Skip to main content

Overview

Issue types represent aggregated security concerns detected by Garnet. Issues group related events and provide context for security incidents.

Issue

Represents a stored security issue. 
type Issue struct {
    ID                  string              `json:"id"`
    ProjectID           string              `json:"-"`
    Class               IssueClass          `json:"class"`
    Description         string              `json:"description"`
    State               IssueState          `json:"state"`
    Priority            IssuePriority       `json:"priority"`
    Labels              IssueLabels         `json:"labels"`
    Ignored             bool                `json:"ignored"`
    IgnoredReason       string              `json:"ignored_reason,omitempty"`
    IgnoredBy           string              `json:"ignored_by,omitempty"`
    IgnoredAt           *time.Time          `json:"ignored_at,omitempty"`
    PolicyScope         *NetworkPolicyScope `json:"policy_scope,omitempty"`
    NetworkPolicyID     *string             `json:"network_policy_id,omitempty"`
    NetworkPolicyRuleID *string             `json:"network_policy_rule_id,omitempty"`
    LastActionBy        *string             `json:"last_action_by,omitempty"`
    LastActionAt        *time.Time          `json:"last_action_at,omitempty"`
    Events              []Event             `json:"events"`
    CreatedAt           time.Time           `json:"created_at"`
    UpdatedAt           time.Time           `json:"updated_at"`
    DeletedAt           *time.Time          `json:"deleted_at,omitempty"`
}
id
string
required
Unique issue identifier
class
IssueClass
required
Issue classification: network_exfiltration, crypto_miner, or network_anomaly
description
string
required
Human-readable issue description
state
IssueState
required
Current state: allowed or blocked
priority
IssuePriority
required
Issue priority: low, medium, high, or critical
labels
IssueLabels
Key-value labels for organization
ignored
bool
required
Whether the issue has been ignored
ignored_reason
string
Reason for ignoring the issue
ignored_by
string
User who ignored the issue
ignored_at
time.Time
When the issue was ignored
policy_scope
NetworkPolicyScope
Scope of the network policy applied
network_policy_id
string
ID of associated network policy
network_policy_rule_id
string
ID of associated network policy rule
last_action_by
string
User who performed the last action
last_action_at
time.Time
When the last action was performed
events
Event[]
required
Events associated with this issue
created_at
time.Time
required
When the issue was created
updated_at
time.Time
required
When the issue was last updated
deleted_at
time.Time
When the issue was deleted (if soft-deleted)

Methods

  • ExtractNetworkDestination() (NetworkPolicyRuleType, string, error) - Extracts network destination from associated events

IssueClass

Classification of security issues. 
type IssueClass string

const (
    IssueClassNetworkExfiltration IssueClass = "network_exfiltration"
    IssueClassCryptoMiner         IssueClass = "crypto_miner"
    IssueClassNetworkAnomaly      IssueClass = "network_anomaly"
)

Methods

  • String() string - Returns string representation
  • IsValid() bool - Checks if the class is valid

IssueState

State of an issue. 
type IssueState string

const (
    IssueStateAllowed IssueState = "allowed"
    IssueStateBlocked IssueState = "blocked"
)

Methods

  • String() string - Returns string representation
  • IsValid() bool - Checks if the state is valid

IssuePriority

Priority level for issues. 
type IssuePriority string

const (
    IssuePriorityLow      IssuePriority = "low"
    IssuePriorityMedium   IssuePriority = "medium"
    IssuePriorityHigh     IssuePriority = "high"
    IssuePriorityCritical IssuePriority = "critical"
)

Methods

  • String() string - Returns string representation
  • IsValid() bool - Checks if the priority is valid

IssueLabels

Key-value map for labeling issues. 
type IssueLabels map[string]string

Methods

  • Validate() error - Validates labels
  • Encode() url.Values - Encodes as URL query parameters
  • UnmarshalJSON(data []byte) error - Custom JSON unmarshaling
  • Scan(value interface{}) error - SQL scanner interface

CreateIssue

Request to create a new issue. 
type CreateIssue struct {
    Class       IssueClass    `json:"class"`
    Description string        `json:"description"`
    State       IssueState    `json:"state"`
    Priority    IssuePriority `json:"priority"`
    Labels      IssueLabels   `json:"labels"`
    EventIDs    []string      `json:"event_ids"`
}

Methods

  • Validate() error - Validates all required fields

IssueCreated

Response after creating an issue. 
type IssueCreated struct {
    ID        string    `json:"id"`
    CreatedAt time.Time `json:"created_at"`
    UpdatedAt time.Time `json:"updated_at"`
}

UpdateIssue

Request to update an existing issue. 
type UpdateIssue struct {
    Class               *IssueClass         `json:"class,omitempty"`
    Description         *string             `json:"description,omitempty"`
    State               *IssueState         `json:"state,omitempty"`
    Priority            *IssuePriority      `json:"priority,omitempty"`
    Labels              *IssueLabels        `json:"labels,omitempty"`
    Ignored             *bool               `json:"ignored,omitempty"`
    IgnoredReason       *string             `json:"ignored_reason,omitempty"`
    Reason              *string             `json:"reason,omitempty"`
    EventIDs            []string            `json:"event_ids,omitempty"`
    PolicyScope         *NetworkPolicyScope `json:"policy_scope,omitempty"`
    NetworkPolicyID     *string             `json:"network_policy_id,omitempty"`
    NetworkPolicyRuleID *string             `json:"network_policy_rule_id,omitempty"`
}

Methods

  • Validate() error - Validates update fields

Validation Rules

  • At least one field must be provided
  • If state is changed, reason is required
  • If ignored is set to true, ignored_reason is required
  • Cannot remove all events from an issue

IssueUpdated

Response after updating an issue. 
type IssueUpdated struct {
    ID        string    `json:"id"`
    UpdatedAt time.Time `json:"updated_at"`
}

ListIssues

Request to list issues with filtering and pagination. 
type ListIssues struct {
    ProjectID      string        `json:"-"`
    Labels         IssueLabels   `json:"labels,omitempty"`
    Filters        *IssueFilters `json:"filters,omitempty"`
    PageArgs       PageArgs      `json:"pageArgs"`
    IncludeIgnored bool          `json:"include_ignored,omitempty"`
    Sort           *Sort         `json:"sort,omitempty"`
}

IssueFilters

Filtering options for listing issues. 
type IssueFilters struct {
    Class        *IssueClass    `json:"class,omitempty"`
    State        *IssueState    `json:"state,omitempty"`
    Priority     *IssuePriority `json:"priority,omitempty"`
    AgentKind    *AgentKind     `json:"agent_kind,omitempty"`
    AgentID      *string        `json:"agent_id,omitempty"`
    RepositoryID *string        `json:"repository_id,omitempty"`
    Repository   *string        `json:"repository,omitempty"`
    WorkflowName *string        `json:"workflow_name,omitempty"`
    CreatedAfter *time.Time     `json:"created_after,omitempty"`
}

Methods

  • Validate() error - Validates filter values
  • IsEmpty() bool - Checks if all filters are empty

IssueAction

Action to perform on an issue. 
type IssueAction struct {
    ActionType       IssueActionType       `json:"action_type"`
    Scope            NetworkPolicyScope    `json:"scope"`
    Reason           string                `json:"reason"`
    UserID           *string               `json:"-"`
    DestinationType  NetworkPolicyRuleType `json:"-"`
    DestinationValue string                `json:"-"`
}

Methods

  • Validate() error - Validates action parameters

IssueActionType

Type of action to perform on an issue. 
type IssueActionType string

const (
    IssueActionTypeAllow IssueActionType = "allow"
    IssueActionTypeBlock IssueActionType = "block"
)

IssueActionPerformed

Result of performing an action on an issue. 
type IssueActionPerformed struct {
    ID                string            `json:"id"`
    State             IssueState        `json:"state"`
    NetworkPolicyID   string            `json:"network_policy_id"`
    NetworkPolicyRule NetworkPolicyRule `json:"network_policy_rule"`
    UpdatedAt         time.Time         `json:"updated_at"`
}
id
string
required
Issue ID
state
IssueState
required
New state after action
network_policy_id
string
required
ID of created/updated network policy
network_policy_rule
NetworkPolicyRule
required
Network policy rule that was created
updated_at
time.Time
required
When the action was performed

IssueActionHistory

Record of actions performed on issues. 
type IssueActionHistory struct {
    ID                  string                `json:"id"`
    IssueID             string                `json:"issue_id"`
    ActionType          IssueActionType       `json:"action_type"`
    Scope               NetworkPolicyScope    `json:"scope"`
    Reason              string                `json:"reason"`
    UserID              *string               `json:"user_id,omitempty"`
    NetworkPolicyID     string                `json:"network_policy_id"`
    NetworkPolicyRuleID string                `json:"network_policy_rule_id"`
    DestinationType     NetworkPolicyRuleType `json:"destination_type"`
    DestinationValue    string                `json:"destination_value"`
    CreatedAt           time.Time             `json:"created_at"`
}

Error Constants

const (
    ErrInvalidIssueState            = errs.InvalidArgumentError("invalid issue state")
    ErrInvalidIssuePriority         = errs.InvalidArgumentError("invalid issue priority")
    ErrInvalidIssueClass            = errs.InvalidArgumentError("invalid issue class")
    ErrInvalidIssueDescription      = errs.InvalidArgumentError("invalid issue description")
    ErrInvalidIssueEventIDs         = errs.InvalidArgumentError("invalid issue event IDs")
    ErrInvalidIssueIgnoreFor        = errs.InvalidArgumentError("invalid issue ignore_for")
    ErrInvalidIssueReason           = errs.InvalidArgumentError("invalid issue reason")
    ErrInvalidIssueActionType       = errs.InvalidArgumentError("invalid issue action type")
    ErrInvalidIssueActionScope      = errs.InvalidArgumentError("invalid issue action scope")
    ErrIssueHasNoNetworkDestination = errs.InvalidArgumentError("issue has no network destination")
    ErrInvalidIssueID               = errs.InvalidArgumentError("invalid issue ID")
    ErrInvalidEventID               = errs.InvalidArgumentError("invalid event ID")
    ErrUnauthorizedEvents           = errs.UnauthorizedError("permission denied")
    ErrUnauthorizedIssue            = errs.UnauthorizedError("permission denied")
    ErrInvalidAgentKind             = errs.InvalidArgumentError("invalid agent kind")
    ErrMissingRepositoryID          = errs.InvalidArgumentError("missing repository ID in agent context")
    ErrMissingWorkflow              = errs.InvalidArgumentError("missing workflow in agent context")
    ErrNoAssociatedEvents           = errs.InvalidArgumentError("issue has no associated events")
    ErrMissingGitHubContext         = errs.InvalidArgumentError("agent does not have GitHub context")
)

Build docs developers (and LLMs) love

Get started for freeTalk to us