sbom

package

v0.0.0-...-f61acfb Latest Latest Go to latest Published: May 22, 2023 License: Apache-2.0 Imports: 16 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/nextlinux/sbom

Documentation ¶

Index ¶

Constants
Variables
type Artifacts
type Decoder
type Descriptor
type Encoder
type Format
- func NewFormat(version string, encoder Encoder, decoder Decoder, validator Validator, ...) Format
type FormatID
- func (f FormatID) String() string
type SBOM
type Validator
type Writer
- func NewWriter(options ...WriterOption) (_ Writer, err error)
type WriterOption
- func NewWriterOption(f Format, p string) WriterOption

Constants ¶

View Source

const AnyVersion = ""

Variables ¶

View Source

var (
	ErrEncodingNotSupported   = errors.New("encoding not supported")
	ErrDecodingNotSupported   = errors.New("decoding not supported")
	ErrValidationNotSupported = errors.New("validation not supported")
)

Functions ¶

This section is empty.

Types ¶

type Artifacts ¶

type Artifacts struct {
	PackageCatalog    *pkg.Collection
	FileMetadata      map[source.Coordinates]source.FileMetadata
	FileDigests       map[source.Coordinates][]file.Digest
	FileContents      map[source.Coordinates]string
	Secrets           map[source.Coordinates][]file.SearchResult
	LinuxDistribution *linux.Release
}

type Decoder ¶

type Decoder func(reader io.Reader) (*SBOM, error)

Decoder is a function that can convert an SBOM document of a specific format from a reader into sbom native objects.

type Descriptor ¶

type Descriptor struct {
	Name          string
	Version       string
	Configuration interface{}
}

type Encoder ¶

type Encoder func(io.Writer, SBOM) error

Encoder is a function that can transform sbom native objects into an SBOM document of a specific format written to the given writer.

type Format ¶

type Format interface {
	ID() FormatID
	IDs() []FormatID
	Version() string
	Encode(io.Writer, SBOM) error
	Decode(io.Reader) (*SBOM, error)
	Validate(io.Reader) error
	fmt.Stringer
}

func NewFormat ¶

func NewFormat(version string, encoder Encoder, decoder Decoder, validator Validator, ids ...FormatID) Format

type FormatID ¶

type FormatID string

func (FormatID) String ¶

func (f FormatID) String() string

String returns a string representation of the FormatID.

type SBOM ¶

type SBOM struct {
	Artifacts     Artifacts
	Relationships []artifact.Relationship
	Source        source.Metadata
	Descriptor    Descriptor
}

func (SBOM) AllCoordinates ¶

func (s SBOM) AllCoordinates() []source.Coordinates

func (SBOM) CoordinatesForPackage ¶

func (s SBOM) CoordinatesForPackage(p pkg.Package, rt ...artifact.RelationshipType) []source.Coordinates

CoordinatesForPackage returns all coordinates for the provided package for provided relationship types If no types are provided, all relationship types are considered.

func (SBOM) RelationshipsForPackage ¶

func (s SBOM) RelationshipsForPackage(p pkg.Package, rt ...artifact.RelationshipType) []artifact.Relationship

RelationshipsForPackage returns all relationships for the provided types. If no types are provided, all relationships for the package are returned.

func (SBOM) RelationshipsSorted ¶

func (s SBOM) RelationshipsSorted() []artifact.Relationship

type Validator ¶

type Validator func(reader io.Reader) error

Validator reads the SBOM from the given reader and assesses whether the document conforms to the specific SBOM format. The validator should positively confirm if the SBOM is not only the format but also has the minimal set of values that the format requires. For example, all sbomjson formatted documents have a schema section which should have "nextlinux/sbom" within the version --if this isn't found then the validator should raise an error. These active assertions protect against "simple" format decoding validations that may lead to false positives (e.g. I decoded json successfully therefore this must be the target format, however, all values are their default zero-value and really represent a different format that also uses json)

type Writer ¶

type Writer interface {
	// Write writes the provided SBOM
	Write(SBOM) error

	// Bytes returns the bytes of the SBOM that would be written
	Bytes(SBOM) ([]byte, error)

	// Closer a resource cleanup hook which will be called after SBOM
	// is written or if an error occurs before Write is called
	io.Closer
}

Writer an interface to write SBOMs

func NewWriter ¶

func NewWriter(options ...WriterOption) (_ Writer, err error)

NewWriter create all report writers from input options; if a file is not specified, os.Stdout is used

type WriterOption ¶

type WriterOption struct {
	Format Format
	Path   string
}

WriterOption Format and path strings used to create sbom.Writer

func NewWriterOption ¶

func NewWriterOption(f Format, p string) WriterOption

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL