dependency

package

v0.0.0-...-1a28f28 Latest Latest Go to latest Published: Jan 22, 2026 License: MIT Imports: 6 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/picatz/deputy

Links

Open Source Insights

Documentation ¶

Overview ¶

Package dependency provides types for identifying dependencies and their locations.

This package contains the core types that describe what a dependency is and where it was found, independent of vulnerability analysis:

ID: Identity of a dependency (name, ecosystem, PURL)
dependencyv1.ManifestRef: Where a dependency is declared in source (manifest path, manager)
containerv1.LayerDetails: Where a dependency was found in a container image (layer info)

These types are used throughout Deputy to track dependencies from extraction through vulnerability analysis and reporting.

Package dependency provides core types for representing software dependencies.

This package defines the fundamental data structures used throughout Deputy for modeling dependencies across different ecosystems (Go, npm, PyPI, etc.).

Core Types ¶

ID uniquely identifies a dependency by name, version, ecosystem, and PURL. It serves as the canonical identifier used in scan results and findings.

[ManifestRef] tracks where a dependency was declared, including the file path, package manager, and dependency groups (e.g., "dev", "optional").

[LayerDetails] provides container image layer information for dependencies found during image scanning, including the layer index, digest, and Dockerfile command that introduced the package.

Clone Functions ¶

The package provides deep clone utilities for safely copying types that contain slices, ensuring mutations to clones don't affect originals:

CloneLayerDetails - deep copy of LayerDetails
CloneManifestRefs - deep copy of ManifestRef slice

Index ¶

func CloneLayerDetails(src *containerv1.LayerDetails) *containerv1.LayerDetails
func CloneManifestRefs(refs []dependencyv1.ManifestRef) []dependencyv1.ManifestRef
func MergeManifestRef(existing []dependencyv1.ManifestRef, ref dependencyv1.ManifestRef) []dependencyv1.ManifestRef
func SortAndUniqueManifestRefs(refs []dependencyv1.ManifestRef) []dependencyv1.ManifestRef
type ID

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

func CloneLayerDetails ¶

func CloneLayerDetails(src *containerv1.LayerDetails) *containerv1.LayerDetails

CloneLayerDetails returns a deep copy of LayerDetails. Returns nil if src is nil.

func CloneManifestRefs ¶

func CloneManifestRefs(refs []dependencyv1.ManifestRef) []dependencyv1.ManifestRef

CloneManifestRefs deep clones a slice of ManifestRef. Returns nil if refs is empty or nil.

func MergeManifestRef ¶

func MergeManifestRef(existing []dependencyv1.ManifestRef, ref dependencyv1.ManifestRef) []dependencyv1.ManifestRef

MergeManifestRef adds a manifest reference to the list, merging groups if it already exists.

func SortAndUniqueManifestRefs ¶

func SortAndUniqueManifestRefs(refs []dependencyv1.ManifestRef) []dependencyv1.ManifestRef

SortAndUniqueManifestRefs deduplicates and sorts manifest references.

Types ¶

type ID ¶

type ID struct {
	Name      string
	Ecosystem string
	PURL      string
}

ID captures the identity of a dependency independently of a scan.

Source Files ¶

View all Source files

Directories ¶

Path	Synopsis
graph Package graph provides dependency graph construction, analysis, and visualization.	Package graph provides dependency graph construction, analysis, and visualization.

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL