reporter

package
v0.0.0-...-9b8dde8 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Dec 2, 2025 License: Apache-2.0 Imports: 27 Imported by: 0

Documentation

Index

Constants

View Source 
const BundleSchemaVersion = "1.0"

BundleSchemaVersion identifies the JSON structure emitted by 0xgen when exporting reports.

View Source 
const (

	// DefaultTopTargets controls how many targets appear in summary tables.
	DefaultTopTargets = 10
)

Variables

View Source 
var (
	// DefaultFindingsPath is where 0xgend persists findings for other tools to consume.
	DefaultFindingsPath = filepath.Join(defaultOutputDir, findingsFilename)
	// DefaultReportPath is the default markdown summary written for CAP_REPORT consumers.
	DefaultReportPath = filepath.Join(defaultOutputDir, reportFilename)
	// DefaultHTMLReportPath is where the interactive HTML report is written when no --out flag is provided.
	DefaultHTMLReportPath = filepath.Join(defaultOutputDir, htmlReportFilename)
	// DefaultJSONReportPath is where the JSON bundle is written when no --out flag is provided.
	DefaultJSONReportPath = filepath.Join(defaultOutputDir, jsonReportFilename)
)

Functions

func ComputeBundleDigest 

func ComputeBundleDigest(data []byte) string

ComputeBundleDigest calculates the SHA-256 digest for the provided bytes in hex form.

func ComputeFileDigestHex 

func ComputeFileDigestHex(path string) (string, error)

ComputeFileDigestHex returns the SHA-256 digest for the file at the provided path.

func ReadJSONL 

func ReadJSONL(path string) ([]findings.Finding, error)

ReadJSONL reads findings from an arbitrary JSONL file path without creating a reporter.

func RenderCSV 

func RenderCSV(list []findings.Finding, opts ReportOptions) ([]byte, error)

RenderCSV generates a CSV export of findings.

func RenderHTML 

func RenderHTML(list []findings.Finding, opts ReportOptions) (string, error)

RenderHTML produces an interactive HTML report backed by the case bundle dataset.

func RenderJSON 

func RenderJSON(list []findings.Finding, opts ReportOptions) ([]byte, error)

RenderJSON converts a slice of findings into a signed bundle payload.

func RenderMarkdown 

func RenderMarkdown(list []findings.Finding, opts ReportOptions) string

RenderMarkdown converts a slice of findings into a markdown report.

func RenderReport 

func RenderReport(inputPath, outputPath string, format ReportFormat, opts ReportOptions) error

RenderReport loads findings from inputPath and writes a summary to outputPath.

func RenderXML 

func RenderXML(list []findings.Finding, opts ReportOptions) ([]byte, error)

RenderXML generates an XML export of findings.

func SendReportViaIntegration 

func SendReportViaIntegration(config IntegrationConfig, list []findings.Finding, opts ReportOptions) error

SendReportViaIntegration sends a report using the specified integration.

func SendToSlack 

func SendToSlack(webhookURL string, list []findings.Finding, opts ReportOptions) error

SendToSlack sends a report summary to Slack.

func SendToWebhook 

func SendToWebhook(webhookURL string, list []findings.Finding, opts ReportOptions, customHeaders map[string]string) error

SendToWebhook sends a report to a generic webhook.

func SignArtifact 

func SignArtifact(artifactPath, keyPath string) (string, error)

SignArtifact generates a detached cosign-compatible signature alongside the report artifact.

func VerifyArtifact 

func VerifyArtifact(artifactPath, signaturePath, keyPath string) error

VerifyArtifact validates a detached cosign-compatible signature for the provided artifact.

func WriteCSV 

func WriteCSV(w io.Writer, list []findings.Finding, opts ReportOptions) error

WriteCSV writes CSV output to a writer.

func WriteXML 

func WriteXML(w io.Writer, list []findings.Finding, opts ReportOptions) error

WriteXML writes XML output to a writer.

Types

type Bundle 

type Bundle struct {
	SchemaVersion string             `json:"schema_version"`
	GeneratedAt   time.Time          `json:"-"`
	FindingsCount int                `json:"findings_count"`
	Summary       Summary            `json:"summary"`
	Cases         []cases.Case       `json:"cases"`
	Findings      []findings.Finding `json:"findings"`
	Telemetry     exporter.Telemetry `json:"telemetry"`
	SBOM          *SBOMReference     `json:"sbom,omitempty"`
}

Bundle aggregates the dataset required to recreate the interactive report view.

func BuildBundle 

func BuildBundle(ctx context.Context, list []findings.Finding, opts ReportOptions) (Bundle, error)

BuildBundle constructs the structured dataset backing HTML and JSON reports.

func (Bundle) MarshalJSON 

func (b Bundle) MarshalJSON() ([]byte, error)

MarshalJSON renders the bundle using the public schema while preserving UTC ordering.

type Digest 

type Digest struct {
	Algorithm string `json:"algorithm"`
	Value     string `json:"value"`
}

Digest captures a cryptographic digest and the algorithm that produced it.

type IntegrationConfig 

type IntegrationConfig struct {
	Type         IntegrationType
	URL          string
	Headers      map[string]string
	Timeout      time.Duration
	CustomFormat bool // If true, send raw report data; else use integration-specific format
}

IntegrationConfig holds configuration for sending reports to external systems.

type IntegrationType 

type IntegrationType string

IntegrationType specifies the type of integration. 

const (
	IntegrationSlack   IntegrationType = "slack"
	IntegrationWebhook IntegrationType = "webhook"
)

type JSONL 

type JSONL struct {
	// contains filtered or unexported fields
}

JSONL handles persisting findings to a JSON Lines file.

func NewJSONL 

func NewJSONL(path string, opts ...JSONLOption) *JSONL

NewJSONL creates a reporter that writes findings to the provided path.

func (*JSONL) Close 

func (r *JSONL) Close() error

Close flushes any buffered data to disk.

func (*JSONL) ReadAll 

func (r *JSONL) ReadAll() ([]findings.Finding, error)

func (*JSONL) Write 

func (r *JSONL) Write(f findings.Finding) error

Write appends the given finding to the JSONL file.

type JSONLOption 

type JSONLOption func(*jsonlConfig)

JSONLOption configures optional behaviour for the writer.

func WithBufferLength 

func WithBufferLength(length int) JSONLOption

WithBufferLength overrides the buffer used while writing to disk.

func WithMaxBytes 

func WithMaxBytes(limit int64) JSONLOption

WithMaxBytes overrides the rotation threshold. A value <= 0 disables rotation.

func WithMaxFiles 

func WithMaxFiles(count int) JSONLOption

WithMaxFiles controls how many rotated files are retained.

type PluginCount 

type PluginCount struct {
	Plugin string
	Count  int
}

type ReportFormat 

type ReportFormat string

ReportFormat identifies the type of report to generate. 

const (
	// FormatMarkdown renders a Markdown report.
	FormatMarkdown ReportFormat = "md"
	// FormatHTML renders an HTML report.
	FormatHTML ReportFormat = "html"
	// FormatJSON renders a machine-readable bundle.
	FormatJSON ReportFormat = "json"
	// FormatCSV renders a CSV spreadsheet.
	FormatCSV ReportFormat = "csv"
	// FormatXML renders an XML report.
	FormatXML ReportFormat = "xml"
)

type ReportOptions 

type ReportOptions struct {
	// Since filters findings to those detected on or after the provided timestamp.
	// A zero value disables the filter.
	Since *time.Time
	// Now identifies the end of the reporting window. When unset, time.Now() is used.
	Now time.Time
	// Context provides cancellation for expensive case aggregation.
	Context context.Context
	// SBOMPath links the generated report to the SBOM used for dependency analysis.
	SBOMPath string
}

ReportOptions customises the filtering applied when rendering a report.

type SBOMReference 

type SBOMReference struct {
	Path      string `json:"path"`
	Digest    Digest `json:"digest"`
	SizeBytes int64  `json:"size_bytes,omitempty"`
}

