scanv1

package
v0.0.0-...-1a28f28 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jan 22, 2026 License: MIT Imports: 14 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

View Source 
var (
	ScanPhase_name = map[int32]string{
		0:  "SCAN_PHASE_UNSPECIFIED",
		1:  "SCAN_PHASE_INITIALIZING",
		2:  "SCAN_PHASE_RESOLVING_TARGET",
		3:  "SCAN_PHASE_EXTRACTING_INVENTORY",
		4:  "SCAN_PHASE_RESOLVING_GRAPH",
		5:  "SCAN_PHASE_QUERYING_VULNERABILITIES",
		6:  "SCAN_PHASE_ENRICHING_FINDINGS",
		7:  "SCAN_PHASE_EVALUATING_POLICIES",
		8:  "SCAN_PHASE_SCANNING_SECRETS",
		9:  "SCAN_PHASE_COMPLETE",
		10: "SCAN_PHASE_FAILED",
	}
	ScanPhase_value = map[string]int32{
		"SCAN_PHASE_UNSPECIFIED":              0,
		"SCAN_PHASE_INITIALIZING":             1,
		"SCAN_PHASE_RESOLVING_TARGET":         2,
		"SCAN_PHASE_EXTRACTING_INVENTORY":     3,
		"SCAN_PHASE_RESOLVING_GRAPH":          4,
		"SCAN_PHASE_QUERYING_VULNERABILITIES": 5,
		"SCAN_PHASE_ENRICHING_FINDINGS":       6,
		"SCAN_PHASE_EVALUATING_POLICIES":      7,
		"SCAN_PHASE_SCANNING_SECRETS":         8,
		"SCAN_PHASE_COMPLETE":                 9,
		"SCAN_PHASE_FAILED":                   10,
	}
)

Enum value maps for ScanPhase.

View Source 
var File_deputy_scan_v1_service_proto protoreflect.FileDescriptor

Functions

This section is empty.

Types

type DependencyGraph 

type DependencyGraph struct {

	// Nodes are all packages in the dependency graph.
	Nodes []*v16.Node `protobuf:"bytes,1,rep,name=nodes,proto3" json:"nodes,omitempty"`
	// Edges represent dependency relationships.
	Edges []*v16.Edge `protobuf:"bytes,2,rep,name=edges,proto3" json:"edges,omitempty"`
	// Roots are PURLs of direct dependencies (depth 0).
	Roots []string `protobuf:"bytes,3,rep,name=roots,proto3" json:"roots,omitempty"`
	// Stats summarizes the graph.
	Stats *v16.GraphStats `protobuf:"bytes,4,opt,name=stats,proto3" json:"stats,omitempty"`
	// contains filtered or unexported fields
}

DependencyGraph contains the resolved dependency graph. This is a subset of graph.v1.BuildGraphResponse, included inline in scan results when graph resolution is enabled via GraphOptions.

func (*DependencyGraph) Descriptor deprecated 

func (*DependencyGraph) Descriptor() ([]byte, []int)

Deprecated: Use DependencyGraph.ProtoReflect.Descriptor instead.

func (*DependencyGraph) GetEdges 

func (x *DependencyGraph) GetEdges() []*v16.Edge

func (*DependencyGraph) GetNodes 

func (x *DependencyGraph) GetNodes() []*v16.Node

func (*DependencyGraph) GetRoots 

func (x *DependencyGraph) GetRoots() []string

func (*DependencyGraph) GetStats 

func (x *DependencyGraph) GetStats() *v16.GraphStats

func (*DependencyGraph) ProtoMessage 

func (*DependencyGraph) ProtoMessage()

func (*DependencyGraph) ProtoReflect 

func (x *DependencyGraph) ProtoReflect() protoreflect.Message

func (*DependencyGraph) Reset 

func (x *DependencyGraph) Reset()

func (*DependencyGraph) String 

func (x *DependencyGraph) String() string

type EnrichOptions 

type EnrichOptions struct {

	// Enabled controls whether to enrich vulnerabilities with threat intel.
	Enabled bool `protobuf:"varint,1,opt,name=enabled,proto3" json:"enabled,omitempty"`
	// IncludeEpss adds EPSS scores to findings.
	IncludeEpss bool `protobuf:"varint,2,opt,name=include_epss,json=includeEpss,proto3" json:"include_epss,omitempty"`
	// IncludeKev adds CISA KEV catalog data to findings.
	IncludeKev bool `protobuf:"varint,3,opt,name=include_kev,json=includeKev,proto3" json:"include_kev,omitempty"`
	// contains filtered or unexported fields
}

EnrichOptions configures vulnerability enrichment with threat intelligence.

func (*EnrichOptions) Descriptor deprecated 

func (*EnrichOptions) Descriptor() ([]byte, []int)

Deprecated: Use EnrichOptions.ProtoReflect.Descriptor instead.

func (*EnrichOptions) GetEnabled 

func (x *EnrichOptions) GetEnabled() bool

func (*EnrichOptions) GetIncludeEpss 

func (x *EnrichOptions) GetIncludeEpss() bool

func (*EnrichOptions) GetIncludeKev 

func (x *EnrichOptions) GetIncludeKev() bool

func (*EnrichOptions) ProtoMessage 

func (*EnrichOptions) ProtoMessage()

func (*EnrichOptions) ProtoReflect 

func (x *EnrichOptions) ProtoReflect() protoreflect.Message

func (*EnrichOptions) Reset 

func (x *EnrichOptions) Reset()

func (*EnrichOptions) String 

func (x *EnrichOptions) String() string

type GraphOptions 

type GraphOptions struct {

	// Enabled controls whether to build the dependency graph.
	Enabled bool `protobuf:"varint,1,opt,name=enabled,proto3" json:"enabled,omitempty"`
	// UseProxy enables fetching module metadata from package registries.
	UseProxy bool `protobuf:"varint,2,opt,name=use_proxy,json=useProxy,proto3" json:"use_proxy,omitempty"`
	// UseGit enables cloning repositories for private module resolution.
	UseGit bool `protobuf:"varint,3,opt,name=use_git,json=useGit,proto3" json:"use_git,omitempty"`
	// PrivatePatterns specifies glob patterns for private modules.
	// Maximum 100 patterns to prevent abuse. Each pattern limited to 256 chars.
	PrivatePatterns []string `protobuf:"bytes,4,rep,name=private_patterns,json=privatePatterns,proto3" json:"private_patterns,omitempty"`
	// contains filtered or unexported fields
}

GraphOptions configures dependency graph resolution during scans.

func (*GraphOptions) Descriptor deprecated 

func (*GraphOptions) Descriptor() ([]byte, []int)

Deprecated: Use GraphOptions.ProtoReflect.Descriptor instead.

func (*GraphOptions) GetEnabled 

func (x *GraphOptions) GetEnabled() bool

func (*GraphOptions) GetPrivatePatterns 

func (x *GraphOptions) GetPrivatePatterns() []string

func (*GraphOptions) GetUseGit 

func (x *GraphOptions) GetUseGit() bool

func (*GraphOptions) GetUseProxy 

func (x *GraphOptions) GetUseProxy() bool

func (*GraphOptions) ProtoMessage 

func (*GraphOptions) ProtoMessage()

func (*GraphOptions) ProtoReflect 

func (x *GraphOptions) ProtoReflect() protoreflect.Message

func (*GraphOptions) Reset 

func (x *GraphOptions) Reset()

func (*GraphOptions) String 

func (x *GraphOptions) String() string

type Healthcheck 

type Healthcheck struct {

	// Test is the health check command.
	Test []string `protobuf:"bytes,1,rep,name=test,proto3" json:"test,omitempty"`
	// Interval is time between checks (Go duration format).
	Interval string `protobuf:"bytes,2,opt,name=interval,proto3" json:"interval,omitempty"`
	// Timeout is timeout for each check.
	Timeout string `protobuf:"bytes,3,opt,name=timeout,proto3" json:"timeout,omitempty"`
	// Retries is consecutive failures before unhealthy.
	Retries int32 `protobuf:"varint,4,opt,name=retries,proto3" json:"retries,omitempty"`
	// contains filtered or unexported fields
}

Healthcheck contains HEALTHCHECK instruction configuration.

func (*Healthcheck) Descriptor deprecated 

func (*Healthcheck) Descriptor() ([]byte, []int)

Deprecated: Use Healthcheck.ProtoReflect.Descriptor instead.

func (*Healthcheck) GetInterval 

func (x *Healthcheck) GetInterval() string

func (*Healthcheck) GetRetries 

func (x *Healthcheck) GetRetries() int32

func (*Healthcheck) GetTest 

func (x *Healthcheck) GetTest() []string

func (*Healthcheck) GetTimeout 

func (x *Healthcheck) GetTimeout() string

func (*Healthcheck) ProtoMessage 

func (*Healthcheck) ProtoMessage()

func (*Healthcheck) ProtoReflect 

func (x *Healthcheck) ProtoReflect() protoreflect.Message

func (*Healthcheck) Reset 

func (x *Healthcheck) Reset()

func (*Healthcheck) String 

func (x *Healthcheck) String() string

type HistoryEntry 

type HistoryEntry struct {

	// CreatedBy is the command that created this layer.
	CreatedBy string `protobuf:"bytes,1,opt,name=created_by,json=createdBy,proto3" json:"created_by,omitempty"`
	// Created is when this layer was created.
	Created *timestamppb.Timestamp `protobuf:"bytes,2,opt,name=created,proto3" json:"created,omitempty"`
	// EmptyLayer indicates this is a metadata-only layer.
	EmptyLayer bool `protobuf:"varint,3,opt,name=empty_layer,json=emptyLayer,proto3" json:"empty_layer,omitempty"`
	// contains filtered or unexported fields
}

HistoryEntry contains build history information.

func (*HistoryEntry) Descriptor deprecated 

func (*HistoryEntry) Descriptor() ([]byte, []int)

Deprecated: Use HistoryEntry.ProtoReflect.Descriptor instead.

func (*HistoryEntry) GetCreated 

func (x *HistoryEntry) GetCreated() *timestamppb.Timestamp

func (*HistoryEntry) GetCreatedBy 

func (x *HistoryEntry) GetCreatedBy() string

func (*HistoryEntry) GetEmptyLayer 

func (x *HistoryEntry) GetEmptyLayer() bool

func (*HistoryEntry) ProtoMessage 

func (*HistoryEntry) ProtoMessage()

func (*HistoryEntry) ProtoReflect 

func (x *HistoryEntry) ProtoReflect() protoreflect.Message

func (*HistoryEntry) Reset 

func (x *HistoryEntry) Reset()

func (*HistoryEntry) String 

func (x *HistoryEntry) String() string

type ImageConfig 

type ImageConfig struct {

	// User to run as (empty = root).
	User string `protobuf:"bytes,1,opt,name=user,proto3" json:"user,omitempty"`
	// IsRoot indicates whether running as root.
	IsRoot bool `protobuf:"varint,2,opt,name=is_root,json=isRoot,proto3" json:"is_root,omitempty"`
	// Env are environment variables.
	Env []string `protobuf:"bytes,3,rep,name=env,proto3" json:"env,omitempty"`
	// SensitiveEnv are env vars that may contain secrets.
	SensitiveEnv []string `protobuf:"bytes,4,rep,name=sensitive_env,json=sensitiveEnv,proto3" json:"sensitive_env,omitempty"`
	// Entrypoint is the container entrypoint command.
	Entrypoint []string `protobuf:"bytes,5,rep,name=entrypoint,proto3" json:"entrypoint,omitempty"`
	// Cmd are default command arguments.
	Cmd []string `protobuf:"bytes,6,rep,name=cmd,proto3" json:"cmd,omitempty"`
	// ExposedPorts are exposed ports.
	ExposedPorts []string `protobuf:"bytes,7,rep,name=exposed_ports,json=exposedPorts,proto3" json:"exposed_ports,omitempty"`
	// Volumes are defined volumes.
	Volumes []string `protobuf:"bytes,8,rep,name=volumes,proto3" json:"volumes,omitempty"`
	// Labels are image labels.
	Labels map[string]string `` /* 139-byte string literal not displayed */
	// WorkingDir is the working directory.
	WorkingDir string `protobuf:"bytes,10,opt,name=working_dir,json=workingDir,proto3" json:"working_dir,omitempty"`
	// Healthcheck configuration if defined.
	Healthcheck *Healthcheck `protobuf:"bytes,11,opt,name=healthcheck,proto3" json:"healthcheck,omitempty"`
	// contains filtered or unexported fields
}

ImageConfig contains container image configuration from Dockerfile settings.

func (*ImageConfig) Descriptor deprecated 

func (*ImageConfig) Descriptor() ([]byte, []int)

Deprecated: Use ImageConfig.ProtoReflect.Descriptor instead.

func (*ImageConfig) GetCmd 

func (x *ImageConfig) GetCmd() []string

func (*ImageConfig) GetEntrypoint 

func (x *ImageConfig) GetEntrypoint() []string

func (*ImageConfig) GetEnv 

func (x *ImageConfig) GetEnv() []string

func (*ImageConfig) GetExposedPorts 

func (x *ImageConfig) GetExposedPorts() []string

func (*ImageConfig) GetHealthcheck 

func (x *ImageConfig) GetHealthcheck() *Healthcheck

func (*ImageConfig) GetIsRoot 

func (x *ImageConfig) GetIsRoot() bool

func (*ImageConfig) GetLabels 

func (x *ImageConfig) GetLabels() map[string]string

func (*ImageConfig) GetSensitiveEnv 

func (x *ImageConfig) GetSensitiveEnv() []string

func (*ImageConfig) GetUser 

func (x *ImageConfig) GetUser() string

func (*ImageConfig) GetVolumes 

func (x *ImageConfig) GetVolumes() []string

func (*ImageConfig) GetWorkingDir 

func (x *ImageConfig) GetWorkingDir() string

func (*ImageConfig) ProtoMessage 

func (*ImageConfig) ProtoMessage()

func (*ImageConfig) ProtoReflect 

func (x *ImageConfig) ProtoReflect() protoreflect.Message

func (*ImageConfig) Reset 

func (x *ImageConfig) Reset()

func (*ImageConfig) String 

func (x *ImageConfig) String() string

type ImageInfo 

type ImageInfo struct {

	// Config contains the image configuration.
	Config *ImageConfig `protobuf:"bytes,1,opt,name=config,proto3" json:"config,omitempty"`
	// Metadata contains image metadata.
	Metadata *ImageMetadata `protobuf:"bytes,2,opt,name=metadata,proto3" json:"metadata,omitempty"`
	// History contains build history entries.
	History []*HistoryEntry `protobuf:"bytes,3,rep,name=history,proto3" json:"history,omitempty"`
	// contains filtered or unexported fields
}

ImageInfo contains container image configuration and metadata.

func (*ImageInfo) Descriptor deprecated 

func (*ImageInfo) Descriptor() ([]byte, []int)

Deprecated: Use ImageInfo.ProtoReflect.Descriptor instead.

func (*ImageInfo) GetConfig 

func (x *ImageInfo) GetConfig() *ImageConfig

func (*ImageInfo) GetHistory 

func (x *ImageInfo) GetHistory() []*HistoryEntry

func (*ImageInfo) GetMetadata 

func (x *ImageInfo) GetMetadata() *ImageMetadata

func (*ImageInfo) ProtoMessage 

func (*ImageInfo) ProtoMessage()

func (*ImageInfo) ProtoReflect 

func (x *ImageInfo) ProtoReflect() protoreflect.Message

func (*ImageInfo) Reset 

func (x *ImageInfo) Reset()

func (*ImageInfo) String 

func (x *ImageInfo) String() string

type ImageMetadata 

type ImageMetadata struct {

	// Architecture is the CPU architecture.
	Architecture string `protobuf:"bytes,1,opt,name=architecture,proto3" json:"architecture,omitempty"`
	// Os is the operating system.
	Os string `protobuf:"bytes,2,opt,name=os,proto3" json:"os,omitempty"`
	// LayerCount is the number of layers.
	LayerCount int32 `protobuf:"varint,3,opt,name=layer_count,json=layerCount,proto3" json:"layer_count,omitempty"`
	// Size is total size in bytes.
	Size int64 `protobuf:"varint,4,opt,name=size,proto3" json:"size,omitempty"`
	// Created is when the image was created.
	Created *timestamppb.Timestamp `protobuf:"bytes,5,opt,name=created,proto3" json:"created,omitempty"`
	// Digest is the image digest.
	Digest string `protobuf:"bytes,6,opt,name=digest,proto3" json:"digest,omitempty"`
	// contains filtered or unexported fields
}

ImageMetadata contains image metadata.

func (*ImageMetadata) Descriptor deprecated 

func (*ImageMetadata) Descriptor() ([]byte, []int)

Deprecated: Use ImageMetadata.ProtoReflect.Descriptor instead.

func (*ImageMetadata) GetArchitecture 

func (x *ImageMetadata) GetArchitecture() string

func (*ImageMetadata) GetCreated 

func (x *ImageMetadata) GetCreated() *timestamppb.Timestamp

func (*ImageMetadata) GetDigest 

func (x *ImageMetadata) GetDigest() string

func (*ImageMetadata) GetLayerCount 

func (x *ImageMetadata) GetLayerCount() int32

func (*ImageMetadata) GetOs 

func (x *ImageMetadata) GetOs() string

func (*ImageMetadata) GetSize 

func (x *ImageMetadata) GetSize() int64

func (*ImageMetadata) ProtoMessage 

func (*ImageMetadata) ProtoMessage()

func (*ImageMetadata) ProtoReflect 

func (x *ImageMetadata) ProtoReflect() protoreflect.Message

func (*ImageMetadata) Reset 

func (x *ImageMetadata) Reset()

