Documentation
¶
Overview ¶
Package cyclonedx is responsible for generating a CycloneDX XML report for the given container image or file system.
Defines a Presenter interface for displaying catalog results to an io.Writer as well as a helper utility to obtain a specific Presenter implementation given user configuration.
Index ¶
- Variables
- func Presenter(option PresenterOption, config PresenterConfig) presenter.Presenter
- type CycloneDxBdComponent
- type CycloneDxBdTool
- type CycloneDxBomDescriptor
- type CycloneDxComponent
- type CycloneDxDocument
- type CycloneDxLicense
- type CycloneDxPresenter
- type JSONDescriptor
- type JSONDistribution
- type JSONDocument
- type JSONImageSource
- type JSONPackage
- type JSONPresenter
- type JSONRelationship
- type JSONSchema
- type JSONSource
- type PresenterConfig
- type PresenterOption
- type TablePresenter
- type TextPresenter
Constants ¶
This section is empty.
Variables ¶
var AllPresenters = []PresenterOption{ JSONPresenterOption, TextPresenterOption, TablePresenterOption, CycloneDxPresenterOption, }
Functions ¶
func Presenter ¶
func Presenter(option PresenterOption, config PresenterConfig) presenter.Presenter
Presenter returns a presenter for images or directories
Types ¶
type CycloneDxBdComponent ¶
type CycloneDxBdComponent struct {
XMLName xml.Name `xml:"component"`
CycloneDxComponent
}
CycloneDxBdComponent represents the software/package being cataloged.
type CycloneDxBdTool ¶
type CycloneDxBdTool struct {
XMLName xml.Name `xml:"tool"`
Vendor string `xml:"vendor,omitempty"` // The vendor of the tool used to create the BOM.
Name string `xml:"name,omitempty"` // The name of the tool used to create the BOM.
Version string `xml:"version,omitempty"` // The version of the tool used to create the BOM.
}
CycloneDxBdTool represents the tool that created the BOM report.
type CycloneDxBomDescriptor ¶
type CycloneDxBomDescriptor struct {
XMLName xml.Name `xml:"metadata"`
Timestamp string `xml:"timestamp,omitempty"` // The date and time (timestamp) when the document was created
Tools []CycloneDxBdTool `xml:"tools>tool"` // The tool used to create the BOM.
Component *CycloneDxBdComponent `xml:"component"` // The component that the BOM describes.
}
CycloneDxBomDescriptor represents all metadata surrounding the BOM report (such as when the BOM was made, with which tool, and the item being cataloged).
func NewCycloneDxBomDescriptor ¶
func NewCycloneDxBomDescriptor(name, version string, srcMetadata source.Metadata) *CycloneDxBomDescriptor
NewCycloneDxBomDescriptor returns a new CycloneDxBomDescriptor tailored for the current time and "syft" tool details.
type CycloneDxComponent ¶
type CycloneDxComponent struct {
XMLName xml.Name `xml:"component"`
Type string `xml:"type,attr"` // Required; Describes if the component is a library, framework, application, container, operating system, firmware, hardware device, or file
Supplier string `xml:"supplier,omitempty"` // The organization that supplied the component. The supplier may often be the manufacture, but may also be a distributor or repackager.
Author string `xml:"author,omitempty"` // The person(s) or organization(s) that authored the component
Publisher string `xml:"publisher,omitempty"` // The person(s) or organization(s) that published the component
Group string `xml:"group,omitempty"` // The high-level classification that a project self-describes as. This will often be a shortened, single name of the company or project that produced the component, or the source package or domain name.
Name string `xml:"name"` // Required; The name of the component as defined by the project
Version string `xml:"version"` // Required; The version of the component as defined by the project
Description string `xml:"description,omitempty"` // A description of the component
Licenses *[]CycloneDxLicense `xml:"licenses>license"` // A node describing zero or more license names, SPDX license IDs or expressions
PackageURL string `xml:"purl,omitempty"` // Specifies the package-url (PackageURL). The purl, if specified, must be valid and conform to the specification defined at: https://github.com/package-url/purl-spec
}
CycloneDxComponent represents a single element in the CycloneDX BOM
type CycloneDxDocument ¶
type CycloneDxDocument struct {
XMLName xml.Name `xml:"bom"`
XMLNs string `xml:"xmlns,attr"`
Version int `xml:"version,attr"`
SerialNumber string `xml:"serialNumber,attr"`
BomDescriptor *CycloneDxBomDescriptor `xml:"metadata"` // The BOM descriptor extension
Components []CycloneDxComponent `xml:"components>component"` // The BOM contents
}
CycloneDxDocument represents a CycloneDX BOM CycloneDxDocument.
func NewCycloneDxDocument ¶
func NewCycloneDxDocument(catalog *pkg.Catalog, srcMetadata source.Metadata) CycloneDxDocument
NewCycloneDxDocument returns a CycloneDX CycloneDxDocument object populated with the catalog contents.
type CycloneDxLicense ¶
type CycloneDxLicense struct {
XMLName xml.Name `xml:"license"`
ID string `xml:"id,omitempty"` // A valid SPDX license ID
Name string `xml:"name,omitempty"` // If SPDX does not define the license used, this field may be used to provide the license name
}
CycloneDxLicense represents a single software license for a CycloneDxComponent
type CycloneDxPresenter ¶
type CycloneDxPresenter struct {
// contains filtered or unexported fields
}
CycloneDxPresenter writes a CycloneDX report from the given Catalog and Locations contents
func NewCycloneDxPresenter ¶
func NewCycloneDxPresenter(catalog *pkg.Catalog, srcMetadata source.Metadata) *CycloneDxPresenter
NewCycloneDxPresenter creates a CycloneDX presenter from the given Catalog and Locations objects.
type JSONDescriptor ¶
type JSONDescriptor struct {
Name string `json:"name"`
Version string `json:"version"`
Configuration interface{} `json:"configuration,omitempty"`
}
JSONDescriptor describes what created the document as well as surrounding metadata
type JSONDistribution ¶
type JSONDistribution struct {
Name string `json:"name"` // Name of the Linux distribution
Version string `json:"version"` // Version of the Linux distribution (major or major.minor version)
IDLike string `json:"idLike"` // the ID_LIKE field found within the /etc/os-release file
}
JSONDistribution provides information about a detected Linux JSONDistribution.
func NewJSONDistribution ¶
func NewJSONDistribution(d *distro.Distro) JSONDistribution
NewJSONDistribution creates a struct with the Linux distribution to be represented in JSON.
type JSONDocument ¶
type JSONDocument struct {
Artifacts []JSONPackage `json:"artifacts"` // Artifacts is the list of packages discovered and placed into the catalog
ArtifactRelationships []JSONRelationship `json:"artifactRelationships"`
Source JSONSource `json:"source"` // Source represents the original object that was cataloged
Distro JSONDistribution `json:"distro"` // Distro represents the Linux distribution that was detected from the source
Descriptor JSONDescriptor `json:"descriptor"` // Descriptor is a block containing self-describing information about syft
Schema JSONSchema `json:"schema"` // Schema is a block reserved for defining the version for the shape of this JSON document and where to find the schema document to validate the shape
}
JSONDocument represents the syft cataloging findings as a JSON document
type JSONImageSource ¶
type JSONImageSource struct {
source.ImageMetadata
Scope source.Scope `json:"scope"`
}
type JSONPackage ¶
type JSONPackage struct {
ID string `json:"id"`
Name string `json:"name"`
Version string `json:"version"`
Type string `json:"type"`
FoundBy string `json:"foundBy"`
Locations []source.Location `json:"locations"`
Licenses []string `json:"licenses"`
Language string `json:"language"`
CPEs []string `json:"cpes"`
PURL string `json:"purl"`
MetadataType string `json:"metadataType"`
Metadata interface{} `json:"metadata"`
}
JSONPackage represents a pkg.Package object specialized for JSON marshaling and unmarshaling.
func NewJSONPackage ¶
func NewJSONPackage(p *pkg.Package) (JSONPackage, error)
NewJSONPackage crates a new JSONPackage from the given pkg.Package.
func NewJSONPackages ¶
func NewJSONPackages(catalog *pkg.Catalog) ([]JSONPackage, error)
type JSONPresenter ¶
type JSONPresenter struct {
// contains filtered or unexported fields
}
JSONPresenter is a JSON presentation object for the syft results
type JSONRelationship ¶
type JSONSchema ¶
type JSONSource ¶
type JSONSource struct {
Type string `json:"type"`
Target interface{} `json:"target"`
}
JSONSource object represents the thing that was cataloged
func NewJSONSource ¶
NewJSONSource creates a new source object to be represented into JSON.
type PresenterConfig ¶
type PresenterOption ¶
type PresenterOption string
const ( UnknownPresenterOption PresenterOption = "UnknownPresenterOption" JSONPresenterOption PresenterOption = "json" TextPresenterOption PresenterOption = "text" TablePresenterOption PresenterOption = "table" CycloneDxPresenterOption PresenterOption = "cyclonedx" )
func ParsePresenterOption ¶
func ParsePresenterOption(userStr string) PresenterOption
type TablePresenter ¶
type TablePresenter struct {
// contains filtered or unexported fields
}
func NewTablePresenter ¶
func NewTablePresenter(catalog *pkg.Catalog) *TablePresenter
type TextPresenter ¶
type TextPresenter struct {
// contains filtered or unexported fields
}
TextPresenter is a human-friendly text presenter to represent package and source data.
func NewTextPresenter ¶
func NewTextPresenter(catalog *pkg.Catalog, srcMetadata source.Metadata) *TextPresenter
NewTextPresenter creates a new presenter for the given set of catalog and image data.
Source Files