pkg

package
v4.13.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Oct 5, 2023 License: Apache-2.0 Imports: 26 Imported by: 7

Documentation

Overview

Package pkg defines fns for running Scorecard checks on a Repo.

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func DetailToString 

func DetailToString(d *checker.CheckDetail, logLevel log.Level) string

DetailToString turns a detail information into a string.

func FormatResults added in v4.2.0 

func FormatResults(
	opts *options.Options,
	results *ScorecardResult,
	doc checks.Doc,
	policy *spol.ScorecardPolicy,
) error

FormatResults formats scorecard results.

Types

type ChangeType added in v4.5.0 

type ChangeType string

ChangeType is the change type (added, updated, removed) of a dependency. 

const (
	// Added suggests the dependency is a newly added one.
	Added ChangeType = "added"
	// Updated suggests the dependency is updated from an old version.
	Updated ChangeType = "updated"
	// Removed suggests the dependency is removed.
	Removed ChangeType = "removed"
)

func (ChangeType) IsValid added in v4.5.0 

func (ct ChangeType) IsValid() bool

IsValid determines if a ChangeType is valid.

type DependencyCheckResult added in v4.5.0 

type DependencyCheckResult struct {
	// ChangeType indicates whether the dependency is added, updated, or removed.
	ChangeType *ChangeType

	// Package URL is a short link for a package.
	PackageURL *string

	// SourceRepository is the source repository URL of the dependency.
	SourceRepository *string

	// ManifestPath is the path of the manifest file of the dependency, such as go.mod for Go.
	ManifestPath *string

	// Ecosystem is the name of the package management system, such as NPM, GO, PYPI.
	Ecosystem *string

	// Version is the package version of the dependency.
	Version *string

	// ScorecardResultWithError is the scorecard checking result of the dependency.
	ScorecardResultWithError ScorecardResultWithError

	// Name is the name of the dependency.
	Name string
}

DependencyCheckResult is the dependency structure used in the returned results.

func (*DependencyCheckResult) AsJSON added in v4.5.0 

func (dr *DependencyCheckResult) AsJSON(writer io.Writer) error

AsJSON for DependencyCheckResult exports the DependencyCheckResult as a JSON object.

type JSONScorecardProbeResult added in v4.11.0 

type JSONScorecardProbeResult struct {
	Date      string            `json:"date"`
	Repo      jsonRepoV2        `json:"repo"`
	Scorecard jsonScorecardV2   `json:"scorecard"`
	Findings  []finding.Finding `json:"findings"`
}

JSONScorecardProbeResult exports results as JSON for flat findings without checks.

type JSONScorecardResultV2 added in v4.2.0 

type JSONScorecardResultV2 struct {
	Date           string              `json:"date"`
	Repo           jsonRepoV2          `json:"repo"`
	Scorecard      jsonScorecardV2     `json:"scorecard"`
	AggregateScore jsonFloatScore      `json:"score"`
	Checks         []jsonCheckResultV2 `json:"checks"`
	Metadata       []string            `json:"metadata"`
}

JSONScorecardResultV2 exports results as JSON for new detail format.

type RepoInfo 

type RepoInfo struct {
	Name      string
	CommitSHA string
}

RepoInfo contains information about the repo that was analyzed.

type ScorecardInfo 

type ScorecardInfo struct {
	Version   string
	CommitSHA string
}

ScorecardInfo contains information about the scorecard code that was run.

type ScorecardResult 

type ScorecardResult struct {
	Repo       RepoInfo
	Date       time.Time
	Scorecard  ScorecardInfo
	Checks     []checker.CheckResult
	RawResults checker.RawResults
	Findings   []finding.Finding
	Metadata   []string
}

ScorecardResult struct is returned on a successful Scorecard run. nolint

func ExperimentalFromJSON2 added in v4.13.0 

func ExperimentalFromJSON2(r io.Reader) (result ScorecardResult, score float64, err error)

ExperimentalFromJSON2 is experimental. Do not depend on it, it may be removed at any point. Also returns the aggregate score, as the ScorecardResult field does not contain it.

func RunScorecard added in v4.9.0 

func RunScorecard(ctx context.Context,
	repo clients.Repo,
	commitSHA string,
	commitDepth int,
	checksToRun checker.CheckNameToFnMap,
	repoClient clients.RepoClient,
	ossFuzzRepoClient clients.RepoClient,
	ciiClient clients.CIIBestPracticesClient,
	vulnsClient clients.VulnerabilitiesClient,
) (ScorecardResult, error)

RunScorecard runs enabled Scorecard checks on a Repo.

func (*ScorecardResult) AsFJSON added in v4.11.0 

func (r *ScorecardResult) AsFJSON(showDetails bool,
	logLevel log.Level, checkDocs docs.Doc, writer io.Writer,
) error

func (*ScorecardResult) AsJSON 

func (r *ScorecardResult) AsJSON(showDetails bool, logLevel log.Level, writer io.Writer) error

AsJSON exports results as JSON for new detail format.

func (*ScorecardResult) AsJSON2 

func (r *ScorecardResult) AsJSON2(showDetails bool,
	logLevel log.Level, checkDocs docs.Doc, writer io.Writer,
) error

AsJSON2 exports results as JSON for new detail format.

func (*ScorecardResult) AsPJSON added in v4.11.0 

func (r *ScorecardResult) AsPJSON(writer io.Writer) error

func (*ScorecardResult) AsRawJSON 

func (r *ScorecardResult) AsRawJSON(writer io.Writer) error

AsRawJSON exports results as JSON for raw results.

func (*ScorecardResult) AsSARIF 

func (r *ScorecardResult) AsSARIF(showDetails bool, logLevel log.Level,
	writer io.Writer, checkDocs docs.Doc, policy *spol.ScorecardPolicy,
	opts *options.Options,
) error

AsSARIF outputs ScorecardResult in SARIF 2.1.0 format.

func (*ScorecardResult) AsString 

func (r *ScorecardResult) AsString(showDetails bool, logLevel log.Level,
	checkDocs checks.Doc, writer io.Writer,
) error

AsString returns ScorecardResult in string format.

func (*ScorecardResult) GetAggregateScore 

func (r *ScorecardResult) GetAggregateScore(checkDocs checks.Doc) (float64, error)

GetAggregateScore returns the aggregate score.

type ScorecardResultWithError added in v4.5.0 

type ScorecardResultWithError struct {
	// ScorecardResult is the scorecard result for the dependency repo.
	ScorecardResult *ScorecardResult

	// Error is an error returned when running the scorecard checks. A nil Error indicates the run succeeded.
	Error error
}

ScorecardResultWithError is used for the dependency-diff module to record the scorecard result and a error field to record potential errors when the Scorecard run fails.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.