Documentation
¶
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type CPE ¶ added in v0.104.0
type CPE struct {
// Value is the CPE string identifier.
Value string `json:"cpe"`
// Source is the source where this CPE was obtained or generated from.
Source string `json:"source,omitempty"`
}
CPE represents a Common Platform Enumeration identifier used for matching packages to known vulnerabilities in security databases.
type Descriptor ¶
type Descriptor struct {
// Name is the name of the tool that generated this SBOM (e.g., "syft").
Name string `json:"name"`
// Version is the version of the tool that generated this SBOM.
Version string `json:"version"`
// Configuration contains the tool configuration used during SBOM generation.
Configuration any `json:"configuration,omitempty"`
}
Descriptor identifies the tool that generated this SBOM document, including its name, version, and configuration used during catalog generation.
type Document ¶
type Document struct {
Artifacts []Package `json:"artifacts"` // Artifacts is the list of packages discovered and placed into the catalog
ArtifactRelationships []Relationship `json:"artifactRelationships"`
Files []File `json:"files,omitempty"` // note: must have omitempty
Source Source `json:"source"` // Source represents the original object that was cataloged
Distro LinuxRelease `json:"distro"` // Distro represents the Linux distribution that was detected from the source
Descriptor Descriptor `json:"descriptor"` // Descriptor is a block containing self-describing information about syft
Schema Schema `json:"schema"` // Schema is a block reserved for defining the version for the shape of this JSON document and where to find the schema document to validate the shape
}
Document represents the syft cataloging findings as a JSON document
func (*Document) UnmarshalJSON ¶ added in v1.27.1
type File ¶
type File struct {
// ID is a unique identifier for this file within the SBOM.
ID string `json:"id"`
// Location is the file path and layer information where this file was found.
Location file.Coordinates `json:"location"`
// Metadata contains filesystem metadata such as permissions, ownership, and file type.
Metadata *FileMetadataEntry `json:"metadata,omitempty"`
// Contents is the file contents for small files.
Contents string `json:"contents,omitempty"`
// Digests contains cryptographic hashes of the file contents.
Digests []file.Digest `json:"digests,omitempty"`
// Licenses contains license information discovered within this file.
Licenses []FileLicense `json:"licenses,omitempty"`
// Executable contains executable metadata if this file is a binary.
Executable *file.Executable `json:"executable,omitempty"`
// Unknowns contains unknown fields for forward compatibility.
Unknowns []string `json:"unknowns,omitempty"`
}
File represents a file discovered during cataloging with its metadata, content digests, licenses, and relationships to packages.
type FileLicense ¶
type FileLicense struct {
// Value is the raw license identifier or text as found in the file.
Value string `json:"value"`
// SPDXExpression is the parsed SPDX license expression.
SPDXExpression string `json:"spdxExpression"`
// Type is the license type classification (e.g., declared, concluded, discovered).
Type license.Type `json:"type"`
// Evidence contains supporting evidence for this license detection.
Evidence *FileLicenseEvidence `json:"evidence,omitempty"`
}
FileLicense represents license information discovered within a file's contents or metadata, including the matched license text and SPDX expression.
type FileLicenseEvidence ¶
type FileLicenseEvidence struct {
// Confidence is the confidence score for this license detection (0-100).
Confidence int `json:"confidence"`
// Offset is the byte offset where the license text starts in the file.
Offset int `json:"offset"`
// Extent is the length of the license text in bytes.
Extent int `json:"extent"`
}
FileLicenseEvidence contains supporting evidence for a license detection in a file, including the byte offset, extent, and confidence level.
type FileMetadataEntry ¶
type FileMetadataEntry struct {
// Mode is the Unix file permission mode in octal format.
Mode int `json:"mode"`
// Type is the file type (e.g., "RegularFile", "Directory", "SymbolicLink").
Type string `json:"type"`
// LinkDestination is the target path for symbolic links.
LinkDestination string `json:"linkDestination,omitempty"`
// UserID is the file owner user ID.
UserID int `json:"userID"`
// GroupID is the file owner group ID.
GroupID int `json:"groupID"`
// MIMEType is the MIME type of the file contents.
MIMEType string `json:"mimeType"`
// Size is the file size in bytes.
Size int64 `json:"size"`
}
FileMetadataEntry contains filesystem-level metadata attributes such as permissions, ownership, type, and size for a cataloged file.
func (*FileMetadataEntry) UnmarshalJSON ¶ added in v1.27.1
func (f *FileMetadataEntry) UnmarshalJSON(data []byte) error
type IDLikes ¶
type IDLikes []string
IDLikes represents a list of distribution IDs that this Linux distribution is similar to or derived from, as defined in os-release ID_LIKE field.
func (*IDLikes) UnmarshalJSON ¶
type License ¶
type License struct {
// Value is the raw license identifier or expression as found.
Value string `json:"value"`
// SPDXExpression is the parsed SPDX license expression.
SPDXExpression string `json:"spdxExpression"`
// Type is the license type classification (e.g., declared, concluded, discovered).
Type license.Type `json:"type"`
// URLs are URLs where license text or information can be found.
URLs []string `json:"urls"`
// Locations are file locations where this license was discovered.
Locations []file.Location `json:"locations"`
// Contents is the full license text content.
Contents string `json:"contents,omitempty"`
}
License represents software license information discovered for a package, including SPDX expressions and supporting evidence locations.
type LinuxRelease ¶
type LinuxRelease struct {
// PrettyName is a human-readable operating system name with version.
PrettyName string `json:"prettyName,omitempty"`
// Name is the operating system name without version information.
Name string `json:"name,omitempty"`
// ID is the lower-case operating system identifier (e.g., "ubuntu", "rhel").
ID string `json:"id,omitempty"`
// IDLike is a list of operating system IDs this distribution is similar to or derived from.
IDLike IDLikes `json:"idLike,omitempty"`
// Version is the operating system version including codename if available.
Version string `json:"version,omitempty"`
// VersionID is the operating system version number or identifier.
VersionID string `json:"versionID,omitempty"`
// VersionCodename is the operating system release codename (e.g., "jammy", "bullseye").
VersionCodename string `json:"versionCodename,omitempty"`
// BuildID is a build identifier for the operating system.
BuildID string `json:"buildID,omitempty"`
// ImageID is an identifier for container or cloud images.
ImageID string `json:"imageID,omitempty"`
// ImageVersion is the version for container or cloud images.
ImageVersion string `json:"imageVersion,omitempty"`
// Variant is the operating system variant name (e.g., "Server", "Workstation").
Variant string `json:"variant,omitempty"`
// VariantID is the lower-case operating system variant identifier.
VariantID string `json:"variantID,omitempty"`
// HomeURL is the homepage URL for the operating system.
HomeURL string `json:"homeURL,omitempty"`
// SupportURL is the support or help URL for the operating system.
SupportURL string `json:"supportURL,omitempty"`
// BugReportURL is the bug reporting URL for the operating system.
BugReportURL string `json:"bugReportURL,omitempty"`
// PrivacyPolicyURL is the privacy policy URL for the operating system.
PrivacyPolicyURL string `json:"privacyPolicyURL,omitempty"`
// CPEName is the Common Platform Enumeration name for the operating system.
CPEName string `json:"cpeName,omitempty"`
// SupportEnd is the end of support date or version identifier.
SupportEnd string `json:"supportEnd,omitempty"`
// ExtendedSupport indicates whether extended security or support is available.
ExtendedSupport bool `json:"extendedSupport,omitempty"`
}
LinuxRelease contains Linux distribution identification and version information extracted from /etc/os-release or similar system files.
type Package ¶
type Package struct {
PackageBasicData
PackageCustomData
}
Package represents a pkg.Package object specialized for JSON marshaling and unmarshalling.
func (*Package) UnmarshalJSON ¶
UnmarshalJSON is a custom unmarshaller for handling basic values and values with ambiguous types.
type PackageBasicData ¶
type PackageBasicData struct {
ID string `json:"id"`
Name string `json:"name"`
Version string `json:"version"`
Type pkg.Type `json:"type"`
FoundBy string `json:"foundBy"`
Locations []file.Location `json:"locations"`
Licenses licenses `json:"licenses"`
Language pkg.Language `json:"language"`
CPEs cpes `json:"cpes"`
PURL string `json:"purl"`
}
PackageBasicData contains non-ambiguous values (type-wise) from pkg.Package.
type PackageCustomData ¶
type PackageCustomData struct {
MetadataType string `json:"metadataType,omitempty"`
Metadata any `json:"metadata,omitempty"`
}
PackageCustomData contains ambiguous values (type-wise) from pkg.Package.
type Relationship ¶
type Relationship struct {
// Parent is the ID of the parent artifact in this relationship.
Parent string `json:"parent"`
// Child is the ID of the child artifact in this relationship.
Child string `json:"child"`
// Type is the relationship type (e.g., "contains", "dependency-of", "ancestor-of").
Type string `json:"type"`
// Metadata contains additional relationship-specific metadata.
Metadata any `json:"metadata,omitempty"`
}
Relationship represents a directed relationship between two artifacts in the SBOM, such as package-contains-file or package-depends-on-package.
type Schema ¶
type Schema struct {
// Version is the JSON schema version for this document format.
Version string `json:"version"`
// URL is the URL to the JSON schema definition document.
URL string `json:"url"`
}
Schema specifies the JSON schema version and URL reference that defines the structure and validation rules for this document format.
type Secrets ¶
type Secrets struct {
Location file.Coordinates `json:"location"`
Secrets []file.SearchResult `json:"secrets"`
}
type Source ¶
type Source struct {
// ID is a unique identifier for the analyzed source artifact.
ID string `json:"id"`
// Name is the name of the analyzed artifact (e.g., image name, directory path).
Name string `json:"name"`
// Version is the version of the analyzed artifact (e.g., image tag).
Version string `json:"version"`
// Supplier is supplier information, which can be user-provided for NTIA minimum elements compliance.
Supplier string `json:"supplier,omitempty"`
// Type is the source type (e.g., "image", "directory", "file").
Type string `json:"type"`
// Metadata contains additional source-specific metadata.
Metadata any `json:"metadata"`
}
Source represents the artifact that was analyzed to generate this SBOM, such as a container image, directory, or file archive. The Supplier field can be provided by users to fulfill NTIA minimum elements requirements.
func (*Source) UnmarshalJSON ¶
UnmarshalJSON populates a source object from JSON bytes.
Source Files
Click to show internal directories.
Click to hide internal directories.