Documentation
¶
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type Advisories ¶
type Advisories struct {
Advisory []string `xml:"v:advisory"`
}
Advisories holds all the links for a vulnerability
type Component ¶
type Component struct {
syftCDX.Component
Vulnerabilities *[]Vulnerability `xml:"v:vulnerabilities>v:vulnerability,omitempty"`
}
Component represents the a single software/package that has vulnerabilities.
type Document ¶
type Document struct {
XMLName xml.Name `xml:"bom"`
XMLNs string `xml:"xmlns,attr"`
XMLNsBd string `xml:"xmlns:bd,attr"`
XMLNsV string `xml:"xmlns:v,attr"`
Version int `xml:"version,attr"`
SerialNumber string `xml:"serialNumber,attr"`
BomDescriptor *syftCDX.BomDescriptor `xml:"metadata"`
Components []Component `xml:"components>component"`
}
Document represents a CycloneDX Vulnerability Document.
func NewDocument ¶
func NewDocument(packages []pkg.Package, matches match.Matches, srcMetadata *source.Metadata, provider vulnerability.MetadataProvider) (Document, error)
NewDocument returns a CycloneDX Document object populated with the SBOM and vulnerability findings.
type Presenter ¶
type Presenter struct {
// contains filtered or unexported fields
}
Presenter writes a CycloneDX report from the given Catalog and Scope contents
func NewPresenter ¶
func NewPresenter(results match.Matches, packages []pkg.Package, srcMetadata *source.Metadata, metadataProvider vulnerability.MetadataProvider) *Presenter
NewPresenter is a *Presenter constructor
type Rating ¶
type Rating struct {
Score Score `xml:"v:score"`
Severity string `xml:"v:severity,omitempty"`
Method string `xml:"v:method,omitempty"`
Vector string `xml:"v:vector,omitempty"`
}
Rating has information about the intensity of a vulnerability
type Score ¶
type Score struct {
Base float64 `xml:"v:base"`
Impact float64 `xml:"v:impact"`
Exploitability float64 `xml:"v:exploitability"`
}
Score provides the different ways to measure how serious a vulnerability is
type Source ¶
Source is the origin of the vulnerability, like Github Advisories or NVD, along with a URL constructed with the vulnerability ID
type Vulnerability ¶
type Vulnerability struct {
Ref string `xml:"ref,attr"`
ID string `xml:"v:id"`
Source Source `xml:"v:source"`
Ratings []Rating `xml:"v:ratings>v:rating"`
// We do not capture Common Weakness Enumeration
//Cwes Cwes `xml:"v:cwes"`
Description string `xml:"v:description,omitempty"`
// We don't have recommendations (e.g. "upgrade")
//Recommendations *Recommendations `xml:"v:recommendations"`
Advisories *Advisories `xml:"v:advisories,omitempty"`
}
Vulnerability is the actual description of a vulnerable artifact
func NewVulnerability ¶
func NewVulnerability(m match.Match, p vulnerability.MetadataProvider) (Vulnerability, error)
NewVulnerability creates a Vulnerability document from a match and the metadata provider
Source Files