mirror of
https://github.com/anchore/syft.git
synced 2025-11-17 16:33:21 +01:00
9aca23f766
* remove existing spdxjson presenter + helpers Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * add new spdx22json format Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * add common sdpxhelpers (migrated) Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * use new common spdx helpers Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * wire up new spdx22json format object Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * remove lossless syft-specific property bags Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * remove spdxjson decoder and validator Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * add nil checks in spdx test helpers Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * remove empty default case Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * use explicit golden snapshot Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
24 lines
782 B
Go
24 lines
782 B
Go
package spdxhelpers
|
|
|
|
import "github.com/anchore/syft/syft/pkg"
|
|
|
|
func DownloadLocation(p *pkg.Package) string {
|
|
// 3.7: Package Download Location
|
|
// Cardinality: mandatory, one
|
|
// NONE if there is no download location whatsoever.
|
|
// NOASSERTION if:
|
|
// (i) the SPDX file creator has attempted to but cannot reach a reasonable objective determination;
|
|
// (ii) the SPDX file creator has made no attempt to determine this field; or
|
|
// (iii) the SPDX file creator has intentionally provided no information (no meaning should be implied by doing so).
|
|
|
|
if hasMetadata(p) {
|
|
switch metadata := p.Metadata.(type) {
|
|
case pkg.ApkMetadata:
|
|
return NoneIfEmpty(metadata.URL)
|
|
case pkg.NpmPackageJSONMetadata:
|
|
return NoneIfEmpty(metadata.URL)
|
|
}
|
|
}
|
|
return "NOASSERTION"
|
|
}
|