Documentation ¶
Overview ¶
Package pkg provides the data structures for a package, a package catalog, package types, and domain-specific metadata.
Index ¶
- Constants
- Variables
- func IsValid(p *Package) bool
- func Less(i, j Package) bool
- func PURLQualifiers(vars map[string]string, release *linux.Release) (q packageurl.Qualifiers)
- func Sort(pkgs []Package)
- type AlpmDBEntry
- type AlpmFileRecord
- type ApkDBEntry
- type ApkFileRecord
- type BinarySignature
- type Cataloger
- type ClassifierMatch
- type CocoaPodfileLockEntry
- type Collection
- func (c *Collection) Add(pkgs ...Package)
- func (c *Collection) Delete(ids ...artifact.ID)
- func (c *Collection) Enumerate(types ...Type) <-chan Package
- func (c *Collection) Package(id artifact.ID) *Package
- func (c *Collection) PackageCount() int
- func (c *Collection) Packages(ids []artifact.ID) (result []Package)
- func (c *Collection) PackagesByName(name string) []Package
- func (c *Collection) PackagesByPath(path string) []Package
- func (c *Collection) Sorted(types ...Type) (pkgs []Package)
- type ConanV1LockEntry
- type ConanV2LockEntry
- type ConanfileEntry
- type ConaninfoEntry
- type DartPubspecLockEntry
- type DotnetDepsEntry
- type DotnetPortableExecutableEntry
- type DpkgDBEntry
- type DpkgFileRecord
- type ELFBinaryPackageNoteJSONPayload
- type ElixirMixLockEntry
- type ErlangRebarLockEntry
- type FileOwner
- type GolangBinaryBuildinfoEntry
- type GolangModuleEntry
- type HackageStackYamlEntry
- type HackageStackYamlLockEntry
- type JavaArchive
- type JavaManifest
- type JavaPomParent
- type JavaPomProject
- type JavaPomProperties
- type JavaVMInstallation
- type JavaVMRelease
- type KeyValue
- type KeyValues
- type Language
- type License
- func NewLicense(value string) License
- func NewLicenseFromFields(value, url string, location *file.Location) License
- func NewLicenseFromLocations(value string, locations ...file.Location) License
- func NewLicenseFromType(value string, t license.Type) License
- func NewLicenseFromURLs(value string, urls ...string) License
- func NewLicensesFromLocation(location file.Location, values ...string) (licenses []License)
- func NewLicensesFromValues(values ...string) (licenses []License)
- type LicenseSet
- type Licenses
- type LinuxKernel
- type LinuxKernelModule
- type LinuxKernelModuleParameter
- type LuaRocksPackage
- type MicrosoftKbPatch
- type NixStoreEntry
- type NpmPackage
- type NpmPackageLockEntry
- type OpamPackage
- type Package
- type PhpComposerAuthors
- type PhpComposerExternalReference
- type PhpComposerInstalledEntry
- type PhpComposerLockEntry
- type PhpPeclEntry
- type PortageEntry
- type PortageFileRecord
- type PythonDirectURLOriginInfo
- type PythonFileDigest
- type PythonFileRecord
- type PythonPackage
- type PythonPipfileLockEntry
- type PythonPoetryLockDependencyEntry
- type PythonPoetryLockEntry
- type PythonPoetryLockExtraEntry
- type PythonRequirementsEntry
- type RDescription
- type RpmArchive
- type RpmDBEntry
- type RpmFileMode
- type RpmFileRecord
- type RubyGemspec
- type RustBinaryAuditEntry
- type RustCargoLockEntry
- type SwiftPackageManagerResolvedEntry
- type SwiplPackEntry
- type Type
- type WordpressPluginEntry
- type YarnLockEntry
Constants ¶
const ( EvidenceAnnotationKey = "evidence" PrimaryEvidenceAnnotation = "primary" SupportingEvidenceAnnotation = "supporting" )
const ( PURLQualifierArch = "arch" PURLQualifierDistro = "distro" PURLQualifierEpoch = "epoch" PURLQualifierVCSURL = "vcs_url" // PURLQualifierUpstream this qualifier is not in the pURL spec, but is used by grype to perform indirect matching based on source information PURLQualifierUpstream = "upstream" )
const AlpmDBGlob = "**/var/lib/pacman/local/**/desc"
const ApkDBGlob = "**/lib/apk/db/installed"
const DpkgDBGlob = "**/var/lib/dpkg/{status,status.d/**}"
const RpmDBGlob = "**/{var/lib,usr/share,usr/lib/sysimage}/rpm/{Packages,Packages.db,rpmdb.sqlite}"
RpmDBGlob is the glob pattern used to find RPM DB files. Where: - /var/lib/rpm/... is the typical path for most distributions - /usr/share/rpm/... is common for rpm-ostree distributions (coreos-like) - Packages is the legacy Berkeley db based format - Packages.db is the "ndb" format used in SUSE - rpmdb.sqlite is the sqlite format used in fedora + derivates
const RpmManifestGlob = "**/var/lib/rpmmanifest/container-manifest-2"
RpmManifestGlob is used in CBL-Mariner distroless images
Variables ¶
var AllLanguages = []Language{ CPP, Dart, Dotnet, Elixir, Erlang, Go, Haskell, Java, JavaScript, Lua, OCaml, PHP, Python, R, Ruby, Rust, Swift, Swipl, }
AllLanguages is a set of all programming languages detected by syft.
var AllPkgs = []Type{ AlpmPkg, ApkPkg, BinaryPkg, CocoapodsPkg, ConanPkg, DartPubPkg, DebPkg, DotnetPkg, ErlangOTPPkg, GemPkg, GithubActionPkg, GithubActionWorkflowPkg, GoModulePkg, HackagePkg, HexPkg, JavaPkg, JenkinsPluginPkg, KbPkg, LinuxKernelPkg, LinuxKernelModulePkg, NixPkg, NpmPkg, PhpComposerPkg, PhpPeclPkg, PortagePkg, PythonPkg, Rpkg, LuaRocksPkg, RpmPkg, RustPkg, SwiftPkg, SwiplPackPkg, OpamPkg, WordpressPluginPkg, }
AllPkgs represents all supported package types
Functions ¶
func IsValid ¶ added in v0.47.0
IsValid checks whether a package has the minimum necessary info which is a non-empty name. The nil-check was added as a helper as often, in this code base, packages move between callers as pointers. CycloneDX and SPDX define Name as the minimum required info for a valid package: * https://spdx.github.io/spdx-spec/package-information/#73-package-version-field * https://cyclonedx.org/docs/1.4/json/#components_items_name
func PURLQualifiers ¶ added in v0.60.0
Types ¶
type AlpmDBEntry ¶ added in v0.95.0
type AlpmDBEntry struct { BasePackage string `mapstructure:"base" json:"basepackage" cyclonedx:"basepackage"` Package string `mapstructure:"name" json:"package" cyclonedx:"package"` Version string `mapstructure:"version" json:"version" cyclonedx:"version"` Description string `mapstructure:"desc" json:"description" cyclonedx:"description"` Architecture string `mapstructure:"arch" json:"architecture" cyclonedx:"architecture"` Size int `mapstructure:"size" json:"size" cyclonedx:"size"` Packager string `mapstructure:"packager" json:"packager"` URL string `mapstructure:"url" json:"url"` Validation string `mapstructure:"validation" json:"validation"` Reason int `mapstructure:"reason" json:"reason"` Files []AlpmFileRecord `mapstructure:"files" json:"files"` Backup []AlpmFileRecord `mapstructure:"backup" json:"backup"` Provides []string `mapstructure:"provides" json:"provides,omitempty"` Depends []string `mapstructure:"depends" json:"depends,omitempty"` }
AlpmDBEntry is a struct that represents the package data stored in the pacman fla-filet stores for arch linux.
func (AlpmDBEntry) OwnedFiles ¶ added in v0.95.0
func (m AlpmDBEntry) OwnedFiles() (result []string)
type AlpmFileRecord ¶ added in v0.48.0
type AlpmFileRecord struct { Path string `mapstruture:"path" json:"path,omitempty"` Type string `mapstructure:"type" json:"type,omitempty"` UID string `mapstructure:"uid" json:"uid,omitempty"` GID string `mapstructure:"gid" json:"gid,omitempty"` Time time.Time `mapstructure:"time" json:"time,omitempty"` Size string `mapstructure:"size" json:"size,omitempty"` Link string `mapstructure:"link" json:"link,omitempty"` Digests []file.Digest `mapstructure:"digests" json:"digest,omitempty"` }
type ApkDBEntry ¶ added in v0.95.0
type ApkDBEntry struct { Package string `mapstructure:"P" json:"package"` OriginPackage string `mapstructure:"o" json:"originPackage" cyclonedx:"originPackage"` Maintainer string `mapstructure:"m" json:"maintainer"` Version string `mapstructure:"V" json:"version"` Architecture string `mapstructure:"A" json:"architecture"` URL string `mapstructure:"U" json:"url"` Description string `mapstructure:"T" json:"description"` Size int `mapstructure:"S" json:"size" cyclonedx:"size"` InstalledSize int `mapstructure:"I" json:"installedSize" cyclonedx:"installedSize"` Dependencies []string `mapstructure:"D" json:"pullDependencies" cyclonedx:"pullDependencies"` Provides []string `mapstructure:"p" json:"provides" cyclonedx:"provides"` Checksum string `mapstructure:"C" json:"pullChecksum" cyclonedx:"pullChecksum"` GitCommit string `mapstructure:"c" json:"gitCommitOfApkPort" cyclonedx:"gitCommitOfApkPort"` Files []ApkFileRecord `json:"files"` }
ApkDBEntry represents all captured data for the alpine linux package manager flat-file store. See the following sources for more information: - https://wiki.alpinelinux.org/wiki/Apk_spec - https://git.alpinelinux.org/apk-tools/tree/src/package.c - https://git.alpinelinux.org/apk-tools/tree/src/database.c
func (ApkDBEntry) OwnedFiles ¶ added in v0.95.0
func (m ApkDBEntry) OwnedFiles() (result []string)
func (*ApkDBEntry) UnmarshalJSON ¶ added in v0.95.0
func (m *ApkDBEntry) UnmarshalJSON(data []byte) error
type ApkFileRecord ¶
type ApkFileRecord struct { Path string `json:"path"` OwnerUID string `json:"ownerUid,omitempty"` OwnerGID string `json:"ownerGid,omitempty"` Permissions string `json:"permissions,omitempty"` Digest *file.Digest `json:"digest,omitempty"` }
ApkFileRecord represents a single file listing and metadata from a APK DB entry (which may have many of these file records).
type BinarySignature ¶ added in v0.95.0
type BinarySignature struct {
Matches []ClassifierMatch `mapstructure:"Matches" json:"matches"`
}
BinarySignature represents a set of matched values within a binary file.
type Cataloger ¶ added in v0.60.0
type Cataloger interface { // Name returns a string that uniquely describes a cataloger Name() string // Catalog is given an object to resolve file references and content, this function returns any discovered Packages after analyzing the catalog source. Catalog(context.Context, file.Resolver) ([]Package, []artifact.Relationship, error) }
Cataloger describes behavior for an object to participate in parsing container image or file system contents for the purpose of discovering Packages. Each concrete implementation should focus on discovering Packages for a specific Package Type or ecosystem.
type ClassifierMatch ¶ added in v0.73.0
type ClassifierMatch struct { Classifier string `mapstructure:"Classifier" json:"classifier"` Location file.Location `mapstructure:"Location" json:"location"` }
ClassifierMatch represents a single matched value within a binary file and the "class" name the search pattern represents.
type CocoaPodfileLockEntry ¶ added in v0.95.0
type CocoaPodfileLockEntry struct {
Checksum string `mapstructure:"checksum" json:"checksum"`
}
CocoaPodfileLockEntry represents a single entry from the "Pods" section of a Podfile.lock file.
type Collection ¶ added in v0.80.0
type Collection struct {
// contains filtered or unexported fields
}
Collection represents a collection of Packages.
func NewCollection ¶ added in v0.80.0
func NewCollection(pkgs ...Package) *Collection
NewCollection returns a new empty Collection
func (*Collection) Add ¶ added in v0.80.0
func (c *Collection) Add(pkgs ...Package)
Add n packages to the collection.
func (*Collection) Delete ¶ added in v0.80.0
func (c *Collection) Delete(ids ...artifact.ID)
func (*Collection) Enumerate ¶ added in v0.80.0
func (c *Collection) Enumerate(types ...Type) <-chan Package
Enumerate all packages for the given type(s), enumerating all packages if no type is specified.
func (*Collection) Package ¶ added in v0.80.0
func (c *Collection) Package(id artifact.ID) *Package
Package returns the package with the given ID.
func (*Collection) PackageCount ¶ added in v0.80.0
func (c *Collection) PackageCount() int
PackageCount returns the total number of packages that have been added.
func (*Collection) Packages ¶ added in v0.80.0
func (c *Collection) Packages(ids []artifact.ID) (result []Package)
Packages returns all packages for the given ID.
func (*Collection) PackagesByName ¶ added in v0.80.0
func (c *Collection) PackagesByName(name string) []Package
PackagesByName returns all packages that were discovered with a matching name.
func (*Collection) PackagesByPath ¶ added in v0.80.0
func (c *Collection) PackagesByPath(path string) []Package
PackagesByPath returns all packages that were discovered from the given path.
func (*Collection) Sorted ¶ added in v0.80.0
func (c *Collection) Sorted(types ...Type) (pkgs []Package)
Sorted enumerates all packages for the given types sorted by package name. Enumerates all packages if no type is specified.
type ConanV1LockEntry ¶ added in v0.104.0
type ConanV1LockEntry struct { Ref string `json:"ref"` PackageID string `json:"package_id,omitempty"` Prev string `json:"prev,omitempty"` Requires []string `json:"requires,omitempty"` BuildRequires []string `json:"build_requires,omitempty"` PythonRequires []string `json:"py_requires,omitempty"` Options KeyValues `json:"options,omitempty"` Path string `json:"path,omitempty"` Context string `json:"context,omitempty"` }
ConanV1LockEntry represents a single "node" entry from a conan.lock V1 file.
type ConanV2LockEntry ¶ added in v0.104.0
type ConanV2LockEntry struct { Ref string `json:"ref"` PackageID string `json:"packageID,omitempty"` Username string `json:"username,omitempty"` Channel string `json:"channel,omitempty"` RecipeRevision string `json:"recipeRevision,omitempty"` PackageRevision string `json:"packageRevision,omitempty"` TimeStamp string `json:"timestamp,omitempty"` }
ConanV2LockEntry represents a single "node" entry from a conan.lock V2 file.
type ConanfileEntry ¶ added in v0.95.0
type ConanfileEntry struct {
Ref string `mapstructure:"ref" json:"ref"`
}
ConanfileEntry represents a single "Requires" entry from a conanfile.txt.
type ConaninfoEntry ¶ added in v0.95.0
type ConaninfoEntry struct { Ref string `json:"ref"` PackageID string `json:"package_id,omitempty"` }
ConaninfoEntry represents a single "full_requires" entry from a conaninfo.txt.
type DartPubspecLockEntry ¶ added in v0.95.0
type DartPubspecLockEntry struct { Name string `mapstructure:"name" json:"name"` Version string `mapstructure:"version" json:"version"` HostedURL string `mapstructure:"hosted_url" json:"hosted_url,omitempty"` VcsURL string `mapstructure:"vcs_url" json:"vcs_url,omitempty"` }
DartPubspecLockEntry is a struct that represents a single entry found in the "packages" section in a Dart pubspec.lock file.
type DotnetDepsEntry ¶ added in v0.95.0
type DotnetDepsEntry struct { Name string `mapstructure:"name" json:"name"` Version string `mapstructure:"version" json:"version"` Path string `mapstructure:"path" json:"path"` Sha512 string `mapstructure:"sha512" json:"sha512"` HashPath string `mapstructure:"hashPath" json:"hashPath"` }
DotnetDepsEntry is a struct that represents a single entry found in the "libraries" section in a .NET [*.]deps.json file.
type DotnetPortableExecutableEntry ¶ added in v0.95.0
type DotnetPortableExecutableEntry struct { AssemblyVersion string `json:"assemblyVersion"` LegalCopyright string `json:"legalCopyright"` Comments string `json:"comments,omitempty"` InternalName string `json:"internalName,omitempty"` CompanyName string `json:"companyName"` ProductName string `json:"productName"` ProductVersion string `json:"productVersion"` }
DotnetPortableExecutableEntry is a struct that represents a single entry found within "VersionResources" section of a .NET Portable Executable binary file.
type DpkgDBEntry ¶ added in v0.95.0
type DpkgDBEntry struct { Package string `json:"package"` Source string `json:"source" cyclonedx:"source"` Version string `json:"version"` SourceVersion string `json:"sourceVersion" cyclonedx:"sourceVersion"` // Architecture can include the following sets of values depending on context and the control file used: // - a unique single word identifying a Debian machine architecture as described in Architecture specification string (https://www.debian.org/doc/debian-policy/ch-customized-programs.html#s-arch-spec) . // - an architecture wildcard identifying a set of Debian machine architectures, see Architecture wildcards (https://www.debian.org/doc/debian-policy/ch-customized-programs.html#s-arch-wildcard-spec). any matches all Debian machine architectures and is the most frequently used. // - "all", which indicates an architecture-independent package. // - "source", which indicates a source package. Architecture string `json:"architecture"` // Maintainer is the package maintainer’s name and email address. The name must come first, then the email // address inside angle brackets <> (in RFC822 format). Maintainer string `json:"maintainer"` InstalledSize int `json:"installedSize" cyclonedx:"installedSize"` // Description contains a description of the binary package, consisting of two parts, the synopsis or the short // description, and the long description (in a multiline format). Description string `hash:"ignore" json:"-"` // Provides is a virtual package that is provided by one or more packages. A virtual package is one which appears // in the Provides control field of another package. The effect is as if the package(s) which provide a particular // virtual package name had been listed by name everywhere the virtual package name appears. (See also Virtual packages) Provides []string `json:"provides,omitempty"` // Depends This declares an absolute dependency. A package will not be configured unless all of the packages listed in // its Depends field have been correctly configured (unless there is a circular dependency). Depends []string `json:"depends,omitempty"` // PreDepends is like Depends, except that it also forces dpkg to complete installation of the packages named // before even starting the installation of the package which declares the pre-dependency. PreDepends []string `json:"preDepends,omitempty"` Files []DpkgFileRecord `json:"files"` }
DpkgDBEntry represents all captured data for a Debian package DB entry; available fields are described at http://manpages.ubuntu.com/manpages/xenial/man1/dpkg-query.1.html in the --showformat section. Additional information about how these fields are used can be found at
- https://www.debian.org/doc/debian-policy/ch-controlfields.html
- https://www.debian.org/doc/debian-policy/ch-relationships.html
- https://www.debian.org/doc/debian-policy/ch-binary.html#s-virtual-pkg
- https://www.debian.org/doc/debian-policy/ch-relationships.html#s-virtual
func (DpkgDBEntry) OwnedFiles ¶ added in v0.95.0
func (m DpkgDBEntry) OwnedFiles() (result []string)
type DpkgFileRecord ¶ added in v0.7.0
type DpkgFileRecord struct { Path string `json:"path"` Digest *file.Digest `json:"digest,omitempty"` IsConfigFile bool `json:"isConfigFile"` }
DpkgFileRecord represents a single file attributed to a debian package.
type ELFBinaryPackageNoteJSONPayload ¶ added in v1.1.0
type ELFBinaryPackageNoteJSONPayload struct { // Type is the type of the package (e.g. "rpm", "deb", "apk", etc.) Type string `json:"type,omitempty"` // Architecture of the binary package (e.g. "amd64", "arm", etc.) Architecture string `json:"architecture,omitempty"` // OS CPE is a CPE name for the OS, typically corresponding to CPE_NAME in os-release (e.g. cpe:/o:fedoraproject:fedora:33) OSCPE string `json:"osCPE,omitempty"` // OS is the OS name, typically corresponding to ID in os-release (e.g. "fedora") OS string `json:"os,omitempty"` // osVersion is the version of the OS, typically corresponding to VERSION_ID in os-release (e.g. "33") OSVersion string `json:"osVersion,omitempty"` // System is a context-specific name for the system that the binary package is intended to run on or a part of System string `json:"system,omitempty"` // Vendor is the individual or organization that produced the source code for the binary Vendor string `json:"vendor,omitempty"` // SourceRepo is the URL to the source repository for which the binary was built from SourceRepo string `json:"sourceRepo,omitempty"` // Commit is the commit hash of the source repository for which the binary was built from Commit string `json:"commit,omitempty"` }
ELFBinaryPackageNoteJSONPayload Represents metadata captured from the .note.package section of the binary
type ElixirMixLockEntry ¶ added in v0.95.0
type ElixirMixLockEntry struct { Name string `mapstructure:"name" json:"name"` Version string `mapstructure:"version" json:"version"` PkgHash string `mapstructure:"pkgHash" json:"pkgHash"` PkgHashExt string `mapstructure:"pkgHashExt" json:"pkgHashExt"` }
ElixirMixLockEntry is a struct that represents a single entry in a mix.lock file
type ErlangRebarLockEntry ¶ added in v0.95.0
type ErlangRebarLockEntry struct { Name string `mapstructure:"name" json:"name"` Version string `mapstructure:"version" json:"version"` PkgHash string `mapstructure:"pkgHash" json:"pkgHash"` PkgHashExt string `mapstructure:"pkgHashExt" json:"pkgHashExt"` }
ErlangRebarLockEntry represents a single package entry from the "deps" section within an Erlang rebar.lock file.
type FileOwner ¶ added in v0.24.0
type FileOwner interface {
OwnedFiles() []string
}
FileOwner is the interface that wraps OwnedFiles method.
OwnedFiles returns a list of files that a piece of package Metadata indicates are owned by the package.
type GolangBinaryBuildinfoEntry ¶ added in v0.95.0
type GolangBinaryBuildinfoEntry struct { BuildSettings KeyValues `json:"goBuildSettings,omitempty" cyclonedx:"goBuildSettings"` GoCompiledVersion string `json:"goCompiledVersion" cyclonedx:"goCompiledVersion"` Architecture string `json:"architecture" cyclonedx:"architecture"` H1Digest string `json:"h1Digest,omitempty" cyclonedx:"h1Digest"` MainModule string `json:"mainModule,omitempty" cyclonedx:"mainModule"` GoCryptoSettings []string `json:"goCryptoSettings,omitempty" cyclonedx:"goCryptoSettings"` GoExperiments []string `json:"goExperiments,omitempty" cyclonedx:"goExperiments"` }
GolangBinaryBuildinfoEntry represents all captured data for a Golang binary
type GolangModuleEntry ¶ added in v0.95.0
type GolangModuleEntry struct {
H1Digest string `json:"h1Digest,omitempty" cyclonedx:"h1Digest"`
}
GolangModuleEntry represents all captured data for a Golang source scan with go.mod/go.sum
type HackageStackYamlEntry ¶ added in v0.95.0
type HackageStackYamlEntry struct {
PkgHash string `mapstructure:"pkgHash" json:"pkgHash,omitempty"`
}
HackageStackYamlEntry represents a single entry from the "extra-deps" section of a stack.yaml file.
type HackageStackYamlLockEntry ¶ added in v0.95.0
type HackageStackYamlLockEntry struct { PkgHash string `mapstructure:"pkgHash" json:"pkgHash,omitempty"` SnapshotURL string `mapstructure:"snapshotURL" json:"snapshotURL,omitempty"` }
HackageStackYamlLockEntry represents a single entry from the "packages" section of a stack.yaml.lock file.
type JavaArchive ¶ added in v0.95.0
type JavaArchive struct { VirtualPath string `json:"virtualPath" cyclonedx:"virtualPath"` // we need to include the virtual path in cyclonedx documents to prevent deduplication of jars within jars Manifest *JavaManifest `mapstructure:"Manifest" json:"manifest,omitempty"` PomProperties *JavaPomProperties `mapstructure:"PomProperties" json:"pomProperties,omitempty" cyclonedx:"-"` PomProject *JavaPomProject `mapstructure:"PomProject" json:"pomProject,omitempty"` ArchiveDigests []file.Digest `hash:"ignore" json:"digest,omitempty"` Parent *Package `hash:"ignore" json:"-"` // note: the parent cannot be included in the minimal definition of uniqueness since this field is not reproducible in an encode-decode cycle (is lossy). }
JavaArchive encapsulates all Java ecosystem metadata for a package as well as an (optional) parent relationship.
type JavaManifest ¶
type JavaManifest struct { Main KeyValues `json:"main,omitempty"` Sections []KeyValues `json:"sections,omitempty"` }
JavaManifest represents the fields of interest extracted from a Java archive's META-INF/MANIFEST.MF file.
func (JavaManifest) Section ¶ added in v0.104.0
func (m JavaManifest) Section(name string) KeyValues
func (*JavaManifest) UnmarshalJSON ¶ added in v0.104.0
func (m *JavaManifest) UnmarshalJSON(b []byte) error
type JavaPomParent ¶ added in v0.95.0
type JavaPomParent struct { GroupID string `json:"groupId"` ArtifactID string `json:"artifactId"` Version string `json:"version"` }
JavaPomParent contains the fields within the <parent> tag in a pom.xml file
type JavaPomProject ¶ added in v0.95.0
type JavaPomProject struct { Path string `json:"path"` Parent *JavaPomParent `json:"parent,omitempty"` GroupID string `json:"groupId"` ArtifactID string `json:"artifactId"` Version string `json:"version"` Name string `json:"name"` Description string `json:"description,omitempty"` URL string `json:"url,omitempty"` }
JavaPomProject represents fields of interest extracted from a Java archive's pom.xml file. See https://maven.apache.org/ref/3.6.3/maven-model/maven.html for more details.
type JavaPomProperties ¶ added in v0.95.0
type JavaPomProperties struct { Path string `mapstructure:"path" json:"path"` Name string `mapstructure:"name" json:"name"` GroupID string `mapstructure:"groupId" json:"groupId" cyclonedx:"groupID"` ArtifactID string `mapstructure:"artifactId" json:"artifactId" cyclonedx:"artifactID"` Version string `mapstructure:"version" json:"version"` Scope string `mapstructure:"scope" json:"scope,omitempty"` Extra map[string]string `mapstructure:",remain" json:"extraFields,omitempty"` }
JavaPomProperties represents the fields of interest extracted from a Java archive's pom.properties file.
func (JavaPomProperties) PkgTypeIndicated ¶ added in v0.95.0
func (p JavaPomProperties) PkgTypeIndicated() Type
PkgTypeIndicated returns the package Type indicated by the data contained in the JavaPomProperties.
type JavaVMInstallation ¶ added in v1.13.0
type JavaVMInstallation struct { Release JavaVMRelease `json:"release"` Files []string `json:"files"` }
func (JavaVMInstallation) OwnedFiles ¶ added in v1.13.0
func (m JavaVMInstallation) OwnedFiles() []string
type JavaVMRelease ¶ added in v1.13.0
type JavaVMRelease struct { // Implementor is extracted with the `java.vendor` JVM property Implementor string `mapstructure:"IMPLEMENTOR,omitempty" json:"implementor,omitempty"` // ImplementorVersion is extracted with the `java.vendor.version` JVM property ImplementorVersion string `mapstructure:"IMPLEMENTOR_VERSION,omitempty" json:"implementorVersion,omitempty"` // JavaRuntimeVersion is extracted from the 'java.runtime.version' JVM property JavaRuntimeVersion string `mapstructure:"JAVA_RUNTIME_VERSION,omitempty" json:"javaRuntimeVersion,omitempty"` // JavaVersion matches that from `java -version` command output JavaVersion string `mapstructure:"JAVA_VERSION,omitempty" json:"javaVersion,omitempty"` // JavaVersionDate is extracted from the 'java.version.date' JVM property JavaVersionDate string `mapstructure:"JAVA_VERSION_DATE,omitempty" json:"javaVersionDate,omitempty"` // Libc can either be 'glibc' or 'musl' Libc string `mapstructure:"LIBC,omitempty" json:"libc,omitempty"` // Modules is a list of JVM modules that are packaged Modules []string `mapstructure:"MODULES,omitempty" json:"modules,omitempty"` // OsArch is the target CPU architecture OsArch string `mapstructure:"OS_ARCH,omitempty" json:"osArch,omitempty"` // OsName is the name of the target runtime operating system environment OsName string `mapstructure:"OS_NAME,omitempty" json:"osName,omitempty"` // OsVersion is the version of the target runtime operating system environment OsVersion string `mapstructure:"OS_VERSION,omitempty" json:"osVersion,omitempty"` // Source refers to the origin repository of OpenJDK source Source string `mapstructure:"SOURCE,omitempty" json:"source,omitempty"` // BuildSource Git SHA of the build repository BuildSource string `mapstructure:"BUILD_SOURCE,omitempty" json:"buildSource,omitempty"` // BuildSourceRepo refers to rhe repository URL for the build source BuildSourceRepo string `mapstructure:"BUILD_SOURCE_REPO,omitempty" json:"buildSourceRepo,omitempty"` // SourceRepo refers to the OpenJDK repository URL SourceRepo string `mapstructure:"SOURCE_REPO,omitempty" json:"sourceRepo,omitempty"` // FullVersion is extracted from the 'java.runtime.version' JVM property FullVersion string `mapstructure:"FULL_VERSION,omitempty" json:"fullVersion,omitempty"` // SemanticVersion is derived from the OpenJDK version SemanticVersion string `mapstructure:"SEMANTIC_VERSION,omitempty" json:"semanticVersion,omitempty"` // BuildInfo contains additional build information BuildInfo string `mapstructure:"BUILD_INFO,omitempty" json:"buildInfo,omitempty"` // JvmVariant specifies the JVM variant (e.g., Hotspot or OpenJ9) JvmVariant string `mapstructure:"JVM_VARIANT,omitempty" json:"jvmVariant,omitempty"` // JvmVersion is extracted from the 'java.vm.version' JVM property JvmVersion string `mapstructure:"JVM_VERSION,omitempty" json:"jvmVersion,omitempty"` // ImageType can be 'JDK' or 'JRE' ImageType string `mapstructure:"IMAGE_TYPE,omitempty" json:"imageType,omitempty"` // BuildType can be 'commercial' (used in some older oracle JDK distributions) BuildType string `mapstructure:"BUILD_TYPE,omitempty" json:"buildType,omitempty"` }
type KeyValues ¶ added in v0.104.0
type KeyValues []KeyValue
func (*KeyValues) UnmarshalJSON ¶ added in v0.104.0
type Language ¶
type Language string
Language represents a single programming language.
const ( // the full set of supported programming languages UnknownLanguage Language = "" CPP Language = "c++" Dart Language = "dart" Dotnet Language = "dotnet" Elixir Language = "elixir" Erlang Language = "erlang" Go Language = "go" Haskell Language = "haskell" Java Language = "java" JavaScript Language = "javascript" Lua Language = "lua" OCaml Language = "ocaml" PHP Language = "php" Python Language = "python" R Language = "R" Ruby Language = "ruby" Rust Language = "rust" Swift Language = "swift" Swipl Language = "swipl" )
func LanguageByName ¶ added in v0.38.0
func LanguageFromPURL ¶ added in v0.37.0
type License ¶ added in v0.81.0
type License struct { Value string SPDXExpression string Type license.Type URLs []string `hash:"ignore"` Locations file.LocationSet `hash:"ignore"` }
License represents an SPDX Expression or license value extracted from a packages metadata We want to ignore URLs and Location since we merge these fields across equal licenses. A License is a unique combination of value, expression and type, where its sources are always considered merged and additions to the evidence of where it was found and how it was sourced. This is different from how we treat a package since we consider package paths in order to distinguish if packages should be kept separate this is different for licenses since we're only looking for evidence of where a license was declared/concluded for a given package
func NewLicense ¶ added in v0.81.0
func NewLicenseFromFields ¶ added in v0.93.0
func NewLicenseFromLocations ¶ added in v0.81.0
func NewLicenseFromType ¶ added in v0.81.0
func NewLicenseFromURLs ¶ added in v0.81.0
func NewLicensesFromLocation ¶ added in v0.81.0
func NewLicensesFromValues ¶ added in v0.81.0
func (License) Merge ¶ added in v0.81.0
Merge two licenses into a new license object. If the merge is not possible due to unmergeable fields (e.g. different values for Value, SPDXExpression, Type, or any non-collection type) an error is returned. TODO: this is a bit of a hack to not infinitely recurse when hashing a license
type LicenseSet ¶ added in v0.81.0
type LicenseSet struct {
// contains filtered or unexported fields
}
func NewLicenseSet ¶ added in v0.81.0
func NewLicenseSet(licenses ...License) (s LicenseSet)
func (*LicenseSet) Add ¶ added in v0.81.0
func (s *LicenseSet) Add(licenses ...License)
func (LicenseSet) Empty ¶ added in v0.81.0
func (s LicenseSet) Empty() bool
func (LicenseSet) Hash ¶ added in v0.81.0
func (s LicenseSet) Hash() (uint64, error)
func (LicenseSet) ToSlice ¶ added in v0.81.0
func (s LicenseSet) ToSlice() []License
type LinuxKernel ¶ added in v0.95.0
type LinuxKernel struct { Name string `mapstructure:"name" json:"name" cyclonedx:"name"` Architecture string `mapstructure:"architecture" json:"architecture" cyclonedx:"architecture"` Version string `mapstructure:"version" json:"version" cyclonedx:"version"` ExtendedVersion string `mapstructure:"extendedVersion" json:"extendedVersion,omitempty" cyclonedx:"extendedVersion"` BuildTime string `mapstructure:"buildTime" json:"buildTime,omitempty" cyclonedx:"buildTime"` Author string `mapstructure:"author" json:"author,omitempty" cyclonedx:"author"` Format string `mapstructure:"format" json:"format,omitempty" cyclonedx:"format"` RWRootFS bool `mapstructure:"rwRootFS" json:"rwRootFS,omitempty" cyclonedx:"rwRootFS"` SwapDevice int `mapstructure:"swapDevice" json:"swapDevice,omitempty" cyclonedx:"swapDevice"` RootDevice int `mapstructure:"rootDevice" json:"rootDevice,omitempty" cyclonedx:"rootDevice"` VideoMode string `mapstructure:"videoMode" json:"videoMode,omitempty" cyclonedx:"videoMode"` }
LinuxKernel represents all captured data for a Linux kernel
type LinuxKernelModule ¶ added in v0.95.0
type LinuxKernelModule struct { Name string `mapstructure:"name" json:"name,omitempty" cyclonedx:"name"` Version string `mapstructure:"version" json:"version,omitempty" cyclonedx:"version"` SourceVersion string `mapstructure:"sourceVersion" json:"sourceVersion,omitempty" cyclonedx:"sourceVersion"` Path string `mapstructure:"path" json:"path,omitempty" cyclonedx:"path"` Description string `mapstructure:"description" json:"description,omitempty" cyclonedx:"description"` Author string `mapstructure:"author" json:"author,omitempty" cyclonedx:"author"` License string `mapstructure:"license" json:"license,omitempty" cyclonedx:"license"` KernelVersion string `mapstructure:"kernelVersion" json:"kernelVersion,omitempty" cyclonedx:"kernelVersion"` VersionMagic string `mapstructure:"versionMagic" json:"versionMagic,omitempty" cyclonedx:"versionMagic"` Parameters map[string]LinuxKernelModuleParameter `mapstructure:"parameters" json:"parameters,omitempty" cyclonedx:"parameters"` }
type LinuxKernelModuleParameter ¶ added in v0.78.0
type LuaRocksPackage ¶ added in v1.5.0
type MicrosoftKbPatch ¶ added in v0.95.0
type MicrosoftKbPatch struct { ProductID string `toml:"product_id" json:"product_id"` Kb string `toml:"kb" json:"kb"` }
MicrosoftKbPatch is slightly odd in how it is expected to map onto data. This is critical to grasp because there is no MSRC cataloger. The `ProductID` field is expected to be the MSRC Product ID, for example: "Windows 10 Version 1703 for 32-bit Systems". `Kb` is expected to be the actual KB number, for example "5001028"
type NixStoreEntry ¶ added in v0.95.0
type NixStoreEntry struct { // OutputHash is the prefix of the nix store basename path OutputHash string `mapstructure:"outputHash" json:"outputHash"` // Output allows for optionally specifying the specific nix package output this package represents (for packages that support multiple outputs). // Note: the default output for a package is an empty string, so will not be present in the output. Output string `mapstructure:"output" json:"output,omitempty"` // Files is a listing a files that are under the nix/store path for this package Files []string `mapstructure:"files" json:"files"` }
func (NixStoreEntry) OwnedFiles ¶ added in v0.95.0
func (m NixStoreEntry) OwnedFiles() (result []string)
type NpmPackage ¶ added in v0.95.0
type NpmPackage struct { Name string `mapstructure:"name" json:"name"` Version string `mapstructure:"version" json:"version"` Author string `mapstructure:"author" json:"author"` Homepage string `mapstructure:"homepage" json:"homepage"` Description string `mapstructure:"description" json:"description"` URL string `mapstructure:"url" json:"url"` Private bool `mapstructure:"private" json:"private"` }
NpmPackage represents the contents of a javascript package.json file.
type NpmPackageLockEntry ¶ added in v0.95.0
type NpmPackageLockEntry struct { Resolved string `mapstructure:"resolved" json:"resolved"` Integrity string `mapstructure:"integrity" json:"integrity"` }
NpmPackageLockEntry represents a single entry within the "packages" section of a package-lock.json file.
type OpamPackage ¶ added in v1.12.0
type OpamPackage struct { Name string `toml:"name" json:"name"` Version string `toml:"version" json:"version"` Licenses []string `mapstructure:"licenses" json:"licenses"` URL string `mapstructure:"url" json:"url"` Checksums []string `mapstructure:"checksums" json:"checksum"` Homepage string `json:"homepage"` Dependencies []string `toml:"dependencies" json:"dependencies"` }
type Package ¶
type Package struct { Name string // the package name Version string // the version of the package FoundBy string `hash:"ignore" cyclonedx:"foundBy"` // the specific cataloger that discovered this package Locations file.LocationSet // the locations that lead to the discovery of this package (note: this is not necessarily the locations that make up this package) Licenses LicenseSet // licenses discovered with the package metadata Language Language `hash:"ignore" cyclonedx:"language"` // the language ecosystem this package belongs to (e.g. JavaScript, Python, etc) Type Type `cyclonedx:"type"` // the package type (e.g. Npm, Yarn, Python, Rpm, Deb, etc) CPEs []cpe.CPE `hash:"ignore"` // all possible Common Platform Enumerators (note: this is NOT included in the definition of the ID since all fields on a CPE are derived from other fields) PURL string `hash:"ignore"` // the Package URL (see https://github.com/package-url/purl-spec) Metadata interface{} // additional data found while parsing the package source // contains filtered or unexported fields }
Package represents an application or library that has been bundled into a distributable format. TODO: if we ignore FoundBy for ID generation should we merge the field to show it was found in two places?
func (*Package) OverrideID ¶ added in v0.45.0
type PhpComposerAuthors ¶ added in v0.36.0
type PhpComposerExternalReference ¶ added in v0.36.0
type PhpComposerInstalledEntry ¶ added in v0.95.0
type PhpComposerInstalledEntry PhpComposerLockEntry
PhpComposerInstalledEntry represents a single package entry from a composer v1/v2 "installed.json" files (very similar to composer.lock files).
type PhpComposerLockEntry ¶ added in v0.95.0
type PhpComposerLockEntry struct { Name string `json:"name"` Version string `json:"version"` Source PhpComposerExternalReference `json:"source"` Dist PhpComposerExternalReference `json:"dist"` Require map[string]string `json:"require,omitempty"` Provide map[string]string `json:"provide,omitempty"` RequireDev map[string]string `json:"require-dev,omitempty"` Suggest map[string]string `json:"suggest,omitempty"` License []string `json:"license,omitempty"` Type string `json:"type,omitempty"` NotificationURL string `json:"notification-url,omitempty"` Bin []string `json:"bin,omitempty"` Authors []PhpComposerAuthors `json:"authors,omitempty"` Description string `json:"description,omitempty"` Homepage string `json:"homepage,omitempty"` Keywords []string `json:"keywords,omitempty"` Time string `json:"time,omitempty"` }
PhpComposerLockEntry represents a single package entry found from a composer.lock file.
type PhpPeclEntry ¶ added in v1.1.1
type PortageEntry ¶ added in v0.95.0
type PortageEntry struct { InstalledSize int `mapstructure:"InstalledSize" json:"installedSize" cyclonedx:"installedSize"` Files []PortageFileRecord `json:"files"` }
PortageEntry represents a single package entry in the portage DB flat-file store.
func (PortageEntry) OwnedFiles ¶ added in v0.95.0
func (m PortageEntry) OwnedFiles() (result []string)
type PortageFileRecord ¶ added in v0.51.0
type PortageFileRecord struct { Path string `json:"path"` Digest *file.Digest `json:"digest,omitempty"` }
PortageFileRecord represents a single file attributed to a portage package.
type PythonDirectURLOriginInfo ¶ added in v0.34.0
type PythonFileDigest ¶ added in v0.8.0
PythonFileDigest represents the file metadata for a single file attributed to a python package.
type PythonFileRecord ¶ added in v0.4.0
type PythonFileRecord struct { Path string `json:"path"` Digest *PythonFileDigest `json:"digest,omitempty"` Size string `json:"size,omitempty"` }
PythonFileRecord represents a single entry within a RECORD file for a python wheel or egg package
type PythonPackage ¶ added in v0.95.0
type PythonPackage struct { Name string `json:"name" mapstruct:"Name"` Version string `json:"version" mapstruct:"Version"` Author string `json:"author" mapstruct:"Author"` AuthorEmail string `json:"authorEmail" mapstruct:"Authoremail"` Platform string `json:"platform" mapstruct:"Platform"` Files []PythonFileRecord `json:"files,omitempty"` SitePackagesRootPath string `json:"sitePackagesRootPath"` TopLevelPackages []string `json:"topLevelPackages,omitempty"` DirectURLOrigin *PythonDirectURLOriginInfo `json:"directUrlOrigin,omitempty"` RequiresPython string `json:"requiresPython,omitempty" mapstruct:"RequiresPython"` RequiresDist []string `json:"requiresDist,omitempty" mapstruct:"RequiresDist"` ProvidesExtra []string `json:"providesExtra,omitempty" mapstruct:"ProvidesExtra"` }
PythonPackage represents all captured data for a python egg or wheel package (specifically as outlined in the PyPA core metadata specification https://packaging.python.org/en/latest/specifications/core-metadata/). Historically these were defined in PEPs 345, 314, and 241, but have been superseded by PEP 566. This means that this struct can (partially) express at least versions 1.0, 1.1, 1.2, 2.1, 2.2, and 2.3 of the metadata format.
func (PythonPackage) OwnedFiles ¶ added in v0.95.0
func (m PythonPackage) OwnedFiles() (result []string)
type PythonPipfileLockEntry ¶ added in v0.95.0
type PythonPipfileLockEntry struct { Hashes []string `mapstructure:"hashes" json:"hashes"` Index string `mapstructure:"index" json:"index"` }
PythonPipfileLockEntry represents a single package entry within a Pipfile.lock file.
type PythonPoetryLockDependencyEntry ¶ added in v1.6.0
type PythonPoetryLockEntry ¶ added in v0.104.0
type PythonPoetryLockEntry struct { Index string `mapstructure:"index" json:"index"` Dependencies []PythonPoetryLockDependencyEntry `json:"dependencies"` Extras []PythonPoetryLockExtraEntry `json:"extras,omitempty"` }
PythonPoetryLockEntry represents a single package entry within a Pipfile.lock file.
type PythonPoetryLockExtraEntry ¶ added in v1.6.0
type PythonRequirementsEntry ¶ added in v0.95.0
type PythonRequirementsEntry struct { Name string `json:"name" mapstruct:"Name"` Extras []string `json:"extras,omitempty" mapstruct:"Extras"` VersionConstraint string `json:"versionConstraint" mapstruct:"VersionConstraint"` URL string `json:"url,omitempty" mapstruct:"URL"` Markers string `json:"markers,omitempty" mapstruct:"Markers"` }
PythonRequirementsEntry represents a single entry within a [*-]requirements.txt file.
type RDescription ¶ added in v0.95.0
type RDescription struct { /* Fields chosen by: docker run --rm -it rocker/r-ver bash $ install2.r ggplot2 # has a lot of dependencies $ find /usr/local/lib/R -name DESCRIPTION | xargs cat | grep -v '^\s' | cut -d ':' -f 1 | sort | uniq -c | sort -nr For more information on the DESCRIPTION file see https://r-pkgs.org/description.html */ Title string `json:"title,omitempty"` Description string `json:"description,omitempty"` Author string `json:"author,omitempty"` Maintainer string `json:"maintainer,omitempty"` URL []string `json:"url,omitempty"` Repository string `json:"repository,omitempty"` Built string `json:"built,omitempty"` NeedsCompilation bool `json:"needsCompilation,omitempty"` Imports []string `json:"imports,omitempty"` Depends []string `json:"depends,omitempty"` Suggests []string `json:"suggests,omitempty"` }
type RpmArchive ¶ added in v0.95.0
type RpmArchive RpmDBEntry
RpmArchive represents all captured data from a RPM package archive.
type RpmDBEntry ¶ added in v0.95.0
type RpmDBEntry struct { Name string `json:"name"` Version string `json:"version"` Epoch *int `json:"epoch" cyclonedx:"epoch" jsonschema:"nullable"` Arch string `json:"architecture"` Release string `json:"release" cyclonedx:"release"` SourceRpm string `json:"sourceRpm" cyclonedx:"sourceRpm"` Size int `json:"size" cyclonedx:"size"` Vendor string `json:"vendor"` ModularityLabel *string `json:"modularityLabel,omitempty"` Provides []string `json:"provides,omitempty"` Requires []string `json:"requires,omitempty"` Files []RpmFileRecord `json:"files"` }
RpmDBEntry represents all captured data from a RPM DB package entry.
func (RpmDBEntry) OwnedFiles ¶ added in v0.95.0
func (m RpmDBEntry) OwnedFiles() (result []string)
type RpmFileMode ¶ added in v0.95.0
type RpmFileMode uint16
RpmFileMode is the raw file mode for a single file. This can be interpreted as the linux stat.h mode (see https://pubs.opengroup.org/onlinepubs/007908799/xsh/sysstat.h.html)
type RpmFileRecord ¶ added in v0.95.0
type RpmFileRecord struct { Path string `json:"path"` Mode RpmFileMode `json:"mode"` Size int `json:"size"` Digest file.Digest `json:"digest"` UserName string `json:"userName"` GroupName string `json:"groupName"` Flags string `json:"flags"` }
RpmFileRecord represents the file metadata for a single file attributed to a RPM package.
type RubyGemspec ¶ added in v0.95.0
type RubyGemspec struct { Name string `mapstructure:"name" json:"name"` Version string `mapstructure:"version" json:"version"` // note regarding if Files can contribute to GemMetadata being able to implement FileOwner: this list is a // "logical" list of files, not a list of paths that can be used to find the files without additional processing. // // For example: The "bundler" gem has a file entry of: // "lib/bundler/vendor/uri/lib/uri/ldap.rb" // but the actual file is located at: // "/usr/local/lib/ruby/3.2.0/bundler/vendor/uri/lib/uri/ldap.rb" // which do not match (the "lib" prefix is missing even for relative processing). // // without additional information about: // - the gem installation path // - the ruby installation path // - the ruby version // - environment variables (e.g. GEM_HOME) that may affect the gem installation path // ... we can't reliably determine the full path to the file on disk, thus cannot implement FileOwner (...yet...). Files []string `mapstructure:"files" json:"files,omitempty"` Authors []string `mapstructure:"authors" json:"authors,omitempty"` Homepage string `mapstructure:"homepage" json:"homepage,omitempty"` }
RubyGemspec represents all metadata parsed from the *.gemspec file
type RustBinaryAuditEntry ¶ added in v0.95.0
type RustCargoLockEntry ¶ added in v0.95.0
type SwiftPackageManagerResolvedEntry ¶ added in v0.95.0
type SwiftPackageManagerResolvedEntry struct {
Revision string `mapstructure:"revision" json:"revision"`
}
type SwiplPackEntry ¶ added in v1.11.0
type SwiplPackEntry struct { Name string `toml:"name" json:"name"` Version string `toml:"version" json:"version"` Author string `json:"author" mapstruct:"Author"` AuthorEmail string `json:"authorEmail" mapstruct:"Authoremail"` Packager string `json:"packager" mapstructure:"Packager"` PackagerEmail string `json:"packagerEmail" mapstruct:"Packageremail"` Homepage string `json:"homepage"` Dependencies []string `toml:"dependencies" json:"dependencies"` }
type Type ¶
type Type string
Type represents a Package Type for or within a language ecosystem (there may be multiple package types within a language ecosystem)
const ( // the full set of supported packages UnknownPkg Type = "UnknownPackage" AlpmPkg Type = "alpm" ApkPkg Type = "apk" BinaryPkg Type = "binary" CocoapodsPkg Type = "pod" ConanPkg Type = "conan" DartPubPkg Type = "dart-pub" DebPkg Type = "deb" DotnetPkg Type = "dotnet" ErlangOTPPkg Type = "erlang-otp" GemPkg Type = "gem" GithubActionPkg Type = "github-action" GithubActionWorkflowPkg Type = "github-action-workflow" GoModulePkg Type = "go-module" GraalVMNativeImagePkg Type = "graalvm-native-image" HackagePkg Type = "hackage" HexPkg Type = "hex" JavaPkg Type = "java-archive" JenkinsPluginPkg Type = "jenkins-plugin" KbPkg Type = "msrc-kb" LinuxKernelPkg Type = "linux-kernel" LinuxKernelModulePkg Type = "linux-kernel-module" NixPkg Type = "nix" NpmPkg Type = "npm" PhpComposerPkg Type = "php-composer" PhpPeclPkg Type = "php-pecl" PortagePkg Type = "portage" PythonPkg Type = "python" Rpkg Type = "R-package" LuaRocksPkg Type = "lua-rocks" RpmPkg Type = "rpm" RustPkg Type = "rust-crate" SwiftPkg Type = "swift" SwiplPackPkg Type = "swiplpack" OpamPkg Type = "opam" WordpressPluginPkg Type = "wordpress-plugin" )
func TypeByName ¶ added in v0.38.0
func TypeFromPURL ¶ added in v0.37.0
func (Type) PackageURLType ¶
PackageURLType returns the PURL package type for the current package.
type WordpressPluginEntry ¶ added in v0.105.0
type WordpressPluginEntry struct { PluginInstallDirectory string `mapstructure:"pluginInstallDirectory" json:"pluginInstallDirectory"` Author string `mapstructure:"author" json:"author,omitempty"` AuthorURI string `mapstructure:"authorUri" json:"authorUri,omitempty"` }
WordpressPluginEntry represents all metadata parsed from the wordpress plugin file
type YarnLockEntry ¶ added in v0.104.0
type YarnLockEntry struct { Resolved string `mapstructure:"resolved" json:"resolved"` Integrity string `mapstructure:"integrity" json:"integrity"` }
YarnLockEntry represents a single entry section of a yarn.lock file.
Source Files ¶
- alpm.go
- apk.go
- binary.go
- cataloger.go
- cocoapods.go
- collection.go
- conan.go
- dart.go
- dotnet.go
- dpkg.go
- elixir.go
- erlang.go
- evidence.go
- file_owner.go
- golang.go
- hackage.go
- java.go
- key_value.go
- language.go
- license.go
- license_set.go
- linux_kernel.go
- microsoft.go
- nix.go
- npm.go
- ocaml.go
- package.go
- php.go
- portage.go
- python.go
- r.go
- rockspec.go
- rpm.go
- ruby.go
- rust.go
- swift.go
- swipl.go
- type.go
- url.go
- wordpress.go
Directories ¶
Path | Synopsis |
---|---|
cataloger
|
|
alpine
Package alpine provides a concrete Cataloger implementations for packages relating to the Alpine linux distribution.
|
Package alpine provides a concrete Cataloger implementations for packages relating to the Alpine linux distribution. |
arch
Package arch provides a concrete Cataloger implementations for packages relating to the Arch linux distribution.
|
Package arch provides a concrete Cataloger implementations for packages relating to the Arch linux distribution. |
binary
Package binary provides a concrete cataloger implementations for surfacing possible packages based on signatures found within binary files.
|
Package binary provides a concrete cataloger implementations for surfacing possible packages based on signatures found within binary files. |
cpp
Package cpp provides a concrete Cataloger implementations for the C/C++ language ecosystem.
|
Package cpp provides a concrete Cataloger implementations for the C/C++ language ecosystem. |
dart
Package dart provides a concrete Cataloger implementations for the Dart language ecosystem.
|
Package dart provides a concrete Cataloger implementations for the Dart language ecosystem. |
debian
Package debian provides a concrete Cataloger implementation relating to packages within the Debian linux distribution.
|
Package debian provides a concrete Cataloger implementation relating to packages within the Debian linux distribution. |
dotnet
Package dotnet provides a concrete Cataloger implementation relating to packages within the C#/.NET language/runtime ecosystem.
|
Package dotnet provides a concrete Cataloger implementation relating to packages within the C#/.NET language/runtime ecosystem. |
elixir
Package elixir provides a concrete Cataloger implementation relating to packages within the Elixir language ecosystem.
|
Package elixir provides a concrete Cataloger implementation relating to packages within the Elixir language ecosystem. |
erlang
Package erlang provides concrete Catalogers implementation relating to packages within the Erlang language ecosystem.
|
Package erlang provides concrete Catalogers implementation relating to packages within the Erlang language ecosystem. |
gentoo
Package gentoo provides a concrete Cataloger implementation related to packages within the Gentoo linux ecosystem.
|
Package gentoo provides a concrete Cataloger implementation related to packages within the Gentoo linux ecosystem. |
githubactions
Package githubactions provides a concrete Cataloger implementation for GitHub Actions packages (both actions and workflows).
|
Package githubactions provides a concrete Cataloger implementation for GitHub Actions packages (both actions and workflows). |
golang
Package golang provides a concrete Cataloger implementation relating to packages within the Go language ecosystem.
|
Package golang provides a concrete Cataloger implementation relating to packages within the Go language ecosystem. |
haskell
Package haskell provides a concrete Cataloger implementation relating to packages within the Haskell language ecosystem.
|
Package haskell provides a concrete Cataloger implementation relating to packages within the Haskell language ecosystem. |
internal/cpegenerate/dictionary/index-generator
This program downloads the latest CPE dictionary from NIST and processes it into a JSON file that can be embedded into Syft for more accurate CPE results.
|
This program downloads the latest CPE dictionary from NIST and processes it into a JSON file that can be embedded into Syft for more accurate CPE results. |
java
Package java provides a concrete Cataloger implementation for packages relating to the Java language ecosystem.
|
Package java provides a concrete Cataloger implementation for packages relating to the Java language ecosystem. |
javascript
Package javascript provides a concrete Cataloger implementation for packages relating to the JavaScript language ecosystem.
|
Package javascript provides a concrete Cataloger implementation for packages relating to the JavaScript language ecosystem. |
kernel
Package kernel provides a concrete Cataloger implementation for linux kernel and module files.
|
Package kernel provides a concrete Cataloger implementation for linux kernel and module files. |
lua
Package lua provides a concrete Cataloger implementation for packages relating to the Lua language ecosystem.
|
Package lua provides a concrete Cataloger implementation for packages relating to the Lua language ecosystem. |
nix
Package nix provides a concrete Cataloger implementation for packages within the Nix packaging ecosystem.
|
Package nix provides a concrete Cataloger implementation for packages within the Nix packaging ecosystem. |
ocaml
Package ocaml provides a concrete Cataloger implementation for packages relating to the OCaml language ecosystem.
|
Package ocaml provides a concrete Cataloger implementation for packages relating to the OCaml language ecosystem. |
php
Package php provides a concrete Cataloger implementation relating to packages within the PHP language ecosystem.
|
Package php provides a concrete Cataloger implementation relating to packages within the PHP language ecosystem. |
python
Package python provides a concrete Cataloger implementation relating to packages within the Python language ecosystem.
|
Package python provides a concrete Cataloger implementation relating to packages within the Python language ecosystem. |
r
Package r provides a concrete Cataloger implementation relating to packages within the R language ecosystem.
|
Package r provides a concrete Cataloger implementation relating to packages within the R language ecosystem. |
redhat
Package redhat provides a concrete DBCataloger implementation relating to packages within the RedHat linux distribution.
|
Package redhat provides a concrete DBCataloger implementation relating to packages within the RedHat linux distribution. |
ruby
Package ruby provides a concrete Cataloger implementation relating to packages within the Ruby language ecosystem.
|
Package ruby provides a concrete Cataloger implementation relating to packages within the Ruby language ecosystem. |
rust
Package rust provides a concrete Cataloger implementation relating to packages within the Rust language ecosystem.
|
Package rust provides a concrete Cataloger implementation relating to packages within the Rust language ecosystem. |
sbom
Package sbom provides a concrete Cataloger implementation for capturing packages embedded within SBOM files.
|
Package sbom provides a concrete Cataloger implementation for capturing packages embedded within SBOM files. |
swift
Package swift provides a concrete Cataloger implementation relating to packages within the swift language ecosystem.
|
Package swift provides a concrete Cataloger implementation relating to packages within the swift language ecosystem. |
swipl
Package swipl provides a Cataloger implementation relating to packages within the SWI Prolog language ecosystem.
|
Package swipl provides a Cataloger implementation relating to packages within the SWI Prolog language ecosystem. |