pub type SecurityOutput = SecurityOutput<SecurityOutputConfig, SecurityGate>;Aliased Type§
pub struct SecurityOutput {
pub schema_version: SecuritySchemaVersion,
pub version: ToolVersion,
pub elapsed_ms: ElapsedMs,
pub config: SecurityOutputConfig<Severity>,
pub meta: Option<Meta>,
pub gate: Option<SecurityGate<SecurityGateMode>>,
pub security_findings: Vec<SecurityFinding>,
pub attack_surface: Option<Vec<SecurityAttackSurfaceEntry>>,
pub unresolved_edge_files: usize,
pub unresolved_callee_sites: usize,
pub unresolved_callee_diagnostics: Option<SecurityUnresolvedCalleeDiagnostics>,
}Fields§
§schema_version: SecuritySchemaVersionSchema version of this envelope.
version: ToolVersionFallow CLI version that produced this output.
elapsed_ms: ElapsedMsWall-clock milliseconds spent producing the report.
config: SecurityOutputConfig<Severity>Privacy-safe config context relevant to security candidate generation.
meta: Option<Meta>Security-specific rule and field metadata, emitted with --explain.
gate: Option<SecurityGate<SecurityGateMode>>Gate verdict, present only when --gate <mode> was set (issue #886).
Emitted on pass too (verdict: "pass", new_count: 0) so consumers
distinguish “gate ran and passed” from “gate did not run” (absent).
security_findings: Vec<SecurityFinding>Security candidates. Paths are project-root-relative, forward-slash.
attack_surface: Option<Vec<SecurityAttackSurfaceEntry>>Opt-in attack-surface inventory from untrusted entry points to reachable
sinks. Present only when --surface was requested.
unresolved_edge_files: usizeIn-band blind spot: number of "use client" files whose transitive
import cone contains a dynamic import() the reachability BFS could not
follow. A leak hidden behind such an edge would not be reported, so a
zero finding count with a non-zero value here is NOT a clean bill.
unresolved_callee_sites: usizeIn-band blind spot: number of sink-shaped nodes the catalogue detector could not flatten to a static callee path (dynamic dispatch, computed members, aliased bindings). A zero finding count with a non-zero value here is NOT a clean bill.
unresolved_callee_diagnostics: Option<SecurityUnresolvedCalleeDiagnostics>Bounded diagnostics for unresolved callee blind spots.