remediation

package
v2.2.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Aug 7, 2025 License: Apache-2.0 Imports: 23 Imported by: 0

Documentation

Overview

Package remediation provides logic for Guided Remediation.

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func ComputeOverridePatches 

func ComputeOverridePatches(ctx context.Context, cl client.ResolutionClient, result *resolution.Result, opts Options) ([]resolution.Difference, error)

ComputeOverridePatches attempts to resolve each vulnerability found in result independently, returning the list of unique possible patches. Vulnerabilities are resolved by directly overriding versions of vulnerable packages to non-vulnerable versions. If a patch introduces new vulnerabilities, additional overrides are attempted for the new vulnerabilities.

func ComputeRelaxPatches 

func ComputeRelaxPatches(ctx context.Context, cl client.ResolutionClient, result *resolution.Result, opts Options) ([]resolution.Difference, error)

ComputeRelaxPatches attempts to resolve each vulnerability found in result independently, returning the list of unique possible patches

func SupportsInPlace 

func SupportsInPlace(l lockfile.ReadWriter) bool

func SupportsOverride 

func SupportsOverride(m manifest.ReadWriter) bool

func SupportsRelax 

func SupportsRelax(m manifest.ReadWriter) bool

TODO: Supported strategies should be part of the manifest/lockfile ReadWriter directly

Types

type InPlacePatch 

type InPlacePatch struct {
	lf.DependencyPatch

	ResolvedVulns []resolution.Vulnerability
}

type InPlaceResult 

type InPlaceResult struct {
	Patches   []InPlacePatch
	Unfixable []resolution.Vulnerability
}

func ComputeInPlacePatches 

func ComputeInPlacePatches(ctx context.Context, cl client.ResolutionClient, graph *resolve.Graph, opts Options) (InPlaceResult, error)

ComputeInPlacePatches finds all possible targeting version changes that would fix vulnerabilities in a resolved graph. TODO: Check for introduced vulnerabilities

func (InPlaceResult) VulnCount 

func (r InPlaceResult) VulnCount() VulnCount

type Options 

type Options struct {
	resolution.ResolveOpts

	IgnoreVulns   []string // Vulnerability IDs to ignore
	ExplicitVulns []string // If set, only consider these vulnerability IDs & ignore all others

	DevDeps     bool    // Whether to consider vulnerabilities in dev dependencies
	MinSeverity float64 // Minimum vulnerability CVSS score to consider
	MaxDepth    int     // Maximum depth of dependency to consider vulnerabilities for (e.g. 1 for direct only)

	UpgradeConfig upgrade.Config // Allowed upgrade levels per package.
}

func (Options) MatchVuln 

func (opts Options) MatchVuln(v resolution.Vulnerability) bool

type VulnCount 

type VulnCount struct {
	Direct     int
	Transitive int

	// Note: These are metrics that overlap with Direct/Transitive, and with each other.
	Unfixable int
	Dev       int
}

func (VulnCount) Total 

func (vc VulnCount) Total() int

Source Files

View all Source files

Directories

Path Synopsis
Package relax provides functionality for relaxing version constraints for guided remediation.
 Package relax provides functionality for relaxing version constraints for guided remediation.
Package suggest provides functionality for suggesting version updates.
 Package suggest provides functionality for suggesting version updates.
Package upgrade provides functionality for parsing upgrade configurations for remediation.
 Package upgrade provides functionality for parsing upgrade configurations for remediation.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.