github.com/lineaje-labs/syft@v0.98.1-0.20231227153149-9e393f60ff1b/syft/format/common/spdxhelpers/download_location.go

github.com/lineaje-labs/syft@v0.98.1-0.20231227153149-9e393f60ff1b/syft/format/common/spdxhelpers/download_location.go (about)

     1  package spdxhelpers
     2  
     3  import "github.com/anchore/syft/syft/pkg"
     4  
     5  const NONE = "NONE"
     6  const NOASSERTION = "NOASSERTION"
     7  
     8  func DownloadLocation(p pkg.Package) string {
     9  	// 3.7: Package Download Location
    10  	// Cardinality: mandatory, one
    11  	// NONE if there is no download location whatsoever.
    12  	// NOASSERTION if:
    13  	//   (i) the SPDX file creator has attempted to but cannot reach a reasonable objective determination;
    14  	//   (ii) the SPDX file creator has made no attempt to determine this field; or
    15  	//   (iii) the SPDX file creator has intentionally provided no information (no meaning should be implied by doing so).
    16  
    17  	if hasMetadata(p) {
    18  		switch metadata := p.Metadata.(type) {
    19  		case pkg.ApkDBEntry:
    20  			return NoneIfEmpty(metadata.URL)
    21  		case pkg.NpmPackage:
    22  			return NoneIfEmpty(metadata.URL)
    23  		case pkg.NpmPackageLockEntry:
    24  			return NoneIfEmpty(metadata.Resolved)
    25  		}
    26  	}
    27  	return NOASSERTION
    28  }