github.com/anchore/syft@v1.38.2/syft/format/internal/spdxutil/helpers/source_info.go (about) 1 package helpers 2 3 import ( 4 "strings" 5 6 "github.com/anchore/syft/syft/pkg" 7 ) 8 9 //nolint:funlen, gocyclo 10 func SourceInfo(p pkg.Package) string { 11 answer := "" 12 switch p.Type { 13 case pkg.AlpmPkg: 14 answer = "acquired package info from ALPM DB" 15 case pkg.RpmPkg: 16 answer = "acquired package info from RPM DB" 17 case pkg.ApkPkg: 18 answer = "acquired package info from APK DB" 19 case pkg.BitnamiPkg: 20 answer = "acquired package info from a Bitnami SBOM" 21 case pkg.DartPubPkg: 22 answer = "acquired package info from pubspec manifest" 23 case pkg.DebPkg: 24 answer = "acquired package info from DPKG DB" 25 case pkg.DotnetPkg: 26 answer = "acquired package info from dotnet project assets file" 27 case pkg.NpmPkg: 28 answer = "acquired package info from installed node module manifest file" 29 case pkg.PythonPkg: 30 answer = "acquired package info from installed python package manifest file" 31 case pkg.JavaPkg, pkg.JenkinsPluginPkg: 32 answer = "acquired package info from installed java archive" 33 case pkg.GemPkg: 34 answer = "acquired package info from installed gem metadata file" 35 case pkg.GoModulePkg: 36 answer = "acquired package info from go module information" 37 case pkg.GraalVMNativeImagePkg: 38 answer = "acquired package info from GraalVM native image" 39 case pkg.RustPkg: 40 answer = "acquired package info from rust cargo manifest" 41 case pkg.PhpComposerPkg: 42 answer = "acquired package info from PHP composer manifest" 43 case pkg.PhpPearPkg: 44 answer = "acquired package info from PHP Pear manifest" 45 case pkg.PhpPeclPkg: 46 answer = "acquired package info from PHP Pecl manifest" 47 case pkg.CocoapodsPkg: 48 answer = "acquired package info from installed cocoapods manifest file" 49 case pkg.ConanPkg: 50 answer = "acquired package info from conan manifest" 51 case pkg.CondaPkg: 52 answer = "acquired package info from conda metadata" 53 case pkg.PortagePkg: 54 answer = "acquired package info from portage DB" 55 case pkg.HackagePkg: 56 answer = "acquired package info from cabal or stack manifest files" 57 case pkg.HexPkg: 58 answer = "acquired package info from rebar3 or mix manifest file" 59 case pkg.ErlangOTPPkg: 60 answer = "acquired package info from ErLang application resource file" 61 case pkg.LinuxKernelPkg: 62 answer = "acquired package info from linux kernel archive" 63 case pkg.LinuxKernelModulePkg: 64 answer = "acquired package info from linux kernel module files" 65 case pkg.NixPkg: 66 answer = "acquired package info from nix store path" 67 case pkg.Rpkg: 68 answer = "acquired package info from R-package DESCRIPTION file" 69 case pkg.LuaRocksPkg: 70 answer = "acquired package info from Rockspec package file" 71 case pkg.SwiftPkg: 72 answer = "acquired package info from resolved Swift package manifest" 73 case pkg.SwiplPackPkg: 74 answer = "acquired package info from SWI Prolo pack package file" 75 case pkg.OpamPkg: 76 answer = "acquired package info from OCaml opam package file" 77 case pkg.GithubActionPkg, pkg.GithubActionWorkflowPkg: 78 answer = "acquired package info from GitHub Actions workflow file or composite action file" 79 case pkg.WordpressPluginPkg: 80 answer = "acquired package info from found wordpress plugin PHP source files" 81 case pkg.HomebrewPkg: 82 answer = "acquired package info from Homebrew formula" 83 case pkg.TerraformPkg: 84 answer = "acquired package info from Terraform dependency lock file" 85 case pkg.ModelPkg: 86 answer = "acquired package info from AI artifact (e.g. GGUF File" 87 default: 88 answer = "acquired package info from the following paths" 89 } 90 if p.FoundBy == "sbom-cataloger" { 91 answer = "acquired package info from SBOM" 92 } 93 var paths []string 94 for _, l := range p.Locations.ToSlice() { 95 paths = append(paths, l.RealPath) 96 } 97 98 return answer + ": " + strings.Join(paths, ", ") 99 }