package spdx
import "github.com/spdx/tools-golang/spdx"
Package spdx contains the struct definition for an SPDX Document and its constituent parts. SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
Index ¶
- Constants
- func RenderDocElementID(deID DocElementID) string
- func RenderElementID(eID ElementID) string
- type Annotation2_1
- type Annotation2_2
- type ArtifactOfProject2_1
- type ArtifactOfProject2_2
- type Checksum
- type ChecksumAlgorithm
- type CreationInfo2_1
- type CreationInfo2_2
- type DocElementID
- func MakeDocElementID(docRef string, eltRef string) DocElementID
- func MakeDocElementSpecial(specialID string) DocElementID
- type Document2_1
- type Document2_2
- type ElementID
- type ExternalDocumentRef2_1
- type ExternalDocumentRef2_2
- type File2_1
- type File2_2
- type OtherLicense2_1
- type OtherLicense2_2
- type Package2_1
- type Package2_2
- type PackageExternalReference2_1
- type PackageExternalReference2_2
- type Relationship2_1
- type Relationship2_2
- type Review2_1
- type Review2_2
- type Snippet2_1
- type Snippet2_2
Constants ¶
const ( SHA224 ChecksumAlgorithm = "SHA224" SHA1 = "SHA1" SHA256 = "SHA256" SHA384 = "SHA384" SHA512 = "SHA512" MD2 = "MD2" MD4 = "MD4" MD5 = "MD5" MD6 = "MD6" )
The checksum algorithms mentioned in the spdxv2.2.0 https://spdx.github.io/spdx-spec/4-file-information/#44-file-checksum
Functions ¶
func RenderDocElementID ¶
func RenderDocElementID(deID DocElementID) string
RenderDocElementID takes a DocElementID and returns the string equivalent, with the SPDXRef- prefix (and, if applicable, the DocumentRef- prefix) reinserted. If a SpecialID is present, it will be rendered verbatim and DocumentRefID and ElementRefID will be ignored.
func RenderElementID ¶
RenderElementID takes an ElementID and returns the string equivalent, with the SPDXRef- prefix reinserted.
Types ¶
type Annotation2_1 ¶
type Annotation2_1 struct {
// 8.1: Annotator
// Cardinality: conditional (mandatory, one) if there is an Annotation
Annotator string
// including AnnotatorType: one of "Person", "Organization" or "Tool"
AnnotatorType string
// 8.2: Annotation Date: YYYY-MM-DDThh:mm:ssZ
// Cardinality: conditional (mandatory, one) if there is an Annotation
AnnotationDate string
// 8.3: Annotation Type: "REVIEW" or "OTHER"
// Cardinality: conditional (mandatory, one) if there is an Annotation
AnnotationType string
// 8.4: SPDX Identifier Reference
// Cardinality: conditional (mandatory, one) if there is an Annotation
AnnotationSPDXIdentifier DocElementID
// 8.5: Annotation Comment
// Cardinality: conditional (mandatory, one) if there is an Annotation
AnnotationComment string
}
Annotation2_1 is an Annotation section of an SPDX Document for version 2.1 of the spec.
type Annotation2_2 ¶
type Annotation2_2 struct {
// 8.1: Annotator
// Cardinality: conditional (mandatory, one) if there is an Annotation
Annotator string
// including AnnotatorType: one of "Person", "Organization" or "Tool"
AnnotatorType string
// 8.2: Annotation Date: YYYY-MM-DDThh:mm:ssZ
// Cardinality: conditional (mandatory, one) if there is an Annotation
AnnotationDate string
// 8.3: Annotation Type: "REVIEW" or "OTHER"
// Cardinality: conditional (mandatory, one) if there is an Annotation
AnnotationType string
// 8.4: SPDX Identifier Reference
// Cardinality: conditional (mandatory, one) if there is an Annotation
AnnotationSPDXIdentifier DocElementID
// 8.5: Annotation Comment
// Cardinality: conditional (mandatory, one) if there is an Annotation
AnnotationComment string
}
Annotation2_2 is an Annotation section of an SPDX Document for version 2.2 of the spec.
type ArtifactOfProject2_1 ¶
type ArtifactOfProject2_1 struct {
// DEPRECATED in version 2.1 of spec
// 4.9: Artifact of Project Name
// Cardinality: conditional, required if present, one per AOP
Name string
// DEPRECATED in version 2.1 of spec
// 4.10: Artifact of Project Homepage: URL or "UNKNOWN"
// Cardinality: optional, one per AOP
HomePage string
// DEPRECATED in version 2.1 of spec
// 4.11: Artifact of Project Uniform Resource Identifier
// Cardinality: optional, one per AOP
URI string
}
ArtifactOfProject2_1 is a DEPRECATED collection of data regarding a Package, as defined in sections 4.9-4.11 in version 2.1 of the spec.
type ArtifactOfProject2_2 ¶
type ArtifactOfProject2_2 struct {
// DEPRECATED in version 2.1 of spec
// 4.9: Artifact of Project Name
// Cardinality: conditional, required if present, one per AOP
Name string
// DEPRECATED in version 2.1 of spec
// 4.10: Artifact of Project Homepage: URL or "UNKNOWN"
// Cardinality: optional, one per AOP
HomePage string
// DEPRECATED in version 2.1 of spec
// 4.11: Artifact of Project Uniform Resource Identifier
// Cardinality: optional, one per AOP
URI string
}
ArtifactOfProject2_2 is a DEPRECATED collection of data regarding a Package, as defined in sections 4.9-4.11 in version 2.2 of the spec.
type Checksum ¶
type Checksum struct {
Algorithm ChecksumAlgorithm
Value string
}
Checksum2_2 struct Provide a unique identifier to match analysis information on each specific file in a package. The Algorithm field describes the ChecksumAlgorithm2_2 used and the Value represents the file checksum
type ChecksumAlgorithm ¶
type ChecksumAlgorithm string
ChecksumAlgorithm2_2 represents the algorithm used to generate the file checksum in the Checksum2_2 struct.
type CreationInfo2_1 ¶
type CreationInfo2_1 struct {
// 2.1: SPDX Version; should be in the format "SPDX-2.1"
// Cardinality: mandatory, one
SPDXVersion string
// 2.2: Data License; should be "CC0-1.0"
// Cardinality: mandatory, one
DataLicense string
// 2.3: SPDX Identifier; should be "DOCUMENT" to represent
// mandatory identifier of SPDXRef-DOCUMENT
// Cardinality: mandatory, one
SPDXIdentifier ElementID
// 2.4: Document Name
// Cardinality: mandatory, one
DocumentName string
// 2.5: Document Namespace
// Cardinality: mandatory, one
DocumentNamespace string
// 2.6: External Document References
// Cardinality: optional, one or many
ExternalDocumentReferences map[string]ExternalDocumentRef2_1
// 2.7: License List Version
// Cardinality: optional, one
LicenseListVersion string
// 2.8: Creators: may have multiple keys for Person, Organization
// and/or Tool
// Cardinality: mandatory, one or many
CreatorPersons []string
CreatorOrganizations []string
CreatorTools []string
// 2.9: Created: data format YYYY-MM-DDThh:mm:ssZ
// Cardinality: mandatory, one
Created string
// 2.10: Creator Comment
// Cardinality: optional, one
CreatorComment string
// 2.11: Document Comment
// Cardinality: optional, one
DocumentComment string
}
CreationInfo2_1 is a Document Creation Information section of an SPDX Document for version 2.1 of the spec.
type CreationInfo2_2 ¶
type CreationInfo2_2 struct {
// 2.1: SPDX Version; should be in the format "SPDX-2.2"
// Cardinality: mandatory, one
SPDXVersion string
// 2.2: Data License; should be "CC0-1.0"
// Cardinality: mandatory, one
DataLicense string
// 2.3: SPDX Identifier; should be "DOCUMENT" to represent
// mandatory identifier of SPDXRef-DOCUMENT
// Cardinality: mandatory, one
SPDXIdentifier ElementID
// 2.4: Document Name
// Cardinality: mandatory, one
DocumentName string
// 2.5: Document Namespace
// Cardinality: mandatory, one
DocumentNamespace string
// 2.6: External Document References
// Cardinality: optional, one or many
ExternalDocumentReferences map[string]ExternalDocumentRef2_2
// 2.7: License List Version
// Cardinality: optional, one
LicenseListVersion string
// 2.8: Creators: may have multiple keys for Person, Organization
// and/or Tool
// Cardinality: mandatory, one or many
CreatorPersons []string
CreatorOrganizations []string
CreatorTools []string
// 2.9: Created: data format YYYY-MM-DDThh:mm:ssZ
// Cardinality: mandatory, one
Created string
// 2.10: Creator Comment
// Cardinality: optional, one
CreatorComment string
// 2.11: Document Comment
// Cardinality: optional, one
DocumentComment string
}
CreationInfo2_2 is a Document Creation Information section of an SPDX Document for version 2.2 of the spec.
type DocElementID ¶
DocElementID represents an SPDX element identifier that could be defined in a different SPDX document, and therefore could have a "DocumentRef-" portion, such as Relationships and Annotations. ElementID is used for attributes in which a "DocumentRef-" portion cannot appear, such as a Package or File definition (since it is necessarily being defined in the present document). DocumentRefID will be the empty string for elements defined in the present document. DocElementIDs should NOT contain the mandatory 'DocumentRef-' or 'SPDXRef-' portions. SpecialID is used ONLY if the DocElementID matches a defined set of permitted special values for a particular field, e.g. "NONE" or "NOASSERTION" for the right-hand side of Relationships. If SpecialID is set, DocumentRefID and ElementRefID should be empty (and vice versa).
func MakeDocElementID ¶
func MakeDocElementID(docRef string, eltRef string) DocElementID
MakeDocElementID takes strings (without prefixes) for the DocumentRef- and SPDXRef- identifiers, and returns a DocElementID. An empty string should be used for the DocumentRef- portion if it is referring to the present document.
func MakeDocElementSpecial ¶
func MakeDocElementSpecial(specialID string) DocElementID
MakeDocElementSpecial takes a "special" string (e.g. "NONE" or "NOASSERTION" for the right side of a Relationship), nd returns a DocElementID with it in the SpecialID field. Other fields will be empty.
type Document2_1 ¶
type Document2_1 struct {
CreationInfo *CreationInfo2_1
Packages map[ElementID]*Package2_1
UnpackagedFiles map[ElementID]*File2_1
OtherLicenses []*OtherLicense2_1
Relationships []*Relationship2_1
Annotations []*Annotation2_1
// DEPRECATED in version 2.0 of spec
Reviews []*Review2_1
}
Document2_1 is an SPDX Document for version 2.1 of the spec. See https://spdx.org/sites/cpstandard/files/pages/files/spdxversion2.1.pdf
type Document2_2 ¶
type Document2_2 struct {
CreationInfo *CreationInfo2_2
Packages map[ElementID]*Package2_2
UnpackagedFiles map[ElementID]*File2_2
OtherLicenses []*OtherLicense2_2
Relationships []*Relationship2_2
Annotations []*Annotation2_2
// DEPRECATED in version 2.0 of spec
Reviews []*Review2_2
}
Document2_2 is an SPDX Document for version 2.2 of the spec. See https://spdx.github.io/spdx-spec/v2-draft/ (DRAFT)
type ElementID ¶
type ElementID string
ElementID represents the identifier string portion of an SPDX element identifier. DocElementID should be used for any attributes which can contain identifiers defined in a different SPDX document. ElementIDs should NOT contain the mandatory 'SPDXRef-' portion.
type ExternalDocumentRef2_1 ¶
type ExternalDocumentRef2_1 struct {
// DocumentRefID is the ID string defined in the start of the
// reference. It should _not_ contain the "DocumentRef-" part
// of the mandatory ID string.
DocumentRefID string
// URI is the URI defined for the external document
URI string
// Alg is the type of hash algorithm used, e.g. "SHA1", "SHA256"
Alg string
// Checksum is the actual hash data
Checksum string
}
ExternalDocumentRef2_1 is a reference to an external SPDX document as defined in section 2.6 for version 2.1 of the spec.
type ExternalDocumentRef2_2 ¶
type ExternalDocumentRef2_2 struct {
// DocumentRefID is the ID string defined in the start of the
// reference. It should _not_ contain the "DocumentRef-" part
// of the mandatory ID string.
DocumentRefID string
// URI is the URI defined for the external document
URI string
// Alg is the type of hash algorithm used, e.g. "SHA1", "SHA256"
Alg string
// Checksum is the actual hash data
Checksum string
}
ExternalDocumentRef2_2 is a reference to an external SPDX document as defined in section 2.6 for version 2.2 of the spec.
type File2_1 ¶
type File2_1 struct {
// 4.1: File Name
// Cardinality: mandatory, one
FileName string
// 4.2: File SPDX Identifier: "SPDXRef-[idstring]"
// Cardinality: mandatory, one
FileSPDXIdentifier ElementID
// 4.3: File Type
// Cardinality: optional, multiple
FileType []string
// 4.4: File Checksum: may have keys for SHA1, SHA256 and/or MD5
// Cardinality: mandatory, one SHA1, others may be optionally provided
FileChecksumSHA1 string
FileChecksumSHA256 string
FileChecksumMD5 string
// 4.5: Concluded License: SPDX License Expression, "NONE" or "NOASSERTION"
// Cardinality: mandatory, one
LicenseConcluded string
// 4.6: License Information in File: SPDX License Expression, "NONE" or "NOASSERTION"
// Cardinality: mandatory, one or many
LicenseInfoInFile []string
// 4.7: Comments on License
// Cardinality: optional, one
LicenseComments string
// 4.8: Copyright Text: copyright notice(s) text, "NONE" or "NOASSERTION"
// Cardinality: mandatory, one
FileCopyrightText string
// DEPRECATED in version 2.1 of spec
// 4.9-4.11: Artifact of Project variables (defined below)
// Cardinality: optional, one or many
ArtifactOfProjects []*ArtifactOfProject2_1
// 4.12: File Comment
// Cardinality: optional, one
FileComment string
// 4.13: File Notice
// Cardinality: optional, one
FileNotice string
// 4.14: File Contributor
// Cardinality: optional, one or many
FileContributor []string
// DEPRECATED in version 2.0 of spec
// 4.15: File Dependencies
// Cardinality: optional, one or many
FileDependencies []string
// Snippets contained in this File
// Note that Snippets could be defined in a different Document! However,
// the only ones that _THIS_ document can contain are this ones that are
// defined here -- so this should just be an ElementID.
Snippets map[ElementID]*Snippet2_1
}
File2_1 is a File section of an SPDX Document for version 2.1 of the spec.
type File2_2 ¶
type File2_2 struct {
// 4.1: File Name
// Cardinality: mandatory, one
FileName string
// 4.2: File SPDX Identifier: "SPDXRef-[idstring]"
// Cardinality: mandatory, one
FileSPDXIdentifier ElementID
// 4.3: File Type
// Cardinality: optional, multiple
FileType []string
// 4.4: File Checksum: may have keys for SHA1, SHA256 and/or MD5
// Cardinality: mandatory, one SHA1, others may be optionally provided
FileChecksums map[ChecksumAlgorithm]Checksum
// 4.5: Concluded License: SPDX License Expression, "NONE" or "NOASSERTION"
// Cardinality: mandatory, one
LicenseConcluded string
// 4.6: License Information in File: SPDX License Expression, "NONE" or "NOASSERTION"
// Cardinality: mandatory, one or many
LicenseInfoInFile []string
// 4.7: Comments on License
// Cardinality: optional, one
LicenseComments string
// 4.8: Copyright Text: copyright notice(s) text, "NONE" or "NOASSERTION"
// Cardinality: mandatory, one
FileCopyrightText string
// DEPRECATED in version 2.1 of spec
// 4.9-4.11: Artifact of Project variables (defined below)
// Cardinality: optional, one or many
ArtifactOfProjects []*ArtifactOfProject2_2
// 4.12: File Comment
// Cardinality: optional, one
FileComment string
// 4.13: File Notice
// Cardinality: optional, one
FileNotice string
// 4.14: File Contributor
// Cardinality: optional, one or many
FileContributor []string
// 4.15: File Attribution Text
// Cardinality: optional, one or many
FileAttributionTexts []string
// DEPRECATED in version 2.0 of spec
// 4.16: File Dependencies
// Cardinality: optional, one or many
FileDependencies []string
// Snippets contained in this File
// Note that Snippets could be defined in a different Document! However,
// the only ones that _THIS_ document can contain are this ones that are
// defined here -- so this should just be an ElementID.
Snippets map[ElementID]*Snippet2_2
}
File2_2 is a File section of an SPDX Document for version 2.2 of the spec.
type OtherLicense2_1 ¶
type OtherLicense2_1 struct {
// 6.1: License Identifier: "LicenseRef-[idstring]"
// Cardinality: conditional (mandatory, one) if license is not
// on SPDX License List
LicenseIdentifier string
// 6.2: Extracted Text
// Cardinality: conditional (mandatory, one) if there is a
// License Identifier assigned
ExtractedText string
// 6.3: License Name: single line of text or "NOASSERTION"
// Cardinality: conditional (mandatory, one) if license is not
// on SPDX License List
LicenseName string
// 6.4: License Cross Reference
// Cardinality: conditional (optional, one or many) if license
// is not on SPDX License List
LicenseCrossReferences []string
// 6.5: License Comment
// Cardinality: optional, one
LicenseComment string
}
OtherLicense2_1 is an Other License Information section of an SPDX Document for version 2.1 of the spec.
type OtherLicense2_2 ¶
type OtherLicense2_2 struct {
// 6.1: License Identifier: "LicenseRef-[idstring]"
// Cardinality: conditional (mandatory, one) if license is not
// on SPDX License List
LicenseIdentifier string
// 6.2: Extracted Text
// Cardinality: conditional (mandatory, one) if there is a
// License Identifier assigned
ExtractedText string
// 6.3: License Name: single line of text or "NOASSERTION"
// Cardinality: conditional (mandatory, one) if license is not
// on SPDX License List
LicenseName string
// 6.4: License Cross Reference
// Cardinality: conditional (optional, one or many) if license
// is not on SPDX License List
LicenseCrossReferences []string
// 6.5: License Comment
// Cardinality: optional, one
LicenseComment string
}
OtherLicense2_2 is an Other License Information section of an SPDX Document for version 2.2 of the spec.
type Package2_1 ¶
type Package2_1 struct {
// 3.1: Package Name
// Cardinality: mandatory, one
PackageName string
// 3.2: Package SPDX Identifier: "SPDXRef-[idstring]"
// Cardinality: mandatory, one
PackageSPDXIdentifier ElementID
// 3.3: Package Version
// Cardinality: optional, one
PackageVersion string
// 3.4: Package File Name
// Cardinality: optional, one
PackageFileName string
// 3.5: Package Supplier: may have single result for either Person or Organization,
// or NOASSERTION
// Cardinality: optional, one
PackageSupplierPerson string
PackageSupplierOrganization string
PackageSupplierNOASSERTION bool
// 3.6: Package Originator: may have single result for either Person or Organization,
// or NOASSERTION
// Cardinality: optional, one
PackageOriginatorPerson string
PackageOriginatorOrganization string
PackageOriginatorNOASSERTION bool
// 3.7: Package Download Location
// Cardinality: mandatory, one
PackageDownloadLocation string
// 3.8: FilesAnalyzed
// Cardinality: optional, one; default value is "true" if omitted
FilesAnalyzed bool
// NOT PART OF SPEC: did FilesAnalyzed tag appear?
IsFilesAnalyzedTagPresent bool
// 3.9: Package Verification Code
// Cardinality: mandatory, one if filesAnalyzed is true / omitted;
// zero (must be omitted) if filesAnalyzed is false
PackageVerificationCode string
// Spec also allows specifying a single file to exclude from the
// verification code algorithm; intended to enable exclusion of
// the SPDX document file itself.
PackageVerificationCodeExcludedFile string
// 3.10: Package Checksum: may have keys for SHA1, SHA256 and/or MD5
// Cardinality: optional, one or many
PackageChecksumSHA1 string
PackageChecksumSHA256 string
PackageChecksumMD5 string
// 3.11: Package Home Page
// Cardinality: optional, one
PackageHomePage string
// 3.12: Source Information
// Cardinality: optional, one
PackageSourceInfo string
// 3.13: Concluded License: SPDX License Expression, "NONE" or "NOASSERTION"
// Cardinality: mandatory, one
PackageLicenseConcluded string
// 3.14: All Licenses Info from Files: SPDX License Expression, "NONE" or "NOASSERTION"
// Cardinality: mandatory, one or many if filesAnalyzed is true / omitted;
// zero (must be omitted) if filesAnalyzed is false
PackageLicenseInfoFromFiles []string
// 3.15: Declared License: SPDX License Expression, "NONE" or "NOASSERTION"
// Cardinality: mandatory, one
PackageLicenseDeclared string
// 3.16: Comments on License
// Cardinality: optional, one
PackageLicenseComments string
// 3.17: Copyright Text: copyright notice(s) text, "NONE" or "NOASSERTION"
// Cardinality: mandatory, one
PackageCopyrightText string
// 3.18: Package Summary Description
// Cardinality: optional, one
PackageSummary string
// 3.19: Package Detailed Description
// Cardinality: optional, one
PackageDescription string
// 3.20: Package Comment
// Cardinality: optional, one
PackageComment string
// 3.21: Package External Reference
// Cardinality: optional, one or many
PackageExternalReferences []*PackageExternalReference2_1
// Files contained in this Package
Files map[ElementID]*File2_1
}
Package2_1 is a Package section of an SPDX Document for version 2.1 of the spec.
type Package2_2 ¶
type Package2_2 struct {
// NOT PART OF SPEC
// flag: does this "package" contain files that were in fact "unpackaged",
// e.g. included directly in the Document without being in a Package?
IsUnpackaged bool
// 3.1: Package Name
// Cardinality: mandatory, one
PackageName string
// 3.2: Package SPDX Identifier: "SPDXRef-[idstring]"
// Cardinality: mandatory, one
PackageSPDXIdentifier ElementID
// 3.3: Package Version
// Cardinality: optional, one
PackageVersion string
// 3.4: Package File Name
// Cardinality: optional, one
PackageFileName string
// 3.5: Package Supplier: may have single result for either Person or Organization,
// or NOASSERTION
// Cardinality: optional, one
PackageSupplierPerson string
PackageSupplierOrganization string
PackageSupplierNOASSERTION bool
// 3.6: Package Originator: may have single result for either Person or Organization,
// or NOASSERTION
// Cardinality: optional, one
PackageOriginatorPerson string
PackageOriginatorOrganization string
PackageOriginatorNOASSERTION bool
// 3.7: Package Download Location
// Cardinality: mandatory, one
PackageDownloadLocation string
// 3.8: FilesAnalyzed
// Cardinality: optional, one; default value is "true" if omitted
FilesAnalyzed bool
// NOT PART OF SPEC: did FilesAnalyzed tag appear?
IsFilesAnalyzedTagPresent bool
// 3.9: Package Verification Code
// Cardinality: mandatory, one if filesAnalyzed is true / omitted;
// zero (must be omitted) if filesAnalyzed is false
PackageVerificationCode string
// Spec also allows specifying a single file to exclude from the
// verification code algorithm; intended to enable exclusion of
// the SPDX document file itself.
PackageVerificationCodeExcludedFile string
// 3.10: Package Checksum: may have keys for SHA1, SHA256 and/or MD5
// Cardinality: optional, one or many
PackageChecksums map[ChecksumAlgorithm]Checksum
// 3.11: Package Home Page
// Cardinality: optional, one
PackageHomePage string
// 3.12: Source Information
// Cardinality: optional, one
PackageSourceInfo string
// 3.13: Concluded License: SPDX License Expression, "NONE" or "NOASSERTION"
// Cardinality: mandatory, one
PackageLicenseConcluded string
// 3.14: All Licenses Info from Files: SPDX License Expression, "NONE" or "NOASSERTION"
// Cardinality: mandatory, one or many if filesAnalyzed is true / omitted;
// zero (must be omitted) if filesAnalyzed is false
PackageLicenseInfoFromFiles []string
// 3.15: Declared License: SPDX License Expression, "NONE" or "NOASSERTION"
// Cardinality: mandatory, one
PackageLicenseDeclared string
// 3.16: Comments on License
// Cardinality: optional, one
PackageLicenseComments string
// 3.17: Copyright Text: copyright notice(s) text, "NONE" or "NOASSERTION"
// Cardinality: mandatory, one
PackageCopyrightText string
// 3.18: Package Summary Description
// Cardinality: optional, one
PackageSummary string
// 3.19: Package Detailed Description
// Cardinality: optional, one
PackageDescription string
// 3.20: Package Comment
// Cardinality: optional, one
PackageComment string
// 3.21: Package External Reference
// Cardinality: optional, one or many
PackageExternalReferences []*PackageExternalReference2_2
// 3.23: Package Attribution Text
// Cardinality: optional, one or many
PackageAttributionTexts []string
// Files contained in this Package
Files map[ElementID]*File2_2
}
Package2_2 is a Package section of an SPDX Document for version 2.2 of the spec.
type PackageExternalReference2_1 ¶
type PackageExternalReference2_1 struct {
// category is "SECURITY", "PACKAGE-MANAGER" or "OTHER"
Category string
// type is an [idstring] as defined in Appendix VI;
// called RefType here due to "type" being a Golang keyword
RefType string
// locator is a unique string to access the package-specific
// info, metadata or content within the target location
Locator string
// 3.22: Package External Reference Comment
// Cardinality: conditional (optional, one) for each External Reference
ExternalRefComment string
}
PackageExternalReference2_1 is an External Reference to additional info about a Package, as defined in section 3.21 in version 2.1 of the spec.
type PackageExternalReference2_2 ¶
type PackageExternalReference2_2 struct {
// category is "SECURITY", "PACKAGE-MANAGER", "PERSISTENT-ID" or "OTHER"
Category string
// type is an [idstring] as defined in Appendix VI;
// called RefType here due to "type" being a Golang keyword
RefType string
// locator is a unique string to access the package-specific
// info, metadata or content within the target location
Locator string
// 3.22: Package External Reference Comment
// Cardinality: conditional (optional, one) for each External Reference
ExternalRefComment string
}
PackageExternalReference2_2 is an External Reference to additional info about a Package, as defined in section 3.21 in version 2.2 of the spec.
type Relationship2_1 ¶
type Relationship2_1 struct {
// 7.1: Relationship
// Cardinality: optional, one or more; one per Relationship2_1
// one mandatory for SPDX Document with multiple packages
// RefA and RefB are first and second item
// Relationship is type from 7.1.1
RefA DocElementID
RefB DocElementID
Relationship string
// 7.2: Relationship Comment
// Cardinality: optional, one
RelationshipComment string
}
Relationship2_1 is a Relationship section of an SPDX Document for version 2.1 of the spec.
type Relationship2_2 ¶
type Relationship2_2 struct {
// 7.1: Relationship
// Cardinality: optional, one or more; one per Relationship2_2
// one mandatory for SPDX Document with multiple packages
// RefA and RefB are first and second item
// Relationship is type from 7.1.1
RefA DocElementID
RefB DocElementID
Relationship string
// 7.2: Relationship Comment
// Cardinality: optional, one
RelationshipComment string
}
Relationship2_2 is a Relationship section of an SPDX Document for version 2.2 of the spec.
type Review2_1 ¶
type Review2_1 struct {
// DEPRECATED in version 2.0 of spec
// 9.1: Reviewer
// Cardinality: optional, one
Reviewer string
// including AnnotatorType: one of "Person", "Organization" or "Tool"
ReviewerType string
// DEPRECATED in version 2.0 of spec
// 9.2: Review Date: YYYY-MM-DDThh:mm:ssZ
// Cardinality: conditional (mandatory, one) if there is a Reviewer
ReviewDate string
// DEPRECATED in version 2.0 of spec
// 9.3: Review Comment
// Cardinality: optional, one
ReviewComment string
}
Review2_1 is a Review section of an SPDX Document for version 2.1 of the spec. DEPRECATED in version 2.0 of spec; retained here for compatibility.
type Review2_2 ¶
type Review2_2 struct {
// DEPRECATED in version 2.0 of spec
// 9.1: Reviewer
// Cardinality: optional, one
Reviewer string
// including AnnotatorType: one of "Person", "Organization" or "Tool"
ReviewerType string
// DEPRECATED in version 2.0 of spec
// 9.2: Review Date: YYYY-MM-DDThh:mm:ssZ
// Cardinality: conditional (mandatory, one) if there is a Reviewer
ReviewDate string
// DEPRECATED in version 2.0 of spec
// 9.3: Review Comment
// Cardinality: optional, one
ReviewComment string
}
Review2_2 is a Review section of an SPDX Document for version 2.2 of the spec. DEPRECATED in version 2.0 of spec; retained here for compatibility.
type Snippet2_1 ¶
type Snippet2_1 struct {
// 5.1: Snippet SPDX Identifier: "SPDXRef-[idstring]"
// Cardinality: mandatory, one
SnippetSPDXIdentifier ElementID
// 5.2: Snippet from File SPDX Identifier
// Cardinality: mandatory, one
SnippetFromFileSPDXIdentifier DocElementID
// 5.3: Snippet Byte Range: [start byte]:[end byte]
// Cardinality: mandatory, one
SnippetByteRangeStart int
SnippetByteRangeEnd int
// 5.4: Snippet Line Range: [start line]:[end line]
// Cardinality: optional, one
SnippetLineRangeStart int
SnippetLineRangeEnd int
// 5.5: Snippet Concluded License: SPDX License Expression, "NONE" or "NOASSERTION"
// Cardinality: mandatory, one
SnippetLicenseConcluded string
// 5.6: License Information in Snippet: SPDX License Expression, "NONE" or "NOASSERTION"
// Cardinality: optional, one or many
LicenseInfoInSnippet []string
// 5.7: Snippet Comments on License
// Cardinality: optional, one
SnippetLicenseComments string
// 5.8: Snippet Copyright Text: copyright notice(s) text, "NONE" or "NOASSERTION"
// Cardinality: mandatory, one
SnippetCopyrightText string
// 5.9: Snippet Comment
// Cardinality: optional, one
SnippetComment string
// 5.10: Snippet Name
// Cardinality: optional, one
SnippetName string
}
Snippet2_1 is a Snippet section of an SPDX Document for version 2.1 of the spec.
type Snippet2_2 ¶
type Snippet2_2 struct {
// 5.1: Snippet SPDX Identifier: "SPDXRef-[idstring]"
// Cardinality: mandatory, one
SnippetSPDXIdentifier ElementID
// 5.2: Snippet from File SPDX Identifier
// Cardinality: mandatory, one
SnippetFromFileSPDXIdentifier DocElementID
// 5.3: Snippet Byte Range: [start byte]:[end byte]
// Cardinality: mandatory, one
SnippetByteRangeStart int
SnippetByteRangeEnd int
// 5.4: Snippet Line Range: [start line]:[end line]
// Cardinality: optional, one
SnippetLineRangeStart int
SnippetLineRangeEnd int
// 5.5: Snippet Concluded License: SPDX License Expression, "NONE" or "NOASSERTION"
// Cardinality: mandatory, one
SnippetLicenseConcluded string
// 5.6: License Information in Snippet: SPDX License Expression, "NONE" or "NOASSERTION"
// Cardinality: optional, one or many
LicenseInfoInSnippet []string
// 5.7: Snippet Comments on License
// Cardinality: optional, one
SnippetLicenseComments string
// 5.8: Snippet Copyright Text: copyright notice(s) text, "NONE" or "NOASSERTION"
// Cardinality: mandatory, one
SnippetCopyrightText string
// 5.9: Snippet Comment
// Cardinality: optional, one
SnippetComment string
// 5.10: Snippet Name
// Cardinality: optional, one
SnippetName string
// 5.11: Snippet Attribution Text
// Cardinality: optional, one or many
SnippetAttributionTexts []string
}
Snippet2_2 is a Snippet section of an SPDX Document for version 2.2 of the spec.
Source Files ¶
annotation.go checksum.go creation_info.go document.go file.go identifier.go other_license.go package.go relationship.go review.go snippet.go
Tools for package owners.