sbom

package

v0.11.6 Latest Latest Go to latest Published: Sep 5, 2024 License: Apache-2.0 Imports: 21 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/chainguard-dev/melange

Links

Open Source Insights

Documentation ¶

Overview ¶

Package sbom captures the internal data model of the SBOMs melange produces into a private, generalized bill of materials model (with relationship data) designed to be transcoded to specific formats.

Index ¶

func GenerateAndWrite(ctx context.Context, apkFSPath string, spec *Spec) error
func GenerateSPDX(ctx context.Context, spec *Spec) (*spdx.Document, error)
type Spec

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

func GenerateAndWrite ¶ added in v0.11.3

func GenerateAndWrite(ctx context.Context, apkFSPath string, spec *Spec) error

GenerateAndWrite creates an SBOM for the APK package described by the given Spec and writes the SBOM to the APK's filesystem.

func GenerateSPDX ¶ added in v0.11.3

func GenerateSPDX(ctx context.Context, spec *Spec) (*spdx.Document, error)

GenerateSPDX creates an SPDX 2.3 document from the given Spec.

Types ¶

type Spec ¶

type Spec struct {
	PackageName     string
	PackageVersion  string
	License         string // Full SPDX license expression
	LicensingInfos  map[string]string
	ExternalRefs    []purl.PackageURL
	Copyright       string
	Namespace       string
	Arch            string
	SourceDateEpoch time.Time
}

Spec describes the metadata of an APK package for which an SBOM should be created.

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL