Documentation
¶
Overview ¶
Package spdx contains the struct definition for an SPDX Document and its constituent parts. SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type Annotation ¶
type Annotation struct {
// 12.1: Annotator
// Cardinality: conditional (mandatory, one) if there is an Annotation
Annotator common.Annotator `json:"annotator"`
// 12.2: Annotation Date: YYYY-MM-DDThh:mm:ssZ
// Cardinality: conditional (mandatory, one) if there is an Annotation
AnnotationDate string `json:"annotationDate"`
// 12.3: Annotation Type: "REVIEW" or "OTHER"
// Cardinality: conditional (mandatory, one) if there is an Annotation
AnnotationType string `json:"annotationType"`
// 12.4: SPDX Identifier Reference
// Cardinality: conditional (mandatory, one) if there is an Annotation
// This field is not used in hierarchical data formats where the referenced element is clear, such as JSON or YAML.
AnnotationSPDXIdentifier common.DocElementID `json:"-" yaml:"-"`
// 12.5: Annotation Comment
// Cardinality: conditional (mandatory, one) if there is an Annotation
AnnotationComment string `json:"comment"`
}
Annotation is an Annotation section of an SPDX Document for version 2.3 of the spec.
type ArtifactOfProject ¶
type ArtifactOfProject struct {
// DEPRECATED in version 2.1 of spec
// 8.9: Artifact of Project Name
// Cardinality: conditional, required if present, one per AOP
Name string `json:"name"`
// DEPRECATED in version 2.1 of spec
// 8.10: Artifact of Project Homepage: URL or "UNKNOWN"
// Cardinality: optional, one per AOP
HomePage string `json:"homePage"`
// DEPRECATED in version 2.1 of spec
// 8.11: Artifact of Project Uniform Resource Identifier
// Cardinality: optional, one per AOP
URI string `json:"URI"`
}
ArtifactOfProject is a DEPRECATED collection of data regarding a Package, as defined in sections 8.9-8.11 in version 2.3 of the spec. NOTE: the JSON schema does not define the structure of this object: https://github.com/spdx/spdx-spec/blob/development/v2.3.1/schemas/spdx-schema.json#L480
type CreationInfo ¶
type CreationInfo struct {
// 6.7: License List Version
// Cardinality: optional, one
LicenseListVersion string `json:"licenseListVersion"`
// 6.8: Creators: may have multiple keys for Person, Organization
// and/or Tool
// Cardinality: mandatory, one or many
Creators []common.Creator `json:"creators"`
// 6.9: Created: data format YYYY-MM-DDThh:mm:ssZ
// Cardinality: mandatory, one
Created string `json:"created"`
// 6.10: Creator Comment
// Cardinality: optional, one
CreatorComment string `json:"comment,omitempty"`
}
CreationInfo is a Document Creation Information section of an SPDX Document for version 2.3 of the spec.
type Document ¶
type Document struct {
// 6.1: SPDX Version; should be in the format "SPDX-2.3"
// Cardinality: mandatory, one
SPDXVersion string `json:"spdxVersion"`
// 6.2: Data License; should be "CC0-1.0"
// Cardinality: mandatory, one
DataLicense string `json:"dataLicense"`
// 6.3: SPDX Identifier; should be "DOCUMENT" to represent
// mandatory identifier of SPDXRef-DOCUMENT
// Cardinality: mandatory, one
SPDXIdentifier common.ElementID `json:"SPDXID"`
// 6.4: Document Name
// Cardinality: mandatory, one
DocumentName string `json:"name"`
// 6.5: Document Namespace
// Cardinality: mandatory, one
DocumentNamespace string `json:"documentNamespace"`
// 6.6: External Document References
// Cardinality: optional, one or many
ExternalDocumentReferences []ExternalDocumentRef `json:"externalDocumentRefs,omitempty"`
// 6.11: Document Comment
// Cardinality: optional, one
DocumentComment string `json:"comment,omitempty"`
CreationInfo *CreationInfo `json:"creationInfo"`
Packages []*Package `json:"packages,omitempty"`
Files []*File `json:"files,omitempty"`
OtherLicenses []*OtherLicense `json:"hasExtractedLicensingInfos,omitempty"`
Relationships []*Relationship `json:"relationships,omitempty"`
Annotations []*Annotation `json:"annotations,omitempty"`
Snippets []Snippet `json:"snippets,omitempty"`
// DEPRECATED in version 2.0 of spec
Reviews []*Review `json:"-" yaml:"-"`
}
Document is an SPDX Document for version 2.3 of the spec. See https://spdx.github.io/spdx-spec/v2.3/document-creation-information
type ExternalDocumentRef ¶
type ExternalDocumentRef struct {
// DocumentRefID is the ID string defined in the start of the
// reference. It should _not_ contain the "DocumentRef-" part
// of the mandatory ID string.
DocumentRefID string `json:"externalDocumentId"`
// URI is the URI defined for the external document
URI string `json:"spdxDocument"`
// Checksum is the actual hash data
Checksum common.Checksum `json:"checksum"`
}
ExternalDocumentRef is a reference to an external SPDX document as defined in section 6.6 for version 2.3 of the spec.
type File ¶
type File struct {
// 8.1: File Name
// Cardinality: mandatory, one
FileName string `json:"fileName"`
// 8.2: File SPDX Identifier: "SPDXRef-[idstring]"
// Cardinality: mandatory, one
FileSPDXIdentifier common.ElementID `json:"SPDXID"`
// 8.3: File Types
// Cardinality: optional, multiple
FileTypes []string `json:"fileTypes,omitempty"`
// 8.4: File Checksum: may have keys for SHA1, SHA256, MD5, SHA3-256, SHA3-384, SHA3-512, BLAKE2b-256, BLAKE2b-384, BLAKE2b-512, BLAKE3, ADLER32
// Cardinality: mandatory, one SHA1, others may be optionally provided
Checksums []common.Checksum `json:"checksums"`
// 8.5: Concluded License: SPDX License Expression, "NONE" or "NOASSERTION"
// Cardinality: optional, one
LicenseConcluded string `json:"licenseConcluded,omitempty"`
// 8.6: License Information in File: SPDX License Expression, "NONE" or "NOASSERTION"
// Cardinality: optional, one or many
LicenseInfoInFiles []string `json:"licenseInfoInFiles,omitempty"`
// 8.7: Comments on License
// Cardinality: optional, one
LicenseComments string `json:"licenseComments,omitempty"`
// 8.8: Copyright Text: copyright notice(s) text, "NONE" or "NOASSERTION"
// Cardinality: mandatory, one
FileCopyrightText string `json:"copyrightText"`
// DEPRECATED in version 2.1 of spec
// 8.9-8.11: Artifact of Project variables (defined below)
// Cardinality: optional, one or many
ArtifactOfProjects []*ArtifactOfProject `json:"artifactOfs,omitempty"`
// 8.12: File Comment
// Cardinality: optional, one
FileComment string `json:"comment,omitempty"`
// 8.13: File Notice
// Cardinality: optional, one
FileNotice string `json:"noticeText,omitempty"`
// 8.14: File Contributor
// Cardinality: optional, one or many
FileContributors []string `json:"fileContributors,omitempty"`
// 8.15: File Attribution Text
// Cardinality: optional, one or many
FileAttributionTexts []string `json:"attributionTexts,omitempty"`
// DEPRECATED in version 2.0 of spec
// 8.16: File Dependencies
// Cardinality: optional, one or many
FileDependencies []string `json:"fileDependencies,omitempty"`
// Snippets contained in this File
// Note that Snippets could be defined in a different Document! However,
// the only ones that _THIS_ document can contain are this ones that are
// defined here -- so this should just be an ElementID.
Snippets map[common.ElementID]*Snippet `json:"-" yaml:"-"`
Annotations []Annotation `json:"annotations,omitempty"`
}
File is a File section of an SPDX Document for version 2.3 of the spec.
type OtherLicense ¶
type OtherLicense struct {
// 10.1: License Identifier: "LicenseRef-[idstring]"
// Cardinality: conditional (mandatory, one) if license is not
// on SPDX License List
LicenseIdentifier string `json:"licenseId"`
// 10.2: Extracted Text
// Cardinality: conditional (mandatory, one) if there is a
// License Identifier assigned
ExtractedText string `json:"extractedText"`
// 10.3: License Name: single line of text or "NOASSERTION"
// Cardinality: conditional (mandatory, one) if license is not
// on SPDX License List
LicenseName string `json:"name,omitempty"`
// 10.4: License Cross Reference
// Cardinality: conditional (optional, one or many) if license
// is not on SPDX License List
LicenseCrossReferences []string `json:"seeAlsos,omitempty"`
// 10.5: License Comment
// Cardinality: optional, one
LicenseComment string `json:"comment,omitempty"`
}
OtherLicense is an Other License Information section of an SPDX Document for version 2.3 of the spec.
type Package ¶
type Package struct {
// NOT PART OF SPEC
// flag: does this "package" contain files that were in fact "unpackaged",
// e.g. included directly in the Document without being in a Package?
IsUnpackaged bool `json:"-" yaml:"-"`
// 7.1: Package Name
// Cardinality: mandatory, one
PackageName string `json:"name"`
// 7.2: Package SPDX Identifier: "SPDXRef-[idstring]"
// Cardinality: mandatory, one
PackageSPDXIdentifier common.ElementID `json:"SPDXID"`
// 7.3: Package Version
// Cardinality: optional, one
PackageVersion string `json:"versionInfo,omitempty"`
// 7.4: Package File Name
// Cardinality: optional, one
PackageFileName string `json:"packageFileName,omitempty"`
// 7.5: Package Supplier: may have single result for either Person or Organization,
// or NOASSERTION
// Cardinality: optional, one
PackageSupplier *common.Supplier `json:"supplier,omitempty"`
// 7.6: Package Originator: may have single result for either Person or Organization,
// or NOASSERTION
// Cardinality: optional, one
PackageOriginator *common.Originator `json:"originator,omitempty"`
// 7.7: Package Download Location
// Cardinality: mandatory, one
PackageDownloadLocation string `json:"downloadLocation"`
// 7.8: FilesAnalyzed
// Cardinality: optional, one; default value is "true" if omitted
FilesAnalyzed bool `json:"filesAnalyzed,omitempty"`
// NOT PART OF SPEC: did FilesAnalyzed tag appear?
IsFilesAnalyzedTagPresent bool `json:"-" yaml:"-"`
// 7.9: Package Verification Code
// Cardinality: if FilesAnalyzed == true must be present, if FilesAnalyzed == false must be omitted
PackageVerificationCode *common.PackageVerificationCode `json:"packageVerificationCode,omitempty"`
// 7.10: Package Checksum: may have keys for SHA1, SHA256, SHA512, MD5, SHA3-256, SHA3-384, SHA3-512, BLAKE2b-256, BLAKE2b-384, BLAKE2b-512, BLAKE3, ADLER32
// Cardinality: optional, one or many
PackageChecksums []common.Checksum `json:"checksums,omitempty"`
// 7.11: Package Home Page
// Cardinality: optional, one
PackageHomePage string `json:"homepage,omitempty"`
// 7.12: Source Information
// Cardinality: optional, one
PackageSourceInfo string `json:"sourceInfo,omitempty"`
// 7.13: Concluded License: SPDX License Expression, "NONE" or "NOASSERTION"
// Cardinality: optional, one
PackageLicenseConcluded string `json:"licenseConcluded,omitempty"`
// 7.14: All Licenses Info from Files: SPDX License Expression, "NONE" or "NOASSERTION"
// Cardinality: optional, one or many if filesAnalyzed is true / omitted;
// zero (must be omitted) if filesAnalyzed is false
PackageLicenseInfoFromFiles []string `json:"licenseInfoFromFiles,omitempty"`
// 7.15: Declared License: SPDX License Expression, "NONE" or "NOASSERTION"
// Cardinality: optional, one
PackageLicenseDeclared string `json:"licenseDeclared,omitempty"`
// 7.16: Comments on License
// Cardinality: optional, one
PackageLicenseComments string `json:"licenseComments,omitempty"`
// 7.17: Copyright Text: copyright notice(s) text, "NONE" or "NOASSERTION"
// Cardinality: mandatory, one
PackageCopyrightText string `json:"copyrightText"`
// 7.18: Package Summary Description
// Cardinality: optional, one
PackageSummary string `json:"summary,omitempty"`
// 7.19: Package Detailed Description
// Cardinality: optional, one
PackageDescription string `json:"description,omitempty"`
// 7.20: Package Comment
// Cardinality: optional, one
PackageComment string `json:"comment,omitempty"`
// 7.21: Package External Reference
// Cardinality: optional, one or many
PackageExternalReferences []*PackageExternalReference `json:"externalRefs,omitempty"`
// 7.23: Package Attribution Text
// Cardinality: optional, one or many
PackageAttributionTexts []string `json:"attributionTexts,omitempty"`
// 7.24: Primary Package Purpose
// Cardinality: optional, one or many
// Allowed values: APPLICATION, FRAMEWORK, LIBRARY, CONTAINER, OPERATING-SYSTEM, DEVICE, FIRMWARE, SOURCE, ARCHIVE, FILE, INSTALL, OTHER
PrimaryPackagePurpose string `json:"primaryPackagePurpose,omitempty"`
// 7.25: Release Date: YYYY-MM-DDThh:mm:ssZ
// Cardinality: optional, one
ReleaseDate string `json:"releaseDate,omitempty"`
// 7.26: Build Date: YYYY-MM-DDThh:mm:ssZ
// Cardinality: optional, one
BuiltDate string `json:"builtDate,omitempty"`
// 7.27: Valid Until Date: YYYY-MM-DDThh:mm:ssZ
// Cardinality: optional, one
ValidUntilDate string `json:"validUntilDate,omitempty"`
// Files contained in this Package
Files []*File `json:"files,omitempty"`
Annotations []Annotation `json:"annotations,omitempty"`
}
Package is a Package section of an SPDX Document for version 2.3 of the spec.
type PackageExternalReference ¶
type PackageExternalReference struct {
// category is "SECURITY", "PACKAGE-MANAGER" or "OTHER"
Category string `json:"referenceCategory"`
// type is an [idstring] as defined in Appendix VI;
// called RefType here due to "type" being a Golang keyword
RefType string `json:"referenceType"`
// locator is a unique string to access the package-specific
// info, metadata or content within the target location
Locator string `json:"referenceLocator"`
// 7.22: Package External Reference Comment
// Cardinality: conditional (optional, one) for each External Reference
ExternalRefComment string `json:"comment,omitempty"`
}
PackageExternalReference is an External Reference to additional info about a Package, as defined in section 7.21 in version 2.3 of the spec.
type Relationship ¶
type Relationship struct {
// 11.1: Relationship
// Cardinality: optional, one or more; one per Relationship
// one mandatory for SPDX Document with multiple packages
// RefA and RefB are first and second item
// Relationship is type from 11.1.1
RefA common.DocElementID `json:"spdxElementId"`
RefB common.DocElementID `json:"relatedSpdxElement"`
Relationship string `json:"relationshipType"`
// 11.2: Relationship Comment
// Cardinality: optional, one
RelationshipComment string `json:"comment,omitempty"`
}
Relationship is a Relationship section of an SPDX Document for version 2.3 of the spec.
type Review ¶
type Review struct {
// DEPRECATED in version 2.0 of spec
// 13.1: Reviewer
// Cardinality: optional, one
Reviewer string
// including AnnotatorType: one of "Person", "Organization" or "Tool"
ReviewerType string
// DEPRECATED in version 2.0 of spec
// 13.2: Review Date: YYYY-MM-DDThh:mm:ssZ
// Cardinality: conditional (mandatory, one) if there is a Reviewer
ReviewDate string
// DEPRECATED in version 2.0 of spec
// 13.3: Review Comment
// Cardinality: optional, one
ReviewComment string
}
Review is a Review section of an SPDX Document for version 2.3 of the spec. DEPRECATED in version 2.0 of spec; retained here for compatibility.
type Snippet ¶
type Snippet struct {
// 9.1: Snippet SPDX Identifier: "SPDXRef-[idstring]"
// Cardinality: mandatory, one
SnippetSPDXIdentifier common.ElementID `json:"SPDXID"`
// 9.2: Snippet from File SPDX Identifier
// Cardinality: mandatory, one
SnippetFromFileSPDXIdentifier common.ElementID `json:"snippetFromFile"`
// Ranges denotes the start/end byte offsets or line numbers that the snippet is relevant to
Ranges []common.SnippetRange `json:"ranges"`
// 9.5: Snippet Concluded License: SPDX License Expression, "NONE" or "NOASSERTION"
// Cardinality: optional, one
SnippetLicenseConcluded string `json:"licenseConcluded,omitempty"`
// 9.6: License Information in Snippet: SPDX License Expression, "NONE" or "NOASSERTION"
// Cardinality: optional, one or many
LicenseInfoInSnippet []string `json:"licenseInfoInSnippets,omitempty"`
// 9.7: Snippet Comments on License
// Cardinality: optional, one
SnippetLicenseComments string `json:"licenseComments,omitempty"`
// 9.8: Snippet Copyright Text: copyright notice(s) text, "NONE" or "NOASSERTION"
// Cardinality: mandatory, one
SnippetCopyrightText string `json:"copyrightText"`
// 9.9: Snippet Comment
// Cardinality: optional, one
SnippetComment string `json:"comment,omitempty"`
// 9.10: Snippet Name
// Cardinality: optional, one
SnippetName string `json:"name,omitempty"`
// 9.11: Snippet Attribution Text
// Cardinality: optional, one or many
SnippetAttributionTexts []string `json:"-" yaml:"-"`
}
Snippet is a Snippet section of an SPDX Document for version 2.3 of the spec.
Source Files
Click to show internal directories.
Click to hide internal directories.