sbom

package

v0.86.0 Latest Latest Go to latest Published: Jul 31, 2023 License: Apache-2.0 Imports: 11 Imported by: 98

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/anchore/syft

Links

Open Source Insights

Documentation ¶

Index ¶

Constants
Variables
type Artifacts
type Decoder
type Descriptor
type Encoder
type Format
- func NewFormat(version string, encoder Encoder, decoder Decoder, validator Validator, ...) Format
type FormatID
- func (f FormatID) String() string
type SBOM
type Validator
type Writer

Constants ¶

View Source

const AnyVersion = ""

Variables ¶

View Source

var (
	ErrEncodingNotSupported   = errors.New("encoding not supported")
	ErrDecodingNotSupported   = errors.New("decoding not supported")
	ErrValidationNotSupported = errors.New("validation not supported")
)

Functions ¶

This section is empty.

Types ¶

type Artifacts ¶

type Artifacts struct {
	Packages          *pkg.Collection
	FileMetadata      map[file.Coordinates]file.Metadata
	FileDigests       map[file.Coordinates][]file.Digest
	FileContents      map[file.Coordinates]string
	FileLicenses      map[file.Coordinates][]file.License
	Secrets           map[file.Coordinates][]file.SearchResult
	LinuxDistribution *linux.Release
}

type Decoder ¶ added in v0.41.0

type Decoder func(reader io.Reader) (*SBOM, error)

Decoder is a function that can convert an SBOM document of a specific format from a reader into Syft native objects.

type Descriptor ¶ added in v0.31.0

type Descriptor struct {
	Name          string
	Version       string
	Configuration interface{}
}

type Encoder ¶ added in v0.41.0

type Encoder func(io.Writer, SBOM) error

Encoder is a function that can transform Syft native objects into an SBOM document of a specific format written to the given writer.

type Format ¶ added in v0.41.0

type Format interface {
	ID() FormatID
	IDs() []FormatID
	Version() string
	Encode(io.Writer, SBOM) error
	Decode(io.Reader) (*SBOM, error)
	Validate(io.Reader) error
	fmt.Stringer
}

func NewFormat ¶ added in v0.41.0

func NewFormat(version string, encoder Encoder, decoder Decoder, validator Validator, ids ...FormatID) Format

type FormatID ¶ added in v0.41.0

type FormatID string

func (FormatID) String ¶ added in v0.42.4

func (f FormatID) String() string

String returns a string representation of the FormatID.

type SBOM ¶

type SBOM struct {
	Artifacts     Artifacts
	Relationships []artifact.Relationship
	Source        source.Description
	Descriptor    Descriptor
}

func (SBOM) AllCoordinates ¶ added in v0.57.0

func (s SBOM) AllCoordinates() []file.Coordinates

func (SBOM) CoordinatesForPackage ¶ added in v0.64.0

func (s SBOM) CoordinatesForPackage(p pkg.Package, rt ...artifact.RelationshipType) []file.Coordinates

CoordinatesForPackage returns all coordinates for the provided package for provided relationship types If no types are provided, all relationship types are considered.

func (SBOM) RelationshipsForPackage ¶ added in v0.64.0

func (s SBOM) RelationshipsForPackage(p pkg.Package, rt ...artifact.RelationshipType) []artifact.Relationship

RelationshipsForPackage returns all relationships for the provided types. If no types are provided, all relationships for the package are returned.

func (SBOM) RelationshipsSorted ¶ added in v0.57.0

func (s SBOM) RelationshipsSorted() []artifact.Relationship

type Validator ¶ added in v0.41.0

type Validator func(reader io.Reader) error

Validator reads the SBOM from the given reader and assesses whether the document conforms to the specific SBOM format. The validator should positively confirm if the SBOM is not only the format but also has the minimal set of values that the format requires. For example, all syftjson formatted documents have a schema section which should have "anchore/syft" within the version --if this isn't found then the validator should raise an error. These active assertions protect against "simple" format decoding validations that may lead to false positives (e.g. I decoded json successfully therefore this must be the target format, however, all values are their default zero-value and really represent a different format that also uses json)

type Writer ¶ added in v0.35.0

type Writer interface {
	Write(SBOM) error
}

Writer an interface to write SBOMs to a destination

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL