schema

package
v0.12.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jun 29, 2023 License: Apache-2.0 Imports: 9 Imported by: 0

README

Supported schema formats

Formats MUST be in JSON schema format.

The following schema formats are supported:

Format Name Format Key Format ID Schema repository
SPDX SPDXID SPDXRef-DOCUMENT https://github.com/spdx/spdx-spec
CycloneDX bomFormat CycloneDx https://github.com/CycloneDX/specification

Documentation

Index

Constants

View Source 
const (
	ID_SPDX      = "SPDXRef-DOCUMENT"
	ID_CYCLONEDX = "CycloneDX"
)

Format ID (key component) UNUSED, TODO Use these values to verify remotely loaded schema files

View Source 
const (
	// SPDX
	PROPKEY_ID_SPDX      = "SPDXID"
	PROPKEY_VERSION_SPDX = "spdxVersion"
	// CycloneDX
	PROPKEY_ID_CYCLONEDX      = "bomFormat"
	PROPKEY_VERSION_CYCLONEDX = "specVersion"
)

Document property keys JSON document property keys to lookup values in their respective SBOM formats UNUSED, TODO Use these values to verify remotely loaded schema files

View Source 
const (
	KEY_METADATA   = "metadata"
	KEY_COMPONENTS = "components"
	KEY_LICENSES   = "licenses"
)
View Source 
const (
	SCHEMA_FORMAT_SPDX      = "SPDX"
	SCHEMA_FORMAT_CYCLONEDX = "CycloneDX"
)
View Source 
const (
	ERR_TYPE_UNSUPPORTED_FORMAT = "format not supported"
	ERR_TYPE_UNSUPPORTED_SCHEMA = "schema not supported"
	//MSG_CONFIG_SCHEMA_FORMAT_NOT_FOUND  = "schema format not found in configuration."
	MSG_FORMAT_UNSUPPORTED_UNKNOWN      = "unknown format"
	MSG_FORMAT_UNSUPPORTED_COMMAND      = "for command and/or flags"
	MSG_CONFIG_SCHEMA_VERSION_NOT_FOUND = "schema version not found in configuration"
	MSG_CONFIG_SCHEMA_VARIANT_NOT_FOUND = "schema variant not found in configuration"
)
View Source 
const (
	SCHEMA_VARIANT_LATEST = "(latest)"
)

Variables

View Source 
var EMPTY_CDXLicense = CDXLicense{}

For convenience, we provide named vars. for testing for zero-length (empty) structs

View Source 
var ENCODED_EMPTY_SLICE_OF_STRUCT = []byte("[{}]")
View Source 
var ENCODED_EMPTY_STRUCT = []byte("{}")
View Source 
var (
	ProjectLogger *log.MiniLogger
)

Functions

func CalcLineAndCharacterPos 

func CalcLineAndCharacterPos(data []byte, offset int64) (lineNum int, charNum int)

func DisplayJSONErrorDetails 

func DisplayJSONErrorDetails(data []byte, err error)

func FormatSchemaVariant 

func FormatSchemaVariant(variant string) (formattedVariant string)

func LoadCustomValidationConfig 

func LoadCustomValidationConfig(filename string) (err error)

func LoadSchemaConfig 

func LoadSchemaConfig(filename string) (err error)

TODO: Add error messages as constants (for future i18n) TODO: Support remote schema retrieval as an optional program flag However, we want to default to local for performance where possible as well as plan for local, secure bundling of schema with this utility in CI build systems (towards improved security, isolated builds) NOTE: we have also found that standards orgs. freely move their schema files within SCM systems thereby being a cause for remote retrieval failures.

