gobom

package module
v1.0.1 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Dec 9, 2024 License: MIT Imports: 12 Imported by: 0

README

GoBOM - Go Bill of Materials Generator

GoBOM is a Go library for generating Bill of Materials (BOM) for Go projects. It automatically detects and tracks dependencies, licenses, and project relationships.

Go Reference Go Report Card

Features

  • Automatic dependency detection
  • License identification
  • Direct/transitive dependency classification
  • Repository URL detection
  • Multiple export formats (JSON, XML)
  • SPDX license identifier support

Installation

go get github.com/jiharal/gobom

Quick Start

package main

import (
    "fmt"
    "log"

    "github.com/jiharal/gobom/bom"
)

func main() {
    // Create a new BOM generator
    generator := bom.NewGenerator(".")

    // Generate BOM
    bomData, err := generator.Generate()
    if err != nil {
        log.Fatal(err)
    }

    // Export as JSON
    jsonData, err := bomData.ExportJSON()
    if err != nil {
        log.Fatal(err)
    }
    fmt.Println(string(jsonData))
}

API Reference

Types
BOM
type BOM struct {
    GeneratedAt  string       // Timestamp when BOM was generated
    ProjectName  string       // Name of the analyzed project
    Dependencies []Dependency // List of project dependencies
}
Dependency
type Dependency struct {
    Name       string // Package name
    Version    string // Package version
    License    string // Detected license
    DirectDep  bool   // Whether it's a direct dependency
    Repository string // Repository URL
}
Generator
NewGenerator
func NewGenerator(projectPath string) *Generator

Creates a new BOM generator for the specified project path.

Example:

generator := bom.NewGenerator("/path/to/project")
Generate
func (g *Generator) Generate() (*BOM, error)

Generates a BOM for the project.

Example:

bom, err := generator.Generate()
if err != nil {
    log.Fatal(err)
}
Export Functions
ExportJSON
func (b *BOM) ExportJSON() ([]byte, error)

Exports the BOM as formatted JSON.

Example:

jsonData, err := bom.ExportJSON()
if err != nil {
    log.Fatal(err)
}
fmt.Println(string(jsonData))
ExportXML
func (b *BOM) ExportXML() ([]byte, error)

Exports the BOM as formatted XML.

Example:

xmlData, err := bom.ExportXML()
if err != nil {
    log.Fatal(err)
}
fmt.Println(string(xmlData))

Example Output

JSON Format
{
  "generated_at": "2024-12-09T10:30:00Z",
  "project_name": "example-project",
  "dependencies": [
    {
      "name": "github.com/example/package",
      "version": "v1.2.3",
      "license": "MIT",
      "direct": true,
      "repository": "https://github.com/example/package"
    }
  ]
}
XML Format
<?xml version="1.0" encoding="UTF-8"?>
<bom>
  <generatedAt>2024-12-09T10:30:00Z</generatedAt>
  <projectName>example-project</projectName>
  <dependencies>
    <dependency>
      <name>github.com/example/package</name>
      <version>v1.2.3</version>
      <license>MIT</license>
      <direct>true</direct>
      <repository>https://github.com/example/package</repository>
    </dependency>
  </dependencies>
</bom>

License Detection

GoBOM supports detection of the following licenses:

  • MIT
  • Apache-2.0
  • GPL-2.0
  • GPL-3.0
  • BSD-2-Clause
  • BSD-3-Clause
  • LGPL-3.0
  • MPL-2.0
  • ISC

The library looks for license files in the following patterns:

  • LICENSE
  • LICENSE.txt
  • LICENSE.md
  • COPYING
  • COPYING.txt
  • COPYING.md

It also supports SPDX license identifiers in source files.

Contributing

Contributions are welcome! Here's how you can help:

  1. Fork the repository
  2. Create your feature branch (git checkout -b feature/amazing-feature)
  3. Commit your changes (git commit -m 'Add some amazing feature')
  4. Push to the branch (git push origin feature/amazing-feature)
  5. Open a Pull Request

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

This section is empty.

Types

type BOM 

type BOM struct {
	XMLName      xml.Name     `xml:"bom"`
	GeneratedAt  string       `json:"generated_at" xml:"generatedAt"`
	ProjectName  string       `json:"project_name" xml:"projectName"`
	Dependencies []Dependency `json:"dependencies" xml:"dependencies>dependency"`
}

func (*BOM) ExportCycloneDX added in v1.0.1 

func (b *BOM) ExportCycloneDX() ([]byte, error)

ExportCycloneDX exports the BOM in CycloneDX format

func (*BOM) ExportJSON 

func (b *BOM) ExportJSON() ([]byte, error)

ExportJSON exports the BOM as JSON

func (*BOM) ExportXML 

func (b *BOM) ExportXML() ([]byte, error)

ExportXML exports the BOM as XML

func (*BOM) ToCycloneDX added in v1.0.1 

func (b *BOM) ToCycloneDX() (*CycloneDXBOM, error)

ToCycloneDX converts the BOM to CycloneDX format

type BOMRef added in v1.0.1 

type BOMRef struct {
	Ref          string   `xml:"ref,attr"`
	Dependencies []string `xml:"dependency,omitempty"`
}

type Component added in v1.0.1 

type Component struct {
	Type         string        `xml:"type,attr"`
	BOMRef       string        `xml:"bom-ref,attr"`
	Name         string        `xml:"name"`
	Version      string        `xml:"version"`
	Publisher    string        `xml:"publisher,omitempty"`
	Description  string        `xml:"description,omitempty"`
	Licenses     []License     `xml:"licenses>license,omitempty"`
	PackageURL   string        `xml:"purl,omitempty"`
	ExternalRefs []ExternalRef `xml:"externalReferences>reference,omitempty"`
}

type CycloneDXBOM added in v1.0.1 

type CycloneDXBOM struct {
	XMLName      xml.Name    `xml:"bom"`
	XMLNS        string      `xml:"xmlns,attr"`
	Version      int         `xml:"version,attr"`
	SerialNumber string      `xml:"serialNumber,attr"`
	Metadata     Metadata    `xml:"metadata"`
	Components   []Component `xml:"components>component"`
	Dependencies []BOMRef    `xml:"dependencies>dependency"`
}

CycloneDX BOM format version 1.4

type Dependency 

type Dependency struct {
	Name       string `json:"name" xml:"name"`
	Version    string `json:"version" xml:"version"`
	License    string `json:"license" xml:"license"`
	DirectDep  bool   `json:"direct" xml:"direct"`
	Repository string `json:"repository" xml:"repository"`
}

type ExternalRef added in v1.0.1 

type ExternalRef struct {
	Type string `xml:"type,attr"`
	URL  string `xml:"url"`
}

type Generator 

type Generator struct {
	// contains filtered or unexported fields
}

Generator represents a BOM generator instance

func NewGenerator 

func NewGenerator(projectPath string) *Generator

NewGenerator creates a new BOM generator for the specified project path

func (*Generator) Generate 

func (g *Generator) Generate() (*BOM, error)

Generate creates a new BOM for the project

type License added in v1.0.1 

type License struct {
	ID   string `xml:"id,omitempty"`
	Name string `xml:"name,omitempty"`
}

type Metadata added in v1.0.1 

type Metadata struct {
	Timestamp string    `xml:"timestamp"`
	Tools     []Tool    `xml:"tools>tool"`
	Component Component `xml:"component"`
}

type Tool added in v1.0.1 

type Tool struct {
	Vendor  string `xml:"vendor"`
	Name    string `xml:"name"`
	Version string `xml:"version"`
}

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.