common

package
v0.8.3 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Sep 10, 2024 License: Apache-2.0 Imports: 12 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func AddMetadata added in v0.8.0

func AddMetadata(predicates *assembler.IngestPredicates, foundIdentities []TrustInformation, srcInfo processor.SourceInformation)

addMetadata adds trust and source collector metadata

func CombineLicense added in v0.8.0

func CombineLicense(licenses []string) string

func CreateTopLevelHasSBOMFromArtifact added in v0.7.0

func CreateTopLevelHasSBOMFromArtifact(topLevelArt *model.ArtifactInputSpec, sbomDoc *processor.Document, uri string, timestamp time.Time) assembler.HasSBOMIngest

func CreateTopLevelHasSBOMFromPkg added in v0.7.0

func CreateTopLevelHasSBOMFromPkg(topLevelPkg *model.PkgInputSpec, sbomDoc *processor.Document, uri string, timestamp time.Time) assembler.HasSBOMIngest

func CreateTopLevelIsDeps added in v0.1.0

func CreateTopLevelIsDeps(topLevel *model.PkgInputSpec, packages map[string][]*model.PkgInputSpec, files map[string][]*model.PkgInputSpec, justification string) []assembler.IsDependencyIngest

TODO: change the DependencyType based on the relationship, currently set to unknown

func GetIsDep added in v0.1.0

func GetIsDep(foundNode *model.PkgInputSpec, relatedPackNodes []*model.PkgInputSpec, relatedFileNodes []*model.PkgInputSpec, justification string, dependency model.DependencyType) (*assembler.IsDependencyIngest, error)

TODO: change the DependencyType based on the relationship, currently set to unknown

func HashLicense added in v0.2.0

func HashLicense(inline string) string

func ParseLicenses added in v0.2.0

func ParseLicenses(exp string, lv *string, inLineMap map[string]string) []model.LicenseInputSpec

func RemoveDuplicateIdentifiers added in v0.8.1

func RemoveDuplicateIdentifiers(identifierStrings *IdentifierStrings)

Types

type DocumentParser

type DocumentParser interface {
	// Parse breaks out the document into the graph components
	Parse(ctx context.Context, doc *processor.Document) error

	// GetIdentities gets the identity node from the document if they exist
	GetIdentities(ctx context.Context) []TrustInformation

	// CreatePredicates returns the predicates of the GUAC ontology to be created
	GetPredicates(ctx context.Context) *assembler.IngestPredicates

	// GetIdentifiers returns a set of identifiers that the parser has found to help provide context
	// for collectors to gather more information around found software identifiers.
	// This is an optional function to implement, and it should return an error if not implemented.
	//
	// Ref: https://github.com/guacsec/guac/issues/244
	GetIdentifiers(ctx context.Context) (*IdentifierStrings, error)
}

type GraphBuilder

type GraphBuilder struct {
	// contains filtered or unexported fields
}

GraphBuilder creates the assembler inputs based on the documents being parsed

func NewGenericGraphBuilder

func NewGenericGraphBuilder(docParser DocumentParser, foundIdentities []TrustInformation) *GraphBuilder

NewGenericGraphBuilder initializes the graphbulder

func (*GraphBuilder) CreateAssemblerInput

func (b *GraphBuilder) CreateAssemblerInput(ctx context.Context, foundIdentities []TrustInformation, srcInfo processor.SourceInformation) *assembler.AssemblerInput

CreateAssemblerInput creates the GuacNodes and GuacEdges that are needed by the assembler

func (*GraphBuilder) GetIdentifiers added in v0.1.0

func (b *GraphBuilder) GetIdentifiers(ctx context.Context) (*IdentifierStrings, error)

func (*GraphBuilder) GetIdentities

func (b *GraphBuilder) GetIdentities() []TrustInformation

GetIdentities returns the identity that is found when parsing a document

type IdentifierStrings added in v0.1.0

type IdentifierStrings struct {
	// OciStrings should contain pointers to OCI packages
	OciStrings []string
	// VcsStrings should contain VCS strings for source control
	VcsStrings []string
	// PurlStrings should contain package url to specific packages
	PurlStrings []string
	// GithubReleaseStrings should contain url to specific GitHub releases
	GithubReleaseStrings []string
	// UnclassifiedStrings contains other strings that have identifiers that
	// parsers may not be sure what category they fall under.
	UnclassifiedStrings []string
}

IdentifierStrings represent a set of strings that can be used to a set of identifiers that the parser has found to help provide context for collectors to gather more information around found software identifiers.

Ref: https://github.com/guacsec/guac/issues/244

type TrustInformation added in v0.1.0

type TrustInformation struct{}

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL