README
¶
cyclonedx-go
cyclonedx-go is a Go library to consume and produce CycloneDX Software Bill of Materials (SBOM)
If you just want to create BOMs for your Go projects, see cyclonedx-gomod
Installation
go get github.com/CycloneDX/cyclonedx-go
Usage
Please refer to the module's documentation.
Also, checkout the examples to get an idea of how this library may be used.
Compatibility
| cyclonedx-go versions | Supported Go versions | Supported CycloneDX spec |
|---|---|---|
| < v0.4.0 | 1.14+ | 1.2 |
| == v0.4.0 | 1.14+ | 1.3 |
| >= v0.5.0, < v0.7.0 | 1.15+ | 1.4 |
| >= v0.7.0 | 1.17+ | 1.0-1.4 |
We're aiming to support all officially supported Go versions, plus an additional older version.
Prior to v0.7.0, this library only supported the latest version of the CycloneDX specification. While it is generally possible to read BOMs of an older spec, writing would exclusively produce BOMs conforming to the latest supported spec.
Starting with v0.7.0, writing BOMs conforming to all previous version of the spec is also possible.
Copyright & License
CycloneDX Go is Copyright (c) OWASP Foundation. All Rights Reserved.
Permission to modify and redistribute is granted under the terms of the Apache 2.0 license.
See the LICENSE file for the full license.
Contributing
Pull requests are welcome. But please read the CycloneDX contributing guidelines first.
It is generally expected that pull requests will include relevant tests. Tests are automatically run against all supported Go versions (see Compatibility) for every pull request.
Running Tests
Some tests make use of the CycloneDX CLI, e.g. to validate BOMs.
Make sure to download the CLI binary and make it available as cyclonedx in your $PATH.
This is done automatically for Gitpod.
Documentation
¶
Overview ¶
Example (Decode) ¶
This example demonstrates how to decode and work with BOMs in CycloneDX format.
package main
import (
"fmt"
"net/http"
cdx "github.com/CycloneDX/cyclonedx-go"
)
func main() {
// Acquire a BOM (e.g. by downloading it)
res, err := http.Get("https://github.com/DependencyTrack/dependency-track/releases/download/4.1.0/bom.json")
if err != nil {
panic(err)
}
defer res.Body.Close()
// Decode the BOM
bom := new(cdx.BOM)
decoder := cdx.NewBOMDecoder(res.Body, cdx.BOMFileFormatJSON)
if err = decoder.Decode(bom); err != nil {
panic(err)
}
fmt.Printf("Successfully decoded BOM of %s\n", bom.Metadata.Component.PackageURL)
fmt.Printf("- Generated: %s with %s\n", bom.Metadata.Timestamp, (*bom.Metadata.Tools)[0].Name)
fmt.Printf("- Components: %d\n", len(*bom.Components))
}
Output: Successfully decoded BOM of pkg:maven/org.dependencytrack/dependency-track@4.1.0 - Generated: 2021-02-09T20:40:32Z with CycloneDX Maven plugin - Components: 167
Example (Encode) ¶
This example demonstrates how to create and encode a BOM in CycloneDX format.
package main
import (
"os"
cdx "github.com/CycloneDX/cyclonedx-go"
)
func main() {
metadata := cdx.Metadata{
// Define metadata about the main component
// (the component which the BOM will describe)
Component: &cdx.Component{
BOMRef: "pkg:golang/acme-inc/acme-app@v1.0.0",
Type: cdx.ComponentTypeApplication,
Name: "ACME Application",
Version: "v1.0.0",
},
// Use properties to include an internal identifier for this BOM
// https://cyclonedx.org/use-cases/#properties--name-value-store
Properties: &[]cdx.Property{
{
Name: "internal:bom-identifier",
Value: "123456789",
},
},
}
// Define the components that acme-app ships with
// https://cyclonedx.org/use-cases/#inventory
components := []cdx.Component{
{
BOMRef: "pkg:golang/github.com/CycloneDX/cyclonedx-go@v0.3.0",
Type: cdx.ComponentTypeLibrary,
Author: "CycloneDX",
Name: "cyclonedx-go",
Version: "v0.3.0",
PackageURL: "pkg:golang/github.com/CycloneDX/cyclonedx-go@v0.3.0",
},
}
// Define the dependency graph
// https://cyclonedx.org/use-cases/#dependency-graph
dependencies := []cdx.Dependency{
{
Ref: "pkg:golang/acme-inc/acme-app@v1.0.0",
Dependencies: &[]string{
"pkg:golang/github.com/CycloneDX/cyclonedx-go@v0.3.0",
},
},
{
Ref: "pkg:golang/github.com/CycloneDX/cyclonedx-go@v0.3.0",
},
}
// Assemble the BOM
bom := cdx.NewBOM()
bom.Metadata = &metadata
bom.Components = &components
bom.Dependencies = &dependencies
// Encode the BOM
err := cdx.NewBOMEncoder(os.Stdout, cdx.BOMFileFormatXML).
