core

package
v0.52.1 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Jun 10, 2024 License: Apache-2.0 Imports: 5 Imported by: 0

Documentation

Index

Constants

View Source
const (
	TypeFilesystem     ComponentType = "filesystem"
	TypeRepository     ComponentType = "repository"
	TypeContainerImage ComponentType = "container_image"
	TypeVM             ComponentType = "vm"
	TypeApplication    ComponentType = "application"
	TypeLibrary        ComponentType = "library"
	TypeOS             ComponentType = "os"
	TypePlatform       ComponentType = "platform"

	// Metadata properties
	PropertySchemaVersion = "SchemaVersion"
	PropertyType          = "Type"
	PropertyClass         = "Class"

	// Image properties
	PropertySize       = "Size"
	PropertyImageID    = "ImageID"
	PropertyRepoDigest = "RepoDigest"
	PropertyDiffID     = "DiffID"
	PropertyRepoTag    = "RepoTag"

	// Package properties
	PropertyPkgID           = "PkgID"
	PropertyPkgType         = "PkgType"
	PropertySrcName         = "SrcName"
	PropertySrcVersion      = "SrcVersion"
	PropertySrcRelease      = "SrcRelease"
	PropertySrcEpoch        = "SrcEpoch"
	PropertyModularitylabel = "Modularitylabel"
	PropertyFilePath        = "FilePath"
	PropertyLayerDigest     = "LayerDigest"
	PropertyLayerDiffID     = "LayerDiffID"

	// Relationships
	RelationshipDescribes RelationshipType = "describes"
	RelationshipContains  RelationshipType = "contains"
	RelationshipDependsOn RelationshipType = "depends_on"
)

Variables

This section is empty.

Functions

This section is empty.

Types

type BOM

type BOM struct {
	SerialNumber string
	Version      int
	// contains filtered or unexported fields
}

BOM represents an intermediate representation of a component for SBOM.

func NewBOM

func NewBOM(opts Options) *BOM

func (*BOM) AddComponent

func (b *BOM) AddComponent(c *Component)

func (*BOM) AddRelationship

func (b *BOM) AddRelationship(parent, child *Component, relationshipType RelationshipType)

func (*BOM) AddVulnerabilities

func (b *BOM) AddVulnerabilities(c *Component, vulns []Vulnerability)

func (*BOM) Components

func (b *BOM) Components() map[uuid.UUID]*Component

func (*BOM) Parents added in v0.52.0

func (b *BOM) Parents() map[uuid.UUID][]uuid.UUID

func (*BOM) Relationships

func (b *BOM) Relationships() map[uuid.UUID][]Relationship

func (*BOM) Root

func (b *BOM) Root() *Component

func (*BOM) Vulnerabilities

func (b *BOM) Vulnerabilities() map[uuid.UUID][]Vulnerability

type Component

type Component struct {

	// Type is the type of the component
	// CycloneDX: component.type
	Type ComponentType

	// Root represents the root of the BOM
	// Only one root is allowed in a BOM.
	// CycloneDX: metadata.component
	Root bool

	// Name is the name of the component
	// CycloneDX: component.name
	// SPDX: package.name
	Name string

	// Group is the group of the component
	// CycloneDX: component.group
	// SPDX: N/A
	Group string

	// Version is the version of the component
	// CycloneDX: component.version
	// SPDX: package.versionInfo
	Version string

	// SrcName is the name of the source component
	// CycloneDX: N/A
	// SPDX: package.sourceInfo
	SrcName string

	// SrcVersion is the version of the source component
	// CycloneDX: N/A
	// SPDX: package.sourceInfo
	SrcVersion string

	// SrcFile is the file path where the component is found.
	// CycloneDX: N/A
	// SPDX: package.sourceInfo
	SrcFile string

	// Licenses is a list of licenses that apply to the component
	// CycloneDX: component.licenses
	// SPDX: package.licenseConcluded, package.licenseDeclared
	Licenses []string

	// PkgIdentifier has PURL and BOMRef for the component
	// PURL:
	//   CycloneDX: component.purl
	//   SPDX: package.externalRefs.referenceLocator
	// BOMRef:
	//   CycloneDX: component.bom-ref
	//   SPDX: N/A
	PkgIdentifier ftypes.PkgIdentifier

	// Supplier is the name of the supplier of the component
	// CycloneDX: component.supplier
	// SPDX: package.supplier
	Supplier string

	// Files is a list of files that are part of the component.
	// CycloneDX: component.properties
	// SPDX: files
	Files []File

	// Properties is a list of key-value pairs that provide additional information about the component
	// CycloneDX: component.properties
	// SPDX: package.attributionTexts
	Properties Properties `hash:"set"`
	// contains filtered or unexported fields
}

func (*Component) ID

func (c *Component) ID() uuid.UUID

type ComponentType

type ComponentType string

type File

type File struct {
	// Path is a path of the file.
	// CycloneDX: N/A
	// SPDX: package.files[].fileName
	Path string

	// Hash is a hash that uniquely identify the component.
	// A file can have several digests with different algorithms, like SHA1, SHA256, etc.
	// CycloneDX: component.hashes
	// SPDX: package.files[].checksums
	Digests []digest.Digest
}

type Options

type Options struct {
	GenerateBOMRef bool // Generate BOMRef for CycloneDX
	Parents        bool // Hold parent maps
}

type Properties

type Properties []Property

func (Properties) Len

func (p Properties) Len() int

func (Properties) Less

func (p Properties) Less(i, j int) bool

func (Properties) Swap

func (p Properties) Swap(i, j int)

type Property

type Property struct {
	Name      string
	Value     string
	Namespace string
}

type Relationship

type Relationship struct {
	Dependency uuid.UUID
	Type       RelationshipType
}

type RelationshipType

type RelationshipType string

type Vulnerability

type Vulnerability struct {
	dtypes.Vulnerability
	ID               string
	PkgID            string
	PkgName          string
	InstalledVersion string
	FixedVersion     string
	PrimaryURL       string
	DataSource       *dtypes.DataSource
}

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL