producers

package

v0.18.4 Latest Latest Go to latest Published: Oct 17, 2022 License: Apache-2.0 Imports: 13 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/thought-machine/dracon

Links

Open Source Insights

README ¶

Producers

A producer is a program that parses the output of a tool and converts it into Dracon compatible file that can be used by the enricher and consumers.

Writing Producers

Producers can be written in any language that supports protobufs, we have examples in Golang and Python. They are all structured the same way:

Parse program arguments:
1. in: the raw tool results file location
2. out: where to place the Dracon compatible output file location
Parse the in file into Protobufs (LaunchToolResponse)
Add metadata to Protobufs (e.g. git/source-code information)
Write the protobuf bytes to the out file

Producer API

For convenience, there are helper functions in the ./producers pkg/module for Golang/Python.

The WriteDraconOut/write_dracon_out method expects a list of issues to write as the LaunchToolResponse protobuf. Your producer should parse the output of a tool results into Issue protobufs which are then passed into this method.

Documentation ¶

Overview ¶

Package producers provides helper functions for writing Dracon compatible producers that parse tool outputs. Subdirectories in this package have more complete example usages of this package.

Index ¶

Constants
Variables
func ParseFlags() error
func ParseJSON(in []byte, structure interface{}) error
func ReadInFile() ([]byte, error)
func ReadLines() ([][]byte, error)
func WriteDraconOut(toolName string, issues []*v1.Issue) error

Constants ¶

View Source

const (

	// EnvDraconStartTime Start Time of Dracon Scan in RFC3339
	EnvDraconStartTime = "DRACON_SCAN_TIME"
	// EnvDraconScanID the ID of the dracon scan
	EnvDraconScanID = "DRACON_SCAN_ID"
)

Variables ¶

View Source

var (
	// InResults represents incoming tool output
	InResults string
	// OutFile points to the protobuf file where dracon results will be written
	OutFile string
	// Append flag will append to the outfile instead of overwriting, useful when there's multiple inresults
	Append bool
)

Functions ¶

func ParseFlags ¶

func ParseFlags() error

ParseFlags will parse the input flags for the producer and perform simple validation

Example ¶

if err := ParseFlags(); err != nil {
	log.Fatal(err)
}

Output:

func ParseJSON ¶ added in v0.11.0

func ParseJSON(in []byte, structure interface{}) error

ParseJSON provides a generic method to parse JSON input (e.g. the results provided by a tool) into a given struct.

func ReadInFile ¶ added in v0.11.0

func ReadInFile() ([]byte, error)

ReadInFile returns the contents of the file given by InResults.

func ReadLines ¶ added in v0.16.0

func ReadLines() ([][]byte, error)

ReadLines returns the lines of the contents of the file given by InResults

func WriteDraconOut ¶

func WriteDraconOut(
	toolName string,
	issues []*v1.Issue,
) error

WriteDraconOut provides a generic method to write the resulting protobuf to the output file

Example ¶

issues := []*v1.Issue{}
if err := WriteDraconOut(
	"gosec",
	issues,
); err != nil {
	log.Fatal(err)
}

Output:

Types ¶

This section is empty.

Source Files ¶

View all Source files

producer.go

Directories ¶

Path	Synopsis
dependency_check
docker_trivy
types
elasticsearch_filebeat
types
golang_gosec
golang_nancy
types
java_spotbugs
jira_producer
sync
mobsf Package main implements a Dracon producer for MobSF, a mobile security framework (https://github.com/MobSF/Mobile-Security-Framework-MobSF).	Package main implements a Dracon producer for MobSF, a mobile security framework (https://github.com/MobSF/Mobile-Security-Framework-MobSF).
report Package report provides common types for scan report formats.	Package report provides common types for scan report formats.
report/android Package android provides types and functions for working with Android project scan reports from MobSF.	Package android provides types and functions for working with Android project scan reports from MobSF.
report/ios Package ios provides types and functions for working with iOS project scan reports from MobSF.	Package ios provides types and functions for working with iOS project scan reports from MobSF.
npm_audit
types Package types provides common types for audit report formats.	Package types provides common types for audit report formats.
types/npmfullaudit Package npmfullaudit provides types and functions for working with audit reports from npm's "Full Audit" endpoint (/-/npm/v1/security/audits) and transforming them into data structures understood by the Dracon enricher.	Package npmfullaudit provides types and functions for working with audit reports from npm's "Full Audit" endpoint (/-/npm/v1/security/audits) and transforming them into data structures understood by the Dracon enricher.
types/npmquickaudit Package npmquickaudit provides types and functions for working with audit reports from npm's "Quick Audit" endpoint (/-/npm/v1/security/audits/quick) and transforming them into data structures understood by the Dracon enricher.	Package npmquickaudit provides types and functions for working with audit reports from npm's "Quick Audit" endpoint (/-/npm/v1/security/audits/quick) and transforming them into data structures understood by the Dracon enricher.
pipsafety
types
python_bandit
sarif
securityhub
semgrep
types
typescript_eslint
types
typescript_tslint
types
yarn_audit
types
zap_producer
types

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL