Documentation
¶
Overview ¶
Package trusty provides an evaluator that uses the trusty API
Package trusty provides an evaluator that uses the trusty API ¶
Package trusty provides an evaluator that uses the trusty API ¶
Package trusty provides an evaluator that uses the trusty API
Index ¶
Constants ¶
const (
// TrustyEvalType is the type of the trusty evaluator
TrustyEvalType = "trusty"
)
Variables ¶
var ( // SummaryScore is the score to use for the summary score SummaryScore = "score" // DefaultScore is the default score to use DefaultScore = "" )
Functions ¶
This section is empty.
Types ¶
type Alternative ¶
type Alternative struct {
PackageName string `json:"package_name"`
Score float64 `json:"score"`
PackageNameURL string
}
Alternative is an alternative package returned from the package intelligence API
type AlternativesList ¶ added in v0.0.50
type AlternativesList struct {
Status string `json:"status"`
Packages []Alternative `json:"packages"`
}
AlternativesList is the alternatives block in the trusty API response
type Evaluator ¶
type Evaluator struct {
// contains filtered or unexported fields
}
Evaluator is the trusty evaluator
func NewTrustyEvaluator ¶
NewTrustyEvaluator creates a new trusty evaluator
type MaliciousData ¶ added in v0.0.49
type MaliciousData struct {
Summary string `json:"summary"`
Details string `json:"details"`
Published *time.Time `json:"published"`
Modified *time.Time `json:"modified"`
Source string `json:"source"`
}
MaliciousData contains the security details when a dependency is malicious
type PackageData ¶ added in v0.0.50
type PackageData struct {
Archived bool `json:"archived"`
Deprecated bool `json:"is_deprecated"`
Malicious *MaliciousData `json:"malicious"`
}
PackageData contains the data about the queried package
type Reply ¶
type Reply struct {
PackageName string `json:"package_name"`
PackageType string `json:"package_type"`
Summary ScoreSummary `json:"summary"`
Alternatives AlternativesList `json:"alternatives"`
PackageData PackageData `json:"package_data"`
}
Reply is the response from the package intelligence API
type RuleViolationReason ¶ added in v0.0.49
type RuleViolationReason int
RuleViolationReason are int constants that captures the various reasons a package was considered unsafe when compared with trusty data
const ( // TRUSTY_LOW_SCORE Overall score was lower than threshold TRUSTY_LOW_SCORE RuleViolationReason = iota + 1 // TRUSTY_MALICIOUS_PKG Package is marked as malicious TRUSTY_MALICIOUS_PKG // TRUSTY_LOW_ACTIVITY The package does not have enough activity TRUSTY_LOW_ACTIVITY // TRUSTY_LOW_PROVENANCE Low trust in proof of origin TRUSTY_LOW_PROVENANCE )
type ScoreSummary ¶ added in v0.0.28
type ScoreSummary struct {
Score *float64 `json:"score"`
Description map[string]any `json:"description"`
}
ScoreSummary is the summary score returned from the package intelligence API
Source Files