sbom

package
v1.5.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Apr 20, 2026 License: Apache-2.0 Imports: 8 Imported by: 0

Documentation

Overview

Package sbom generates standards-compliant Software Bill of Materials from Stacktower dependency graphs.

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func BuildPURL 

func BuildPURL(language, name, version string) string

BuildPURL constructs a Package URL per the purl specification. See https://github.com/package-url/purl-spec

func GenerateCycloneDX 

func GenerateCycloneDX(g *dag.DAG, opts Options) ([]byte, error)

GenerateCycloneDX builds a CycloneDX SBOM from a DAG.

func GenerateSPDX 

func GenerateSPDX(g *dag.DAG, opts Options) ([]byte, error)

GenerateSPDX builds an SPDX 2.3 SBOM from a DAG.

Types

type Encoding 

type Encoding string

Encoding identifies the serialization format. 

const (
	EncodingJSON Encoding = "json"
	EncodingXML  Encoding = "xml"
)

type Format 

type Format string

Format identifies the SBOM specification to generate. 

const (
	FormatCycloneDX Format = "cyclonedx"
	FormatSPDX      Format = "spdx"
)

type Options 

type Options struct {
	Format      Format
	Encoding    Encoding
	SpecVersion string           // e.g., "1.6" for CycloneDX, "2.3" for SPDX
	Language    string           // needed for purl construction
	ToolName    string           // e.g., "stacktower"
	ToolVersion string           // e.g., "1.2.0"
	VulnReport  *security.Report // optional vulnerability data
}

Options configures SBOM generation.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.