README
¶
Vulnerability Scanning Package
This package provides comprehensive vulnerability scanning capabilities for Go applications. It supports many scanning backends and vulnerability databases.
Usage
import "github.com/neticdk/go-common/pkg/vulnscan"
// Create a new scanner
scanner := vulnscan.NewScanner(vulnscan.Options{
// Configure scanner options
})
// Perform a scan
results, err := scanner.Scan(context.Background())
if err != nil {
// Handle error
}
// Process results
for _, vuln := range results.Vulnerabilities {
fmt.Printf("Found vulnerability: %s (severity: %s)\n", vuln.ID, vuln.Severity)
}
Configuration
A scanner implements the Scanner interface. Specifically, the Scan method
which returns a list of vulnerabilities and an error.
For now, GrypeScanner is the only implementation.
Documentation
¶
Overview ¶
Package vulnscan provides vulnerability scanning capabilities for software projects.
This package implements the Scanner interface to allow using various vulnerability scanning tools and databases, allowing for comprehensive security analysis of software components. It provides a unified interface for vulnerability detection and reporting.
Basic usage:
scanner := vulnscan.NewScanner(vulnscan.Options{
// Configure scanner options
})
// Scan a project
results, err := scanner.Scan(context.Background())
if err != nil {
// Handle error
}
// Process results
for _, vuln := range results.Vulnerabilities {
// Handle each vulnerability
}
The package supports:
- Multiple vulnerability databases
- Various scanning backends
- Detailed vulnerability reporting
Index ¶
Constants ¶
const DefaultDBRootDir = "/tmp/grypedb"
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type GrypeScanner ¶
type GrypeScanner struct {
// contains filtered or unexported fields
}
GrypeScanner is a scanner that uses Grype to find vulnerabilities in a project
func NewGrypeScanner ¶
func NewGrypeScanner(opts *GrypeScannerOptions) *GrypeScanner
NewGrypeScanner creates a new GrypeScanner
func (*GrypeScanner) GrypeScanSBOM ¶ added in v0.2.4
func (s *GrypeScanner) GrypeScanSBOM(ctx context.Context, sbm syftSbom.SBOM) ([]types.Vulnerability, error)
GrypeScanSBOM extracts vulnerabilities from the given SBOM. It loads the Grype vulnerability database, matches the packages in the SBOM against known vulnerabilities, and returns a list of vulnerabilities.
func (*GrypeScanner) Scan ¶
func (s *GrypeScanner) Scan(ctx context.Context) ([]types.Vulnerability, error)
Scan scans the project in the given path and returns a list of vulnerabilities
type GrypeScannerOptions ¶ added in v0.2.4
type GrypeScannerOptions struct {
ManifestPath string // ManifestPath specifies the path to the project manifest
Manifest io.Reader // Manifest is a readable representation of a manifest file
DBRootDir string // DBRootDir specifies the root directory of the Grype database
CleanupDBAfterScan bool // CleanupDBAfterScan specifies whether to clean up the Grype database after the scan
}
GrypeScannerOptions specifies the options for the GrypeScanner
func DefaultGrypeScannerOptions ¶ added in v0.2.4
func DefaultGrypeScannerOptions() *GrypeScannerOptions
DefaultGrypeScannerOptions returns the default GrypeScannerOptions It sets: - DBRootDir to the default Grype database root directory - CleanupDBAfterScan to false
Source Files