Documentation
¶
Overview ¶
Package matchers contain shared contracts and helper functions for matcher implementations.
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func MissingLicensePackages ¶
MissingLicensePackages returns the packages eligible for external license lookup.
func NormalizeLicenseSet ¶
func NormalizeLicenseSet(values []string, sourceType string) []sdk.PackageLicense
NormalizeLicenseSet converts raw license strings into Bomly package licenses.
func RegistryPackagesForGraph ¶
func RegistryPackagesForGraph(g *sdk.Graph, reg *sdk.PackageRegistry, target *sdk.Dependency) []*sdk.Package
RegistryPackagesForGraph seeds the PURL-keyed package registry from the dependency graph and returns the registry packages that matchers should enrich. Each dependency node is linked to its package via PackageRef (PURL); packages are deduplicated by PURL so a matcher enriches each unique package once regardless of how many dependency instances reference it.
When a target is set, only the target dependency is considered.
Types ¶
This section is empty.
Directories
¶
| Path | Synopsis |
|---|---|
|
Package cache provides shared on-disk caching helpers for matcher implementations.
|
Package cache provides shared on-disk caching helpers for matcher implementations. |
|
Package depsdev implements a Bomly license matcher backed by the deps.dev API.
|
Package depsdev implements a Bomly license matcher backed by the deps.dev API. |
|
Package grype implements a Matcher that uses the Grype vulnerability library (builtin) or the grype CLI binary (external), selected via build tags.
|
Package grype implements a Matcher that uses the Grype vulnerability library (builtin) or the grype CLI binary (external), selected via build tags. |
|
Package osv implements an engine.Auditor backed by the OSV (Open Source Vulnerabilities) API.
|
Package osv implements an engine.Auditor backed by the OSV (Open Source Vulnerabilities) API. |
|
Package scorecard implements an sdk.Matcher that enriches packages with upstream-project security-posture data from the OpenSSF Scorecard public API (api.scorecard.dev).
|
Package scorecard implements an sdk.Matcher that enriches packages with upstream-project security-posture data from the OpenSSF Scorecard public API (api.scorecard.dev). |