spdx

package
v0.2.2 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Feb 2, 2022 License: Apache-2.0 Imports: 47 Imported by: 11

Documentation

Overview

SHA1 is the currently accepted hash algorithm for SPDX documents, used for file integrity checks, NOT security. Instances of G401 and G505 can be safely ignored in this file.

ref: https://github.com/spdx/spdx-spec/issues/11

SHA1 is the currently accepted hash algorithm for SPDX documents, used for file integrity checks, NOT security. Instances of G401 and G505 can be safely ignored in this file.

ref: https://github.com/spdx/spdx-spec/issues/11

SHA1 is the currently accepted hash algorithm for SPDX documents, used for file integrity checks, NOT security. Instances of G401 and G505 can be safely ignored in this file.

ref: https://github.com/spdx/spdx-spec/issues/11

Index

Constants

View Source
const (
	GoModFileName = "go.mod"
	GoSumFileName = "go.sum"
)
View Source
const (

	// Consts of some SPDX expressions
	NONE        = "NONE"
	NOASSERTION = "NOASSERTION"
)

Variables

View Source
var DefaultProvenanceOptions = &ProvenanceOptions{
	Relationships: map[string][]RelationshipType{
		"include": {},
		"exclude": {
			EXAMPLE_OF,
			DEPENDS_ON,
		},
	},
}

DefaultProvenanceOptions we consider examples and dependencies as not part of the doc

Functions

func Banner() string

func PullImageToArchive

func PullImageToArchive(referenceString, path string) error

Types

type ArchiveManifest

type ArchiveManifest struct {
	ConfigFilename string   `json:"Config"`
	RepoTags       []string `json:"RepoTags"`
	LayerFiles     []string `json:"Layers"`
}

type ContainerLayerAnalyzer

type ContainerLayerAnalyzer interface {
	ReadPackageData(layerPath string, pkg *Package) error
	CanHandle(layerPath string) (bool, error)
}

ContainerLayerAnalyzer is an interface that knows how to read a known container layer and populate a SPDX package

type ContainerLayerAnalyzerOptions

type ContainerLayerAnalyzerOptions struct {
	LicenseCacheDir string
}

type DocBuilder

type DocBuilder struct {
	// contains filtered or unexported fields
}

DocBuilder is a tool to write spdx manifests

func NewDocBuilder

func NewDocBuilder() *DocBuilder

func (*DocBuilder) Generate

func (db *DocBuilder) Generate(genopts *DocGenerateOptions) (*Document, error)

Generate creates anew SPDX document describing the artifacts specified in the options

type DocBuilderImplementation

type DocBuilderImplementation interface {
	GenerateDoc(*DocBuilderOptions, *DocGenerateOptions) (*Document, error)
	WriteDoc(*Document, string) error
	ReadYamlConfiguration(string, *DocGenerateOptions) error
}

type DocBuilderOptions

type DocBuilderOptions struct {
	WorkDir string // Working directory (defaults to a tmp dir)
}

type DocGenerateOptions

type DocGenerateOptions struct {
	AnalyseLayers       bool                  // A flag that controls if deep layer analysis should be performed
	NoGitignore         bool                  // Do not read exclusions from gitignore file
	ProcessGoModules    bool                  // Analyze go.mod to include data about packages
	OnlyDirectDeps      bool                  // Only include direct dependencies from go.mod
	ScanLicenses        bool                  // Try to look into files to determine their license
	ScanImages          bool                  // When true, scan images for OS information
	ConfigFile          string                // Path to SBOM configuration file
	OutputFile          string                // Output location
	Name                string                // Name to use in the resulting document
	Namespace           string                // Namespace for the document (a unique URI)
	CreatorPerson       string                // Document creator information
	License             string                // Main license of the document
	Tarballs            []string              // A slice of docker archives (tar)
	Archives            []string              // A list of archive files to add as packages
	Files               []string              // A slice of naked files to include in the bom
	Images              []string              // A slice of docker images
	Directories         []string              // A slice of directories to convert into packages
	IgnorePatterns      []string              // A slice of regexp patterns to ignore when scanning dirs
	ExternalDocumentRef []ExternalDocumentRef // List of external documents related to the bom
}

func (*DocGenerateOptions) Validate

func (o *DocGenerateOptions) Validate() error

type Document

type Document struct {
	Version     string // SPDX-2.2
	DataLicense string // CC0-1.0
	ID          string // SPDXRef-DOCUMENT
	Name        string // hello-go-src
	Namespace   string // https://swinslow.net/spdx-examples/example6/hello-go-src-v1
	Creator     struct {
		Person       string // Steve Winslow (steve@swinslow.net)
		Organization string
		Tool         []string // github.com/spdx/tools-golang/builder
	}
	Created            time.Time // 2020-11-24T01:12:27Z
	LicenseListVersion string
	Packages           map[string]*Package
	Files              map[string]*File      // List of files
	ExternalDocRefs    []ExternalDocumentRef // List of related external documents
}

Document abstracts the SPDX document

func NewDocument

func NewDocument() *Document

NewDocument returns a new SPDX document with some defaults preloaded

func OpenDoc

func OpenDoc(path string) (*Document, error)

OpenDoc opens a file, parses a SPDX tag-value file and returns a loaded spdx.Document object. This functions has the cyclomatic chec disabled as it spans specific cases for each of the tags it recognizes. nolint:gocyclo

func (*Document) AddFile

func (d *Document) AddFile(file *File) error

AddFile adds a file contained in the package

func (*Document) AddPackage

func (d *Document) AddPackage(pkg *Package) error

AddPackage adds a new empty package to the document

func (*Document) GetElementByID added in v0.2.2

func (d *Document) GetElementByID(id string) Object

GetPackageByID queries the packages to search for a specific entity by name note that this method returns a copy of the entity if found.

func (*Document) Outline

func (d *Document) Outline(o *DrawingOptions) (outline string, err error)

Outline draws an outline of the relationships inside the doc

func (*Document) Render

func (d *Document) Render() (doc string, err error)

Render reders the spdx manifest

func (*Document) ToProvenanceStatement

func (d *Document) ToProvenanceStatement(opts *ProvenanceOptions) *provenance.Statement

func (*Document) Write

func (d *Document) Write(path string) error

Write outputs the SPDX document into a file

func (*Document) WriteProvenanceStatement added in v0.2.0

func (d *Document) WriteProvenanceStatement(opts *ProvenanceOptions, path string) error

WriteProvenanceStatement writes the sbom as an in-toto provenance statement

type DrawingOptions

type DrawingOptions struct {
	Width       int
	Height      int
	Recursion   int
	DisableTerm bool
	LastItem    bool
	SkipName    bool
	OnlyIDs     bool
	ASCIIOnly   bool
}

type Entity

type Entity struct {
	ID               string            // Identifier string  for the object in the doc
	SourceFile       string            // Local file to read for information
	Name             string            // Name of the package
	DownloadLocation string            // Download point for the entity
	CopyrightText    string            // NOASSERTION
	FileName         string            // Name of the file
	LicenseConcluded string            // LicenseID o NOASSERTION
	Opts             *ObjectOptions    // Entity options
	Relationships    []*Relationship   // List of objects that have a relationship woth this package
	Checksum         map[string]string // Colection of source file checksums
}

func (*Entity) AddRelationship

func (e *Entity) AddRelationship(rel *Relationship)

AddRelated this adds a related object to the file to be rendered on the document. The exact output depends on the related obj options

func (*Entity) BuildID

func (e *Entity) BuildID(seeds ...string)

BuildID sets the file ID, optionally from a series of strings

func (*Entity) GetElementByID added in v0.2.2

func (e *Entity) GetElementByID(string) Object

GetElementByID nil function to be overridden by package and file

func (*Entity) GetRelationships

func (e *Entity) GetRelationships() *[]*Relationship

func (*Entity) Options

func (e *Entity) Options() *ObjectOptions

func (*Entity) ReadChecksums

func (e *Entity) ReadChecksums(filePath string) error

ReadChecksums receives a path to a file and calculates its checksums

func (*Entity) ReadSourceFile

func (e *Entity) ReadSourceFile(path string) error

ReadSourceFile reads the source file for the package and populates

the fields derived from it (Checksums and FileName)

func (*Entity) Render

func (e *Entity) Render() (string, error)

Render is overridden by Package and File with their own variants

func (*Entity) SPDXID

func (e *Entity) SPDXID() string

SPDXID returns the SPDX reference string for the object

func (*Entity) SetSPDXID added in v0.2.2

func (e *Entity) SetSPDXID(id string)

SPDXID returns the SPDX reference string for the object

func (*Entity) ToProvenanceSubject

func (e *Entity) ToProvenanceSubject() *intoto.Subject

ToProvenanceSubject converts the element to an intoto subject, suitable to use inprovenance attestaions

type ExternalDocumentRef

type ExternalDocumentRef struct {
	ID        string            `yaml:"id"`        // Identifier for the external doc (eg "external-source-bom")
	URI       string            `yaml:"uri"`       // URI where the doc can be retrieved
	Checksums map[string]string `yaml:"checksums"` // Document checksums
}

ExternalDocumentRef is a pointer to an external, related document

func (*ExternalDocumentRef) ReadSourceFile

func (ed *ExternalDocumentRef) ReadSourceFile(path string) error

ReadSourceFile populates the external reference data (the sha256 checksum) from a given path

func (*ExternalDocumentRef) String

func (ed *ExternalDocumentRef) String() string

String returns the SPDX string of the external document ref

type ExternalRef

type ExternalRef struct {
	Category string // SECURITY | PACKAGE-MANAGER | PERSISTENT-ID | OTHER
	Type     string // cpe22Type | cpe23Type | maven-central | npm | nuget | bower | purl | swh | other
	Locator  string // unique string with no spaces
}

Example: cpe23Type cpe:2.3:a:base-files:base-files:10.3+deb10u9:*:*:*:*:*:*:*

type File

type File struct {
	Entity
	FileType          []string
	LicenseInfoInFile string // GPL-3.0-or-later
}

File abstracts a file contained in a package

func NewFile

func NewFile() (f *File)

func (*File) BuildID

func (f *File) BuildID(seeds ...string)

BuildID sets the file ID, optionally from a series of strings

func (*File) Draw

func (f *File) Draw(builder *strings.Builder, o *DrawingOptions, depth int, seen *map[string]struct{})

Draw renders the file data as a tree-like structure nolint:gocritic

func (*File) GetElementByID added in v0.2.2

func (f *File) GetElementByID(id string) Object

GetElementByID search the file and its peers looking for the specified SPDX id. If found, the function returns a copy of the object identified by the SPDX-ID provided

func (*File) ReadSourceFile added in v0.2.0

func (f *File) ReadSourceFile(path string) error

func (*File) Render

func (f *File) Render() (docFragment string, err error)

Render renders the document fragment of a file

func (*File) SetEntity

func (f *File) SetEntity(e *Entity)

type GoModDefaultImpl

type GoModDefaultImpl struct {
	// contains filtered or unexported fields
}

func (*GoModDefaultImpl) BuildPackageList

func (di *GoModDefaultImpl) BuildPackageList(gomod *modfile.File) ([]*GoPackage, error)

BuildPackageList builds a slice of packages to assign to the module

func (*GoModDefaultImpl) DownloadPackage

func (di *GoModDefaultImpl) DownloadPackage(pkg *GoPackage, opts *GoModuleOptions, force bool) error

DownloadPackage takes a pkg, downloads it from its src and sets

the download dir in the LocalDir field

func (*GoModDefaultImpl) LicenseReader

func (di *GoModDefaultImpl) LicenseReader() (*license.Reader, error)

LicenseReader returns a license reader

func (*GoModDefaultImpl) OpenModule

func (di *GoModDefaultImpl) OpenModule(opts *GoModuleOptions) (*modfile.File, error)

OpenModule opens the go,mod file for the module and parses it

func (*GoModDefaultImpl) RemoveDownloads

func (di *GoModDefaultImpl) RemoveDownloads(packageList []*GoPackage) error

RemoveDownloads takes a list of packages and remove its downloads

func (*GoModDefaultImpl) ScanPackageLicense

func (di *GoModDefaultImpl) ScanPackageLicense(
	pkg *GoPackage, reader *license.Reader, opts *GoModuleOptions) error

ScanPackageLicense scans a package for licensing info

type GoModImplementation

type GoModImplementation interface {
	OpenModule(*GoModuleOptions) (*modfile.File, error)
	BuildPackageList(*modfile.File) ([]*GoPackage, error)
	DownloadPackage(*GoPackage, *GoModuleOptions, bool) error
	RemoveDownloads([]*GoPackage) error
	LicenseReader() (*license.Reader, error)
	ScanPackageLicense(*GoPackage, *license.Reader, *GoModuleOptions) error
}

type GoModule

type GoModule struct {
	GoMod *modfile.File

	Packages []*GoPackage // maps of package download locations
	// contains filtered or unexported fields
}

GoModule abstracts the go module data of a project

func NewGoModule

func NewGoModule() *GoModule

func NewGoModuleFromPath

func NewGoModuleFromPath(path string) (*GoModule, error)

NewGoModule returns a new go module from the specified path

func (*GoModule) BuildFullPackageList

func (mod *GoModule) BuildFullPackageList(g *modfile.File) (packageList []*GoPackage, err error)

BuildFullPackageList return the complete of packages imported into the module, instead of reading go.mod, this functions calls go list and works from there

func (*GoModule) DownloadPackages

func (mod *GoModule) DownloadPackages() error

DownloadPackages downloads all the module's packages to the local disk

func (*GoModule) Open

func (mod *GoModule) Open() error

Initializes a go module from the specified path

func (*GoModule) Options

func (mod *GoModule) Options() *GoModuleOptions

Options returns a pointer to the module options set

func (*GoModule) RemoveDownloads

func (mod *GoModule) RemoveDownloads() error

RemoveDownloads cleans all downloads

func (*GoModule) ScanLicenses

func (mod *GoModule) ScanLicenses() error

ScanLicenses scans the licenses and populats the fields

type GoModuleOptions

type GoModuleOptions struct {
	Path           string // Path to the dir where go.mod resides
	OnlyDirectDeps bool   // Only include direct dependencies from go.mod
	ScanLicenses   bool   // Scan licenses from everypossible place unless false
}

type GoPackage

type GoPackage struct {
	TmpDir        bool
	ImportPath    string
	Revision      string
	LocalDir      string
	LocalInstall  string
	LicenseID     string
	CopyrightText string
}

GoPackage basic pkg data we need

func (*GoPackage) ToSPDXPackage

func (pkg *GoPackage) ToSPDXPackage() (*Package, error)

SPDXPackage builds a spdx package from the go package data

type ImageAnalyzer

type ImageAnalyzer struct {
	Analyzers map[string]ContainerLayerAnalyzer
}

ImageAnalyzer is an object that checks images to see if we can add more

information to a spdx package based on its content. Each analyzer is
written specifically for a layer type. The idea is to be able to enrich
common base images with more data to have the most common images covered.

func NewImageAnalyzer

func NewImageAnalyzer() *ImageAnalyzer

func (*ImageAnalyzer) AnalyzeLayer

func (ia *ImageAnalyzer) AnalyzeLayer(layerPath string, pkg *Package) error

AnalyzeLayer is the main method of the analyzer

it will query each of the analyzers to see if we can
extract more image from the layer and enrich the
spdx package referenced by pkg

type Object

type Object interface {
	SPDXID() string
	SetSPDXID(string)
	ReadSourceFile(string) error
	Render() (string, error)
	BuildID(seeds ...string)
	SetEntity(*Entity)
	AddRelationship(*Relationship)
	GetRelationships() *[]*Relationship
	ToProvenanceSubject() *intoto.Subject

	GetElementByID(string) Object
	// contains filtered or unexported methods
}

Object is an interface that dictates the common methods of spdx objects. Currently this includes files and packages.

type ObjectOptions

type ObjectOptions struct {
	Prefix  string
	WorkDir string
}

type Options

type Options struct {
	AnalyzeLayers    bool
	NoGitignore      bool     // Do not read exclusions from gitignore file
	ProcessGoModules bool     // If true, spdx will check if dirs are go modules and analize the packages
	OnlyDirectDeps   bool     // Only include direct dependencies from go.mod
	ScanLicenses     bool     // Scan licenses from everypossible place unless false
	AddTarFiles      bool     // Scan and add files inside of tarfiles
	ScanImages       bool     // When true, scan container images for OS information
	LicenseCacheDir  string   // Directory to cache SPDX license downloads
	LicenseData      string   // Directory to store the SPDX licenses
	IgnorePatterns   []string // Patterns to ignore when scanning file
}

type Package

type Package struct {
	Entity
	sync.RWMutex
	FilesAnalyzed        bool     // true
	VerificationCode     string   // 6486e016b01e9ec8a76998cefd0705144d869234
	LicenseInfoFromFiles []string // GPL-3.0-or-later
	LicenseDeclared      string   // GPL-3.0-or-later
	LicenseComments      string   // record any relevant background information or analysis that went in to arriving at the Concluded License
	Version              string   // Package version
	Comment              string   // a place for the SPDX document creator to record any general comments

	// Supplier: the actual distribution source for the package/directory
	Supplier struct {
		Person       string // person name and optional (<email>)
		Organization string // organization name and optional (<email>)
	}
	// Originator: For example, the SPDX file identifies the package glibc and Red Hat as the Package Supplier,
	// but the Free Software Foundation is the Package Originator.
	Originator struct {
		Person       string // person name and optional (<email>)
		Organization string // organization name and optional (<email>)
	}

	ExternalRefs []ExternalRef // List of external references
}

Package groups a set of files

func NewPackage

func NewPackage() (p *Package)

func (*Package) AddDependency

func (p *Package) AddDependency(pkg *Package) error

AddDependency adds a new subpackage as a dependency

func (*Package) AddFile

func (p *Package) AddFile(file *File) error

AddFile adds a file contained in the package

func (*Package) AddPackage

func (p *Package) AddPackage(pkg *Package) error

AddPackage adds a new subpackage to a package

func (*Package) BuildID

func (p *Package) BuildID(seeds ...string)

BuildID sets the file ID, optionally from a series of strings

func (*Package) CheckRelationships

func (p *Package) CheckRelationships() error

CheckRelationships ensures al linked relationships are complete before rendering.

func (*Package) Draw

func (p *Package) Draw(builder *strings.Builder, o *DrawingOptions, depth int, seen *map[string]struct{})

Draw renders the package data as a tree-like structure nolint:gocritic

func (*Package) Files

func (p *Package) Files() []*File

Files returns all contained files in the package

func (*Package) GetElementByID added in v0.2.2

func (p *Package) GetElementByID(id string) Object

GetElementByID search the package and its peers looking for the specified SPDX id. If found, the function returns a copy of the object

func (*Package) ReadSourceFile added in v0.2.0

func (p *Package) ReadSourceFile(path string) error

ReadSourceFile reads a file from the filesystem and assigns its properties to the package metadata

func (*Package) Render

func (p *Package) Render() (docFragment string, err error)

Render renders the document fragment of the package

func (*Package) SetEntity

func (p *Package) SetEntity(e *Entity)

type ProvenanceOptions

type ProvenanceOptions struct {
	Relationships map[string][]RelationshipType
}

type Relationship

type Relationship struct {
	FullRender       bool             // Flag, then true the package will be rendered in the doc
	PeerReference    string           // SPDX Ref of the peer object. Will override the ID of provided package if set
	PeerExtReference string           // External doc reference if peer is a different doc
	Comment          string           // Relationship ship commnet
	Type             RelationshipType // Relationship of the specified package
	Peer             Object           // SPDX object that acts as peer
}

func (*Relationship) Render

func (ro *Relationship) Render(hostObject Object) (string, error)

type RelationshipType

type RelationshipType string
const (
	DESCRIBES              RelationshipType = "DESCRIBES"
	DESCRIBED_BY           RelationshipType = "DESCRIBED_BY"
	CONTAINS               RelationshipType = "CONTAINS"
	CONTAINED_BY           RelationshipType = "CONTAINED_BY"
	DEPENDS_ON             RelationshipType = "DEPENDS_ON"
	DEPENDENCY_OF          RelationshipType = "DEPENDENCY_OF"
	DEPENDENCY_MANIFEST_OF RelationshipType = "DEPENDENCY_MANIFEST_OF"
	BUILD_DEPENDENCY_OF    RelationshipType = "BUILD_DEPENDENCY_OF"
	DEV_DEPENDENCY_OF      RelationshipType = "DEV_DEPENDENCY_OF"
	OPTIONAL_DEPENDENCY_OF RelationshipType = "OPTIONAL_DEPENDENCY_OF"
	PROVIDED_DEPENDENCY_OF RelationshipType = "PROVIDED_DEPENDENCY_OF"
	TEST_DEPENDENCY_OF     RelationshipType = "TEST_DEPENDENCY_OF"
	RUNTIME_DEPENDENCY_OF  RelationshipType = "RUNTIME_DEPENDENCY_OF"
	EXAMPLE_OF             RelationshipType = "EXAMPLE_OF"
	GENERATES              RelationshipType = "GENERATES"
	GENERATED_FROM         RelationshipType = "GENERATED_FROM"
	ANCESTOR_OF            RelationshipType = "ANCESTOR_OF"
	DESCENDANT_OF          RelationshipType = "DESCENDANT_OF"
	VARIANT_OF             RelationshipType = "VARIANT_OF"
	DISTRIBUTION_ARTIFACT  RelationshipType = "DISTRIBUTION_ARTIFACT"
	PATCH_FOR              RelationshipType = "PATCH_FOR"
	PATCH_APPLIED          RelationshipType = "PATCH_APPLIED"
	COPY_OF                RelationshipType = "COPY_OF"
	FILE_ADDED             RelationshipType = "FILE_ADDED"
	FILE_DELETED           RelationshipType = "FILE_DELETED"
	FILE_MODIFIED          RelationshipType = "FILE_MODIFIED"
	EXPANDED_FROM_ARCHIVE  RelationshipType = "EXPANDED_FROM_ARCHIVE"
	DYNAMIC_LINK           RelationshipType = "DYNAMIC_LINK"
	STATIC_LINK            RelationshipType = "STATIC_LINK"
	DATA_FILE_OF           RelationshipType = "DATA_FILE_OF"
	TEST_CASE_OF           RelationshipType = "TEST_CASE_OF"
	BUILD_TOOL_OF          RelationshipType = "BUILD_TOOL_OF"
	DEV_TOOL_OF            RelationshipType = "DEV_TOOL_OF"
	TEST_OF                RelationshipType = "TEST_OF"
	TEST_TOOL_OF           RelationshipType = "TEST_TOOL_OF"
	DOCUMENTATION_OF       RelationshipType = "DOCUMENTATION_OF"
	OPTIONAL_COMPONENT_OF  RelationshipType = "OPTIONAL_COMPONENT_OF"
	METAFILE_OF            RelationshipType = "METAFILE_OF"
	PACKAGE_OF             RelationshipType = "PACKAGE_OF"
	AMENDS                 RelationshipType = "AMENDS"
	PREREQUISITE_FOR       RelationshipType = "PREREQUISITE_FOR"
	HAS_PREREQUISITE       RelationshipType = "HAS_PREREQUISITE"
	OTHER                  RelationshipType = "OTHER"
)

type SPDX

type SPDX struct {
	// contains filtered or unexported fields
}

func NewSPDX

func NewSPDX() *SPDX

func (*SPDX) AnalyzeImageLayer

func (spdx *SPDX) AnalyzeImageLayer(layerPath string, pkg *Package) error

AnalyzeLayer uses the collection of image analyzers to see if

it matches a known image from which a spdx package can be
enriched with more information

func (*SPDX) ExtractTarballTmp

func (spdx *SPDX) ExtractTarballTmp(tarPath string) (tmpDir string, err error)

ExtractTarballTmp extracts a tarball to a temp file

func (*SPDX) FileFromPath

func (spdx *SPDX) FileFromPath(filePath string) (*File, error)

FileFromPath creates a File object from a path

func (*SPDX) ImageRefToPackage

func (spdx *SPDX) ImageRefToPackage(reference string) (pkg *Package, err error)

ImageRefToPackage gets an image reference (tag or digest) and returns a spdx package describing it. It can take two forms:

  • When the reference is a digest (or single image), a single package describing the layers is returned
  • When the reference is an image index, the returned package is a package referencing each of the images, each in its own packages. All subpackages are returned with a relationship of VARIANT_OF

func (*SPDX) Options

func (spdx *SPDX) Options() *Options

func (*SPDX) PackageFromArchive added in v0.2.0

func (spdx *SPDX) PackageFromArchive(archivePath string) (imagePackage *Package, err error)

PackageFromArchive returns a SPDX package from a tarball

func (*SPDX) PackageFromDirectory

func (spdx *SPDX) PackageFromDirectory(dirPath string) (pkg *Package, err error)

PackageFromDirectory indexes all files in a directory and builds a SPDX package describing its contents

func (*SPDX) PackageFromImageTarball

func (spdx *SPDX) PackageFromImageTarball(tarPath string) (imagePackage *Package, err error)

PackageFromImageTarball returns a SPDX package from a tarball

func (*SPDX) PullImagesToArchive

func (spdx *SPDX) PullImagesToArchive(reference, path string) ([]struct {
	Reference string
	Archive   string
	Arch      string
	OS        string
}, error)

PullImagesToArchive

func (*SPDX) SetImplementation

func (spdx *SPDX) SetImplementation(impl spdxImplementation)

type TarballOptions

type TarballOptions struct {
	ExtractDir string // Directory where the docker tar archive will be extracted
	AddFiles   bool
}

ImageOptions set of options for processing tar files

type YamlBOMConfiguration

type YamlBOMConfiguration struct {
	Namespace string `yaml:"namespace"`
	License   string `yaml:"license"` // Document wide license
	Name      string `yaml:"name"`
	Creator   struct {
		Person string `yaml:"person"`
		Tool   string `yaml:"tool"`
	} `yaml:"creator"`
	ExternalDocRefs []ExternalDocumentRef `yaml:"external-docs"`
	Artifacts       []*YamlBuildArtifact  `yaml:"artifacts"`
}

type YamlBuildArtifact

type YamlBuildArtifact struct {
	Type      string `yaml:"type"` //  directory
	Source    string `yaml:"source"`
	License   string `yaml:"license"`   // SPDX license ID Apache-2.0
	GoModules *bool  `yaml:"gomodules"` // Shoud we scan go modules
}

Directories

Path Synopsis
Code generated by counterfeiter.
Code generated by counterfeiter.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL