Documentation ¶
Overview ¶
Package trusty provides an evaluator that uses the trusty API
Package trusty provides an evaluator that uses the trusty API ¶
Package trusty provides an evaluator that uses the trusty API ¶
Package trusty provides an evaluator that uses the trusty API
Index ¶
Constants ¶
const (
// TrustyEvalType is the type of the trusty evaluator
TrustyEvalType = "trusty"
)
Variables ¶
var ( // SummaryScore is the score to use for the summary score SummaryScore = "score" // DefaultScore is the default score to use DefaultScore = "" )
Functions ¶
This section is empty.
Types ¶
type Alternative ¶
type Alternative struct { PackageName string `json:"package_name"` Score float64 `json:"score"` PackageNameURL string }
Alternative is an alternative package returned from the package intelligence API
type AlternativesList ¶ added in v0.0.50
type AlternativesList struct { Status string `json:"status"` Packages []Alternative `json:"packages"` }
AlternativesList is the alternatives block in the trusty API response
type Evaluator ¶
type Evaluator struct {
// contains filtered or unexported fields
}
Evaluator is the trusty evaluator
func NewTrustyEvaluator ¶
NewTrustyEvaluator creates a new trusty evaluator
type MaliciousData ¶ added in v0.0.49
type MaliciousData struct { Summary string `json:"summary"` Details string `json:"details"` Published *time.Time `json:"published"` Modified *time.Time `json:"modified"` Source string `json:"source"` }
MaliciousData contains the security details when a dependency is malicious
type PackageData ¶ added in v0.0.50
type PackageData struct { Archived bool `json:"archived"` Deprecated bool `json:"is_deprecated"` Malicious *MaliciousData `json:"malicious"` }
PackageData contains the data about the queried package
type Reply ¶
type Reply struct { PackageName string `json:"package_name"` PackageType string `json:"package_type"` Summary ScoreSummary `json:"summary"` Alternatives AlternativesList `json:"alternatives"` PackageData PackageData `json:"package_data"` }
Reply is the response from the package intelligence API
type RuleViolationReason ¶ added in v0.0.49
type RuleViolationReason int
RuleViolationReason are int constants that captures the various reasons a package was considered unsafe when compared with trusty data
const ( // TRUSTY_LOW_SCORE Overall score was lower than threshold TRUSTY_LOW_SCORE RuleViolationReason = iota + 1 // TRUSTY_MALICIOUS_PKG Package is marked as malicious TRUSTY_MALICIOUS_PKG // TRUSTY_LOW_ACTIVITY The package does not have enough activity TRUSTY_LOW_ACTIVITY // TRUSTY_LOW_PROVENANCE Low trust in proof of origin TRUSTY_LOW_PROVENANCE )
type ScoreSummary ¶ added in v0.0.28
type ScoreSummary struct { Score *float64 `json:"score"` Description map[string]any `json:"description"` }
ScoreSummary is the summary score returned from the package intelligence API