cdx

package
v1.13.4 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Mar 24, 2026 License: AGPL-3.0 Imports: 7 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func FormatSpec 

func FormatSpec(specVersion string) string

FormatSpec returns the format string for CLI display.

func NormalizeFormat 

func NormalizeFormat(format string) (string, bool)

NormalizeFormat maps user-facing format names to spec versions or output type. Returns (specVersion, isRawJSON).

func ValidSpecVersions 

func ValidSpecVersions() []string

ValidSpecVersions returns the list of supported CycloneDX spec versions.

Types

type Advisory 

type Advisory struct {
	URL string `json:"url,omitempty"`
}

Advisory is an external advisory reference.

type Affect 

type Affect struct {
	Ref string `json:"ref"`
}

Affect identifies a component affected by a vulnerability.

type Analysis 

type Analysis struct {
	State string `json:"state,omitempty"`
}

Analysis contains vulnerability analysis state.

type BOM 

type BOM struct {
	BOMFormat       string          `json:"bomFormat"`
	SpecVersion     string          `json:"specVersion"`
	SerialNumber    string          `json:"serialNumber"`
	Version         int             `json:"version"`
	Metadata        *Metadata       `json:"metadata,omitempty"`
	Components      []Component     `json:"components,omitempty"`
	Vulnerabilities []Vulnerability `json:"vulnerabilities,omitempty"`
}

BOM is the top-level CycloneDX Bill of Materials.

func BuildFromScanTasks 

func BuildFromScanTasks(tasks []*scan.ScanTask, specVersion string) *BOM

BuildFromScanTasks creates a CycloneDX BOM from completed scan tasks.

func (*BOM) WriteJSON 

func (b *BOM) WriteJSON(w io.Writer) error

WriteJSON writes the BOM as indented JSON to the writer.

type Component 

type Component struct {
	Type       string     `json:"type"`
	BOMRef     string     `json:"bom-ref,omitempty"`
	Name       string     `json:"name"`
	Version    string     `json:"version,omitempty"`
	Scope      string     `json:"scope,omitempty"`
	Purl       string     `json:"purl,omitempty"`
	Properties []Property `json:"properties,omitempty"`
}

Component represents a software component.

type Metadata 

type Metadata struct {
	Timestamp string `json:"timestamp"`
	Tools     *Tools `json:"tools,omitempty"`
}

Metadata describes the BOM creation context.

type Property 

type Property struct {
	Name  string `json:"name"`
	Value string `json:"value"`
}

Property is a name-value pair.

type Rating 

type Rating struct {
	Score    float64 `json:"score"`
	Severity string  `json:"severity,omitempty"`
	Method   string  `json:"method,omitempty"`
	Source   *Source `json:"source,omitempty"`
}

Rating is a vulnerability scoring entry.

type Source 

type Source struct {
	Name string `json:"name,omitempty"`
	URL  string `json:"url,omitempty"`
}

Source identifies where vulnerability data comes from.

type Tools 

type Tools struct {
	Components []Component `json:"components,omitempty"`
}

Tools holds tool information in CycloneDX format.

type Vulnerability 

type Vulnerability struct {
	BOMRef      string     `json:"bom-ref,omitempty"`
	ID          string     `json:"id"`
	Source      *Source    `json:"source,omitempty"`
	Ratings     []Rating   `json:"ratings,omitempty"`
	Description string     `json:"description,omitempty"`
	Affects     []Affect   `json:"affects,omitempty"`
	Analysis    *Analysis  `json:"analysis,omitempty"`
	Properties  []Property `json:"properties,omitempty"`
	Advisories  []Advisory `json:"advisories,omitempty"`
}

Vulnerability represents a CycloneDX vulnerability entry.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.