mirror of
https://github.com/anchore/syft.git
synced 2025-11-17 16:33:21 +01:00
93d00dc340
* update spdx22 Document model to include relationships field Signed-off-by: Christopher Angelo Phillips <christopher.phillips@anchore.com> * update document and relationship to match current JSON spec https://github.com/spdx/spdx-spec/blob/development/v2.2.1/schemas/spdx-schema.json https://github.com/spdx/spdx-spec/pull/528 https://github.com/spdx/spdx-spec/pull/528#issuecomment-904180177 Signed-off-by: Christopher Angelo Phillips <christopher.phillips@anchore.com> * update File struct based on SPDX schema Required fields: [ "SPDXID", "fileName", "copyrightText", "licenseConcluded" ] Signed-off-by: Christopher Angelo Phillips <christopher.phillips@anchore.com>
46 lines
3.1 KiB
Go
46 lines
3.1 KiB
Go
package spdx22
|
|
|
|
// derived from:
|
|
// - https://spdx.github.io/spdx-spec/appendix-III-RDF-data-model-implementation-and-identifier-syntax/
|
|
// - https://github.com/spdx/spdx-spec/blob/v2.2/schemas/spdx-schema.json
|
|
// - https://github.com/spdx/spdx-spec/tree/v2.2/ontology
|
|
|
|
type Document struct {
|
|
Element
|
|
SPDXVersion string `json:"spdxVersion"`
|
|
// One instance is required for each SPDX file produced. It provides the necessary information for forward
|
|
// and backward compatibility for processing tools.
|
|
CreationInfo CreationInfo `json:"creationInfo"`
|
|
// 2.2: Data License; should be "CC0-1.0"
|
|
// Cardinality: mandatory, one
|
|
// License expression for dataLicense. Compliance with the SPDX specification includes populating the SPDX
|
|
// fields therein with data related to such fields (\"SPDX-Metadata\"). The SPDX specification contains numerous
|
|
// fields where an SPDX document creator may provide relevant explanatory text in SPDX-Metadata. Without
|
|
// opining on the lawfulness of \"database rights\" (in jurisdictions where applicable), such explanatory text
|
|
// is copyrightable subject matter in most Berne Convention countries. By using the SPDX specification, or any
|
|
// portion hereof, you hereby agree that any copyright rights (as determined by your jurisdiction) in any
|
|
// SPDX-Metadata, including without limitation explanatory text, shall be subject to the terms of the Creative
|
|
// Commons CC0 1.0 Universal license. For SPDX-Metadata not containing any copyright rights, you hereby agree
|
|
// and acknowledge that the SPDX-Metadata is provided to you \"as-is\" and without any representations or
|
|
// warranties of any kind concerning the SPDX-Metadata, express, implied, statutory or otherwise, including
|
|
// without limitation warranties of title, merchantability, fitness for a particular purpose, non-infringement,
|
|
// or the absence of latent or other defects, accuracy, or the presence or absence of errors, whether or not
|
|
// discoverable, all to the greatest extent permissible under applicable law.
|
|
DataLicense string `json:"dataLicense"`
|
|
// Information about an external SPDX document reference including the checksum. This allows for verification of the external references.
|
|
ExternalDocumentRefs []ExternalDocumentRef `json:"externalDocumentRefs,omitempty"`
|
|
// Indicates that a particular ExtractedLicensingInfo was defined in the subject SpdxDocument.
|
|
HasExtractedLicensingInfos []HasExtractedLicensingInfo `json:"hasExtractedLicensingInfos,omitempty"`
|
|
// note: found in example documents from SPDX, but not in the JSON schema. See https://spdx.github.io/spdx-spec/2-document-creation-information/#25-spdx-document-namespace
|
|
DocumentNamespace string `json:"documentNamespace"`
|
|
// note: found in example documents from SPDX, but not in the JSON schema
|
|
// DocumentDescribes []string `json:"documentDescribes"`
|
|
Packages []Package `json:"packages"`
|
|
// Files referenced in the SPDX document
|
|
Files []File `json:"files,omitempty"`
|
|
// Snippets referenced in the SPDX document
|
|
Snippets []Snippet `json:"snippets,omitempty"`
|
|
// Relationships referenced in the SPDX document
|
|
Relationships []Relationship `json:"relationships,omitempty"`
|
|
}
|