Documentation
¶
Overview ¶
Package report provides helpers for assembling display- or export-ready views of Deputy data without tying them to CLI rendering details. It defines report-level DTOs (data transfer objects) and aggregation helpers consumed by report/render.
Index ¶
- func ConsolidatedSeverityPriority(v vulnerability.Consolidated) (int, float64)
- func SplitVulnerabilities(vulns []Vulnerability) ([]vulnerability.Finding, map[string]*vulnerabilityv1.Advisory)
- func VulnerabilitiesToFindings(vulns []Vulnerability) []*vulnerabilityv1.Finding
- type ArtifactGroup
- type ManifestContext
- type ManifestEntry
- type ManifestGroup
- type PolicyFinding
- type Summary
- type Target
- type TriagePackageSummary
- type TriageReport
- type Vulnerability
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func ConsolidatedSeverityPriority ¶
func ConsolidatedSeverityPriority(v vulnerability.Consolidated) (int, float64)
ConsolidatedSeverityPriority returns a priority tuple (int, float64) for sorting vulnerabilities. Higher values indicate higher priority.
func SplitVulnerabilities ¶
func SplitVulnerabilities(vulns []Vulnerability) ([]vulnerability.Finding, map[string]*vulnerabilityv1.Advisory)
SplitVulnerabilities converts flattened vulnerabilities back into domain advisories/findings.
func VulnerabilitiesToFindings ¶
func VulnerabilitiesToFindings(vulns []Vulnerability) []*vulnerabilityv1.Finding
VulnerabilitiesToFindings converts report vulnerabilities to proto Finding messages.
Types ¶
type ArtifactGroup ¶
ArtifactGroup represents a group of artifacts managed by a specific package manager.
type ManifestContext ¶
type ManifestContext struct {
Sources []ManifestGroup
Artifacts []ArtifactGroup
}
ManifestContext holds the organized structure of sources and artifacts for display.
func BuildManifestContext ¶
func BuildManifestContext(list []vulnerability.Consolidated) ManifestContext
BuildManifestContext constructs a ManifestContext from a list of consolidated vulnerabilities.
type ManifestEntry ¶
ManifestEntry represents a single manifest file in the display context.
type ManifestGroup ¶
type ManifestGroup struct {
Manager string
Entries []ManifestEntry
}
ManifestGroup represents a group of manifests managed by a specific package manager.
type PolicyFinding ¶
type PolicyFinding struct {
// Source is the name of the policy that generated this finding.
Source string `json:"source"`
// Action is the policy decision type (e.g., "deny", "warn", "allow").
Action string `json:"action"`
// Reason explains why the policy triggered this action.
Reason string `json:"reason,omitempty"`
// Message provides additional context or details about the finding.
Message string `json:"message,omitempty"`
// Remediation suggests steps to resolve the policy violation.
Remediation string `json:"remediation,omitempty"`
// Status is an optional HTTP status code suggestion for proxy mode.
Status *int `json:"status,omitempty"`
// Code is a machine-readable identifier for the finding type.
Code string `json:"code,omitempty"`
}
PolicyFinding represents a policy action emitted during evaluation.
func PolicyFindingsFromActions ¶
func PolicyFindingsFromActions(actions []policy.Action) []PolicyFinding
PolicyFindingsFromActions converts policy actions into report findings. Actions with empty type or "allow" type are filtered out.
type Summary ¶
type Summary struct {
HasVulnerabilities bool
Stats vulnerabilityv1.Stats
CriticalHighCount int
FixAvailableCount int
UnfixedCount int
StdlibRecommendation string
Commands []remediation.Command
CommandsHeader string
}
Summary captures counts and recommended actions derived from vulnerabilities.
func BuildSummary ¶
func BuildSummary(cons []vulnerability.Consolidated, stats vulnerabilityv1.Stats) Summary
BuildSummary computes summary stats and remediation suggestions for vulnerabilities.
func BuildSummaryFromResult ¶
func BuildSummaryFromResult(result vulnerability.ConsolidatedResult) Summary
BuildSummaryFromResult computes summary stats from a ConsolidatedResult. This is the preferred API when using ConsolidateAll.
type Target ¶
type Target struct {
Repo string `json:"repo"`
Ref string `json:"ref,omitempty"`
Commit string `json:"commit,omitempty"`
}
Target identifies the repository and reference for a report.
type TriagePackageSummary ¶
type TriagePackageSummary struct {
Package string `json:"package"`
Version string `json:"version"`
Severity string `json:"severity"`
SeverityType string `json:"severity_type"`
FixVersion string `json:"fix_version,omitempty"`
IsDirect bool `json:"is_direct"`
Summary string `json:"summary,omitempty"`
SampleIDs []string `json:"sample_ids,omitempty"`
AffectedImports []vulnerabilityv1.AffectedImport `json:"affected_imports,omitempty"`
DatabaseSpecific map[string]string `json:"database_specific,omitempty"`
VulnerabilityCount int `json:"vulnerability_count"`
SeverityCounts map[string]int `json:"severity_counts,omitempty"`
}
TriagePackageSummary represents a summary of a single package's vulnerabilities.
type TriageReport ¶
type TriageReport struct {
Target Target `json:"target"`
Stats vulnerabilityv1.Stats `json:"stats"`
TopPackages []TriagePackageSummary `json:"top_packages"`
PackagesWithVulns int `json:"packages_with_vulns"`
}
TriageReport represents the summary of a triage analysis.
func BuildTriageReport ¶
func BuildTriageReport(target Target, stats vulnerabilityv1.Stats, cons []vulnerability.Consolidated) TriageReport
BuildTriageReport constructs a TriageReport from the target, stats, and consolidated vulnerabilities.
type Vulnerability ¶
type Vulnerability struct {
ID string `json:"id"`
Aliases []string `json:"aliases,omitempty"`
Summary string `json:"summary,omitempty"`
Details string `json:"details,omitempty"`
CVE string `json:"cve,omitempty"`
Severity string `json:"severity,omitempty"`
SeverityType string `json:"severity_type,omitempty"`
Package string `json:"package"`
Version string `json:"version,omitempty"`
IsDirect bool `json:"is_direct,omitempty"`
Ecosystem string `json:"ecosystem,omitempty"`
PURL string `json:"purl,omitempty"`
Published string `json:"published,omitempty"`
Modified string `json:"modified,omitempty"`
References []string `json:"references,omitempty"`
FixedVersions []string `json:"fixed_versions,omitempty"`
Affected bool `json:"affected,omitempty"`
Locations []string `json:"locations,omitempty"`
ManifestRefs []dependencyv1.ManifestRef `json:"manifest_refs,omitempty"`
AffectedImports []vulnerabilityv1.AffectedImport `json:"affected_imports,omitempty"`
DatabaseSpecific map[string]string `json:"database_specific,omitempty"`
// LayerDetails contains information about the container image layer where
// the vulnerable package was found. Nil for non-container-image scans.
LayerDetails *containerv1.LayerDetails `json:"layer_details,omitempty"`
// CWEs contains Common Weakness Enumeration identifiers for this vulnerability.
// Extracted from OSV database_specific.cwe_ids (primarily from GHSA records).
// Example: ["CWE-79", "CWE-89"]
CWEs []string `json:"cwes,omitempty"`
// EPSS is the Exploit Prediction Scoring System score (0.0-1.0).
// Represents the probability of exploitation in the next 30 days.
// Only populated when EPSS enrichment is enabled.
EPSS *float64 `json:"epss,omitempty"`
// EPSSPercentile indicates what percentage of CVEs have a lower EPSS score.
// Only populated when EPSS enrichment is enabled.
EPSSPercentile *float64 `json:"epss_percentile,omitempty"`
// InKEV indicates whether this CVE is in CISA's Known Exploited Vulnerabilities catalog.
// Only populated when KEV enrichment is enabled.
InKEV *bool `json:"in_kev,omitempty"`
// KEVDateAdded is when this CVE was added to the KEV catalog (YYYY-MM-DD).
// Only populated when KEV enrichment is enabled and InKEV is true.
KEVDateAdded string `json:"kev_date_added,omitempty"`
// KEVDueDate is the compliance deadline for federal agencies (YYYY-MM-DD).
// Only populated when KEV enrichment is enabled and InKEV is true.
KEVDueDate string `json:"kev_due_date,omitempty"`
// KEVRequiredAction is the required remediation action from CISA.
// Only populated when KEV enrichment is enabled and InKEV is true.
KEVRequiredAction string `json:"kev_required_action,omitempty"`
// KEVKnownRansomwareCampaignUse indicates ransomware involvement ("Known" or "Unknown").
// Only populated when KEV enrichment is enabled and InKEV is true.
KEVKnownRansomwareCampaignUse string `json:"kev_known_ransomware_campaign_use,omitempty"`
// Path contains the dependency chain from root to the vulnerable package.
// Example: ["myapp", "go-git/v5", "x/crypto"]
// Only populated for indirect dependencies when graph resolution is enabled.
Path []string `json:"path,omitempty"`
// Depth is the distance from root to the vulnerable package (0 = direct, 1+ = transitive).
// Only populated when graph resolution is enabled.
Depth *int `json:"depth,omitempty"`
}
Vulnerability is the flattened scan output representation for JSON and policy evaluation.
func FlattenScanningResult ¶
func FlattenScanningResult(result scanning.Result) []Vulnerability
FlattenScanningResult flattens scanning.Result into JSON-ready vulnerabilities. If result.Graph is available, it populates Path and Depth fields for transitive dependencies.
func (Vulnerability) CSVHeaders ¶
func (v Vulnerability) CSVHeaders() []string
CSVHeaders returns column headers for CSV export. Implements output.CSVRecord.
func (Vulnerability) CSVRow ¶
func (v Vulnerability) CSVRow() []string
CSVRow returns values for a single CSV row. Implements output.CSVRecord.
func (Vulnerability) IsInKEV ¶
func (v Vulnerability) IsInKEV() bool
IsInKEV returns true if this vulnerability is in the CISA KEV catalog. Returns false if enrichment data is not available.
func (Vulnerability) IsRansomwareRelated ¶
func (v Vulnerability) IsRansomwareRelated() bool
IsRansomwareRelated returns true if this vulnerability is known to be used in ransomware campaigns according to the CISA KEV catalog. Returns false if enrichment data is not available or the CVE is not in KEV.
Source Files
Directories