github.com/nextlinux/gosbom@v0.81.1-0.20230627115839-1ff50c281391/gosbom/formats/github/github_dependency_api.go

github.com/nextlinux/gosbom@v0.81.1-0.20230627115839-1ff50c281391/gosbom/formats/github/github_dependency_api.go (about)

     1  package github
     2  
     3  // Derived from: https://gist.github.com/reiddraper/fdab2883db0f372c146d1a750fc1c43f
     4  
     5  type DependencySnapshot struct {
     6  	Version   int              `json:"version"`
     7  	Job       Job              `json:"job,omitempty"` // !omitempty
     8  	Sha       string           `json:"sha,omitempty"` // !omitempty sha of the Git commit
     9  	Ref       string           `json:"ref,omitempty"` // !omitempty ref of the Git commit example "refs/heads/main"
    10  	Detector  DetectorMetadata `json:"detector,omitempty"`
    11  	Metadata  Metadata         `json:"metadata,omitempty"`
    12  	Manifests Manifests        `json:"manifests,omitempty"`
    13  	Scanned   ISO8601Date      `json:"scanned,omitempty"`
    14  }
    15  
    16  type Job struct {
    17  	Correlator string `json:"correlator,omitempty"` // !omitempty
    18  	ID         string `json:"id,omitempty"`         // !omitempty
    19  	HTMLURL    string `json:"html_url,omitempty"`
    20  }
    21  
    22  type DetectorMetadata struct {
    23  	Name    string `json:"name,omitempty"`
    24  	URL     string `json:"url,omitempty"`
    25  	Version string `json:"version,omitempty"`
    26  }
    27  
    28  type Manifests map[string]Manifest
    29  
    30  // Manifest A collection of related dependencies, either declared in a file,
    31  // or representing a logical group of dependencies.
    32  type Manifest struct {
    33  	Name     string          `json:"name"`
    34  	File     FileInfo        `json:"file"`
    35  	Metadata Metadata        `json:"metadata,omitempty"`
    36  	Resolved DependencyGraph `json:"resolved,omitempty"`
    37  }
    38  
    39  type FileInfo struct {
    40  	SourceLocation string `json:"source_location,omitempty"`
    41  }
    42  
    43  // DependencyRelationship A notation of whether a dependency is requested directly
    44  // by this manifest, or is a dependency of another dependency.
    45  type DependencyRelationship string
    46  
    47  const (
    48  	DependencyRelationshipDirect   DependencyRelationship = "direct"
    49  	DependencyRelationshipIndirect DependencyRelationship = "indirect"
    50  )
    51  
    52  // DependencyScope A notation of whether the dependency is required for the primary
    53  // build artifact (runtime), or is only used for development.
    54  // Future versions of this specification may allow for more granular
    55  // scopes, like `runtimeserver`, `runtimeshipped`,
    56  // `developmenttest`, `developmentbenchmark`.
    57  type DependencyScope string
    58  
    59  const (
    60  	DependencyScopeRuntime     DependencyScope = "runtime"
    61  	DependencyScopeDevelopment DependencyScope = "development"
    62  )
    63  
    64  type DependencyNode struct {
    65  	PackageURL   string                 `json:"package_url,omitempty"`
    66  	Metadata     Metadata               `json:"metadata,omitempty"`
    67  	Relationship DependencyRelationship `json:"relationship,omitempty"`
    68  	Scope        DependencyScope        `json:"scope,omitempty"`
    69  	Dependencies []string               `json:"dependencies,omitempty"`
    70  }
    71  
    72  type DependencyGraph map[string]DependencyNode
    73  
    74  type ISO8601Date = string
    75  
    76  type Scalar interface{} // should be: null | boolean | string | number
    77  
    78  type Metadata map[string]Scalar