inventory

package
v1.2.5 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Feb 17, 2026 License: MIT Imports: 19 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func IsOSEcosystem added in v1.2.0 

func IsOSEcosystem(ecosystem string) bool

IsOSEcosystem returns true if the ecosystem represents an OS-level package manager.

Types

type Collector 

type Collector interface {
	Collect(ctx context.Context, target string) ([]model.Component, error)
}

Collector collects software components from a target.

type DistroInfo added in v1.2.0 

type DistroInfo struct {
	Name    string `json:"name"`    // "alpine", "debian", "ubuntu", "centos", etc.
	Version string `json:"version"` // "3.18", "12", "22.04"
}

DistroInfo holds the detected OS distribution from a container image SBOM.

type GoModCollector 

type GoModCollector struct{}

GoModCollector collects components from go.mod and go.sum files.

func (*GoModCollector) Collect 

func (c *GoModCollector) Collect(_ context.Context, target string) ([]model.Component, error)

type MultiCollector 

type MultiCollector struct{}

MultiCollector discovers package manifests in a directory and dispatches to the appropriate collector for each one.

func (*MultiCollector) Collect 

func (c *MultiCollector) Collect(ctx context.Context, dir string) ([]model.Component, error)

type NPMCollector 

type NPMCollector struct{}

NPMCollector collects components from package-lock.json.

func (*NPMCollector) Collect 

func (c *NPMCollector) Collect(_ context.Context, target string) ([]model.Component, error)

type PipCollector 

type PipCollector struct{}

PipCollector collects components from requirements.txt.

func (*PipCollector) Collect 

func (c *PipCollector) Collect(_ context.Context, target string) ([]model.Component, error)

type SBOMCollector 

type SBOMCollector struct {
	Format string // "cyclonedx" or "spdx"
}

SBOMCollector collects components from CycloneDX or SPDX SBOM files.

func (*SBOMCollector) Collect 

func (c *SBOMCollector) Collect(_ context.Context, target string) ([]model.Component, error)

type SBOMResult added in v1.2.0 

type SBOMResult struct {
	Components []model.Component
	RawSBOM    []byte
	Distro     *DistroInfo
}

SBOMResult holds both the raw SBOM bytes and parsed components from syft.

func ParseCycloneDXBytes added in v1.2.0 

func ParseCycloneDXBytes(data []byte) (*SBOMResult, error)

ParseCycloneDXBytes parses raw CycloneDX JSON bytes and returns an SBOMResult containing both the raw bytes and parsed components.

type SyftCollector 

type SyftCollector struct{}

SyftCollector collects components from a container image using syft.

func (*SyftCollector) Collect 

func (c *SyftCollector) Collect(ctx context.Context, imageRef string) ([]model.Component, error)

Collect runs syft and returns parsed components (implements the Collector pattern).

func (*SyftCollector) CollectSBOM added in v1.2.0 

func (c *SyftCollector) CollectSBOM(ctx context.Context, imageRef string) (*SBOMResult, error)

CollectSBOM runs syft and returns both the raw CycloneDX SBOM and parsed components.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.