github.com/lineaje-labs/syft@v0.98.1-0.20231227153149-9e393f60ff1b/syft/format/common/spdxhelpers/external_refs.go

github.com/lineaje-labs/syft@v0.98.1-0.20231227153149-9e393f60ff1b/syft/format/common/spdxhelpers/external_refs.go (about)

     1  package spdxhelpers
     2  
     3  import (
     4  	"github.com/anchore/syft/syft/cpe"
     5  	"github.com/anchore/syft/syft/pkg"
     6  )
     7  
     8  func ExternalRefs(p pkg.Package) (externalRefs []ExternalRef) {
     9  	externalRefs = make([]ExternalRef, 0)
    10  
    11  	for _, c := range p.CPEs {
    12  		externalRefs = append(externalRefs, ExternalRef{
    13  			ReferenceCategory: SecurityReferenceCategory,
    14  			ReferenceLocator:  cpe.String(c),
    15  			ReferenceType:     Cpe23ExternalRefType,
    16  		})
    17  	}
    18  
    19  	if p.PURL != "" {
    20  		externalRefs = append(externalRefs, ExternalRef{
    21  			ReferenceCategory: PackageManagerReferenceCategory,
    22  			ReferenceLocator:  p.PURL,
    23  			ReferenceType:     PurlExternalRefType,
    24  		})
    25  	}
    26  
    27  	switch meta := p.Metadata.(type) {
    28  	// Java packages may specify the bazel label used to build it
    29  	case pkg.JavaArchive:
    30  		if meta.Manifest != nil {
    31  			if _, createdByFound := meta.Manifest.Main["Created-By"]; createdByFound {
    32  				if meta.Manifest.Main["Created-By"] == "bazel" {
    33  					if _, targetLabelFound := meta.Manifest.Main["Target-Label"]; targetLabelFound {
    34  						externalRefs = append(externalRefs, ExternalRef{
    35  							ReferenceCategory: OtherReferenceCategory,
    36  							ReferenceLocator:  meta.Manifest.Main["Target-Label"],
    37  							ReferenceType:     BazelLabelExternalRefType,
    38  						})
    39  					}
    40  				}
    41  			}
    42  		}
    43  	default:
    44  	}
    45  
    46  	return externalRefs
    47  }