notification

package
v0.0.0-...-d869771 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Apr 8, 2024 License: Apache-2.0 Imports: 5 Imported by: 0

Documentation

Overview

Package notification provides the functionality to process notifications sent by Dependency-Track.

This package contains partially redundant struct definitions, because notification content differs from their respective API representations in a few ways.

Dependency-Track has special serialization logic for notifications, which is defined here: https://github.com/DependencyTrack/dependency-track/blob/4.5.0/src/main/java/org/dependencytrack/util/NotificationUtil.java

Example (Parse)

This example demonstrates how to parse and process notifications. 

package main

import (
	"fmt"
	"os"

	"github.com/futurice/dependency-track-client-go/notification"
)

func main() {
	file, err := os.Open("./testdata/new-vulnerability.json")
	if err != nil {
		panic(err)
	}
	defer file.Close()

	n, err := notification.Parse(file)
	if err != nil {
		panic(err)
	}

	switch subject := n.Subject.(type) {
	case *notification.NewVulnerabilitySubject:
		fmt.Printf("new vulnerability identified: %s\n", subject.Vulnerability.VulnID)
		for _, project := range subject.AffectedProjects {
			fmt.Printf("=> Project: %s %s\n", project.Name, project.Version)
			fmt.Printf("   Component: %s %s\n", subject.Component.Name, subject.Component.Version)
		}
	}

}

Output:

new vulnerability identified: CVE-2012-5784
=> Project: Acme Example 1.0.0
   Component: axis 1.4

Index

Examples

Constants

View Source 
const (
	GroupBOMConsumed             = "BOM_CONSUMED"
	GroupBOMProcessed            = "BOM_PROCESSED"
	GroupBOMProcessingFailed     = "BOM_PROCESSING_FAILED"
	GroupNewVulnerableDependency = "NEW_VULNERABLE_DEPENDENCY"
	GroupNewVulnerability        = "NEW_VULNERABILITY"
	GroupPolicyViolation         = "POLICY_VIOLATION"
	GroupVEXConsumed             = "VEX_CONSUMED"
	GroupVEXProcessed            = "VEX_PROCESSED"

	LevelError         = "ERROR"
	LevelInformational = "INFORMATIONAL"
	LevelWarning       = "WARNING"

	ScopeSystem    = "SYSTEM"
	ScopePortfolio = "PORTFOLIO"
)

Variables

This section is empty.

Functions

This section is empty.

Types

type BOMProcessingFailedSubject 

type BOMProcessingFailedSubject struct {
	BOM struct {
		Content     string `json:"content"`
		Format      string `json:"format"`
		SpecVersion string `json:"specVersion"`
	} `json:"bom"`
	Project Project `json:"project"`
	Cause   string  `json:"cause"`
}

type BOMSubject 

type BOMSubject struct {
	BOM struct {
		Content     string `json:"content"`
		Format      string `json:"format"`
		SpecVersion string `json:"specVersion"`
	} `json:"bom"`
	Project Project `json:"project"`
}

type Component 

type Component struct {
	UUID    uuid.UUID `json:"uuid"`
	Group   string    `json:"group"`
	Name    string    `json:"name"`
	Version string    `json:"version"`
	MD5     string    `json:"md5"`
	SHA1    string    `json:"sha1"`
	SHA256  string    `json:"sha256"`
	SHA512  string    `json:"sha512"`
	PURL    string    `json:"purl"`
}

type NewVulnerabilitySubject 

type NewVulnerabilitySubject struct {
	AffectedProjects []Project     `json:"affectedProjects"`
	Component        Component     `json:"component"`
	Vulnerability    Vulnerability `json:"vulnerability"`
}

type NewVulnerableDependencySubject 

type NewVulnerableDependencySubject struct {
	Component       Component       `json:"component"`
	Project         Project         `json:"project"`
	Vulnerabilities []Vulnerability `json:"vulnerabilities"`
}

type Notification 

type Notification struct {
	Level     string
	Scope     string
	Group     string
	Timestamp time.Time
	Title     string
	Content   string
	Subject   interface{}
}

func Parse 

func Parse(reader io.Reader) (n Notification, err error)

Parse parses a notification.

type Policy 

type Policy struct {
	UUID           uuid.UUID `json:"uuid"`
	Name           string    `json:"name"`
	ViolationState string    `json:"violationState"`
}

type PolicyCondition 

type PolicyCondition struct {
	UUID     uuid.UUID `json:"uuid"`
	Subject  string    `json:"subject"`
	Operator string    `json:"operator"`
	Value    string    `json:"value"`
	Policy   Policy    `json:"policy"`
}

type PolicyViolation 

type PolicyViolation struct {
	UUID            uuid.UUID       `json:"uuid"`
	Type            string          `json:"type"`
	Timestamp       string          `json:"timestamp"`
	PolicyCondition PolicyCondition `json:"policyCondition"`
}

type PolicyViolationSubject 

type PolicyViolationSubject struct {
	Component       Component       `json:"component"`
	PolicyViolation PolicyViolation `json:"policyViolation"`
	Project         Project         `json:"project"`
}

type Project 

type Project struct {
	UUID        uuid.UUID `json:"uuid"`
	Name        string    `json:"name"`
	Version     string    `json:"version"`
	Description string    `json:"description"`
	PURL        string    `json:"purl"`
	Tags        string    `json:"tags"`
}

type VEXSubject 

type VEXSubject struct {
	VEX struct {
		Content     string `json:"content"`
		Format      string `json:"format"`
		SpecVersion string `json:"specVersion"`
	}
	Project Project `json:"project"`
}

type Vulnerability 

type Vulnerability struct {
	UUID           uuid.UUID `json:"uuid"`
	VulnID         string    `json:"vulnId"`
	Source         string    `json:"source"`
	Title          string    `json:"title"`
	SubTitle       string    `json:"subtitle"`
	Description    string    `json:"description"`
	Recommendation string    `json:"recommendation"`
	CVSSV2         float64   `json:"cvssv2"`
	CVSSV3         float64   `json:"cvssv3"`
	Severity       string    `json:"severity"`
}

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.