From f8a874a3de1f660a0760972219a88609e7e76247 Mon Sep 17 00:00:00 2001 From: Alex Goodman Date: Wed, 17 Nov 2021 13:40:59 -0500 Subject: [PATCH] add new package-of relationship Signed-off-by: Alex Goodman --- syft/artifact/relationship.go | 19 ++++++++++++------- 1 file changed, 12 insertions(+), 7 deletions(-) diff --git a/syft/artifact/relationship.go b/syft/artifact/relationship.go index fc381c712..a46c85b1f 100644 --- a/syft/artifact/relationship.go +++ b/syft/artifact/relationship.go @@ -1,17 +1,22 @@ package artifact const ( - // OwnershipByFileOverlapRelationship indicates that the parent package claims ownership of a child package since - // the parent metadata indicates overlap with a location that a cataloger found the child package by. This is - // by definition a package-to-package relationship and is created only after all package cataloging has been completed. + // OwnershipByFileOverlapRelationship (supports package-to-package linkages) indicates that the parent package + // claims ownership of a child package since the parent metadata indicates overlap with a location that a + // cataloger found the child package by. This relationship must be created only after all package cataloging + // has been completed. OwnershipByFileOverlapRelationship RelationshipType = "ownership-by-file-overlap" + + // PackageOfRelationship (supports any-to-package linkages) is a proxy for the SPDX 2.2 PACKAGE_OF + // relationship which is defined as: "to be used when artifact X is used as a package as part of package Y" + PackageOfRelationship RelationshipType = "package-of" ) type RelationshipType string type Relationship struct { - From Identifiable `json:"from"` - To Identifiable `json:"to"` - Type RelationshipType `json:"type"` - Data interface{} `json:"data,omitempty"` + From Identifiable + To Identifiable + Type RelationshipType + Data interface{} }