Types

type CDXAdvisory 

type CDXAdvisory struct {
	Title string `json:"title,omitempty"`
	Url   string `json:"url,omitempty"`
}

v1.4: created "releaseNotes" defn. Note: "url" is of type "iri-reference"

type CDXAffect 

type CDXAffect struct {
	Versions []CDXVersionRange `json:"versions,omitempty"` // anon. type
}

v1.4: created "analysis" def. to represent an in-line, anon. type Note: This anon. "type" ONLY includes a single array of another in-line type TODO: create top-level defn. for "affect" anon. type

func (*CDXAffect) MarshalJSON added in v0.11.0 

func (value *CDXAffect) MarshalJSON() ([]byte, error)

type CDXAnalysis 

type CDXAnalysis struct {
	State         string   `json:"state,omitempty"`
	Justification string   `json:"justification,omitempty"`
	Response      []string `json:"response,omitempty"` // anon. type
	Detail        string   `json:"detail,omitempty"`
}

v1.4: created "analysis" def. to represent an in-line, anon. type defined in the "vulnerability" object defn. Note: "state" is an "impactAnalysisState" type which is a constrained enum. of type `string` Note: "justification" is an "impactAnalysisJustification" type which is a constrained enum. of type `string` TODO: create top-level defn. for "analysis" anon. type TODO: "response" is also "in-lined" as a constrained enum. of `string`, but SHOULD be declared at top-level

type CDXAttachment 

type CDXAttachment struct {
	ContentType string `json:"contentType,omitempty"`
	Encoding    string `json:"encoding,omitempty"`
	Content     string `json:"content,omitempty"`
}

v1.2: existed

func (*CDXAttachment) MarshalJSON added in v0.11.0 

func (value *CDXAttachment) MarshalJSON() ([]byte, error)

recreate a representation of the struct, but only include values in map that are not empty

type CDXBom 

type CDXBom struct {
	BomFormat          string                 `json:"bomFormat,omitempty"`
	SpecVersion        string                 `json:"specVersion,omitempty"`
	SerialNumber       string                 `json:"serialNumber,omitempty"`
	Version            int                    `json:"version,omitempty"`
	Metadata           *CDXMetadata           `json:"metadata,omitempty"`
	Components         []CDXComponent         `json:"components,omitempty"`
	Services           []CDXService           `json:"services,omitempty"`
	Dependencies       []CDXDependency        `json:"dependencies,omitempty"`
	ExternalReferences []CDXExternalReference `json:"externalReferences,omitempty"`
	// v1.3 added "compositions"
	Compositions []CDXCompositions `json:"compositions,omitempty" cdx:"v1.3"`
	// v1.4 added "vulnerabilities", "signature"
	Vulnerabilities []CDXVulnerability `json:"vulnerabilities,omitempty" cdx:"v1.4"`
}

NOTE: During parsing, any fields not explicitly included in the structure will still be added as generic "interface{}" types

func UnMarshalDocument 

func UnMarshalDocument(data interface{}) (*CDXBom, error)

type CDXCommit 

type CDXCommit struct {
	Uid       string                `json:"uid,omitempty"`
	Url       string                `json:"url,omitempty"`
	Message   string                `json:"message,omitempty"`
	Author    CDXIdentifiableAction `json:"author,omitempty"`
	Committer CDXIdentifiableAction `json:"committer,omitempty"`
}

v1.2: existed TODO: GitHub PRs MAY have more than 1 commit (committer); CDX needs to account for this

type CDXComponent 

type CDXComponent struct {
	Primary            bool                    `json:"-"` // Proprietary: do NOT marshal/unmarshal
	Purl               string                  `json:"purl,omitempty"`
	BomRef             string                  `json:"bom-ref,omitempty"`
	Type               string                  `json:"type,omitempty"`
	MimeType           string                  `json:"mime-type,omitempty"`
	Name               string                  `json:"name,omitempty"`
	Version            string                  `json:"version,omitempty"`
	Description        string                  `json:"description,omitempty"`
	Copyright          string                  `json:"copyright,omitempty"`
	Publisher          string                  `json:"publisher,omitempty"`
	Group              string                  `json:"group,omitempty"`
	Scope              string                  `json:"scope,omitempty"`
	Manufacturer       CDXOrganizationalEntity `json:"manufacturer,omitempty"`
	Supplier           CDXOrganizationalEntity `json:"supplier,omitempty"`
	Licenses           []CDXLicenseChoice      `json:"licenses,omitempty"`
	Hashes             []CDXHash               `json:"hashes,omitempty"`
	Author             string                  `json:"author,omitempty"`
	ExternalReferences []CDXExternalReference  `json:"externalReferences,omitempty"`
	Components         []CDXComponent          `json:"components,omitempty"`
	Pedigree           CDXPedigree             `json:"pedigree,omitempty"`     // anon. type
	Evidence           CDXComponentEvidence    `json:"evidence,omitempty"`     // v1.3: added
	Properties         []CDXProperty           `json:"properties,omitempty"`   // v1.3: added
	Modified           bool                    `json:"modified,omitempty"`     // v1.4: deprecated
	Cpe                string                  `json:"cpe,omitempty"`          // v1.4: deprecated
	Swid               CDXSwid                 `json:"swid,omitempty"`         // v1.4: deprecated
	ReleaseNotes       []CDXReleaseNotes       `json:"releaseNotes,omitempty"` // v1.4: added

}

v1.2: existed v1.3: added: "evidence", "properties" v1.4: added: "releaseNotes", "signature" v1.4: changed: "version" no longer required v1.4: deprecated: "modified", "cpe", "swid" Note: "bom-ref" is a "refType" which is a constrained `string` TODO: "mime-type" SHOULD become "media-type" which is more modern/inclusive TODO: Remove "service" from "Type" enum. as "service" now exists (deprecate in future versions)

func UnMarshalComponent 

func UnMarshalComponent(data interface{}) (CDXComponent, error)

func UnMarshalComponents 

func UnMarshalComponents(data interface{}) ([]CDXComponent, error)

type CDXComponentEvidence 

type CDXComponentEvidence struct {
	Licenses  []CDXLicense   `json:"licenses,omitempty"`
	Copyright []CDXCopyright `json:"copyright,omitempty"`
}

v1.3: created "componentEvidence" defn.

type CDXCompositions 

type CDXCompositions struct {
	Aggregate    string       `json:"aggregate,omitempty"`
	Assemblies   []string     `json:"assemblies,omitempty"`
	Dependencies []string     `json:"dependencies,omitempty"`
	Signature    CDXSignature `json:"signature,omitempty"` // v1.4: added
}

v1.3: created "compositions" defn. v1.4: added "signature" Note: "aggregate" is type `aggregateType` which is a constrained string TODO: Should not be plural

type CDXCopyright 

type CDXCopyright struct {
	Text string `json:"text,omitempty"`
}

v1.3: created "copyright" defn.

type CDXCredit 

type CDXCredit struct {
	Organizations []CDXOrganizationalEntity  `json:"organizations,omitempty"`
	Individuals   []CDXOrganizationalContact `json:"individuals,omitempty"`
}

v1.4: created "credit" defn. to represent the in-line, anon. type found in the "vulnerability" type defn. TODO: create top-level defn. for "credit" anon. type

func (*CDXCredit) MarshalJSON added in v0.11.0 

func (value *CDXCredit) MarshalJSON() ([]byte, error)

type CDXDataClassification 

type CDXDataClassification struct {
	Flow           string `json:"flow,omitempty"`
	Classification string `json:"classification,omitempty"`
}

v1.2: existed Note: "flow" is of type "dataFlow" which is a constrained `string` type

type CDXDependency 

type CDXDependency struct {
	Ref       string   `json:"ref,omitempty"`
	DependsOn []string `json:"dependsOn,omitempty"`
}

v1.2: existed v1.4: "ref" and "dependsOn" became type "refType" which is a constrained `string`

type CDXDiff 

type CDXDiff struct {
	Text CDXAttachment `json:"text,omitempty"`
	Url  string        `json:"url,omitempty"` // v1.3: type changed to "iri-reference"
}

v1.2: existed v1.3 "url" type changed from `string` (with constraints) to an "iri-reference"

type CDXExternalReference 

type CDXExternalReference struct {
	Url     string    `json:"url,omitempty"`
	Comment string    `json:"comment,omitempty"`
	Type    string    `json:"type,omitempty"`
	Hashes  []CDXHash `json:"hashes,omitempty"` // v1.3: added
}

v1.2: existed v1.3: added "hashes" v1.4: `Type` field: added value "release-notes" to enum.

type CDXHash 

type CDXHash struct {
	Alg     string `json:"alg,omitempty"`
	Content string `json:"content,omitempty"`
}

v1.2: existed Note: "alg" is of type "hash-alg" which is a constrained `string` type Note: "content" is of type "hash-content" which is a constrained `string` type

type CDXIdentifiableAction 

type CDXIdentifiableAction struct {
	Timestamp string `json:"timestamp,omitempty"`
	Name      string `json:"name,omitempty"`
	Email     string `json:"email,omitempty"`
}

v1.2: existed TODO: We should suggest this be "deprecated" and instead add "timestamp" and other fields to OrganizationalContact (or similar) TODO: should have "signage" information (e.g., evidence, public key)

type CDXIssue 

type CDXIssue struct {
	Type        string    `json:"type,omitempty"`
	Id          string    `json:"id,omitempty"`
	Name        string    `json:"name,omitempty"`
	Description string    `json:"description,omitempty"`
	Source      CDXSource `json:"source,omitempty"`
	References  []string  `json:"references,omitempty"` // v1.3: added missing `string` type
}

v1.2: existed Note: v1.2 Bug: there appears to be a bug in the 1.2 spec. where the type for "references" is declared an array of "no type" (it likely should be `string`) Not sure how a parser will treat this... perhaps as an `interface{}`? v1.3: fixed to be []string

type CDXLicense 

type CDXLicense struct {
	Id   string        `json:"id,omitempty"`
	Name string        `json:"name,omitempty"`
	Text CDXAttachment `json:"text,omitempty"`
	Url  string        `json:"url,omitempty"`
}

v1.2: was an anon. type v1.3: created Note: "oneOf": ["id", "name"] is required

func (*CDXLicense) MarshalJSON added in v0.11.0 

func (value *CDXLicense) MarshalJSON() (bytes []byte, err error)

recreate a representation of the struct, but only include values in map that are not empty

type CDXLicenseChoice 

type CDXLicenseChoice struct {
	License    CDXLicense `json:"license,omitempty"`
	Expression string     `json:"expression,omitempty"`
}

v1.2: was an anon. type v1.3: created Note: "oneOf": ["license", "expression"] is required

func UnMarshalLicenseChoice 

func UnMarshalLicenseChoice(data interface{}) (CDXLicenseChoice, error)

func (*CDXLicenseChoice) MarshalJSON added in v0.11.0 

func (value *CDXLicenseChoice) MarshalJSON() (marshalled []byte, err error)

func (*CDXLicenseChoice) MarshalJSON1 added in v0.11.0 

func (value *CDXLicenseChoice) MarshalJSON1() (bytes []byte, err error)

-------------------------- CDXLicenseChoice structs --------------------------

type CDXMetadata 

type CDXMetadata struct {
	Timestamp    string                     `json:"timestamp,omitempty"`
	Tools        []CDXTool                  `json:"tools,omitempty"`
	Authors      []CDXOrganizationalContact `json:"authors,omitempty"`
	Component    CDXComponent               `json:"component,omitempty"`
	Manufacturer CDXOrganizationalEntity    `json:"manufacturer,omitempty"`
	Supplier     CDXOrganizationalEntity    `json:"supplier,omitempty"`
	Hashes       []CDXHash                  `json:"hashes,omitempty"`
	// v1.3: added "licenses", "properties"
	Licenses   []CDXLicenseChoice `json:"licenses,omitempty"`
	Properties []CDXProperty      `json:"properties,omitempty"`
}

v1.2: existed

func UnMarshalMetadata 

func UnMarshalMetadata(data interface{}) (CDXMetadata, error)

type CDXNote 

type CDXNote struct {
	Locale string        `json:"locale,omitempty"`
	Text   CDXAttachment `json:"attachment,omitempty"`
}

v1.4: created "note" defn. Note: "locale" is of type "localeType" which is a constrained `string`

type CDXOrganizationalContact 

type CDXOrganizationalContact struct {
	Name  string `json:"name,omitempty"`
	Email string `json:"email,omitempty"`
	Phone string `json:"phone,omitempty"`
}

v1.2: existed

type CDXOrganizationalEntity 

type CDXOrganizationalEntity struct {
	Name    string                     `json:"name,omitempty"`
	Url     []string                   `json:"url,omitempty"`
	Contact []CDXOrganizationalContact `json:"contact,omitempty"`
}

v1.2: existed

type CDXPatch 

type CDXPatch struct {
	Type     string     `json:"type,omitempty"`
	Diff     CDXDiff    `json:"diff,omitempty"`
	Resolves []CDXIssue `json:"resolves,omitempty"`
}

v1.2: existed

type CDXPedigree 

type CDXPedigree struct {
	Ancestors   []CDXComponent `json:"ancestors,omitempty"`
	Descendants []CDXComponent `json:"descendants,omitempty"`
	Variants    []CDXComponent `json:"variants,omitempty"`
	Commits     []CDXCommit    `json:"commits,omitempty"`
	Patches     []CDXPatch     `json:"patches,omitempty"`
	Notes       string         `json:"notes,omitempty"`
}

v1.2: existed as an anon. type in the "component" type defn. The "Notes" (plural) should likely be multiple strings or text annotations TODO: create top-level defn. for "pedigree" anon. type

type CDXProperty 

type CDXProperty struct {
	Name  string `json:"name,omitempty"`
	Value string `json:"value,omitempty"`
}

v1.3: created "property" defn.

func UnMarshalProperties 

func UnMarshalProperties(data interface{}) (properties []CDXProperty, err error)

func UnMarshalProperty 

func UnMarshalProperty(data interface{}) (property CDXProperty, err error)

func (*CDXProperty) Equals 

func (property *CDXProperty) Equals(testProperty CDXProperty) bool

type CDXRating 

type CDXRating struct {
	Source        CDXVulnerabilitySource `json:"source,omitempty"`
	Score         float64                `json:"score,omitempty"`
	Severity      string                 `json:"severity,omitempty"`
	Method        string                 `json:"method,omitempty"`
	Vector        string                 `json:"vector,omitempty"`
	Justification string                 `json:"justification,omitempty"`
}

v1.4: created "rating" defn. Note: "score" is of type "number" which should map to `float64` Note: "severity" is of type "severity" which is a constrained `string` Note: "method" is of type "scoreMethod" which is a constrained `string`

type CDXReference added in v0.11.0 

type CDXReference struct {
	Id     string                 `json:"id,omitempty"`
	Source CDXVulnerabilitySource `json:"source,omitempty"`
}

v1.4 This is an anonymous type used in CDXVulnerability

func (*CDXReference) MarshalJSON added in v0.11.0 

func (value *CDXReference) MarshalJSON() ([]byte, error)

type CDXReleaseNotes 

type CDXReleaseNotes struct {
	Type          string        `json:"type,omitempty"`
	Title         string        `json:"title,omitempty"`
	FeaturedImage string        `json:"featuredImage,omitempty"`
	SocialImage   string        `json:"socialImage,omitempty"`
	Description   string        `json:"description,omitempty"`
	Timestamp     string        `json:"timestamp,omitempty"`
	Aliases       []string      `json:"aliases,omitempty"`
	Tags          []string      `json:"tags,omitempty"`
	Resolves      []CDXIssue    `json:"resolves,omitempty"`
	Notes         []CDXNote     `json:"notes,omitempty"`
	Properties    []CDXProperty `json:"properties,omitempty"`
}

v1.4: created "releaseNotes" defn. TODO: should be singular "releaseNote"

type CDXService 

type CDXService struct {
	BomRef             string                  `json:"bom-ref,omitempty"`
	Provider           CDXOrganizationalEntity `json:"provider,omitempty"`
	Group              string                  `json:"group,omitempty"`
	Name               string                  `json:"name,omitempty"`
	Version            string                  `json:"version,omitempty"`
	Description        string                  `json:"description,omitempty"`
	Endpoints          []string                `json:"endpoints,omitempty"`
	Authenticated      bool                    `json:"authenticated,omitempty"`
	XTrustBoundary     bool                    `json:"x-trust-boundary,omitempty"`
	Data               []CDXDataClassification `json:"data,omitempty"`
	Licenses           []CDXLicenseChoice      `json:"licenses,omitempty"`
	ExternalReferences []CDXExternalReference  `json:"externalReferences,omitempty"`
	Services           []CDXService            `json:"services,omitempty"`
	Properties         []CDXProperty           `json:"properties,omitempty"`   // v1.3: added
	ReleaseNotes       []CDXReleaseNotes       `json:"releaseNotes,omitempty"` // v1.4: added
	Signature          CDXSignature            `json:"signature,omitempty"`    // v1.4: added
}

v1.2: existed v1.3: added: "properties" v1.4: added: "releaseNotes", "signature" ----- TODO: a service is not all auth or not auth.; that is, we have mult. endpoints but only 1 boolean for "authenticated" (open spec. issue) TODO: Not sure the intent of having "nested" (hierarchical) services? TODO: Should support OpenAPI specification (documents) as canonical descriptors TODO: v1.2 "licenses" used to be an anon. type until v1.3 intro. the `LicenseChoice` def. validate a v1.2 SBOM wit the anon. type parses properly

type CDXSignature 

type CDXSignature struct {
	KeyType string `json:"keyType,omitempty"`
}

TODO: implement JSF schema https://github.com/CycloneDX/specification/blob/master/schema/jsf-0.82.schema.json

type CDXSource 

type CDXSource struct {
	Name string `json:"name,omitempty"`
	Url  string `json:"url,omitempty"`
}

v1.2: existed as anon. type Note: this is an anonymous type defined within "issue" defn. (i.e., "CDXIssue")

type CDXSwid 

type CDXSwid struct {
	TagId      string        `json:"tagId,omitempty"`
	Name       string        `json:"name,omitempty"`
	Version    string        `json:"version,omitempty"`
	TagVersion int           `json:"tagVersion,omitempty"`
	Patch      bool          `json:"patch,omitempty"`
	Text       CDXAttachment `json:"attachment,omitempty"`
	Url        string        `json:"url,omitempty"`
}

v1.2: existed v1.4: deprecated

type CDXTool 

type CDXTool struct {
	Vendor             string                 `json:"vendor,omitempty"`
	Name               string                 `json:"name,omitempty"`
	Version            string                 `json:"version,omitempty"`
	Hashes             []CDXHash              `json:"hashes,omitempty"`
	ExternalReferences []CDXExternalReference `json:"externalReferences,omitempty"` // v1.4: added
}

v1.2: existed v1.4: added "externalReferences"

type CDXVersionRange 

type CDXVersionRange struct {
	Version string `json:"version,omitempty"`
	Range   string `json:"range,omitempty"`
	Status  string `json:"status,omitempty"`
}

v1.4: created "version" def. to represent an in-line, anon. type Note "version" is a top-level defn. that is a constrained `string` type Note "affectedStatus" is a top-level defn. that is an enum. of `string` type Note: Both "version" constrains strings to a min/mac (1, 1024) length this concept SHOULD APPLY to all free-form text entries (e.g., descriptive text) TODO: create top-level defn. for "versions" (a.k.a. "versionRange") anon. type (name TBD)

type CDXVulnerability 

type CDXVulnerability struct {
	BomRef         string                 `json:"bom-ref,omitempty"`
	Id             string                 `json:"id,omitempty"`
	Source         CDXVulnerabilitySource `json:"source,omitempty"`
	References     []CDXReference         `json:"references"` // an anon. type
	Ratings        []CDXRating            `json:"ratings,omitempty"`
	Cwes           []int                  `json:"cwes,omitempty"`
	Description    string                 `json:"description,omitempty"`
	Detail         string                 `json:"detail,omitempty"`
	Recommendation string                 `json:"recommendation,omitempty"`
	Advisories     []CDXAdvisory          `json:"advisories,omitempty"`
	Created        string                 `json:"created,omitempty"`
	Published      string                 `json:"published,omitempty"`
	Updated        string                 `json:"updated,omitempty"`
	Credits        CDXCredit              `json:"credits,omitempty"` // anon. type
	Tools          []CDXTool              `json:"tools,omitempty"`
	Analysis       CDXAnalysis            `json:"analysis,omitempty"` // anon. type
	Affects        []CDXAffect            `json:"affects,omitempty"`  // anon. type
	Properties     []CDXProperty          `json:"properties,omitempty"`
	// v1.5 properties follow
	Rejected string `json:"rejected,omitempty"` // v1.5: added
}

v1.4: created "vulnerability" defn. Note: "bom-ref" is a "ref-type" which is a constrained `string` Note: "cwes" is a array of "cwe" which is a constrained `int`

func (*CDXVulnerability) MarshalJSON added in v0.11.0 

func (value *CDXVulnerability) MarshalJSON() ([]byte, error)

recreate a representation of the struct, but only include values in map that are not empty

type CDXVulnerabilitySource 

type CDXVulnerabilitySource struct {
	Url  string `json:"url,omitempty"`
	Name string `json:"name,omitempty"`
}

v1.4: created "vulnerabilitySource" defn. Note: "url" is of type "string" (and not an "iri-reference") TODO: "url" SHOULD be an "iri-reference"

func (*CDXVulnerabilitySource) MarshalJSON added in v0.11.0 

func (value *CDXVulnerabilitySource) MarshalJSON() ([]byte, error)

type CustomValidation 

type CustomValidation struct {
	Metadata CustomValidationMetadata `json:"metadata"`
}

Custom Validation config.

type CustomValidationConfig 

type CustomValidationConfig struct {
	Validation CustomValidation `json:"validation"`
}
var CustomValidationChecks CustomValidationConfig

Globals

func (*CustomValidationConfig) GetCustomValidationConfig 

func (config *CustomValidationConfig) GetCustomValidationConfig() *CustomValidation

TODO: return copies

func (*CustomValidationConfig) GetCustomValidationMetadata 

func (config *CustomValidationConfig) GetCustomValidationMetadata() *CustomValidationMetadata

func (*CustomValidationConfig) GetCustomValidationMetadataProperties 

func (config *CustomValidationConfig) GetCustomValidationMetadataProperties() []CustomValidationProperty

type CustomValidationMetadata 

type CustomValidationMetadata struct {
	Properties []CustomValidationProperty `json:"properties"`
	Tools      []CustomValidationTool     `json:"tools"`
}

type CustomValidationProperty 

type CustomValidationProperty struct {
	CDXProperty
	Description string `json:"_validate_description"`
	Key         string `json:"_validate_key"`
	CheckUnique string `json:"_validate_unique"`
	CheckRegex  string `json:"_validate_regex"`
}

NOTE: Assumes property "key" is the value in the "name" field

type CustomValidationTool 

type CustomValidationTool struct {
	CDXTool
	Description string `json:"_validate_description"`
}

type FormatSchema 

type FormatSchema struct {
	CanonicalName       string                 `json:"canonicalName"`
	PropertyKeyFormat   string                 `json:"propertyKeyFormat"`
	PropertyKeyVersion  string                 `json:"propertyKeyVersion"`
	PropertyValueFormat string                 `json:"propertyValueFormat"`
	Schemas             []FormatSchemaInstance `json:"schemas"`
}

Representation of SBOM format

func (*FormatSchema) IsCycloneDx 

func (format *FormatSchema) IsCycloneDx() bool

func (*FormatSchema) IsSpdx 

func (format *FormatSchema) IsSpdx() bool

type FormatSchemaConfig 

type FormatSchemaConfig struct {
	Formats []FormatSchema `json:"formats"`
}

Configs 

var SupportedFormatConfig FormatSchemaConfig

Globals

type FormatSchemaInstance 

type FormatSchemaInstance struct {
	Name        string `json:"name"`
	Version     string `json:"version"`
	Development string `json:"development"`
	File        string `json:"file"`
	Url         string `json:"url"`
	Default     bool   `json:"default"`
	Variant     string `json:"variant"`
	Format      string `json:"format"` // value set from parent FormatSchema's `CanonicalName`
}

Representation of SBOM schema instance TODO: add support for schema (Hash) key if we end up having lots of entries e.g., key string where key: SchemaKey{ID_CYCLONEDX, VERSION_CYCLONEDX_1_3, false},

type Sbom 

type Sbom struct {
	JsonMap    map[string]interface{}
	FormatInfo FormatSchema
	SchemaInfo FormatSchemaInstance
	CdxBom     *CDXBom
	// contains filtered or unexported fields
}

Candidate SBOM document (context) information TODO: rename to SBOM to jive more with Go conventions; although it may look like a constant unless we expand the name...

func NewSbom 

func NewSbom(inputFile string) *Sbom

func (*Sbom) FindFormatAndSchema 

func (sbom *Sbom) FindFormatAndSchema(sbomFilename string) (err error)

func (*Sbom) GetCdxBom 

func (sbom *Sbom) GetCdxBom() (cdxBom *CDXBom)

func (*Sbom) GetCdxComponents 

func (sbom *Sbom) GetCdxComponents() (components []CDXComponent)

func (*Sbom) GetCdxMetadata 

func (sbom *Sbom) GetCdxMetadata() (metadata *CDXMetadata)

func (*Sbom) GetCdxMetadataComponent 

func (sbom *Sbom) GetCdxMetadataComponent() (component *CDXComponent)

func (*Sbom) GetCdxMetadataLicenses 

func (sbom *Sbom) GetCdxMetadataLicenses() (licenses []CDXLicenseChoice)

func (*Sbom) GetCdxMetadataProperties 

func (sbom *Sbom) GetCdxMetadataProperties() (properties []CDXProperty)

func (*Sbom) GetCdxServices 

func (sbom *Sbom) GetCdxServices() (services []CDXService)

func (*Sbom) GetCdxVulnerabilities added in v0.10.0 

func (sbom *Sbom) GetCdxVulnerabilities() (vulnerabilities []CDXVulnerability)

func (*Sbom) GetFilename 

func (sbom *Sbom) GetFilename() string

func (*Sbom) GetJSONMap 

func (sbom *Sbom) GetJSONMap() map[string]interface{}

func (*Sbom) GetKeyValueAsString 

func (sbom *Sbom) GetKeyValueAsString(key string) (sValue string, err error)

func (*Sbom) GetRawBytes 

func (sbom *Sbom) GetRawBytes() []byte

func (*Sbom) UnmarshalCDXSbom 

func (sbom *Sbom) UnmarshalCDXSbom() (err error)

func (*Sbom) UnmarshalSBOMAsJsonMap 

func (sbom *Sbom) UnmarshalSBOMAsJsonMap() error

type UnsupportedFormatError 

type UnsupportedFormatError struct {
	Type      string
	Message   string
	InputFile string
	Format    string
	Version   string
	Variant   string
	Command   string
	Flags     string
}

Format/schema error types

func NewUnknownFormatError 

func NewUnknownFormatError(f string) *UnsupportedFormatError

func NewUnsupportedFormatError 

func NewUnsupportedFormatError(msg string, f string, fmt string, cmd string, flags string) *UnsupportedFormatError

func NewUnsupportedFormatForCommandError 

func NewUnsupportedFormatForCommandError(f string, fmt string, cmd string, flags string) *UnsupportedFormatError

func (UnsupportedFormatError) Error 

func (err UnsupportedFormatError) Error() string

type UnsupportedSchemaError 

type UnsupportedSchemaError struct {
	UnsupportedFormatError
}

func NewUnsupportedSchemaError 

func NewUnsupportedSchemaError(m string, format string, version string, variant string) *UnsupportedSchemaError

func (UnsupportedSchemaError) Error 

func (err UnsupportedSchemaError) Error() string

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.