types

package

v0.0.0-...-712d998 Latest Latest Go to latest Published: Jul 21, 2023 License: Apache-2.0 Imports: 2 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/miklezzzz/trivy-db

Documentation ¶

Index ¶

Variables
func CompareSeverityString(sev1, sev2 string) int
type Advisories
type Advisory
type AdvisoryDetail
type CVSS
type CVSSVector
type DataSource
type Ecosystem
type LastUpdated
type Severity
- func NewSeverity(severity string) (Severity, error)
- func (s Severity) String() string
type SourceID
type VendorCVSS
type VendorSeverity
type Vulnerability
type VulnerabilityDetail

Constants ¶

This section is empty.

Variables ¶

View Source

var (
	SeverityNames = []string{
		"UNKNOWN",
		"LOW",
		"MEDIUM",
		"HIGH",
		"CRITICAL",
	}
)

Functions ¶

func CompareSeverityString ¶

func CompareSeverityString(sev1, sev2 string) int

Types ¶

type Advisories ¶

type Advisories struct {
	FixedVersion string     `json:",omitempty"` // For backward compatibility
	Entries      []Advisory `json:",omitempty"`
}

Advisories saves fixed versions for each arches/vendorIDs e.g. this is required when CVE has different fixed versions for different arches

type Advisory ¶

type Advisory struct {
	VulnerabilityID string   `json:",omitempty"` // CVE-ID or vendor ID
	VendorIDs       []string `json:",omitempty"` // e.g. RHSA-ID and DSA-ID

	Arches []string `json:",omitempty"`

	// It is filled only when FixedVersion is empty since it is obvious the state is "Fixed" when FixedVersion is not empty.
	// e.g. Will not fix and Affected
	State string `json:",omitempty"`

	// Trivy DB has "vulnerability" bucket and severities are usually stored in the bucket per a vulnerability ID.
	// In some cases, the advisory may have multiple severities depending on the packages.
	// For example, CVE-2015-2328 in Debian has "unimportant" for mongodb and "low" for pcre3.
	// e.g. https://security-tracker.debian.org/tracker/CVE-2015-2328
	Severity Severity `json:",omitempty"`

	// Versions for os package
	FixedVersion    string `json:",omitempty"`
	AffectedVersion string `json:",omitempty"` // Only for Arch Linux

	// MajorVersion ranges for language-specific package
	// Some advisories provide VulnerableVersions only, others provide PatchedVersions and UnaffectedVersions
	VulnerableVersions []string `json:",omitempty"`
	PatchedVersions    []string `json:",omitempty"`
	UnaffectedVersions []string `json:",omitempty"`

	// DataSource holds where the advisory comes from
	DataSource *DataSource `json:",omitempty"`

	// Custom is basically for extensibility and is not supposed to be used in OSS
	Custom interface{} `json:",omitempty"`
}

type AdvisoryDetail ¶

type AdvisoryDetail struct {
	PlatformName string
	PackageName  string
	AdvisoryItem interface{}
}

type CVSS ¶

type CVSS struct {
	V2Vector string  `json:"V2Vector,omitempty"`
	V3Vector string  `json:"V3Vector,omitempty"`
	V2Score  float64 `json:"V2Score,omitempty"`
	V3Score  float64 `json:"V3Score,omitempty"`
}

type CVSSVector ¶

type CVSSVector struct {
	V2 string `json:"v2,omitempty"`
	V3 string `json:"v3,omitempty"`
}

type DataSource ¶

type DataSource struct {
	ID   SourceID `json:",omitempty"`
	Name string   `json:",omitempty"`
	URL  string   `json:",omitempty"`
}

type Ecosystem ¶

type Ecosystem string

Ecosystem represents language-specific ecosystem

type LastUpdated ¶

type LastUpdated struct {
	Date time.Time
}

type Severity ¶

type Severity int

const (
	SeverityUnknown Severity = iota
	SeverityLow
	SeverityMedium
	SeverityHigh
	SeverityCritical
)

func NewSeverity ¶

func NewSeverity(severity string) (Severity, error)

func (Severity) String ¶

func (s Severity) String() string

type SourceID ¶

type SourceID string

SourceID represents data source such as NVD.

type VendorCVSS ¶

type VendorCVSS map[SourceID]CVSS

type VendorSeverity ¶

type VendorSeverity map[SourceID]Severity

type Vulnerability ¶

type Vulnerability struct {
	Title            string         `json:",omitempty"`
	Description      string         `json:",omitempty"`
	Severity         string         `json:",omitempty"` // Selected from VendorSeverity, depending on a scan target
	CweIDs           []string       `json:",omitempty"` // e.g. CWE-78, CWE-89
	VendorSeverity   VendorSeverity `json:",omitempty"`
	CVSS             VendorCVSS     `json:",omitempty"`
	References       []string       `json:",omitempty"`
	PublishedDate    *time.Time     `json:",omitempty"` // Take from NVD
	LastModifiedDate *time.Time     `json:",omitempty"` // Take from NVD

	// Custom is basically for extensibility and is not supposed to be used in OSS
	Custom interface{} `json:",omitempty"`
}

type VulnerabilityDetail ¶

type VulnerabilityDetail struct {
	ID               string     `json:",omitempty"` // e.g. CVE-2019-8331, OSVDB-104365
	CvssScore        float64    `json:",omitempty"`
	CvssVector       string     `json:",omitempty"`
	CvssScoreV3      float64    `json:",omitempty"`
	CvssVectorV3     string     `json:",omitempty"`
	Severity         Severity   `json:",omitempty"`
	SeverityV3       Severity   `json:",omitempty"`
	CweIDs           []string   `json:",omitempty"` // e.g. CWE-78, CWE-89
	References       []string   `json:",omitempty"`
	Title            string     `json:",omitempty"`
	Description      string     `json:",omitempty"`
	PublishedDate    *time.Time `json:",omitempty"` // Take from NVD
	LastModifiedDate *time.Time `json:",omitempty"` // Take from NVD
}

Source Files ¶

View all Source files

types.go

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL