Secrets IgnoreFindings `yaml:"secrets"`
Licenses IgnoreFindings `yaml:"licenses"`
}
IgnoreConfig represents the structure of .tunnelignore.yaml.
func ParseIgnoreFile ¶
func ParseIgnoreFile(ctx context.Context, ignoreFile string) (IgnoreConfig, error)
func (*IgnoreConfig) MatchLicense ¶
func (c *IgnoreConfig) MatchLicense(licenseID, filePath string) *IgnoreFinding
func (*IgnoreConfig) MatchMisconfiguration ¶
func (c *IgnoreConfig) MatchMisconfiguration(misconfID, avdID, filePath string) *IgnoreFinding
func (*IgnoreConfig) MatchSecret ¶
func (c *IgnoreConfig) MatchSecret(secretID, filePath string) *IgnoreFinding
func (*IgnoreConfig) MatchVulnerability ¶
func (c *IgnoreConfig) MatchVulnerability(vulnID, filePath, pkgPath string, pkg *packageurl.PackageURL) *IgnoreFinding
type IgnoreFinding ¶
type IgnoreFinding struct {
// ID is the identifier of the vulnerability, misconfiguration, secret, or license.
// e.g. CVE-2019-8331, AVD-AWS-0175, etc.
// required: true
ID string `yaml:"id"`
// Paths is the list of file paths to ignore.
// If Paths is not set, the ignore finding is applied to all files.
// required: false
Paths []string `yaml:"paths"`
// PURLs is the list of packages to ignore.
// If PURLs is not set, the ignore finding is applied to packages.
// The field is currently available only for vulnerabilities.
// required: false
PURLs []*purl.PackageURL `yaml:"-"` // Filled in UnmarshalYAML
// ExpiredAt is the expiration date of the ignore finding.
// If ExpiredAt is not set, the ignore finding is always valid.
// required: false
ExpiredAt time.Time `yaml:"expired_at"`
// Statement describes the reason for ignoring the finding.
// required: false
Statement string `yaml:"statement"`
}
IgnoreFinding represents an item to be ignored.
func (*IgnoreFinding) UnmarshalYAML ¶
func (i *IgnoreFinding) UnmarshalYAML(value *yaml.Node) error
UnmarshalYAML is a custom unmarshaler for IgnoreFinding that handles the conversion of PURLs from strings to purl.PackageURL objects.
type IgnoreFindings ¶
type IgnoreFindings []IgnoreFinding
func (*IgnoreFindings) Match ¶
func (f *IgnoreFindings) Match(id, path string, pkg *packageurl.PackageURL) *IgnoreFinding
func (*IgnoreFindings) Prune ¶
func (f *IgnoreFindings) Prune(ctx context.Context)
Source Files
Click to show internal directories.
Click to hide internal directories.