obom

package
v0.1.1 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jul 22, 2025 License: MIT Imports: 18 Imported by: 0

Documentation

Index

Constants

View Source 
const (
	MEDIATYPE_SPDX                    = "application/spdx+json"
	OCI_ANNOTATION_DOCUMENT_NAME      = "org.spdx.name"
	OCI_ANNOTATION_DOCUMENT_NAMESPACE = "org.spdx.namespace"
	OCI_ANNOTATION_SPDX_VERSION       = "org.spdx.version"
	OCI_ANNOTATION_CREATION_DATE      = "org.spdx.created"
	OCI_ANNOTATION_CREATORS           = "org.spdx.creator"
)
View Source 
const (
	APPLICATION_USERAGENT = "obom"
)

Variables

This section is empty.

Functions

func AddFilenameAnnotationIfMissing added in v0.1.1 

func AddFilenameAnnotationIfMissing(desc *ocispec.Descriptor, filename string)

AddFilenameAnnotationIfMissing adds a title annotation to the descriptor using the base filename if the annotation doesn't already exist or is empty. This function modifies the descriptor in-place.

func AttachArtifact added in v0.1.0 

func AttachArtifact(ctx context.Context, subject *v1.Descriptor, artifactDescriptor *v1.Descriptor, artifactType string, artifactBytes []byte, mem *memory.Store) error

AttachArtifact attaches an artifact to the subject descriptor

func GetAnnotations 

func GetAnnotations(sbomDoc *SPDXDocument) (map[string]string, error)

GetAnnotations returns the annotations from the SBOM

func GetFiles 

func GetFiles(sbom *v2_3.Document) ([]string, error)

func GetPackageManager added in v0.0.4 

func GetPackageManager(externalReferences []*v2_3.PackageExternalReference) (string, error)

func GetPackages 

func GetPackages(sbom *v2_3.Document) ([]string, error)

GetPackages returns the packages from the SBOM

func GetSBOMFromMap added in v0.1.0 

func GetSBOMFromMap(sbomMap map[string]interface{}) (*v2_3.Document, error)

func LoadArtifactFromFile added in v0.1.0 

func LoadArtifactFromFile(filename string, mediaType string) (*ocispec.Descriptor, []byte, error)

func LoadArtifactFromReader added in v0.1.0 

func LoadArtifactFromReader(reader io.ReadCloser, mediaType string) (*ocispec.Descriptor, []byte, error)

func PushSBOM added in v0.0.2 

func PushSBOM(sbomDoc *v2_3.Document, sbomDescriptor *v1.Descriptor, sbomBytes []byte, reference string, spdx_annotations map[string]string, pushSummary bool, attachArtifacts map[string][]string, dest oras.Target) (*v1.Descriptor, error)

PushSBOM pushes the SPDX SBOM bytes to the registry as an OCI artifact. It takes in a pointer to an SPDX document, a pointer to a descriptor, a byte slice of the SBOM, a reference string, a map of SPDX annotations, and a credentials resolver function. It returns an error if there was an issue pushing the SBOM to the registry.

Types

type CredentialsResolver added in v0.0.2 

type CredentialsResolver = func(context.Context, string) (auth.Credential, error)

type PackageSummary added in v0.0.4 

type PackageSummary struct {
	Name           string `json:"name"`
	Version        string `json:"version"`
	License        string `json:"license"`
	PackageManager string `json:"packageManager"`
}

func GetPackageSummaries added in v0.0.4 

func GetPackageSummaries(sbom *v2_3.Document) ([]PackageSummary, error)

func GetPackageSummary added in v0.0.4 

func GetPackageSummary(pkg *v2_3.Package) (*PackageSummary, error)

type SBOMSummary added in v0.0.4 

type SBOMSummary struct {
	SbomSummary struct {
		Files    []string         `json:"files"`
		Packages []PackageSummary `json:"packages"`
	} `json:"sbomSummary"`
}

func GetSBOMSummary added in v0.0.4 

func GetSBOMSummary(sbom *v2_3.Document) (*SBOMSummary, error)

type SPDXDocument added in v0.1.0 

type SPDXDocument struct {
	// Version is the version of the SPDX specification used in the document
	Version  string         `json:"spdxVersion"`
	Document *v2_3.Document `json:"document"`
}

func LoadSBOMFromFile 

func LoadSBOMFromFile(filename string, strict bool) (*SPDXDocument, *ocispec.Descriptor, []byte, error)

LoadSBOMFromFile opens a file given by filename, reads its contents, and loads it into an SPDX document. It also calculates the file size and generates an OCI descriptor for the file. It returns the loaded SPDX document, the OCI descriptor, and any error encountered. If the descriptor doesn't have a title annotation, it will be added using the base filename.

func LoadSBOMFromReader 

func LoadSBOMFromReader(reader io.ReadCloser, strict bool) (*SPDXDocument, *ocispec.Descriptor, []byte, error)

LoadSBOMFromReader reads an SPDX document from an io.ReadCloser, generates an OCI descriptor for the document, and returns the loaded SPDX document and the OCI descriptor. If an error occurs during reading the document or generating the descriptor, the error will be returned.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.