Documentation
¶
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func PackageNames ¶
PackageNames returns the list of names a matcher should search the DB by when looking up vulnerabilities for p. Per-ecosystem resolvers (Python, Java) provide alternate canonical forms (PEP 503 normalization, Maven group+artifact splits); rootio packages additionally fan out across both naming directions so the matcher reaches every record relevant to a rootio build regardless of which naming model the SBOM uses:
- prefixed → bare: a scan against `rootio-libssl3` reaches the upstream `libssl3` disclosure in the distro namespace.
- bare → prefixed: a scan against `libgcrypt20@1.10.1-3.root.io.2` (upstream-named rootio build) reaches the rootio NAK keyed under `rootio-libgcrypt20`.
Rootio data carries no false-positive risk through this fanout: rootio publishes only UnaffectedPackageHandles (NAKs), so any extra-name search can suppress a match but cannot manufacture one. The RootIO package qualifier on those NAKs gives second-line protection — it keeps a rootio-tagged record from applying to a scanned package that isn't itself a rootio build.
Types ¶
type JavaResolver ¶
type JavaResolver struct {
}
func (*JavaResolver) Normalize ¶
func (r *JavaResolver) Normalize(name string) string
type PythonResolver ¶
type PythonResolver struct {
}
func (*PythonResolver) Normalize ¶
func (r *PythonResolver) Normalize(name string) string
Source Files