mirror of
https://github.com/anchore/syft.git
synced 2025-11-17 08:23:15 +01:00
706322f826
* add initial spdx support Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * expose FileOwner and use in SPDX presenter Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * add initial json support for SPDX Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * add remaining package fields Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * add spdx license list generation + tests Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * keep fileOwner unexported from pkg Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * restore cli test util Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * add external refs to spdx tag-value format Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * add golang support to CPE generation Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * use tag-value format as default "spdx" format flavor Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * add tests around spdx presenters + refactor presenter tests Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * add bouncer exception for spdx tools-golang repo Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * remove spdx model questions Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
44 lines
1.7 KiB
Go
44 lines
1.7 KiB
Go
package spdx22
|
|
|
|
type ReferenceCategory string
|
|
|
|
const (
|
|
SecurityReferenceCategory ReferenceCategory = "SECURITY"
|
|
PackageManagerReferenceCategory ReferenceCategory = "PACKAGE_MANAGER"
|
|
OtherReferenceCategory ReferenceCategory = "OTHER"
|
|
)
|
|
|
|
// source: https://spdx.github.io/spdx-spec/appendix-VI-external-repository-identifiers/
|
|
|
|
type ExternalRefType string
|
|
|
|
const (
|
|
// see https://nvd.nist.gov/cpe
|
|
Cpe22ExternalRefType ExternalRefType = "cpe22Type"
|
|
// see https://nvd.nist.gov/cpe
|
|
Cpe23ExternalRefType ExternalRefType = "cpe23Type"
|
|
// see http://repo1.maven.org/maven2/
|
|
MavenCentralExternalRefType ExternalRefType = "maven-central"
|
|
// see https://www.npmjs.com/
|
|
NpmExternalRefType ExternalRefType = "npm"
|
|
// see https://www.nuget.org/
|
|
NugetExternalRefType ExternalRefType = "nuget"
|
|
// see http://bower.io/
|
|
BowerExternalRefType ExternalRefType = "bower"
|
|
// see https://github.com/package-url/purl-spec
|
|
PurlExternalRefType ExternalRefType = "purl"
|
|
// These point to objects present in the Software Heritage archive by the means of SoftWare Heritage persistent Identifiers (SWHID)
|
|
SwhExternalRefType ExternalRefType = "swh"
|
|
)
|
|
|
|
type ExternalRef struct {
|
|
Comment string `json:"comment,omitempty"`
|
|
// Category for the external reference.
|
|
ReferenceCategory ReferenceCategory `json:"referenceCategory"`
|
|
// The unique string with no spaces necessary to access the package-specific information, metadata, or content
|
|
// within the target location. The format of the locator is subject to constraints defined by the <type>.
|
|
ReferenceLocator string `json:"referenceLocator"`
|
|
// Type of the external reference. These are defined in an appendix in the SPDX specification.
|
|
ReferenceType ExternalRefType `json:"referenceType"`
|
|
}
|