Documentation
¶
Overview ¶
Package extractor provides the interface for inventory extraction plugins.
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type Config ¶
type Config struct {
Extractors []InventoryExtractor
ScanRoot string
FS fs.FS
// Optional: Individual files to extract inventory from. If specified, the
// extractors will only look at these files during the filesystem traversal.
// Note that these are not relative to ScanRoot and thus need to be in
// sub-directories of ScanRoot.
FilesToExtract []string
// Optional: Directories that the file system walk should ignore.
// Note that these are not relative to ScanRoot and thus need to be
// sub-directories of ScanRoot.
// TODO(b/279413691): Also skip local paths, e.g. "Skip all .git dirs"
DirsToSkip []string
// Optional: If the regex matches a directory, it will be skipped.
SkipDirRegex *regexp.Regexp
// Optional: stats allows to enter a metric hook. If left nil, no metrics will be recorded.
Stats stats.Collector
// Optional: Whether to read symlinks.
ReadSymlinks bool
// Optional: Limit for visited inodes. If 0, no limit is applied.
MaxInodes int
}
Config stores the config settings for an extraction run.
type Inventory ¶
type Inventory struct {
// A human-readable name representation of the package. Note that this field
// should only be used for things like logging as different packages can have
// multiple different types of names (e.g. .deb packages have a source name
// and a binary name), in which case we arbitrarily pick one of them to use here.
// In cases when the exact name type used is important (e.g. when matching
// against vuln feeds) you should use the specific name field from the Metadata.
Name string
// The version of this package.
Version string
// Paths or source of files related to the package.
Locations []string
// The name of the InventoryExtractor that found this software instance. Set by the core library.
Extractor string
// The additional data found in the package.
Metadata any
}
Inventory is an instance of a software package or library found by the extractor.
func Run ¶
Run runs the specified extractors and returns their extraction results, as well as info about whether the plugin runs completed successfully.
type InventoryExtractor ¶
type InventoryExtractor interface {
plugin.Plugin
// FileRequired should return true if the file described by path and mode is
// relevant for the extractor.
// Note that the plugin doesn't traverse the filesystem itself but relies on the core
// library for that.
FileRequired(path string, mode fs.FileMode) bool
// Extract extracts inventory data relevant for the extractor from a given file.
Extract(ctx context.Context, input *ScanInput) ([]*Inventory, error)
// ToPURL converts an inventory created by this extractor into a PURL.
ToPURL(i *Inventory) (*purl.PackageURL, error)
// ToCPEs converts an inventory created by this extractor into CPEs, if supported.
ToCPEs(i *Inventory) ([]string, error)
}
InventoryExtractor is the interface extraction plugin, used to extract inventory data such as OS and language packages.
type ScanInput ¶
type ScanInput struct {
// The path of the file to extract, relative to ScanRoot.
Path string
// The root directory where the extraction file walking started from.
ScanRoot string
Info fs.FileInfo
// A reader for accessing contents of the file.
// Note that the file is closed by the core library, not the plugin.
Reader io.Reader
}
ScanInput describes one file to extract from.
Source Files
Directories
¶
| Path | Synopsis |
|---|---|
|
Package internal contains miscellaneous functions and objects useful within Scalibr
|
Package internal contains miscellaneous functions and objects useful within Scalibr |
|
units
Package units provides constants for common units.
|
Package units provides constants for common units. |
|
language
|
|
|
dotnet/packageslockjson
Package packageslockjson extracts packages.lock.json files.
|
Package packageslockjson extracts packages.lock.json files. |
|
golang/gobinary
Package gobinary extracts packages from buildinfo inside go binaries files.
|
Package gobinary extracts packages from buildinfo inside go binaries files. |
|
java/archive
Package archive extracts Java archive files.
|
Package archive extracts Java archive files. |
|
javascript/packagejson
Package packagejson extracts package.json files.
|
Package packagejson extracts package.json files. |
|
javascript/packagelockjson
Package packagelockjson extracts package-lock.json files.
|
Package packagelockjson extracts package-lock.json files. |
|
python/requirements
Package requirements extracts requirements files.
|
Package requirements extracts requirements files. |
|
python/wheelegg
Package wheelegg extracts wheel and egg files.
|
Package wheelegg extracts wheel and egg files. |
|
ruby/gemspec
Package gemspec extracts *.gemspec files.
|
Package gemspec extracts *.gemspec files. |
|
Package list provides a public list of SCALIBR-internal extraction plugins.
|
Package list provides a public list of SCALIBR-internal extraction plugins. |
|
os
|
|
|
apk
Package apk extracts packages from the APK database.
|
Package apk extracts packages from the APK database. |
|
cos
Package cos extracts OS packages from Container Optimized OSes (go/cos).
|
Package cos extracts OS packages from Container Optimized OSes (go/cos). |
|
dpkg
Package dpkg extracts packages from dpkg database.
|
Package dpkg extracts packages from dpkg database. |
|
osrelease
Package osrelease parses the os-release file.
|
Package osrelease parses the os-release file. |
|
rpm
Package rpm extracts packages from rpm database.
|
Package rpm extracts packages from rpm database. |
|
Package osv provides a Wrapper for osv plugins.
|
Package osv provides a Wrapper for osv plugins. |
|
sbom
|
|
|
spdx
Package spdx extracts software dependencies from an SPDX SBOM.
|
Package spdx extracts software dependencies from an SPDX SBOM. |
Click to show internal directories.
Click to hide internal directories.