SetPretty(true).
Encode(bom)
if err != nil {
panic(err)
}
}
Output: <?xml version="1.0" encoding="UTF-8"?> <bom xmlns="http://cyclonedx.org/schema/bom/1.4" version="1"> <metadata> <component bom-ref="pkg:golang/acme-inc/acme-app@v1.0.0" type="application"> <name>ACME Application</name> <version>v1.0.0</version> </component> <properties> <property name="internal:bom-identifier">123456789</property> </properties> </metadata> <components> <component bom-ref="pkg:golang/github.com/CycloneDX/cyclonedx-go@v0.3.0" type="library"> <author>CycloneDX</author> <name>cyclonedx-go</name> <version>v0.3.0</version> <purl>pkg:golang/github.com/CycloneDX/cyclonedx-go@v0.3.0</purl> </component> </components> <dependencies> <dependency ref="pkg:golang/acme-inc/acme-app@v1.0.0"> <dependency ref="pkg:golang/github.com/CycloneDX/cyclonedx-go@v0.3.0"></dependency> </dependency> <dependency ref="pkg:golang/github.com/CycloneDX/cyclonedx-go@v0.3.0"></dependency> </dependencies> </bom>
Index ¶
- Constants
- Variables
- func Bool(value bool) *bool
- func IsBOMLink(s string) bool
- type Advisory
- type AffectedVersions
- type Affects
- type AttachedText
- type BOM
- type BOMDecoder
- type BOMEncoder
- type BOMFileFormat
- type BOMLink
- type BOMReference
- type Commit
- type Component
- type ComponentType
- type Composition
- type CompositionAggregate
- type Copyright
- type Credits
- type DataClassification
- type DataFlow
- type Dependency
- type Diff
- type Evidence
- type ExternalReference
- type ExternalReferenceType
- type Hash
- type HashAlgorithm
- type IdentifiableAction
- type ImpactAnalysisJustification
- type ImpactAnalysisResponse
- type ImpactAnalysisState
- type Issue
- type IssueType
- type License
- type LicenseChoice
- type Licenses
- type MediaType
- type Metadata
- type Note
- type OrganizationalContact
- type OrganizationalEntity
- type Patch
- type PatchType
- type Pedigree
- type Property
- type ReleaseNotes
- type SWID
- type Scope
- type ScoringMethod
- type Service
- type Severity
- type Source
- type SpecVersion
- func (sv SpecVersion) MarshalJSON() ([]byte, error)
- func (sv SpecVersion) MarshalXML(e *xml.Encoder, start xml.StartElement) error
- func (i SpecVersion) String() string
- func (sv *SpecVersion) UnmarshalJSON(bytes []byte) error
- func (sv *SpecVersion) UnmarshalXML(d *xml.Decoder, start xml.StartElement) error
- type Tool
- type Vulnerability
- type VulnerabilityAnalysis
- type VulnerabilityRating
- type VulnerabilityReference
- type VulnerabilityStatus
Examples ¶
Constants ¶
View Source
const (
BOMFormat = "CycloneDX"
)
Variables ¶
View Source
var ErrInvalidSpecVersion = errors.New("invalid specification version")
Functions ¶
Types ¶
type AffectedVersions ¶ added in v0.5.0
type AffectedVersions struct {
Version string `json:"version,omitempty" xml:"version,omitempty"`
Range string `json:"range,omitempty" xml:"range,omitempty"`
Status VulnerabilityStatus `json:"status" xml:"status"`
}
type Affects ¶ added in v0.5.0
type Affects struct {
Ref string `json:"ref" xml:"ref"`
Range *[]AffectedVersions `json:"versions,omitempty" xml:"versions>version,omitempty"`
}
type AttachedText ¶
type BOM ¶
type BOM struct {
// XML specific fields
XMLName xml.Name `json:"-" xml:"bom"`
XMLNS string `json:"-" xml:"xmlns,attr"`
// JSON specific fields
BOMFormat string `json:"bomFormat" xml:"-"`
SpecVersion SpecVersion `json:"specVersion" xml:"-"`
SerialNumber string `json:"serialNumber,omitempty" xml:"serialNumber,attr,omitempty"`
Version int `json:"version" xml:"version,attr"`
Metadata *Metadata `json:"metadata,omitempty" xml:"metadata,omitempty"`
Components *[]Component `json:"components,omitempty" xml:"components>component,omitempty"`
Services *[]Service `json:"services,omitempty" xml:"services>service,omitempty"`
ExternalReferences *[]ExternalReference `json:"externalReferences,omitempty" xml:"externalReferences>reference,omitempty"`
Dependencies *[]Dependency `json:"dependencies,omitempty" xml:"dependencies>dependency,omitempty"`
Compositions *[]Composition `json:"compositions,omitempty" xml:"compositions>composition,omitempty"`
Properties *[]Property `json:"properties,omitempty" xml:"properties>property,omitempty"`
Vulnerabilities *[]Vulnerability `json:"vulnerabilities,omitempty" xml:"vulnerabilities>vulnerability,omitempty"`
}
type BOMDecoder ¶
func NewBOMDecoder ¶
func NewBOMDecoder(reader io.Reader, format BOMFileFormat) BOMDecoder
type BOMEncoder ¶
type BOMEncoder interface {
// Encode encodes a given BOM.
Encode(bom *BOM) error
// EncodeVersion encodes a given BOM in a specific version of the specification.
// Choosing a lower spec version than what the BOM was constructed for will result
// in loss of information. The original BOM struct is guaranteed to not be modified.
EncodeVersion(bom *BOM, version SpecVersion) error
// SetPretty toggles prettified output.
SetPretty(pretty bool) BOMEncoder
}
func NewBOMEncoder ¶
func NewBOMEncoder(writer io.Writer, format BOMFileFormat) BOMEncoder
type BOMFileFormat ¶
type BOMFileFormat int
const ( BOMFileFormatXML BOMFileFormat = iota BOMFileFormatJSON )
type BOMLink ¶ added in v0.6.0
type BOMLink struct {
// contains filtered or unexported fields
}
BOMLink provides the ability to create references to other BOMs and specific components, services or vulnerabilities within them.
See also: - https://cyclonedx.org/capabilities/bomlink/ - https://www.iana.org/assignments/urn-formal/cdx
func NewBOMLink ¶ added in v0.6.0
NewBOMLink creates a new link to a BOM with a given serial number and version. The serial number MUST conform to RFC-4122. The version MUST NOT be zero or negative.
By providing a non-nil element, a deep link to that element is created. Linkable elements include components, services and vulnerabilities. When an element is provided, it MUST have a bom reference.
Example ¶
package main
import (
"fmt"
cdx "github.com/CycloneDX/cyclonedx-go"
)
func main() {
bom := cdx.NewBOM()
bom.SerialNumber = "urn:uuid:bd064d10-4238-4a2e-9517-216f79ed77ad"
bom.Version = 2
bom.Metadata = &cdx.Metadata{
Component: &cdx.Component{
BOMRef: "pkg:golang/github.com/CycloneDX/cyclonedx-go@v0.5.0?type=module",
Type: cdx.ComponentTypeLibrary,
Name: "github.com/CycloneDX/cyclonedx-go",
Version: "v0.5.0",
PackageURL: "pkg:golang/github.com/CycloneDX/cyclonedx-go@v0.5.0?type=module",
},
}
link, _ := cdx.NewBOMLink(bom.SerialNumber, bom.Version, nil)
deepLink, _ := cdx.NewBOMLink(bom.SerialNumber, bom.Version, bom.Metadata.Component)
fmt.Println(link.String())
fmt.Println(deepLink.String())
}
Output: urn:cdx:bd064d10-4238-4a2e-9517-216f79ed77ad/2 urn:cdx:bd064d10-4238-4a2e-9517-216f79ed77ad/2#pkg%3Agolang%2Fgithub.com%2FCycloneDX%2Fcyclonedx-go%40v0.5.0%3Ftype%3Dmodule
func ParseBOMLink ¶ added in v0.6.0
ParseBOMLink parses a string into a BOMLink.
func (BOMLink) Reference ¶ added in v0.6.0
Reference returns the reference of the element within the linked BOM.
func (BOMLink) SerialNumber ¶ added in v0.6.0
SerialNumber returns the serial number of the linked BOM.
type BOMReference ¶ added in v0.4.0
type BOMReference string
func (BOMReference) MarshalXML ¶ added in v0.4.0
func (b BOMReference) MarshalXML(e *xml.Encoder, start xml.StartElement) error
func (*BOMReference) UnmarshalXML ¶ added in v0.4.0
func (b *BOMReference) UnmarshalXML(d *xml.Decoder, start xml.StartElement) error
type Commit ¶
type Commit struct {
UID string `json:"uid,omitempty" xml:"uid,omitempty"`
URL string `json:"url,omitempty" xml:"url,omitempty"`
Author *IdentifiableAction `json:"author,omitempty" xml:"author,omitempty"`
Committer *IdentifiableAction `json:"committer,omitempty" xml:"committer,omitempty"`
Message string `json:"message,omitempty" xml:"message,omitempty"`
}
type Component ¶
type Component struct {
BOMRef string `json:"bom-ref,omitempty" xml:"bom-ref,attr,omitempty"`
MIMEType string `json:"mime-type,omitempty" xml:"mime-type,attr,omitempty"`
Type ComponentType `json:"type" xml:"type,attr"`
Supplier *OrganizationalEntity `json:"supplier,omitempty" xml:"supplier,omitempty"`
Author string `json:"author,omitempty" xml:"author,omitempty"`
Publisher string `json:"publisher,omitempty" xml:"publisher,omitempty"`
Group string `json:"group,omitempty" xml:"group,omitempty"`
Name string `json:"name" xml:"name"`
Version string `json:"version,omitempty" xml:"version,omitempty"`
Description string `json:"description,omitempty" xml:"description,omitempty"`
Scope Scope `json:"scope,omitempty" xml:"scope,omitempty"`
Hashes *[]Hash `json:"hashes,omitempty" xml:"hashes>hash,omitempty"`
Licenses *Licenses `json:"licenses,omitempty" xml:"licenses,omitempty"`
Copyright string `json:"copyright,omitempty" xml:"copyright,omitempty"`
CPE string `json:"cpe,omitempty" xml:"cpe,omitempty"`
PackageURL string `json:"purl,omitempty" xml:"purl,omitempty"`
SWID *SWID `json:"swid,omitempty" xml:"swid,omitempty"`
Modified *bool `json:"modified,omitempty" xml:"modified,omitempty"`
Pedigree *Pedigree `json:"pedigree,omitempty" xml:"pedigree,omitempty"`
ExternalReferences *[]ExternalReference `json:"externalReferences,omitempty" xml:"externalReferences>reference,omitempty"`
Properties *[]Property `json:"properties,omitempty" xml:"properties>property,omitempty"`
Components *[]Component `json:"components,omitempty" xml:"components>component,omitempty"`
Evidence *Evidence `json:"evidence,omitempty" xml:"evidence,omitempty"`
ReleaseNotes *ReleaseNotes `json:"releaseNotes,omitempty" xml:"releaseNotes,omitempty"`
}
type ComponentType ¶
type ComponentType string
const ( ComponentTypeApplication ComponentType = "application" ComponentTypeContainer ComponentType = "container" ComponentTypeDevice ComponentType = "device" ComponentTypeFile ComponentType = "file" ComponentTypeFirmware ComponentType = "firmware" ComponentTypeFramework ComponentType = "framework" ComponentTypeLibrary ComponentType = "library" ComponentTypeOS ComponentType = "operating-system" )
type Composition ¶ added in v0.4.0
type Composition struct {
Aggregate CompositionAggregate `json:"aggregate" xml:"aggregate"`
Assemblies *[]BOMReference `json:"assemblies,omitempty" xml:"assemblies>assembly,omitempty"`
Dependencies *[]BOMReference `json:"dependencies,omitempty" xml:"dependencies>dependency,omitempty"`
}
type CompositionAggregate ¶ added in v0.4.0
type CompositionAggregate string
const ( CompositionAggregateComplete CompositionAggregate = "complete" CompositionAggregateIncomplete CompositionAggregate = "incomplete" CompositionAggregateIncompleteFirstPartyOnly CompositionAggregate = "incomplete_first_party_only" CompositionAggregateIncompleteThirdPartyOnly CompositionAggregate = "incomplete_third_party_only" CompositionAggregateUnknown CompositionAggregate = "unknown" CompositionAggregateNotSpecified CompositionAggregate = "not_specified" )
type Copyright ¶ added in v0.4.0
type Copyright struct {
Text string `json:"text" xml:"-"`
}
func (Copyright) MarshalXML ¶ added in v0.4.0
func (*Copyright) UnmarshalXML ¶ added in v0.4.0
type Credits ¶ added in v0.5.0
type Credits struct {
Organizations *[]OrganizationalEntity `json:"organizations,omitempty" xml:"organizations>organization,omitempty"`
Individuals *[]OrganizationalContact `json:"individuals,omitempty" xml:"individuals>individual,omitempty"`
}
type DataClassification ¶
type Dependency ¶
type Dependency struct {
Ref string `json:"ref"`
Dependencies *[]string `json:"dependsOn,omitempty"`
}
func (Dependency) MarshalXML ¶ added in v0.7.0
func (d Dependency) MarshalXML(e *xml.Encoder, start xml.StartElement) error
func (*Dependency) UnmarshalXML ¶ added in v0.7.0
func (d *Dependency) UnmarshalXML(dec *xml.Decoder, start xml.StartElement) error
type Diff ¶
type Diff struct {
Text *AttachedText `json:"text,omitempty" xml:"text,omitempty"`
URL string `json:"url,omitempty" xml:"url,omitempty"`
}
type ExternalReference ¶
type ExternalReference struct {
URL string `json:"url" xml:"url"`
Comment string `json:"comment,omitempty" xml:"comment,omitempty"`
Hashes *[]Hash `json:"hashes,omitempty" xml:"hashes>hash,omitempty"`
Type ExternalReferenceType `json:"type" xml:"type,attr"`
}
type ExternalReferenceType ¶
type ExternalReferenceType string
const ( ERTypeAdvisories ExternalReferenceType = "advisories" ERTypeBOM ExternalReferenceType = "bom" ERTypeBuildMeta ExternalReferenceType = "build-meta" ERTypeBuildSystem ExternalReferenceType = "build-system" ERTypeChat ExternalReferenceType = "chat" ERTypeDistribution ExternalReferenceType = "distribution" ERTypeDocumentation ExternalReferenceType = "documentation" ERTypeLicense ExternalReferenceType = "license" ERTypeMailingList ExternalReferenceType = "mailing-list" ERTypeOther ExternalReferenceType = "other" ERTypeIssueTracker ExternalReferenceType = "issue-tracker" ERTypeReleaseNotes ExternalReferenceType = "release-notes" ERTypeSocial ExternalReferenceType = "social" ERTypeSupport ExternalReferenceType = "support" ERTypeVCS ExternalReferenceType = "vcs" ERTypeWebsite ExternalReferenceType = "website" )
type Hash ¶
type Hash struct {
Algorithm HashAlgorithm `json:"alg" xml:"alg,attr"`
Value string `json:"content" xml:",chardata"`
}
type HashAlgorithm ¶
type HashAlgorithm string
const ( HashAlgoMD5 HashAlgorithm = "MD5" HashAlgoSHA1 HashAlgorithm = "SHA-1" HashAlgoSHA256 HashAlgorithm = "SHA-256" HashAlgoSHA384 HashAlgorithm = "SHA-384" HashAlgoSHA512 HashAlgorithm = "SHA-512" HashAlgoSHA3_256 HashAlgorithm = "SHA3-256" HashAlgoSHA3_384 HashAlgorithm = "SHA3-384" HashAlgoSHA3_512 HashAlgorithm = "SHA3-512" HashAlgoBlake2b_256 HashAlgorithm = "BLAKE2b-256" HashAlgoBlake2b_384 HashAlgorithm = "BLAKE2b-384" HashAlgoBlake2b_512 HashAlgorithm = "BLAKE2b-512" HashAlgoBlake3 HashAlgorithm = "BLAKE3" )
type IdentifiableAction ¶
type ImpactAnalysisJustification ¶ added in v0.5.0
type ImpactAnalysisJustification string
