Documentation
¶
Overview ¶
Package attribution provides types and functions for working with attribution information.
Index ¶
Constants ¶
This section is empty.
Variables ¶
var ( // ErrEmptyPurl is returned when the purl string is empty or whitespace-only. ErrEmptyPurl = errors.New("empty purl string") // ErrUnsupportedPurlType is returned when the purl type is not supported for URL generation. ErrUnsupportedPurlType = errors.New("unsupported purl type") )
Sentinel errors for PurlToURL function.
Functions ¶
func PurlToURL ¶
PurlToURL constructs a package management URL from a purl string. Returns ErrEmptyPurl if the purl string is empty or whitespace-only. Returns ErrUnsupportedPurlType if the purl type is not supported for URL generation. Returns other errors if the purl string is malformed. The logger parameter is optional; pass nil to disable logging.
Types ¶
type Attribution ¶
type Attribution struct {
// Name is the package name
Name string `json:"name"`
// License is the declared license
License *string `json:"license,omitempty"`
// URL is the package URL
URL *string `json:"url,omitempty"`
// Purl is the package purl
Purl string `json:"purl"`
}
Attribution represents a simplified view of an SBOM package with essential fields.
The goal is to be able to use this to point to: - Describe the package - Outline it's license and usage restrictions - Provide a way to confirm the information yourself.
func Deduplicate ¶
func Deduplicate(attributions []Attribution, logger *slog.Logger) []Attribution
Deduplicate removes duplicate attributions based on Purl, falling back to Name. The first occurrence of each unique attribution is kept. The logger parameter is optional; pass nil to disable logging.
Source Files