vex

package
v0.0.3 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Dec 4, 2024 License: Apache-2.0 Imports: 29 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func Filter

func Filter(ctx context.Context, report *types.Report, opts Options) error

Filter determines whether a detected vulnerability should be filtered out based on the provided VEX document. If the VEX document is passed and the vulnerability is either not affected or fixed according to the VEX statement, the vulnerability is filtered out.

Types

type CSAF

type CSAF struct {
	// contains filtered or unexported fields
}

func (*CSAF) Filter

func (v *CSAF) Filter(result *types.Result, bom *core.BOM)

func (*CSAF) NotAffected

func (v *CSAF) NotAffected(vuln types.DetectedVulnerability, product, subProduct *core.Component) (types.ModifiedFinding, bool)

type Client

type Client struct {
	VEXes []VEX
}

func New

func New(ctx context.Context, report *types.Report, opts Options) (*Client, error)

func (*Client) NotAffected

func (c *Client) NotAffected(vuln types.DetectedVulnerability, product, subComponent *core.Component) (types.ModifiedFinding, bool)

type CycloneDX

type CycloneDX struct {
	// contains filtered or unexported fields
}

func (*CycloneDX) NotAffected

func (v *CycloneDX) NotAffected(vuln types.DetectedVulnerability, product, _ *core.Component) (types.ModifiedFinding, bool)

type NotAffected

type NotAffected func(vuln types.DetectedVulnerability, product, subComponent *core.Component) (types.ModifiedFinding, bool)

type OCI

type OCI struct{}

type OpenVEX

type OpenVEX struct {
	// contains filtered or unexported fields
}

func NewOCI

func NewOCI(report *types.Report) (*OpenVEX, error)

func RetrieveVEXAttestation

func RetrieveVEXAttestation(p *purl.PackageURL) (*OpenVEX, error)

func (*OpenVEX) Filter

func (v *OpenVEX) Filter(result *types.Result, bom *core.BOM)

func (*OpenVEX) Matches

func (v *OpenVEX) Matches(vuln types.DetectedVulnerability, product, subComponent *core.Component) []openvex.Statement

func (*OpenVEX) NotAffected

func (v *OpenVEX) NotAffected(vuln types.DetectedVulnerability, product, subComponent *core.Component) (types.ModifiedFinding, bool)

type Options

type Options struct {
	CacheDir string
	Sources  []Source
}

type RepositoryIndex

type RepositoryIndex struct {
	Name string
	URL  string
	repo.Index
}

RepositoryIndex wraps the repository index

type RepositorySet

type RepositorySet struct {
	// contains filtered or unexported fields
}

func NewRepositorySet

func NewRepositorySet(ctx context.Context, cacheDir string) (*RepositorySet, error)

func (*RepositorySet) NotAffected

func (rs *RepositorySet) NotAffected(vuln types.DetectedVulnerability, product, subComponent *core.Component) (types.ModifiedFinding, bool)

func (*RepositorySet) OpenDocument

func (rs *RepositorySet) OpenDocument(source, dir string, entry repo.PackageEntry) (VEX, error)

type Source

type Source struct {
	Type     SourceType
	FilePath string // Used only for the file type
}

func NewSource

func NewSource(src string) Source

type SourceType

type SourceType string
const (
	TypeFile       SourceType = "file"
	TypeRepository SourceType = "repo"
	TypeOCI        SourceType = "oci"
)

type Statement

type Statement struct {
	Affects       []string
	Status        types.FindingStatus
	Justification string
}

type VEX

type VEX interface {
	NotAffected(vuln types.DetectedVulnerability, product, subComponent *core.Component) (types.ModifiedFinding, bool)
}

VEX represents Vulnerability Exploitability eXchange. It abstracts multiple VEX formats. Note: This is in the experimental stage and does not yet support many specifications. The implementation may change significantly.

func NewDocument

func NewDocument(filePath string, report *types.Report) (VEX, error)

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL