spdx

package

v0.14.6 Latest Latest Go to latest Published: May 31, 2024 License: Apache-2.0 Imports: 13 Imported by: 2

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/chainguard-dev/apko

Links

Open Source Insights

Documentation ¶

Constants ¶

View Source

const (
	NOASSERTION          = "NOASSERTION"
	ExtRefPackageManager = "PACKAGE-MANAGER"
	ExtRefTypePurl       = "purl"
)

Variables ¶

This section is empty.

Functions ¶

This section is empty.

Types ¶

type Checksum ¶

type Checksum struct {
	Algorithm string `json:"algorithm"`
	Value     string `json:"checksumValue"`
}

type CreationInfo ¶

type CreationInfo struct {
	Created            string   `json:"created"` // Date
	Creators           []string `json:"creators"`
	LicenseListVersion string   `json:"licenseListVersion"`
}

type Document ¶

type Document struct {
	ID                   string                `json:"SPDXID"`
	Name                 string                `json:"name"`
	Version              string                `json:"spdxVersion"`
	CreationInfo         CreationInfo          `json:"creationInfo"`
	DataLicense          string                `json:"dataLicense"`
	Namespace            string                `json:"documentNamespace"`
	DocumentDescribes    []string              `json:"documentDescribes"`
	Packages             []Package             `json:"packages"`
	Relationships        []Relationship        `json:"relationships"`
	ExternalDocumentRefs []ExternalDocumentRef `json:"externalDocumentRefs,omitempty"`
	LicensingInfos       []LicensingInfo       `json:"hasExtractedLicensingInfos,omitempty"`
}

type ExternalDocumentRef ¶ added in v0.5.0

type ExternalDocumentRef struct {
	Checksum           Checksum `json:"checksum"`
	ExternalDocumentID string   `json:"externalDocumentId"`
	SPDXDocument       string   `json:"spdxDocument"`
}

type ExternalRef ¶

type ExternalRef struct {
	Category string `json:"referenceCategory"`
	Locator  string `json:"referenceLocator"`
	Type     string `json:"referenceType"`
}

type File ¶ added in v0.6.0

type File struct {
	ID                string     `json:"SPDXID"`
	Name              string     `json:"fileName"`
	CopyrightText     string     `json:"copyrightText,omitempty"`
	NoticeText        string     `json:"noticeText,omitempty"`
	LicenseConcluded  string     `json:"licenseConcluded,omitempty"`
	Description       string     `json:"description,omitempty"`
	FileTypes         []string   `json:"fileTypes,omitempty"`
	LicenseInfoInFile []string   `json:"licenseInfoInFiles,omitempty"` // List of licenses
	Checksums         []Checksum `json:"checksums,omitempty"`
}

type LicensingInfo ¶ added in v0.14.2

type LicensingInfo struct {
	LicenseID     string `json:"licenseId"`
	ExtractedText string `json:"extractedText"`
}

Can also contain name, comment, seeAlso

type Package ¶

type Package struct {
	ID               string                   `json:"SPDXID"`
	Name             string                   `json:"name"`
	Version          string                   `json:"versionInfo,omitempty"`
	FilesAnalyzed    bool                     `json:"filesAnalyzed"`
	LicenseConcluded string                   `json:"licenseConcluded,omitempty"`
	LicenseDeclared  string                   `json:"licenseDeclared,omitempty"`
	Description      string                   `json:"description,omitempty"`
	DownloadLocation string                   `json:"downloadLocation,omitempty"`
	Originator       string                   `json:"originator,omitempty"`
	Supplier         string                   `json:"supplier,omitempty"`
	SourceInfo       string                   `json:"sourceInfo,omitempty"`
	CopyrightText    string                   `json:"copyrightText,omitempty"`
	PrimaryPurpose   string                   `json:"primaryPackagePurpose,omitempty"`
	Checksums        []Checksum               `json:"checksums,omitempty"`
	ExternalRefs     []ExternalRef            `json:"externalRefs,omitempty"`
	VerificationCode *PackageVerificationCode `json:"packageVerificationCode,omitempty"`
}

type PackageVerificationCode ¶ added in v0.6.0

type PackageVerificationCode struct {
	Value string `json:"packageVerificationCodeValue,omitempty"`
}

type Relationship ¶

type Relationship struct {
	Element string `json:"spdxElementId"`
	Type    string `json:"relationshipType"`
	Related string `json:"relatedSpdxElement"`
}

type SPDX ¶

type SPDX struct {
	// contains filtered or unexported fields
}

func New ¶

func New(fs apkfs.FullFS) SPDX

func (*SPDX) Ext ¶

func (sx *SPDX) Ext() string

func (*SPDX) Generate ¶

func (sx *SPDX) Generate(opts *options.Options, path string) error

Generate writes an SPDX SBOM in path

func (*SPDX) GenerateIndex ¶ added in v0.5.0

func (sx *SPDX) GenerateIndex(opts *options.Options, path string) error

func (*SPDX) Key ¶

func (sx *SPDX) Key() string

func (*SPDX) ParseInternalSBOM ¶ added in v0.7.0

func (sx *SPDX) ParseInternalSBOM(opts *options.Options, path string) (*Document, error)

ParseInternalSBOM opens an SBOM inside apks and

func (*SPDX) ProcessInternalApkSBOM ¶ added in v0.7.0

func (sx *SPDX) ProcessInternalApkSBOM(opts *options.Options, doc *Document, p *Package, ipkg *apk.InstalledPackage) error

Source Files ¶

View all Source files

spdx.go

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL