mirror of
https://github.com/anchore/syft.git
synced 2025-11-17 08:23:15 +01:00
706322f826
* add initial spdx support Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * expose FileOwner and use in SPDX presenter Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * add initial json support for SPDX Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * add remaining package fields Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * add spdx license list generation + tests Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * keep fileOwner unexported from pkg Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * restore cli test util Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * add external refs to spdx tag-value format Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * add golang support to CPE generation Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * use tag-value format as default "spdx" format flavor Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * add tests around spdx presenters + refactor presenter tests Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * add bouncer exception for spdx tools-golang repo Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * remove spdx model questions Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
20 lines
1.2 KiB
Go
20 lines
1.2 KiB
Go
package spdx22
|
|
|
|
import "time"
|
|
|
|
type CreationInfo struct {
|
|
Comment string `json:"comment,omitempty"`
|
|
// Identify when the SPDX file was originally created. The date is to be specified according to combined date and
|
|
// time in UTC format as specified in ISO 8601 standard. This field is distinct from the fields in section 8,
|
|
// which involves the addition of information during a subsequent review.
|
|
Created time.Time `json:"created"`
|
|
// Identify who (or what, in the case of a tool) created the SPDX file. If the SPDX file was created by an
|
|
// individual, indicate the person's name. If the SPDX file was created on behalf of a company or organization,
|
|
//indicate the entity name. If the SPDX file was created using a software tool, indicate the name and version
|
|
// for that tool. If multiple participants or tools were involved, use multiple instances of this field. Person
|
|
// name or organization name may be designated as “anonymous” if appropriate.
|
|
Creators []string `json:"creators"`
|
|
// An optional field for creators of the SPDX file to provide the version of the SPDX License List used when the SPDX file was created.
|
|
LicenseListVersion string `json:"licenseListVersion"`
|
|
}
|