Documentation ¶
Index ¶
- Constants
- func GetModelEcosystem(ecosystem packagev1.Ecosystem) string
- func IdGen(data string) string
- func NewPackageDetail(ecosystem, name, version string) lockfile.PackageDetails
- type DependencyGraph
- func (dg *DependencyGraph[T]) AddDependency(from, to T)
- func (dg *DependencyGraph[T]) AddNode(node T)
- func (dg *DependencyGraph[T]) AddRootNode(node T)
- func (dg *DependencyGraph[T]) Clear()
- func (dg *DependencyGraph[T]) GetDependencies(pkg T) []T
- func (dg *DependencyGraph[T]) GetDependents(pkg T) []T
- func (dg *DependencyGraph[T]) GetNodes() []*DependencyGraphNode[T]
- func (dg *DependencyGraph[T]) GetPackages() []T
- func (dg *DependencyGraph[T]) IsRoot(data T) bool
- func (dg *DependencyGraph[T]) MarshalJSON() ([]byte, error)
- func (dg *DependencyGraph[T]) PathToRoot(pkg T) []T
- func (dg *DependencyGraph[T]) Present() bool
- func (dg *DependencyGraph[T]) SetPresent(present bool)
- func (dg *DependencyGraph[T]) UnmarshalJSON(b []byte) error
- type DependencyGraphNode
- type DependencyGraphNodeType
- type ManifestSourceType
- type Package
- func (p *Package) DependencyPath() []*Package
- func (p *Package) GetControlTowerSpecEcosystem() packagev1.Ecosystem
- func (p *Package) GetDependencies() ([]*Package, error)
- func (p *Package) GetDependencyGraph() *DependencyGraph[*Package]
- func (p *Package) GetName() string
- func (p *Package) GetProvenances() []*Provenance
- func (p *Package) GetSpecEcosystem() modelspec.Ecosystem
- func (p *Package) GetVersion() string
- func (p *Package) Id() string
- func (p *Package) ShortName() string
- type PackageManifest
- func NewPackageManifest(path, ecosystem string) *PackageManifestdeprecated
- func NewPackageManifestFromGitHub(repo, repoRelativePath, realPath, ecosystem string) *PackageManifest
- func NewPackageManifestFromLocal(path, ecosystem string) *PackageManifest
- func NewPackageManifestFromPurl(purl, ecosystem string) *PackageManifest
- func (pm *PackageManifest) AddPackage(pkg *Package)
- func (pm *PackageManifest) GetControlTowerSpecEcosystem() packagev1.Ecosystem
- func (pm *PackageManifest) GetDisplayPath() string
- func (pm *PackageManifest) GetPackages() []*Package
- func (pm *PackageManifest) GetPackagesCount() int
- func (pm *PackageManifest) GetPath() string
- func (pm *PackageManifest) GetSource() PackageManifestSource
- func (pm *PackageManifest) GetSpecEcosystem() modelspec.Ecosystemdeprecated
- func (pm *PackageManifest) Id() string
- func (pm *PackageManifest) SetDisplayPath(path string)
- func (pm *PackageManifest) SetPath(path string)
- func (p *PackageManifest) UpdateSourceAsGitRepository(repo, repoRelativePath string)
- type PackageManifestSource
- type Provenance
- type ProvenanceType
Constants ¶
const ( EcosystemMaven = "Maven" EcosystemRubyGems = "RubyGems" EcosystemGo = "Go" EcosystemNpm = "npm" EcosystemPyPI = "PyPI" EcosystemCargo = "Cargo" EcosystemNuGet = "NuGet" EcosystemPackagist = "Packagist" EcosystemHex = "Hex" EcosystemPub = "Pub" EcosystemCyDxSBOM = "CycloneDxSbom" // These are not real ecosystems. They are containers EcosystemSpdxSBOM = "SpdxSbom" // These are not real ecosystems. They are containers EcosystemGitHubActions = "GitHubActions" EcosystemTerraform = "Terraform" EcosystemTerraformModule = "TerraformModule" EcosystemTerraformProvider = "TerraformProvider" )
const ( ManifestSourceLocal = ManifestSourceType("local") ManifestSourcePurl = ManifestSourceType("purl") ManifestSourceGitRepository = ManifestSourceType("git_repository") )
const (
ProvenanceTypeSlsa = ProvenanceType("slsa")
)
Variables ¶
This section is empty.
Functions ¶
func GetModelEcosystem ¶ added in v1.8.3
Map the control tower spec ecosystem to model ecosystem
func IdGen ¶ added in v1.5.3
This is probably not the best place for IdGen but keeping it here since this package is the most stable (SDP)
func NewPackageDetail ¶
func NewPackageDetail(ecosystem, name, version string) lockfile.PackageDetails
Types ¶
type DependencyGraph ¶ added in v1.5.6
type DependencyGraph[T DependencyGraphNodeType] struct { // contains filtered or unexported fields }
Directed Acyclic Graph (DAG) representation of the package manifest
func NewDependencyGraph ¶ added in v1.5.6
func NewDependencyGraph[T DependencyGraphNodeType]() *DependencyGraph[T]
func (*DependencyGraph[T]) AddDependency ¶ added in v1.5.6
func (dg *DependencyGraph[T]) AddDependency(from, to T)
AddDependency adds a dependency from one package to another Add an edge from [from] to [to]
func (*DependencyGraph[T]) AddNode ¶ added in v1.5.6
func (dg *DependencyGraph[T]) AddNode(node T)
Add a node to the graph
func (*DependencyGraph[T]) AddRootNode ¶ added in v1.5.6
func (dg *DependencyGraph[T]) AddRootNode(node T)
Add a root node to the graph
func (*DependencyGraph[T]) Clear ¶ added in v1.5.6
func (dg *DependencyGraph[T]) Clear()
Clear clears the dependency graph
func (*DependencyGraph[T]) GetDependencies ¶ added in v1.5.6
func (dg *DependencyGraph[T]) GetDependencies(pkg T) []T
GetDependencies returns the list of dependencies for the given package Outgoing edges
func (*DependencyGraph[T]) GetDependents ¶ added in v1.5.6
func (dg *DependencyGraph[T]) GetDependents(pkg T) []T
GetDependents returns the list of dependents for the given package Incoming edges
func (*DependencyGraph[T]) GetNodes ¶ added in v1.5.6
func (dg *DependencyGraph[T]) GetNodes() []*DependencyGraphNode[T]
GetNodes returns the list of nodes in the graph
func (*DependencyGraph[T]) GetPackages ¶ added in v1.5.6
func (dg *DependencyGraph[T]) GetPackages() []T
GetPackages returns the list of packages in the graph
func (*DependencyGraph[T]) IsRoot ¶ added in v1.5.6
func (dg *DependencyGraph[T]) IsRoot(data T) bool
func (*DependencyGraph[T]) MarshalJSON ¶ added in v1.5.6
func (dg *DependencyGraph[T]) MarshalJSON() ([]byte, error)
func (*DependencyGraph[T]) PathToRoot ¶ added in v1.5.6
func (dg *DependencyGraph[T]) PathToRoot(pkg T) []T
PathToRoot returns the path from the given package to the root It uses a simple DFS algorithm to find the path. In future, it is likely that we will use a more efficient algorithm like a weighted traversal which is more relevant here because we want to update minimum number of root packages
func (*DependencyGraph[T]) Present ¶ added in v1.5.6
func (dg *DependencyGraph[T]) Present() bool
Present returns true if the dependency graph is present
func (*DependencyGraph[T]) SetPresent ¶ added in v1.5.6
func (dg *DependencyGraph[T]) SetPresent(present bool)
Set present flag for the dependency graph This is useful when we want to indicate that the graph is present because we are building it as an enhancement over our existing list of packages
func (*DependencyGraph[T]) UnmarshalJSON ¶ added in v1.5.6
func (dg *DependencyGraph[T]) UnmarshalJSON(b []byte) error
type DependencyGraphNode ¶ added in v1.5.6
type DependencyGraphNode[T DependencyGraphNodeType] struct { Data T `json:"data"` Children []T `json:"children"` // While not relevant for a graph, this is required to identify root packages Root bool `json:"root"` }
DependencyGraphNode represents a node in the dependency graph. It must be serializable to JSON
func (*DependencyGraphNode[T]) SetRoot ¶ added in v1.5.6
func (node *DependencyGraphNode[T]) SetRoot(root bool)
type DependencyGraphNodeType ¶ added in v1.5.6
type DependencyGraphNodeType interface {
Id() string
}
We are using generics here to make the graph implementation not too coupled with our model types
type ManifestSourceType ¶ added in v1.8.0
type ManifestSourceType string
type Package ¶
type Package struct { lockfile.PackageDetails `json:"package_detail"` // Insights obtained for this package Insights *insightapi.PackageVersionInsight `json:"insights,omitempty"` // Insights v2 InsightsV2 *packagev1.PackageVersionInsight `json:"insights_v2,omitempty"` // This package is a transitive dependency of parent package Parent *Package `json:"-"` // Depth of this package in dependency tree Depth int `json:"depth"` // Optional provenances for this package Provenances []*Provenance `json:"provenances"` // Manifest from where this package was found directly or indirectly Manifest *PackageManifest `json:"-"` }
Represents a package such as a version of a library defined as a dependency in Gemfile.lock, pom.xml etc.
func (*Package) DependencyPath ¶ added in v1.5.6
DependencyPath returns the path from a root package to this package
func (*Package) GetControlTowerSpecEcosystem ¶ added in v1.8.3
func (*Package) GetDependencies ¶ added in v1.8.0
func (*Package) GetDependencyGraph ¶ added in v1.5.6
func (p *Package) GetDependencyGraph() *DependencyGraph[*Package]
func (*Package) GetProvenances ¶ added in v1.8.10
func (p *Package) GetProvenances() []*Provenance
func (*Package) GetSpecEcosystem ¶ added in v1.3.0
FIXME: For SPDX/CycloneDX, package ecosystem may be different from the manifest ecosystem
func (*Package) GetVersion ¶ added in v1.3.0
type PackageManifest ¶
type PackageManifest struct { // The source of the package manifest Source PackageManifestSource `json:"source"` // Filesystem path of this manifest Path string `json:"path"` // Ecosystem to interpret this manifest Ecosystem string `json:"ecosystem"` // List of packages obtained by parsing the manifest Packages []*Package `json:"packages"` // The package dependency graph representation DependencyGraph *DependencyGraph[*Package] `json:"dependency_graph"` // contains filtered or unexported fields }
Represents a package manifest that contains a list of packages. Example: pom.xml, requirements.txt
func NewPackageManifest
deprecated
added in
v1.5.6
func NewPackageManifest(path, ecosystem string) *PackageManifest
Deprecated: Use NewPackageManifest* initializers
func NewPackageManifestFromGitHub ¶ added in v1.8.0
func NewPackageManifestFromGitHub(repo, repoRelativePath, realPath, ecosystem string) *PackageManifest
func NewPackageManifestFromLocal ¶ added in v1.8.0
func NewPackageManifestFromLocal(path, ecosystem string) *PackageManifest
func NewPackageManifestFromPurl ¶ added in v1.8.8
func NewPackageManifestFromPurl(purl, ecosystem string) *PackageManifest
func (*PackageManifest) AddPackage ¶
func (pm *PackageManifest) AddPackage(pkg *Package)
func (*PackageManifest) GetControlTowerSpecEcosystem ¶ added in v1.8.0
func (pm *PackageManifest) GetControlTowerSpecEcosystem() packagev1.Ecosystem
func (*PackageManifest) GetDisplayPath ¶ added in v1.3.1
func (pm *PackageManifest) GetDisplayPath() string
GetDisplayPath returns the [DisplayPath] if available or fallsback to [Path]
func (*PackageManifest) GetPackages ¶ added in v1.5.6
func (pm *PackageManifest) GetPackages() []*Package
GetPackages returns the list of packages in this manifest It uses the DependencyGraph to get the list of packages if available else fallsback to the [Packages] field
func (*PackageManifest) GetPackagesCount ¶ added in v1.4.0
func (pm *PackageManifest) GetPackagesCount() int
func (*PackageManifest) GetPath ¶ added in v1.3.0
func (pm *PackageManifest) GetPath() string
func (*PackageManifest) GetSource ¶ added in v1.8.0
func (pm *PackageManifest) GetSource() PackageManifestSource
func (*PackageManifest) GetSpecEcosystem
deprecated
added in
v1.3.0
func (pm *PackageManifest) GetSpecEcosystem() modelspec.Ecosystem
Deprecated: Move towards GetControlTowerSpecEcosystem
func (*PackageManifest) Id ¶ added in v1.3.0
func (pm *PackageManifest) Id() string
func (*PackageManifest) SetDisplayPath ¶ added in v1.3.1
func (pm *PackageManifest) SetDisplayPath(path string)
func (*PackageManifest) SetPath ¶ added in v1.8.1
func (pm *PackageManifest) SetPath(path string)
func (*PackageManifest) UpdateSourceAsGitRepository ¶ added in v1.8.0
func (p *PackageManifest) UpdateSourceAsGitRepository(repo, repoRelativePath string)
Parsers usually create a package manifest from file, readers have the context to set the source correct. Example: GitHub reader
type PackageManifestSource ¶ added in v1.8.0
type PackageManifestSource struct { // The source type of this package namespace Type ManifestSourceType `json:"type"` // The namespace of the package manifest. Examples: // - Directory when source is local // - GitHub repo URL when source is GitHub Namespace string `json:"namespace"` // The namespace relative path of the package manifest. // This is an actually referenceable identifier to the data Path string `json:"path"` // Explicit override the display path DisplayPath string `json:"display_path"` }
We now have different sources from where a package manifest can be identified. For example, local, github, and may be in future within containers or archives like JAR. So we need to store additional internal metadata
func (PackageManifestSource) GetDisplayPath ¶ added in v1.8.0
func (ps PackageManifestSource) GetDisplayPath() string
func (PackageManifestSource) GetNamespace ¶ added in v1.8.0
func (ps PackageManifestSource) GetNamespace() string
func (PackageManifestSource) GetPath ¶ added in v1.8.0
func (ps PackageManifestSource) GetPath() string
func (PackageManifestSource) GetType ¶ added in v1.8.3
func (ps PackageManifestSource) GetType() ManifestSourceType
type Provenance ¶ added in v1.8.10
type Provenance struct { Type ProvenanceType `json:"type"` CommitSHA string `json:"commit_sha"` SourceRepository string `json:"source_url"` Url string `json:"url"` Verified bool `json:"verified"` }
Represents an abstract provenance of a package provided by different sources such as deps.dev or other sources
type ProvenanceType ¶ added in v1.8.10
type ProvenanceType string