pkg

package
v4.12.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Aug 4, 2023 License: Apache-2.0 Imports: 26 Imported by: 7

Documentation

Overview

Package pkg defines fns for running Scorecard checks on a Repo.

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func DetailToString 

func DetailToString(d *checker.CheckDetail, logLevel log.Level) string

DetailToString turns a detail information into a string.

func FormatResults added in v4.2.0 

func FormatResults(
	opts *options.Options,
	results *ScorecardResult,
	doc checks.Doc,
	policy *spol.ScorecardPolicy,
) error

FormatResults formats scorecard results.

Types

type ChangeType added in v4.5.0 

type ChangeType string

ChangeType is the change type (added, updated, removed) of a dependency. 

const (
	// Added suggests the dependency is a newly added one.
	Added ChangeType = "added"
	// Updated suggests the dependency is updated from an old version.
	Updated ChangeType = "updated"
	// Removed suggests the dependency is removed.
	Removed ChangeType = "removed"
)

func (ChangeType) IsValid added in v4.5.0 

func (ct ChangeType) IsValid() bool

IsValid determines if a ChangeType is valid.

type DependencyCheckResult added in v4.5.0 

type DependencyCheckResult struct {
	// ChangeType indicates whether the dependency is added, updated, or removed.
	ChangeType *ChangeType

	// Package URL is a short link for a package.
	PackageURL *string

	// SourceRepository is the source repository URL of the dependency.
	SourceRepository *string

	// ManifestPath is the path of the manifest file of the dependency, such as go.mod for Go.
	ManifestPath *string

	// Ecosystem is the name of the package management system, such as NPM, GO, PYPI.
	Ecosystem *string

	// Version is the package version of the dependency.
	Version *string

	// ScorecardResultWithError is the scorecard checking result of the dependency.
	ScorecardResultWithError ScorecardResultWithError

	// Name is the name of the dependency.
	Name string
}

DependencyCheckResult is the dependency structure used in the returned results.

func (*DependencyCheckResult) AsJSON added in v4.5.0 

func (dr *DependencyCheckResult) AsJSON(writer io.Writer) error

AsJSON for DependencyCheckResult exports the DependencyCheckResult as a JSON object.

type JSONScorecardProbeResult added in v4.11.0 

type JSONScorecardProbeResult struct {
	Date      string            `json:"date"`
	Repo      jsonRepoV2        `json:"repo"`
	Scorecard jsonScorecardV2   `json:"scorecard"`
	Findings  []finding.Finding `json:"findings"`
}

JSONScorecardProbeResult exports results as JSON for flat findings without checks.

type JSONScorecardResultV2 added in v4.2.0 

type JSONScorecardResultV2 struct {
	Date           string              `json:"date"`
	Repo           jsonRepoV2          `json:"repo"`
	Scorecard      jsonScorecardV2     `json:"scorecard"`
	AggregateScore jsonFloatScore      `json:"score"`
	Checks         []jsonCheckResultV2 `json:"checks"`
	Metadata       []string            `json:"metadata"`
}

JSONScorecardResultV2 exports results as JSON for new detail format.

type RepoInfo 

type RepoInfo struct {
	Name      string
	CommitSHA string
}

RepoInfo contains information about the repo that was analyzed.

type ScorecardInfo 

type ScorecardInfo struct {
	Version   string
	CommitSHA string
}

ScorecardInfo contains information about the scorecard code that was run.

type ScorecardResult 

type ScorecardResult struct {
	Repo       RepoInfo
	Date       time.Time
	Scorecard  ScorecardInfo
	Checks     []checker.CheckResult
	RawResults checker.RawResults
	Findings   []finding.Finding
	Metadata   []string
}

ScorecardResult struct is returned on a successful Scorecard run. nolint

func RunScorecard added in v4.9.0 

func RunScorecard(ctx context.Context,
	repo clients.Repo,
	commitSHA string,
	commitDepth int,
	checksToRun checker.CheckNameToFnMap,
	repoClient clients.RepoClient,
	ossFuzzRepoClient clients.RepoClient,
	ciiClient clients.CIIBestPracticesClient,
	vulnsClient clients.VulnerabilitiesClient,
) (ScorecardResult, error)

RunScorecard runs enabled Scorecard checks on a Repo.

func (*ScorecardResult) AsFJSON added in v4.11.0 

func (r *ScorecardResult) AsFJSON(showDetails bool,
	logLevel log.Level, checkDocs docs.Doc, writer io.Writer,
) error

func (*ScorecardResult) AsJSON 

func (r *ScorecardResult) AsJSON(showDetails bool, logLevel log.Level, writer io.Writer) error

AsJSON exports results as JSON for new detail format.

func (*ScorecardResult) AsJSON2 

func (r *ScorecardResult) AsJSON2(showDetails bool,
	logLevel log.Level, checkDocs docs.Doc, writer io.Writer,
) error

AsJSON2 exports results as JSON for new detail format.

func (*ScorecardResult) AsPJSON added in v4.11.0 

func (r *ScorecardResult) AsPJSON(writer io.Writer) error

func (*ScorecardResult) AsRawJSON 

func (r *ScorecardResult) AsRawJSON(writer io.Writer) error

AsRawJSON exports results as JSON for raw results.

func (*ScorecardResult) AsSARIF 

func (r *ScorecardResult) AsSARIF(showDetails bool, logLevel log.Level,
	writer io.Writer, checkDocs docs.Doc, policy *spol.ScorecardPolicy,
	opts *options.Options,
) error

AsSARIF outputs ScorecardResult in SARIF 2.1.0 format.

func (*ScorecardResult) AsString 

func (r *ScorecardResult) AsString(showDetails bool, logLevel log.Level,
	checkDocs checks.Doc, writer io.Writer,
) error

AsString returns ScorecardResult in string format.

func (*ScorecardResult) GetAggregateScore 

func (r *ScorecardResult) GetAggregateScore(checkDocs checks.Doc) (float64, error)

GetAggregateScore returns the aggregate score.

type ScorecardResultWithError added in v4.5.0 

type ScorecardResultWithError struct {
	// ScorecardResult is the scorecard result for the dependency repo.
	ScorecardResult *ScorecardResult

	// Error is an error returned when running the scorecard checks. A nil Error indicates the run succeeded.
	Error error
}

ScorecardResultWithError is used for the dependency-diff module to record the scorecard result and a error field to record potential errors when the Scorecard run fails.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.