Documentation
¶
Index ¶
- func BuildReport(ctx context.Context, ghClient *github.Client, owner, repo string, prNumber int, ...)
- func GenerateReportContent(dependencies []string, ecosystem string, globalThreshold float64, ...) (string, bool)
- func ProcessDependency(dep string, ecosystem string, globalThreshold float64, ...) (string, bool)
- type Package
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func BuildReport ¶
func BuildReport(ctx context.Context, ghClient *github.Client, owner, repo string, prNumber int, dependencies []string, ecosystem string, globalThreshold float64, repoActivityThreshold float64, authorActivityThreshold float64, provenanceThreshold float64, typosquattingThreshold float64, failOnMalicious bool, failOnDeprecated bool, failOnArchived bool)
BuildReport analyzes the dependencies of a PR and generates a report based on their Trusty scores. It takes the following parameters: - ctx: The context.Context for the function. - ghClient: A pointer to a github.Client for interacting with the GitHub API. - owner: The owner of the repository. - repo: The name of the repository. - prNumber: The number of the pull request. - dependencies: A slice of strings representing the dependencies to be analyzed. - ecosystem: The ecosystem of the dependencies (e.g., "npm", "pip", "maven"). - scoreThreshold: The threshold for Trusty scores below which a warning will be generated.
The function generates a report and posts it as a comment on the pull request.
func GenerateReportContent ¶ added in v0.0.5
func ProcessDependency ¶ added in v0.0.3
func ProcessDependency(dep string, ecosystem string, globalThreshold float64, repoActivityThreshold float64, authorActivityThreshold float64, provenanceThreshold float64, typosquattingThreshold float64, failOnMalicious bool, failOnDeprecated bool, failOnArchived bool) (string, bool)
processDependency analyzes a dependency by making an API request to TrustyPkg.dev and returns a formatted report. It takes the dependency name, ecosystem, and score threshold as input parameters. The function constructs the query URL, makes the API request, and processes the response. If the Trusty score of the dependency is above the score threshold, it skips the dependency. Otherwise, it formats the report using Markdown and includes information about the dependency's Trusty score, whether it is malicious, deprecated or archived, and recommended alternative packages if available. The function returns the formatted report as a string.
Types ¶
type Package ¶
type Package struct {
PackageName string `json:"package_name"`
PackageType string `json:"package_type"`
PackageData struct {
ID string `json:"id"`
Status string `json:"status"`
StatusCode any `json:"status_code"`
Name string `json:"name"`
Version string `json:"version"`
Author string `json:"author"`
AuthorEmail string `json:"author_email"`
PackageDescription string `json:"package_description"`
RepoDescription string `json:"repo_description"`
Origin string `json:"origin"`
StargazersCount int `json:"stargazers_count"`
WatchersCount int `json:"watchers_count"`
HomePage string `json:"home_page"`
HasIssues bool `json:"has_issues"`
HasProjects bool `json:"has_projects"`
HasDownloads bool `json:"has_downloads"`
ForksCount int `json:"forks_count"`
Archived bool `json:"archived"`
IsDeprecated bool `json:"is_deprecated"`
Disabled bool `json:"disabled"`
OpenIssuesCount int `json:"open_issues_count"`
Visibility string `json:"visibility"`
Forks int `json:"forks"`
DefaultBranch string `json:"default_branch"`
NetworkCount int `json:"network_count"`
SubscribersCount int `json:"subscribers_count"`
RepositoryName string `json:"repository_name"`
ContributorCount int `json:"contributor_count"`
PublicRepos int `json:"public_repos"`
PublicGists int `json:"public_gists"`
Followers int `json:"followers"`
Following int `json:"following"`
Owner struct {
Author string `json:"author"`
AuthorEmail string `json:"author_email"`
Login string `json:"login"`
AvatarURL string `json:"avatar_url"`
GravatarID string `json:"gravatar_id"`
URL string `json:"url"`
HTMLURL string `json:"html_url"`
Company string `json:"company"`
Blog string `json:"blog"`
Location string `json:"location"`
Email string `json:"email"`
Hireable bool `json:"hireable"`
TwitterUsername string `json:"twitter_username"`
PublicRepos int `json:"public_repos"`
PublicGists any `json:"public_gists"`
Followers int `json:"followers"`
Following int `json:"following"`
} `json:"owner"`
Contributors []struct {
Author string `json:"author"`
AuthorEmail string `json:"author_email"`
Login string `json:"login"`
AvatarURL string `json:"avatar_url"`
GravatarID string `json:"gravatar_id"`
URL string `json:"url"`
HTMLURL string `json:"html_url"`
Company any `json:"company"`
Blog any `json:"blog"`
Location string `json:"location"`
Email string `json:"email"`
Hireable bool `json:"hireable"`
TwitterUsername any `json:"twitter_username"`
PublicRepos int `json:"public_repos"`
PublicGists any `json:"public_gists"`
Followers int `json:"followers"`
Following int `json:"following"`
} `json:"contributors"`
LastUpdate string `json:"last_update"`
} `json:"package_data"`
Summary struct {
Score float64 `json:"score"`
Description struct {
Activity float64 `json:"activity"`
Provenance float64 `json:"provenance"`
Typosquatting float64 `json:"typosquatting"`
ActivityUser float64 `json:"activity_user"`
ActivityRepo float64 `json:"activity_repo"`
} `json:"description"`
UpdatedAt string `json:"updated_at"`
} `json:"summary"`
Provenance struct {
Score float64 `json:"score"`
Description struct {
Hp struct {
Tags float64 `json:"tags"`
Common float64 `json:"common"`
Overlap float64 `json:"overlap"`
Versions float64 `json:"versions"`
OverTime struct {
} `json:"over_time"`
} `json:"hp"`
Score float64 `json:"score"`
Status string `json:"status"`
Provenance struct {
Issuer string `json:"issuer"`
Workflow string `json:"workflow"`
SourceRepo string `json:"source_repo"`
TokenIssuer string `json:"token_issuer"`
Transparency string `json:"transparency"`
} `json:"provenance"`
} `json:"description"`
UpdatedAt string `json:"updated_at"`
} `json:"provenance"`
Activity struct {
Score float64 `json:"score"`
Description struct {
Repo float64 `json:"repo"`
User float64 `json:"user"`
} `json:"description"`
UpdatedAt string `json:"updated_at"`
} `json:"activity"`
Typosquatting struct {
Score float64 `json:"score"`
Description struct {
TotalSimilarNames int `json:"total_similar_names"`
} `json:"description"`
UpdatedAt string `json:"updated_at"`
} `json:"typosquatting"`
Alternatives struct {
Status string `json:"status"`
Packages []struct {
ID string `json:"id"`
PackageName string `json:"package_name"`
PackageType string `json:"package_type"`
RepoDescription string `json:"repo_description"`
Score float64 `json:"score"`
Provenance struct {
Score float64 `json:"score"`
Description struct {
Hp struct {
Tags float64 `json:"tags"`
Common float64 `json:"common"`
Overlap float64 `json:"overlap"`
Versions float64 `json:"versions"`
OverTime struct {
} `json:"over_time"`
} `json:"hp"`
Score float64 `json:"score"`
Status string `json:"status"`
Provenance struct {
Issuer string `json:"issuer"`
Workflow string `json:"workflow"`
SourceRepo string `json:"source_repo"`
TokenIssuer string `json:"token_issuer"`
Transparency string `json:"transparency"`
} `json:"provenance"`
} `json:"description"`
UpdatedAt string `json:"updated_at"`
} `json:"provenance"`
} `json:"packages"`
} `json:"alternatives"`
SimilarPackageNames []struct {
ID string `json:"id"`
PackageName string `json:"package_name"`
PackageType string `json:"package_type"`
RepoDescription string `json:"repo_description"`
Score float64 `json:"score"`
Provenance struct {
Score float64 `json:"score"`
Description struct {
Hp struct {
Tags float64 `json:"tags"`
Common float64 `json:"common"`
Overlap float64 `json:"overlap"`
Versions float64 `json:"versions"`
OverTime struct {
} `json:"over_time"`
} `json:"hp"`
Score float64 `json:"score"`
Status string `json:"status"`
Provenance struct {
Issuer string `json:"issuer"`
Workflow string `json:"workflow"`
SourceRepo string `json:"source_repo"`
TokenIssuer string `json:"token_issuer"`
Transparency string `json:"transparency"`
} `json:"provenance"`
} `json:"description"`
UpdatedAt string `json:"updated_at"`
} `json:"provenance"`
} `json:"similar_package_names"`
SameOriginPackagesCount int `json:"same_origin_packages_count"`
}
Source Files
Click to show internal directories.
Click to hide internal directories.