Documentation
¶
Index ¶
- Variables
- func ApplyExplicitIgnoreRules(provider ExclusionProvider, matches Matches) (Matches, []IgnoredMatch)
- func ApplyIgnoreFilters[T IgnoreFilter](matches []Match, filters ...T) ([]Match, []IgnoredMatch)
- func ApplyIgnoreRules(matches Matches, rules []IgnoreRule) (Matches, []IgnoredMatch)
- func ConvertToIndirectMatches(matches []Match, p pkg.Package)
- func IsFatalError(err error) bool
- func NewFatalError(matcher MatcherType, e error) error
- type ByElements
- type CPEPackageParameter
- type CPEParameters
- type CPEResult
- type Detail
- type Details
- type ExclusionProvider
- type Fingerprint
- type IgnoreFilter
- type IgnoreRule
- type IgnoreRulePackage
- type IgnoredMatch
- type Match
- type Matcher
- type MatcherType
- type Matches
- func (r *Matches) Add(matches ...Match)
- func (r *Matches) AllByPkgID() map[pkg.ID][]Match
- func (r *Matches) Count() int
- func (r *Matches) Diff(other Matches) *Matches
- func (r *Matches) Enumerate() <-chan Match
- func (r *Matches) GetByPkgID(id pkg.ID) (matches []Match)
- func (r *Matches) Merge(other Matches)
- func (r *Matches) Sorted() []Match
- type Type
Constants ¶
This section is empty.
Variables ¶
var AllMatcherTypes = []MatcherType{ ApkMatcher, RubyGemMatcher, DpkgMatcher, RpmMatcher, JavaMatcher, PythonMatcher, DotnetMatcher, JavascriptMatcher, MsrcMatcher, PortageMatcher, GoModuleMatcher, OpenVexMatcher, RustMatcher, }
var ErrCannotMerge = fmt.Errorf("unable to merge vulnerability matches")
Functions ¶
func ApplyExplicitIgnoreRules ¶ added in v0.28.0
func ApplyExplicitIgnoreRules(provider ExclusionProvider, matches Matches) (Matches, []IgnoredMatch)
ApplyExplicitIgnoreRules Filters out matches meeting the criteria defined above and those within the grype database
func ApplyIgnoreFilters ¶ added in v0.88.0
func ApplyIgnoreFilters[T IgnoreFilter](matches []Match, filters ...T) ([]Match, []IgnoredMatch)
ApplyIgnoreFilters applies all the IgnoreFilter(s) to the provided set of matches, splitting the results into a set of matched matches and ignored matches
func ApplyIgnoreRules ¶ added in v0.21.1
func ApplyIgnoreRules(matches Matches, rules []IgnoreRule) (Matches, []IgnoredMatch)
ApplyIgnoreRules iterates through the provided matches and, for each match, determines if the match should be ignored, by evaluating if any of the provided IgnoreRules apply to the match. If any rules apply to the match, all applicable rules are attached to the Match to form an IgnoredMatch. ApplyIgnoreRules returns two collections: the matches that are not being ignored, and the matches that are being ignored.
func ConvertToIndirectMatches ¶ added in v0.33.0
func IsFatalError ¶ added in v0.89.1
IsFatalError returns true if err includes a fatalError
func NewFatalError ¶ added in v0.89.1
func NewFatalError(matcher MatcherType, e error) error
NewFatalError creates a new fatalError wrapping the given error
Types ¶
type ByElements ¶ added in v0.13.0
type ByElements []Match
func (ByElements) Len ¶ added in v0.13.0
func (m ByElements) Len() int
Len is the number of elements in the collection.
func (ByElements) Less ¶ added in v0.13.0
func (m ByElements) Less(i, j int) bool
Less reports whether the element with index i should sort before the element with index j.
func (ByElements) Swap ¶ added in v0.13.0
func (m ByElements) Swap(i, j int)
Swap swaps the elements with indexes i and j.
type CPEPackageParameter ¶ added in v0.88.0
type CPEParameters ¶ added in v0.88.0
type CPEParameters struct {
Namespace string `json:"namespace"`
CPEs []string `json:"cpes"`
Package CPEPackageParameter `json:"package"`
}
func (*CPEParameters) Merge ¶ added in v0.88.0
func (i *CPEParameters) Merge(other CPEParameters) error
type CPEResult ¶ added in v0.88.0
type Detail ¶ added in v0.33.0
type Detail struct {
Type Type // The kind of match made (an exact match, fuzzy match, indirect vs direct, etc).
SearchedBy interface{} // The specific attributes that were used to search (other than package name and version) --this indicates "how" the match was made.
Found interface{} // The specific attributes on the vulnerability object that were matched with --this indicates "what" was matched on / within.
Matcher MatcherType // The matcher object that discovered the match.
Confidence float64 // The certainty of the match as a ratio (currently unused, reserved for future use).
}
type Details ¶ added in v0.13.0
type Details []Detail
func (Details) Matchers ¶ added in v0.33.0
func (m Details) Matchers() (tys []MatcherType)
type ExclusionProvider ¶ added in v0.41.0
type ExclusionProvider interface {
IgnoreRules(vulnerabilityID string) ([]IgnoreRule, error)
}
type Fingerprint ¶ added in v0.13.0
type Fingerprint struct {
// contains filtered or unexported fields
}
func (Fingerprint) ID ¶ added in v0.33.0
func (m Fingerprint) ID() string
func (Fingerprint) String ¶ added in v0.33.0
func (m Fingerprint) String() string
type IgnoreFilter ¶ added in v0.88.0
type IgnoreFilter interface {
IgnoreMatch(match Match) []IgnoreRule
}
IgnoreFilter implementations are used to filter matches, returning all applicable IgnoreRule(s) that applied, these could include an IgnoreRule with only a Reason value filled in for synthetically generated rules
type IgnoreRule ¶ added in v0.21.1
type IgnoreRule struct {
Vulnerability string `yaml:"vulnerability" json:"vulnerability" mapstructure:"vulnerability"`
Reason string `yaml:"reason" json:"reason" mapstructure:"reason"`
Namespace string `yaml:"namespace" json:"namespace" mapstructure:"namespace"`
FixState string `yaml:"fix-state" json:"fix-state" mapstructure:"fix-state"`
Package IgnoreRulePackage `yaml:"package" json:"package" mapstructure:"package"`
VexStatus string `yaml:"vex-status" json:"vex-status" mapstructure:"vex-status"`
VexJustification string `yaml:"vex-justification" json:"vex-justification" mapstructure:"vex-justification"`
MatchType Type `yaml:"match-type" json:"match-type" mapstructure:"match-type"`
}
An IgnoreRule specifies criteria for a vulnerability match to meet in order to be ignored. Not all criteria (fields) need to be specified, but all specified criteria must be met by the vulnerability match in order for the rule to apply.
func (IgnoreRule) HasConditions ¶ added in v0.68.0
func (r IgnoreRule) HasConditions() bool
HasConditions returns true if the ignore rule has conditions that can cause a match to be ignored
func (IgnoreRule) IgnoreMatch ¶ added in v0.88.0
func (r IgnoreRule) IgnoreMatch(match Match) []IgnoreRule
type IgnoreRulePackage ¶ added in v0.21.1
type IgnoreRulePackage struct {
Name string `yaml:"name" json:"name" mapstructure:"name"`
Version string `yaml:"version" json:"version" mapstructure:"version"`
Language string `yaml:"language" json:"language" mapstructure:"language"`
Type string `yaml:"type" json:"type" mapstructure:"type"`
Location string `yaml:"location" json:"location" mapstructure:"location"`
UpstreamName string `yaml:"upstream-name" json:"upstream-name" mapstructure:"upstream-name"`
}
IgnoreRulePackage describes the Package-specific fields that comprise the IgnoreRule.
type IgnoredMatch ¶ added in v0.21.1
type IgnoredMatch struct {
Match
// AppliedIgnoreRules are the rules that were applied to the match that caused Grype to ignore it.
AppliedIgnoreRules []IgnoreRule
}
An IgnoredMatch is a vulnerability Match that has been ignored because one or more IgnoreRules applied to the match.
type Match ¶
type Match struct {
Vulnerability vulnerability.Vulnerability // The vulnerability details of the match.
Package pkg.Package // The package used to search for a match.
Details Details // all the ways this particular match was made.
}
Match represents a finding in the vulnerability matching process, pairing a single package and a single vulnerability object.
func (Match) Fingerprint ¶ added in v0.13.0
func (m Match) Fingerprint() Fingerprint
type Matcher ¶ added in v0.88.0
type Matcher interface {
PackageTypes() []syftPkg.Type
Type() MatcherType
// Match is called for every package found, returning any matches and an optional Ignorer which will be applied
// after all matches are found
Match(vp vulnerability.Provider, p pkg.Package) ([]Match, []IgnoredMatch, error)
}
Matcher is the interface to implement to provide top-level package-to-match
type MatcherType ¶
type MatcherType string
const ( UnknownMatcherType MatcherType = "UnknownMatcherType" StockMatcher MatcherType = "stock-matcher" ApkMatcher MatcherType = "apk-matcher" RubyGemMatcher MatcherType = "ruby-gem-matcher" DpkgMatcher MatcherType = "dpkg-matcher" RpmMatcher MatcherType = "rpm-matcher" JavaMatcher MatcherType = "java-matcher" PythonMatcher MatcherType = "python-matcher" DotnetMatcher MatcherType = "dotnet-matcher" JavascriptMatcher MatcherType = "javascript-matcher" MsrcMatcher MatcherType = "msrc-matcher" PortageMatcher MatcherType = "portage-matcher" GoModuleMatcher MatcherType = "go-module-matcher" OpenVexMatcher MatcherType = "openvex-matcher" RustMatcher MatcherType = "rust-matcher" )
func (MatcherType) String ¶
func (t MatcherType) String() string
type Matches ¶
type Matches struct {
// contains filtered or unexported fields
}
func NewMatches ¶
func (*Matches) AllByPkgID ¶ added in v0.36.0
AllByPkgID returns a map of all matches organized by package ID
func (*Matches) GetByPkgID ¶
GetByPkgID returns a slice of potential matches from an ID
Source Files