const ( IAJCodeNotPresent ImpactAnalysisJustification = "code_not_present" IAJCodeNotReachable ImpactAnalysisJustification = "code_not_reachable" IAJRequiresConfiguration ImpactAnalysisJustification = "requires_configuration" IAJRequiresDependency ImpactAnalysisJustification = "requires_dependency" IAJRequiresEnvironment ImpactAnalysisJustification = "requires_environment" IAJProtectedByCompiler ImpactAnalysisJustification = "protected_by_compiler" IAJProtectedAtRuntime ImpactAnalysisJustification = "protected_at_runtime" IAJProtectedAtPerimeter ImpactAnalysisJustification = "protected_at_perimeter" IAJProtectedByMitigatingControl ImpactAnalysisJustification = "protected_by_mitigating_control" )
type ImpactAnalysisResponse ¶ added in v0.5.0
type ImpactAnalysisResponse string
const ( IARCanNotFix ImpactAnalysisResponse = "can_not_fix" IARWillNotFix ImpactAnalysisResponse = "will_not_fix" IARUpdate ImpactAnalysisResponse = "update" IARRollback ImpactAnalysisResponse = "rollback" IARWorkaroundAvailable ImpactAnalysisResponse = "workaround_available" )
type ImpactAnalysisState ¶ added in v0.5.0
type ImpactAnalysisState string
const ( IASResolved ImpactAnalysisState = "resolved" IASResolvedWithPedigree ImpactAnalysisState = "resolved_with_pedigree" IASExploitable ImpactAnalysisState = "exploitable" IASInTriage ImpactAnalysisState = "in_triage" IASFalsePositive ImpactAnalysisState = "false_positive" IASNotAffected ImpactAnalysisState = "not_affected" )
type Issue ¶
type Issue struct {
ID string `json:"id" xml:"id"`
Name string `json:"name,omitempty" xml:"name,omitempty"`
Description string `json:"description" xml:"description"`
Source *Source `json:"source,omitempty" xml:"source,omitempty"`
References *[]string `json:"references,omitempty" xml:"references>url,omitempty"`
Type IssueType `json:"type" xml:"type,attr"`
}
type License ¶
type License struct {
ID string `json:"id,omitempty" xml:"id,omitempty"`
Name string `json:"name,omitempty" xml:"name,omitempty"`
Text *AttachedText `json:"text,omitempty" xml:"text,omitempty"`
URL string `json:"url,omitempty" xml:"url,omitempty"`
}
type LicenseChoice ¶
type Licenses ¶ added in v0.3.0
type Licenses []LicenseChoice
func (Licenses) MarshalXML ¶ added in v0.3.0
func (*Licenses) UnmarshalXML ¶ added in v0.3.0
type MediaType ¶ added in v0.7.0
type MediaType int
MediaType defines the official media types for CycloneDX BOMs. See https://cyclonedx.org/specification/overview/#registered-media-types
func (MediaType) WithVersion ¶ added in v0.7.0
func (mt MediaType) WithVersion(specVersion SpecVersion) (string, error)
type Metadata ¶
type Metadata struct {
Timestamp string `json:"timestamp,omitempty" xml:"timestamp,omitempty"`
Tools *[]Tool `json:"tools,omitempty" xml:"tools>tool,omitempty"`
Authors *[]OrganizationalContact `json:"authors,omitempty" xml:"authors>author,omitempty"`
Component *Component `json:"component,omitempty" xml:"component,omitempty"`
Manufacture *OrganizationalEntity `json:"manufacture,omitempty" xml:"manufacture,omitempty"`
Supplier *OrganizationalEntity `json:"supplier,omitempty" xml:"supplier,omitempty"`
Licenses *Licenses `json:"licenses,omitempty" xml:"licenses,omitempty"`
Properties *[]Property `json:"properties,omitempty" xml:"properties>property,omitempty"`
}
type Note ¶ added in v0.5.0
type Note struct {
Locale string `json:"locale,omitempty" xml:"locale,omitempty"`
Text AttachedText `json:"text" xml:"text"`
}
type OrganizationalContact ¶
type OrganizationalEntity ¶
type OrganizationalEntity struct {
Name string `json:"name" xml:"name"`
URL *[]string `json:"url,omitempty" xml:"url,omitempty"`
Contact *[]OrganizationalContact `json:"contact,omitempty" xml:"contact,omitempty"`
}
type Pedigree ¶
type Pedigree struct {
Ancestors *[]Component `json:"ancestors,omitempty" xml:"ancestors>component,omitempty"`
Descendants *[]Component `json:"descendants,omitempty" xml:"descendants>component,omitempty"`
Variants *[]Component `json:"variants,omitempty" xml:"variants>component,omitempty"`
Commits *[]Commit `json:"commits,omitempty" xml:"commits>commit,omitempty"`
Patches *[]Patch `json:"patches,omitempty" xml:"patches>patch,omitempty"`
Notes string `json:"notes,omitempty" xml:"notes,omitempty"`
}
type ReleaseNotes ¶ added in v0.5.0
type ReleaseNotes struct {
Type string `json:"type" xml:"type"`
Title string `json:"title,omitempty" xml:"title,omitempty"`
FeaturedImage string `json:"featuredImage,omitempty" xml:"featuredImage,omitempty"`
SocialImage string `json:"socialImage,omitempty" xml:"socialImage,omitempty"`
Description string `json:"description,omitempty" xml:"description,omitempty"`
Timestamp string `json:"timestamp,omitempty" xml:"timestamp,omitempty"`
Aliases *[]string `json:"aliases,omitempty" xml:"aliases>alias,omitempty"`
Tags *[]string `json:"tags,omitempty" xml:"tags>tag,omitempty"`
Resolves *[]Issue `json:"resolves,omitempty" xml:"resolves>issue,omitempty"`
Notes *[]Note `json:"notes,omitempty" xml:"notes>note,omitempty"`
Properties *[]Property `json:"properties,omitempty" xml:"properties>property,omitempty"`
}
type SWID ¶
type SWID struct {
Text *AttachedText `json:"text,omitempty" xml:"text,omitempty"`
URL string `json:"url,omitempty" xml:"url,attr,omitempty"`
TagID string `json:"tagId" xml:"tagId,attr"`
Name string `json:"name" xml:"name,attr"`
Version string `json:"version,omitempty" xml:"version,attr,omitempty"`
TagVersion *int `json:"tagVersion,omitempty" xml:"tagVersion,attr,omitempty"`
Patch *bool `json:"patch,omitempty" xml:"patch,attr,omitempty"`
}
type ScoringMethod ¶ added in v0.5.0
type ScoringMethod string
const ( ScoringMethodOther ScoringMethod = "other" ScoringMethodCVSSv2 ScoringMethod = "CVSSv2" ScoringMethodCVSSv3 ScoringMethod = "CVSSv3" ScoringMethodCVSSv31 ScoringMethod = "CVSSv31" ScoringMethodOWASP ScoringMethod = "OWASP" )
type Service ¶
type Service struct {
BOMRef string `json:"bom-ref,omitempty" xml:"bom-ref,attr,omitempty"`
Provider *OrganizationalEntity `json:"provider,omitempty" xml:"provider,omitempty"`
Group string `json:"group,omitempty" xml:"group,omitempty"`
Name string `json:"name" xml:"name"`
Version string `json:"version,omitempty" xml:"version,omitempty"`
Description string `json:"description,omitempty" xml:"description,omitempty"`
Endpoints *[]string `json:"endpoints,omitempty" xml:"endpoints>endpoint,omitempty"`
Authenticated *bool `json:"authenticated,omitempty" xml:"authenticated,omitempty"`
CrossesTrustBoundary *bool `json:"x-trust-boundary,omitempty" xml:"x-trust-boundary,omitempty"`
Data *[]DataClassification `json:"data,omitempty" xml:"data>classification,omitempty"`
Licenses *Licenses `json:"licenses,omitempty" xml:"licenses,omitempty"`
ExternalReferences *[]ExternalReference `json:"externalReferences,omitempty" xml:"externalReferences>reference,omitempty"`
Properties *[]Property `json:"properties,omitempty" xml:"properties>property,omitempty"`
Services *[]Service `json:"services,omitempty" xml:"services>service,omitempty"`
ReleaseNotes *ReleaseNotes `json:"releaseNotes,omitempty" xml:"releaseNotes,omitempty"`
}
type SpecVersion ¶
type SpecVersion int
const ( SpecVersion1_0 SpecVersion = iota + 1 // 1.0 SpecVersion1_1 // 1.1 SpecVersion1_2 // 1.2 SpecVersion1_3 // 1.3 SpecVersion1_4 // 1.4 )
func (SpecVersion) MarshalJSON ¶ added in v0.7.0
func (sv SpecVersion) MarshalJSON() ([]byte, error)
