matchers

package
v0.12.4 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Jun 12, 2026 License: Apache-2.0 Imports: 2 Imported by: 0

Documentation

Overview

Package matchers contain shared contracts and helper functions for matcher implementations.

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func MissingLicensePackages

func MissingLicensePackages(packages []*sdk.Package) []*sdk.Package

MissingLicensePackages returns the packages eligible for external license lookup.

func NormalizeLicenseSet

func NormalizeLicenseSet(values []string, sourceType string) []sdk.PackageLicense

NormalizeLicenseSet converts raw license strings into Bomly package licenses.

func RegistryPackagesForGraph

func RegistryPackagesForGraph(g *sdk.Graph, reg *sdk.PackageRegistry, target *sdk.Dependency) []*sdk.Package

RegistryPackagesForGraph seeds the PURL-keyed package registry from the dependency graph and returns the registry packages that matchers should enrich. Each dependency node is linked to its package via PackageRef (PURL); packages are deduplicated by PURL so a matcher enriches each unique package once regardless of how many dependency instances reference it.

When a target is set, only the target dependency is considered.

Types

This section is empty.

Directories

Path Synopsis
Package cache provides shared on-disk caching helpers for matcher implementations.
Package cache provides shared on-disk caching helpers for matcher implementations.
Package depsdev implements a Bomly license matcher backed by the deps.dev API.
Package depsdev implements a Bomly license matcher backed by the deps.dev API.
Package grype implements a Matcher that uses the Grype vulnerability library (builtin) or the grype CLI binary (external), selected via build tags.
Package grype implements a Matcher that uses the Grype vulnerability library (builtin) or the grype CLI binary (external), selected via build tags.
Package osv implements an engine.Auditor backed by the OSV (Open Source Vulnerabilities) API.
Package osv implements an engine.Auditor backed by the OSV (Open Source Vulnerabilities) API.
Package scorecard implements an sdk.Matcher that enriches packages with upstream-project security-posture data from the OpenSSF Scorecard public API (api.scorecard.dev).
Package scorecard implements an sdk.Matcher that enriches packages with upstream-project security-posture data from the OpenSSF Scorecard public API (api.scorecard.dev).

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL