python

package
v1.5.49 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Feb 5, 2026 License: Apache-2.0 Imports: 18 Imported by: 3

Documentation

Overview

Package python contains components for interrogating python packages in container layers.

Index

Constants

View Source 
const (
	// PURLType is the type of package URL for Python packages.
	PURLType = "pypi"
)

Variables

View Source 
var (
	Repository = claircore.Repository{
		Name: "pypi",
		URI:  "https://pypi.org/simple",
	}
)

Functions

func GeneratePURL added in v1.5.49 

func GeneratePURL(ctx context.Context, ir *claircore.IndexRecord) (packageurl.PackageURL, error)

GeneratePURL generates a PyPI PURL for a given claircore.IndexRecord. Example: pkg:pypi/django@1.11.1

func NewCoalescer 

func NewCoalescer(_ context.Context) (indexer.Coalescer, error)

func NewEcosystem 

func NewEcosystem(ctx context.Context) *indexer.Ecosystem

NewEcosystem provides the set of scanners for the python ecosystem.

func ParsePURL added in v1.5.49 

func ParsePURL(ctx context.Context, purl packageurl.PackageURL) ([]*claircore.IndexRecord, error)

ParsePURL parses a PyPI PURL into a list of [claircore.IndexRecord]s. The matcher needs the NormalizedVersion to be set, and it to be pep440.

Types

type Matcher 

type Matcher struct{}

Matcher attempts to correlate discovered python packages with reported vulnerabilities.

func (*Matcher) Filter 

func (*Matcher) Filter(record *claircore.IndexRecord) bool

Filter implements driver.Matcher.

func (*Matcher) Name 

func (*Matcher) Name() string

Name implements driver.Matcher.

func (*Matcher) Query 

func (*Matcher) Query() []driver.MatchConstraint

Query implements driver.Matcher.

func (*Matcher) Vulnerable 

func (*Matcher) Vulnerable(ctx context.Context, record *claircore.IndexRecord, vuln *claircore.Vulnerability) (bool, error)

Vulnerable implements driver.Matcher.

type Scanner 

type Scanner struct{}

Scanner implements the scanner.PackageScanner interface.

It looks for directories that seem like wheels or eggs, and looks at the metadata recorded there. This type attempts to follow the specs documented by the PyPA, with the newer PEPs being preferred.

The zero value is ready to use.

func (Scanner) DefaultRepository added in v1.5.21 

func (Scanner) DefaultRepository(ctx context.Context) *claircore.Repository

DefaultRepository implements indexer.DefaultRepoScanner

func (*Scanner) Kind 

func (*Scanner) Kind() string

Kind implements scanner.VersionedScanner.

func (*Scanner) Name 

func (*Scanner) Name() string

Name implements scanner.VersionedScanner.

func (*Scanner) Scan 

func (ps *Scanner) Scan(ctx context.Context, layer *claircore.Layer) ([]*claircore.Package, error)

Scan attempts to find wheel or egg info directories and record the package information there.

A return of (nil, nil) is expected if there's nothing found.

func (*Scanner) Version 

func (*Scanner) Version() string

Version implements scanner.VersionedScanner.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.