func (SpecVersion) MarshalXML ¶ added in v0.7.0
func (sv SpecVersion) MarshalXML(e *xml.Encoder, start xml.StartElement) error
func (SpecVersion) String ¶ added in v0.7.0
func (i SpecVersion) String() string
func (*SpecVersion) UnmarshalJSON ¶ added in v0.7.0
func (sv *SpecVersion) UnmarshalJSON(bytes []byte) error
func (*SpecVersion) UnmarshalXML ¶ added in v0.7.0
func (sv *SpecVersion) UnmarshalXML(d *xml.Decoder, start xml.StartElement) error
type Tool ¶
type Tool struct {
Vendor string `json:"vendor,omitempty" xml:"vendor,omitempty"`
Name string `json:"name" xml:"name"`
Version string `json:"version,omitempty" xml:"version,omitempty"`
Hashes *[]Hash `json:"hashes,omitempty" xml:"hashes>hash,omitempty"`
ExternalReferences *[]ExternalReference `json:"externalReferences,omitempty" xml:"externalReferences>reference,omitempty"`
}
type Vulnerability ¶ added in v0.5.0
type Vulnerability struct {
BOMRef string `json:"bom-ref,omitempty" xml:"bom-ref,attr,omitempty"`
ID string `json:"id" xml:"id"`
Source *Source `json:"source,omitempty" xml:"source,omitempty"`
References *[]VulnerabilityReference `json:"references,omitempty" xml:"references>reference,omitempty"`
Ratings *[]VulnerabilityRating `json:"ratings,omitempty" xml:"ratings>rating,omitempty"`
CWEs *[]int `json:"cwes,omitempty" xml:"cwes>cwe,omitempty"`
Description string `json:"description,omitempty" xml:"description,omitempty"`
Detail string `json:"detail,omitempty" xml:"detail,omitempty"`
Recommendation string `json:"recommendation,omitempty" xml:"recommendation,omitempty"`
Advisories *[]Advisory `json:"advisories,omitempty" xml:"advisories>advisory,omitempty"`
Created string `json:"created,omitempty" xml:"created,omitempty"`
Published string `json:"published,omitempty" xml:"published,omitempty"`
Updated string `json:"updated,omitempty" xml:"updated,omitempty"`
Credits *Credits `json:"credits,omitempty" xml:"credits,omitempty"`
Tools *[]Tool `json:"tools,omitempty" xml:"tools>tool,omitempty"`
Analysis *VulnerabilityAnalysis `json:"analysis,omitempty" xml:"analysis,omitempty"`
Affects *[]Affects `json:"affects,omitempty" xml:"affects>target,omitempty"`
Properties *[]Property `json:"properties,omitempty" xml:"properties>property,omitempty"`
}
type VulnerabilityAnalysis ¶ added in v0.5.0
type VulnerabilityAnalysis struct {
State ImpactAnalysisState `json:"state,omitempty" xml:"state,omitempty"`
Justification ImpactAnalysisJustification `json:"justification,omitempty" xml:"justification,omitempty"`
Response *[]ImpactAnalysisResponse `json:"response,omitempty" xml:"responses>response,omitempty"`
Detail string `json:"detail,omitempty" xml:"detail,omitempty"`
}
type VulnerabilityRating ¶ added in v0.5.0
type VulnerabilityRating struct {
Source *Source `json:"source,omitempty" xml:"source,omitempty"`
Score *float64 `json:"score,omitempty" xml:"score,omitempty"`
Severity Severity `json:"severity,omitempty" xml:"severity,omitempty"`
Method ScoringMethod `json:"method,omitempty" xml:"method,omitempty"`
Vector string `json:"vector,omitempty" xml:"vector,omitempty"`
Justification string `json:"justification,omitempty" xml:"justification,omitempty"`
}
type VulnerabilityReference ¶ added in v0.5.0
type VulnerabilityStatus ¶ added in v0.5.0
type VulnerabilityStatus string
const ( VulnerabilityStatusUnknown VulnerabilityStatus = "unknown" VulnerabilityStatusAffected VulnerabilityStatus = "affected" VulnerabilityStatusNotAffected VulnerabilityStatus = "unaffected" )
Source Files
Click to show internal directories.
Click to hide internal directories.