Documentation ¶
Index ¶
Constants ¶
This section is empty.
Variables ¶
var DefaultDenyAll = Rule{ Name: "default-deny-all", Glob: glob.MustCompile("*"), Exceptions: []glob.Glob{}, Mode: Deny, Reason: "grant by default will deny all licenses", }
Functions ¶
This section is empty.
Types ¶
type Case ¶
type Case struct { // SBOMS is a list of SBOMs that were generated for the user input SBOMS []sbom.SBOM // Licenses is a list of licenses that were generated for the user input Licenses []License // UserInput is the string that was supplied by the user to build the case UserInput string }
Case is a collection of SBOMs and Licenses that are evaluated for a given UserInput
type CaseHandler ¶
type CaseHandler struct {
Backend *backend.ClassifierBackend
}
func NewCaseHandler ¶
func NewCaseHandler() (*CaseHandler, error)
func (*CaseHandler) Close ¶
func (ch *CaseHandler) Close()
type License ¶
type License struct { // SPDXExpression is the SPDX expression for the license ID LicenseID `json:"id"` SPDXExpression string `json:"spdxExpression"` // Name is the name of the individual license if SPDXExpression is unset Name string `json:"name"` // Contents are the text of the license Contents string `json:"value"` // Locations are the paths for a package that show evidence of the license Locations []string `json:"location"` // These fields are lifted from the SPDX license list. // internal/spdxlicnse/license.go Reference string `json:"reference"` IsDeprecatedLicenseID bool `json:"isDeprecatedLicenseId"` DetailsURL string `json:"detailsUrl"` ReferenceNumber int `json:"referenceNumber"` LicenseID string `json:"licenseId"` SeeAlso []string `json:"seeAlso"` IsOsiApproved bool `json:"isOsiApproved"` }
License is a grant license. Either SPDXExpression or Name will be set. If SPDXExpression is set, Name will be empty. Value is the contents of the license and is optional - can be fetched from the SPDX license list Locations are the relative paths for a license that show evidence of its detection.
func ConvertSyftLicenses ¶ added in v0.1.2
func ConvertSyftLicenses(set syftPkg.LicenseSet) (licenses []License)
ConvertSyftLicenses converts a syft LicenseSet to a grant License slice note: syft licenses can sometimes have complex SPDX expressions. Grant licenses break down these expressions into individual licenses. Because license expressions could potentially contain multiple licenses that are already represented in the syft license set we need to de-duplicate syft licenses have a "Value" field which is the name of the license given to an invalid SPDX expression; grant licenses store this field as "Name"
type Package ¶
type Package struct { ID PackageID `json:"id" yaml:"id"` Name string `json:"name" yaml:"name"` Type string `json:"type" yaml:"type"` Version string `json:"version" yaml:"version"` Licenses []License `json:"licenses" yaml:"licenses"` Locations []string `json:"locations" yaml:"locations"` }
Package is a single package that is tracked by grant
func ConvertSyftPackage ¶ added in v0.1.2
type PackageID ¶
type PackageID string
PackageID is a unique identifier for a package that is tracked by grant It's usually provided by the SBOM; It's calculated if an SBOM is generated
type Policy ¶
Policy is a structure of rules that define how licenses are denied TODO: maybe there should be a strict option that denies all and then only allows what is explicitly allowed
func DefaultPolicy ¶
func DefaultPolicy() Policy
DefaultPolicy returns a policy that denies all licenses
func NewPolicy ¶
NewPolicy builds a policy from lists of allow, deny, and ignore glob patterns It lower cases all patterns to make matching against the spdx license set case-insensitive
type RuleSeverity ¶
type RuleSeverity string
const ( Critical RuleSeverity = "critical" High RuleSeverity = "high" Medium RuleSeverity = "medium" Low RuleSeverity = "low" )