func (*ImageMetadata) String 

func (x *ImageMetadata) String() string

type ScanOptions 

type ScanOptions struct {

	// Ecosystems filters scanning to specific package ecosystems.
	// Empty means scan all detected ecosystems.
	// Maximum 50 ecosystems to prevent abuse.
	Ecosystems []string `protobuf:"bytes,1,rep,name=ecosystems,proto3" json:"ecosystems,omitempty"`
	// PublishedBefore filters to vulnerabilities published before this timestamp.
	PublishedBefore *timestamppb.Timestamp `protobuf:"bytes,2,opt,name=published_before,json=publishedBefore,proto3" json:"published_before,omitempty"`
	// PublishedAfter filters to vulnerabilities published after this timestamp.
	PublishedAfter *timestamppb.Timestamp `protobuf:"bytes,3,opt,name=published_after,json=publishedAfter,proto3" json:"published_after,omitempty"`
	// GraphOptions configures dependency graph resolution.
	GraphOptions *GraphOptions `protobuf:"bytes,4,opt,name=graph_options,json=graphOptions,proto3" json:"graph_options,omitempty"`
	// EnrichOptions configures vulnerability enrichment.
	EnrichOptions *EnrichOptions `protobuf:"bytes,5,opt,name=enrich_options,json=enrichOptions,proto3" json:"enrich_options,omitempty"`
	// PolicyPaths are paths to policy files to evaluate.
	// Maximum 20 policy paths to prevent abuse. Each path limited to 1024 chars.
	PolicyPaths []string `protobuf:"bytes,6,rep,name=policy_paths,json=policyPaths,proto3" json:"policy_paths,omitempty"`
	// Ref is a Git reference to scan (branch, tag, commit).
	// Only applies to git/repository targets.
	// Maximum length accommodates SHA-256 commit hashes and long branch names.
	Ref string `protobuf:"bytes,7,opt,name=ref,proto3" json:"ref,omitempty"`
	// Platform specifies the target platform for container images (e.g., "linux/amd64").
	// Only applies to container image targets.
	Platform string `protobuf:"bytes,8,opt,name=platform,proto3" json:"platform,omitempty"`
	// IncludeSecrets enables secret scanning alongside vulnerability scanning.
	IncludeSecrets bool `protobuf:"varint,9,opt,name=include_secrets,json=includeSecrets,proto3" json:"include_secrets,omitempty"`
	// TargetHint provides disambiguation when the target string is ambiguous.
	// The scanner auto-detects target type from the target string in most cases:
	//   - "pkg:golang/..." -> PURL
	//   - "docker://...", "ghcr.io/..." -> container image
	//   - "./path", "/path" -> directory or SBOM file
	//   - "github.com/owner/repo" -> git repository
	//
	// Use TargetHint only when auto-detection fails or is ambiguous.
	TargetHint *TargetHint `protobuf:"bytes,10,opt,name=target_hint,json=targetHint,proto3" json:"target_hint,omitempty"`
	// DetectBaseImage enables base image detection for container image scans.
	// When enabled, queries deps.dev to determine if layers belong to known base images,
	// populating layer_details.in_base_image in the response packages.
	// Only applies to container image targets. Requires network access and adds latency.
	DetectBaseImage bool `protobuf:"varint,11,opt,name=detect_base_image,json=detectBaseImage,proto3" json:"detect_base_image,omitempty"`
	// contains filtered or unexported fields
}

ScanOptions configures scan behavior.

func (*ScanOptions) Descriptor deprecated 

func (*ScanOptions) Descriptor() ([]byte, []int)

Deprecated: Use ScanOptions.ProtoReflect.Descriptor instead.

func (*ScanOptions) GetDetectBaseImage 

func (x *ScanOptions) GetDetectBaseImage() bool

func (*ScanOptions) GetEcosystems 

func (x *ScanOptions) GetEcosystems() []string

func (*ScanOptions) GetEnrichOptions 

func (x *ScanOptions) GetEnrichOptions() *EnrichOptions

func (*ScanOptions) GetGraphOptions 

func (x *ScanOptions) GetGraphOptions() *GraphOptions

func (*ScanOptions) GetIncludeSecrets 

func (x *ScanOptions) GetIncludeSecrets() bool

func (*ScanOptions) GetPlatform 

func (x *ScanOptions) GetPlatform() string

func (*ScanOptions) GetPolicyPaths 

func (x *ScanOptions) GetPolicyPaths() []string

func (*ScanOptions) GetPublishedAfter 

func (x *ScanOptions) GetPublishedAfter() *timestamppb.Timestamp

func (*ScanOptions) GetPublishedBefore 

func (x *ScanOptions) GetPublishedBefore() *timestamppb.Timestamp

func (*ScanOptions) GetRef 

func (x *ScanOptions) GetRef() string

func (*ScanOptions) GetTargetHint 

func (x *ScanOptions) GetTargetHint() *TargetHint

func (*ScanOptions) ProtoMessage 

func (*ScanOptions) ProtoMessage()

func (*ScanOptions) ProtoReflect 

func (x *ScanOptions) ProtoReflect() protoreflect.Message

func (*ScanOptions) Reset 

func (x *ScanOptions) Reset()

func (*ScanOptions) String 

func (x *ScanOptions) String() string

type ScanPhase 

type ScanPhase int32

ScanPhase indicates the current phase of a scan operation. 

const (
	// Unspecified phase.
	ScanPhase_SCAN_PHASE_UNSPECIFIED ScanPhase = 0
	// Initializing scan resources.
	ScanPhase_SCAN_PHASE_INITIALIZING ScanPhase = 1
	// Resolving the scan target (cloning, downloading, etc.).
	ScanPhase_SCAN_PHASE_RESOLVING_TARGET ScanPhase = 2
	// Extracting package inventory from manifests and lockfiles.
	ScanPhase_SCAN_PHASE_EXTRACTING_INVENTORY ScanPhase = 3
	// Resolving the dependency graph.
	ScanPhase_SCAN_PHASE_RESOLVING_GRAPH ScanPhase = 4
	// Querying vulnerability databases.
	ScanPhase_SCAN_PHASE_QUERYING_VULNERABILITIES ScanPhase = 5
	// Enriching findings with threat intelligence (EPSS, KEV).
	ScanPhase_SCAN_PHASE_ENRICHING_FINDINGS ScanPhase = 6
	// Evaluating policies against findings.
	ScanPhase_SCAN_PHASE_EVALUATING_POLICIES ScanPhase = 7
	// Scanning for secrets (when include_secrets is enabled).
	ScanPhase_SCAN_PHASE_SCANNING_SECRETS ScanPhase = 8
	// Scan completed successfully.
	ScanPhase_SCAN_PHASE_COMPLETE ScanPhase = 9
	// Scan failed with an error.
	ScanPhase_SCAN_PHASE_FAILED ScanPhase = 10
)

func (ScanPhase) Descriptor 

func (ScanPhase) Descriptor() protoreflect.EnumDescriptor

func (ScanPhase) Enum 

func (x ScanPhase) Enum() *ScanPhase

func (ScanPhase) EnumDescriptor deprecated 

func (ScanPhase) EnumDescriptor() ([]byte, []int)

Deprecated: Use ScanPhase.Descriptor instead.

func (ScanPhase) Number 

func (x ScanPhase) Number() protoreflect.EnumNumber

func (ScanPhase) String 

func (x ScanPhase) String() string

func (ScanPhase) Type 

func (ScanPhase) Type() protoreflect.EnumType

type ScanProgress 

type ScanProgress struct {

	// Phase indicates the current scan phase.
	Phase ScanPhase `protobuf:"varint,1,opt,name=phase,proto3,enum=deputy.scan.v1.ScanPhase" json:"phase,omitempty"`
	// Message provides human-readable progress information.
	Message string `protobuf:"bytes,2,opt,name=message,proto3" json:"message,omitempty"`
	// Progress is the completion percentage (0-100) for the current phase.
	Progress int32 `protobuf:"varint,3,opt,name=progress,proto3" json:"progress,omitempty"`
	// PackagesFound is the running count of discovered packages.
	PackagesFound int32 `protobuf:"varint,4,opt,name=packages_found,json=packagesFound,proto3" json:"packages_found,omitempty"`
	// VulnerabilitiesFound is the running count of discovered vulnerabilities.
	VulnerabilitiesFound int32 `protobuf:"varint,5,opt,name=vulnerabilities_found,json=vulnerabilitiesFound,proto3" json:"vulnerabilities_found,omitempty"`
	// Result is populated only in the final message when phase is SCAN_PHASE_COMPLETE.
	Result *ScanResponse `protobuf:"bytes,10,opt,name=result,proto3" json:"result,omitempty"`
	// Error is populated if the scan failed.
	Error string `protobuf:"bytes,11,opt,name=error,proto3" json:"error,omitempty"`
	// contains filtered or unexported fields
}

ScanProgress provides streaming updates during a scan.

func (*ScanProgress) Descriptor deprecated 

func (*ScanProgress) Descriptor() ([]byte, []int)

Deprecated: Use ScanProgress.ProtoReflect.Descriptor instead.

func (*ScanProgress) GetError 

func (x *ScanProgress) GetError() string

func (*ScanProgress) GetMessage 

func (x *ScanProgress) GetMessage() string

func (*ScanProgress) GetPackagesFound 

func (x *ScanProgress) GetPackagesFound() int32

func (*ScanProgress) GetPhase 

func (x *ScanProgress) GetPhase() ScanPhase

func (*ScanProgress) GetProgress 

func (x *ScanProgress) GetProgress() int32

func (*ScanProgress) GetResult 

func (x *ScanProgress) GetResult() *ScanResponse

func (*ScanProgress) GetVulnerabilitiesFound 

func (x *ScanProgress) GetVulnerabilitiesFound() int32

func (*ScanProgress) ProtoMessage 

func (*ScanProgress) ProtoMessage()

func (*ScanProgress) ProtoReflect 

func (x *ScanProgress) ProtoReflect() protoreflect.Message

func (*ScanProgress) Reset 

func (x *ScanProgress) Reset()

func (*ScanProgress) String 

func (x *ScanProgress) String() string

type ScanRequest 

type ScanRequest struct {

	// Target is the scan target (path, URL, image reference, etc.).
	// When empty, defaults to current working directory.
	// Maximum length prevents denial-of-service via excessively long strings.
	Target string `protobuf:"bytes,1,opt,name=target,proto3" json:"target,omitempty"`
	// Options configure scan behavior.
	Options *ScanOptions `protobuf:"bytes,2,opt,name=options,proto3" json:"options,omitempty"`
	// contains filtered or unexported fields
}

ScanRequest specifies what to scan and how.

func (*ScanRequest) Descriptor deprecated 

func (*ScanRequest) Descriptor() ([]byte, []int)

Deprecated: Use ScanRequest.ProtoReflect.Descriptor instead.

func (*ScanRequest) GetOptions 

func (x *ScanRequest) GetOptions() *ScanOptions

func (*ScanRequest) GetTarget 

func (x *ScanRequest) GetTarget() string

func (*ScanRequest) ProtoMessage 

func (*ScanRequest) ProtoMessage()

func (*ScanRequest) ProtoReflect 

func (x *ScanRequest) ProtoReflect() protoreflect.Message

func (*ScanRequest) Reset 

func (x *ScanRequest) Reset()

func (*ScanRequest) String 

func (x *ScanRequest) String() string

type ScanResponse 

type ScanResponse struct {

	// Target describes what was scanned.
	Target *v1.Target `protobuf:"bytes,1,opt,name=target,proto3" json:"target,omitempty"`
	// GeneratedAt is when this report was generated.
	GeneratedAt *timestamppb.Timestamp `protobuf:"bytes,2,opt,name=generated_at,json=generatedAt,proto3" json:"generated_at,omitempty"`
	// PackagesScanned is the count of packages analyzed.
	PackagesScanned int32 `protobuf:"varint,3,opt,name=packages_scanned,json=packagesScanned,proto3" json:"packages_scanned,omitempty"`
	// Packages lists all discovered packages.
	Packages []*v11.Package `protobuf:"bytes,4,rep,name=packages,proto3" json:"packages,omitempty"`
	// Findings lists all vulnerability occurrences.
	Findings []*v12.Finding `protobuf:"bytes,5,rep,name=findings,proto3" json:"findings,omitempty"`
	// Advisories maps advisory IDs to full advisory details.
	// This deduplicates advisory data when multiple packages share vulnerabilities.
	Advisories map[string]*v12.Advisory `` /* 147-byte string literal not displayed */
	// Stats summarizes vulnerability counts by severity.
	Stats *v12.Stats `protobuf:"bytes,7,opt,name=stats,proto3" json:"stats,omitempty"`
	// PolicyActions lists policy evaluation outcomes.
	PolicyActions []*v13.Action `protobuf:"bytes,8,rep,name=policy_actions,json=policyActions,proto3" json:"policy_actions,omitempty"`
	// Warnings contains non-fatal issues encountered during scanning.
	Warnings []string `protobuf:"bytes,9,rep,name=warnings,proto3" json:"warnings,omitempty"`
	// ImageInfo contains container image configuration when scanning images.
	ImageInfo *ImageInfo `protobuf:"bytes,10,opt,name=image_info,json=imageInfo,proto3" json:"image_info,omitempty"`
	// SecretFindings lists detected secrets when include_secrets is enabled.
	SecretFindings []*v14.Finding `protobuf:"bytes,11,rep,name=secret_findings,json=secretFindings,proto3" json:"secret_findings,omitempty"`
	// SecretStats summarizes secret scan results when include_secrets is enabled.
	SecretStats *v14.Stats `protobuf:"bytes,12,opt,name=secret_stats,json=secretStats,proto3" json:"secret_stats,omitempty"`
	// Graph contains the resolved dependency graph when graph_options.enabled is true.
	// Enables path-based analysis like "why is this vulnerable package in my dependencies?"
	Graph *DependencyGraph `protobuf:"bytes,13,opt,name=graph,proto3" json:"graph,omitempty"`
	// DockerfileInfo contains parsed Dockerfile data when scanning Dockerfiles.
	DockerfileInfo *v15.DockerfileInfo `protobuf:"bytes,14,opt,name=dockerfile_info,json=dockerfileInfo,proto3" json:"dockerfile_info,omitempty"`
	// contains filtered or unexported fields
}

ScanResponse contains the complete scan results.

func (*ScanResponse) Descriptor deprecated 

func (*ScanResponse) Descriptor() ([]byte, []int)

Deprecated: Use ScanResponse.ProtoReflect.Descriptor instead.

