gitlabctl/internal/vulnerability/vulnerabilities.go at develop · method-security/gitlabctl

This repository was archived by the owner on May 1, 2025. It is now read-only.

86 lines (74 loc) · 3.24 KB

package vulnerability
	"github.com/xanzy/go-gitlab"
// EnumerateSecurityVulnerabilitiesOptions holds the options for enumerating security vulnerabilities.
// The ProjectID field is used to specify the project ID to enumerate vulnerabilities for.
// The States field is used to filter vulnerabilities by state, only returning vulnerabilities that match the specified states.
// The Severities field is used to filter vulnerabilities by severity, only returning vulnerabilities that match the specified severities.
type EnumerateSecurityVulnerabilitiesOptions struct {
	ProjectID  int        `json:"project_id" yaml:"project_id"`
	States     []State    `json:"states" yaml:"states"`
	Severities []Severity `json:"severities" yaml:"severities"`
// NewEnumerateSecurityVulnerabilitiesOptions creates a new EnumerateSecurityVulnerabilitiesOptions struct with
// the provided project ID, states, and severities.
// If states are not provided, the default state of 'detected' is used.
// If severities are not provided, the default is that all severities are included.
func NewEnumerateSecurityVulnerabilitiesOptions(projectID int, states []string, severities []string) (*EnumerateSecurityVulnerabilitiesOptions, error) {
	if projectID == 0 {
		return nil, errors.New("project ID is required")
	if len(states) == 0 {
		states = []string{"detected"}
	if len(severities) == 0 {
		severities = []string{"unknown", "info", "low", "medium", "high", "critical"}
	return &EnumerateSecurityVulnerabilitiesOptions{
		ProjectID:  projectID,
		States:     ToStates(states),
		Severities: ToSeverities(severities),
// EnumerateSecurityVulnerabilities enumerates all of the security vulnerabilities for a project, filtering by the provided options.
func EnumerateSecurityVulnerabilities(ctx context.Context, baseURL string, enumerateOpts *EnumerateSecurityVulnerabilitiesOptions, client *gitlab.Client) (*GitlabResourceReport, error) {
	report := GitlabResourceReport{
		Resources: GitlabResources{},
		Errors:    []string{},
		BaseURL:   baseURL,
	opt := &gitlab.ListProjectVulnerabilitiesOptions{
		ListOptions: gitlab.ListOptions{
			Page:    1,
			PerPage: 100,
		vulns, resp, err := client.ProjectVulnerabilities.ListProjectVulnerabilities(enumerateOpts.ProjectID, opt)
		if err != nil {
			report.Errors = append(report.Errors, err.Error())
		filteredVulns := FilterVulnerabilities(vulns, enumerateOpts.States, enumerateOpts.Severities)
		report.Resources.Vulnerabilities = append(report.Resources.Vulnerabilities, filteredVulns...)
		if resp.CurrentPage >= resp.TotalPages {
		opt.ListOptions.Page = resp.NextPage
	return &report, nil
// FilterVulnerabilities filters a slice of vulnerabilities by state and severity, returning only the vulnerabilities
// that match the provided states and severities.
func FilterVulnerabilities(vulns []*gitlab.ProjectVulnerability, states []State, severities []Severity) []*gitlab.ProjectVulnerability {
	filteredVulns := make([]*gitlab.ProjectVulnerability, 0)
	for _, vuln := range vulns {
		if ContainsState(ToState(vuln.State), states) && ContainsSeverity(ToSeverity(vuln.Severity), severities) {
			filteredVulns = append(filteredVulns, vuln)
	return filteredVulns

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

FilesExpand file tree

vulnerabilities.go

Latest commit

History

vulnerabilities.go

File metadata and controls