Documentation
¶
Overview ¶
Package npmfullaudit provides types and functions for working with audit reports from npm's "Full Audit" endpoint (/-/npm/v1/security/audits) and transforming them into data structures understood by the Dracon enricher. These reports are JSON objects consisting primarily of "advisories" (a list (of vulnerabilities known to affect the packages in the dependency tree) and "actions" (a list of steps that can be taken to remediate those vulnerabilities).
Index ¶
Constants ¶
const PrintableType = "npm Full Audit report"
PrintableType is helper info to be printed as the end result.
Variables ¶
This section is empty.
Functions ¶
Types ¶
type Advisory ¶
type Advisory struct {
Title string `json:"title"`
ModuleName string `json:"module_name"`
VulnerableVersions string `json:"vulnerable_versions"`
Overview string `json:"overview"`
Recommendation string `json:"recommendation"`
References string `json:"references"`
Severity string `json:"severity"`
CWE string `json:"cwe"`
URL string `json:"url"`
}
Advisory represents a subset of information from an advisory in the "advisories" section of an npm Full Audit report.
type Report ¶
type Report struct {
PackagePath string `json:"-"`
Advisories map[int]Advisory `json:"advisories"`
}
Report represents an npm Full Audit report. The key for Advisories represents an npm advisory ID (i.e. https://npmjs.com/advisories/{int}).
func (*Report) SetPackagePath ¶
SetPackagePath registers the path of the npm package for the findings list.
Source Files