Documentation
¶
Overview ¶
Package pkg provides the data structures for a package, a package catalog, package types, and domain-specific metadata.
Index ¶
- Constants
- Variables
- func CPEString(c CPE) string
- func IsValid(p *Package) bool
- func NewRelationships(catalog *Catalog) []artifact.Relationship
- func RelationshipsByFileOwnership(catalog *Catalog) []artifact.Relationship
- func URL(p Package, release *linux.Release) string
- func ValidateCPEString(cpeStr string) error
- type AlpmFileRecord
- type AlpmMetadata
- type ApkFileRecord
- type ApkMetadata
- type ArchiveInfo
- type CPE
- type CPEBySpecificity
- type CargoMetadata
- type CargoPackageMetadata
- type Catalog
- func (c *Catalog) Add(p Package)
- func (c *Catalog) Enumerate(types ...Type) <-chan Package
- func (c *Catalog) Package(id artifact.ID) *Package
- func (c *Catalog) PackageCount() int
- func (c *Catalog) Packages(ids []artifact.ID) (result []Package)
- func (c *Catalog) PackagesByName(name string) []Package
- func (c *Catalog) PackagesByPath(path string) []Package
- func (c *Catalog) Sorted(types ...Type) (pkgs []Package)
- type CocoapodsMetadata
- type ConanLockMetadata
- type ConanMetadata
- type DartPubMetadata
- type DirInfo
- type DirectURLOrigin
- type DotnetDepsMetadata
- type DpkgFileRecord
- type DpkgMetadata
- type FileOwner
- type GemMetadata
- type GolangBinMetadata
- type HackageMetadata
- type JavaManifest
- type JavaMetadata
- type KbPackageMetadata
- type Language
- type MetadataType
- type NpmPackageJSONMetadata
- type Package
- type PhpComposerAuthors
- type PhpComposerExternalReference
- type PhpComposerJSONMetadata
- type PomParent
- type PomProject
- type PomProperties
- type PortageFileRecord
- type PortageMetadata
- type PythonDirectURLOriginInfo
- type PythonFileDigest
- type PythonFileRecord
- type PythonPackageMetadata
- type RpmMetadata
- type RpmdbFileMode
- type RpmdbFileRecord
- type Type
- type VCSInfo
Constants ¶
View Source
const ( PURLQualifierArch = "arch" PURLQualifierDistro = "distro" PURLQualifierEpoch = "epoch" PURLQualifierVCSURL = "vcs_url" // PURLQualifierUpstream this qualifier is not in the pURL spec, but is used by grype to perform indirect matching based on source information PURLQualifierUpstream = "upstream" )
View Source
const AlpmDBGlob = "**/var/lib/pacman/local/**/desc"
View Source
const AltRpmDBGlob = "**/rpm/{Packages,Packages.db,rpmdb.sqlite}"
AltRpmDBGlob allows db matches against new locations introduced in fedora:{36,37} See https://github.com/anchore/syft/issues/1077 for larger context
View Source
const ApkDBGlob = "**/lib/apk/db/installed"
View Source
const DpkgDBGlob = "**/var/lib/dpkg/{status,status.d/**}"
View Source
const PortageDBGlob = "**/var/db/pkg/*/*/CONTENTS"
View Source
const RpmDBGlob = "**/var/lib/rpm/{Packages,Packages.db,rpmdb.sqlite}"
Packages is the legacy Berkely db based format Packages.db is the "ndb" format used in SUSE rpmdb.sqlite is the sqlite format used in fedora + derivates
View Source
const RpmManifestGlob = "**/var/lib/rpmmanifest/container-manifest-2"
Used in CBL-Mariner distroless images
Variables ¶
View Source
var AllLanguages = []Language{ Java, JavaScript, Python, PHP, Ruby, Go, Rust, Dart, Dotnet, Swift, CPP, Haskell, }
AllLanguages is a set of all programming languages detected by syft.
View Source
var AllMetadataTypes = []MetadataType{ ApkMetadataType, AlpmMetadataType, DpkgMetadataType, GemMetadataType, JavaMetadataType, NpmPackageJSONMetadataType, RpmMetadataType, DartPubMetadataType, DotnetDepsMetadataType, PythonPackageMetadataType, RustCargoPackageMetadataType, KbPackageMetadataType, GolangBinMetadataType, PhpComposerJSONMetadataType, CocoapodsMetadataType, ConanMetadataType, ConanLockMetadataType, PortageMetadataType, HackageMetadataType, }
View Source
var AllPkgs = []Type{ ApkPkg, AlpmPkg, GemPkg, DebPkg, RpmPkg, NpmPkg, PythonPkg, PhpComposerPkg, JavaPkg, JenkinsPluginPkg, GoModulePkg, RustPkg, KbPkg, DartPubPkg, DotnetPkg, CocoapodsPkg, ConanPkg, PortagePkg, HackagePkg, }
AllPkgs represents all supported package types
View Source
var MetadataTypeByName = map[MetadataType]reflect.Type{ ApkMetadataType: reflect.TypeOf(ApkMetadata{}), AlpmMetadataType: reflect.TypeOf(AlpmMetadata{}), DpkgMetadataType: reflect.TypeOf(DpkgMetadata{}), GemMetadataType: reflect.TypeOf(GemMetadata{}), JavaMetadataType: reflect.TypeOf(JavaMetadata{}), NpmPackageJSONMetadataType: reflect.TypeOf(NpmPackageJSONMetadata{}), RpmMetadataType: reflect.TypeOf(RpmMetadata{}), DartPubMetadataType: reflect.TypeOf(DartPubMetadata{}), DotnetDepsMetadataType: reflect.TypeOf(DotnetDepsMetadata{}), PythonPackageMetadataType: reflect.TypeOf(PythonPackageMetadata{}), RustCargoPackageMetadataType: reflect.TypeOf(CargoMetadata{}), KbPackageMetadataType: reflect.TypeOf(KbPackageMetadata{}), GolangBinMetadataType: reflect.TypeOf(GolangBinMetadata{}), PhpComposerJSONMetadataType: reflect.TypeOf(PhpComposerJSONMetadata{}), CocoapodsMetadataType: reflect.TypeOf(CocoapodsMetadata{}), ConanMetadataType: reflect.TypeOf(ConanMetadata{}), ConanLockMetadataType: reflect.TypeOf(ConanLockMetadata{}), PortageMetadataType: reflect.TypeOf(PortageMetadata{}), HackageMetadataType: reflect.TypeOf(HackageMetadata{}), }
Functions ¶
func IsValid ¶ added in v0.47.0
IsValid checks whether a package has the minimum necessary info which is a non-empty name. The nil-check was added as a helper as often, in this code base, packages move between callers as pointers. CycloneDX and SPDX define Name as the minimum required info for a valid package: * https://spdx.github.io/spdx-spec/package-information/#73-package-version-field * https://cyclonedx.org/docs/1.4/json/#components_items_name
func NewRelationships ¶ added in v0.13.0
func NewRelationships(catalog *Catalog) []artifact.Relationship
TODO: as more relationships are added, this function signature will probably accommodate selection
func RelationshipsByFileOwnership ¶ added in v0.31.0
func RelationshipsByFileOwnership(catalog *Catalog) []artifact.Relationship
RelationshipsByFileOwnership creates a package-to-package relationship based on discovering which packages have evidence locations that overlap with ownership claim from another package's package manager metadata.
func ValidateCPEString ¶ added in v0.39.2
Types ¶
type AlpmFileRecord ¶ added in v0.48.0
type AlpmFileRecord struct {
Path string `mapstruture:"path" json:"path,omitempty"`
Type string `mapstructure:"type" json:"type,omitempty"`
UID string `mapstructure:"uid" json:"uid,omitempty"`
GID string `mapstructure:"gid" json:"gid,omitempty"`
Time time.Time `mapstructure:"time" json:"time,omitempty"`
Size string `mapstructure:"size" json:"size,omitempty"`
Link string `mapstructure:"link" json:"link,omitempty"`
Digests []file.Digest `mapstructure:"digests" json:"digest,omitempty"`
}
type AlpmMetadata ¶ added in v0.48.0
type AlpmMetadata struct {
BasePackage string `mapstructure:"base" json:"basepackage"`
Package string `mapstructure:"name" json:"package"`
Version string `mapstructure:"version" json:"version"`
Description string `mapstructure:"desc" json:"description"`
Architecture string `mapstructure:"arch" json:"architecture"`
Size int `mapstructure:"size" json:"size" cyclonedx:"size"`
Packager string `mapstructure:"packager" json:"packager"`
License string `mapstructure:"license" json:"license"`
URL string `mapstructure:"url" json:"url"`
Validation string `mapstructure:"validation" json:"validation"`
Reason int `mapstructure:"reason" json:"reason"`
Files []AlpmFileRecord `mapstructure:"files" json:"files"`
Backup []AlpmFileRecord `mapstructure:"backup" json:"backup"`
}
func (AlpmMetadata) OwnedFiles ¶ added in v0.48.0
func (m AlpmMetadata) OwnedFiles() (result []string)
func (AlpmMetadata) PackageURL ¶ added in v0.48.0
func (m AlpmMetadata) PackageURL(distro *linux.Release) string
PackageURL returns the PURL for the specific Arch Linux package (see https://github.com/package-url/purl-spec)
type ApkFileRecord ¶
type ApkFileRecord struct {
Path string `json:"path"`
OwnerUID string `json:"ownerUid,omitempty"`
OwnerGID string `json:"ownerGid,omitempty"`
Permissions string `json:"permissions,omitempty"`
Digest *file.Digest `json:"digest,omitempty"`
}
ApkFileRecord represents a single file listing and metadata from a APK DB entry (which may have many of these file records).
type ApkMetadata ¶
type ApkMetadata struct {
Package string `mapstructure:"P" json:"package"`
OriginPackage string `mapstructure:"o" json:"originPackage" cyclonedx:"originPackage"`
Maintainer string `mapstructure:"m" json:"maintainer"`
Version string `mapstructure:"V" json:"version"`
License string `mapstructure:"L" json:"license"`
Architecture string `mapstructure:"A" json:"architecture"`
URL string `mapstructure:"U" json:"url"`
Description string `mapstructure:"T" json:"description"`
Size int `mapstructure:"S" json:"size" cyclonedx:"size"`
InstalledSize int `mapstructure:"I" json:"installedSize" cyclonedx:"installedSize"`
PullDependencies string `mapstructure:"D" json:"pullDependencies" cyclonedx:"pullDependencies"`
PullChecksum string `mapstructure:"C" json:"pullChecksum" cyclonedx:"pullChecksum"`
GitCommitOfAport string `mapstructure:"c" json:"gitCommitOfApkPort" cyclonedx:"gitCommitOfApkPort"`
Files []ApkFileRecord `json:"files"`
}
ApkMetadata represents all captured data for a Alpine DB package entry. See the following sources for more information: - https://wiki.alpinelinux.org/wiki/Apk_spec - https://git.alpinelinux.org/apk-tools/tree/src/package.c - https://git.alpinelinux.org/apk-tools/tree/src/database.c
func (ApkMetadata) OwnedFiles ¶ added in v0.24.0
func (m ApkMetadata) OwnedFiles() (result []string)
func (ApkMetadata) PackageURL ¶
func (m ApkMetadata) PackageURL(distro *linux.Release) string
PackageURL returns the PURL for the specific Alpine package (see https://github.com/package-url/purl-spec)
type ArchiveInfo ¶ added in v0.34.0
type ArchiveInfo struct {
Hash string `json:"hash"`
}
type CPE ¶ added in v0.9.0
type CPE = wfn.Attributes
type CPEBySpecificity ¶ added in v0.43.0
type CPEBySpecificity []wfn.Attributes
func (CPEBySpecificity) Len ¶ added in v0.43.0
func (c CPEBySpecificity) Len() int
func (CPEBySpecificity) Less ¶ added in v0.43.0
func (c CPEBySpecificity) Less(i, j int) bool
func (CPEBySpecificity) Swap ¶ added in v0.43.0
func (c CPEBySpecificity) Swap(i, j int)
type CargoMetadata ¶ added in v0.39.0
type CargoMetadata struct {
Packages []CargoPackageMetadata `toml:"package"`
}
func (CargoMetadata) Pkgs ¶ added in v0.39.0
func (m CargoMetadata) Pkgs() []*Package
Pkgs returns all of the packages referenced within the Cargo.lock metadata.
type CargoPackageMetadata ¶ added in v0.15.0
type CargoPackageMetadata struct {
Name string `toml:"name" json:"name"`
Version string `toml:"version" json:"version"`
Source string `toml:"source" json:"source"`
Checksum string `toml:"checksum" json:"checksum"`
Dependencies []string `toml:"dependencies" json:"dependencies"`
}
func (CargoPackageMetadata) PackageURL ¶ added in v0.37.0
func (p CargoPackageMetadata) PackageURL(_ *linux.Release) string
PackageURL returns the PURL for the specific rust package (see https://github.com/package-url/purl-spec)
func (CargoPackageMetadata) Pkg ¶ added in v0.15.0
func (p CargoPackageMetadata) Pkg() *Package
Pkg returns the standard `pkg.Package` representation of the package referenced within the Cargo.lock metadata.
type Catalog ¶
type Catalog struct {
// contains filtered or unexported fields
}
Catalog represents a collection of Packages.
func (*Catalog) Enumerate ¶
Enumerate all packages for the given type(s), enumerating all packages if no type is specified.
func (*Catalog) PackageCount ¶
PackageCount returns the total number of packages that have been added.
func (*Catalog) PackagesByName ¶ added in v0.43.0
PackagesByName returns all packages that were discovered with a matching name.
func (*Catalog) PackagesByPath ¶ added in v0.13.0
PackagesByPath returns all packages that were discovered from the given path.
type CocoapodsMetadata ¶ added in v0.51.0
type CocoapodsMetadata struct {
Name string `mapstructure:"name" json:"name"`
Version string `mapstructure:"version" json:"version"`
PkgHash string `mapstructure:"pkgHash" json:"pkgHash"`
}
func (CocoapodsMetadata) PackageURL ¶ added in v0.51.0
func (m CocoapodsMetadata) PackageURL(_ *linux.Release) string
type ConanLockMetadata ¶ added in v0.58.0
type ConanLockMetadata struct {
Ref string `json:"ref"`
PackageID string `json:"package_id,omitempty"`
Prev string `json:"prev,omitempty"`
Requires string `json:"requires,omitempty"`
BuildRequires string `json:"build_requires,omitempty"`
PythonRequires string `json:"py_requires,omitempty"`
Options map[string]string `json:"options,omitempty"`
Path string `json:"path,omitempty"`
Context string `json:"context,omitempty"`
}
func (ConanLockMetadata) NameAndVersion ¶ added in v0.58.0
func (m ConanLockMetadata) NameAndVersion() (name, version string)
NameAndVersion returns the name and version of the package. If ref is not in the format of "name/version@user/channel", then an empty string is returned for both.
func (ConanLockMetadata) PackageURL ¶ added in v0.58.0
func (m ConanLockMetadata) PackageURL(_ *linux.Release) string
type ConanMetadata ¶ added in v0.50.0
type ConanMetadata struct {
Ref string `mapstructure:"ref" json:"ref"`
}
func (ConanMetadata) NameAndVersion ¶ added in v0.58.0
func (m ConanMetadata) NameAndVersion() (name, version string)
NameAndVersion tries to return the name and version of a cpp package given the ref format: pkg/version it returns empty strings if ref is empty or parsing is unsuccessful
func (ConanMetadata) PackageURL ¶ added in v0.50.0
func (m ConanMetadata) PackageURL(_ *linux.Release) string
type DartPubMetadata ¶ added in v0.43.0
type DartPubMetadata struct {
Name string `mapstructure:"name" json:"name"`
Version string `mapstructure:"version" json:"version"`
HostedURL string `mapstructure:"hosted_url" json:"hosted_url,omitempty"`
VcsURL string `mapstructure:"vcs_url" json:"vcs_url,omitempty"`
}
func (DartPubMetadata) PackageURL ¶ added in v0.43.0
func (m DartPubMetadata) PackageURL(_ *linux.Release) string
type DirectURLOrigin ¶ added in v0.34.0
type DirectURLOrigin struct {
URL string `json:"url"`
VCSInfo VCSInfo `json:"vcs_info"`
ArchiveInfo ArchiveInfo `json:"archive_info"`
DirInfo DirInfo `json:"dir_info"`
}
type DotnetDepsMetadata ¶ added in v0.46.0
type DotnetDepsMetadata struct {
Name string `mapstructure:"name" json:"name"`
Version string `mapstructure:"version" json:"version"`
Path string `mapstructure:"path" json:"path"`
Sha512 string `mapstructure:"sha512" json:"sha512"`
HashPath string `mapstructure:"hashPath" json:"hashPath"`
}
func (DotnetDepsMetadata) PackageURL ¶ added in v0.46.0
func (m DotnetDepsMetadata) PackageURL(_ *linux.Release) string
type DpkgFileRecord ¶ added in v0.7.0
type DpkgFileRecord struct {
Path string `json:"path"`
Digest *file.Digest `json:"digest,omitempty"`
IsConfigFile bool `json:"isConfigFile"`
}
DpkgFileRecord represents a single file attributed to a debian package.
type DpkgMetadata ¶
type DpkgMetadata struct {
Package string `mapstructure:"Package" json:"package"`
Source string `mapstructure:"Source" json:"source" cyclonedx:"source"`
Version string `mapstructure:"Version" json:"version"`
SourceVersion string `mapstructure:"SourceVersion" json:"sourceVersion" cyclonedx:"sourceVersion"`
Architecture string `mapstructure:"Architecture" json:"architecture"`
Maintainer string `mapstructure:"Maintainer" json:"maintainer"`
InstalledSize int `mapstructure:"InstalledSize" json:"installedSize" cyclonedx:"installedSize"`
Description string `mapstructure:"Description" hash:"ignore" json:"-"`
Files []DpkgFileRecord `json:"files"`
}
DpkgMetadata represents all captured data for a Debian package DB entry; available fields are described at http://manpages.ubuntu.com/manpages/xenial/man1/dpkg-query.1.html in the --showformat section.
func (DpkgMetadata) OwnedFiles ¶ added in v0.24.0
func (m DpkgMetadata) OwnedFiles() (result []string)
func (DpkgMetadata) PackageURL ¶
func (m DpkgMetadata) PackageURL(distro *linux.Release) string
PackageURL returns the PURL for the specific Debian package (see https://github.com/package-url/purl-spec)
type FileOwner ¶ added in v0.24.0
type FileOwner interface {
OwnedFiles() []string
}
FileOwner is the interface that wraps OwnedFiles method.
OwnedFiles returns a list of files that a piece of package Metadata indicates are owned by the package.
type GemMetadata ¶ added in v0.2.0
type GemMetadata struct {
Name string `mapstructure:"name" json:"name"`
Version string `mapstructure:"version" json:"version"`
Files []string `mapstructure:"files" json:"files,omitempty"`
Authors []string `mapstructure:"authors" json:"authors,omitempty"`
Licenses []string `mapstructure:"licenses" json:"licenses,omitempty"`
Homepage string `mapstructure:"homepage" json:"homepage,omitempty"`
}
GemMetadata represents all metadata parsed from the gemspec file
type GolangBinMetadata ¶ added in v0.26.0
type GolangBinMetadata struct {
BuildSettings map[string]string `json:"goBuildSettings,omitempty" cyclonedx:"goBuildSettings"`
GoCompiledVersion string `json:"goCompiledVersion" cyclonedx:"goCompiledVersion"`
Architecture string `json:"architecture" cyclonedx:"architecture"`
H1Digest string `json:"h1Digest,omitempty" cyclonedx:"h1Digest"`
MainModule string `json:"mainModule,omitempty" cyclonedx:"mainModule"`
}
GolangBinMetadata represents all captured data for a Golang Binary
type HackageMetadata ¶ added in v0.52.0
type HackageMetadata struct {
Name string `mapstructure:"name" json:"name"`
Version string `mapstructure:"version" json:"version"`
PkgHash *string `mapstructure:"pkgHash" json:"pkgHash,omitempty"`
SnapshotURL *string `mapstructure:"snapshotURL" json:"snapshotURL,omitempty"`
}
func (HackageMetadata) PackageURL ¶ added in v0.52.0
func (m HackageMetadata) PackageURL(_ *linux.Release) string
type JavaManifest ¶
type JavaManifest struct {
Main map[string]string `json:"main,omitempty"`
NamedSections map[string]map[string]string `json:"namedSections,omitempty"`
}
JavaManifest represents the fields of interest extracted from a Java archive's META-INF/MANIFEST.MF file.
type JavaMetadata ¶
type JavaMetadata struct {
VirtualPath string `json:"virtualPath" cyclonedx:"virtualPath"` // we need to include the virtual path in cyclonedx documents to prevent deduplication of jars within jars
Manifest *JavaManifest `mapstructure:"Manifest" json:"manifest,omitempty"`
PomProperties *PomProperties `mapstructure:"PomProperties" json:"pomProperties,omitempty" cyclonedx:"-"`
PomProject *PomProject `mapstructure:"PomProject" json:"pomProject,omitempty"`
ArchiveDigests []file.Digest `hash:"ignore" json:"digest,omitempty"`
PURL string `hash:"ignore" json:"-"` // pURLs and CPEs are ignored for package IDs
Parent *Package `hash:"ignore" json:"-"` // note: the parent cannot be included in the minimal definition of uniqueness since this field is not reproducible in an encode-decode cycle (is lossy).
}
JavaMetadata encapsulates all Java ecosystem metadata for a package as well as an (optional) parent relationship.
func (JavaMetadata) PackageURL ¶
func (m JavaMetadata) PackageURL(_ *linux.Release) string
PackageURL returns the PURL for the specific Maven package (see https://github.com/package-url/purl-spec)
type KbPackageMetadata ¶ added in v0.15.2
type KbPackageMetadata struct {
ProductID string `toml:"product_id" json:"product_id"`
Kb string `toml:"kb" json:"kb"`
}
KbPackageMetadata is slightly odd in how it is expected to map onto data. This is critical to grasp because there is no MSRC cataloger. The `ProductID` field is expected to be the MSRC Product ID, for example: "Windows 10 Version 1703 for 32-bit Systems". `Kb` is expected to be the actual KB number, for example "5001028"
type Language ¶
type Language string
Language represents a single programming language.
const ( // the full set of supported programming languages UnknownLanguage Language = "" Java Language = "java" JavaScript Language = "javascript" Python Language = "python" PHP Language = "php" Ruby Language = "ruby" Go Language = "go" Rust Language = "rust" Dart Language = "dart" Dotnet Language = "dotnet" Swift Language = "swift" CPP Language = "c++" Haskell Language = "haskell" )
func LanguageByName ¶ added in v0.38.0
func LanguageFromPURL ¶ added in v0.37.0
type MetadataType ¶ added in v0.4.0
type MetadataType string
MetadataType represents the data shape stored within pkg.Package.Metadata.
const ( UnknownMetadataType MetadataType = "UnknownMetadata" ApkMetadataType MetadataType = "ApkMetadata" AlpmMetadataType MetadataType = "AlpmMetadata" DpkgMetadataType MetadataType = "DpkgMetadata" GemMetadataType MetadataType = "GemMetadata" JavaMetadataType MetadataType = "JavaMetadata" NpmPackageJSONMetadataType MetadataType = "NpmPackageJsonMetadata" RpmMetadataType MetadataType = "RpmMetadata" DartPubMetadataType MetadataType = "DartPubMetadata" DotnetDepsMetadataType MetadataType = "DotnetDepsMetadata" PythonPackageMetadataType MetadataType = "PythonPackageMetadata" RustCargoPackageMetadataType MetadataType = "RustCargoPackageMetadata" KbPackageMetadataType MetadataType = "KbPackageMetadata" GolangBinMetadataType MetadataType = "GolangBinMetadata" PhpComposerJSONMetadataType MetadataType = "PhpComposerJsonMetadata" CocoapodsMetadataType MetadataType = "CocoapodsMetadataType" ConanMetadataType MetadataType = "ConanMetadataType" ConanLockMetadataType MetadataType = "ConanLockMetadataType" PortageMetadataType MetadataType = "PortageMetadata" HackageMetadataType MetadataType = "HackageMetadataType" )
func CleanMetadataType ¶ added in v0.56.0
func CleanMetadataType(typ MetadataType) MetadataType
type NpmPackageJSONMetadata ¶ added in v0.4.0
type NpmPackageJSONMetadata struct {
Name string `mapstructure:"name" json:"name"`
Version string `mapstructure:"version" json:"version"`
Files []string `mapstructure:"files" json:"files,omitempty"`
Author string `mapstructure:"author" json:"author"`
Licenses []string `mapstructure:"licenses" json:"licenses"`
Homepage string `mapstructure:"homepage" json:"homepage"`
Description string `mapstructure:"description" json:"description"`
URL string `mapstructure:"url" json:"url"`
Private bool `mapstructure:"private" json:"private"`
}
NpmPackageJSONMetadata holds extra information that is used in pkg.Package
func (NpmPackageJSONMetadata) PackageURL ¶ added in v0.37.0
func (p NpmPackageJSONMetadata) PackageURL(_ *linux.Release) string
PackageURL returns the PURL for the specific NPM package (see https://github.com/package-url/purl-spec)
type Package ¶
type Package struct {
Name string // the package name
Version string // the version of the package
FoundBy string `cyclonedx:"foundBy"` // the specific cataloger that discovered this package
Locations source.LocationSet // the locations that lead to the discovery of this package (note: this is not necessarily the locations that make up this package)
Licenses []string // licenses discovered with the package metadata
Language Language `cyclonedx:"language"` // the language ecosystem this package belongs to (e.g. JavaScript, Python, etc)
Type Type `cyclonedx:"type"` // the package type (e.g. Npm, Yarn, Python, Rpm, Deb, etc)
CPEs []CPE `hash:"ignore"` // all possible Common Platform Enumerators (note: this is NOT included in the definition of the ID since all fields on a CPE are derived from other fields)
PURL string `hash:"ignore"` // the Package URL (see https://github.com/package-url/purl-spec)
MetadataType MetadataType `cyclonedx:"metadataType"` // the shape of the additional data in the "metadata" field
Metadata interface{} // additional data found while parsing the package source
// contains filtered or unexported fields
}
Package represents an application or library that has been bundled into a distributable format. TODO: if we ignore FoundBy for ID generation should we merge the field to show it was found in two places?
func (*Package) OverrideID ¶ added in v0.45.0
type PhpComposerAuthors ¶ added in v0.36.0
type PhpComposerExternalReference ¶ added in v0.36.0
type PhpComposerJSONMetadata ¶ added in v0.36.0
type PhpComposerJSONMetadata struct {
Name string `json:"name"`
Version string `json:"version"`
Source PhpComposerExternalReference `json:"source"`
Dist PhpComposerExternalReference `json:"dist"`
Require map[string]string `json:"require,omitempty"`
Provide map[string]string `json:"provide,omitempty"`
RequireDev map[string]string `json:"require-dev,omitempty"`
Suggest map[string]string `json:"suggest,omitempty"`
Type string `json:"type,omitempty"`
NotificationURL string `json:"notification-url,omitempty"`
Bin []string `json:"bin,omitempty"`
License []string `json:"license,omitempty"`
Authors []PhpComposerAuthors `json:"authors,omitempty"`
Description string `json:"description,omitempty"`
Homepage string `json:"homepage,omitempty"`
Keywords []string `json:"keywords,omitempty"`
Time string `json:"time,omitempty"`
}
PhpComposerJSONMetadata represents information found from composer v1/v2 "installed.json" files as well as composer.lock files
func (PhpComposerJSONMetadata) PackageURL ¶ added in v0.36.0
func (m PhpComposerJSONMetadata) PackageURL(_ *linux.Release) string
type PomParent ¶ added in v0.22.0
type PomParent struct {
GroupID string `json:"groupId"`
ArtifactID string `json:"artifactId"`
Version string `json:"version"`
}
PomParent contains the fields within the <parent> tag in a pom.xml file
type PomProject ¶ added in v0.22.0
type PomProject struct {
Path string `json:"path"`
Parent *PomParent `json:"parent,omitempty"`
GroupID string `json:"groupId"`
ArtifactID string `json:"artifactId"`
Version string `json:"version"`
Name string `json:"name"`
Description string `json:"description,omitempty"`
URL string `json:"url,omitempty"`
}
PomProject represents fields of interest extracted from a Java archive's pom.xml file. See https://maven.apache.org/ref/3.6.3/maven-model/maven.html for more details.
type PomProperties ¶
type PomProperties struct {
Path string `mapstructure:"path" json:"path"`
Name string `mapstructure:"name" json:"name"`
GroupID string `mapstructure:"groupId" json:"groupId" cyclonedx:"groupID"`
ArtifactID string `mapstructure:"artifactId" json:"artifactId" cyclonedx:"artifactID"`
Version string `mapstructure:"version" json:"version"`
Extra map[string]string `mapstructure:",remain" json:"extraFields"`
}
PomProperties represents the fields of interest extracted from a Java archive's pom.properties file.
func (PomProperties) PkgTypeIndicated ¶ added in v0.15.0
func (p PomProperties) PkgTypeIndicated() Type
PkgTypeIndicated returns the package Type indicated by the data contained in the PomProperties.
type PortageFileRecord ¶ added in v0.51.0
type PortageFileRecord struct {
Path string `json:"path"`
Digest *file.Digest `json:"digest,omitempty"`
}
PortageFileRecord represents a single file attributed to a portage package.
type PortageMetadata ¶ added in v0.51.0
type PortageMetadata struct {
Package string `mapstructure:"Package" json:"package"`
Version string `mapstructure:"Version" json:"version"`
InstalledSize int `mapstructure:"InstalledSize" json:"installedSize" cyclonedx:"installedSize"`
Files []PortageFileRecord `json:"files"`
}
PortageMetadata represents all captured data for a Package package DB entry.
type PythonDirectURLOriginInfo ¶ added in v0.34.0
type PythonFileDigest ¶ added in v0.8.0
PythonFileDigest represents the file metadata for a single file attributed to a python package.
type PythonFileRecord ¶ added in v0.4.0
type PythonFileRecord struct {
Path string `json:"path"`
Digest *PythonFileDigest `json:"digest,omitempty"`
Size string `json:"size,omitempty"`
}
PythonFileRecord represents a single entry within a RECORD file for a python wheel or egg package
type PythonPackageMetadata ¶ added in v0.4.0
type PythonPackageMetadata struct {
Name string `json:"name" mapstruct:"Name"`
Version string `json:"version" mapstruct:"Version"`
License string `json:"license" mapstruct:"License"`
Author string `json:"author" mapstruct:"Author"`
AuthorEmail string `json:"authorEmail" mapstruct:"Authoremail"`
Platform string `json:"platform" mapstruct:"Platform"`
Files []PythonFileRecord `json:"files,omitempty"`
SitePackagesRootPath string `json:"sitePackagesRootPath"`
TopLevelPackages []string `json:"topLevelPackages,omitempty"`
DirectURLOrigin *PythonDirectURLOriginInfo `json:"directUrlOrigin,omitempty"`
}
PythonPackageMetadata represents all captured data for a python egg or wheel package.
func (PythonPackageMetadata) OwnedFiles ¶ added in v0.24.0
func (m PythonPackageMetadata) OwnedFiles() (result []string)
func (PythonPackageMetadata) PackageURL ¶ added in v0.34.0
func (m PythonPackageMetadata) PackageURL(_ *linux.Release) string
type RpmMetadata ¶
type RpmMetadata struct {
Name string `json:"name"`
Version string `json:"version"`
Epoch *int `json:"epoch" cyclonedx:"epoch" jsonschema:"nullable"`
Arch string `json:"architecture"`
Release string `json:"release" cyclonedx:"release"`
SourceRpm string `json:"sourceRpm" cyclonedx:"sourceRpm"`
Size int `json:"size" cyclonedx:"size"`
License string `json:"license"`
Vendor string `json:"vendor"`
ModularityLabel string `json:"modularityLabel"`
Files []RpmdbFileRecord `json:"files"`
}
RpmMetadata represents all captured data for a RPM DB package entry.
func (RpmMetadata) OwnedFiles ¶ added in v0.56.0
func (m RpmMetadata) OwnedFiles() (result []string)
func (RpmMetadata) PackageURL ¶
func (m RpmMetadata) PackageURL(distro *linux.Release) string
PackageURL returns the PURL for the specific RHEL package (see https://github.com/package-url/purl-spec)
type RpmdbFileMode ¶ added in v0.6.0
type RpmdbFileMode uint16
RpmdbFileMode is the raw file mode for a single file. This can be interpreted as the linux stat.h mode (see https://pubs.opengroup.org/onlinepubs/007908799/xsh/sysstat.h.html)
type RpmdbFileRecord ¶ added in v0.6.0
type RpmdbFileRecord struct {
Path string `json:"path"`
Mode RpmdbFileMode `json:"mode"`
Size int `json:"size"`
Digest file.Digest `json:"digest"`
UserName string `json:"userName"`
GroupName string `json:"groupName"`
Flags string `json:"flags"`
}
RpmdbFileRecord represents the file metadata for a single file attributed to a RPM package.
type Type ¶
type Type string
Type represents a Package Type for or within a language ecosystem (there may be multiple package types within a language ecosystem)
const ( // the full set of supported packages UnknownPkg Type = "UnknownPackage" ApkPkg Type = "apk" AlpmPkg Type = "alpm" GemPkg Type = "gem" DebPkg Type = "deb" RpmPkg Type = "rpm" NpmPkg Type = "npm" PythonPkg Type = "python" PhpComposerPkg Type = "php-composer" JavaPkg Type = "java-archive" JenkinsPluginPkg Type = "jenkins-plugin" GoModulePkg Type = "go-module" RustPkg Type = "rust-crate" KbPkg Type = "msrc-kb" DartPubPkg Type = "dart-pub" DotnetPkg Type = "dotnet" CocoapodsPkg Type = "pod" ConanPkg Type = "conan" PortagePkg Type = "portage" HackagePkg Type = "hackage" )
func TypeByName ¶ added in v0.38.0
func TypeFromPURL ¶ added in v0.37.0
func (Type) PackageURLType ¶
PackageURLType returns the PURL package type for the current package.
Source Files
¶
- alpm_metadata.go
- apk_metadata.go
- cargo_metadata.go
- cargo_package_metadata.go
- catalog.go
- cocoapods_metadata.go
- conan_lock_metadata.go
- conan_metadata.go
- cpe.go
- cpe_by_specificity.go
- dart_pub_metadata.go
- dotnet_deps_metadata.go
- dpkg_metadata.go
- file_owner.go
- gem_metadata.go
- golang_bin_metadata.go
- hackage_metadata.go
- java_metadata.go
- kb_package_metadata.go
- language.go
- merge_cpes.go
- metadata.go
- npm_package_json_metadata.go
- package.go
- php_composer_json_metadata.go
- portage_metadata.go
- python_package_metadata.go
- relationships.go
- relationships_by_file_ownership.go
- rpm_metadata.go
- type.go
- url.go
Directories
¶
| Path | Synopsis |
|---|---|
|
Package cataloger provides the ability to process files from a container image or file system and discover packages (gems, wheels, jars, rpms, debs, etc).
|
Package cataloger provides the ability to process files from a container image or file system and discover packages (gems, wheels, jars, rpms, debs, etc). |
|
apkdb
Package apkdb provides a concrete Cataloger implementation for Alpine DB files.
|
Package apkdb provides a concrete Cataloger implementation for Alpine DB files. |
|
common
Package common provides generic utilities used by multiple catalogers.
|
Package common provides generic utilities used by multiple catalogers. |
|
deb
Package dpkg provides a concrete Cataloger implementation for Debian package DB status files.
|
Package dpkg provides a concrete Cataloger implementation for Debian package DB status files. |
|
golang
Package golang provides a concrete Cataloger implementation for go.mod files.
|
Package golang provides a concrete Cataloger implementation for go.mod files. |
|
java
Package java provides a concrete Cataloger implementation for Java archives (jar, war, ear, par, sar, jpi, hpi formats).
|
Package java provides a concrete Cataloger implementation for Java archives (jar, war, ear, par, sar, jpi, hpi formats). |
|
javascript
Package javascript provides a concrete Cataloger implementation for JavaScript ecosystem files (yarn and npm).
|
Package javascript provides a concrete Cataloger implementation for JavaScript ecosystem files (yarn and npm). |
|
php
Package php provides a concrete Cataloger implementation for PHP ecosystem files.
|
Package php provides a concrete Cataloger implementation for PHP ecosystem files. |
|
portage
Package portage provides a concrete Cataloger implementation for Gentoo Portage.
|
Package portage provides a concrete Cataloger implementation for Gentoo Portage. |
|
python
Package python provides a concrete Cataloger implementation for Python ecosystem files (egg, wheel, requirements.txt).
|
Package python provides a concrete Cataloger implementation for Python ecosystem files (egg, wheel, requirements.txt). |
|
rpm
Package rpm provides a concrete DBCataloger implementation for RPM "Package" DB files and a FileCataloger for RPM files.
|
Package rpm provides a concrete DBCataloger implementation for RPM "Package" DB files and a FileCataloger for RPM files. |
|
ruby
Package ruby bundler provides a concrete Cataloger implementation for Ruby Gemfile.lock bundler files.
|
Package ruby bundler provides a concrete Cataloger implementation for Ruby Gemfile.lock bundler files. |
|
rust
Package rust provides a concrete Cataloger implementation for Cargo.lock files.
|
Package rust provides a concrete Cataloger implementation for Cargo.lock files. |
|
swift
Package swift provides a concrete Cataloger implementation for Podfile.lock files.
|
Package swift provides a concrete Cataloger implementation for Podfile.lock files. |
Click to show internal directories.
Click to hide internal directories.