github.com/google/go-github/v71@v71.0.0/github/dependency_graph.go

github.com/google/go-github/v71@v71.0.0/github/dependency_graph.go (about)

     1  // Copyright 2023 The go-github AUTHORS. All rights reserved.
     2  //
     3  // Use of this source code is governed by a BSD-style
     4  // license that can be found in the LICENSE file.
     5  
     6  package github
     7  
     8  import (
     9  	"context"
    10  	"fmt"
    11  )
    12  
    13  type DependencyGraphService service
    14  
    15  // SBOM represents a software bill of materials, which describes the
    16  // packages/libraries that a repository depends on.
    17  type SBOM struct {
    18  	SBOM *SBOMInfo `json:"sbom,omitempty"`
    19  }
    20  
    21  // CreationInfo represents when the SBOM was created and who created it.
    22  type CreationInfo struct {
    23  	Created  *Timestamp `json:"created,omitempty"`
    24  	Creators []string   `json:"creators,omitempty"`
    25  }
    26  
    27  // RepoDependencies represents the dependencies of a repo.
    28  type RepoDependencies struct {
    29  	SPDXID *string `json:"SPDXID,omitempty"`
    30  	// Package name
    31  	Name             *string `json:"name,omitempty"`
    32  	VersionInfo      *string `json:"versionInfo,omitempty"`
    33  	DownloadLocation *string `json:"downloadLocation,omitempty"`
    34  	FilesAnalyzed    *bool   `json:"filesAnalyzed,omitempty"`
    35  	LicenseConcluded *string `json:"licenseConcluded,omitempty"`
    36  	LicenseDeclared  *string `json:"licenseDeclared,omitempty"`
    37  }
    38  
    39  // SBOMInfo represents a software bill of materials (SBOM) using SPDX.
    40  // SPDX is an open standard for SBOMs that
    41  // identifies and catalogs components, licenses, copyrights, security
    42  // references, and other metadata relating to software.
    43  type SBOMInfo struct {
    44  	SPDXID       *string       `json:"SPDXID,omitempty"`
    45  	SPDXVersion  *string       `json:"spdxVersion,omitempty"`
    46  	CreationInfo *CreationInfo `json:"creationInfo,omitempty"`
    47  
    48  	// Repo name
    49  	Name              *string  `json:"name,omitempty"`
    50  	DataLicense       *string  `json:"dataLicense,omitempty"`
    51  	DocumentDescribes []string `json:"documentDescribes,omitempty"`
    52  	DocumentNamespace *string  `json:"documentNamespace,omitempty"`
    53  
    54  	// List of packages dependencies
    55  	Packages []*RepoDependencies `json:"packages,omitempty"`
    56  }
    57  
    58  func (s SBOM) String() string {
    59  	return Stringify(s)
    60  }
    61  
    62  // GetSBOM fetches the software bill of materials for a repository.
    63  //
    64  // GitHub API docs: https://docs.github.com/rest/dependency-graph/sboms#export-a-software-bill-of-materials-sbom-for-a-repository
    65  //
    66  //meta:operation GET /repos/{owner}/{repo}/dependency-graph/sbom
    67  func (s *DependencyGraphService) GetSBOM(ctx context.Context, owner, repo string) (*SBOM, *Response, error) {
    68  	u := fmt.Sprintf("repos/%v/%v/dependency-graph/sbom", owner, repo)
    69  
    70  	req, err := s.client.NewRequest("GET", u, nil)
    71  	if err != nil {
    72  		return nil, nil, err
    73  	}
    74  
    75  	var sbom *SBOM
    76  	resp, err := s.client.Do(ctx, req, &sbom)
    77  	if err != nil {
    78  		return nil, resp, err
    79  	}
    80  
    81  	return sbom, resp, nil
    82  }