Documentation
¶
Overview ¶
Package cyclonedx is responsible for generating a CycloneDX XML report for the given container image or file system.
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type CycloneDxBdComponent ¶
type CycloneDxBdComponent struct {
XMLName xml.Name `xml:"component"`
CycloneDxComponent
}
CycloneDxBdComponent represents the software/package being cataloged.
type CycloneDxBdTool ¶
type CycloneDxBdTool struct {
XMLName xml.Name `xml:"tool"`
Vendor string `xml:"vendor,omitempty"` // The vendor of the tool used to create the BOM.
Name string `xml:"name,omitempty"` // The name of the tool used to create the BOM.
Version string `xml:"version,omitempty"` // The version of the tool used to create the BOM.
}
CycloneDxBdTool represents the tool that created the BOM report.
type CycloneDxBomDescriptor ¶
type CycloneDxBomDescriptor struct {
XMLName xml.Name `xml:"metadata"`
Timestamp string `xml:"timestamp,omitempty"` // The date and time (timestamp) when the document was created
Tools []CycloneDxBdTool `xml:"tools>tool"` // The tool used to create the BOM.
Component *CycloneDxBdComponent `xml:"component"` // The component that the BOM describes.
}
CycloneDxBomDescriptor represents all metadata surrounding the BOM report (such as when the BOM was made, with which tool, and the item being cataloged).
func NewCycloneDxBomDescriptor ¶
func NewCycloneDxBomDescriptor(name, version string, srcMetadata source.Metadata) *CycloneDxBomDescriptor
NewCycloneDxBomDescriptor returns a new CycloneDxBomDescriptor tailored for the current time and "syft" tool details.
type CycloneDxComponent ¶
type CycloneDxComponent struct {
XMLName xml.Name `xml:"component"`
Type string `xml:"type,attr"` // Required; Describes if the component is a library, framework, application, container, operating system, firmware, hardware device, or file
Supplier string `xml:"supplier,omitempty"` // The organization that supplied the component. The supplier may often be the manufacture, but may also be a distributor or repackager.
Author string `xml:"author,omitempty"` // The person(s) or organization(s) that authored the component
Publisher string `xml:"publisher,omitempty"` // The person(s) or organization(s) that published the component
Group string `xml:"group,omitempty"` // The high-level classification that a project self-describes as. This will often be a shortened, single name of the company or project that produced the component, or the source package or domain name.
Name string `xml:"name"` // Required; The name of the component as defined by the project
Version string `xml:"version"` // Required; The version of the component as defined by the project
Description string `xml:"description,omitempty"` // A description of the component
Licenses *[]CycloneDxLicense `xml:"licenses>license"` // A node describing zero or more license names, SPDX license IDs or expressions
PackageURL string `xml:"purl,omitempty"` // Specifies the package-url (PackageURL). The purl, if specified, must be valid and conform to the specification defined at: https://github.com/package-url/purl-spec
}
CycloneDxComponent represents a single element in the CycloneDX BOM
type CycloneDxDocument ¶
type CycloneDxDocument struct {
XMLName xml.Name `xml:"bom"`
XMLNs string `xml:"xmlns,attr"`
Version int `xml:"version,attr"`
SerialNumber string `xml:"serialNumber,attr"`
BomDescriptor *CycloneDxBomDescriptor `xml:"metadata"` // The BOM descriptor extension
Components []CycloneDxComponent `xml:"components>component"` // The BOM contents
}
CycloneDxDocument represents a CycloneDX BOM CycloneDxDocument.
func NewCycloneDxDocument ¶
func NewCycloneDxDocument(catalog *pkg.Catalog, srcMetadata source.Metadata) CycloneDxDocument
NewCycloneDxDocument returns a CycloneDX CycloneDxDocument object populated with the catalog contents.
type CycloneDxLicense ¶
type CycloneDxLicense struct {
XMLName xml.Name `xml:"license"`
ID string `xml:"id,omitempty"` // A valid SPDX license ID
Name string `xml:"name,omitempty"` // If SPDX does not define the license used, this field may be used to provide the license name
}
CycloneDxLicense represents a single software license for a CycloneDxComponent
type CycloneDxPresenter ¶
type CycloneDxPresenter struct {
// contains filtered or unexported fields
}
CycloneDxPresenter writes a CycloneDX report from the given Catalog and Locations contents
func NewCycloneDxPresenter ¶
func NewCycloneDxPresenter(catalog *pkg.Catalog, srcMetadata source.Metadata) *CycloneDxPresenter
NewCycloneDxPresenter creates a CycloneDX presenter from the given Catalog and Locations objects.
type SPDXJsonPresenter ¶ added in v0.18.0
type SPDXJsonPresenter struct {
// contains filtered or unexported fields
}
SPDXJsonPresenter is a SPDX presentation object for the syft results (see https://github.com/spdx/spdx-spec)
func NewSPDXJSONPresenter ¶ added in v0.18.0
func NewSPDXJSONPresenter(catalog *pkg.Catalog, srcMetadata source.Metadata) *SPDXJsonPresenter
NewSPDXJSONPresenter creates a new JSON presenter object for the given cataloging results.
type SPDXTagValuePresenter ¶ added in v0.18.0
type SPDXTagValuePresenter struct {
// contains filtered or unexported fields
}
SPDXTagValuePresenter is a SPDX presentation object for the syft results (see https://github.com/spdx/spdx-spec)
func NewSPDXTagValuePresenter ¶ added in v0.18.0
func NewSPDXTagValuePresenter(catalog *pkg.Catalog, srcMetadata source.Metadata) *SPDXTagValuePresenter
NewJSONPresenter creates a new JSON presenter object for the given cataloging results.
type TextPresenter ¶
type TextPresenter struct {
// contains filtered or unexported fields
}
TextPresenter is a human-friendly text presenter to represent package and source data.
func NewTextPresenter ¶
func NewTextPresenter(catalog *pkg.Catalog, srcMetadata source.Metadata) *TextPresenter
NewTextPresenter creates a new presenter for the given set of catalog and image data.
Source Files
Directories