func (*ScanResponse) GetAdvisories 

func (x *ScanResponse) GetAdvisories() map[string]*v12.Advisory

func (*ScanResponse) GetDockerfileInfo 

func (x *ScanResponse) GetDockerfileInfo() *v15.DockerfileInfo

func (*ScanResponse) GetFindings 

func (x *ScanResponse) GetFindings() []*v12.Finding

func (*ScanResponse) GetGeneratedAt 

func (x *ScanResponse) GetGeneratedAt() *timestamppb.Timestamp

func (*ScanResponse) GetGraph 

func (x *ScanResponse) GetGraph() *DependencyGraph

func (*ScanResponse) GetImageInfo 

func (x *ScanResponse) GetImageInfo() *ImageInfo

func (*ScanResponse) GetPackages 

func (x *ScanResponse) GetPackages() []*v11.Package

func (*ScanResponse) GetPackagesScanned 

func (x *ScanResponse) GetPackagesScanned() int32

func (*ScanResponse) GetPolicyActions 

func (x *ScanResponse) GetPolicyActions() []*v13.Action

func (*ScanResponse) GetSecretFindings 

func (x *ScanResponse) GetSecretFindings() []*v14.Finding

func (*ScanResponse) GetSecretStats 

func (x *ScanResponse) GetSecretStats() *v14.Stats

func (*ScanResponse) GetStats 

func (x *ScanResponse) GetStats() *v12.Stats

func (*ScanResponse) GetTarget 

func (x *ScanResponse) GetTarget() *v1.Target

func (*ScanResponse) GetWarnings 

func (x *ScanResponse) GetWarnings() []string

func (*ScanResponse) ProtoMessage 

func (*ScanResponse) ProtoMessage()

func (*ScanResponse) ProtoReflect 

func (x *ScanResponse) ProtoReflect() protoreflect.Message

func (*ScanResponse) Reset 

func (x *ScanResponse) Reset()

func (*ScanResponse) String 

func (x *ScanResponse) String() string

type StreamScanRequest 

type StreamScanRequest struct {

	// Target is the scan target (path, URL, image reference, etc.).
	// Maximum length prevents denial-of-service via excessively long strings.
	Target string `protobuf:"bytes,1,opt,name=target,proto3" json:"target,omitempty"`
	// Options configure scan behavior.
	Options *ScanOptions `protobuf:"bytes,2,opt,name=options,proto3" json:"options,omitempty"`
	// contains filtered or unexported fields
}

StreamScanRequest specifies what to scan with streaming progress.

func (*StreamScanRequest) Descriptor deprecated 

func (*StreamScanRequest) Descriptor() ([]byte, []int)

Deprecated: Use StreamScanRequest.ProtoReflect.Descriptor instead.

func (*StreamScanRequest) GetOptions 

func (x *StreamScanRequest) GetOptions() *ScanOptions

func (*StreamScanRequest) GetTarget 

func (x *StreamScanRequest) GetTarget() string

func (*StreamScanRequest) ProtoMessage 

func (*StreamScanRequest) ProtoMessage()

func (*StreamScanRequest) ProtoReflect 

func (x *StreamScanRequest) ProtoReflect() protoreflect.Message

func (*StreamScanRequest) Reset 

func (x *StreamScanRequest) Reset()

func (*StreamScanRequest) String 

func (x *StreamScanRequest) String() string

type TargetHint 

type TargetHint struct {

	// Kind explicitly specifies the target type.
	Kind v1.TargetKind `protobuf:"varint,1,opt,name=kind,proto3,enum=deputy.target.v1.TargetKind" json:"kind,omitempty"`
	// ImageTransport specifies how to fetch container images.
	// Only used when kind is TARGET_KIND_CONTAINER_IMAGE.
	// Values: "remote" (default), "daemon", "tarball", "oci-archive", "oci-layout".
	//
	// Security: "daemon", "tarball", "oci-archive", and "oci-layout" are only
	// available in in-process or local daemon mode. Remote servers reject these.
	ImageTransport string `protobuf:"bytes,2,opt,name=image_transport,json=imageTransport,proto3" json:"image_transport,omitempty"`
	// contains filtered or unexported fields
}

TargetHint disambiguates the target type when auto-detection is insufficient.

Security Note: When connecting to a remote server, certain combinations are rejected:

  • KIND_DIR with local paths
  • KIND_SBOM with stdin ("-")
  • KIND_CONTAINER_IMAGE with local transports ("daemon", "tarball", "oci-archive", "oci-layout")

Remote servers can only access remote-accessible resources (git URLs, registries, PURLs).

func (*TargetHint) Descriptor deprecated 

func (*TargetHint) Descriptor() ([]byte, []int)

Deprecated: Use TargetHint.ProtoReflect.Descriptor instead.

func (*TargetHint) GetImageTransport 

func (x *TargetHint) GetImageTransport() string

func (*TargetHint) GetKind 

func (x *TargetHint) GetKind() v1.TargetKind

func (*TargetHint) ProtoMessage 

func (*TargetHint) ProtoMessage()

func (*TargetHint) ProtoReflect 

func (x *TargetHint) ProtoReflect() protoreflect.Message

func (*TargetHint) Reset 

func (x *TargetHint) Reset()

func (*TargetHint) String 

func (x *TargetHint) String() string

Source Files

View all Source files

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.