sbom

package
v1.3.1 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Apr 9, 2026 License: MIT Imports: 5 Imported by: 0

Documentation

Overview

Package sbom provides SBOM parsing and diffing for Pacto bundles. It supports SPDX 2.3 and CycloneDX 1.5 JSON formats.

Index

Constants

View Source 
const DefaultDir = "sbom"

DefaultDir is the directory inside a bundle where SBOM files are stored.

Variables

This section is empty.

Functions

func HasSBOM 

func HasSBOM(fsys fs.FS) bool

HasSBOM reports whether the bundle filesystem contains an SBOM directory with at least one recognized SBOM file.

Types

type Change 

type Change struct {
	Package  string     `json:"package"`
	Type     ChangeType `json:"type"`
	Field    string     `json:"field,omitempty"`
	OldValue string     `json:"oldValue,omitempty"`
	NewValue string     `json:"newValue,omitempty"`
}

Change represents a single SBOM package change.

type ChangeType 

type ChangeType string

ChangeType describes how an SBOM package changed. 

const (
	PackageAdded    ChangeType = "added"
	PackageRemoved  ChangeType = "removed"
	PackageModified ChangeType = "modified"
)

type Document 

type Document struct {
	Format   string    `json:"format"` // "spdx" or "cyclonedx"
	Packages []Package `json:"packages"`
}

Document represents a parsed SBOM document, independent of format.

func ParseFromFS 

func ParseFromFS(fsys fs.FS) (*Document, error)

ParseFromFS detects and parses an SBOM file from the bundle filesystem. It looks for files matching *.spdx.json or *.cdx.json inside the sbom/ directory. Returns nil, nil if no SBOM is found.

type Package 

type Package struct {
	Name     string `json:"name"`
	Version  string `json:"version"`
	License  string `json:"license,omitempty"`
	Supplier string `json:"supplier,omitempty"`
}

Package represents a normalized software package extracted from an SBOM.

type Result 

type Result struct {
	OldFormat string   `json:"oldFormat,omitempty"`
	NewFormat string   `json:"newFormat,omitempty"`
	Changes   []Change `json:"changes"`
}

Result holds the SBOM diff output.

func Diff 

func Diff(old, new *Document) *Result

Diff compares two SBOM documents and returns changes. Packages are matched by name. Returns nil if both documents are nil.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.