SBOMReference links the report bundle to the SBOM used during analysis.

type SlackAttachment 

type SlackAttachment struct {
	Color  string       `json:"color,omitempty"`
	Title  string       `json:"title,omitempty"`
	Text   string       `json:"text,omitempty"`
	Fields []SlackField `json:"fields,omitempty"`
}

SlackAttachment represents a Slack message attachment.

type SlackBlock 

type SlackBlock struct {
	Type   string            `json:"type"`
	Text   *SlackTextObject  `json:"text,omitempty"`
	Fields []SlackTextObject `json:"fields,omitempty"`
}

SlackBlock represents a Slack block element.

type SlackField 

type SlackField struct {
	Title string `json:"title"`
	Value string `json:"value"`
	Short bool   `json:"short"`
}

SlackField represents a field in a Slack attachment.

type SlackPayload 

type SlackPayload struct {
	Text        string            `json:"text,omitempty"`
	Blocks      []SlackBlock      `json:"blocks,omitempty"`
	Attachments []SlackAttachment `json:"attachments,omitempty"`
}

SlackPayload represents a Slack message payload.

type SlackTextObject 

type SlackTextObject struct {
	Type string `json:"type"`
	Text string `json:"text"`
}

SlackTextObject represents text in a Slack message.

type Summary 

type Summary struct {
	WindowStart   *time.Time
	WindowEnd     time.Time
	GeneratedAt   time.Time
	Total         int
	SeverityCount map[findings.Severity]int
	Targets       []TargetCount
	Plugins       []PluginCount
	Recent        []findings.Finding
}

Summary captures aggregate report statistics for use across renderers.

func (Summary) MarshalJSON 

func (s Summary) MarshalJSON() ([]byte, error)

type TargetCount 

type TargetCount struct {
	Target string
	Count  int
}

type WebhookPayload 

type WebhookPayload struct {
	Event     string      `json:"event"`
	Timestamp string      `json:"timestamp"`
	Summary   interface{} `json:"summary"`
	Findings  interface{} `json:"findings"`
}

WebhookPayload represents a generic webhook payload.

type XMLFinding 

type XMLFinding struct {
	ID         string        `xml:"ID,attr"`
	Severity   string        `xml:"Severity"`
	Type       string        `xml:"Type"`
	Message    string        `xml:"Message"`
	Target     string        `xml:"Target,omitempty"`
	Evidence   string        `xml:"Evidence,omitempty"`
	Plugin     string        `xml:"Plugin"`
	DetectedAt string        `xml:"DetectedAt"`
	Metadata   []XMLMetadata `xml:"Metadata>Entry,omitempty"`
}

XMLFinding represents a single security finding.

type XMLMetadata 

type XMLMetadata struct {
	Key   string `xml:"key,attr"`
	Value string `xml:",chardata"`
}

XMLMetadata represents a key-value metadata pair.

type XMLReport 

type XMLReport struct {
	XMLName  xml.Name     `xml:"SecurityReport"`
	Version  string       `xml:"version,attr"`
	Summary  XMLSummary   `xml:"Summary"`
	Findings []XMLFinding `xml:"Findings>Finding"`
}

XMLReport represents the root XML structure for a security report.

type XMLSeverityBreakdown 

type XMLSeverityBreakdown struct {
	Critical int `xml:"Critical"`
	High     int `xml:"High"`
	Medium   int `xml:"Medium"`
	Low      int `xml:"Low"`
	Info     int `xml:"Info"`
}

XMLSeverityBreakdown contains counts by severity.

type XMLSummary 

type XMLSummary struct {
	Total             int                  `xml:"TotalFindings"`
	GeneratedAt       string               `xml:"GeneratedAt"`
	WindowStart       string               `xml:"WindowStart,omitempty"`
	WindowEnd         string               `xml:"WindowEnd"`
	SeverityBreakdown XMLSeverityBreakdown `xml:"SeverityBreakdown"`
}

XMLSummary contains aggregate statistics.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.