scan

package

v0.16.11 Latest Latest Go to latest Published: May 17, 2024 License: Apache-2.0 Imports: 43 Imported by: 1

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/wolfi-dev/wolfictl

Links

Open Source Insights

Documentation ¶

Index ¶

Constants
Variables
func NewGrypeVulnerabilityMatcher(datastore store.Store, useCPEs bool) *grype.VulnerabilityMatcher
type Finding
- func FilterWithAdvisories(_ context.Context, result Result, advisoryDocIndex *configs.Index[v2.Document], ...) ([]Finding, error)
- func Triage(ctx context.Context, result Result, apkFile io.ReadSeeker) ([]Finding, error)
type GoVulnDBIndex
- func BuildIndexForGoVulnDB(ctx context.Context) (*GoVulnDBIndex, error)
- func (i *GoVulnDBIndex) Get(id string) (GoVulnDBIndexEntry, bool)
type GoVulnDBIndexEntry
type Package
type Result
type Scanner
- func NewScanner(localDBFilePath string, useCPEs bool) (*Scanner, error)
- func (s *Scanner) APKSBOM(ctx context.Context, ssbom *sbomSyft.SBOM) (*Result, error)
- func (s *Scanner) ScanAPK(ctx context.Context, apk fs.File, distroID string) (*Result, error)
type TargetAPK
- func (t TargetAPK) Origin() string
type TriageAssessment
type Vulnerability

Constants ¶

View Source

const (
	AdvisoriesSetResolved  = "resolved"
	AdvisoriesSetAll       = "all"
	AdvisoriesSetConcluded = "concluded"
)

View Source

const TriageSourceGovulncheck = "govulncheck"

Variables ¶

View Source

var ValidAdvisoriesSets = []string{AdvisoriesSetResolved, AdvisoriesSetAll, AdvisoriesSetConcluded}

Functions ¶

func NewGrypeVulnerabilityMatcher ¶ added in v0.15.1

func NewGrypeVulnerabilityMatcher(datastore store.Store, useCPEs bool) *grype.VulnerabilityMatcher

Types ¶

type Finding ¶

type Finding struct {
	Package           Package
	Vulnerability     Vulnerability
	TriageAssessments []TriageAssessment
}

Finding represents a vulnerability finding for a single package.

func FilterWithAdvisories ¶ added in v0.1.0

func FilterWithAdvisories(_ context.Context, result Result, advisoryDocIndex *configs.Index[v2.Document], advisoryFilterSet string) ([]Finding, error)

FilterWithAdvisories filters the findings in the result based on the advisories for the target APK.

func Triage ¶ added in v0.8.0

func Triage(ctx context.Context, result Result, apkFile io.ReadSeeker) ([]Finding, error)

Triage inspects an existing scan Result and attempts to triage each finding, returning a copy of the Result's list of findings, modified to include TriageAssessments where applicable.

type GoVulnDBIndex ¶ added in v0.8.0

type GoVulnDBIndex struct {
	// contains filtered or unexported fields
}

func BuildIndexForGoVulnDB ¶ added in v0.8.0

func BuildIndexForGoVulnDB(ctx context.Context) (*GoVulnDBIndex, error)

BuildIndexForGoVulnDB builds an index of GoVulnDB entries, keyed by aliases (like CVE IDs and GHSA IDs).

func (*GoVulnDBIndex) Get ¶ added in v0.8.0

func (i *GoVulnDBIndex) Get(id string) (GoVulnDBIndexEntry, bool)

Get returns the GoVulnDB index entry for the given ID, or false if it doesn't exist.

type GoVulnDBIndexEntry ¶ added in v0.8.0

type GoVulnDBIndexEntry struct {
	ID       string    `json:"id"`
	Modified time.Time `json:"modified"`
	Aliases  []string  `json:"aliases,omitempty"`
}

type Package ¶

type Package struct {
	ID       string
	Name     string
	Version  string
	Type     string
	Location string
}

type Result ¶ added in v0.1.0

type Result struct {
	TargetAPK     TargetAPK
	Findings      []Finding
	GrypeDBStatus *db.Status
}

type Scanner ¶ added in v0.11.0

type Scanner struct {
	// contains filtered or unexported fields
}

func NewScanner ¶ added in v0.11.0

func NewScanner(localDBFilePath string, useCPEs bool) (*Scanner, error)

NewScanner initializes the grype DB for reuse across multiple scans.

func (*Scanner) APKSBOM ¶ added in v0.11.0

func (s *Scanner) APKSBOM(ctx context.Context, ssbom *sbomSyft.SBOM) (*Result, error)

APKSBOM scans an SBOM of an APK for vulnerabilities.

func (*Scanner) ScanAPK ¶ added in v0.15.0

func (s *Scanner) ScanAPK(ctx context.Context, apk fs.File, distroID string) (*Result, error)

ScanAPK scans an APK file for vulnerabilities.

type TargetAPK ¶ added in v0.1.0

type TargetAPK struct {
	Name              string
	Version           string
	OriginPackageName string
}

func (TargetAPK) Origin ¶ added in v0.4.2

func (t TargetAPK) Origin() string

Origin returns the name of the origin package, if the package's metadata indicates an origin package. Otherwise, it returns the package name.

type TriageAssessment ¶ added in v0.8.0

type TriageAssessment struct {
	// Source is the name of the source of the triage assessment, e.g.
	// "govulncheck".
	Source string

	// TruePositive indicates whether the vulnerability is a true positive. A value
	// of false indicates that the vulnerability has been assessed to be a false
	// positive.
	TruePositive bool

	// Reason is the explanation of the triage assessment.
	Reason string
}

type Vulnerability ¶

type Vulnerability struct {
	ID           string
	Severity     string
	Aliases      []string
	FixedVersion string
}

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL