mirror of
https://github.com/anchore/syft.git
synced 2025-11-17 16:33:21 +01:00
9aca23f766
* remove existing spdxjson presenter + helpers Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * add new spdx22json format Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * add common sdpxhelpers (migrated) Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * use new common spdx helpers Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * wire up new spdx22json format object Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * remove lossless syft-specific property bags Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * remove spdxjson decoder and validator Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * add nil checks in spdx test helpers Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * remove empty default case Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * use explicit golden snapshot Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
38 lines
1.3 KiB
Go
38 lines
1.3 KiB
Go
package spdxhelpers
|
|
|
|
import (
|
|
"strings"
|
|
|
|
"github.com/anchore/syft/internal/spdxlicense"
|
|
"github.com/anchore/syft/syft/pkg"
|
|
)
|
|
|
|
func License(p *pkg.Package) string {
|
|
// source: https://spdx.github.io/spdx-spec/3-package-information/#313-concluded-license
|
|
// The options to populate this field are limited to:
|
|
// A valid SPDX License Expression as defined in Appendix IV;
|
|
// NONE, if the SPDX file creator concludes there is no license available for this package; or
|
|
// NOASSERTION if:
|
|
// (i) the SPDX file creator has attempted to but cannot reach a reasonable objective determination;
|
|
// (ii) the SPDX file creator has made no attempt to determine this field; or
|
|
// (iii) the SPDX file creator has intentionally provided no information (no meaning should be implied by doing so).
|
|
|
|
if !packageExists(p) || len(p.Licenses) == 0 {
|
|
return "NONE"
|
|
}
|
|
|
|
// take all licenses and assume an AND expression; for information about license expressions see https://spdx.github.io/spdx-spec/appendix-IV-SPDX-license-expressions/
|
|
var parsedLicenses []string
|
|
for _, l := range p.Licenses {
|
|
if value, exists := spdxlicense.ID(l); exists {
|
|
parsedLicenses = append(parsedLicenses, value)
|
|
}
|
|
}
|
|
|
|
if len(parsedLicenses) == 0 {
|
|
return "NOASSERTION"
|
|
}
|
|
|
|
return strings.Join(parsedLicenses, " AND ")
|
|
}
|