scanner

package

v0.11.0 Latest Latest Go to latest Published: Oct 24, 2023 License: Apache-2.0 Imports: 7 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/CycloneDX/license-scanner

Links

Open Source Insights

Documentation ¶

Index ¶

Constants
type AttachedText
type License
type LicenseChoice
type Licenses
type ScanResult
type ScanSpec
- func (s *ScanSpec) ScanLicenseText(licenseLibrary *licenses.LicenseLibrary, ...) *ScanResult
type ScanSpecs

Constants ¶

View Source

const NOASSERTION_SPDX_NAME = "NOASSERTION"

NOASSERTION_SPDX_NAME in License SPDX Name signify that the license text passed through the scan without any errors but no match was found

Variables ¶

This section is empty.

Functions ¶

This section is empty.

Types ¶

type AttachedText ¶

type AttachedText struct {
	Content     string
	ContentType string
	Encoding    string
}

AttachedText holds the formatted License Text CycloneDX AttachedText is defined here: https://github.com/CycloneDX/cyclonedx-go/blob/7d9a5619d767a252b454e8554d0fc986796ef958/cyclonedx.go#L52-L56

type License ¶

type License struct {
	ID   string
	Name string
	Text *AttachedText
	URL  string
}

License is a collection of SPDX ID, name, license text, and license URL CycloneDX license struct defined here: https://github.com/CycloneDX/cyclonedx-go/blob/7d9a5619d767a252b454e8554d0fc986796ef958/cyclonedx.go#L389-L394

type LicenseChoice ¶

type LicenseChoice struct {
	License    *License
	Expression string
}

LicenseChoice is a collection of a License info with expression either license or expression must be set, but not both CycloneDX defines the LicenseChoice is defined here: https://github.com/CycloneDX/cyclonedx-go/blob/7d9a5619d767a252b454e8554d0fc986796ef958/cyclonedx.go#L462-L465

type Licenses ¶

type Licenses []LicenseChoice

type ScanResult ¶

type ScanResult struct {
	// the specification from the user to perform the scan
	Spec ScanSpec
	// source text which matched against the SPDX License Data
	OriginalText string
	// normalized version of the source text which is compared against the license text
	NormalizedText string
	// file hash or package hash
	// set to the hash if provided or calculate based on the input text (normalized)
	Hash *normalizer.Digest
	// error reported during the scan - includes empty license text or too large license text etc
	Error error
	// a list of LicenseMatch i.e. a list of SPDX license IDs in sequential order, the matches of the input text across the various licenses
	CycloneDXLicenses Licenses
}

ScanResult holds the license identification results for a given package

type ScanSpec ¶

type ScanSpec struct {
	// file name or package name to search for.
	// This will also be matched against known package URL or known file names. If a match is found, the canonical name will be returned in the ScanResult.
	Name string
	// package version number to search for.
	// If no version is provided, the scanning service defaults to the package manager default which is mostly the latest version.
	Version string
	// location from where the file can be retrieved or a package can be downloaded.
	// If no location is provided, the package source location is retrieved from the package manager.
	// TODO: Resolve - Can we get the file content from the file system or should that be included as part of the specification?
	Location string
	// Package URL to search for.
	// This is the standardized URL used to identify and locate a software package across many programming languages and package managers.
	PURL string
	// file hash or package hash to search for.
	// This will also be matched against known file hashes.
	// TODO: Create a proposal for hashing algorithm of a package.
	Hash *normalizer.Digest
	// license input text to match and identify the license against the data set
	LicenseText string
}

ScanSpec holds the specifications used for scanning the incoming package/file

func (*ScanSpec) ScanLicenseText ¶

func (s *ScanSpec) ScanLicenseText(licenseLibrary *licenses.LicenseLibrary, resultsCache map[normalizer.Digest]*ScanResult) *ScanResult

ScanLicenseText scans the specified license file to retrieve license information

type ScanSpecs ¶

type ScanSpecs struct {
	// package manager to search for
	// This is the standard package manager, for example, pypi for python, npm for nodejs, etc
	PackageManager string
	// programming language to search for
	Language string
	// a list of scan specification
	// for a single package manager or a language, specify a list of packages with their respective specifications
	Specs []ScanSpec
	// contains filtered or unexported fields
}

ScanSpecs holds the package manager, the programming language, and a list of multiple packages with their specifications

func (*ScanSpecs) ScanFile ¶

func (s *ScanSpecs) ScanFile() []*ScanResult

ScanFile looks up a specific file by name to retrieve license data. If the license data is not available, scan the specified file, persist the scanned result into a datastore, and return the license data.

func (*ScanSpecs) ScanLicenseText ¶

func (s *ScanSpecs) ScanLicenseText() ([]*ScanResult, error)

ScanLicenseText scans the specified license file to retrieve license information

func (*ScanSpecs) WithFlags ¶

func (s *ScanSpecs) WithFlags(flags *pflag.FlagSet) *ScanSpecs

WithConfig sets the config to use for the scan

Source Files ¶

View all Source files

scan.go

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL