spdx

package

v0.1.0 Latest Latest Go to latest Published: May 8, 2024 License: Apache-2.0 Imports: 14 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Package spdx extracts software dependencies from an SPDX SBOM.

This section is empty.

This section is empty.

This section is empty.

type Extractor struct{}

Extractor extracts software dependencies from an spdx SBOM.

func (e Extractor) Extract(ctx context.Context, input *extractor.ScanInput) ([]*extractor.Inventory, error)

Extract parses the SPDX SBOM and returns a list purls from the SBOM.

func (e Extractor) FileRequired(path string, _ fs.FileMode) bool

FileRequired returns true if the specified file is a supported spdx file.

func (e Extractor) Name() string

Name of the extractor.

func (e Extractor) ToCPEs(i *extractor.Inventory) ([]string, error)

ToCPEs converts an inventory created by this extractor into a list of CPEs.

func (e Extractor) ToPURL(i *extractor.Inventory) (*purl.PackageURL, error)

ToPURL converts an inventory created by this extractor into a PURL.

func (e Extractor) Version() int

Version of the extractor.

type Metadata struct {
	PURL *purl.PackageURL
	CPEs []string
}

Metadata holds parsing information for packages extracted from SPDX files.