adds tag annotation, fixes wrong security definition

Author: timbastin

cmd/devguard/main.go

@@ -64,10 +64,12 @@ var release string // Will be filled at build time
 //	@securityDefinitions.apikey	CookieAuth
 //	@in							cookie
 //	@name						ory_kratos_session
+//	@description				Session-based authentication using Ory Kratos
 
-//	@securityDefinitions.apikey	ApiKeyAuth
-//	@in							header
-//	@name						X-API-Key
+// @securityDefinitions.apikey	PATAuth
+// @in							header
+// @name						X-Signature
+// @description				Personal Access Token authentication using HTTP request signing. Requires X-Signature and X-Fingerprint headers.
 func main() {
 	//os.Setenv("TZ", "UTC")
 	shared.LoadConfig() // nolint: errcheck

controllers/artifact_controller.go

@@ -61,8 +61,9 @@ func informationSourceToString(source informationSource) string {
 }
 
 // @Summary Create artifact
+// @Tags Artifacts
 // @Security CookieAuth
-// @Security ApiKeyAuth
+// @Security PATAuth
 // @Param organization path string true "Organization slug"
 // @Param projectSlug path string true "Project slug"
 // @Param assetSlug path string true "Asset slug"
@@ -125,8 +126,9 @@ func (c *ArtifactController) Create(ctx shared.Context) error {
 }
 
 // @Summary Delete artifact
+// @Tags Artifacts
 // @Security CookieAuth
-// @Security ApiKeyAuth
+// @Security PATAuth
 // @Param organization path string true "Organization slug"
 // @Param projectSlug path string true "Project slug"
 // @Param assetSlug path string true "Asset slug"
@@ -182,8 +184,9 @@ func (c *ArtifactController) DeleteArtifact(ctx shared.Context) error {
 }
 
 // @Summary Sync external sources for artifact
+// @Tags Artifacts
 // @Security CookieAuth
-// @Security ApiKeyAuth
+// @Security PATAuth
 // @Param organization path string true "Organization slug"
 // @Param projectSlug path string true "Project slug"
 // @Param assetSlug path string true "Asset slug"
@@ -234,8 +237,9 @@ func (c *ArtifactController) SyncExternalSources(ctx shared.Context) error {
 }
 
 // @Summary Update artifact
+// @Tags Artifacts
 // @Security CookieAuth
-// @Security ApiKeyAuth
+// @Security PATAuth
 // @Param organization path string true "Organization slug"
 // @Param projectSlug path string true "Project slug"
 // @Param assetSlug path string true "Asset slug"

controllers/asset_controller.go

@@ -53,6 +53,7 @@ func (a *AssetController) RunDaemonPipeline(ctx shared.Context) error {
 }
 
 // @Summary Lookup asset by provider
+// @Tags Assets
 // @Param provider query string true "Provider name"
 // @Param id query string true "Repository ID"
 // @Success 200 {object} dtos.LookupResponse
@@ -96,8 +97,9 @@ func (a *AssetController) HandleLookup(ctx shared.Context) error {
 }
 
 // @Summary List assets
+// @Tags Assets
 // @Security CookieAuth
-// @Security ApiKeyAuth
+// @Security PATAuth
 // @Param organization path string true "Organization slug"
 // @Param projectSlug path string true "Project slug"
 // @Success 200 {array} dtos.AssetDTO
@@ -141,8 +143,9 @@ func (a *AssetController) AttachSigningKey(ctx shared.Context) error {
 }
 
 // @Summary Delete asset
+// @Tags Assets
 // @Security CookieAuth
-// @Security ApiKeyAuth
+// @Security PATAuth
 // @Param organization path string true "Organization slug"
 // @Param projectSlug path string true "Project slug"
 // @Param assetSlug path string true "Asset slug"
@@ -174,8 +177,9 @@ func (a *AssetController) GetSecrets(ctx shared.Context) error {
 }
 
 // @Summary Create asset
+// @Tags Assets
 // @Security CookieAuth
-// @Security ApiKeyAuth
+// @Security PATAuth
 // @Param organization path string true "Organization slug"
 // @Param projectSlug path string true "Project slug"
 // @Param body body dtos.AssetCreateRequest true "Request body"
@@ -205,8 +209,9 @@ func (a *AssetController) Create(ctx shared.Context) error {
 }
 
 // @Summary Get asset details
+// @Tags Assets
 // @Security CookieAuth
-// @Security ApiKeyAuth
+// @Security PATAuth
 // @Param organization path string true "Organization slug"
 // @Param projectSlug path string true "Project slug"
 // @Param assetSlug path string true "Asset slug"
@@ -224,8 +229,9 @@ func (a *AssetController) Read(ctx shared.Context) error {
 }
 
 // @Summary Update asset
+// @Tags Assets
 // @Security CookieAuth
-// @Security ApiKeyAuth
+// @Security PATAuth
 // @Param organization path string true "Organization slug"
 // @Param projectSlug path string true "Project slug"
 // @Param assetSlug path string true "Asset slug"

controllers/asset_version_controller.go

@@ -71,8 +71,9 @@ func NewAssetVersionController(
 }
 
 // @Summary Get asset version details
+// @Tags Asset Versions
 // @Security CookieAuth
-// @Security ApiKeyAuth
+// @Security PATAuth
 // @Param organization path string true "Organization slug"
 // @Param projectSlug path string true "Project slug"
 // @Param assetSlug path string true "Asset slug"
@@ -85,8 +86,9 @@ func (a *AssetVersionController) Read(ctx shared.Context) error {
 }
 
 // @Summary Create asset version
+// @Tags Asset Versions
 // @Security CookieAuth
-// @Security ApiKeyAuth
+// @Security PATAuth
 // @Param organization path string true "Organization slug"
 // @Param projectSlug path string true "Project slug"
 // @Param assetSlug path string true "Asset slug"
@@ -120,8 +122,9 @@ func (a *AssetVersionController) Create(ctx shared.Context) error {
 }
 
 // @Summary Delete asset version
+// @Tags Asset Versions
 // @Security CookieAuth
-// @Security ApiKeyAuth
+// @Security PATAuth
 // @Param organization path string true "Organization slug"
 // @Param projectSlug path string true "Project slug"
 // @Param assetSlug path string true "Asset slug"
@@ -139,8 +142,9 @@ func (a *AssetVersionController) Delete(ctx shared.Context) error {
 }
 
 // @Summary List asset versions
+// @Tags Asset Versions
 // @Security CookieAuth
-// @Security ApiKeyAuth
+// @Security PATAuth
 // @Param organization path string true "Organization slug"
 // @Param projectSlug path string true "Project slug"
 // @Param assetSlug path string true "Asset slug"
@@ -240,8 +244,9 @@ func (a *AssetVersionController) GetDependencyPathFromPURL(ctx shared.Context) e
 }
 
 // @Summary Get SBOM in JSON format
+// @Tags Asset Versions
 // @Security CookieAuth
-// @Security ApiKeyAuth
+// @Security PATAuth
 // @Param organization path string true "Organization slug"
 // @Param projectSlug path string true "Project slug"
 // @Param assetSlug path string true "Asset slug"
@@ -297,8 +302,9 @@ func (a *AssetVersionController) VEXXML(ctx shared.Context) error {
 }
 
 // @Summary Get VEX in JSON format
+// @Tags Asset Versions
 // @Security CookieAuth
-// @Security ApiKeyAuth
+// @Security PATAuth
 // @Param organization path string true "Organization slug"
 // @Param projectSlug path string true "Project slug"
 // @Param assetSlug path string true "Asset slug"
@@ -454,8 +460,9 @@ func (a *AssetVersionController) buildVeX(ctx shared.Context) (*normalize.CdxBom
 }
 
 // @Summary Get asset version metrics
+// @Tags Asset Versions
 // @Security CookieAuth
-// @Security ApiKeyAuth
+// @Security PATAuth
 // @Param organization path string true "Organization slug"
 // @Param projectSlug path string true "Project slug"
 // @Param assetSlug path string true "Asset slug"

controllers/attestation_controller.go

@@ -26,8 +26,9 @@ func NewAttestationController(repository shared.AttestationRepository, assetVers
 }
 
 // @Summary List attestations
+// @Tags Attestations
 // @Security CookieAuth
-// @Security ApiKeyAuth
+// @Security PATAuth
 // @Param organization path string true "Organization slug"
 // @Param projectSlug path string true "Project slug"
 // @Param assetSlug path string true "Asset slug"
@@ -48,8 +49,9 @@ func (a *AttestationController) List(ctx shared.Context) error {
 }
 
 // @Summary Create attestation
+// @Tags Attestations
 // @Security CookieAuth
-// @Security ApiKeyAuth
+// @Security PATAuth
 // @Param body body object true "Attestation content"
 // @Param X-Asset-Ref header string false "Asset version name"
 // @Param X-Artifact-Name header string false "Artifact name"

controllers/csaf_controller.go

@@ -50,8 +50,9 @@ func NewCSAFController(dependencyVulnRepository shared.DependencyVulnRepository,
 }
 
 // @Summary Get CSAF index file
+// @Tags CSAF
 // @Security CookieAuth
-// @Security ApiKeyAuth
+// @Security PATAuth
 // @Param organization path string true "Organization slug"
 // @Param projectSlug path string true "Project slug"
 // @Param assetSlug path string true "Asset slug"
@@ -79,8 +80,9 @@ func (controller *CSAFController) GetIndexFile(ctx shared.Context) error {
 }
 
 // @Summary Get CSAF changes CSV
+// @Tags CSAF
 // @Security CookieAuth
-// @Security ApiKeyAuth
+// @Security PATAuth
 // @Param organization path string true "Organization slug"
 // @Param projectSlug path string true "Project slug"
 // @Param assetSlug path string true "Asset slug"
@@ -339,6 +341,7 @@ func (controller *CSAFController) GetOpenPGPFile(ctx shared.Context) error {
 }
 
 // @Summary Get CSAF aggregator metadata
+// @Tags CSAF
 // @Success 200 {object} object
 // @Router /.well-known/csaf-aggregator/aggregator.json [get]
 func (controller *CSAFController) GetAggregatorJSON(ctx shared.Context) error {
@@ -409,8 +412,9 @@ func (controller *CSAFController) GetAggregatorJSON(ctx shared.Context) error {
 }
 
 // @Summary Get CSAF provider metadata for organization
+// @Tags CSAF
 // @Security CookieAuth
-// @Security ApiKeyAuth
+// @Security PATAuth
 // @Param organization path string true "Organization slug"
 // @Success 200 {object} object
 // @Router /organizations/{organization}/csaf/provider-metadata.json [get]
@@ -469,8 +473,9 @@ func getPublicKeyFingerprint() string {
 // from here on: code that handles the creation of csaf reports them self
 
 // @Summary Get CSAF report
+// @Tags CSAF
 // @Security CookieAuth
-// @Security ApiKeyAuth
+// @Security PATAuth
 // @Param organization path string true "Organization slug"
 // @Param projectSlug path string true "Project slug"
 // @Param assetSlug path string true "Asset slug"

controllers/dependency_vuln_controller.go

@@ -127,8 +127,9 @@ func (controller DependencyVulnController) ListByAssetIDWithoutHandledExternalEv
 }
 
 // @Summary List dependency vulnerabilities
+// @Tags Vulnerabilities
 // @Security CookieAuth
-// @Security ApiKeyAuth
+// @Security PATAuth
 // @Param organization path string true "Organization slug"
 // @Param projectSlug path string true "Project slug"
 // @Param assetSlug path string true "Asset slug"
@@ -250,8 +251,9 @@ func (controller DependencyVulnController) Mitigate(ctx shared.Context) error {
 }
 
 // @Summary Get dependency vulnerability details
+// @Tags Vulnerabilities
 // @Security CookieAuth
-// @Security ApiKeyAuth
+// @Security PATAuth
 // @Param organization path string true "Organization slug"
 // @Param projectSlug path string true "Project slug"
 // @Param assetSlug path string true "Asset slug"
@@ -366,8 +368,9 @@ func (controller DependencyVulnController) SyncDependencyVulns(ctx shared.Contex
 }
 
 // @Summary Create vulnerability event
+// @Tags Vulnerabilities
 // @Security CookieAuth
-// @Security ApiKeyAuth
+// @Security PATAuth
 // @Param organization path string true "Organization slug"
 // @Param projectSlug path string true "Project slug"
 // @Param assetSlug path string true "Asset slug"

controllers/first_party_vuln_controller.go

@@ -35,8 +35,9 @@ func NewFirstPartyVulnController(firstPartyVulnRepository shared.FirstPartyVulnR
 }
 
 // @Summary List first-party vulnerabilities by organization
+// @Tags Vulnerabilities
 // @Security CookieAuth
-// @Security ApiKeyAuth
+// @Security PATAuth
 // @Param organization path string true "Organization slug"
 // @Param search query string false "Search term"
 // @Success 200 {object} object
@@ -69,8 +70,9 @@ func (c FirstPartyVulnController) ListByOrgPaged(ctx shared.Context) error {
 }
 
 // @Summary List first-party vulnerabilities by project
+// @Tags Vulnerabilities
 // @Security CookieAuth
-// @Security ApiKeyAuth
+// @Security PATAuth
 // @Param organization path string true "Organization slug"
 // @Param projectSlug path string true "Project slug"
 // @Param search query string false "Search term"
@@ -131,8 +133,9 @@ func (c FirstPartyVulnController) Mitigate(ctx shared.Context) error {
 }
 
 // @Summary Get first-party vulnerability details
+// @Tags Vulnerabilities
 // @Security CookieAuth
-// @Security ApiKeyAuth
+// @Security PATAuth
 // @Param vulnID path string true "Vulnerability ID"
 // @Success 200 {object} dtos.DetailedFirstPartyVulnDTO
 // @Router /vulns/{vulnID} [get]
@@ -150,8 +153,9 @@ func (c FirstPartyVulnController) Read(ctx shared.Context) error {
 	return ctx.JSON(200, convertFirstPartyVulnToDetailedDTO(firstPartyVuln))
 }
 // @Summary Create first-party vulnerability event
+// @Tags Vulnerabilities
 // @Security CookieAuth
-// @Security ApiKeyAuth
+// @Security PATAuth
 // @Param vulnID path string true "Vulnerability ID"
 // @Param body body object true "Event data"
 // @Success 200 {object} dtos.DetailedFirstPartyVulnDTO
@@ -204,8 +208,9 @@ func (c FirstPartyVulnController) CreateEvent(ctx shared.Context) error {
 }
 
 // @Summary List first-party vulnerabilities by asset version
+// @Tags Vulnerabilities
 // @Security CookieAuth
-// @Security ApiKeyAuth
+// @Security PATAuth
 // @Param organization path string true "Organization slug"
 // @Param projectSlug path string true "Project slug"
 // @Param assetSlug path string true "Asset slug"
@@ -237,8 +242,9 @@ func (c FirstPartyVulnController) ListPaged(ctx shared.Context) error {
 }
 
 // @Summary Get first-party vulnerabilities as SARIF
+// @Tags Vulnerabilities
 // @Security CookieAuth
-// @Security ApiKeyAuth
+// @Security PATAuth
 // @Param organization path string true "Organization slug"
 // @Param projectSlug path string true "Project slug"
 // @Param assetSlug path string true "Asset slug"

controllers/integration_controller.go

@@ -46,8 +46,9 @@ func (c *IntegrationController) AutoSetup(ctx shared.Context) error {
 }
 
 // @Summary List repositories from integrations
+// @Tags Integrations
 // @Security CookieAuth
-// @Security ApiKeyAuth
+// @Security PATAuth
 // @Success 200 {array} object
 // @Router /integrations/repositories [get]
 func (c *IntegrationController) ListRepositories(ctx shared.Context) error {
@@ -115,6 +116,7 @@ func (c *IntegrationController) TestAndSaveJiraIntegration(ctx shared.Context) e
 }
 
 // @Summary GitLab OAuth2 callback
+// @Tags Integrations
 // @Security CookieAuth
 // @Param integrationName path string true "Integration name"
 // @Success 200
@@ -138,6 +140,7 @@ func (c *IntegrationController) GitLabOauth2Callback(ctx shared.Context) error {
 }
 
 // @Summary GitLab OAuth2 login
+// @Tags Integrations
 // @Security CookieAuth
 // @Param integrationName path string true "Integration name"
 // @Success 200