Skip to main content

Reportable

secfinding

Trait Reportable 

Source 
pub trait Reportable {

Show 13 methods    // Required methods
    fn scanner(&self) -> &str;
    fn target(&self) -> &str;
    fn severity(&self) -> Severity;
    fn title(&self) -> &str;
    fn cwe_ids(&self) -> &[String];
    fn cve_ids(&self) -> &[String];
    fn tags(&self) -> &[String];

    // Provided methods
    fn detail(&self) -> &str { ... }
    fn confidence(&self) -> Option<f64> { ... }
    fn rule_id(&self) -> String { ... }
    fn sarif_level(&self) -> &str { ... }
    fn exploit_hint(&self) -> Option<&str> { ... }
    fn evidence(&self) -> &[Evidence] { ... }

}
Expand description

Trait for any finding-like type that can be rendered into reports.

Implement this on your domain-specific finding type. The secreport crate accepts &[impl Reportable] for all output formats.

Only scanner, target, severity, and title are required. Everything else has sensible defaults.

Required Methods§

Source

fn scanner(&self) -> &str

Which tool produced this finding.

Source

fn target(&self) -> &str

What was scanned (URL, file path, package name, etc.).

Source

fn severity(&self) -> Severity

How severe is this finding.

Source

fn title(&self) -> &str

Short human-readable title.

Source

fn cwe_ids(&self) -> &[String]

CWE identifiers (e.g. ["CWE-89"]).

Source

fn cve_ids(&self) -> &[String]

CVE identifiers.

Source

fn tags(&self) -> &[String]

Free-form tags.

Provided Methods§

Source

fn detail(&self) -> &str

Detailed description.

Examples found in repository?
examples/custom_reportable.rs (line 67)
55fn main() {
56    let f = PolicyFinding {
57        source: "s3://bucket/config.yaml".into(),
58        title: "Excessive privilege policy statement".into(),
59        score: 0.93,
60    };
61
62    println!("scanner: {}", f.scanner());
63    println!("target: {}", f.target());
64    println!("severity: {}", f.severity());
65    println!("rule id: {}", f.rule_id());
66    println!("tags: {}", f.tags().join(", "));
67    println!("{}", f.detail());
68}
Source

fn confidence(&self) -> Option<f64>

Confidence score 0.0-1.0 (None = not applicable).

Source

fn rule_id(&self) -> String

SARIF rule ID (defaults to “scanner/title-slug”).

Examples found in repository?
examples/custom_reportable.rs (line 65)
55fn main() {
56    let f = PolicyFinding {
57        source: "s3://bucket/config.yaml".into(),
58        title: "Excessive privilege policy statement".into(),
59        score: 0.93,
60    };
61
62    println!("scanner: {}", f.scanner());
63    println!("target: {}", f.target());
64    println!("severity: {}", f.severity());
65    println!("rule id: {}", f.rule_id());
66    println!("tags: {}", f.tags().join(", "));
67    println!("{}", f.detail());
68}
Source

fn sarif_level(&self) -> &str

SARIF severity level string.

Source

fn exploit_hint(&self) -> Option<&str>

Exploit hint / PoC command.

Source

fn evidence(&self) -> &[Evidence]

Evidence attached to the finding.

Implementors§

Source§

impl Reportable for Finding

Blanket: secfinding’s own Finding implements Reportable.