schema

package
v0.17.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Nov 7, 2024 License: Apache-2.0 Imports: 22 Imported by: 0

README

Supported schema formats

Formats MUST be in JSON schema format.

The following schema formats are supported:

Format Name Format Key Format ID Schema repository
SPDX SPDXID SPDXRef-DOCUMENT https://github.com/spdx/spdx-spec
CycloneDX bomFormat CycloneDx https://github.com/CycloneDX/specification

Documentation

Overview

SPDX-License-Identifier: Apache-2.0

  • Licensed to the Apache Software Foundation (ASF) under one or more
  • contributor license agreements. See the NOTICE file distributed with
  • this work for additional information regarding copyright ownership.
  • The ASF licenses this file to You under the Apache License, Version 2.0
  • (the "License"); you may not use this file except in compliance with
  • the License. You may obtain a copy of the License at *
  • http://www.apache.org/licenses/LICENSE-2.0 *
  • Unless required by applicable law or agreed to in writing, software
  • distributed under the License is distributed on an "AS IS" BASIS,
  • WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  • See the License for the specific language governing permissions and
  • limitations under the License.

SPDX-License-Identifier: Apache-2.0

  • Licensed to the Apache Software Foundation (ASF) under one or more
  • contributor license agreements. See the NOTICE file distributed with
  • this work for additional information regarding copyright ownership.
  • The ASF licenses this file to You under the Apache License, Version 2.0
  • (the "License"); you may not use this file except in compliance with
  • the License. You may obtain a copy of the License at *
  • http://www.apache.org/licenses/LICENSE-2.0 *
  • Unless required by applicable law or agreed to in writing, software
  • distributed under the License is distributed on an "AS IS" BASIS,
  • WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  • See the License for the specific language governing permissions and
  • limitations under the License.

SPDX-License-Identifier: Apache-2.0

  • Licensed to the Apache Software Foundation (ASF) under one or more
  • contributor license agreements. See the NOTICE file distributed with
  • this work for additional information regarding copyright ownership.
  • The ASF licenses this file to You under the Apache License, Version 2.0
  • (the "License"); you may not use this file except in compliance with
  • the License. You may obtain a copy of the License at *
  • http://www.apache.org/licenses/LICENSE-2.0 *
  • Unless required by applicable law or agreed to in writing, software
  • distributed under the License is distributed on an "AS IS" BASIS,
  • WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  • See the License for the specific language governing permissions and
  • limitations under the License.

SPDX-License-Identifier: Apache-2.0

  • Licensed to the Apache Software Foundation (ASF) under one or more
  • contributor license agreements. See the NOTICE file distributed with
  • this work for additional information regarding copyright ownership.
  • The ASF licenses this file to You under the Apache License, Version 2.0
  • (the "License"); you may not use this file except in compliance with
  • the License. You may obtain a copy of the License at *
  • http://www.apache.org/licenses/LICENSE-2.0 *
  • Unless required by applicable law or agreed to in writing, software
  • distributed under the License is distributed on an "AS IS" BASIS,
  • WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  • See the License for the specific language governing permissions and
  • limitations under the License.

SPDX-License-Identifier: Apache-2.0

  • Licensed to the Apache Software Foundation (ASF) under one or more
  • contributor license agreements. See the NOTICE file distributed with
  • this work for additional information regarding copyright ownership.
  • The ASF licenses this file to You under the Apache License, Version 2.0
  • (the "License"); you may not use this file except in compliance with
  • the License. You may obtain a copy of the License at *
  • http://www.apache.org/licenses/LICENSE-2.0 *
  • Unless required by applicable law or agreed to in writing, software
  • distributed under the License is distributed on an "AS IS" BASIS,
  • WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  • See the License for the specific language governing permissions and
  • limitations under the License.

SPDX-License-Identifier: Apache-2.0

  • Licensed to the Apache Software Foundation (ASF) under one or more
  • contributor license agreements. See the NOTICE file distributed with
  • this work for additional information regarding copyright ownership.
  • The ASF licenses this file to You under the Apache License, Version 2.0
  • (the "License"); you may not use this file except in compliance with
  • the License. You may obtain a copy of the License at *
  • http://www.apache.org/licenses/LICENSE-2.0 *
  • Unless required by applicable law or agreed to in writing, software
  • distributed under the License is distributed on an "AS IS" BASIS,
  • WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  • See the License for the specific language governing permissions and
  • limitations under the License.

SPDX-License-Identifier: Apache-2.0

  • Licensed to the Apache Software Foundation (ASF) under one or more
  • contributor license agreements. See the NOTICE file distributed with
  • this work for additional information regarding copyright ownership.
  • The ASF licenses this file to You under the Apache License, Version 2.0
  • (the "License"); you may not use this file except in compliance with
  • the License. You may obtain a copy of the License at *
  • http://www.apache.org/licenses/LICENSE-2.0 *
  • Unless required by applicable law or agreed to in writing, software
  • distributed under the License is distributed on an "AS IS" BASIS,
  • WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  • See the License for the specific language governing permissions and
  • limitations under the License.

Index

Constants

View Source 
const (
	COMPONENT_ID_NONE   = "None"
	COMPONENT_ID_NAME   = "name"
	COMPONENT_ID_BOMREF = "bom-ref"
	COMPONENT_ID_PURL   = "purl"
	COMPONENT_ID_CPE    = "cpe"
	COMPONENT_ID_SWID   = "swid"
)
View Source 
const (
	SERVICE_ID_NONE   = "None"
	SERVICE_ID_BOMREF = "bom-ref"
)
View Source 
const (
	ID_SPDX      = "SPDXRef-DOCUMENT"
	ID_CYCLONEDX = "CycloneDX"
)

Format ID (key component) UNUSED, TODO Use these values to verify remotely loaded schema files

View Source 
const (
	// SPDX
	PROPKEY_ID_SPDX      = "SPDXID"
	PROPKEY_VERSION_SPDX = "spdxVersion"
	// CycloneDX
	PROPKEY_ID_CYCLONEDX      = "bomFormat"
	PROPKEY_VERSION_CYCLONEDX = "specVersion"
)

Document property keys JSON document property keys to lookup values in their respective SBOM formats UNUSED, TODO Use these values to verify remotely loaded schema files

View Source 
const (
	KEY_ANNOTATIONS = "annotations"
	KEY_COMPONENTS  = "components"
	KEY_LICENSES    = "licenses"
	KEY_METADATA    = "metadata"
	KEY_SERVICES    = "services"
)
View Source 
const (
	RESOURCE_TYPE_DEFAULT   = "" // i.e., all resource types
	RESOURCE_TYPE_COMPONENT = "component"
	RESOURCE_TYPE_SERVICE   = "service"
)

resource types

View Source 
const (
	VULN_DATE_EMPTY           = "none"
	VULN_ANALYSIS_STATE_EMPTY = "UNDEFINED"
	VULN_RATING_EMPTY         = "none"
)

default / "empty" values

View Source 
const (
	LC_TYPE_INVALID = iota
	LC_TYPE_ID
	LC_TYPE_NAME
	LC_TYPE_EXPRESSION
)

LicenseChoice - Choice type

View Source 
const (
	LC_VALUE_INVALID    = "invalid"
	LC_VALUE_ID         = "id"
	LC_VALUE_NAME       = "name"
	LC_VALUE_EXPRESSION = "expression"
)

LicenseChoice - corresponding (name) values for license choice types

View Source 
const (
	LC_LOC_UNKNOWN = iota
	LC_LOC_METADATA_COMPONENT
	LC_LOC_METADATA
	LC_LOC_COMPONENTS
	LC_LOC_SERVICES
)
View Source 
const (
	LEFT_PARENS                 string = "("
	RIGHT_PARENS                string = ")"
	LEFT_PARENS_WITH_SEPARATOR  string = "( "
	RIGHT_PARENS_WITH_SEPARATOR string = " )"
	PLUS_OPERATOR               string = "+"
)

Tokens

View Source 
const (
	MSG_LICENSE_INVALID_EXPRESSION             = "invalid license expression"
	MSG_LICENSE_EXPRESSION_INVALID_CONJUNCTION = "invalid conjunction"
	MSG_LICENSE_EXPRESSION_UNDEFINED_POLICY    = "contains an undefined policy"
	MSG_LICENSE_EXPRESSION                     = "license expression"
)
View Source 
const (
	POLICY_ALLOW        = "allow"
	POLICY_DENY         = "deny"
	POLICY_NEEDS_REVIEW = "needs-review"
	POLICY_UNDEFINED    = "UNDEFINED"
	POLICY_CONFLICT     = "CONFLICT"
)
View Source 
const (
	AND                   string = "AND"
	OR                    string = "OR"
	WITH                  string = "WITH"
	CONJUNCTION_UNDEFINED string = ""
)

Supported conjunctions and prepositions

View Source 
const (
	SCHEMA_FORMAT_SPDX      = "SPDX"
	SCHEMA_FORMAT_CYCLONEDX = "CycloneDX"
)
View Source 
const (
	INPUT_TYPE_STDIN  = "-"
	INPUT_TYPE_STDOUT = "-"
)

Input (source) reserved values

View Source 
const (
	ERR_TYPE_UNSUPPORTED_FORMAT = "format not supported"
	ERR_TYPE_UNSUPPORTED_SCHEMA = "schema not supported"
	//MSG_CONFIG_SCHEMA_FORMAT_NOT_FOUND  = "schema format not found in configuration."
	MSG_FORMAT_UNSUPPORTED_UNKNOWN      = "unknown format"
	MSG_FORMAT_UNSUPPORTED_COMMAND      = "for command and/or flags"
	MSG_CONFIG_SCHEMA_VERSION_NOT_FOUND = "schema version not found in configuration"
	MSG_CONFIG_SCHEMA_VARIANT_NOT_FOUND = "schema variant not found in configuration"
)
View Source 
const (
	REGEX_VALID_SPDX_ID = "^[a-zA-Z0-9.-]+$"
)

Note: the SPDX spec. does not provide regex for an SPDX ID, but provides the following in ABNF: 

string = 1*(ALPHA / DIGIT / "-" / "." )

Currently, the regex below tests composition of of only alphanum, "-", and "." characters and disallows empty strings TODO:

  • First and last chars are not "-" or "."
  • Enforce reasonable min/max lengths In theory, we can check overall length with positive lookahead (e.g., min 3 max 128): (?=.{3,128}$) However, this does not appear to be supported in `regexp` package or perhaps it must be a compiled expression TBD
View Source 
const (
	SCHEMA_VARIANT_LATEST = "(latest)"
)

Variables

View Source 
var ALL_USAGE_POLICIES = []string{POLICY_ALLOW, POLICY_DENY, POLICY_NEEDS_REVIEW, POLICY_UNDEFINED, POLICY_CONFLICT}
View Source 
var BYTE_ENCODED_ZERO_STRUCT = []byte("{}")
View Source 
var EMPTY_CDXLicense = CDXLicense{}

For convenience, we provide named vars. for testing for zero-length (empty) structs

View Source 
var ENCODED_EMPTY_SLICE_OF_STRUCT = []byte("[{}]")
View Source 
var (
	ProjectLogger *log.MiniLogger
)
View Source 
var VALID_RESOURCE_TYPES = []string{RESOURCE_TYPE_DEFAULT, RESOURCE_TYPE_COMPONENT, RESOURCE_TYPE_SERVICE}
View Source 
var VALID_USAGE_POLICIES = []string{POLICY_ALLOW, POLICY_DENY, POLICY_NEEDS_REVIEW}

Functions

func DisplayJSONErrorDetails 

func DisplayJSONErrorDetails(data []byte, err error)

func FinalizeCompoundPolicy added in v0.14.0 

func FinalizeCompoundPolicy(expression *CompoundExpression) (err error)

func FormatSchemaVariant 

func FormatSchemaVariant(variant string) (formattedVariant string)

func GetLicenseChoiceLocationName added in v0.14.0 

func GetLicenseChoiceLocationName(value int) (name string)

TODO: look to remove once we uniformly use get/set methods on structure fields

func GetLicenseChoiceTypeName added in v0.14.0 

func GetLicenseChoiceTypeName(value int) (name string)

TODO: look to remove once we uniformly use get/set methods on structure fields

func IsInterfaceASlice added in v0.13.0 

func IsInterfaceASlice(testValue interface{}) bool

func IsValidFamilyKey added in v0.14.0 

func IsValidFamilyKey(key string) bool

func IsValidPolicyEntry added in v0.14.0 

func IsValidPolicyEntry(policy LicensePolicy) bool

NOTE: policy.Id == "" we allow as "valid" as this indicates a potential "family" entry (i.e., group of SPDX IDs)

func IsValidResourceType added in v0.14.0 

func IsValidResourceType(value string) bool

func IsValidSpdxId added in v0.14.0 

func IsValidSpdxId(id string) bool

func IsValidUUID added in v0.16.0 

func IsValidUUID(u string) bool

func IsValidUsagePolicy added in v0.14.0 

func IsValidUsagePolicy(usagePolicy string) bool

func LoadCustomValidationConfig 

func LoadCustomValidationConfig(filename string) (err error)

func NormalizeSupported added in v0.16.0 

func NormalizeSupported(itfc interface{}) bool

This is a wrapper to test specifically for the Normalize interface

func VerifyPoliciesMatch added in v0.14.0 

func VerifyPoliciesMatch(testPolicy LicensePolicy, policies []interface{}) bool

given an array of policies verify their "usage" policy does not represent a conflict

Types

type BOM added in v0.13.0 

type BOM struct {
	JsonMap          map[string]interface{}
	FormatInfo       FormatSchema
	SchemaInfo       FormatSchemaInstance
	CdxBom           *CDXBom
	Statistics       *StatisticsInfo
	ResourceMap      *slicemultimap.MultiMap
	ComponentMap     *slicemultimap.MultiMap
	ServiceMap       *slicemultimap.MultiMap
	VulnerabilityMap *slicemultimap.MultiMap
	LicenseMap       *slicemultimap.MultiMap
	GobDecodeBuffer  bytes.Buffer
	GobEncodeBuffer  bytes.Buffer
	GobDecoder       *gob.Decoder
	GobEncoder       *gob.Encoder
	// contains filtered or unexported fields
}

Candidate BOM document (context) information

func NewBOM added in v0.13.0 

func NewBOM(inputFile string) *BOM

func (*BOM) GetCdxAnnotations added in v0.14.0 

func (bom *BOM) GetCdxAnnotations() (pAnnotations *[]CDXAnnotation)

func (*BOM) GetCdxBom added in v0.13.0 

func (bom *BOM) GetCdxBom() (pCdxBom *CDXBom)

func (*BOM) GetCdxComponents added in v0.13.0 

func (bom *BOM) GetCdxComponents() (pComponents *[]CDXComponent)

func (*BOM) GetCdxCompositions added in v0.14.0 

func (bom *BOM) GetCdxCompositions() (pCompositions *[]CDXCompositions)

func (*BOM) GetCdxDependencies added in v0.14.0 

func (bom *BOM) GetCdxDependencies() (pDependencies *[]CDXDependency)

func (*BOM) GetCdxExternalReferences added in v0.14.0 

func (bom *BOM) GetCdxExternalReferences() (pReferences *[]CDXExternalReference)

func (*BOM) GetCdxFormula added in v0.14.0 

func (bom *BOM) GetCdxFormula() (pFormula *[]CDXFormula)

func (*BOM) GetCdxMetadata added in v0.13.0 

func (bom *BOM) GetCdxMetadata() (pMetadata *CDXMetadata)

func (*BOM) GetCdxMetadataComponent added in v0.13.0 

func (bom *BOM) GetCdxMetadataComponent() (pComponent *CDXComponent)

func (*BOM) GetCdxMetadataLicenses added in v0.13.0 

func (bom *BOM) GetCdxMetadataLicenses() (licenses *[]CDXLicenseChoice)

func (*BOM) GetCdxMetadataProperties added in v0.13.0 

func (bom *BOM) GetCdxMetadataProperties() (pProperties *[]CDXProperty)

func (*BOM) GetCdxProperties added in v0.14.0 

func (bom *BOM) GetCdxProperties() (pProperties *[]CDXProperty)

func (*BOM) GetCdxServices added in v0.13.0 

func (bom *BOM) GetCdxServices() (pServices *[]CDXService)

func (*BOM) GetCdxSignature added in v0.14.0 

func (bom *BOM) GetCdxSignature() (pSignature *JSFSignature)

func (*BOM) GetCdxVulnerabilities added in v0.13.0 

func (bom *BOM) GetCdxVulnerabilities() (pVulnerabilities *[]CDXVulnerability)

func (*BOM) GetFilename added in v0.13.0 

func (bom *BOM) GetFilename() string

func (*BOM) GetFilenameInterpolated added in v0.13.0 

func (bom *BOM) GetFilenameInterpolated() string

func (*BOM) GetJSONMap added in v0.13.0 

func (bom *BOM) GetJSONMap() map[string]interface{}

func (*BOM) GetKeyValueAsString added in v0.13.0 

func (bom *BOM) GetKeyValueAsString(key string) (sValue string, err error)

func (*BOM) GetRawBytes added in v0.13.0 

func (bom *BOM) GetRawBytes() []byte

func (*BOM) HashEntity added in v0.15.0 

func (bom *BOM) HashEntity(entity interface{}) (sha string)

Approach 1

func (*BOM) HashJsonMap added in v0.15.0 

func (bom *BOM) HashJsonMap(entity interface{}) (sha string, err error)

func (*BOM) HashStruct added in v0.15.0 

func (bom *BOM) HashStruct(entity interface{}) (sha string, err error)

func (*BOM) HashmapComponent added in v0.16.0 

func (bom *BOM) HashmapComponent(cdxComponent CDXComponent, whereFilters []common.WhereFilter, isRoot bool) (hashed bool, err error)

Hash a CDX Component and recursively those of any "nested" components TODO: we should WARN if version is not a valid semver (e.g., examples/cyclonedx/BOM/laravel-7.12.0/bom.1.3.json) TODO: Use pointer for CDXComponent

func (*BOM) HashmapComponentResources added in v0.16.0 

func (bom *BOM) HashmapComponentResources(whereFilters []common.WhereFilter) (err error)

This hashes all components regardless where in the BOM document structure they are declared. This includes both the top-level metadata component (i.e., the subject of the BOM) as well as the components array.

func (*BOM) HashmapComponents added in v0.16.0 

func (bom *BOM) HashmapComponents(components []CDXComponent, whereFilters []common.WhereFilter, root bool) (err error)

func (*BOM) HashmapLicenseInfo added in v0.16.0 

func (bom *BOM) HashmapLicenseInfo(policyConfig *LicensePolicyConfig, key string, licenseInfo LicenseInfo, whereFilters []common.WhereFilter, licenseFlags utils.LicenseCommandFlags) (hashed bool, err error)

func (*BOM) HashmapService added in v0.16.0 

func (bom *BOM) HashmapService(cdxService CDXService, whereFilters []common.WhereFilter) (hashed bool, err error)

Hash a CDX Component and recursively those of any "nested" components TODO: use pointer for CDXService

func (*BOM) HashmapServiceResources added in v0.16.0 

func (bom *BOM) HashmapServiceResources(whereFilters []common.WhereFilter) (err error)

func (*BOM) HashmapServices added in v0.16.0 

func (bom *BOM) HashmapServices(services []CDXService, whereFilters []common.WhereFilter) (err error)

TODO: use pointer for []CDXService

func (*BOM) HashmapVulnerabilities added in v0.16.0 

func (bom *BOM) HashmapVulnerabilities(vulnerabilities []CDXVulnerability, whereFilters []common.WhereFilter) (err error)

We need to hash our own informational structure around the CDX data in order to simplify --where queries to command line users

func (*BOM) HashmapVulnerability added in v0.16.0 

func (bom *BOM) HashmapVulnerability(cdxVulnerability CDXVulnerability, whereFilters []common.WhereFilter) (hashed bool, err error)

Hash a CDX Component and recursively those of any "nested" components TODO we should WARN if version is not a valid semver (e.g., examples/cyclonedx/BOM/laravel-7.12.0/bom.1.3.json)

func (*BOM) HashmapVulnerabilityResources added in v0.16.0 

func (bom *BOM) HashmapVulnerabilityResources(whereFilters []common.WhereFilter) (err error)

func (*BOM) MarshalCycloneDXBOM added in v0.14.0 

func (bom *BOM) MarshalCycloneDXBOM(writer io.Writer, prefix string, indent string) (err error)

NOTE: This method uses JSON Marshal() (i.e, from the json/encoding package) which, by default, encodes characters using Unicode for HTML transmission (assuming its primary use is for HTML servers). For example, this means the following characters are translated to Unicode if marshall() method is used: '&' is encoded as: \u0026 '<' is encoded as: \u003c '>' is encoded as: \u003e

func (*BOM) ReadRawBytes added in v0.15.0 

func (bom *BOM) ReadRawBytes() (err error)

func (*BOM) TrimBOMKeys added in v0.14.0 

func (bom *BOM) TrimBOMKeys(keys []string)

func (*BOM) TrimEntityKey added in v0.14.0 

func (bom *BOM) TrimEntityKey(entity interface{}, key string)

Note: this method is recursive

func (*BOM) TrimEntityKeys added in v0.14.0 

func (bom *BOM) TrimEntityKeys(jsonMap interface{}, keys []string)

func (*BOM) UnmarshalBOMAsJSONMap added in v0.13.0 

func (bom *BOM) UnmarshalBOMAsJSONMap() (err error)

func (*BOM) UnmarshalCycloneDXBOM added in v0.13.0 

func (bom *BOM) UnmarshalCycloneDXBOM() (err error)

func (*BOM) WriteAsEncodedJSON added in v0.15.0 

func (bom *BOM) WriteAsEncodedJSON(writer io.Writer, prefix string, indent string) (err error)

This method ensures the preservation of original characters (after any edits)

It is needed because JSON Marshal() (i.e., the json/encoding package), by default, encodes chars (assumes JSON docs are being transmitted over HTML streams). This assumption by json/encoding is not true for BOM documents as stream (wire) transmission encodings are specified for both formats which do not use HTML encoding.

For example, the following characters are lost using json/encoding: '&' is encoded as: \u0026 '<' is encoded as: \u003c '>' is encoded as: \u003e Instead, this custom encoder method dutifully preserves the input byte values TODO: Support "--prefix string"; prefix parameter currently ignored

func (*BOM) WriteAsEncodedJSONInt added in v0.15.0 

func (bom *BOM) WriteAsEncodedJSONInt(writer io.Writer, numSpaces int) (err error)

type BOMComponentStats added in v0.14.0 

type BOMComponentStats struct {
	Total          int
	MapIdentifiers map[string]int
	MapTypes       map[string]int
	MapMimeTypes   map[string]int
}

type BOMFormatAndSchemaConfig added in v0.13.0 

type BOMFormatAndSchemaConfig struct {
	Formats []FormatSchema `json:"formats"`
	// contains filtered or unexported fields
}

Configs

func (*BOMFormatAndSchemaConfig) FindFormatAndSchema added in v0.13.0 

func (schemaConfig *BOMFormatAndSchemaConfig) FindFormatAndSchema(bom *BOM) (err error)

func (*BOMFormatAndSchemaConfig) InnerLoadSchemaConfigFile added in v0.13.0 

func (config *BOMFormatAndSchemaConfig) InnerLoadSchemaConfigFile(filename string, defaultFilename string) (err error)

TODO: Add error messages as constants (for future i18n) TODO: Support remote schema retrieval as an optional program flag However, we want to default to local for performance where possible as well as plan for local, secure bundling of schema with this utility in CI build systems (towards improved security, isolated builds) NOTE: we have also found that standards orgs. freely move their schema files within SCM systems thereby being a cause for remote retrieval failures.

func (*BOMFormatAndSchemaConfig) LoadSchemaConfigFile added in v0.13.0 

func (config *BOMFormatAndSchemaConfig) LoadSchemaConfigFile(filename string, defaultFilename string) (err error)

func (*BOMFormatAndSchemaConfig) Reset added in v0.13.0 

func (config *BOMFormatAndSchemaConfig) Reset()

type BOMServiceStats added in v0.14.0 

type BOMServiceStats struct {
	Total        int
	MapEndpoints map[string]int // map["name"] len(endpoints)

}

type BOMVulnerabilityStats added in v0.14.0 

type BOMVulnerabilityStats struct {
	Total int
	// Number w/o mitigation or workaround or rejected
	MapSeverities map[string]int
}

type CDXAdvisory 

type CDXAdvisory struct {
	Title string `json:"title,omitempty"` // v1.4
	Url   string `json:"url,omitempty"`   // v1.4
}

v1.4: created "releaseNotes" defn. Note: "url" is of type "iri-reference"

type CDXAdvisorySlice added in v0.16.0 

type CDXAdvisorySlice []CDXAdvisory

named BOM slice types

func (CDXAdvisorySlice) Normalize added in v0.16.0 

func (slice CDXAdvisorySlice) Normalize()

type CDXAffect 

type CDXAffect struct {
	Versions *[]CDXVersionRange `json:"versions,omitempty"` // v1.4: anon. type
	Ref      *CDXRefLinkType    `json:"ref,omitempty"`      // v1.5: added
}

v1.4: created "analysis" def. to represent an in-line, anon. type v1.5: Note: "ref" is a constrained "string" which can be "anyOf": ["#/definitions/refLinkType", "#/definitions/bomLinkElementType"] Note: This anon. "type" ONLY includes a single array of another in-line type TODO: create top-level defn. for "affect" anon. type

func (*CDXAffect) MarshalJSON added in v0.11.0 

func (value *CDXAffect) MarshalJSON() ([]byte, error)
type CDXAffect struct {
	Versions *[]CDXVersionRange `json:"versions,omitempty"` // v1.4: anon. type
	Ref      *CDXRefLinkType    `json:"ref,omitempty"`      // v1.5: added
}

type CDXAffectSlice added in v0.16.0 

type CDXAffectSlice []CDXAffect

func (CDXAffectSlice) Normalize added in v0.16.0 

func (slice CDXAffectSlice) Normalize()

type CDXAffirmation added in v0.16.0 

type CDXAffirmation struct {
	Statement   string          `json:"statement,omitempty" cdx:"+1.6"`   // v1.6 added
	Signatories *[]CDXSignatory `json:"signatories,omitempty" cdx:"+1.6"` // v1.6 added
	Signature   *JSFSignature   `json:"signature,omitempty" cdx:"+1.6"`   // v1.6 added
}

v1.6: added

type CDXAlgorithmProperties added in v0.16.0 

type CDXAlgorithmProperties struct {
	Primitive                string    `json:"primitive,omitempty" cdx:"+1.6"`                // v1.6 added
	ParameterSetIdentifier   string    `json:"parameterSetIdentifier,omitempty" cdx:"+1.6"`   // v1.6 added
	Curve                    string    `json:"curve,omitempty" cdx:"+1.6"`                    // v1.6 added
	ExecutionEnvironment     string    `json:"executionEnvironment,omitempty" cdx:"+1.6"`     // v1.6 added
	ImplementationPlatform   string    `json:"implementationPlatform,omitempty" cdx:"+1.6"`   // v1.6 added
	CertificationLevel       *[]string `json:"certificationLevel,omitempty" cdx:"+1.6"`       // v1.6 added
	Mode                     string    `json:"mode,omitempty" cdx:"+1.6"`                     // v1.6 added
	Padding                  string    `json:"padding,omitempty" cdx:"+1.6"`                  // v1.6 added
	CryptoFunctions          *[]string `json:"cryptoFunctions,omitempty" cdx:"+1.6"`          // v1.6 added
	ClassicalSecurityLevel   int       `json:"classicalSecurityLevel,omitempty" cdx:"+1.6"`   // v1.6 added
	NistQuantumSecurityLevel int       `json:"nistQuantumSecurityLevel,omitempty" cdx:"+1.6"` // v1.6 added                           `json:"oid,omitempty" cdx:"+1.6"`                             // v1.6 added
}

v1.6: added

type CDXAnalysis 

type CDXAnalysis struct {
	State         string    `json:"state,omitempty"`         // v1.4
	Justification string    `json:"justification,omitempty"` // v1.4
	Response      *[]string `json:"response,omitempty"`      // v1.4: anon. type
	Detail        string    `json:"detail,omitempty"`        // v1.4
	FirstIssued   string    `json:"firstIssued,omitempty"`   // v1.5: added
	LastUpdated   string    `json:"lastUpdated,omitempty"`   // v1.5: added
}

v1.4: created "analysis" def. to represent an in-line, anon. type defined in the "vulnerability" object defn. v1.5: added "firstIssued", "lastUpdated" Note: "state" is an "impactAnalysisState" type which is a constrained enum. of type `string` Note: "justification" is an "impactAnalysisJustification" type which is a constrained enum. of type `string` TODO: "response" is also "in-lined" as a constrained enum. of `string`, but SHOULD be declared at top-level

func (*CDXAnalysis) Normalize added in v0.16.0 

func (analysis *CDXAnalysis) Normalize()

type CDXAnnotation added in v0.13.0 

type CDXAnnotation struct {
	BOMRef    *CDXRefType   `json:"bom-ref,omitempty"`   // v1.5
	Subjects  *[]CDXSubject `json:"subjects,omitempty"`  // v1.5
	Annotator *CDXAnnotator `json:"annotator,omitempty"` // v1.5
	Timestamp string        `json:"timestamp,omitempty"` // v1.5
	Text      string        `json:"text,omitempty"`      // v1.5
	Signature *JSFSignature `json:"signature,omitempty"` // v1.5
}

v1.5 "annotations" and sub-schema added ("required": ["subjects","annotator","timestamp","text"]) NOTE: CDXRefType is a named `string` type as of v1.5

type CDXAnnotationSlice added in v0.16.0 

type CDXAnnotationSlice []CDXAnnotation

named BOM slice types

func (CDXAnnotationSlice) Normalize added in v0.16.0 

func (slice CDXAnnotationSlice) Normalize()

type CDXAnnotator added in v0.13.0 

type CDXAnnotator struct {
	Organization *CDXOrganizationalEntity  `json:"organization,omitempty"` // v1.5
	Individual   *CDXOrganizationalContact `json:"individual,omitempty"`   // v1.5
	Component    *CDXComponent             `json:"component,omitempty"`    // v1.5
	Service      *CDXService               `json:"service,omitempty"`      // v1.5
}

v1.5 added to represent the anonymous type defined in the "annotations" object required" oneOf: organization, individual, component, service

type CDXApproach added in v0.13.0 

type CDXApproach struct {
	Type string `json:"type,omitempty" cdx:"+1.5"` // v1.5
}

v1.5: added "Learning types describing the learning problem or hybrid learning problem." "enum": ["supervised","unsupervised","reinforcement-learning","semi-supervised","self-supervised"]

type CDXAssessor added in v0.16.0 

type CDXAssessor struct {
	BOMRef       *CDXRefType              `json:"bom-ref,omitempty" cdx:"+1.6"`      // v1.6 added
	ThirdParty   bool                     `json:"thirdParty,omitempty" cdx:"+1.6"`   // v1.6 added
	Organization *CDXOrganizationalEntity `json:"organization,omitempty" cdx:"+1.6"` // v1.6 added
}

v1.6: added

type CDXAttachment 

type CDXAttachment struct {
	ContentType string `json:"contentType,omitempty"`
	Encoding    string `json:"encoding,omitempty"`
	Content     string `json:"content,omitempty"`
}

v1.2: existed

func (*CDXAttachment) GetContentTruncated added in v0.16.0 

func (attachment *CDXAttachment) GetContentTruncated(maxLength int, addTruncatedMessage bool) string

func (*CDXAttachment) MarshalJSON added in v0.11.0 

func (value *CDXAttachment) MarshalJSON() ([]byte, error)

recreate a representation of the struct, but only include values in map that are not empty

type CDXAttestation added in v0.16.0 

type CDXAttestation struct {
	Summary   string               `json:"summary,omitempty" cdx:"+1.6"`   // v1.6 added
	Assessor  *CDXRefType          `json:"assessor,omitempty" cdx:"+1.6"`  // v1.6 added
	Map       *[]CDXAttestationMap `json:"map,omitempty" cdx:"+1.6"`       // v1.6 added
	Signature *JSFSignature        `json:"signature,omitempty" cdx:"+1.6"` // v1.6 added
}

v1.6: added

type CDXAttestationMap added in v0.16.0 

type CDXAttestationMap struct {
	Requirement   *CDXRefLinkType   `json:"requirement,omitempty" cdx:"+1.6"`   // v1.6 added
	Claims        *[]CDXRefLinkType `json:"claims,omitempty" cdx:"+1.6"`        // v1.6 added
	CounterClaims *[]CDXRefLinkType `json:"counterClaims,omitempty" cdx:"+1.6"` // v1.6 added
	Conformance   *CDXConformance   `json:"conformance,omitempty" cdx:"+1.6"`   // v1.6 added
	Confidence    *CDXConfidence    `json:"confidence,omitempty" cdx:"+1.6"`    // v1.6 added
}

v1.6: added

type CDXBom 

type CDXBom struct {
	BOMFormat          string                  `json:"bomFormat,omitempty"`
	SpecVersion        string                  `json:"specVersion,omitempty"`
	SerialNumber       string                  `json:"serialNumber,omitempty"`
	Version            int                     `json:"version,omitempty"`
	Metadata           *CDXMetadata            `json:"metadata,omitempty"`
	Components         *[]CDXComponent         `json:"components,omitempty"`
	Services           *[]CDXService           `json:"services,omitempty"`
	ExternalReferences *[]CDXExternalReference `json:"externalReferences,omitempty"`
	Dependencies       *[]CDXDependency        `json:"dependencies,omitempty"`
	Compositions       *[]CDXCompositions      `json:"compositions,omitempty" cdx:"added:1.3"`
	Vulnerabilities    *[]CDXVulnerability     `json:"vulnerabilities,omitempty" cdx:"added:1.4"`
	Signature          *JSFSignature           `json:"signature,omitempty" cdx:"added:1.4"`
	Annotations        *[]CDXAnnotation        `json:"annotations,omitempty" cdx:"added:1.5"`
	Formulation        *[]CDXFormula           `json:"formulation,omitempty" cdx:"added:1.5"`
	Properties         *[]CDXProperty          `json:"properties,omitempty" cdx:"added:1.5"`
	Declarations       *[]CDXDeclaration       `json:"declarations,omitempty" cdx:"added:1.6"`
	Definitions        *[]CDXDefinition        `json:"definitions,omitempty" cdx:"added:1.6"`
}

NOTE: During parsing, any fields not explicitly included in the structure will still be added as generic "interface{}" types v1.3: added "compositions" v1.4: added "vulnerabilities", "signature" v1.5: added "annotations", "formulation", "properties" v1.6: added "declarations", "definitions"

func UnMarshalDocument 

func UnMarshalDocument(data interface{}) (*CDXBom, error)

func (*CDXBom) Normalize added in v0.16.0 

func (bom *CDXBom) Normalize()

==================================================================== Struct Normalizers ==================================================================== 

type CDXBomLink string

v1.5 added. Constraints: "anyOf": ["#/definitions/bomLinkDocumentType", "#/definitions/bomLinkElementType"] TODO see what happens if we use a struct with the 2 possible types (i.e., an interface{})

func (CDXBomLink) String added in v0.13.0 

func (link CDXBomLink) String() string

type CDXBomLinkDocumentType added in v0.13.0 

type CDXBomLinkDocumentType string

v1.5 added. Constraints: "format": "iri-reference", "pattern": "^urn:cdx: ... "

func (CDXBomLinkDocumentType) String added in v0.13.0 

func (link CDXBomLinkDocumentType) String() string

v1.5 added Stringer interface

type CDXBomLinkElementType added in v0.13.0 

type CDXBomLinkElementType string

v1.5 added. Constraints: "format": "iri-reference", "pattern": "^urn:cdx: ... "

func (CDXBomLinkElementType) String added in v0.13.0 

func (link CDXBomLinkElementType) String() string

v1.5 added Stringer interface

type CDXCallstack added in v0.16.0 

type CDXCallstack struct {
	Frames *[]CDXFrames `json:"frames,omitempty" cdx:"added:1.5"`
}

v1.5: added

type CDXCertificateProperties added in v0.16.0 

type CDXCertificateProperties struct {
	SubjectName           string      `json:"subjectName,omitempty" cdx:"+1.6"`           // v1.6 added
	IssuerName            string      `json:"issuerName,omitempty" cdx:"+1.6"`            // v1.6 added
	NotValidBefore        string      `json:"notValidBefore,omitempty" cdx:"+1.6"`        // v1.6 added
	NotValidAfter         string      `json:"notValidAfter,omitempty" cdx:"+1.6"`         // v1.6 added
	SignatureAlgorithmRef *CDXRefType `json:"signatureAlgorithmRef,omitempty" cdx:"+1.6"` // v1.6 added
	SubjectPublicKeyRef   *CDXRefType `json:"subjectPublicKeyRef,omitempty" cdx:"+1.6"`   // v1.6 added
	CertificateFormat     string      `json:"certificateFormat,omitempty" cdx:"+1.6"`     // v1.6 added
	CertificateExtension  string      `json:"certificateExtension,omitempty" cdx:"+1.6"`  // v1.6 added
}

v1.6: added

type CDXCipherSuite added in v0.16.0 

type CDXCipherSuite struct {
	Name        string        `json:"name,omitempty" cdx:"+1.6"`        // v1.6 added
	Algorithms  *[]CDXRefType `json:"algorithms,omitempty" cdx:"+1.6"`  // v1.6 added
	Identifiers *[]string     `json:"identifiers,omitempty" cdx:"+1.6"` // v1.6 added
}

v1.6: added

type CDXClaim added in v0.16.0 

type CDXClaim struct {
	BOMRef               *CDXRefType             `json:"bom-ref,omitempty" cdx:"+1.6"`              // v1.6 added
	Target               *[]CDXRefLinkType       `json:"target,omitempty" cdx:"+1.6"`               // v1.6 added
	Predicate            string                  `json:"predicate,omitempty" cdx:"+1.6"`            // v1.6 added
	MitigationStrategies *[]CDXRefLinkType       `json:"mitigationStrategies,omitempty" cdx:"+1.6"` // v1.6 added
	Reasoning            string                  `json:"reasoning,omitempty" cdx:"+1.6"`            // v1.6 added
	Evidence             *[]CDXRefLinkType       `json:"evidence,omitempty" cdx:"+1.6"`             // v1.6 added
	CounterEvidence      *[]CDXRefLinkType       `json:"counterEvidence,omitempty" cdx:"+1.6"`      // v1.6 added
	ExternalReferences   *[]CDXExternalReference `json:"externalReferences,omitempty" cdx:"+1.6"`   // v1.6 added
	Signature            *JSFSignature           `json:"signature,omitempty" cdx:"+1.6"`            // v1.6 added
}

v1.6: added

type CDXCo2Measure added in v0.16.0 

type CDXCo2Measure struct {
	Value float64 `json:"value,omitempty" cdx:"+1.6"` // v1.6
	Unit  string  `json:"unit,omitempty" cdx:"+1.6"`  // v1.6
}

v1.6: added

type CDXCommand added in v0.13.0 

type CDXCommand struct {
	Executed   bool           `json:"executed,omitempty"`   // v1.5
	Properties *[]CDXProperty `json:"properties,omitempty"` // v1.5
}

v1.5: added

type CDXCommit 

type CDXCommit struct {
	Uid       string                 `json:"uid,omitempty"`
	Url       string                 `json:"url,omitempty"`
	Message   string                 `json:"message,omitempty"`
	Author    *CDXIdentifiableAction `json:"author,omitempty"`
	Committer *CDXIdentifiableAction `json:"committer,omitempty"`
}

v1.2: existed TODO: GitHub PRs MAY have more than 1 commit (committer); CDX needs to account for this

type CDXComponent 

type CDXComponent struct {
	Primary            bool                        `json:"-"`              // Proprietary: do NOT marshal/unmarshal
	Type               string                      `json:"type,omitempty"` // Constraint: enum [see schema]
	Name               string                      `json:"name,omitempty"`
	Version            string                      `json:"version,omitempty"`
	Description        string                      `json:"description,omitempty"`
	Group              string                      `json:"group,omitempty"`
	BOMRef             *CDXRefType                 `json:"bom-ref,omitempty"`
	MimeType           string                      `json:"mime-type,omitempty"`
	Supplier           *CDXOrganizationalEntity    `json:"supplier,omitempty"`
	Publisher          string                      `json:"publisher,omitempty"`
	Scope              string                      `json:"scope,omitempty"` // Constraint: "enum": ["required","optional","excluded"]
	Hashes             *[]CDXHash                  `json:"hashes,omitempty"`
	Licenses           *[]CDXLicenseChoice         `json:"licenses,omitempty"`
	Copyright          string                      `json:"copyright,omitempty"`
	Cpe                string                      `json:"cpe,omitempty"`                                       // See: https://nvd.nist.gov/products/cpe
	Purl               string                      `json:"purl,omitempty" scvs:"bom:resource:identifiers:purl"` // See: https://github.com/package-url/purl-spec
	Swid               *CDXSwid                    `json:"swid,omitempty"`                                      // See: https://www.iso.org/standard/65666.html
	Pedigree           *CDXPedigree                `json:"pedigree,omitempty"`
	ExternalReferences *[]CDXExternalReference     `json:"externalReferences,omitempty"`
	Components         *[]CDXComponent             `json:"components,omitempty"`
	Evidence           *CDXComponentEvidence       `json:"evidence,omitempty" cdx:"added:1.3"`
	Properties         *[]CDXProperty              `json:"properties,omitempty" cdx:"added:1.3"`
	ReleaseNotes       *[]CDXReleaseNotes          `json:"releaseNotes,omitempty" cdx:"added:1.4"`
	Signature          *JSFSignature               `json:"signature,omitempty" cdx:"added:1.4"`
	Modified           bool                        `json:"modified,omitempty" cdx:"deprecated:1.4"`
	ModelCard          *CDXModelCard               `json:"modelCard,omitempty" cdx:"added:1.5"`
	Data               *[]CDXComponentData         `json:"data,omitempty" cdx:"added:1.5"`
	Authors            *[]CDXOrganizationalContact `json:"authors,omitempty" cdx:"added:1.6"`
	OmniborId          *[]string                   `json:"omniborId,omitempty" cdx:"added:1.6"`
	Swhid              *[]string                   `json:"swhid,omitempty" cdx:"added:1.6"`
	CryptoProperties   *CDXCryptoProperties        `json:"cryptoProperties,omitempty" cdx:"added:1.6"`
	Tags               *[]string                   `json:"tags,omitempty" cdx:"added:1.6"`
	Manufacturer       *CDXOrganizationalEntity    `json:"manufacturer,omitempty" cdx:"added:1.6"`
	Author             string                      `json:"author,omitempty" cdx:"deprecated:1.6"`
}

v1.2: existed v1.3: added: "evidence", "properties" v1.4: added: "releaseNotes", "signature" v1.4: changed: "version" no longer required v1.4: deprecated: "modified", "cpe", "swid" v1.5: added "modelCard", (component)"data" Note: "bom-ref" is a "refType" which is a constrained `string` TODO: "mime-type" SHOULD become "media-type" which is more modern/inclusive TODO: Remove "service" from "Type" enum. as "service" now exists (deprecate in future versions) NOTE: CDXRefType is a named `string` type as of v1.5

func UnMarshalComponent 

func UnMarshalComponent(data interface{}) (CDXComponent, error)

func UnMarshalComponents 

func UnMarshalComponents(data interface{}) ([]CDXComponent, error)

func (*CDXComponent) Normalize added in v0.16.0 

func (component *CDXComponent) Normalize()

type CDXComponentData added in v0.13.0 

type CDXComponentData struct {
	Type           string                 `json:"type,omitempty" cdx:"added:1.5"` // Constraint: "enum": ["source-code","configuration","dataset","definition","other"]
	Name           string                 `json:"name,omitempty" cdx:"added:1.5"`
	BOMRef         *CDXRefType            `json:"bom-ref,omitempty" cdx:"added:1.5"`
	Contents       *CDXContent            `json:"contents,omitempty" cdx:"added:1.5"`
	Classification *CDXDataClassification `json:"classification,omitempty" cdx:"added:1.5"`
	SensitiveData  []string               `json:"sensitiveData,omitempty" cdx:"added:1.5"`
	Graphics       *CDXGraphicsCollection `json:"graphics,omitempty" cdx:"added:1.5"`
	Description    string                 `json:"description,omitempty" cdx:"added:1.5"`
	Governance     *CDXDataGovernance     `json:"governance,omitempty" cdx:"added:1.5"`
}

v1.5 added object The general theme or subject matter of the data being specified. TODO: "contents" is plural, but it is not an array

type CDXComponentDataSlice added in v0.16.0 

type CDXComponentDataSlice []CDXComponentData

func (CDXComponentDataSlice) Normalize added in v0.16.0 

func (slice CDXComponentDataSlice) Normalize()

TODO: Sort: the slices within the CDXComponentData (e.g., Contents, SensitiveData, Graphics (collection), Governance, etc. )

type CDXComponentEvidence 

type CDXComponentEvidence struct {
	Licenses    *[]CDXLicense    `json:"licenses,omitempty" cdx:"added:1.3"`
	Copyright   *[]CDXCopyright  `json:"copyright,omitempty" cdx:"added:1.3"`
	Identity    interface{}      `json:"identity,omitempty" cdx:"added:1.5,changed:1.6"`
	Occurrences *[]CDXOccurrence `json:"occurrences,omitempty" cdx:"added:1.5"`
	Callstack   *CDXCallstack    `json:"callstack,omitempty" cdx:"added:1.5"`
}

v1.3: created "componentEvidence" defn. Note: "Identity" was changed from a singleton in v1.5, to an array of in v1.6

type CDXComponentInfo added in v0.16.0 

type CDXComponentInfo struct {
	CDXResourceInfo
	Type             string `json:"type"`
	SupplierName     string `json:"supplier-name"`
	SupplierUrl      string `json:"supplier-url"`
	ManufacturerName string `json:"manufacturer-name"`
	ManufacturerUrl  string `json:"manufacturer-url"`
	Publisher        string `json:"publisher"`
	Copyright        string `json:"copyright"`
	Cpe              string `json:"cpe"`
	Purl             string `json:"purl"`
	SwidTagId        string `json:"swid-tag-id"`
	NumberHashes     int    `json:"number-hashes"`
	HasHash          bool   `json:"has-hash"`
	HasPedigree      bool   `json:"has-pedigree"`
	HasEvidence      bool   `json:"has-evidence"`
	MimeType         string `json:"mime-type"`
	Scope            string `json:"scope"`
	HasComponents    bool   `json:"has-components"`
	HasReleaseNotes  bool   `json:"has-release-notes"`
	HasModelCard     bool   `json:"has-model-card"`
	HasData          bool   `json:"has-data"`
	HasTags          bool   `json:"has-tags"`
	HasSignature     bool   `json:"has-signature"`
}

------------------- Components ------------------- TODO: Authors (*[]CDXOrganizationalContact) TODO: HasHashes, HasLicenses, HasPedigree, HasEvidence, HasComponents, HasReleaseNotes TODO: HasModelCard, HasData, HasTags, HasSignature (*JSFSignature) TODO: OmniborId (new), Swhid (new)

func NewComponentInfo added in v0.16.0 

func NewComponentInfo(cdxComponent CDXComponent) (componentInfo *CDXComponentInfo)

func (*CDXComponentInfo) MapCDXComponentData added in v0.16.0 

func (componentInfo *CDXComponentInfo) MapCDXComponentData(cdxComponent CDXComponent)

TODO: flag any component w/o a license

type CDXComponentSlice added in v0.16.0 

type CDXComponentSlice []CDXComponent

func (CDXComponentSlice) Normalize added in v0.16.0 

func (slice CDXComponentSlice) Normalize()

type CDXCompositionSlice added in v0.16.0 

type CDXCompositionSlice []CDXCompositions

func (CDXCompositionSlice) Normalize added in v0.16.0 

func (slice CDXCompositionSlice) Normalize()

type CDXCompositions 

type CDXCompositions struct {
	Aggregate       string              `json:"aggregate,omitempty" cdx:"added:1.3"`
	Assemblies      *[]string           `json:"assemblies,omitempty" cdx:"added:1.3"`
	Dependencies    *[]string           `json:"dependencies,omitempty" cdx:"added:1.3"`
	Signature       *JSFSignature       `json:"signature,omitempty" cdx:"added:1.4"`
	Vulnerabilities *[]CDXVulnerability `json:"vulnerabilities,omitempty" cdx:"added:1.5"`
	BOMRef          *CDXRefType         `json:"bom-ref,omitempty" cdx:"added:1.5"`
}

v1.3: created "compositions" defn. v1.4: added "signature" v1.5: added "bom-ref", "vulnerabilities" Note: "aggregate" is type `aggregateType` which is a constrained string TODO: Note: "Assemblies" is really an array of OneOf: "refLinkType" or "bomLinkElementType" which BOTH thankfully mapping to "string"; however, this MAY need to become an "interface{}" similar to "tools" has become. TODO: Should NOT be plural; open issue against v2.0 schema NOTE: CDXRefType is a named `string` type as of v1.5

func (*CDXCompositions) Normalize added in v0.16.0 

func (composition *CDXCompositions) Normalize()

type CDXCondition added in v0.13.0 

type CDXCondition struct {
	Description string         `json:"description,omitempty"` // v1.5
	Expression  string         `json:"expression,omitempty"`  // v1.5
	Properties  *[]CDXProperty `json:"properties,omitempty"`  // v1.5
}

v1.5: added

type CDXConfidence added in v0.16.0 

type CDXConfidence struct {
	Score     float64 `json:"score,omitempty" cdx:"+1.6"`     // v1.6 added
	Rationale string  `json:"rationale,omitempty" cdx:"+1.6"` // v1.6 added
}

v1.6: added TODO: NOTE: overlap in fields with CDXConformance

type CDXConfidenceInterval added in v0.13.0 

type CDXConfidenceInterval struct {
	LowerBound string `json:"lowerBound,omitempty" cdx:"+1.5"` // v1.5
	UpperBound string `json:"upperBound,omitempty" cdx:"+1.5"` // v1.5
}

v1.5: added

type CDXConformance added in v0.16.0 

type CDXConformance struct {
	Score                float64           `json:"score,omitempty" cdx:"+1.6"`                // v1.6 added
	Rationale            string            `json:"rationale,omitempty" cdx:"+1.6"`            // v1.6 added
	MitigationStrategies *[]CDXRefLinkType `json:"mitigationStrategies,omitempty" cdx:"+1.6"` // v1.6 added
}

v1.6: added TODO: NOTE: overlap in fields with CDXConfidence

type CDXConsiderations added in v0.13.0 

type CDXConsiderations struct {
	Users                       *[]string                       `json:"users,omitempty" cdx:"+1.5"`                       // v1.5
	UseCases                    *[]string                       `json:"useCases,omitempty" cdx:"+1.5"`                    // v1.5
	TechnicalLimitations        *[]string                       `json:"technicalLimitations,omitempty" cdx:"+1.5"`        // v1.5
	PerformanceTradeoffs        *[]string                       `json:"performanceTradeoffs,omitempty" cdx:"+1.5"`        // v1.5
	EthicalConsiderations       *[]CDXRisk                      `json:"ethicalConsiderations,omitempty" cdx:"+1.5"`       // v1.5
	FairnessAssessments         *[]CDXFairnessAssessment        `json:"fairnessAssessments,omitempty" cdx:"+1.5"`         // v1.5
	EnvironmentalConsiderations *CDXEnvironmentalConsiderations `json:"environmentalConsiderations,omitempty" cdx:"+1.6"` // v1.6
}

v1.5: added (anonymous type) Considerations that should be taken into account regarding the model's construction, training, and application

type CDXContent added in v0.13.0 

type CDXContent struct {
	Url        string         `json:"url,omitempty" cdx:"added:1.5"`
	Attachment *CDXAttachment `json:"attachment,omitempty" cdx:"added:1.5"`
	Properties *[]CDXProperty `json:"properties,omitempty" cdx:"added:1.5"`
}

v1.5 added object

type CDXCopyright 

type CDXCopyright struct {
	Text string `json:"text,omitempty"`
}

v1.3: created "copyright" defn.

type CDXCreationTools added in v0.13.0 

type CDXCreationTools struct {
	Components *[]CDXComponent `json:"components,omitempty" cdx:"+1.5"` // v1.5: added (new type)
	Services   *[]CDXService   `json:"services,omitempty" cdx:"+1.5"`   // v1.5: added (new type)
}

v1.5: created. Intended to be used instead of (legacy) Creation Tools which was deprecated

type CDXCredit 

type CDXCredit struct {
	Organizations *[]CDXOrganizationalEntity  `json:"organizations,omitempty"` // v1.4
	Individuals   *[]CDXOrganizationalContact `json:"individuals,omitempty"`   // v1.4
}

v1.4: created "credit" defn. to represent the in-line, anon. type found in the "vulnerability" type defn.

func (*CDXCredit) MarshalJSON added in v0.11.0 

func (value *CDXCredit) MarshalJSON() ([]byte, error)

func (*CDXCredit) Normalize added in v0.16.0 

func (credit *CDXCredit) Normalize()

type CDXCryptoProperties added in v0.16.0 

type CDXCryptoProperties struct {
	AssetType                       string                              `json:"assetType,omitempty" cdx:"+1.6"`                       // v1.6 added
	AlgorithmProperties             *CDXAlgorithmProperties             `json:"algorithmProperties,omitempty" cdx:"+1.6"`             // v1.6 added
	CertificateProperties           *CDXCertificateProperties           `json:"certificateProperties,omitempty" cdx:"+1.6"`           // v1.6 added
	RelatedCryptoMaterialProperties *CDXRelatedCryptoMaterialProperties `json:"relatedCryptoMaterialProperties,omitempty" cdx:"+1.6"` // v1.6 added
	ProtocolProperties              *CDXProtocolProperties              `json:"protocolProperties,omitempty" cdx:"+1.6"`              // v1.6 added
	Oid                             string                              `json:"oid,omitempty" cdx:"+1.6"`                             // v1.6 added
}

v1.6: added NOTE: This is an enum. (e.g., "algorithm", "certificate", "protocol", etc.)

type CDXCryptoRefArray added in v0.16.0 

type CDXCryptoRefArray []CDXRefType

v1.6: added TODO: NOTE: This is a first-of-kind, alias for a slice it SHOULD NOT exist unless this is adopted EVERYWHERE

type CDXDataClassification 

type CDXDataClassification string // Constraint: "enum": ["inbound", "outbound", "bi-directional", "unknown"]

v1.5 added. Replaced former "object" type in favor of "string" Data classification tags data according to its type, sensitivity, and value if altered, stolen, or destroyed.

type CDXDataGovernance added in v0.13.0 

type CDXDataGovernance struct {
	Custodians *[]CDXDataGovernanceResponsibleParty `json:"custodians,omitempty" cdx:"added:1.5"`
	Stewards   *[]CDXDataGovernanceResponsibleParty `json:"stewards,omitempty" cdx:"added:1.5"`
	Owners     *[]CDXDataGovernanceResponsibleParty `json:"owners,omitempty" cdx:"added:1.5"`
}

v1.5 added

type CDXDataGovernanceResponsibleParty added in v0.13.0 

type CDXDataGovernanceResponsibleParty struct {
	Organization *CDXOrganizationalEntity  `json:"organization,omitempty" cdx:"added:1.5"`
	Contact      *CDXOrganizationalContact `json:"contact,omitempty" cdx:"added:1.5"`
}

v1.5 added structure Constraints: "oneOf": ["organization", "contact"]

type CDXDataset added in v0.13.0 

type CDXDataset struct {
	CDXComponentData
	Ref *CDXRefLinkType `json:"ref,omitempty" cdx:"+1.5"` // v1.5
}

v1.5: added. v1.5: Note: "ref" is a constrained "string" which can be "anyOf": ["#/definitions/refLinkType", "#/definitions/bomLinkElementType"] TODO: actually, "Ref" should be its own anonymous type with "anyOf": ["#/definitions/refLinkType", "#/definitions/bomLinkElementType"]

type CDXDeclaration added in v0.16.0 

type CDXDeclaration struct {
	Assessors    *[]CDXAssessor    `json:"assessors,omitempty" cdx:"+1.6"`    // v1.6 added
	Attestations *[]CDXAttestation `json:"attestations,omitempty" cdx:"+1.6"` // v1.6 added
	Claims       *[]CDXClaim       `json:"claims,omitempty" cdx:"+1.6"`       // v1.6 added
	Evidence     *[]CDXEvidence    `json:"evidence,omitempty" cdx:"+1.6"`     // v1.6 added
	Targets      *CDXTargets       `json:"targets,omitempty" cdx:"+1.6"`      // v1.6 added
	Affirmation  *CDXAffirmation   `json:"affirmation,omitempty" cdx:"+1.6"`  // v1.6 added
	Signature    *JSFSignature     `json:"signature,omitempty" cdx:"+1.6"`    // v1.6 added
}

v1.6: added "declarations"

type CDXDefinition added in v0.16.0 

type CDXDefinition struct {
	Standards *[]CDXStandard `json:"standards,omitempty" cdx:"+1.6"` // v1.6 added
}

v1.6: added

type CDXDependency 

type CDXDependency struct {
	Ref       *CDXRefLinkType   `json:"ref,omitempty"`
	DependsOn *[]CDXRefLinkType `json:"dependsOn,omitempty"`
}

v1.2: existed v1.4: "ref" and "dependsOn" became type "refType" which is a constrained `string` v1.5: "ref": is now a constrained "string" of type "#/definitions/refLinkType" v1.5: "dependsOn": is now a constrained "string" of type "#/definitions/refLinkType" Note: Changes to RefType and RefLinkType are ONLY constraint changes; we need only track type changes...

func (CDXDependency) Normalize added in v0.16.0 

func (dependency CDXDependency) Normalize()

type CDXDependencySlice added in v0.16.0 

type CDXDependencySlice []CDXDependency

func (CDXDependencySlice) Normalize added in v0.16.0 

func (slice CDXDependencySlice) Normalize()

type CDXDiff 

type CDXDiff struct {
	Text *CDXAttachment `json:"text,omitempty"`
	Url  string         `json:"url,omitempty" cdx:"changed:1.3"`
}

v1.2: existed v1.3 "url" type changed from `string` (with constraints) to an "iri-reference"

type CDXEnergyConsumption added in v0.16.0 

type CDXEnergyConsumption struct {
	Activity           string               `json:"activity,omitempty" cdx:"+1.6"`           // v1.6
	EnergyProviders    *[]CDXEnergyProvider `json:"energyProviders,omitempty" cdx:"+1.6"`    // v1.6
	ActivityEnergyCost *CDXEnergyMeasure    `json:"activityEnergyCost,omitempty" cdx:"+1.6"` // v1.6
	Co2CostEquivalent  *CDXCo2Measure       `json:"co2CostEquivalent,omitempty" cdx:"+1.6"`  // v1.6
	Co2CostOffset      *CDXCo2Measure       `json:"co2CostOffset,omitempty" cdx:"+1.6"`      // v1.6
	Properties         *[]CDXProperty       `json:"properties,omitempty" cdx:"+1.6"`         // v1.6
}

v1.6: added

type CDXEnergyMeasure added in v0.16.0 

type CDXEnergyMeasure struct {
	Value float64 `json:"value,omitempty" cdx:"+1.6"` // v1.6
	Unit  string  `json:"unit,omitempty" cdx:"+1.6"`  // v1.6
}

v1.6: added

type CDXEnergyProvider added in v0.16.0 

type CDXEnergyProvider struct {
	BOMRef             *CDXRefType              `json:"bom-ref,omitempty" cdx:"+1.6"`            // v1.6
	Description        string                   `json:"description,omitempty" cdx:"+1.6"`        // v1.6
	Organization       *CDXOrganizationalEntity `json:"organization,omitempty" cdx:"+1.6"`       // v1.6
	EnergySource       string                   `json:"energySource,omitempty" cdx:"+1.6"`       // v1.6
	EnergyProvided     *CDXEnergyMeasure        `json:"energyProvided,omitempty" cdx:"+1.6"`     // v1.6
	ExternalReferences *[]CDXExternalReference  `json:"externalReferences,omitempty" cdx:"+1.6"` // v1.6
}

v1.6: added

type CDXEnvironmentalConsiderations added in v0.16.0 

type CDXEnvironmentalConsiderations struct {
	EnergyConsumptions *[]CDXEnergyConsumption `json:"energyConsumptions,omitempty" cdx:"+1.6"` // v1.6
	Properties         *[]CDXProperty          `json:"properties,omitempty" cdx:"+1.6"`         // v1.6
}

v1.6: added Information about the benefits and harms of the model to an identified at risk group.

type CDXEvent added in v0.13.0 

type CDXEvent struct {
	Uid          string                     `json:"uid,omitempty"`          // v1.5
	Description  string                     `json:"description,omitempty"`  // v1.5
	TimeReceived string                     `json:"timeReceived,omitempty"` // v1.5
	Data         CDXAttachment              `json:"data,omitempty"`         // v1.5
	Source       CDXResourceReferenceChoice `json:"source,omitempty"`       // v1.5
	Target       CDXResourceReferenceChoice `json:"target,omitempty"`       // v1.5
	Properties   *[]CDXProperty             `json:"properties,omitempty"`   // v1.5
}

type CDXEvidence added in v0.16.0 

type CDXEvidence struct {
	BOMRef       *CDXRefType               `json:"bom-ref,omitempty" cdx:"+1.6"`      // v1.6 added
	PropertyName string                    `json:"propertyName,omitempty" cdx:"+1.6"` // v1.6 added
	Description  string                    `json:"description,omitempty" cdx:"+1.6"`  // v1.6 added
	Data         *[]CDXEvidenceData        `json:"data,omitempty" cdx:"+1.6"`         // v1.6 added
	Created      string                    `json:"created,omitempty" cdx:"+1.6"`      // v1.6 added
	Expires      string                    `json:"expires,omitempty" cdx:"+1.6"`      // v1.6 added
	Author       *CDXOrganizationalContact `json:"author,omitempty" cdx:"+1.6"`       // v1.6 added
	Reviewer     *CDXOrganizationalContact `json:"reviewer,omitempty" cdx:"+1.6"`     // v1.6 added
	Signature    *JSFSignature             `json:"signature,omitempty" cdx:"+1.6"`    // v1.6 added
}

v1.6: added

type CDXEvidenceData added in v0.16.0 

type CDXEvidenceData struct {
	Name           string         `json:"name,omitempty" cdx:"+1.6"`           // v1.6 added
	Contents       *CDXContent    `json:"contents,omitempty" cdx:"+1.6"`       // v1.6 added
	Classification string         `json:"classification,omitempty" cdx:"+1.6"` // v1.6 added
	SensitiveData  *[]string      `json:"sensitiveData,omitempty" cdx:"+1.6"`  // v1.6 added
	Governance     *CDXGovernance `json:"governance,omitempty" cdx:"+1.6"`     // v1.6 added
}

v1.6: added NOTE: The "Contents" field defines a structure that is identical to the CDXContent used in CDXComponentData, but does NOT have a "properties" field. we will reuse it here as it does NOT impact JSON encoding/decoding NOTE: The "Classification" field is actually an "enum" type in the JSON schema

type CDXExternalReference 

type CDXExternalReference struct {
	Type    string     `json:"type,omitempty"`
	Url     string     `json:"url,omitempty"`
	Comment string     `json:"comment,omitempty"`
	Hashes  *[]CDXHash `json:"hashes,omitempty"` // v1.3: added
}

v1.2: existed v1.3: added "hashes" v1.4: `Type` field: added value "release-notes" to enum.

type CDXExternalReferenceSlice added in v0.16.0 

type CDXExternalReferenceSlice []CDXExternalReference

func (CDXExternalReferenceSlice) Normalize added in v0.16.0 

func (slice CDXExternalReferenceSlice) Normalize()

type CDXFairnessAssessment added in v0.13.0 

type CDXFairnessAssessment struct {
	GroupAtRisk        string `json:"groupAtRisk,omitempty" cdx:"+1.5"`        // v1.5
	Benefits           string `json:"benefits,omitempty" cdx:"+1.5"`           // v1.5
	Harms              string `json:"harms,omitempty" cdx:"+1.5"`              // v1.5
	MitigationStrategy string `json:"mitigationStrategy,omitempty" cdx:"+1.5"` // v1.5
}

v1.5: added Information about the benefits and harms of the model to an identified at risk group.

type CDXFormula added in v0.13.0 

type CDXFormula struct {
	BOMRef     *CDXRefType     `json:"bom-ref,omitempty"`    // v1.5
	Components *[]CDXComponent `json:"components,omitempty"` // v1.5
	Services   *[]CDXService   `json:"services,omitempty"`   // v1.5
	Workflows  *[]CDXWorkflow  `json:"workflows,omitempty"`  // v1.5
	Properties *[]CDXProperty  `json:"properties,omitempty"` // v1.5
}

v1.5: added NOTE: CDXRefType is a named `string` type as of v1.5

func (*CDXFormula) Normalize added in v0.16.0 

func (formula *CDXFormula) Normalize()

type CDXFormulaSlice added in v0.16.0 

type CDXFormulaSlice []CDXFormula

named BOM slice types

func (CDXFormulaSlice) Normalize added in v0.16.0 

func (slice CDXFormulaSlice) Normalize()

type CDXFrames added in v0.16.0 

type CDXFrames struct {
	Package      string    `json:"package,omitempty" cdx:"added:1.5"`
	Module       string    `json:"module,omitempty" cdx:"added:1.5"`
	Function     string    `json:"function,omitempty" cdx:"added:1.5"`
	Parameters   *[]string `json:"parameters,omitempty" cdx:"added:1.5"`
	Line         int       `json:"line,omitempty" cdx:"added:1.5"`
	Column       int       `json:"column,omitempty" cdx:"added:1.5"`
	FullFilename string    `json:"fullFilename,omitempty" cdx:"added:1.5"`
}

v1.5: added Note: "parameters" SHOULD use "formulation" definitions that better define a parameter

type CDXGovernance added in v0.16.0 

type CDXGovernance struct {
	Custodians *[]CDXDataGovernanceResponsibleParty `json:"custodians,omitempty" cdx:"+1.6"` // v1.6 added
	Stewards   *[]CDXDataGovernanceResponsibleParty `json:"stewards,omitempty" cdx:"+1.6"`   // v1.6 added
	Owners     *[]CDXDataGovernanceResponsibleParty `json:"owners,omitempty" cdx:"+1.6"`     // v1.6 added
}

v1.6: added

type CDXGraphic added in v0.13.0 

type CDXGraphic struct {
	Name  string         `json:"name,omitempty" cdx:"+1.5"`  // v1.5
	Image *CDXAttachment `json:"image,omitempty" cdx:"+1.5"` // v1.5
}

v1.5: added

type CDXGraphicsCollection added in v0.13.0 

type CDXGraphicsCollection struct {
	Description string        `json:"description,omitempty" cdx:"+1.5"` // v1.5
	Collection  *[]CDXGraphic `json:"collection,omitempty" cdx:"+1.5"`  // v1.5
}

v1.5: added

type CDXHash 

type CDXHash struct {
	Alg     string `json:"alg,omitempty"`
	Content string `json:"content,omitempty"`
}

v1.2: existed Note: "alg" is of type "hash-alg" which is a constrained `string` type Note: "content" is of type "hash-content" which is a constrained `string` type

type CDXHashSlice added in v0.16.0 

type CDXHashSlice []CDXHash

func (CDXHashSlice) Normalize added in v0.16.0 

func (slice CDXHashSlice) Normalize()

type CDXIdentifiableAction 

type CDXIdentifiableAction struct {
	Timestamp string `json:"timestamp,omitempty"`
	Name      string `json:"name,omitempty"`
	Email     string `json:"email,omitempty"`
}

v1.2: existed TODO: We should suggest this be "deprecated" and instead add "timestamp" and other fields to OrganizationalContact (or similar) TODO: should have "signage" information (e.g., evidence, public key)

type CDXIkevV2TransformType added in v0.16.0 

type CDXIkevV2TransformType struct {
	Encr  *CDXCryptoRefArray `json:"encr,omitempty" cdx:"+1.6"`  // v1.6 added
	Prf   *CDXCryptoRefArray `json:"prf,omitempty" cdx:"+1.6"`   // v1.6 added
	Integ *CDXCryptoRefArray `json:"integ,omitempty" cdx:"+1.6"` // v1.6 added
	Ke    *CDXCryptoRefArray `json:"ke,omitempty" cdx:"+1.6"`    // v1.6 added
	Esn   bool               `json:"esn,omitempty" cdx:"+1.6"`   // v1.6 added
	Auth  *CDXCryptoRefArray `json:"auth,omitempty" cdx:"+1.6"`  // v1.6 added
}

v1.6: added

type CDXInputOutputMLParameters added in v0.13.0 

type CDXInputOutputMLParameters struct {
	Format string `json:"format,omitempty" cdx:"+1.5"` // v1.5
}

v1.5: added "The data format for input/output to the model. Example formats include string, image, time-series",

type CDXInputType added in v0.13.0 

type CDXInputType struct {
	Source          CDXResourceReferenceChoice `json:"source,omitempty"`          // v1.5
	Target          CDXResourceReferenceChoice `json:"target,omitempty"`          // v1.5
	Resource        CDXResourceReferenceChoice `json:"resource,omitempty"`        // v1.5
	Data            CDXAttachment              `json:"data,omitempty"`            // v1.5
	Parameters      *[]CDXParameter            `json:"parameters,omitempty"`      // v1.5
	EnvironmentVars *[]interface{}             `json:"environmentVars,omitempty"` // v1.5
	Properties      *[]CDXProperty             `json:"properties,omitempty"`      // v1.5
}

v1.5: added TODO: see if we can improve "environmentVars" types which is "oneOf": ["#/definitions/property", "string"]

type CDXIssue 

type CDXIssue struct {
	Type        string     `json:"type,omitempty"`
	Id          string     `json:"id,omitempty"`
	Name        string     `json:"name,omitempty"`
	Description string     `json:"description,omitempty"`
	Source      *CDXSource `json:"source,omitempty"`
	References  *[]string  `json:"references,omitempty" cdx:"changed:1.3"`
}

v1.2: existed Note: v1.2 Bug: there appears to be a bug in the 1.2 spec. where the type for "references" is declared an array of "no type" (it likely should be `string`) Not sure how a parser will treat this... perhaps as an `interface{}`? v1.3: fixed missing item type to "string" ([]string) and constrained as an "iri-reference"

type CDXLegacyCreationTool added in v0.13.0 

type CDXLegacyCreationTool struct {
	Vendor             string                  `json:"vendor,omitempty" cdx:"deprecated"`       // v1.5: deprecated
	Name               string                  `json:"name,omitempty" cdx:"deprecated"`         // v1.5: deprecated
	Version            string                  `json:"version,omitempty" cdx:"deprecated"`      // v1.5: deprecated
	Hashes             *[]CDXHash              `json:"hashes,omitempty" cdx:"deprecated"`       // v1.5: deprecated
	ExternalReferences *[]CDXExternalReference `json:"externalReferences,omitempty" cdx:"+1.4"` // v1.4: added, v1.5: deprecated
}

v1.2: existed v1.4: added "externalReferences" v1.5: deprecated "Creation Tools (legacy)" object in favor of new "Creation Tools" object - v1.5 Note: The v1.4 structure/fields is now called the "Creation Tools (legacy)" structure - v1.5: In order to support the new object "Creation Tools", we need to combine these fields into with the legacy structure fields TODO: figure out how to support both current (object)/legacy(array) tools in Metadata.Tools field See: https://stackoverflow.com/questions/47057240/parsing-multiple-json-types-into-the-same-struct

type CDXLevel added in v0.16.0 

type CDXLevel struct {
	BOMRef       *CDXRefType       `json:"bom-ref,omitempty" cdx:"+1.6"`      // v1.6 added
	Identifier   string            `json:"identifier,omitempty" cdx:"+1.6"`   // v1.6 added
	Title        string            `json:"title,omitempty" cdx:"+1.6"`        // v1.6 added
	Description  string            `json:"description,omitempty" cdx:"+1.6"`  // v1.6 added
	Requirements *[]CDXRefLinkType `json:"requirements,omitempty" cdx:"+1.6"` // v1.6 added
}

v1.6: added

type CDXLicense 

type CDXLicense struct {
	Id              string         `json:"id,omitempty"`
	Name            string         `json:"name,omitempty"`
	Text            *CDXAttachment `json:"text,omitempty"`
	Url             string         `json:"url,omitempty"`
	BOMRef          *CDXRefType    `json:"bom-ref,omitempty" cdx:"added:1.5"`
	Licensing       *CDXLicensing  `json:"licensing,omitempty" cdx:"added:1.5"`
	Properties      *[]CDXProperty `json:"properties,omitempty" cdx:"added:1.5"`
	Acknowledgement string         `json:"acknowledgement,omitempty" cdx:"added:1.6"`
}

v1.2: was an anon. type v1.3: created as a named type v1.6: added Acknowledgment Note: "id" SHOULD be an SPDX license ID Note: "oneOf": ["id", "name"] is required Note: CDXRefType is a named `string` type as of v1.5 Note: Acknowledgement is actually a named `string` (licenseAcknowledgementEnumeration)

func (*CDXLicense) MarshalJSON added in v0.11.0 

func (value *CDXLicense) MarshalJSON() (bytes []byte, err error)

recreate a representation of the struct, but only include values in map that are not empty

func (CDXLicense) Normalize added in v0.16.0 

func (license CDXLicense) Normalize()

type CDXLicenseChoice 

type CDXLicenseChoice struct {
	License *CDXLicense `json:"license,omitempty"`
	//Expression string     `json:"expression,omitempty"` // v1.5: changed
	CDXLicenseExpression
}

v1.2: was an anon. type in schema v1.3: created explicit schema object type Note: "oneOf": ["license", "expression"] is required NOTE: CDXLicenseExpression is a named `string` type as of v1.5

func UnMarshalLicenseChoice 

func UnMarshalLicenseChoice(data interface{}) (CDXLicenseChoice, error)

func (*CDXLicenseChoice) MarshalJSON added in v0.11.0 

func (value *CDXLicenseChoice) MarshalJSON() (marshalled []byte, err error)

func (CDXLicenseChoice) Normalize added in v0.16.0 

func (licenseChoice CDXLicenseChoice) Normalize()

type CDXLicenseChoiceSlice added in v0.16.0 

type CDXLicenseChoiceSlice []CDXLicenseChoice

func (CDXLicenseChoiceSlice) Normalize added in v0.16.0 

func (slice CDXLicenseChoiceSlice) Normalize()

type CDXLicenseExpression added in v0.13.0 

type CDXLicenseExpression struct {
	Expression      string      `json:"expression,omitempty"`
	BOMRef          *CDXRefType `json:"bom-ref,omitempty" cdx:"added:1.5"`
	Acknowledgement string      `json:"acknowledgement,omitempty" cdx:"added:1.6"`
}

v1.5: added "expression" type structure v1.6: added Acknowledgment NOTE: CDXRefType is a named `string` type as of v1.5

type CDXLicenseLegalParty added in v0.13.0 

type CDXLicenseLegalParty struct {
	Organization *CDXOrganizationalEntity  `json:"organization,omitempty"`
	Individual   *CDXOrganizationalContact `json:"individual,omitempty"`
}

v1.5: created for reuse in "licensing" schema for "licensee" and "licensor" TODO: reuse on "annotator" as well?

type CDXLicenseSlice added in v0.16.0 

type CDXLicenseSlice []CDXLicense // TODO: used in CDXComponentEvidence

type CDXLicensing added in v0.13.0 

type CDXLicensing struct {
	AltIds        *[]string             `json:"altIds,omitempty" cdx:"added:1.5"`
	Licensor      *CDXLicenseLegalParty `json:"licensor,omitempty" cdx:"added:1.5"`
	Licensee      *CDXLicenseLegalParty `json:"licensee,omitempty" cdx:"added:1.5"`
	Purchaser     *CDXLicenseLegalParty `json:"purchaser,omitempty" cdx:"added:1.5"`
	PurchaseOrder string                `json:"purchaseOrder,omitempty" cdx:"added:1.5"`
	LicenseTypes  *[]string             `json:"licenseTypes,omitempty" cdx:"added:1.5"`
	LastRenewal   string                `json:"lastRenewal,omitempty" cdx:"added:1.5"`
	Expiration    string                `json:"expiration,omitempty" cdx:"added:1.5"`
}

v1.5: added object

func (CDXLicensing) Normalize added in v0.16.0 

func (licensing CDXLicensing) Normalize()

type CDXLifecycle added in v0.13.0 

type CDXLifecycle struct {
	//  v1.5: "enum": [ "design", "pre-build", "build", "post-build", "operations", "discovery", "decommission"]
	Phase              string `json:"phase,omitempty" cdx:"added:1.5"`
	CDXNameDescription        // name, description
}

type CDXLifecycleSlice added in v0.16.0 

type CDXLifecycleSlice []CDXLifecycle

func (CDXLifecycleSlice) Normalize added in v0.16.0 

func (slice CDXLifecycleSlice) Normalize()

type CDXMetadata 

type CDXMetadata struct {
	Timestamp    string                      `json:"timestamp,omitempty" scvs:"bom:core:timestamp"`
	Tools        interface{}                 `json:"tools,omitempty"`
	Authors      *[]CDXOrganizationalContact `json:"authors,omitempty"`
	Component    *CDXComponent               `json:"component,omitempty"`
	Supplier     *CDXOrganizationalEntity    `json:"supplier,omitempty"`
	Licenses     *[]CDXLicenseChoice         `json:"licenses,omitempty" cdx:"added:1.3"`
	Properties   *[]CDXProperty              `json:"properties,omitempty" cdx:"added:1.3"`
	Lifecycles   *[]CDXLifecycle             `json:"lifecycles,omitempty" cdx:"added:1.5"`
	Manufacture  *CDXOrganizationalEntity    `json:"manufacture,omitempty" cdx:"deprecated:1.6"`
	Manufacturer *CDXOrganizationalEntity    `json:"manufacturer,omitempty" cdx:"added:1.6"`
}

v1.2: existed v1.3: added "licenses", "properties" v1.5: added "lifecycles" v1.5: "tools" is changed to an interface{} as it represents 2 possible types (object <legacy tools>, slice <new tools>) v1.6: added "manufacturer"; deprecated "manufacture" Note: "timestamp" in OWASP SCVS is: urn:owasp:scvs:bom:core:timestamp

func UnMarshalMetadata 

func UnMarshalMetadata(data interface{}) (CDXMetadata, error)

func (*CDXMetadata) Normalize added in v0.16.0 

func (pMetadata *CDXMetadata) Normalize()

TODO: Sort Metadata object fields that are slices: Tools interface{} `json:"tools,omitempty"` // v1.2: added.v1.5: "tools" is now an interface{}

type CDXModelCard added in v0.13.0 

type CDXModelCard struct {
	BOMRef               *CDXRefType              `json:"bom-ref,omitempty" cdx:"+1.5"`              // v1.5
	ModelParameters      *CDXModelParameters      `json:"modelParameters,omitempty" cdx:"+1.5"`      // v1.5
	QuantitativeAnalysis *CDXQuantitativeAnalysis `json:"quantitativeAnalysis,omitempty" cdx:"+1.5"` // v1.5
	Considerations       *CDXConsiderations       `json:"considerations,omitempty" cdx:"+1.5"`       // v1.5
	Properties           *[]CDXProperty           `json:"properties,omitempty" cdx:"+1.5"`           // v1.5
}

v1.5: added NOTE: CDXRefType is a named `string` type as of v1.5 TODO: v1.7: How to represent an AI App. (e.g., a Chatbot) using a model with components like embeddings (vector DB), re-rankers, etc. also consider distinguishing model capabilities: e.g., generative/classification; types (multi-model, LLM, LM, etc.)

type CDXModelParameters added in v0.13.0 

type CDXModelParameters struct {
	Approach           *CDXApproach                  `json:"approach,omitempty" cdx:"+1.5"`           // v1.5
	Task               string                        `json:"task,omitempty" cdx:"+1.5"`               // v1.5
	ArchitectureFamily string                        `json:"architectureFamily,omitempty" cdx:"+1.5"` // v1.5
	ModelArchitecture  string                        `json:"modelArchitecture,omitempty" cdx:"+1.5"`  // v1.5
	Datasets           *[]CDXDataset                 `json:"datasets,omitempty" cdx:"+1.5"`           // v1.5
	Inputs             *[]CDXInputOutputMLParameters `json:"inputs,omitempty" cdx:"+1.5"`             // v1.5
	Outputs            *[]CDXInputOutputMLParameters `json:"outputs,omitempty" cdx:"+1.5"`            // v1.5
}

v1.5: added

type CDXNameDescription added in v0.13.0 

type CDXNameDescription struct {
	Name        string `json:"name,omitempty" cdx:"added:1.5"`
	Description string `json:"description,omitempty" cdx:"added:1.5"`
}

v1.5 new type for "metadata"

type CDXNote 

type CDXNote struct {
	Locale string         `json:"locale,omitempty"`
	Text   *CDXAttachment `json:"attachment,omitempty"`
}

v1.4: created "note" defn. Note: "locale" is of type "localeType" which is a constrained `string`

type CDXOccurrence added in v0.16.0 

type CDXOccurrence struct {
	BOMRef   *CDXRefType `json:"bom-ref,omitempty" cdx:"added:1.5"`
	Location string      `json:"location,omitempty" cdx:"added:1.5"`
}

v1.5: added

type CDXOrganizationalContact 

type CDXOrganizationalContact struct {
	Name   string      `json:"name,omitempty"`
	Email  string      `json:"email,omitempty"`
	Phone  string      `json:"phone,omitempty"`
	BOMRef *CDXRefType `json:"bom-ref,omitempty"` // v1.5 added
}

v1.2: existed v1.5: added "bom-ref" NOTE: CDXRefType is a named `string` type as of v1.5

func (*CDXOrganizationalContact) MarshalJSON added in v0.14.0 

func (value *CDXOrganizationalContact) MarshalJSON() ([]byte, error)
type CDXOrganizationalContact struct {
	Name   string      `json:"name,omitempty"`
	Email  string      `json:"email,omitempty"`
	Phone  string      `json:"phone,omitempty"`
	BOMRef *CDXRefType `json:"bom-ref,omitempty"` // v1.5 added
}

type CDXOrganizationalContactSlice added in v0.16.0 

type CDXOrganizationalContactSlice []CDXOrganizationalContact

func (CDXOrganizationalContactSlice) Normalize added in v0.16.0 

func (slice CDXOrganizationalContactSlice) Normalize()

type CDXOrganizationalEntity 

type CDXOrganizationalEntity struct {
	Name    string                      `json:"name,omitempty"`
	Url     []string                    `json:"url,omitempty"`
	Contact *[]CDXOrganizationalContact `json:"contact,omitempty"`
	BOMRef  *CDXRefType                 `json:"bom-ref,omitempty"` // v1.5 added
	Address *CDXPostalAddress           `json:"address,omitempty"` // v1.6 added
}

v1.2: existed v1.5: added "bom-ref" v1.6: added "address" NOTE: CDXRefType is a named `string` type as of v1.5

func (*CDXOrganizationalEntity) MarshalJSON added in v0.14.0 

func (value *CDXOrganizationalEntity) MarshalJSON() ([]byte, error)
type CDXOrganizationalEntity struct {
	Name    string                      `json:"name,omitempty"`
	Url     []string                    `json:"url,omitempty"`
	Contact *[]CDXOrganizationalContact `json:"contact,omitempty"`
	BOMRef  *CDXRefType                 `json:"bom-ref,omitempty"` // v1.5 added
}

func (*CDXOrganizationalEntity) Normalize added in v0.16.0 

func (entity *CDXOrganizationalEntity) Normalize()

type CDXOrganizationalEntitySlice added in v0.16.0 

type CDXOrganizationalEntitySlice []CDXOrganizationalEntity

func (CDXOrganizationalEntitySlice) Normalize added in v0.16.0 

func (slice CDXOrganizationalEntitySlice) Normalize()

type CDXOutputType added in v0.13.0 

type CDXOutputType struct {
	Type            string                     `json:"type,omitempty"`            // "enum": ["artifact", "attestation", "log", "evidence", "metrics", "other"]
	Source          CDXResourceReferenceChoice `json:"source,omitempty"`          // v1.5
	Target          CDXResourceReferenceChoice `json:"target,omitempty"`          // v1.5
	Resource        CDXResourceReferenceChoice `json:"resource,omitempty"`        // v1.5
	Data            CDXAttachment              `json:"data,omitempty"`            // v1.5
	EnvironmentVars *[]interface{}             `json:"environmentVars,omitempty"` // v1.5
	Properties      *[]CDXProperty             `json:"properties,omitempty"`      // v1.5
}

v1.5: added TODO: likely nothing better we can do for "environmentVars" which is type "oneOf": ["#/definitions/property", "string"]

type CDXParameter added in v0.13.0 

type CDXParameter struct {
	Name     string `json:"name,omitempty"`     // v1.5
	Value    string `json:"value,omitempty"`    // v1.5
	DataType string `json:"dataType,omitempty"` // v1.5
}

v1.5: added

type CDXPatch 

type CDXPatch struct {
	Type     string      `json:"type,omitempty"`
	Diff     *CDXDiff    `json:"diff,omitempty"`
	Resolves *[]CDXIssue `json:"resolves,omitempty"`
}

v1.2: existed

type CDXPedigree 

type CDXPedigree struct {
	Ancestors   *[]CDXComponent `json:"ancestors,omitempty"`
	Descendants *[]CDXComponent `json:"descendants,omitempty"`
	Variants    *[]CDXComponent `json:"variants,omitempty"`
	Commits     *[]CDXCommit    `json:"commits,omitempty"`
	Patches     *[]CDXPatch     `json:"patches,omitempty"`
	Notes       string          `json:"notes,omitempty"`
}

v1.2: existed as an anon. type in the "component" type defn. The "Notes" (plural) should likely be multiple strings or text annotations TODO: create top-level defn. for "pedigree" anon. type

type CDXPerformanceMetric added in v0.13.0 

type CDXPerformanceMetric struct {
	Type               string                 `json:"type,omitempty" cdx:"+1.5"`               // v1.5
	Value              string                 `json:"value,omitempty" cdx:"+1.5"`              // v1.5
	Slice              string                 `json:"slice,omitempty" cdx:"+1.5"`              // v1.5
	ConfidenceInterval *CDXConfidenceInterval `json:"confidenceInterval,omitempty" cdx:"+1.5"` // v1.5
}

v1.5: added

type CDXPostalAddress added in v0.16.0 

type CDXPostalAddress struct {
	BOMRef              *CDXRefType `json:"bom-ref,omitempty" cdx:"+1.6"`             // v1.6
	Country             string      `json:"country,omitempty" cdx:"+1.6"`             // v1.6
	Region              string      `json:"region,omitempty" cdx:"+1.6"`              // v1.6
	Locality            string      `json:"locality,omitempty" cdx:"+1.6"`            // v1.6
	PostOfficeBoxNumber string      `json:"postOfficeBoxNumber,omitempty" cdx:"+1.6"` // v1.6
	PostalCode          string      `json:"postalCode,omitempty" cdx:"+1.6"`          // v1.6
	StreetAddress       string      `json:"streetAddress,omitempty" cdx:"+1.6"`       // v1.6
}

v1.6: added

type CDXProofOfConcept added in v0.13.0 

type CDXProofOfConcept struct {
	ReproductionSteps  string                   `json:"reproductionSteps,omitempty"`  // v1.5: added
	Environment        string                   `json:"environment,omitempty"`        // v1.5: added
	SupportingMaterial *[]CDXSupportingMaterial `json:"supportingMaterial,omitempty"` // v1.5: added
}

v1.5: created ("reproductionSteps", "environment", "supportingMaterial") TODO: "supportingMaterial" should be plural as it is an "array"

func (*CDXProofOfConcept) Normalize added in v0.16.0 

func (poc *CDXProofOfConcept) Normalize()

type CDXProperty 

type CDXProperty struct {
	Name  string `json:"name,omitempty"`
	Value string `json:"value,omitempty"`
}

v1.3: created "property" defn.

func UnMarshalProperties 

func UnMarshalProperties(data interface{}) (properties []CDXProperty, err error)

func UnMarshalProperty 

func UnMarshalProperty(data interface{}) (property CDXProperty, err error)

func (*CDXProperty) Equals 

func (property *CDXProperty) Equals(testProperty CDXProperty) bool

type CDXPropertySlice added in v0.16.0 

type CDXPropertySlice []CDXProperty

func (CDXPropertySlice) Normalize added in v0.16.0 

func (slice CDXPropertySlice) Normalize()

type CDXProtocolProperties added in v0.16.0 

type CDXProtocolProperties struct {
	Type                string                  `json:"type,omitempty" cdx:"+1.6"`                // v1.6 added
	Version             string                  `json:"version,omitempty" cdx:"+1.6"`             // v1.6 added
	CipherSuites        *[]CDXCipherSuite       `json:"cipherSuites,omitempty" cdx:"+1.6"`        // v1.6 added
	Ikev2TransformTypes *CDXIkevV2TransformType `json:"ikev2TransformTypes,omitempty" cdx:"+1.6"` // v1.6 added
	CryptoRefArray      *CDXCryptoRefArray      `json:"cryptoRefArray,omitempty" cdx:"+1.6"`      // v1.6 added
}

v1.6: added

type CDXQuantitativeAnalysis added in v0.13.0 

type CDXQuantitativeAnalysis struct {
	PerformanceMetrics *[]CDXPerformanceMetric `json:"performanceMetrics,omitempty" cdx:"+1.5"` // v1.5
	Graphics           *CDXGraphicsCollection  `json:"graphics,omitempty" cdx:"+1.5"`           // v1.5
}

v1.5: added (anonymous type)

type CDXRating 

type CDXRating struct {
	Source        *CDXVulnerabilitySource `json:"source,omitempty"`        // v1.4
	Score         float64                 `json:"score,omitempty"`         // v1.4
	Severity      string                  `json:"severity,omitempty"`      // v1.4
	Method        string                  `json:"method,omitempty"`        // v1.4
	Vector        string                  `json:"vector,omitempty"`        // v1.4
	Justification string                  `json:"justification,omitempty"` // v1.4
}

v1.4: created "rating" defn. Note: "score" is of type "number" which should map to `float64` Note: "severity" is of type "severity" which is a constrained `string` Note: "method" is of type "scoreMethod" which is a constrained `string`

type CDXRatingSlice added in v0.16.0 

type CDXRatingSlice []CDXRating

func (CDXRatingSlice) Normalize added in v0.16.0 

func (slice CDXRatingSlice) Normalize()

type CDXRefLinkType added in v0.13.0 

type CDXRefLinkType CDXRefType // "allOf": [{"$ref": "#/definitions/refType"}]

v1.5 added NOTE: CDXRefType is a named `string` type as of v1.5

func (CDXRefLinkType) String added in v0.13.0 

func (ref CDXRefLinkType) String() string

v1.5 added Stringer interface

type CDXRefLinkTypeSlice added in v0.16.0 

type CDXRefLinkTypeSlice []CDXRefLinkType

func (CDXRefLinkTypeSlice) Normalize added in v0.16.0 

func (slice CDXRefLinkTypeSlice) Normalize()

type CDXRefType added in v0.13.0 

type CDXRefType string

v1.4: added v1.5: added Constraints: "minLength": 1

func (CDXRefType) String added in v0.13.0 

func (ref CDXRefType) String() string

v1.5: added Stringer interface

type CDXRelatedCryptoMaterialProperties added in v0.16.0 

type CDXRelatedCryptoMaterialProperties struct {
	Type           string        `json:"type,omitempty" cdx:"+1.6"`           // v1.6 added
	Id             string        `json:"id,omitempty" cdx:"+1.6"`             // v1.6 added
	State          string        `json:"state,omitempty" cdx:"+1.6"`          // v1.6 added
	AlgorithmRef   *CDXRefType   `json:"algorithmRef,omitempty" cdx:"+1.6"`   // v1.6 added
	CreationDate   string        `json:"creationDate,omitempty" cdx:"+1.6"`   // v1.6 added
	ActivationDate string        `json:"activationDate,omitempty" cdx:"+1.6"` // v1.6 added
	UpdateDate     string        `json:"updateDate,omitempty" cdx:"+1.6"`     // v1.6 added
	ExpirationDate string        `json:"expirationDate,omitempty" cdx:"+1.6"` // v1.6 added
	Value          string        `json:"value,omitempty" cdx:"+1.6"`          // v1.6 added
	Size           int           `json:"size,omitempty" cdx:"+1.6"`           // v1.6 added
	Format         string        `json:"format,omitempty" cdx:"+1.6"`         // v1.6 added
	SecuredBy      *CDXSecuredBy `json:"securedBy,omitempty" cdx:"+1.6"`      // v1.6 added
}

type CDXReleaseNotes 

type CDXReleaseNotes struct {
	Type          string         `json:"type,omitempty" cdx:"added:1.4"`
	Title         string         `json:"title,omitempty" cdx:"added:1.4"`
	FeaturedImage string         `json:"featuredImage,omitempty" cdx:"added:1.4"`
	SocialImage   string         `json:"socialImage,omitempty" cdx:"added:1.4"`
	Description   string         `json:"description,omitempty" cdx:"added:1.4"`
	Timestamp     string         `json:"timestamp,omitempty" cdx:"added:1.4"`
	Aliases       *[]string      `json:"aliases,omitempty" cdx:"added:1.4"`
	Tags          *[]string      `json:"tags,omitempty" cdx:"added:1.4"`
	Resolves      *[]CDXIssue    `json:"resolves,omitempty" cdx:"added:1.4"`
	Notes         *[]CDXNote     `json:"notes,omitempty" cdx:"added:1.4"`
	Properties    *[]CDXProperty `json:"properties,omitempty" cdx:"added:1.4"`
}

v1.4: created "releaseNotes" defn. TODO: should be singular "releaseNote" TODO: v1.7: Add []ExternalReferences TODO: v1.7: "Tags" is an overloaded concept... currently doesn't represent GitHub tags

type CDXReleaseNotesSlice added in v0.16.0 

type CDXReleaseNotesSlice []CDXReleaseNotes

func (CDXReleaseNotesSlice) Normalize added in v0.16.0 

func (slice CDXReleaseNotesSlice) Normalize()

type CDXRequirement added in v0.16.0 

type CDXRequirement struct {
	BOMRef             *CDXRefType             `json:"bom-ref,omitempty" cdx:"+1.6"`            // v1.6 added
	Identifier         string                  `json:"identifier,omitempty" cdx:"+1.6"`         // v1.6 added
	Title              string                  `json:"title,omitempty" cdx:"+1.6"`              // v1.6 added
	Text               string                  `json:"text,omitempty" cdx:"+1.6"`               // v1.6 added
	Descriptions       *[]string               `json:"descriptions,omitempty" cdx:"+1.6"`       // v1.6 added
	OpenCre            *[]string               `json:"openCre,omitempty" cdx:"+1.6"`            // v1.6 added
	Parent             *CDXRefLinkType         `json:"parent,omitempty" cdx:"+1.6"`             // v1.6 added
	Properties         *[]CDXProperty          `json:"properties,omitempty" cdx:"+1.6"`         // v1.6 added
	ExternalReferences *[]CDXExternalReference `json:"externalReferences,omitempty" cdx:"+1.6"` // v1.6 added
}

v1.6: added

type CDXResourceInfo added in v0.14.0 

type CDXResourceInfo struct {
	IsRoot         bool
	ResourceType   string `json:"resource-type"`
	Group          string `json:"group"`
	Name           string `json:"name"`
	Version        string `json:"version"`
	Description    string `json:"description"`
	BOMRef         string `json:"bom-ref"`
	NumberLicenses int    `json:"number-licenses"`
	Properties     *[]CDXProperty
	Component      CDXComponent
	Service        CDXService
	HasLicense     bool
}

TODO: need to strip `-` from `bom-ref` for where filter To be clear, we need the "json:" annotations to enable "where" filter "key=value" matches when hashing resources since we apply it to a JSON map: 

mapResourceInfo, _ := utils.ConvertStructToMap(resourceInfo)
match, _ = whereFilterMatch(mapResourceInfo, whereFilters)

If we could normalize to lowercase and remove "-" chars we may not need to use any JSON annotations. Please note that the JSON annotations MUST match those declared by the CDX types CDXComponent and CDXService.

type CDXResourceReferenceChoice added in v0.13.0 

type CDXResourceReferenceChoice struct {
	Ref               CDXRefLinkType       `json:"description,omitempty"`       // v1.5
	ExternalReference CDXExternalReference `json:"externalReference,omitempty"` // v1.5
}

v1.5: added v1.5: Note: "ref" is a constrained "string" which can be "anyOf": ["#/definitions/refLinkType", "#/definitions/bomLinkElementType"] TODO: actually, "Ref" should be its own anonymous type with "anyOf": ["#/definitions/refLinkType", "#/definitions/bomLinkElementType"]

type CDXRisk added in v0.13.0 

type CDXRisk struct {
	Name               string `json:"name,omitempty" cdx:"+1.5"`               // v1.5
	MitigationStrategy string `json:"mitigationStrategy,omitempty" cdx:"+1.5"` // v1.5
}

v1.5: added

type CDXSecuredBy added in v0.16.0 

type CDXSecuredBy struct {
	Mechanism    string      `json:"mechanism,omitempty" cdx:"+1.6"`    // v1.6 added
	AlgorithmRef *CDXRefType `json:"algorithmRef,omitempty" cdx:"+1.6"` // v1.6 added
}

v1.6: added

type CDXService 

type CDXService struct {
	Name               string                   `json:"name,omitempty"`
	Version            string                   `json:"version,omitempty"`
	Description        string                   `json:"description,omitempty"`
	Group              string                   `json:"group,omitempty"`
	BOMRef             *CDXRefType              `json:"bom-ref,omitempty"`
	Endpoints          *[]string                `json:"endpoints,omitempty"`
	Authenticated      bool                     `json:"authenticated,omitempty"`
	XTrustBoundary     bool                     `json:"x-trust-boundary,omitempty"`
	Provider           *CDXOrganizationalEntity `json:"provider,omitempty"`
	Data               *[]CDXServiceData        `json:"data,omitempty"`
	Licenses           *[]CDXLicenseChoice      `json:"licenses,omitempty"`
	ExternalReferences *[]CDXExternalReference  `json:"externalReferences,omitempty"`
	Services           *[]CDXService            `json:"services,omitempty"`
	Properties         *[]CDXProperty           `json:"properties,omitempty" cdx:"added:1.3"`
	ReleaseNotes       *[]CDXReleaseNotes       `json:"releaseNotes,omitempty" cdx:"added:1.4"`
	Signature          *JSFSignature            `json:"signature,omitempty" cdx:"added:1.4"`
	TrustZone          string                   `json:"trustZone,omitempty" cdx:"added:1.5"`
	Tags               *[]string                `json:"tags,omitempty" cdx:"added:1.6"`
}

v1.2: existed v1.3: added: "properties" v1.4: added: "releaseNotes", "signature" v1.5: moved "data" object elements into "serviceData" object v1.5: added "trustZone" ----- TODO: a service is not all auth or not auth.; that is, we have multiple endpoints but only 1 boolean for "authenticated" (open spec. issue) TODO: Not sure the intent of having "nested" (hierarchical) services? TODO: Should support OpenAPI specification (documents) as canonical descriptors TODO: v1.2 "licenses" used to be an anon. type until v1.3 intro. the `LicenseChoice` def. validate a v1.2 SBOM wit the anon. type parses properly NOTE: CDXRefType is a named `string` type as of v1.5

func (*CDXService) Normalize added in v0.16.0 

func (service *CDXService) Normalize()

type CDXServiceData added in v0.13.0 

type CDXServiceData struct {
	Flow           string                 `json:"flow,omitempty"`
	Classification *CDXDataClassification `json:"classification,omitempty"`
	Name           string                 `json:"name,omitempty" cdx:"added:1.5"`
	Description    string                 `json:"description,omitempty" cdx:"added:1.5"`
	Governance     *CDXDataGovernance     `json:"governance,omitempty" cdx:"added:1.5"`
	Source         string                 `json:"source,omitempty" cdx:"added:1.5"`
	Destination    string                 `json:"destination,omitempty" cdx:"added:1.5"`
}

v1.5: added. aggregated related date from v1.2-v1.4 and added additional fields v1.2-v1.4: "flow", "classification" existed TODO: "source" is a "oneOf" type (both currently resolve to string), but needs to be its own anonymous type TODO: "destination" is a "oneOf" type (both currently resolve to string), but needs to be its own anonymous type

type CDXServiceInfo added in v0.16.0 

type CDXServiceInfo struct {
	CDXResourceInfo
	ProviderName   string `json:"provider-name"`
	ProviderUrl    string `json:"provider-url"`
	Authenticated  bool   `json:"authenticated,omitempty"`
	XTrustBoundary bool   `json:"x-trust-boundary,omitempty"`
	TrustZone      string `json:"trustZone,omitempty"`
}

------------------- Services ------------------- TODO: HasServices, HasEndpoints TODO: HasLicenses, HasReleaseNotes, HasData, HasTags, HasSignature (*JSFSignature) TODO: HasProperties, HasExternalRefs

func NewServiceInfo added in v0.16.0 

func NewServiceInfo(cdxService CDXService) (serviceInfo *CDXServiceInfo)

func (*CDXServiceInfo) MapCDXServiceData added in v0.16.0 

func (serviceInfo *CDXServiceInfo) MapCDXServiceData(cdxService CDXService)

type CDXServiceSlice added in v0.16.0 

type CDXServiceSlice []CDXService

func (CDXServiceSlice) Normalize added in v0.16.0 

func (slice CDXServiceSlice) Normalize()

type CDXSignatory added in v0.16.0 

type CDXSignatory struct {
	Name               string                   `json:"name,omitempty" cdx:"+1.6"`               // v1.6 added
	Role               string                   `json:"role,omitempty" cdx:"+1.6"`               // v1.6 added
	Signature          *JSFSignature            `json:"signature,omitempty" cdx:"+1.6"`          // v1.6 added
	Organization       *CDXOrganizationalEntity `json:"organization,omitempty" cdx:"+1.6"`       // v1.6 added
	ExternalReferences *[]CDXExternalReference  `json:"externalReferences,omitempty" cdx:"+1.6"` // v1.6 added
}

v1.6: added

type CDXSource 

type CDXSource struct {
	Name string `json:"name,omitempty"`
	Url  string `json:"url,omitempty"`
}

v1.2: existed as anon. type Note: this is an anonymous type defined within "issue" defn. (i.e., "CDXIssue")

type CDXStandard added in v0.16.0 

type CDXStandard struct {
	BOMRef             *CDXRefType             `json:"bom-ref,omitempty" cdx:"+1.6"`            // v1.6 added
	Name               string                  `json:"name,omitempty" cdx:"+1.6"`               // v1.6 added
	Version            string                  `json:"version,omitempty" cdx:"+1.6"`            // v1.6 added
	Description        string                  `json:"description,omitempty" cdx:"+1.6"`        // v1.6 added
	Owner              string                  `json:"owner,omitempty" cdx:"+1.6"`              // v1.6 added
	Requirements       *[]CDXRequirement       `json:"requirements,omitempty" cdx:"+1.6"`       // v1.6 added
	Levels             *[]CDXLevel             `json:"levels,omitempty" cdx:"+1.6"`             // v1.6 added
	ExternalReferences *[]CDXExternalReference `json:"externalReferences,omitempty" cdx:"+1.6"` // v1.6 added
	Signature          *JSFSignature           `json:"signature,omitempty" cdx:"+1.6"`          // v1.6 added
}

v1.6: added NOTE: The "Owner" field SHOULD be a CDXOrganizationalEntity OR CDXOrganizationalContact We have structures that already support this concept!!!

type CDXStep added in v0.13.0 

type CDXStep struct {
	Name        string         `json:"name,omitempty"`        // v1.5
	Description string         `json:"description,omitempty"` // v1.5
	Commands    *[]CDXCommand  `json:"commands,omitempty"`    // v1.5
	Properties  *[]CDXProperty `json:"properties,omitempty"`  // v1.5
}

v1.5: added

type CDXSubject added in v0.13.0 

type CDXSubject string // v1.5

v1.5 added to represent the anonymous type defined in the "annotations" object Note: Since CDXSubject can be one of 2 other types (i.e., "#/definitions/refLinkType" and "#/definitions/bomLinkElementType") which both are "string" types we can also make it a "string" type as it does not affect constraint validation.

type CDXSupportingMaterial added in v0.13.0 

type CDXSupportingMaterial struct {
	ContentType string `json:"contentType,omitempty"` // v1.5: added
	Encoding    string `json:"encoding,omitempty"`    // v1.5: added
	Content     string `json:"content,omitempty"`     // v1.5: added
}

v1.5: created ("contentType", "encoding", "content")

type CDXSupportingMaterialSlice added in v0.16.0 

type CDXSupportingMaterialSlice []CDXSupportingMaterial

func (CDXSupportingMaterialSlice) Normalize added in v0.16.0 

func (slice CDXSupportingMaterialSlice) Normalize()

type CDXSwid 

type CDXSwid struct {
	TagId      string         `json:"tagId,omitempty"`
	Name       string         `json:"name,omitempty"`
	Version    string         `json:"version,omitempty"`
	TagVersion int            `json:"tagVersion,omitempty"`
	Patch      bool           `json:"patch,omitempty"`
	Text       *CDXAttachment `json:"text,omitempty"`
	Url        string         `json:"url,omitempty"`
}

v1.2: existed See: https://www.iso.org/standard/65666.html NOTE: Swid v1 tag values are deprecated; new v2 tags are avail.

type CDXTargets added in v0.16.0 

type CDXTargets struct {
	Organizations *[]CDXOrganizationalEntity `json:"organizations,omitempty" cdx:"+1.6"` // v1.6 added
	Components    *[]CDXComponent            `json:"components,omitempty" cdx:"+1.6"`    // v1.6 added
	Services      *[]CDXService              `json:"services,omitempty" cdx:"+1.6"`      // v1.6 added
}

v1.6: added NOTE: Type name matches plural reference from the spec.

type CDXTask added in v0.13.0 

type CDXTask struct {
	BOMRef             *CDXRefType                   `json:"bom-ref,omitempty"`            // v1.5
	Uid                string                        `json:"uid,omitempty"`                // v1.5
	Name               string                        `json:"name,omitempty"`               // v1.5
	Description        string                        `json:"description,omitempty"`        // v1.5
	ResourceReferences *[]CDXResourceReferenceChoice `json:"resourceReferences,omitempty"` // v1.5
	TaskTypes          *[]CDXTaskType                `json:"taskTypes,omitempty"`          // v1.5
	Trigger            CDXTrigger                    `json:"trigger,omitempty"`            // v1.5
	Steps              *[]CDXStep                    `json:"steps,omitempty"`              // v1.5
	Inputs             *[]CDXInputType               `json:"inputs,omitempty"`             // v1.5
	Outputs            *[]CDXOutputType              `json:"outputs,omitempty"`            // v1.5
	TimeStart          string                        `json:"timeStart,omitempty"`          // v1.5
	TimeEnd            string                        `json:"timeEnd,omitempty"`            // v1.5
	Workspaces         *[]CDXWorkspace               `json:"workspaces,omitempty"`         // v1.5
	RuntimeTopology    *[]CDXDependency              `json:"runtimeTopology,omitempty"`    // v1.5
	Properties         *[]CDXProperty                `json:"properties,omitempty"`         // v1.5
}

v1.5: added NOTE: CDXRefType is a named `string` type as of v1.5

func (*CDXTask) Normalize added in v0.16.0 

func (task *CDXTask) Normalize()

type CDXTaskSlice added in v0.16.0 

type CDXTaskSlice []CDXTask

func (CDXTaskSlice) Normalize added in v0.16.0 

func (slice CDXTaskSlice) Normalize()

type CDXTaskType added in v0.13.0 

type CDXTaskType string // v1.5

v1.5: added "enum": ["copy","clone","lint","scan","merge","build","test","deliver","deploy","release","clean","other"]

type CDXTaskTypeSlice added in v0.16.0 

type CDXTaskTypeSlice []CDXTaskType

func (CDXTaskTypeSlice) Normalize added in v0.16.0 

func (slice CDXTaskTypeSlice) Normalize()

type CDXTrigger added in v0.13.0 

type CDXTrigger struct {
	BOMRef             CDXRefType                    `json:"bom-ref,omitempty"`            // v1.5
	Uid                string                        `json:"uid,omitempty"`                // v1.5
	Name               string                        `json:"name,omitempty"`               // v1.5
	Description        string                        `json:"description,omitempty"`        // v1.5
	ResourceReferences *[]CDXResourceReferenceChoice `json:"resourceReferences,omitempty"` // v1.5
	Type               string                        `json:"type,omitempty"`               // v1.5 // "enum": ["manual", "api", "webhook","scheduled"]
	Event              CDXEvent                      `json:"event,omitempty"`              // v1.5
	Condition          CDXCondition                  `json:"condition,omitempty"`          // v1.5
	TimeActivated      string                        `json:"timeActivated,omitempty"`      // v1.5
	Inputs             *[]CDXInputType               `json:"inputs,omitempty"`             // v1.5
	Outputs            *[]CDXOutputType              `json:"outputs,omitempty"`            // v1.5
	Properties         *[]CDXProperty                `json:"properties,omitempty"`         // v1.5
}

type CDXVersionRange 

type CDXVersionRange struct {
	Version string `json:"version,omitempty"` // v1.4
	Range   string `json:"range,omitempty"`   // v1.4
	Status  string `json:"status,omitempty"`  // v1.4
}

v1.4: created "version" def. to represent an in-line, anon. type Note "version" is a top-level defn. that is a constrained `string` type Note "affectedStatus" is a top-level defn. that is an enum. of `string` type Note: Both "version" constrains strings to a min/mac (1, 1024) length this concept SHOULD APPLY to all free-form text entries (e.g., descriptive text) TODO: create top-level defn. for "versions" (a.k.a. "versionRange") anon. type (name TBD)

type CDXVersionRangeSlice added in v0.16.0 

type CDXVersionRangeSlice []CDXVersionRange

func (CDXVersionRangeSlice) Normalize added in v0.16.0 

func (slice CDXVersionRangeSlice) Normalize()

type CDXVolume added in v0.13.0 

type CDXVolume struct {
	Uid           string         `json:"uid,omitempty"`           // v1.5
	Name          string         `json:"name,omitempty"`          // v1.5
	Mode          string         `json:"mode,omitempty"`          // v1.5
	Path          string         `json:"path,omitempty"`          // v1.5
	SizeAllocated string         `json:"sizeAllocated,omitempty"` // v1.5
	Persistent    bool           `json:"persistent,omitempty"`    // v1.5
	Remote        bool           `json:"remote,omitempty"`        // v1.5
	Properties    *[]CDXProperty `json:"properties,omitempty"`    // v1.5
}

v1.5: added NOTE: CDXRefType is a named `string` type as of v1.5

type CDXVulnerability 

type CDXVulnerability struct {
	Id             string                       `json:"id,omitempty"`             // v1.4
	Source         *CDXVulnerabilitySource      `json:"source,omitempty"`         // v1.4
	BOMRef         *CDXRefType                  `json:"bom-ref,omitempty"`        // v1.4
	References     *[]CDXVulnerabilityReference `json:"references"`               // v1.4: anon. type
	Ratings        *[]CDXRating                 `json:"ratings,omitempty"`        // v1.4
	Cwes           *[]int                       `json:"cwes,omitempty"`           // v1.4
	Description    string                       `json:"description,omitempty"`    // v1.4
	Detail         string                       `json:"detail,omitempty"`         // v1.4
	Recommendation string                       `json:"recommendation,omitempty"` // v1.4
	Advisories     *[]CDXAdvisory               `json:"advisories,omitempty"`     // v1.4
	Created        string                       `json:"created,omitempty"`        // v1.4
	Published      string                       `json:"published,omitempty"`      // v1.4
	Updated        string                       `json:"updated,omitempty"`        // v1.4
	Credits        *CDXCredit                   `json:"credits,omitempty"`        // v1.4: anon. type
	Tools          interface{}                  `json:"tools,omitempty"`          // v1.4: added; v1.5: changed to interface{}
	Analysis       *CDXAnalysis                 `json:"analysis,omitempty"`       // v1.4: anon. type
	Affects        *[]CDXAffect                 `json:"affects,omitempty"`        // v1.4: anon. type
	Properties     *[]CDXProperty               `json:"properties,omitempty"`     // v1.4: added
	Workaround     string                       `json:"workaround,omitempty"`     // v1.5: added
	ProofOfConcept *CDXProofOfConcept           `json:"proofOfConcept,omitempty"` // v1.5: added
	Rejected       string                       `json:"rejected,omitempty"`       // v1.5: added
}

v1.4: created "vulnerability" defn. v1.5: added "workaround", "proofOfConcept", "rejected" Note: "bom-ref" is a "ref-type" which is a constrained `string` Note: "cwes" is a array of "cwe" which is a constrained `int` NOTE: CDXRefType is a named `string` type as of v1.5

func (*CDXVulnerability) MarshalJSON added in v0.11.0 

func (value *CDXVulnerability) MarshalJSON() ([]byte, error)

recreate a representation of the struct, but only include values in map that are not empty

func (*CDXVulnerability) Normalize added in v0.16.0 

func (vulnerability *CDXVulnerability) Normalize()

type CDXVulnerability struct { TODO: Tools interface{} (i.e., need to test for which type it is in order to Normalize) 

	Analysis       *CDXAnalysis                 `json:"analysis,omitempty"`       // v1.4: anon. type
}

type CDXVulnerabilityReference added in v0.13.0 

type CDXVulnerabilityReference struct {
	Id     string                  `json:"id,omitempty"`     // v1.4
	Source *CDXVulnerabilitySource `json:"source,omitempty"` // v1.4
}

v1.4 This is an anonymous type used in CDXVulnerability

func (*CDXVulnerabilityReference) MarshalJSON added in v0.13.0 

func (value *CDXVulnerabilityReference) MarshalJSON() ([]byte, error)

type CDXVulnerabilityReferenceSlice added in v0.16.0 

type CDXVulnerabilityReferenceSlice []CDXVulnerabilityReference

func (CDXVulnerabilityReferenceSlice) Normalize added in v0.16.0 

func (slice CDXVulnerabilityReferenceSlice) Normalize()

type CDXVulnerabilitySlice added in v0.16.0 

type CDXVulnerabilitySlice []CDXVulnerability

func (CDXVulnerabilitySlice) Normalize added in v0.16.0 

func (slice CDXVulnerabilitySlice) Normalize()

==================================================================== Slice Normalizers ====================================================================

type CDXVulnerabilitySource 

type CDXVulnerabilitySource struct {
	Url  string `json:"url,omitempty"`  // v1.4
	Name string `json:"name,omitempty"` // v1.4
}

v1.4: created "vulnerabilitySource" defn. Note: "url" is of type "string" (and not an "iri-reference") TODO: "url" SHOULD be an "iri-reference"

func (*CDXVulnerabilitySource) MarshalJSON added in v0.11.0 

func (value *CDXVulnerabilitySource) MarshalJSON() ([]byte, error)
type CDXVulnerabilitySource struct {
	Url  string `json:"url,omitempty"`  // v1.4
	Name string `json:"name,omitempty"` // v1.4
}

type CDXWorkflow added in v0.13.0 

type CDXWorkflow struct {
	Uid                string                        `json:"uid,omitempty"`  // v1.5
	Name               string                        `json:"name,omitempty"` // v1.5
	BOMRef             *CDXRefType                   `json:"bom-ref,omitempty"`
	Description        string                        `json:"description,omitempty"`        // v1.5
	ResourceReferences *[]CDXResourceReferenceChoice `json:"resourceReferences,omitempty"` // v1.5
	Tasks              *[]CDXTask                    `json:"tasks,omitempty"`              // v1.5
	TaskDependencies   *[]CDXDependency              `json:"taskDependencies,omitempty"`   // v1.5
	TaskTypes          *[]CDXTaskType                `json:"taskTypes,omitempty"`          // v1.5
	Trigger            CDXTrigger                    `json:"trigger,omitempty"`            // v1.5
	Steps              *[]CDXStep                    `json:"steps,omitempty"`              // v1.5
	Inputs             *[]CDXInputType               `json:"inputs,omitempty"`             // v1.5
	Outputs            *[]CDXOutputType              `json:"outputs,omitempty"`            // v1.5
	TimeStart          string                        `json:"timeStart,omitempty"`          // v1.5
	TimeEnd            string                        `json:"timeEnd,omitempty"`            // v1.5
	Workspaces         *[]CDXWorkspace               `json:"workspaces,omitempty"`         // v1.5
	RuntimeTopology    *[]CDXDependency              `json:"runtimeTopology,omitempty"`    // v1.5
	Properties         *[]CDXProperty                `json:"properties,omitempty"`         // v1.5
}

v1.5: added NOTE: CDXRefType is a named `string` type as of v1.5

func (*CDXWorkflow) Normalize added in v0.16.0 

func (workflow *CDXWorkflow) Normalize()

type CDXWorkflowSlice added in v0.16.0 

type CDXWorkflowSlice []CDXWorkflow

func (CDXWorkflowSlice) Normalize added in v0.16.0 

func (slice CDXWorkflowSlice) Normalize()

type CDXWorkspace added in v0.13.0 

type CDXWorkspace struct {
	BOMRef             CDXRefType                    `json:"bom-ref,omitempty"`            // v1.5
	Uid                string                        `json:"uid,omitempty"`                // v1.5
	Name               string                        `json:"name,omitempty"`               // v1.5
	Aliases            *[]string                     `json:"aliases,omitempty"`            // v1.5
	Description        string                        `json:"description,omitempty"`        // v1.5
	ResourceReferences *[]CDXResourceReferenceChoice `json:"resourceReferences,omitempty"` // v1.5
	AccessMode         string                        `json:"accessMode,omitempty"`         // v1.5
	MountPath          string                        `json:"mountPath,omitempty"`          // v1.5
	ManagedDataType    string                        `json:"managedDataType,omitempty"`    // v1.5
	VolumeRequest      string                        `json:"volumeRequest,omitempty"`      // v1.5
	Volume             CDXVolume                     `json:"volume,omitempty"`             // v1.5
	Properties         *[]CDXProperty                `json:"properties,omitempty"`         // v1.5
}

v1.5: added NOTE: CDXRefType is a named `string` type as of v1.5

type CompoundExpression added in v0.14.0 

type CompoundExpression struct {
	SimpleLeft          string
	SimpleLeftHasPlus   bool
	LeftPolicy          LicensePolicy
	LeftUsagePolicy     string
	SimpleRight         string
	SimpleRightHasPlus  bool
	RightPolicy         LicensePolicy
	RightUsagePolicy    string
	Conjunction         string
	PrepRight           string
	PrepLeft            string
	CompoundLeft        *CompoundExpression
	CompoundRight       *CompoundExpression
	CompoundUsagePolicy string
}

func NewCompoundExpression added in v0.14.0 

func NewCompoundExpression() *CompoundExpression

func ParseExpression added in v0.14.0 

func ParseExpression(policyConfig *LicensePolicyConfig, rawExpression string) (ce *CompoundExpression, err error)

type CustomValidation 

type CustomValidation struct {
	Metadata CustomValidationMetadata `json:"metadata"`
}

type CustomValidationConfig 

type CustomValidationConfig struct {
	Validation CustomValidation `json:"validation"`
}
var CustomValidationChecks CustomValidationConfig

Globals

func (*CustomValidationConfig) GetCustomValidationConfig 

func (config *CustomValidationConfig) GetCustomValidationConfig() *CustomValidation

TODO: return copies

func (*CustomValidationConfig) GetCustomValidationMetadata 

func (config *CustomValidationConfig) GetCustomValidationMetadata() *CustomValidationMetadata

func (*CustomValidationConfig) GetCustomValidationMetadataProperties 

func (config *CustomValidationConfig) GetCustomValidationMetadataProperties() []CustomValidationProperty

type CustomValidationMetadata 

type CustomValidationMetadata struct {
	Properties []CustomValidationProperty `json:"properties"`
}

type CustomValidationProperty 

type CustomValidationProperty struct {
	CDXProperty
	Description string `json:"_validate_description"`
	Key         string `json:"_validate_key"`
	CheckUnique string `json:"_validate_unique"`
	CheckRegex  string `json:"_validate_regex"`
}

NOTE: Assumes property "key" is the value in the "name" field

type ExtendedLicenseInfo added in v0.16.0 

type ExtendedLicenseInfo struct {
	LicenseId              string `json:"license-id"`
	LicenseName            string `json:"license-name"`
	LicenseExpression      string `json:"license-expression"`
	LicenseUrl             string `json:"license-url"`
	LicenseTextEncoding    string `json:"license-text-encoding"`
	LicenseTextContentType string `json:"license-text-content-type"`
	LicenseTextContent     string `json:"license-text-content"`
}

type FormatSchema 

type FormatSchema struct {
	CanonicalName       string                 `json:"canonicalName"`
	PropertyKeyFormat   string                 `json:"propertyKeyFormat"`
	PropertyKeyVersion  string                 `json:"propertyKeyVersion"`
	PropertyValueFormat string                 `json:"propertyValueFormat"`
	Schemas             []FormatSchemaInstance `json:"schemas"`
}

Representation of SBOM format

func (*FormatSchema) IsCycloneDx 

func (format *FormatSchema) IsCycloneDx() bool

func (*FormatSchema) IsSpdx 

func (format *FormatSchema) IsSpdx() bool

type FormatSchemaInstance 

type FormatSchemaInstance struct {
	Name        string `json:"name"`
	Version     string `json:"version"`
	Development string `json:"development"`
	File        string `json:"file"`
	Url         string `json:"url"`
	Default     bool   `json:"default"`
	Variant     string `json:"variant"`
	Format      string `json:"format"` // value set from parent FormatSchema's `CanonicalName`
}

Representation of SBOM schema instance TODO: add support for schema (Hash) key if we end up having lots of entries e.g., key string where key: SchemaKey{ID_CYCLONEDX, VERSION_CYCLONEDX_1_3, false},

type JSFKeyType added in v0.13.0 

type JSFKeyType string

constraint: "enum": ["EC","OKP","RSA"]

type JSFPublicKey added in v0.13.0 

type JSFPublicKey struct {
	Kty *JSFKeyType `json:"kty,omitempty"` // Key Type
	Crv string      `json:"crv,omitempty"` // EC/OKP curve name
	X   string      `json:"x,omitempty"`   // X coordinate
	Y   string      `json:"y,omitempty"`   // Y coordinate
	N   string      `json:"n,omitempty"`   // RSA modulus
	E   string      `json:"e,omitempty"`   // RSA exponent
}

if kty (key type)== "EC"

  • required: "crv" (EC curve name), "x", "y"
  • constraint "crv": "enum": ["P-256","P-384","P-521"]

else if kty == "OKP"

  • required: "crv" (EdDSA curve name), "x"
  • constraint "crv" : "enum": ["Ed25519","Ed448"]

else if kty == "RSA"

  • required: n, e

type JSFSignature added in v0.13.0 

type JSFSignature struct {
	// "Unique top level property for Multiple Signatures."
	Signers *[]JSFSigner `json:"signers,omitempty"`
	// "Unique top level property for Signature Chains."
	Chain *[]JSFSigner `json:"chain,omitempty"`
	// "Unique top level property for simple signatures."
	Signature *JSFSigner `json:"signature,omitempty"`
}

Note: struct will contain "oneOf": []"Signers", "Chain", "Signature"]

type JSFSigner added in v0.13.0 

type JSFSigner struct {
	Algorithm       string        `json:"algorithm,omitempty"`
	KeyId           string        `json:"keyId,omitempty"`
	PublicKey       *JSFPublicKey `json:"publicKey,omitempty"`
	CertificatePath *[]string     `json:"certificatePath,omitempty"`
	Excludes        *[]string     `json:"excludes,omitempty"`
	Value           string        `json:"value,omitempty"`
}

Algorithm: "Signature algorithm. The currently recognized JWA [RFC7518] and RFC8037

  • constraint: "enum": ["RS256","RS384","RS512","PS256","PS384","PS512", "ES256","ES384","ES512","Ed25519","Ed448","HS256","HS384","HS512"]
  • OR contains a URI for custom algorithm (name)

KeyId: "Optional. Application specific string identifying the signature key." PublicKey: "Optional. Public key object." CertificatePath: "Optional. Sorted array of X.509 [RFC5280] certificates, where the first element must contain the signature certificate. The certificate path must be contiguous but is not required to be complete." Excludes: "Optional. Array holding the names of one or more application level properties that must be excluded from the signature process. Note that the \"excludes\" property itself, must also be excluded from the signature process. Since both the \"excludes\" property and the associated data it points to are unsigned, a conforming JSF implementation must provide options for specifying which properties to accept." Value: "The signature data. Note that the binary representation must follow the JWA [RFC7518] specifications."

type LicenseInfo added in v0.14.0 

type LicenseInfo struct {
	UsagePolicy            string           `json:"usage-policy"`
	LicenseChoiceTypeValue int              `json:"license-type-value"`
	LicenseChoiceType      string           `json:"license-type"`
	License                string           `json:"license"`
	ResourceName           string           `json:"resource-name"`
	BOMRef                 CDXRefType       `json:"bom-ref"`
	BOMLocationValue       int              `json:"bom-location-value"`
	BOMLocation            string           `json:"bom-location"`
	LicenseChoice          CDXLicenseChoice // Do not marshal
	Policy                 LicensePolicy    // Do not marshal
	Component              CDXComponent     // Do not marshal
	Service                CDXService       // Do not marshal
	ExtendedLicenseInfo
}

Note: the "License" property is used as hashmap key NOTE: CDXRefType is a named `string` type as of v1.5

func NewLicenseInfoFromComponent added in v0.16.0 

func NewLicenseInfoFromComponent(cdxComponent CDXComponent, licenseChoice CDXLicenseChoice, location int) (licenseInfo *LicenseInfo)

func NewLicenseInfoFromService added in v0.16.0 

func NewLicenseInfoFromService(cdxService CDXService, licenseChoice CDXLicenseChoice, location int) (licenseInfo *LicenseInfo)

func (*LicenseInfo) MapCDXLicenseFromComponent added in v0.16.0 

func (licenseInfo *LicenseInfo) MapCDXLicenseFromComponent(cdxComponent CDXComponent, cdxLicenseChoice CDXLicenseChoice)

TODO: flag any component or service w/o a license

func (*LicenseInfo) MapCDXLicenseFromService added in v0.16.0 

func (licenseInfo *LicenseInfo) MapCDXLicenseFromService(cdxService CDXService, cdxLicenseChoice CDXLicenseChoice)

func (*LicenseInfo) SetLicenseChoiceTypeValue added in v0.14.0 

func (licenseInfo *LicenseInfo) SetLicenseChoiceTypeValue(value int)

type LicensePolicy added in v0.14.0 

type LicensePolicy struct {
	Id             string   `json:"id"`
	Reference      string   `json:"reference"`
	IsOsiApproved  bool     `json:"osi"`
	IsFsfLibre     bool     `json:"fsf"`
	IsDeprecated   bool     `json:"deprecated"`
	Family         string   `json:"family"`
	Name           string   `json:"name"`
	UsagePolicy    string   `json:"usagePolicy"`
	Aliases        []string `json:"aliases"`
	Children       []string `json:"children"`
	Notes          []string `json:"notes"`
	Urls           []string `json:"urls"`
	AnnotationRefs []string `json:"annotationRefs"`

	// Alternative field names for --where searches
	AltUsagePolicy    string `json:"usage-policy"`
	AltAnnotationRefs string `json:"annotations"`
	AltSPDXId         string `json:"spdx-id"`
}

type LicensePolicyConfig added in v0.14.0 

type LicensePolicyConfig struct {
	PolicyList  []LicensePolicy   `json:"policies"`
	Annotations map[string]string `json:"annotations"`
	// contains filtered or unexported fields
}

func NewLicensePolicyConfig added in v0.14.0 

func NewLicensePolicyConfig(configFile string) *LicensePolicyConfig

func (*LicensePolicyConfig) FindPolicy added in v0.14.0 

func (config *LicensePolicyConfig) FindPolicy(licenseInfo LicenseInfo) (matchedPolicy LicensePolicy, err error)

func (*LicensePolicyConfig) FindPolicyByFamilyName added in v0.14.0 

func (config *LicensePolicyConfig) FindPolicyByFamilyName(name string) (policyValue string, matchedPolicy LicensePolicy, err error)

NOTE: for now, we will look for the "family" name encoded in the License.Name field (until) we can get additional fields/properties added to the CDX LicenseChoice schema

func (*LicensePolicyConfig) FindPolicyBySpdxId added in v0.14.0 

func (config *LicensePolicyConfig) FindPolicyBySpdxId(id string) (policyValue string, matchedPolicy LicensePolicy, err error)

func (*LicensePolicyConfig) GetFamilyNameMap added in v0.14.0 

func (config *LicensePolicyConfig) GetFamilyNameMap() (hashmap *slicemultimap.MultiMap, err error)

func (*LicensePolicyConfig) GetFilteredFamilyNameMap added in v0.14.0 

func (config *LicensePolicyConfig) GetFilteredFamilyNameMap(whereFilters []common.WhereFilter) (hashmap *slicemultimap.MultiMap, err error)

func (*LicensePolicyConfig) GetLicenseIdMap added in v0.14.0 

func (config *LicensePolicyConfig) GetLicenseIdMap() (hashmap *slicemultimap.MultiMap, err error)

func (*LicensePolicyConfig) LoadHashPolicyConfigurationFile added in v0.14.0 

func (config *LicensePolicyConfig) LoadHashPolicyConfigurationFile(policyFile string, defaultPolicyFile string) (err error)

func (*LicensePolicyConfig) Reset added in v0.14.0 

func (config *LicensePolicyConfig) Reset()

type Normalizer added in v0.16.0 

type Normalizer interface {
	Normalize()
}

==================================================================== Normalizer Interface (and helpers) ====================================================================

type StatisticsInfo added in v0.14.0 

type StatisticsInfo struct {
	ComponentStats     *BOMComponentStats
	ServiceStats       *BOMServiceStats
	VulnerabilityStats *BOMVulnerabilityStats
}

type UnsupportedFormatError 

type UnsupportedFormatError struct {
	Type      string
	Message   string
	InputFile string
	Format    string
	Version   string
	Variant   string
	Command   string
	Flags     string
}

Format/schema error types

func NewUnknownFormatError 

func NewUnknownFormatError(f string) *UnsupportedFormatError

func NewUnsupportedFormatError 

func NewUnsupportedFormatError(msg string, f string, fmt string, cmd string, flags string) *UnsupportedFormatError

func NewUnsupportedFormatForCommandError 

func NewUnsupportedFormatForCommandError(f string, fmt string, cmd string, flags string) *UnsupportedFormatError

func (UnsupportedFormatError) Error 

func (err UnsupportedFormatError) Error() string

type UnsupportedSchemaError 

type UnsupportedSchemaError struct {
	UnsupportedFormatError
}

func NewUnsupportedSchemaError 

func NewUnsupportedSchemaError(m string, format string, version string, variant string) *UnsupportedSchemaError

func (UnsupportedSchemaError) Error 

func (err UnsupportedSchemaError) Error() string

type VulnerabilityInfo added in v0.14.0 

type VulnerabilityInfo struct {
	Id                    string                 `json:"id"`
	BOMRef                string                 `json:"bom-ref"`
	CvssSeverity          []string               `json:"cvss-severity"`
	Created               string                 `json:"created"`
	Published             string                 `json:"published"`
	Updated               string                 `json:"updated"`
	Rejected              string                 `json:"rejected"`
	Description           string                 `json:"description"`
	SourceUrl             string                 `json:"source-url"`
	SourceName            string                 `json:"source-name"`
	AnalysisState         string                 `json:"analysis-state"`
	AnalysisJustification string                 `json:"analysis-justification"`
	AnalysisResponse      []string               `json:"analysis-response"`
	CweIds                []string               `json:"cwe-ids"`
	Source                CDXVulnerabilitySource `json:"source"`
	Vulnerability         CDXVulnerability
}

This data consolidates nested information into a flattened version more suitable for report listings

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.