Documentation ¶
Index ¶
- Constants
- Variables
- func NewGrypeVulnerabilityMatcher(datastore store.Store, useCPEs bool) *grype.VulnerabilityMatcher
- type Finding
- type Findings
- type GoVulnDBIndex
- type GoVulnDBIndexEntry
- type Options
- type Package
- type Result
- type Scanner
- type TargetAPK
- type TriageAssessmentdeprecated
- type Vulnerability
Constants ¶
const ( AdvisoriesSetResolved = "resolved" AdvisoriesSetAll = "all" AdvisoriesSetConcluded = "concluded" )
const TriageSourceGovulncheck = "govulncheck"
Variables ¶
var DefaultGrypeDBDir = path.Join(xdg.CacheHome, "wolfictl", "grype", "db")
var DefaultOptions = Options{}
DefaultOptions is the recommended default configuration for a new Scanner. These options are suitable for most use scanning cases.
var ValidAdvisoriesSets = []string{AdvisoriesSetResolved, AdvisoriesSetAll, AdvisoriesSetConcluded}
Functions ¶
func NewGrypeVulnerabilityMatcher ¶ added in v0.15.1
func NewGrypeVulnerabilityMatcher(datastore store.Store, useCPEs bool) *grype.VulnerabilityMatcher
Types ¶
type Finding ¶
type Finding struct { Package Package Vulnerability Vulnerability Advisory *v2.Advisory `json:",omitempty"` // Deprecated: This field will be removed soon. TriageAssessments []TriageAssessment `json:",omitempty"` }
Finding represents a vulnerability finding for a single package.
func FilterWithAdvisories ¶ added in v0.1.0
func FilterWithAdvisories(_ context.Context, result Result, advisoryDocIndex *configs.Index[v2.Document], advisoryFilterSet string) ([]Finding, error)
FilterWithAdvisories filters the findings in the result based on the advisories for the target APK.
type GoVulnDBIndex ¶ added in v0.8.0
type GoVulnDBIndex struct {
// contains filtered or unexported fields
}
func BuildIndexForGoVulnDB ¶ added in v0.8.0
func BuildIndexForGoVulnDB(ctx context.Context) (*GoVulnDBIndex, error)
BuildIndexForGoVulnDB builds an index of GoVulnDB entries, keyed by aliases (like CVE IDs and GHSA IDs).
func (*GoVulnDBIndex) Get ¶ added in v0.8.0
func (i *GoVulnDBIndex) Get(id string) (GoVulnDBIndexEntry, bool)
Get returns the GoVulnDB index entry for the given ID, or false if it doesn't exist.
type GoVulnDBIndexEntry ¶ added in v0.8.0
type Options ¶ added in v0.18.0
type Options struct { // PathOfDatabaseArchiveToImport, if set, is the path to a Grype vulnerability // database archive (.tar.gz file) from which a database will be loaded by // Grype. // // If empty, the default Grype database loading behavior will be used (e.g. // downloading the database from the Internet). PathOfDatabaseArchiveToImport string // PathOfDatabaseDestinationDirectory is the directory to which the Grype // database will be extracted, and where the database will be loaded from at // runtime. If empty, the value of DefaultGrypeDBDir will be used. PathOfDatabaseDestinationDirectory string // UseCPEs controls whether the scanner will use CPEs to match vulnerabilities // for matcher types that default to not using CPE matching. Most consumers will // probably want this set to false in order to avoid excessive noise from // matching. UseCPEs bool // DisableDatabaseAgeValidation controls whether the scanner will validate the // age of the vulnerability database before using it. If true, the scanner will // not validate the age of the database. This bool should always be set to false // except for testing purposes. DisableDatabaseAgeValidation bool // DisableSBOMCache controls whether the scanner will cache SBOMs generated from // APKs. If true, the scanner will not cache SBOMs or use existing cached SBOMs. DisableSBOMCache bool }
Options determine the configuration for a new Scanner. The zero-value of this struct is a valid configuration.
type Scanner ¶ added in v0.11.0
type Scanner struct {
// contains filtered or unexported fields
}
func NewScanner ¶ added in v0.11.0
NewScanner initializes the grype DB for reuse across multiple scans.
type TriageAssessment
deprecated
added in
v0.8.0
type TriageAssessment struct { // Source is the name of the source of the triage assessment, e.g. // "govulncheck". Source string // TruePositive indicates whether the vulnerability is a true positive. A value // of false indicates that the vulnerability has been assessed to be a false // positive. TruePositive bool // Reason is the explanation of the triage assessment. Reason string }
Deprecated: This type will be removed soon.