README
¶
gosupplychain
Tools to help audit dependencies, check licenses, and create bill-of-materials
Sub-packages
golist is wrappers around the command "go list". It is meant to be generic.
Related projects
Libraries
- go-license golang package to detect OSS licenses
Services
- goreportcard Online service to evaluate golang packages
- libraries.io Allows searching and filtering of golang libraries by license type
- github v3 API Github provides an API to guess the license of a repo blog
Tools
- godep golang tool to do "vendoring"
- licentia Manage and update license files
- anderson tool to white and blacklist licenses in your golang project
Specs
Documentation
¶
Index ¶
- Variables
- func GetLicense(path string) license.License
- func GitCommitsBehind(dir string, hash string) (int, error)
- func GoPkgInToGitHub(name string) string
- func IsLegalFile(filename string) bool
- func IsLicenseFile(filename string) bool
- func LinkToFile(pkg, file, rev string) string
- type Cmd
- type Commit
- type CommitMini
- type Dependency
- type GitHub
- func (gh GitHub) GetFileContents(owner, repo, tree, filepath string) (string, error)
- func (gh GitHub) GetFileContentsURL(owner, repo, sha, filepath string) string
- func (gh GitHub) GetTreeFiles(owner string, repo string, sha string) ([]GitHubFile, error)
- func (gh GitHub) GuessLicenseFromRepo(owner string, repo string, sha string) (license.License, error)
- func (gh GitHub) SearchByUsers(oauthToken string, searchQuery string, users []string) ([]User, error)
- type GitHubFile
- type GoDepDependency
- type Godeps
- type ImportStatus
- type LicenseMeta
- type MetaGoImport
- type MetaGoSource
- type Project
- type Repo
- type TagCmd
- type User
Constants ¶
This section is empty.
Variables ¶
var LegalFileSubstring = []string{
"legal",
"notice",
"disclaimer",
"patent",
"third-party",
"thirdparty",
}
LegalFileSubstring are substrings that indicate the file is likely to contain some type of legal declaration. "legal" is often used that it might moved to LicenseFilePrefix
var LicenseFilePrefix = []string{
"licence",
"license",
"copying",
"unlicense",
"copyright",
"copyleft",
}
LicenseFilePrefix is a list of filename prefixes that indicate it might contain a software license
var Meta = map[string]LicenseMeta{
"Apache-2.0": {
FullName: "Apache License 2.0",
LinkOriginal: "http://www.apache.org/licenses/license-2.0",
LinkOSI: "http://opensource.org/licenses/Apache-2.0",
LinkCAL: "http://choosealicense.com/licenses/apache-2.0/",
LinkTLDR: "https://tldrlegal.com/license/apache-license-2.0-(apache-2.0)",
LinkWikipedia: "https://en.wikipedia.org/wiki/Apache_License",
},
"NewBSD": {
FullName: "BSD 3-Clause License",
LinkOSI: "http://opensource.org/licenses/BSD-3-Clause",
LinkCAL: "http://choosealicense.com/licenses/bsd-3-clause/",
LinkTLDR: "https://tldrlegal.com/license/bsd-3-clause-license-(revised)",
LinkWikipedia: "https://en.wikipedia.org/wiki/BSD_licenses",
},
"FreeBSD": {
FullName: "BSD 2-Clause License",
LinkOSI: "http://opensource.org/licenses/BSD-2-Clause",
LinkCAL: "http://choosealicense.com/licenses/bsd-2-clause/",
LinkTLDR: "https://tldrlegal.com/license/bsd-2-clause-license-(freebsd)",
LinkWikipedia: "https://en.wikipedia.org/wiki/BSD_licenses",
},
"GPL-2.0": {
FullName: "GNU General Public License v2",
LinkOriginal: "http://www.gnu.org/licenses/old-licenses/gpl-2.0.html",
LinkOSI: "http://opensource.org/licenses/GPL-2.0",
LinkCAL: "http://choosealicense.com/licenses/gpl-2.0/",
LinkTLDR: "https://tldrlegal.com/license/gnu-general-public-license-v2",
LinkWikipedia: "https://en.wikipedia.org/wiki/GNU_General_Public_License",
},
"GPL-3.0": {
FullName: "GNU General Public License v3",
LinkOriginal: "http://www.gnu.org/licenses/gpl.html",
LinkOSI: "http://opensource.org/licenses/GPL-3.0",
LinkCAL: "http://choosealicense.com/licenses/gpl-3.0/",
LinkTLDR: "https://tldrlegal.com/license/gnu-general-public-license-v3-(gpl-3)",
LinkWikipedia: "https://en.wikipedia.org/wiki/GNU_General_Public_License",
},
"LGPL-2.1": {
FullName: "GNU Lesser General Public License v2.1",
LinkOriginal: "http://www.gnu.org/licenses/old-licenses/lgpl-2.1.html",
LinkOSI: "http://opensource.org/licenses/LGPL-2.1",
LinkCAL: "http://choosealicense.com/licenses/lgpl-2.1/",
LinkTLDR: "https://tldrlegal.com/license/gnu-lesser-general-public-license-v2.1-(lgpl-2.1)",
LinkWikipedia: "https://en.wikipedia.org/wiki/GNU_Lesser_General_Public_License",
},
"LGPL-3.0": {
FullName: "GNU Lesser General Public License v3.0",
LinkOriginal: "http://www.gnu.org/licenses/lgpl.html",
LinkOSI: "http://opensource.org/licenses/LGPL-3.0",
LinkCAL: "http://choosealicense.com/licenses/lgpl-3.0/",
LinkTLDR: "https://tldrlegal.com/license/gnu-general-public-license-v3-(gpl-3)",
LinkWikipedia: "https://en.wikipedia.org/wiki/GNU_Lesser_General_Public_License",
},
"MIT": {
FullName: "MIT License",
LinkOSI: "http://opensource.org/licenses/MIT",
LinkCAL: "http://choosealicense.com/licenses/mit/",
LinkTLDR: "https://tldrlegal.com/license/mit-license",
LinkWikipedia: "https://en.wikipedia.org/wiki/MIT_License",
},
"MPL-2.0": {
FullName: "Mozilla Public License 2.0",
LinkOriginal: "https://www.mozilla.org/en-US/MPL/2.0/",
LinkOSI: "http://opensource.org/licenses/MPL-2.0",
LinkCAL: "http://choosealicense.com/licenses/mpl-2.0/",
LinkTLDR: "https://tldrlegal.com/license/mozilla-public-license-2.0-(mpl-2)",
LinkWikipedia: "https://en.wikipedia.org/wiki/Mozilla_Public_License",
},
"AGPL-3.0": {
FullName: "GNU Affero General Public License",
LinkOriginal: "http://www.gnu.org/licenses/agpl.html",
LinkOSI: "http://opensource.org/licenses/AGPL-3.0",
LinkCAL: "http://choosealicense.com/licenses/agpl-3.0/",
LinkWikipedia: "https://en.wikipedia.org/wiki/Affero_General_Public_License",
},
"WTFPL-2.0": {
FullName: "Do What The Fuck You Want To Public License",
LinkOriginal: "http://www.wtfpl.net/txt/copying/",
LinkTLDR: "https://tldrlegal.com/license/do-wtf-you-want-to-public-license-v2-(wtfpl-2.0)",
LinkWikipedia: "https://en.wikipedia.org/wiki/WTFPL",
},
"CDDL-1.0": {
FullName: "Common Development and Distribution License",
LinkTLDR: "https://tldrlegal.com/license/common-development-and-distribution-license-(cddl-1.0)-explained",
LinkWikipedia: "https://en.wikipedia.org/wiki/Common_Development_and_Distribution_License",
},
"EPL-1.0": {
FullName: "Eclipse Public License 1.0",
LinkOriginal: "https://www.eclipse.org/legal/epl-v10.html",
LinkTLDR: "https://tldrlegal.com/license/eclipse-public-license-1.0-(epl-1.0)",
LinkWikipedia: "https://en.wikipedia.org/wiki/Eclipse_Public_License",
},
"Unlicense": {
FullName: "Unlicense",
LinkOriginal: "http://unlicense.org",
},
}
Meta is a mapping from license tokens to meta data.
var ShowCmd bool
ShowCmd controls whether VCS commands are printed.
var Verbose bool
Verbose enables verbose operation logging.
Functions ¶
func GitCommitsBehind ¶
GitCommitsBehind counts the number of commits a directory is behind master
func GoPkgInToGitHub ¶
GoPkgInToGitHub converts a "gopkg.in" to a github repo link
func IsLegalFile ¶
IsLegalFile returns true if the file is likely to contain some type of of legal declaration or licensing information
func IsLicenseFile ¶
IsLicenseFile returns true if the filename might be contain a software license
func LinkToFile ¶
LinkToFile returns a URL that links to particular revision of a file or empty
Types ¶
type Cmd ¶
type Cmd struct {
Name string
Cmd string // name of binary to invoke command
CreateCmd string // command to download a fresh copy of a repository
TagLookupCmd []TagCmd // commands to lookup tags before running tagSyncCmd
TagSyncCmd string // command to sync to specific tag
TagSyncDefault string // command to sync to default tag
LogCmd string // command to list repository changelogs in an XML format
}
Cmd is a bad abstraction around a VCS command
func ByCmd ¶
ByCmd returns the version control system for the given command name (hg, git, svn, bzr).
func (*Cmd) Create ¶
Create creates a new copy of repo in dir. The parent of dir must exist; dir must not.
func (*Cmd) Log ¶
Log logs the changes for the repo in dir. dir must be a valid VCS repo compatible with v.
WARNING: this does not issue a "download" or "sync" command.
type Commit ¶
Commit contains meta data about a single commit
func GetLastCommit ¶
GetLastCommit returns meta data on the last commit
type CommitMini ¶
type Dependency ¶
Dependency contains meta data on a external dependency
func LoadDependencies ¶
func LoadDependencies(pkgs []string, ignores []string) ([]Dependency, error)
LoadDependencies is not done
type GitHub ¶
GitHub is a VCS
func (GitHub) GetFileContents ¶
GetFileContents down loads a file
func (GitHub) GetFileContentsURL ¶
GetFileContentsURL generates a download URL
func (GitHub) GetTreeFiles ¶
GetTreeFiles returns the list of files given a tree.
sha must be a valid git sha value or "master"
type GitHubFile ¶
GitHubFile is contains everything needed to represent a file at a point in time
Likely to be generalized later
func (GitHubFile) RawURL ¶
func (file GitHubFile) RawURL() string
RawURL returns a URL to the raw content, without formatting
func (GitHubFile) WebURL ¶
func (file GitHubFile) WebURL() string
WebURL returns a human-friend URL to github
type GoDepDependency ¶
type GoDepDependency struct {
ImportPath string
Comment string `json:",omitempty"` // Description of commit, if present.
Rev string // VCS-specific commit ID.
}
A GoDepDependency is a specific revision of a package.
type Godeps ¶
type Godeps struct {
ImportPath string
GoVersion string
Packages []string `json:",omitempty"` // Arguments to save, if any.
Deps []GoDepDependency
}
Godeps describes what a package needs to be rebuilt reproducibly. It's the same information stored in file Godeps.
func LoadGodepsFile ¶
LoadGodepsFile loads a godeps file
type ImportStatus ¶
type ImportStatus struct {
Root string // root import
Status string // ahead, or behind
Commits []CommitMini // specific
}
func Behind ¶
func Behind(githubToken string, godepFile string) []ImportStatus
Behind takes a github token and a godep file
and returns a list of dependencies and if they are out of date
type LicenseMeta ¶
type LicenseMeta struct {
FullName string // Full name in English
LinkOriginal string // Link to original license source
LinkOSI string // Link to The Open Source Initiative, http://opensource.org
LinkOSIAlt string // Alternate link for The Open Source Initiative (normally old)
LinkCAL string // Link to "Choose a License"
LinkTLDR string // Link to "TLDR;Legal"
LinkWikipedia string // Link to Wikipedia
}
LicenseMeta is struct containing various meta data about a license including names and links to other websites.
type MetaGoImport ¶
MetaGoImport represents the values in a go-import meta tag.
type MetaGoSource ¶
type MetaGoSource struct {
ProjectRoot string
ProjectURL string
DirTemplate string
FileTemplate string
}
MetaGoSource represents the values in a go-source meta tag.
func (MetaGoSource) DirURL ¶
func (mgs MetaGoSource) DirURL(dir string) string
DirURL returns a URL pointing to the VCS directory
func (MetaGoSource) FileURL ¶
func (mgs MetaGoSource) FileURL(dir, file string) string
FileURL returns a URL points to the VCS File
type Project ¶
Project contains VCS project data Notes:
go-source meta tag: https://github.com/golang/gddo/wiki/Source-Code-Links https://github.com/golang/gddo/blob/master/gosrc/gosrc.go
Project contains an amalgamation of package, commit, repo, and license information
Source Files
Directories