Documentation
¶
Index ¶
- func ConvertToModelsExploit(es []exploitmodels.Exploit) (exploits []models.Exploit)
- func ConvertToModelsMsf(ms []metasploitmodels.Metasploit) (modules []models.Metasploit)
- func Detect(rs []models.ScanResult, dir string) ([]models.ScanResult, error)
- func DetectCpeURIsCves(r *models.ScanResult, cpes []Cpe, cnf config.GoCveDictConf, ...) error
- func DetectGitHubCves(r *models.ScanResult, githubConfs map[string]config.GitHubConf) error
- func DetectGitHubDependencyGraph(r *models.ScanResult, owner, repo, token string) (err error)
- func DetectGitHubSecurityAlerts(r *models.ScanResult, owner, repo, token string, ignoreDismissed bool) (nCVEs int, err error)
- func DetectLibsCves(r *models.ScanResult, trivyOpts config.TrivyOpts, logOpts logging.LogOpts, ...) (err error)
- func DetectPkgCves(r *models.ScanResult, ovalCnf config.GovalDictConf, gostCnf config.GostConf, ...) error
- func DetectWordPressCves(r *models.ScanResult, wpCnf config.WpScanConf) error
- func FillCvesWithGoCVEDictionary(r *models.ScanResult, cnf config.GoCveDictConf, logOpts logging.LogOpts) (err error)
- func FillCweDict(r *models.ScanResult)
- func FillWithCTI(r *models.ScanResult, cnf config.CtiConf, logOpts logging.LogOpts) error
- func FillWithExploit(r *models.ScanResult, cnf config.ExploitConf, logOpts logging.LogOpts) (nExploitCve int, err error)
- func FillWithKEVuln(r *models.ScanResult, cnf config.KEVulnConf, logOpts logging.LogOpts) error
- func FillWithMetasploit(r *models.ScanResult, cnf config.MetasploitConf, logOpts logging.LogOpts) (nMetasploitCve int, err error)
- func ListValidJSONDirs(resultsDir string) (dirs []string, err error)
- func ValidateDBs(cveConf config.GoCveDictConf, ovalConf config.GovalDictConf, ...) error
- type Cpe
- type DependencyGraph
- type SecurityAlerts
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func ConvertToModelsExploit ¶ added in v0.18.1
func ConvertToModelsExploit(es []exploitmodels.Exploit) (exploits []models.Exploit)
ConvertToModelsExploit converts exploit model to vuls model
func ConvertToModelsMsf ¶
func ConvertToModelsMsf(ms []metasploitmodels.Metasploit) (modules []models.Metasploit)
ConvertToModelsMsf converts metasploit model to vuls model
func Detect ¶
func Detect(rs []models.ScanResult, dir string) ([]models.ScanResult, error)
Detect vulns and fill CVE detailed information
func DetectCpeURIsCves ¶
func DetectCpeURIsCves(r *models.ScanResult, cpes []Cpe, cnf config.GoCveDictConf, logOpts logging.LogOpts) error
DetectCpeURIsCves detects CVEs of given CPE-URIs
func DetectGitHubCves ¶
func DetectGitHubCves(r *models.ScanResult, githubConfs map[string]config.GitHubConf) error
DetectGitHubCves fetches CVEs from GitHub Security Alerts
func DetectGitHubDependencyGraph ¶ added in v0.22.1
func DetectGitHubDependencyGraph(r *models.ScanResult, owner, repo, token string) (err error)
DetectGitHubDependencyGraph access to owner/repo on GitHub and fetch dependency graph of the repository via GitHub API v4 GraphQL and then set to the given ScanResult. https://docs.github.com/en/code-security/supply-chain-security/understanding-your-software-supply-chain/about-the-dependency-graph
func DetectGitHubSecurityAlerts ¶
func DetectGitHubSecurityAlerts(r *models.ScanResult, owner, repo, token string, ignoreDismissed bool) (nCVEs int, err error)
DetectGitHubSecurityAlerts access to owner/repo on GitHub and fetch security alerts of the repository via GitHub API v4 GraphQL and then set to the given ScanResult. https://help.github.com/articles/about-security-alerts-for-vulnerable-dependencies/
func DetectLibsCves ¶
func DetectLibsCves(r *models.ScanResult, trivyOpts config.TrivyOpts, logOpts logging.LogOpts, noProgress bool) (err error)
DetectLibsCves fills LibraryScanner information
func DetectPkgCves ¶
func DetectPkgCves(r *models.ScanResult, ovalCnf config.GovalDictConf, gostCnf config.GostConf, vuls2Conf config.Vuls2Conf, logOpts logging.LogOpts, noProgress bool) error
DetectPkgCves detects OS pkg cves pass 3 configs
func DetectWordPressCves ¶
func DetectWordPressCves(r *models.ScanResult, wpCnf config.WpScanConf) error
DetectWordPressCves detects CVEs of WordPress
func FillCvesWithGoCVEDictionary ¶ added in v0.27.0
func FillCvesWithGoCVEDictionary(r *models.ScanResult, cnf config.GoCveDictConf, logOpts logging.LogOpts) (err error)
FillCvesWithGoCVEDictionary fills CVE detail with NVD, JVN, Fortinet, MITRE, Paloalto, Cisco
func FillWithCTI ¶ added in v0.19.8
FillWithCTI :
func FillWithExploit ¶
func FillWithExploit(r *models.ScanResult, cnf config.ExploitConf, logOpts logging.LogOpts) (nExploitCve int, err error)
FillWithExploit fills exploit information that has in Exploit
func FillWithKEVuln ¶ added in v0.19.0
func FillWithKEVuln(r *models.ScanResult, cnf config.KEVulnConf, logOpts logging.LogOpts) error
FillWithKEVuln :
func FillWithMetasploit ¶
func FillWithMetasploit(r *models.ScanResult, cnf config.MetasploitConf, logOpts logging.LogOpts) (nMetasploitCve int, err error)
FillWithMetasploit fills metasploit module information that has in module
func ListValidJSONDirs ¶
ListValidJSONDirs returns valid json directory as array Returned array is sorted so that recent directories are at the head
func ValidateDBs ¶ added in v0.33.0
func ValidateDBs(cveConf config.GoCveDictConf, ovalConf config.GovalDictConf, gostConf config.GostConf, exploitConf config.ExploitConf, metasploitConf config.MetasploitConf, kevulnConf config.KEVulnConf, ctiConf config.CtiConf, logOpts logging.LogOpts) error
ValidateDBs checks if the databases are accessible and can be closed properly
Types ¶
type DependencyGraph ¶ added in v0.22.1
type DependencyGraph struct {
Data struct {
Repository struct {
URL string `json:"url"`
DependencyGraphManifests struct {
PageInfo struct {
EndCursor string `json:"endCursor"`
HasNextPage bool `json:"hasNextPage"`
} `json:"pageInfo"`
Edges []struct {
Node struct {
BlobPath string `json:"blobPath"`
Filename string `json:"filename"`
Repository struct {
URL string `json:"url"`
}
Parseable bool `json:"parseable"`
ExceedsMaxSize bool `json:"exceedsMaxSize"`
DependenciesCount int `json:"dependenciesCount"`
Dependencies struct {
PageInfo struct {
EndCursor string `json:"endCursor"`
HasNextPage bool `json:"hasNextPage"`
} `json:"pageInfo"`
Edges []struct {
Node struct {
PackageName string `json:"packageName"`
PackageManager string `json:"packageManager"`
Repository struct {
URL string `json:"url"`
}
Requirements string `json:"requirements"`
HasDependencies bool `json:"hasDependencies"`
} `json:"node"`
} `json:"edges"`
} `json:"dependencies"`
} `json:"node"`
} `json:"edges"`
} `json:"dependencyGraphManifests"`
} `json:"repository"`
} `json:"data"`
Errors []struct {
Type string `json:"type,omitempty"`
Path []interface{} `json:"path,omitempty"`
Locations []struct {
Line int `json:"line"`
Column int `json:"column"`
} `json:"locations,omitempty"`
Message string `json:"message"`
} `json:"errors,omitempty"`
}
DependencyGraph is a GitHub API response
type SecurityAlerts ¶
type SecurityAlerts struct {
Data struct {
Repository struct {
URL string `json:"url"`
VulnerabilityAlerts struct {
PageInfo struct {
EndCursor string `json:"endCursor"`
HasNextPage bool `json:"hasNextPage"`
StartCursor string `json:"startCursor"`
} `json:"pageInfo"`
Edges []struct {
Node struct {
ID string `json:"id"`
DismissReason string `json:"dismissReason"`
DismissedAt time.Time `json:"dismissedAt"`
SecurityVulnerability struct {
Package struct {
Name string `json:"name"`
Ecosystem string `json:"ecosystem"`
} `json:"package"`
Severity string `json:"severity"`
VulnerableVersionRange string `json:"vulnerableVersionRange"`
FirstPatchedVersion struct {
Identifier string `json:"identifier"`
} `json:"firstPatchedVersion"`
} `json:"securityVulnerability"`
VulnerableManifestFilename string `json:"vulnerableManifestFilename"`
VulnerableManifestPath string `json:"vulnerableManifestPath"`
VulnerableRequirements string `json:"vulnerableRequirements"`
SecurityAdvisory struct {
Description string `json:"description"`
GhsaID string `json:"ghsaId"`
Permalink string `json:"permalink"`
PublishedAt time.Time `json:"publishedAt"`
Summary string `json:"summary"`
UpdatedAt time.Time `json:"updatedAt"`
WithdrawnAt time.Time `json:"withdrawnAt"`
Origin string `json:"origin"`
Severity string `json:"severity"`
References []struct {
URL string `json:"url"`
} `json:"references"`
Identifiers []struct {
Type string `json:"type"`
Value string `json:"value"`
} `json:"identifiers"`
} `json:"securityAdvisory"`
} `json:"node"`
} `json:"edges"`
} `json:"vulnerabilityAlerts"`
} `json:"repository"`
} `json:"data"`
}
SecurityAlerts has detected CVE-IDs, PackageNames, Refs
Source Files
¶
Directories
Click to show internal directories.
Click to hide internal directories.