models

package
v1.5.7 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Mar 26, 2024 License: Apache-2.0 Imports: 11 Imported by: 1

Documentation

Index

Constants

View Source 
const (
	EcosystemMaven     = "Maven"
	EcosystemRubyGems  = "RubyGems"
	EcosystemGo        = "Go"
	EcosystemNpm       = "npm"
	EcosystemPyPI      = "PyPI"
	EcosystemCargo     = "Cargo"
	EcosystemNuGet     = "NuGet"
	EcosystemPackagist = "Packagist"
	EcosystemHex       = "Hex"
	EcosystemPub       = "Pub"
	EcosystemCyDxSBOM  = "CycloneDxSbom"
	EcosystemSpdxSBOM  = "SpdxSbom"
)

Variables

This section is empty.

Functions

func IdGen added in v1.5.3 

func IdGen(data string) string

This is probably not the best place for IdGen but keeping it here since this package is the most stable (SDP)

func NewPackageDetail 

func NewPackageDetail(ecosystem, name, version string) lockfile.PackageDetails

Types

type DependencyGraph added in v1.5.6 

type DependencyGraph[T DependencyGraphNodeType] struct {
	// contains filtered or unexported fields
}

Directed Acyclic Graph (DAG) representation of the package manifest

func NewDependencyGraph added in v1.5.6 

func NewDependencyGraph[T DependencyGraphNodeType]() *DependencyGraph[T]

func (*DependencyGraph[T]) AddDependency added in v1.5.6 

func (dg *DependencyGraph[T]) AddDependency(from, to T)

AddDependency adds a dependency from one package to another Add an edge from [from] to [to]

func (*DependencyGraph[T]) AddNode added in v1.5.6 

func (dg *DependencyGraph[T]) AddNode(node T)

Add a node to the graph

func (*DependencyGraph[T]) AddRootNode added in v1.5.6 

func (dg *DependencyGraph[T]) AddRootNode(node T)

Add a root node to the graph

func (*DependencyGraph[T]) Clear added in v1.5.6 

func (dg *DependencyGraph[T]) Clear()

Clear clears the dependency graph

func (*DependencyGraph[T]) GetDependencies added in v1.5.6 

func (dg *DependencyGraph[T]) GetDependencies(pkg T) []T

GetDependencies returns the list of dependencies for the given package Outgoing edges

func (*DependencyGraph[T]) GetDependents added in v1.5.6 

func (dg *DependencyGraph[T]) GetDependents(pkg T) []T

GetDependents returns the list of dependents for the given package Incoming edges

func (*DependencyGraph[T]) GetNodes added in v1.5.6 

func (dg *DependencyGraph[T]) GetNodes() []*DependencyGraphNode[T]

GetNodes returns the list of nodes in the graph

func (*DependencyGraph[T]) GetPackages added in v1.5.6 

func (dg *DependencyGraph[T]) GetPackages() []T

GetPackages returns the list of packages in the graph

func (*DependencyGraph[T]) IsRoot added in v1.5.6 

func (dg *DependencyGraph[T]) IsRoot(data T) bool

func (*DependencyGraph[T]) MarshalJSON added in v1.5.6 

func (dg *DependencyGraph[T]) MarshalJSON() ([]byte, error)

func (*DependencyGraph[T]) PathToRoot added in v1.5.6 

func (dg *DependencyGraph[T]) PathToRoot(pkg T) []T

PathToRoot returns the path from the given package to the root It uses a simple DFS algorithm to find the path. In future, it is likely that we will use a more efficient algorithm like a weighted traversal which is more relevant here because we want to update minimum number of root packages

func (*DependencyGraph[T]) Present added in v1.5.6 

func (dg *DependencyGraph[T]) Present() bool

Present returns true if the dependency graph is present

func (*DependencyGraph[T]) SetPresent added in v1.5.6 

func (dg *DependencyGraph[T]) SetPresent(present bool)

Set present flag for the dependency graph This is useful when we want to indicate that the graph is present because we are building it as an enhancement over our existing list of packages

func (*DependencyGraph[T]) UnmarshalJSON added in v1.5.6 

func (dg *DependencyGraph[T]) UnmarshalJSON(b []byte) error

type DependencyGraphNode added in v1.5.6 

type DependencyGraphNode[T DependencyGraphNodeType] struct {
	Data     T   `json:"data"`
	Children []T `json:"children"`

	// While not relevant for a graph, this is required to identify root packages
	Root bool `json:"root"`
}

DependencyGraphNode represents a node in the dependency graph. It must be serializable to JSON

func (*DependencyGraphNode[T]) SetRoot added in v1.5.6 

func (node *DependencyGraphNode[T]) SetRoot(root bool)

type DependencyGraphNodeType added in v1.5.6 

type DependencyGraphNodeType interface {
	Id() string
}

We are using generics here to make the graph implementation not too coupled with our model types

type Package 

type Package struct {
	lockfile.PackageDetails `json:"package_detail"`

	// Insights obtained for this package
	Insights *insightapi.PackageVersionInsight `json:"insights,omitempty"`

	// This package is a transitive dependency of parent package
	Parent *Package `json:"-"`

	// Depth of this package in dependency tree
	Depth int `json:"depth"`

	// Manifest from where this package was found directly or indirectly
	Manifest *PackageManifest `json:"-"`
}

Represents a package such as a version of a library defined as a dependency in Gemfile.lock, pom.xml etc.

func (*Package) DependencyPath added in v1.5.6 

func (p *Package) DependencyPath() []*Package

DependencyPath returns the path from a root package to this package

func (*Package) GetDependencyGraph added in v1.5.6 

func (p *Package) GetDependencyGraph() *DependencyGraph[*Package]

func (*Package) GetName added in v1.3.0 

func (p *Package) GetName() string

func (*Package) GetSpecEcosystem added in v1.3.0 

func (p *Package) GetSpecEcosystem() modelspec.Ecosystem

FIXME: For SPDX/CycloneDX, package ecosystem may be different from the manifest ecosystem

func (*Package) GetVersion added in v1.3.0 

func (p *Package) GetVersion() string

func (*Package) Id 

func (p *Package) Id() string

Id returns a unique identifier for this package within a manifest It is used to identify a package in the dependency graph It should be reproducible across multiple runs

func (*Package) ShortName 

func (p *Package) ShortName() string

type PackageManifest 

type PackageManifest struct {
	// Filesystem path of this manifest
	Path string `json:"path"`

	// When we scan non-path entities like Github org / repo
	// then only path doesn't make sense, which is more local
	// temporary file path
	DisplayPath string `json:"display_path"`

	// Ecosystem to interpret this manifest
	Ecosystem string `json:"ecosystem"`

	// List of packages obtained by parsing the manifest
	Packages []*Package `json:"packages"`

	// The package depeneny graph representation
	DependencyGraph *DependencyGraph[*Package] `json:"dependency_graph"`
	// contains filtered or unexported fields
}

Represents a package manifest that contains a list of packages. Example: pom.xml, requirements.txt

func NewPackageManifest added in v1.5.6 

func NewPackageManifest(path, ecosystem string) *PackageManifest

func (*PackageManifest) AddPackage 

func (pm *PackageManifest) AddPackage(pkg *Package)

func (*PackageManifest) GetDisplayPath added in v1.3.1 

func (pm *PackageManifest) GetDisplayPath() string

GetDisplayPath returns the [DisplayPath] if available or fallsback to [Path]

func (*PackageManifest) GetPackages added in v1.5.6 

func (pm *PackageManifest) GetPackages() []*Package

GetPackages returns the list of packages in this manifest It uses the DependencyGraph to get the list of packages if available else fallsback to the [Packages] field

func (*PackageManifest) GetPackagesCount added in v1.4.0 

func (pm *PackageManifest) GetPackagesCount() int

func (*PackageManifest) GetPath added in v1.3.0 

func (pm *PackageManifest) GetPath() string

func (*PackageManifest) GetSpecEcosystem added in v1.3.0 

func (pm *PackageManifest) GetSpecEcosystem() modelspec.Ecosystem

func (*PackageManifest) Id added in v1.3.0 

func (pm *PackageManifest) Id() string

func (*PackageManifest) SetDisplayPath added in v1.3.1 

func (pm *PackageManifest) SetDisplayPath(path string)

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.