README
¶
SPDX tools-golang
tools-golang
is a collection of Go packages intended to make it easier for
Go programs to work with SPDX® files.
Recent news
2022-01-11: v0.4.0: added support for SPDX v2.3 and YAML, as well as other improvements and bugfixes. See RELEASE-NOTES.md for full details.
What it does
tools-golang currently works with files conformant to versions 2.1 and 2.2 of the SPDX specification, available at: https://spdx.dev/specifications
tools-golang provides the following packages:
- spdx - in-memory data model for the sections of an SPDX document
- tagvalue - tag-value document reader and writer
- rdf - RDF document reader
- json - JSON document reader and writer
- yaml - YAML document reader and writer
- builder - builds "empty" SPDX document (with hashes) for directory contents
- idsearcher - searches for SPDX short-form IDs and builds an SPDX document
- licensediff - compares concluded licenses between files in two packages
- reporter - generates basic license count report from an SPDX document
- spdxlib - various utility functions for manipulating SPDX documents in memory
- utils - various utility functions that support the other tools-golang packages
Examples for how to use these packages can be found in the examples/
directory.
What it doesn't do
tools-golang
doesn't currently support files under any version of the SPDX spec prior to v2.1
Documentation
SPDX tools-golang documentation is available on the pkg.go.dev website at https://pkg.go.dev/github.com/spdx/tools-golang.
Contributors
Thank you to all of the contributors to spdx/tools-golang. A full list can be found in the GitHub repo and in the release notes.
In particular, thank you to the following for major contributions:
JSON parsing and saving support was added by @specter25 as part of his Google Summer of Code 2021 project.
RDF parsing support was added by @RishabhBhatnagar as part of his Google Summer of Code 2020 project.
Licenses
As indicated in LICENSE-code
, tools-golang source code files are
provided and may be used, at your option, under either:
- Apache License, version 2.0 (Apache-2.0), OR
- GNU General Public License, version 2.0 or later (GPL-2.0-or-later).
As indicated in LICENSE-docs
, tools-golang documentation files are
provided and may be used under the Creative Commons Attribution
4.0 International license (CC-BY-4.0).
This README.md
file is documentation:
SPDX-License-Identifier: CC-BY-4.0
Security
For security policy and reporting security issues, please refer to SECURITY.md
Directories
¶
Path | Synopsis |
---|---|
Package builder is used to create tools-golang data structures for a given directory path's contents, with hashes, etc.
|
Package builder is used to create tools-golang data structures for a given directory path's contents, with hashes, etc. |
examples
|
|
10-jsonloader
This example demonstrates loading an SPDX JSON document from disk into memory, and then logging some attributes to the console.
|
This example demonstrates loading an SPDX JSON document from disk into memory, and then logging some attributes to the console. |
12-tvtoyaml
This example demonstrates loading an SPDX tag-value file from disk into memory, and re-saving it to a different json file on disk.
|
This example demonstrates loading an SPDX tag-value file from disk into memory, and re-saving it to a different json file on disk. |
13-yamlloader
This example demonstrates loading an SPDX YAML document from disk into memory, and then logging some attributes to the console.
|
This example demonstrates loading an SPDX YAML document from disk into memory, and then logging some attributes to the console. |
5-report
This example demonstrates loading an SPDX tag-value file from disk into memory, generating a basic report listing counts of the concluded licenses for its files, and printing the report to standard output.
|
This example demonstrates loading an SPDX tag-value file from disk into memory, generating a basic report listing counts of the concluded licenses for its files, and printing the report to standard output. |
6-licensediff
This example demonstrates loading two SPDX tag-value files from disk into memory, and generating a diff of the concluded licenses for Files in Packages with matching IDs in each document.
|
This example demonstrates loading two SPDX tag-value files from disk into memory, and generating a diff of the concluded licenses for Files in Packages with matching IDs in each document. |
7-rdfloader
SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later Run project: go run exampleRDFLoader.go ../sample-docs/rdf/SPDXRdfExample-v2.2.spdx.rdf
|
SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later Run project: go run exampleRDFLoader.go ../sample-docs/rdf/SPDXRdfExample-v2.2.spdx.rdf |
8-jsontotv
This example demonstrates loading an SPDX json from disk into memory, and then re-saving it to a different file on disk in tag-value format .
|
This example demonstrates loading an SPDX json from disk into memory, and then re-saving it to a different file on disk in tag-value format . |
9-tvtojson
This example demonstrates loading an SPDX tag-value file from disk into memory, and re-saving it to a different json file on disk.
|
This example demonstrates loading an SPDX tag-value file from disk into memory, and re-saving it to a different json file on disk. |
Package idsearcher is used to search for short-form IDs in files within a directory, and to build an SPDX Document containing those license findings.
|
Package idsearcher is used to search for short-form IDs in files within a directory, and to build an SPDX Document containing those license findings. |
Package licensediff is used to generate a "diff" between the concluded licenses in two SPDX Packages, using the filename as the match point.
|
Package licensediff is used to generate a "diff" between the concluded licenses in two SPDX Packages, using the filename as the match point. |
Package reporter contains functions to generate a basic license count report from an in-memory SPDX Package section whose Files have been analyzed.
|
Package reporter contains functions to generate a basic license count report from an in-memory SPDX Package section whose Files have been analyzed. |
Package spdx contains references to the latest spdx version
|
Package spdx contains references to the latest spdx version |
v2/v2_1
Package spdx contains the struct definition for an SPDX Document and its constituent parts.
|
Package spdx contains the struct definition for an SPDX Document and its constituent parts. |
v2/v2_1/tagvalue/reader
Package parser2v1 contains functions to read, load and parse SPDX tag-value files.
|
Package parser2v1 contains functions to read, load and parse SPDX tag-value files. |
v2/v2_1/tagvalue/writer
Package saver2v1 contains functions to render and write a tag-value formatted version of an in-memory SPDX document and its sections (version 2.1).
|
Package saver2v1 contains functions to render and write a tag-value formatted version of an in-memory SPDX document and its sections (version 2.1). |
v2/v2_2
Package spdx contains the struct definition for an SPDX Document and its constituent parts.
|
Package spdx contains the struct definition for an SPDX Document and its constituent parts. |
v2/v2_2/rdf/reader
SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later copied from tvloader/parser2v2/types.go
|
SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later copied from tvloader/parser2v2/types.go |
v2/v2_2/tagvalue/reader
Package parser2v2 contains functions to read, load and parse SPDX tag-value files, version 2.2.
|
Package parser2v2 contains functions to read, load and parse SPDX tag-value files, version 2.2. |
v2/v2_2/tagvalue/writer
Package saver2v2 contains functions to render and write a tag-value formatted version of an in-memory SPDX document and its sections (version 2.2).
|
Package saver2v2 contains functions to render and write a tag-value formatted version of an in-memory SPDX document and its sections (version 2.2). |
v2/v2_3
Package v2_3 Package contains the struct definition for an SPDX Document and its constituent parts.
|
Package v2_3 Package contains the struct definition for an SPDX Document and its constituent parts. |
v2/v2_3/rdf/reader
SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later copied from tvloader/parser2v3/types.go
|
SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later copied from tvloader/parser2v3/types.go |
v2/v2_3/tagvalue/reader
Package reader contains functions to read, load and parse SPDX tag-value files.
|
Package reader contains functions to read, load and parse SPDX tag-value files. |
v2/v2_3/tagvalue/writer
Package saver2v3 contains functions to render and write a tag-value formatted version of an in-memory SPDX document and its sections.
|
Package saver2v3 contains functions to render and write a tag-value formatted version of an in-memory SPDX document and its sections. |
Package spdxlib contains convenience and utility functions for working with an SPDX document that has already been created in memory.
|
Package spdxlib contains convenience and utility functions for working with an SPDX document that has already been created in memory. |
Package tvloader is used to load and parse SPDX tag-value documents into tools-golang data structures.
|
Package tvloader is used to load and parse SPDX tag-value documents into tools-golang data structures. |
Package utils contains various utility functions to support the main tools-golang packages.
|
Package utils contains various utility functions to support the main tools-golang packages. |