analyse

package

v0.0.0-...-77fb227 Latest Latest Go to latest Published: Jul 3, 2023 License: Apache-2.0 Imports: 24 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/rhecosystemappeng/crda-cli

Links

Open Source Insights

Documentation ¶

Index ¶

Variables
func GetStackReport(ctx context.Context, manifest *Manifest, manifestPath string, ...) error
func IsSupportedManifestPath(filePath string) error
type JavaMavenTreeProvider
- func (a *JavaMavenTreeProvider) Provide(ctx context.Context, manifestPath string) ([]byte, string, error)
type Manifest
- func GetManifest(fileName string) (*Manifest, error)
type PomDependencies
type PomDependency
type PomProject
type TreeProvider

Constants ¶

This section is empty.

Variables ¶

View Source

var (
	JavaMaven = Manifest{"pom.xml", "maven", &JavaMavenTreeProvider{}}
	PythonPip = Manifest{"requirements.txt", "maven", nil}
	NodeJS    = Manifest{"package.json", "npm", nil}
	GoModule  = Manifest{"go.mod", "go", nil}
)

View Source

var SupportedManifests = []Manifest{JavaMaven, PythonPip, NodeJS, GoModule}

View Source

var SupportedManifestsFilenames []string

Functions ¶

func GetStackReport ¶

func GetStackReport(
	ctx context.Context,
	manifest *Manifest,
	manifestPath string,
	tokens map[backend.HeaderTokenKeyType]string,
	jsonOut, verboseOut bool,
) error

GetStackReport is used for requesting a stack analysis from the backend server It will print a human-readable report summary to the standard output Use jsonOut=true to print the summary as a machine-readable json object Use verbose=true to include private vulnerabilities in the report

func IsSupportedManifestPath ¶

func IsSupportedManifestPath(filePath string) error

IsSupportedManifestPath is used to load a manifest file from the OS and verify we can support it

Types ¶

type JavaMavenTreeProvider ¶

type JavaMavenTreeProvider struct{}

func (*JavaMavenTreeProvider) Provide ¶

func (a *JavaMavenTreeProvider) Provide(ctx context.Context, manifestPath string) ([]byte, string, error)

Provide of the JavaMavenTreeProvider type implementing TreeProvider will load the pom.xml manifest file, and create a dot graph dependency tree as the for the request content with the "text/vnd.graphviz" content type will ignore dependencies marked with a "crdaignore" comment

type Manifest ¶

type Manifest struct {
	Filename, Ecosystem string
	TreeProvider
}

Manifest is used as a type for binding a file and ecosystem names with a tree provider

func GetManifest ¶

func GetManifest(fileName string) (*Manifest, error)

GetManifest returns the Manifest type for a string returns error then used with an unknown manifest file

type PomDependencies ¶

type PomDependencies struct {
	Dependency []PomDependency `xml:"dependency"`
}

type PomDependency ¶

type PomDependency struct {
	Comment    string `xml:",comment"`
	GroupId    string `xml:"groupId"`
	ArtifactId string `xml:"artifactId"`
	Version    string `xml:"version,omitempty"`
}

type PomProject ¶

type PomProject struct {
	Dependencies PomDependencies `xml:"dependencies"`
}

type TreeProvider ¶

type TreeProvider interface {
	// Provide is used for providing a dependency tree that will be used as the backend request body content
	// it is also in charge of providing the body content type
	// should return an error if failed to create the dependency tree
	Provide(ctx context.Context, manifestPath string) ([]byte, string, error)
}

TreeProvider is used to contract dependency trees providers i.e. Java-Maven, Node-JS

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL