pkg

package
v4.0.0 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Jul 5, 2023 License: Apache-2.0 Imports: 26 Imported by: 0

Documentation

Overview

Package pkg defines fns for running Scoremet checks on a Repo.

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func DetailToString

func DetailToString(d *checker.CheckDetail, logLevel log.Level) string

DetailToString turns a detail information into a string.

func FormatResults

func FormatResults(
	opts *options.Options,
	results *ScoremetResult,
	doc checks.Doc,
	policy *spol.ScoremetPolicy,
) error

FormatResults formats scoremet results.

Types

type ChangeType

type ChangeType string

ChangeType is the change type (added, updated, removed) of a dependency.

const (
	// Added suggests the dependency is a newly added one.
	Added ChangeType = "added"
	// Updated suggests the dependency is updated from an old version.
	Updated ChangeType = "updated"
	// Removed suggests the dependency is removed.
	Removed ChangeType = "removed"
)

func (ChangeType) IsValid

func (ct ChangeType) IsValid() bool

IsValid determines if a ChangeType is valid.

type DependencyCheckResult

type DependencyCheckResult struct {
	// ChangeType indicates whether the dependency is added, updated, or removed.
	ChangeType *ChangeType

	// Package URL is a short link for a package.
	PackageURL *string

	// SourceRepository is the source repository URL of the dependency.
	SourceRepository *string

	// ManifestPath is the path of the manifest file of the dependency, such as go.mod for Go.
	ManifestPath *string

	// Ecosystem is the name of the package management system, such as NPM, GO, PYPI.
	Ecosystem *string

	// Version is the package version of the dependency.
	Version *string

	// ScoremetResultWithError is the scoremet checking result of the dependency.
	ScoremetResultWithError ScoremetResultWithError

	// Name is the name of the dependency.
	Name string
}

DependencyCheckResult is the dependency structure used in the returned results.

func (*DependencyCheckResult) AsJSON

func (dr *DependencyCheckResult) AsJSON(writer io.Writer) error

AsJSON for DependencyCheckResult exports the DependencyCheckResult as a JSON object.

type JSONScoremetProbeResult

type JSONScoremetProbeResult struct {
	Date     string            `json:"date"`
	Repo     jsonRepoV2        `json:"repo"`
	Scoremet jsonScoremetV2    `json:"scoremet"`
	Findings []finding.Finding `json:"findings"`
}

JSONScoremetProbeResult exports results as JSON for flat findings without checks.

type JSONScoremetResultV2

type JSONScoremetResultV2 struct {
	Date           string              `json:"date"`
	Repo           jsonRepoV2          `json:"repo"`
	Scoremet       jsonScoremetV2      `json:"scoremet"`
	AggregateScore jsonFloatScore      `json:"score"`
	Checks         []jsonCheckResultV2 `json:"checks"`
	Metadata       []string            `json:"metadata"`
}

JSONScoremetResultV2 exports results as JSON for new detail format.

type RepoInfo

type RepoInfo struct {
	Name      string
	CommitSHA string
}

RepoInfo contains information about the repo that was analyzed.

type ScoremetInfo

type ScoremetInfo struct {
	Version   string
	CommitSHA string
}

ScoremetInfo contains information about the scoremet code that was run.

type ScoremetResult

type ScoremetResult struct {
	Repo       RepoInfo
	Date       time.Time
	Scoremet   ScoremetInfo
	Checks     []checker.CheckResult
	RawResults checker.RawResults
	Findings   []finding.Finding
	Metadata   []string
}

ScoremetResult struct is returned on a successful Scoremet run. nolint

func RunScoremet

func RunScoremet(ctx context.Context,
	repo clients.Repo,
	commitSHA string,
	commitDepth int,
	checksToRun checker.CheckNameToFnMap,
	repoClient clients.RepoClient,
	ossFuzzRepoClient clients.RepoClient,
	ciiClient clients.CIIBestPracticesClient,
	vulnsClient clients.VulnerabilitiesClient,
) (ScoremetResult, error)

RunScoremet runs enabled Scoremet checks on a Repo.

func (*ScoremetResult) AsFJSON

func (r *ScoremetResult) AsFJSON(showDetails bool,
	logLevel log.Level, checkDocs docs.Doc, writer io.Writer,
) error

func (*ScoremetResult) AsJSON

func (r *ScoremetResult) AsJSON(showDetails bool, logLevel log.Level, writer io.Writer) error

AsJSON exports results as JSON for new detail format.

func (*ScoremetResult) AsJSON2

func (r *ScoremetResult) AsJSON2(showDetails bool,
	logLevel log.Level, checkDocs docs.Doc, writer io.Writer,
) error

AsJSON2 exports results as JSON for new detail format.

func (*ScoremetResult) AsPJSON

func (r *ScoremetResult) AsPJSON(writer io.Writer) error

func (*ScoremetResult) AsRawJSON

func (r *ScoremetResult) AsRawJSON(writer io.Writer) error

AsRawJSON exports results as JSON for raw results.

func (*ScoremetResult) AsSARIF

func (r *ScoremetResult) AsSARIF(showDetails bool, logLevel log.Level,
	writer io.Writer, checkDocs docs.Doc, policy *spol.ScoremetPolicy,
	opts *options.Options,
) error

AsSARIF outputs ScoremetResult in SARIF 2.1.0 format.

func (*ScoremetResult) AsString

func (r *ScoremetResult) AsString(showDetails bool, logLevel log.Level,
	checkDocs checks.Doc, writer io.Writer,
) error

AsString returns ScoremetResult in string format.

func (*ScoremetResult) GetAggregateScore

func (r *ScoremetResult) GetAggregateScore(checkDocs checks.Doc) (float64, error)

GetAggregateScore returns the aggregate score.

type ScoremetResultWithError

type ScoremetResultWithError struct {
	// ScoremetResult is the scoremet result for the dependency repo.
	ScoremetResult *ScoremetResult

	// Error is an error returned when running the scoremet checks. A nil Error indicates the run succeeded.
	Error error
}

ScoremetResultWithError is used for the dependency-diff module to record the scoremet result and a error field to record potential errors when the Scoremet run fails.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL