README
¶
cyclonedx-go
cyclonedx-go is a Go library to consume and produce CycloneDX Software Bill of Materials (SBOM)
If you just want to create BOMs for your Go projects, see cyclonedx-gomod
Installation
go get github.com/CycloneDX/cyclonedx-go
Usage
Please refer to the module's documentation.
Also, checkout the examples to get an idea of how this library may be used.
Compatibility
| cyclonedx-go versions | Supported Go versions | Supported CycloneDX spec |
|---|---|---|
| < v0.4.0 | 1.14+ | 1.2 |
| == v0.4.0 | 1.14+ | 1.3 |
| >= v0.5.0, < v0.7.0 | 1.15+ | 1.4 |
| >= v0.7.0, < v0.8.0 | 1.17+ | 1.0-1.4 |
| >= v0.8.0 | 1.18+ | 1.0-1.5 |
We're aiming to support all officially supported Go versions, plus an additional older version.
Prior to v0.7.0, this library only supported the latest version of the CycloneDX specification. While it is generally possible to read BOMs of an older spec, writing would exclusively produce BOMs conforming to the latest supported spec.
Starting with v0.7.0, writing BOMs conforming to all previous version of the spec is also possible.
Copyright & License
CycloneDX Go is Copyright (c) OWASP Foundation. All Rights Reserved.
Permission to modify and redistribute is granted under the terms of the Apache 2.0 license.
See the LICENSE file for the full license.
Contributing
Pull requests are welcome. But please read the CycloneDX contributing guidelines first.
It is generally expected that pull requests will include relevant tests. Tests are automatically run against all supported Go versions (see Compatibility) for every pull request.
Documentation
¶
Overview ¶
Example (Decode) ¶
This example demonstrates how to decode and work with BOMs in CycloneDX format.
package main
import (
"fmt"
"net/http"
cdx "github.com/frlute/cyclonedx-go"
)
func main() {
// Acquire a BOM (e.g. by downloading it)
res, err := http.Get("https://github.com/DependencyTrack/dependency-track/releases/download/4.1.0/bom.json")
if err != nil {
panic(err)
}
defer res.Body.Close()
// Decode the BOM
bom := new(cdx.BOM)
decoder := cdx.NewBOMDecoder(res.Body, cdx.BOMFileFormatJSON)
if err = decoder.Decode(bom); err != nil {
panic(err)
}
fmt.Printf("Successfully decoded BOM of %s\n", bom.Metadata.Component.PackageURL)
fmt.Printf("- Generated: %s with %s\n", bom.Metadata.Timestamp, (*bom.Metadata.Tools)[0].Name)
fmt.Printf("- Components: %d\n", len(*bom.Components))
}
Output: Successfully decoded BOM of pkg:maven/org.dependencytrack/dependency-track@4.1.0 - Generated: 2021-02-09T20:40:32Z with CycloneDX Maven plugin - Components: 167
Example (Encode) ¶
This example demonstrates how to create and encode a BOM in CycloneDX format.
package main
import (
"os"
cdx "github.com/frlute/cyclonedx-go"
)
func main() {
metadata := cdx.Metadata{
// Define metadata about the main component
// (the component which the BOM will describe)
Component: &cdx.Component{
BOMRef: "pkg:golang/acme-inc/acme-app@v1.0.0",
Type: cdx.ComponentTypeApplication,
Name: "ACME Application",
Version: "v1.0.0",
},
// Use properties to include an internal identifier for this BOM
// https://cyclonedx.org/use-cases/#properties--name-value-store
Properties: &[]cdx.Property{
{
Name: "internal:bom-identifier",
Value: "123456789",
},
},
}
// Define the components that acme-app ships with
// https://cyclonedx.org/use-cases/#inventory
components := []cdx.Component{
{
BOMRef: "pkg:golang/github.com/frlute/cyclonedx-go@v0.3.0",
Type: cdx.ComponentTypeLibrary,
Author: "CycloneDX",
Name: "cyclonedx-go",
Version: "v0.3.0",
PackageURL: "pkg:golang/github.com/frlute/cyclonedx-go@v0.3.0",
},
}
// Define the dependency graph
// https://cyclonedx.org/use-cases/#dependency-graph
dependencies := []cdx.Dependency{
{
Ref: "pkg:golang/acme-inc/acme-app@v1.0.0",
Dependencies: &[]string{
"pkg:golang/github.com/frlute/cyclonedx-go@v0.3.0",
},
},
{
Ref: "pkg:golang/github.com/frlute/cyclonedx-go@v0.3.0",
},
}
// Assemble the BOM
bom := cdx.NewBOM()
bom.Metadata = &metadata
bom.Components = &components
bom.Dependencies = &dependencies
// Encode the BOM
err := cdx.NewBOMEncoder(os.Stdout, cdx.BOMFileFormatXML).
SetPretty(true).
Encode(bom)
if err != nil {
panic(err)
}
}
Output: <?xml version="1.0" encoding="UTF-8"?> <bom xmlns="http://cyclonedx.org/schema/bom/1.5" version="1"> <metadata> <component bom-ref="pkg:golang/acme-inc/acme-app@v1.0.0" type="application"> <name>ACME Application</name> <version>v1.0.0</version> </component> <properties> <property name="internal:bom-identifier">123456789</property> </properties> </metadata> <components> <component bom-ref="pkg:golang/github.com/frlute/cyclonedx-go@v0.3.0" type="library"> <author>CycloneDX</author> <name>cyclonedx-go</name> <version>v0.3.0</version> <purl>pkg:golang/github.com/frlute/cyclonedx-go@v0.3.0</purl> </component> </components> <dependencies> <dependency ref="pkg:golang/acme-inc/acme-app@v1.0.0"> <dependency ref="pkg:golang/github.com/frlute/cyclonedx-go@v0.3.0"></dependency> </dependency> <dependency ref="pkg:golang/github.com/frlute/cyclonedx-go@v0.3.0"></dependency> </dependencies> </bom>
Index ¶
- Constants
- Variables
- func Bool(value bool) *bool
- func IsBOMLink(s string) bool
- type Advisory
- type AffectedVersions
- type Affects
- type Annotation
- type Annotator
- type AttachedText
- type BOM
- type BOMDecoder
- type BOMEncoder
- type BOMFileFormat
- type BOMLink
- type BOMReference
- type Commit
- type Component
- type ComponentType
- type Composition
- type CompositionAggregate
- type Copyright
- type Credits
- type DataClassification
- type DataFlow
- type Dependency
- type Diff
- type Evidence
- type ExternalReference
- type ExternalReferenceType
- type Hash
- type HashAlgorithm
- type IdentifiableAction
- type ImpactAnalysisJustification
- type ImpactAnalysisResponse
- type ImpactAnalysisState
- type Issue
- type IssueType
- type License
- type LicenseChoice
- type LicenseType
- type Licenses
- type Licensing
- type Lifecycle
- type LifecyclePhase
- type MediaType
- type Metadata
- type Note
- type OrganizationalContact
- type OrganizationalEntity
- type OrganizationalEntityOrContact
- type Patch
- type PatchType
- type Pedigree
- type Property
- type ReleaseNotes
- type SWID
- type Scope
- type ScoringMethod
- type Service
- type Severity
- type Source
- type SpecVersion
- func (sv SpecVersion) MarshalJSON() ([]byte, error)
- func (sv SpecVersion) MarshalXML(e *xml.Encoder, start xml.StartElement) error
- func (i SpecVersion) String() string
- func (sv *SpecVersion) UnmarshalJSON(bytes []byte) error
- func (sv *SpecVersion) UnmarshalXML(d *xml.Decoder, start xml.StartElement) error
- type Tool
- type Vulnerability
- type VulnerabilityAnalysis
- type VulnerabilityRating
- type VulnerabilityReference
- type VulnerabilityStatus
Examples ¶
Constants ¶
View Source
const (
BOMFormat = "CycloneDX"
)
Variables ¶
View Source
var ErrInvalidSpecVersion = errors.New("invalid specification version")
Functions ¶
Types ¶
type AffectedVersions ¶
type AffectedVersions struct {
Version string `json:"version,omitempty" xml:"version,omitempty"`
Range string `json:"range,omitempty" xml:"range,omitempty"`
Status VulnerabilityStatus `json:"status" xml:"status"`
}
type Affects ¶
type Affects struct {
Ref string `json:"ref" xml:"ref"`
Range *[]AffectedVersions `json:"versions,omitempty" xml:"versions>version,omitempty"`
}
type Annotation ¶
type Annotation struct {
BOMRef string `json:"bom-ref,omitempty" xml:"bom-ref,attr,omitempty"`
Subjects *[]BOMReference `json:"subjects,omitempty" xml:"subjects>subject,omitempty"`
Annotator *Annotator `json:"annotator,omitempty" xml:"annotator,omitempty"`
Timestamp string `json:"timestamp,omitempty" xml:"timestamp,omitempty"`
Text string `json:"text,omitempty" xml:"text,omitempty"`
}
type Annotator ¶
type Annotator struct {
Organization *OrganizationalEntity `json:"organization,omitempty" xml:"organization,omitempty"`
Individual *OrganizationalContact `json:"individual,omitempty" xml:"individual,omitempty"`
Component *Component `json:"component,omitempty" xml:"component,omitempty"`
Service *Service `json:"service,omitempty" xml:"service,omitempty"`
}
type AttachedText ¶
type BOM ¶
type BOM struct {
// XML specific fields
XMLName xml.Name `json:"-" xml:"bom"`
XMLNS string `json:"-" xml:"xmlns,attr"`
// JSON specific fields
JSONSchema string `json:"$schema,omitempty" xml:"-"`
BOMFormat string `json:"bomFormat" xml:"-"`
SpecVersion SpecVersion `json:"specVersion" xml:"-"`
SerialNumber string `json:"serialNumber,omitempty" xml:"serialNumber,attr,omitempty"`
Version int `json:"version" xml:"version,attr"`
Metadata *Metadata `json:"metadata,omitempty" xml:"metadata,omitempty"`
Components *[]Component `json:"components,omitempty" xml:"components>component,omitempty"`
Services *[]Service `json:"services,omitempty" xml:"services>service,omitempty"`
ExternalReferences *[]ExternalReference `json:"externalReferences,omitempty" xml:"externalReferences>reference,omitempty"`
Dependencies *[]Dependency `json:"dependencies,omitempty" xml:"dependencies>dependency,omitempty"`
Compositions *[]Composition `json:"compositions,omitempty" xml:"compositions>composition,omitempty"`
Properties *[]Property `json:"properties,omitempty" xml:"properties>property,omitempty"`
Vulnerabilities *[]Vulnerability `json:"vulnerabilities,omitempty" xml:"vulnerabilities>vulnerability,omitempty"`
Annotations *[]Annotation `json:"annotations,omitempty" xml:"annotations>annotation,omitempty"`
}
type BOMDecoder ¶
func NewBOMDecoder ¶
func NewBOMDecoder(reader io.Reader, format BOMFileFormat) BOMDecoder
type BOMEncoder ¶
type BOMEncoder interface {
// Encode encodes a given BOM.
Encode(bom *BOM) error
// EncodeVersion encodes a given BOM in a specific version of the specification.
// Choosing a lower spec version than what the BOM was constructed for will result
// in loss of information. The original BOM struct is guaranteed to not be modified.
EncodeVersion(bom *BOM, version SpecVersion) error
// SetPretty toggles prettified output.
SetPretty(pretty bool) BOMEncoder
// SetEscapeHTML toggles escaped HTML output.
SetEscapeHTML(escapeHTML bool) BOMEncoder
}
func NewBOMEncoder ¶
func NewBOMEncoder(writer io.Writer, format BOMFileFormat) BOMEncoder
type BOMFileFormat ¶
type BOMFileFormat int
const ( BOMFileFormatXML BOMFileFormat = iota BOMFileFormatJSON )
type BOMLink ¶
type BOMLink struct {
// contains filtered or unexported fields
}
BOMLink provides the ability to create references to other BOMs and specific components, services or vulnerabilities within them.
See also: - https://cyclonedx.org/capabilities/bomlink/ - https://www.iana.org/assignments/urn-formal/cdx
func NewBOMLink ¶
NewBOMLink creates a new link to a BOM with a given serial number and version. The serial number MUST conform to RFC-4122. The version MUST NOT be zero or negative.
By providing a non-nil element, a deep link to that element is created. Linkable elements include components, services and vulnerabilities. When an element is provided, it MUST have a bom reference.
Example ¶
package main
import (
"fmt"
cdx "github.com/frlute/cyclonedx-go"
)
func main() {
bom := cdx.NewBOM()
bom.SerialNumber = "urn:uuid:bd064d10-4238-4a2e-9517-216f79ed77ad"
bom.Version = 2
bom.Metadata = &cdx.Metadata{
Component: &cdx.Component{
BOMRef: "pkg:golang/github.com/frlute/cyclonedx-go@v0.5.0?type=module",
Type: cdx.ComponentTypeLibrary,
Name: "github.com/frlute/cyclonedx-go",
Version: "v0.5.0",
PackageURL: "pkg:golang/github.com/frlute/cyclonedx-go@v0.5.0?type=module",
},
}
link, _ := cdx.NewBOMLink(bom.SerialNumber, bom.Version, nil)
deepLink, _ := cdx.NewBOMLink(bom.SerialNumber, bom.Version, bom.Metadata.Component)
fmt.Println(link.String())
fmt.Println(deepLink.String())
}
Output: urn:cdx:bd064d10-4238-4a2e-9517-216f79ed77ad/2 urn:cdx:bd064d10-4238-4a2e-9517-216f79ed77ad/2#pkg%3Agolang%2Fgithub.com%2FCycloneDX%2Fcyclonedx-go%40v0.5.0%3Ftype%3Dmodule
func ParseBOMLink ¶
ParseBOMLink parses a string into a BOMLink.
func (BOMLink) SerialNumber ¶
SerialNumber returns the serial number of the linked BOM.
type BOMReference ¶
type BOMReference string
func (BOMReference) MarshalXML ¶
func (b BOMReference) MarshalXML(e *xml.Encoder, start xml.StartElement) error
func (*BOMReference) UnmarshalXML ¶
func (b *BOMReference) UnmarshalXML(d *xml.Decoder, start xml.StartElement) error
type Commit ¶
type Commit struct {
UID string `json:"uid,omitempty" xml:"uid,omitempty"`
URL string `json:"url,omitempty" xml:"url,omitempty"`
Author *IdentifiableAction `json:"author,omitempty" xml:"author,omitempty"`
Committer *IdentifiableAction `json:"committer,omitempty" xml:"committer,omitempty"`
Message string `json:"message,omitempty" xml:"message,omitempty"`
}
type Component ¶
type Component struct {
BOMRef string `json:"bom-ref,omitempty" xml:"bom-ref,attr,omitempty"`
MIMEType string `json:"mime-type,omitempty" xml:"mime-type,attr,omitempty"`
Type ComponentType `json:"type" xml:"type,attr"`
Supplier *OrganizationalEntity `json:"supplier,omitempty" xml:"supplier,omitempty"`
Author string `json:"author,omitempty" xml:"author,omitempty"`
Publisher string `json:"publisher,omitempty" xml:"publisher,omitempty"`
Group string `json:"group,omitempty" xml:"group,omitempty"`
Name string `json:"name" xml:"name"`
Version string `json:"version,omitempty" xml:"version,omitempty"`
Description string `json:"description,omitempty" xml:"description,omitempty"`
Scope Scope `json:"scope,omitempty" xml:"scope,omitempty"`
Hashes *[]Hash `json:"hashes,omitempty" xml:"hashes>hash,omitempty"`
Licenses *Licenses `json:"licenses,omitempty" xml:"licenses,omitempty"`
Copyright string `json:"copyright,omitempty" xml:"copyright,omitempty"`
CPE string `json:"cpe,omitempty" xml:"cpe,omitempty"`
PackageURL string `json:"purl,omitempty" xml:"purl,omitempty"`
SWID *SWID `json:"swid,omitempty" xml:"swid,omitempty"`
Modified *bool `json:"modified,omitempty" xml:"modified,omitempty"`
Pedigree *Pedigree `json:"pedigree,omitempty" xml:"pedigree,omitempty"`
ExternalReferences *[]ExternalReference `json:"externalReferences,omitempty" xml:"externalReferences>reference,omitempty"`
Properties *[]Property `json:"properties,omitempty" xml:"properties>property,omitempty"`
Components *[]Component `json:"components,omitempty" xml:"components>component,omitempty"`
Evidence *Evidence `json:"evidence,omitempty" xml:"evidence,omitempty"`
ReleaseNotes *ReleaseNotes `json:"releaseNotes,omitempty" xml:"releaseNotes,omitempty"`
}
type ComponentType ¶
type ComponentType string
const ( ComponentTypeApplication ComponentType = "application" ComponentTypeContainer ComponentType = "container" ComponentTypeData ComponentType = "data" ComponentTypeDevice ComponentType = "device" ComponentTypeDeviceDriver ComponentType = "device-driver" ComponentTypeFile ComponentType = "file" ComponentTypeFirmware ComponentType = "firmware" ComponentTypeFramework ComponentType = "framework" ComponentTypeLibrary ComponentType = "library" ComponentTypeMachineLearningModel ComponentType = "machine-learning-model" ComponentTypeOS ComponentType = "operating-system" ComponentTypePlatform ComponentType = "platform" )
type Composition ¶
type Composition struct {
Aggregate CompositionAggregate `json:"aggregate" xml:"aggregate"`
Assemblies *[]BOMReference `json:"assemblies,omitempty" xml:"assemblies>assembly,omitempty"`
Dependencies *[]BOMReference `json:"dependencies,omitempty" xml:"dependencies>dependency,omitempty"`
}
type CompositionAggregate ¶
type CompositionAggregate string
const ( CompositionAggregateComplete CompositionAggregate = "complete" CompositionAggregateIncomplete CompositionAggregate = "incomplete" CompositionAggregateIncompleteFirstPartyOnly CompositionAggregate = "incomplete_first_party_only" CompositionAggregateIncompleteThirdPartyOnly CompositionAggregate = "incomplete_third_party_only" CompositionAggregateUnknown CompositionAggregate = "unknown" CompositionAggregateNotSpecified CompositionAggregate = "not_specified" )
type Copyright ¶
type Copyright struct {
Text string `json:"text" xml:"-"`
}
func (Copyright) MarshalXML ¶
func (*Copyright) UnmarshalXML ¶
type Credits ¶
type Credits struct {
Organizations *[]OrganizationalEntity `json:"organizations,omitempty" xml:"organizations>organization,omitempty"`
Individuals *[]OrganizationalContact `json:"individuals,omitempty" xml:"individuals>individual,omitempty"`
}
type DataClassification ¶
type Dependency ¶
type Dependency struct {
Ref string `json:"ref"`
Dependencies *[]string `json:"dependsOn,omitempty"`
}
func (Dependency) MarshalXML ¶
func (d Dependency) MarshalXML(e *xml.Encoder, start xml.StartElement) error
func (*Dependency) UnmarshalXML ¶
func (d *Dependency) UnmarshalXML(dec *xml.Decoder, start xml.StartElement) error
type Diff ¶
type Diff struct {
Text *AttachedText `json:"text,omitempty" xml:"text,omitempty"`
URL string `json:"url,omitempty" xml:"url,omitempty"`
}
type ExternalReference ¶
type ExternalReference struct {
URL string `json:"url" xml:"url"`
Comment string `json:"comment,omitempty" xml:"comment,omitempty"`
Hashes *[]Hash `json:"hashes,omitempty" xml:"hashes>hash,omitempty"`
Type ExternalReferenceType `json:"type" xml:"type,attr"`
}
type ExternalReferenceType ¶
type ExternalReferenceType string
const ( ERTypeAdversaryModel ExternalReferenceType = "adversary-model" ERTypeAdvisories ExternalReferenceType = "advisories" ERTypeAttestation ExternalReferenceType = "attestation" ERTypeBOM ExternalReferenceType = "bom" ERTypeBuildMeta ExternalReferenceType = "build-meta" ERTypeBuildSystem ExternalReferenceType = "build-system" ERTypeCertificationReport ExternalReferenceType = "certification-report" ERTypeChat ExternalReferenceType = "chat" ERTypeCodifiedInfrastructure ExternalReferenceType = "codified-infrastructure" ERTypeComponentAnalysisReport ExternalReferenceType = "component-analysis-report" ERTypeDistribution ExternalReferenceType = "distribution" ERTypeDistributionIntake ExternalReferenceType = "distribution-intake" ERTypeDocumentation ExternalReferenceType = "documentation" ERTypeDynamicAnalysisReport ExternalReferenceType = "dynamic-analysis-report" ERTypeExploitabilityStatement ExternalReferenceType = "exploitability-statement" ERTypeIssueTracker ExternalReferenceType = "issue-tracker" ERTypeLicense ExternalReferenceType = "license" ERTypeMailingList ExternalReferenceType = "mailing-list" ERTypeMaturityReport ExternalReferenceType = "maturity-report" ERTypeOther ExternalReferenceType = "other" ERTypePentestReport ExternalReferenceType = "pentest-report" ERTypeQualityMetrics ExternalReferenceType = "quality-metrics" ERTypeReleaseNotes ExternalReferenceType = "release-notes" ERTypeRiskAssessment ExternalReferenceType = "risk-assessment" ERTypeRuntimeAnalysisReport ExternalReferenceType = "runtime-analysis-report" ERTypeSecurityContact ExternalReferenceType = "security-contact" ERTypeSocial ExternalReferenceType = "social" ERTypeStaticAnalysisReport ExternalReferenceType = "static-analysis-report" ERTypeSupport ExternalReferenceType = "support" ERTypeThreatModel ExternalReferenceType = "threat-model" ERTypeVCS ExternalReferenceType = "vcs" ERTypeVulnerabilityAssertion ExternalReferenceType = "vulnerability-assertion" ERTypeWebsite ExternalReferenceType = "website" )
type Hash ¶
type Hash struct {
Algorithm HashAlgorithm `json:"alg" xml:"alg,attr"`
Value string `json:"content" xml:",chardata"`
}
type HashAlgorithm ¶
type HashAlgorithm string
const ( HashAlgoMD5 HashAlgorithm = "MD5" HashAlgoSHA1 HashAlgorithm = "SHA-1" HashAlgoSHA256 HashAlgorithm = "SHA-256" HashAlgoSHA384 HashAlgorithm = "SHA-384" HashAlgoSHA512 HashAlgorithm = "SHA-512" HashAlgoSHA3_256 HashAlgorithm = "SHA3-256" HashAlgoSHA3_384 HashAlgorithm = "SHA3-384" HashAlgoSHA3_512 HashAlgorithm = "SHA3-512" HashAlgoBlake2b_256 HashAlgorithm = "BLAKE2b-256" HashAlgoBlake2b_384 HashAlgorithm = "BLAKE2b-384" HashAlgoBlake2b_512 HashAlgorithm = "BLAKE2b-512" HashAlgoBlake3 HashAlgorithm = "BLAKE3" )
type IdentifiableAction ¶
type ImpactAnalysisJustification ¶
type ImpactAnalysisJustification string
const ( IAJCodeNotPresent ImpactAnalysisJustification = "code_not_present" IAJCodeNotReachable ImpactAnalysisJustification = "code_not_reachable" IAJRequiresConfiguration ImpactAnalysisJustification = "requires_configuration" IAJRequiresDependency ImpactAnalysisJustification = "requires_dependency" IAJRequiresEnvironment ImpactAnalysisJustification = "requires_environment" IAJProtectedByCompiler ImpactAnalysisJustification = "protected_by_compiler" IAJProtectedAtRuntime ImpactAnalysisJustification = "protected_at_runtime" IAJProtectedAtPerimeter ImpactAnalysisJustification = "protected_at_perimeter" IAJProtectedByMitigatingControl ImpactAnalysisJustification = "protected_by_mitigating_control" )
type ImpactAnalysisResponse ¶
type ImpactAnalysisResponse string
const ( IARCanNotFix ImpactAnalysisResponse = "can_not_fix" IARWillNotFix ImpactAnalysisResponse = "will_not_fix" IARUpdate ImpactAnalysisResponse = "update" IARRollback ImpactAnalysisResponse = "rollback" IARWorkaroundAvailable ImpactAnalysisResponse = "workaround_available" )
type ImpactAnalysisState ¶
type ImpactAnalysisState string
const ( IASResolved ImpactAnalysisState = "resolved" IASResolvedWithPedigree ImpactAnalysisState = "resolved_with_pedigree" IASExploitable ImpactAnalysisState = "exploitable" IASInTriage ImpactAnalysisState = "in_triage" IASFalsePositive ImpactAnalysisState = "false_positive" IASNotAffected ImpactAnalysisState = "not_affected" )
type Issue ¶
type Issue struct {
ID string `json:"id" xml:"id"`
Name string `json:"name,omitempty" xml:"name,omitempty"`
Description string `json:"description" xml:"description"`
Source *Source `json:"source,omitempty" xml:"source,omitempty"`
References *[]string `json:"references,omitempty" xml:"references>url,omitempty"`
Type IssueType `json:"type" xml:"type,attr"`
}
type License ¶
type License struct {
BOMRef string `json:"bom-ref,omitempty" xml:"bom-ref,attr,omitempty"`
ID string `json:"id,omitempty" xml:"id,omitempty"`
Name string `json:"name,omitempty" xml:"name,omitempty"`
Text *AttachedText `json:"text,omitempty" xml:"text,omitempty"`
URL string `json:"url,omitempty" xml:"url,omitempty"`
Licensing *Licensing `json:"licensing,omitempty" xml:"licensing,omitempty"`
Properties *[]Property `json:"properties,omitempty" xml:"properties>property,omitempty"`
}
type LicenseChoice ¶
type LicenseType ¶
type LicenseType string
const ( LicenseTypeAcademic LicenseType = "academic" LicenseTypeAppliance LicenseType = "appliance" LicenseTypeClientAccess LicenseType = "client-access" LicenseTypeConcurrentUser LicenseType = "concurrent-user" LicenseTypeCorePoints LicenseType = "core-points" LicenseTypeCustomMetric LicenseType = "custom-metric" LicenseTypeDevice LicenseType = "device" LicenseTypeEvaluation LicenseType = "evaluation" LicenseTypeNamedUser LicenseType = "named-user" LicenseTypeNodeLocked LicenseType = "node-locked" LicenseTypeOEM LicenseType = "oem" LicenseTypeOther LicenseType = "other" LicenseTypePerpetual LicenseType = "perpetual" LicenseTypeProcessorPoints LicenseType = "processor-points" LicenseTypeSubscription LicenseType = "subscription" LicenseTypeUser LicenseType = "user" )
type Licenses ¶
type Licenses []LicenseChoice
func (Licenses) MarshalXML ¶
func (*Licenses) UnmarshalXML ¶
type Licensing ¶
type Licensing struct {
AltIDs *[]string `json:"altIds,omitempty" xml:"altIds>altId,omitempty"`
Licensor *OrganizationalEntityOrContact `json:"licensor,omitempty" xml:"licensor,omitempty"`
Licensee *OrganizationalEntityOrContact `json:"licensee,omitempty" xml:"licensee,omitempty"`
Purchaser *OrganizationalEntityOrContact `json:"purchaser,omitempty" xml:"purchaser,omitempty"`
PurchaseOrder string `json:"purchaseOrder,omitempty" xml:"purchaseOrder,omitempty"`
LicenseTypes *[]LicenseType `json:"licenseTypes,omitempty" xml:"licenseTypes>licenseType,omitempty"`
LastRenewal string `json:"lastRenewal,omitempty" xml:"lastRenewal,omitempty"`
Expiration string `json:"expiration,omitempty" xml:"expiration,omitempty"`
}
type Lifecycle ¶
type Lifecycle struct {
Name string `json:"name,omitempty" xml:"name,omitempty"`
Phase LifecyclePhase `json:"phase,omitempty" xml:"phase,omitempty"`
Description string `json:"description,omitempty" xml:"description,omitempty"`
}
type LifecyclePhase ¶
type LifecyclePhase string
const ( LifecyclePhaseBuild LifecyclePhase = "build" LifecyclePhaseDecommission LifecyclePhase = "decommission" LifecyclePhaseDesign LifecyclePhase = "design" LifecyclePhaseDiscovery LifecyclePhase = "discovery" LifecyclePhaseOperations LifecyclePhase = "operations" LifecyclePhasePostBuild LifecyclePhase = "post-build" LifecyclePhasePreBuild LifecyclePhase = "pre-build" )
type MediaType ¶
type MediaType int
MediaType defines the official media types for CycloneDX BOMs. See https://cyclonedx.org/specification/overview/#registered-media-types
func (MediaType) WithVersion ¶
func (mt MediaType) WithVersion(specVersion SpecVersion) (string, error)
type Metadata ¶
type Metadata struct {
Timestamp string `json:"timestamp,omitempty" xml:"timestamp,omitempty"`
Lifecycles *[]Lifecycle `json:"lifecycles,omitempty" xml:"lifecycles>lifecycle,omitempty"`
Tools *[]Tool `json:"tools,omitempty" xml:"tools>tool,omitempty"`
Authors *[]OrganizationalContact `json:"authors,omitempty" xml:"authors>author,omitempty"`
Component *Component `json:"component,omitempty" xml:"component,omitempty"`
Manufacture *OrganizationalEntity `json:"manufacture,omitempty" xml:"manufacture,omitempty"`
Supplier *OrganizationalEntity `json:"supplier,omitempty" xml:"supplier,omitempty"`
Licenses *Licenses `json:"licenses,omitempty" xml:"licenses,omitempty"`
Properties *[]Property `json:"properties,omitempty" xml:"properties>property,omitempty"`
}
type Note ¶
type Note struct {
Locale string `json:"locale,omitempty" xml:"locale,omitempty"`
Text AttachedText `json:"text" xml:"text"`
}
type OrganizationalContact ¶
type OrganizationalEntity ¶
type OrganizationalEntity struct {
Name string `json:"name" xml:"name"`
URL *[]string `json:"url,omitempty" xml:"url,omitempty"`
Contact *[]OrganizationalContact `json:"contact,omitempty" xml:"contact,omitempty"`
}
type OrganizationalEntityOrContact ¶
type OrganizationalEntityOrContact struct {
Organization *OrganizationalEntity `json:"organization,omitempty" xml:"organization,omitempty"`
Individual *OrganizationalContact `json:"individual,omitempty" xml:"individual,omitempty"`
}
type Pedigree ¶
type Pedigree struct {
Ancestors *[]Component `json:"ancestors,omitempty" xml:"ancestors>component,omitempty"`
Descendants *[]Component `json:"descendants,omitempty" xml:"descendants>component,omitempty"`
Variants *[]Component `json:"variants,omitempty" xml:"variants>component,omitempty"`
Commits *[]Commit `json:"commits,omitempty" xml:"commits>commit,omitempty"`
Patches *[]Patch `json:"patches,omitempty" xml:"patches>patch,omitempty"`
Notes string `json:"notes,omitempty" xml:"notes,omitempty"`
}
type ReleaseNotes ¶
type ReleaseNotes struct {
Type string `json:"type" xml:"type"`
Title string `json:"title,omitempty" xml:"title,omitempty"`
FeaturedImage string `json:"featuredImage,omitempty" xml:"featuredImage,omitempty"`
SocialImage string `json:"socialImage,omitempty" xml:"socialImage,omitempty"`
Description string `json:"description,omitempty" xml:"description,omitempty"`
Timestamp string `json:"timestamp,omitempty" xml:"timestamp,omitempty"`
Aliases *[]string `json:"aliases,omitempty" xml:"aliases>alias,omitempty"`
Tags *[]string `json:"tags,omitempty" xml:"tags>tag,omitempty"`
Resolves *[]Issue `json:"resolves,omitempty" xml:"resolves>issue,omitempty"`
Notes *[]Note `json:"notes,omitempty" xml:"notes>note,omitempty"`
Properties *[]Property `json:"properties,omitempty" xml:"properties>property,omitempty"`
}
type SWID ¶
type SWID struct {
Text *AttachedText `json:"text,omitempty" xml:"text,omitempty"`
URL string `json:"url,omitempty" xml:"url,attr,omitempty"`
TagID string `json:"tagId" xml:"tagId,attr"`
Name string `json:"name" xml:"name,attr"`
Version string `json:"version,omitempty" xml:"version,attr,omitempty"`
TagVersion *int `json:"tagVersion,omitempty" xml:"tagVersion,attr,omitempty"`
Patch *bool `json:"patch,omitempty" xml:"patch,attr,omitempty"`
}
type ScoringMethod ¶
type ScoringMethod string
const ( ScoringMethodOther ScoringMethod = "other" ScoringMethodCVSSv2 ScoringMethod = "CVSSv2" ScoringMethodCVSSv3 ScoringMethod = "CVSSv3" ScoringMethodCVSSv31 ScoringMethod = "CVSSv31" ScoringMethodOWASP ScoringMethod = "OWASP" )
type Service ¶
type Service struct {
BOMRef string `json:"bom-ref,omitempty" xml:"bom-ref,attr,omitempty"`
Provider *OrganizationalEntity `json:"provider,omitempty" xml:"provider,omitempty"`
Group string `json:"group,omitempty" xml:"group,omitempty"`
Name string `json:"name" xml:"name"`
Version string `json:"version,omitempty" xml:"version,omitempty"`
Description string `json:"description,omitempty" xml:"description,omitempty"`
Endpoints *[]string `json:"endpoints,omitempty" xml:"endpoints>endpoint,omitempty"`
Authenticated *bool `json:"authenticated,omitempty" xml:"authenticated,omitempty"`
CrossesTrustBoundary *bool `json:"x-trust-boundary,omitempty" xml:"x-trust-boundary,omitempty"`
Data *[]DataClassification `json:"data,omitempty" xml:"data>classification,omitempty"`
Licenses *Licenses `json:"licenses,omitempty" xml:"licenses,omitempty"`
ExternalReferences *[]ExternalReference `json:"externalReferences,omitempty" xml:"externalReferences>reference,omitempty"`
Properties *[]Property `json:"properties,omitempty" xml:"properties>property,omitempty"`
Services *[]Service `json:"services,omitempty" xml:"services>service,omitempty"`
ReleaseNotes *ReleaseNotes `json:"releaseNotes,omitempty" xml:"releaseNotes,omitempty"`
}
type SpecVersion ¶
type SpecVersion int
const ( SpecVersion1_0 SpecVersion = iota + 1 // 1.0 SpecVersion1_1 // 1.1 SpecVersion1_2 // 1.2 SpecVersion1_3 // 1.3 SpecVersion1_4 // 1.4 SpecVersion1_5 // 1.5 )
func (SpecVersion) MarshalJSON ¶
func (sv SpecVersion) MarshalJSON() ([]byte, error)
func (SpecVersion) MarshalXML ¶
func (sv SpecVersion) MarshalXML(e *xml.Encoder, start xml.StartElement) error
func (SpecVersion) String ¶
func (i SpecVersion) String() string
func (*SpecVersion) UnmarshalJSON ¶
func (sv *SpecVersion) UnmarshalJSON(bytes []byte) error
func (*SpecVersion) UnmarshalXML ¶
func (sv *SpecVersion) UnmarshalXML(d *xml.Decoder, start xml.StartElement) error
type Tool ¶
type Tool struct {
Vendor string `json:"vendor,omitempty" xml:"vendor,omitempty"`
Name string `json:"name" xml:"name"`
Version string `json:"version,omitempty" xml:"version,omitempty"`
Hashes *[]Hash `json:"hashes,omitempty" xml:"hashes>hash,omitempty"`
ExternalReferences *[]ExternalReference `json:"externalReferences,omitempty" xml:"externalReferences>reference,omitempty"`
}
type Vulnerability ¶
type Vulnerability struct {
BOMRef string `json:"bom-ref,omitempty" xml:"bom-ref,attr,omitempty"`
ID string `json:"id" xml:"id"`
Source *Source `json:"source,omitempty" xml:"source,omitempty"`
References *[]VulnerabilityReference `json:"references,omitempty" xml:"references>reference,omitempty"`
Ratings *[]VulnerabilityRating `json:"ratings,omitempty" xml:"ratings>rating,omitempty"`
CWEs *[]int `json:"cwes,omitempty" xml:"cwes>cwe,omitempty"`
Description string `json:"description,omitempty" xml:"description,omitempty"`
Detail string `json:"detail,omitempty" xml:"detail,omitempty"`
Recommendation string `json:"recommendation,omitempty" xml:"recommendation,omitempty"`
Advisories *[]Advisory `json:"advisories,omitempty" xml:"advisories>advisory,omitempty"`
Created string `json:"created,omitempty" xml:"created,omitempty"`
Published string `json:"published,omitempty" xml:"published,omitempty"`
Updated string `json:"updated,omitempty" xml:"updated,omitempty"`
Credits *Credits `json:"credits,omitempty" xml:"credits,omitempty"`
Tools *[]Tool `json:"tools,omitempty" xml:"tools>tool,omitempty"`
Analysis *VulnerabilityAnalysis `json:"analysis,omitempty" xml:"analysis,omitempty"`
Affects *[]Affects `json:"affects,omitempty" xml:"affects>target,omitempty"`
Properties *[]Property `json:"properties,omitempty" xml:"properties>property,omitempty"`
}
type VulnerabilityAnalysis ¶
type VulnerabilityAnalysis struct {
State ImpactAnalysisState `json:"state,omitempty" xml:"state,omitempty"`
Justification ImpactAnalysisJustification `json:"justification,omitempty" xml:"justification,omitempty"`
Response *[]ImpactAnalysisResponse `json:"response,omitempty" xml:"responses>response,omitempty"`
Detail string `json:"detail,omitempty" xml:"detail,omitempty"`
}
type VulnerabilityRating ¶
type VulnerabilityRating struct {
Source *Source `json:"source,omitempty" xml:"source,omitempty"`
Score *float64 `json:"score,omitempty" xml:"score,omitempty"`
Severity Severity `json:"severity,omitempty" xml:"severity,omitempty"`
Method ScoringMethod `json:"method,omitempty" xml:"method,omitempty"`
Vector string `json:"vector,omitempty" xml:"vector,omitempty"`
Justification string `json:"justification,omitempty" xml:"justification,omitempty"`
}
type VulnerabilityReference ¶
type VulnerabilityStatus ¶
type VulnerabilityStatus string
const ( VulnerabilityStatusUnknown VulnerabilityStatus = "unknown" VulnerabilityStatusAffected VulnerabilityStatus = "affected" VulnerabilityStatusNotAffected VulnerabilityStatus = "unaffected" )
Source Files
Click to show internal directories.
Click to hide internal directories.