Documentation
¶
Overview ¶
Package cyclonedx is responsible for generating a CycloneDX XML report for the given container image or file system.
Index ¶
- type CycloneDxBdComponent
- type CycloneDxBdTool
- type CycloneDxBomDescriptor
- type CycloneDxComponent
- type CycloneDxDocument
- type CycloneDxLicense
- type CycloneDxPresenter
- type JSONDescriptor
- type JSONDistribution
- type JSONDocument
- type JSONImageSource
- type JSONPackage
- type JSONPresenter
- type JSONRelationship
- type JSONSchema
- type JSONSource
- type SPDXJsonPresenter
- type SPDXTagValuePresenter
- type TablePresenter
- type TextPresenter
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type CycloneDxBdComponent ¶
type CycloneDxBdComponent struct {
XMLName xml.Name `xml:"component"`
CycloneDxComponent
}
CycloneDxBdComponent represents the software/package being cataloged.
type CycloneDxBdTool ¶
type CycloneDxBdTool struct {
XMLName xml.Name `xml:"tool"`
Vendor string `xml:"vendor,omitempty"` // The vendor of the tool used to create the BOM.
Name string `xml:"name,omitempty"` // The name of the tool used to create the BOM.
Version string `xml:"version,omitempty"` // The version of the tool used to create the BOM.
}
CycloneDxBdTool represents the tool that created the BOM report.
type CycloneDxBomDescriptor ¶
type CycloneDxBomDescriptor struct {
XMLName xml.Name `xml:"metadata"`
Timestamp string `xml:"timestamp,omitempty"` // The date and time (timestamp) when the document was created
Tools []CycloneDxBdTool `xml:"tools>tool"` // The tool used to create the BOM.
Component *CycloneDxBdComponent `xml:"component"` // The component that the BOM describes.
}
CycloneDxBomDescriptor represents all metadata surrounding the BOM report (such as when the BOM was made, with which tool, and the item being cataloged).
func NewCycloneDxBomDescriptor ¶
func NewCycloneDxBomDescriptor(name, version string, srcMetadata source.Metadata) *CycloneDxBomDescriptor
NewCycloneDxBomDescriptor returns a new CycloneDxBomDescriptor tailored for the current time and "syft" tool details.
type CycloneDxComponent ¶
type CycloneDxComponent struct {
XMLName xml.Name `xml:"component"`
Type string `xml:"type,attr"` // Required; Describes if the component is a library, framework, application, container, operating system, firmware, hardware device, or file
Supplier string `xml:"supplier,omitempty"` // The organization that supplied the component. The supplier may often be the manufacture, but may also be a distributor or repackager.
Author string `xml:"author,omitempty"` // The person(s) or organization(s) that authored the component
Publisher string `xml:"publisher,omitempty"` // The person(s) or organization(s) that published the component
Group string `xml:"group,omitempty"` // The high-level classification that a project self-describes as. This will often be a shortened, single name of the company or project that produced the component, or the source package or domain name.
Name string `xml:"name"` // Required; The name of the component as defined by the project
Version string `xml:"version"` // Required; The version of the component as defined by the project
Description string `xml:"description,omitempty"` // A description of the component
Licenses *[]CycloneDxLicense `xml:"licenses>license"` // A node describing zero or more license names, SPDX license IDs or expressions
PackageURL string `xml:"purl,omitempty"` // Specifies the package-url (PackageURL). The purl, if specified, must be valid and conform to the specification defined at: https://github.com/package-url/purl-spec
}
CycloneDxComponent represents a single element in the CycloneDX BOM
type CycloneDxDocument ¶
type CycloneDxDocument struct {
XMLName xml.Name `xml:"bom"`
XMLNs string `xml:"xmlns,attr"`
Version int `xml:"version,attr"`
SerialNumber string `xml:"serialNumber,attr"`
BomDescriptor *CycloneDxBomDescriptor `xml:"metadata"` // The BOM descriptor extension
Components []CycloneDxComponent `xml:"components>component"` // The BOM contents
}
CycloneDxDocument represents a CycloneDX BOM CycloneDxDocument.
func NewCycloneDxDocument ¶
func NewCycloneDxDocument(catalog *pkg.Catalog, srcMetadata source.Metadata) CycloneDxDocument
NewCycloneDxDocument returns a CycloneDX CycloneDxDocument object populated with the catalog contents.
type CycloneDxLicense ¶
type CycloneDxLicense struct {
XMLName xml.Name `xml:"license"`
ID string `xml:"id,omitempty"` // A valid SPDX license ID
Name string `xml:"name,omitempty"` // If SPDX does not define the license used, this field may be used to provide the license name
}
CycloneDxLicense represents a single software license for a CycloneDxComponent
type CycloneDxPresenter ¶
type CycloneDxPresenter struct {
// contains filtered or unexported fields
}
CycloneDxPresenter writes a CycloneDX report from the given Catalog and Locations contents
func NewCycloneDxPresenter ¶
func NewCycloneDxPresenter(catalog *pkg.Catalog, srcMetadata source.Metadata) *CycloneDxPresenter
NewCycloneDxPresenter creates a CycloneDX presenter from the given Catalog and Locations objects.
type JSONDescriptor ¶
type JSONDescriptor struct {
Name string `json:"name"`
Version string `json:"version"`
Configuration interface{} `json:"configuration,omitempty"`
}
JSONDescriptor describes what created the document as well as surrounding metadata
type JSONDistribution ¶
type JSONDistribution struct {
Name string `json:"name"` // Name of the Linux distribution
Version string `json:"version"` // Version of the Linux distribution (major or major.minor version)
IDLike string `json:"idLike"` // the ID_LIKE field found within the /etc/os-release file
}
JSONDistribution provides information about a detected Linux JSONDistribution.
func NewJSONDistribution ¶
func NewJSONDistribution(d *distro.Distro) JSONDistribution
NewJSONDistribution creates a struct with the Linux distribution to be represented in JSON.
type JSONDocument ¶
type JSONDocument struct {
Artifacts []JSONPackage `json:"artifacts"` // Artifacts is the list of packages discovered and placed into the catalog
ArtifactRelationships []JSONRelationship `json:"artifactRelationships"`
Source JSONSource `json:"source"` // Source represents the original object that was cataloged
Distro JSONDistribution `json:"distro"` // Distro represents the Linux distribution that was detected from the source
Descriptor JSONDescriptor `json:"descriptor"` // Descriptor is a block containing self-describing information about syft
Schema JSONSchema `json:"schema"` // Schema is a block reserved for defining the version for the shape of this JSON document and where to find the schema document to validate the shape
}
JSONDocument represents the syft cataloging findings as a JSON document
type JSONImageSource ¶
type JSONImageSource struct {
source.ImageMetadata
Scope source.Scope `json:"scope"`
}
type JSONPackage ¶
type JSONPackage struct {
ID string `json:"id"`
Name string `json:"name"`
Version string `json:"version"`
Type string `json:"type"`
FoundBy string `json:"foundBy"`
Locations []source.Location `json:"locations"`
Licenses []string `json:"licenses"`
Language string `json:"language"`
CPEs []string `json:"cpes"`
PURL string `json:"purl"`
MetadataType string `json:"metadataType"`
Metadata interface{} `json:"metadata"`
}
JSONPackage represents a pkg.Package object specialized for JSON marshaling and unmarshaling.
func NewJSONPackage ¶
func NewJSONPackage(p *pkg.Package) (JSONPackage, error)
NewJSONPackage crates a new JSONPackage from the given pkg.Package.
func NewJSONPackages ¶
func NewJSONPackages(catalog *pkg.Catalog) ([]JSONPackage, error)
type JSONPresenter ¶
type JSONPresenter struct {
// contains filtered or unexported fields
}
JSONPresenter is a JSON presentation object for the syft results
type JSONRelationship ¶
type JSONSchema ¶
type JSONSource ¶
type JSONSource struct {
Type string `json:"type"`
Target interface{} `json:"target"`
}
JSONSource object represents the thing that was cataloged
func NewJSONSource ¶
NewJSONSource creates a new source object to be represented into JSON.
type SPDXJsonPresenter ¶ added in v0.18.0
type SPDXJsonPresenter struct {
// contains filtered or unexported fields
}
SPDXJsonPresenter is a SPDX presentation object for the syft results (see https://github.com/spdx/spdx-spec)
func NewSPDXJSONPresenter ¶ added in v0.18.0
func NewSPDXJSONPresenter(catalog *pkg.Catalog, srcMetadata source.Metadata) *SPDXJsonPresenter
NewSPDXJSONPresenter creates a new JSON presenter object for the given cataloging results.
type SPDXTagValuePresenter ¶ added in v0.18.0
type SPDXTagValuePresenter struct {
// contains filtered or unexported fields
}
SPDXTagValuePresenter is a SPDX presentation object for the syft results (see https://github.com/spdx/spdx-spec)
func NewSPDXTagValuePresenter ¶ added in v0.18.0
func NewSPDXTagValuePresenter(catalog *pkg.Catalog, srcMetadata source.Metadata) *SPDXTagValuePresenter
NewJSONPresenter creates a new JSON presenter object for the given cataloging results.
type TablePresenter ¶
type TablePresenter struct {
// contains filtered or unexported fields
}
func NewTablePresenter ¶
func NewTablePresenter(catalog *pkg.Catalog) *TablePresenter
type TextPresenter ¶
type TextPresenter struct {
// contains filtered or unexported fields
}
TextPresenter is a human-friendly text presenter to represent package and source data.
func NewTextPresenter ¶
func NewTextPresenter(catalog *pkg.Catalog, srcMetadata source.Metadata) *TextPresenter
NewTextPresenter creates a new presenter for the given set of catalog and image data.
Source Files
¶
- cyclonedx_bom_descriptor.go
- cyclonedx_component.go
- cyclonedx_document.go
- cyclonedx_presenter.go
- json_distribution.go
- json_document.go
- json_package.go
- json_presenter.go
- json_relationship.go
- json_source.go
- spdx_helpers.go
- spdx_json_presenter.go
- spdx_tag_value_presenter.go
- table_presenter.go
- text_presenter.go
Directories