scanner

package

v0.0.0-...-69261f7 Latest Latest Go to latest Published: Aug 29, 2023 License: Apache-2.0 Imports: 7 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/IBM/license-scanner

Links

Open Source Insights

Documentation ¶

Index ¶

Constants
type AttachedText
type License
type LicenseChoice
type Licenses
type ScanResult
type ScanSpec
- func (s *ScanSpec) ScanLicenseText(licenseLibrary *licenses.LicenseLibrary, ...) *ScanResult
type ScanSpecs

Constants ¶

View Source

const NOASSERTION_SPDX_NAME = "NOASSERTION"

NOASSERTION_SPDX_NAME in License SPDX Name signify that the license text passed through the scan without any errors but no match was found

Variables ¶

This section is empty.

Functions ¶

This section is empty.

Types ¶

type AttachedText ¶

type AttachedText struct {
	Content     string
	ContentType string
	Encoding    string
}

AttachedText holds the formatted License Text CycloneDX AttachedText is defined here: https://github.com/CycloneDX/cyclonedx-go/blob/7d9a5619d767a252b454e8554d0fc986796ef958/cyclonedx.go#L52-L56

type License ¶

type License struct {
	ID   string
	Name string
	Text *AttachedText
	URL  string
}

License is a collection of SPDX ID, name, license text, and license URL CycloneDX license struct defined here: https://github.com/CycloneDX/cyclonedx-go/blob/7d9a5619d767a252b454e8554d0fc986796ef958/cyclonedx.go#L389-L394

type LicenseChoice ¶

type LicenseChoice struct {
	License    *License
	Expression string
}

LicenseChoice is a collection of a License info with expression either license or expression must be set, but not both CycloneDX defines the LicenseChoice is defined here: https://github.com/CycloneDX/cyclonedx-go/blob/7d9a5619d767a252b454e8554d0fc986796ef958/cyclonedx.go#L462-L465

type Licenses ¶

type Licenses []LicenseChoice

type ScanResult ¶

type ScanResult struct {
	// the specification from the user to perform the scan
	Spec ScanSpec
	// source text which matched against the SPDX License Data
	OriginalText string
	// normalized version of the source text which is compared against the license text
	NormalizedText string
	// file hash or package hash
	// set to the hash if provided or calculate based on the input text (normalized)
	Hash *normalizer.Digest
	// error reported during the scan - includes empty license text or too large license text etc
	Error error
	// a list of LicenseMatch i.e. a list of SPDX license IDs in sequential order, the matches of the input text across the various licenses
	CycloneDXLicenses Licenses
}

ScanResult holds the license identification results for a given package

type ScanSpec ¶

type ScanSpec struct {
	// file name or package name to search for.
	// This will also be matched against known package URL or known file names. If a match is found, the canonical name will be returned in the ScanResult.
	Name string
	// package version number to search for.
	// If no version is provided, the scanning service defaults to the package manager default which is mostly the latest version.
	Version string
	// location from where the file can be retrieved or a package can be downloaded.
	// If no location is provided, the package source location is retrieved from the package manager.
	// TODO: Resolve - Can we get the file content from the file system or should that be included as part of the specification?
	Location string
	// Package URL to search for.
	// This is the standardized URL used to identify and locate a software package across many programming languages and package managers.
	PURL string
	// file hash or package hash to search for.
	// This will also be matched against known file hashes.
	// TODO: Create a proposal for hashing algorithm of a package.
	Hash *normalizer.Digest
	// license input text to match and identify the license against the data set
	LicenseText string
}

ScanSpec holds the specifications used for scanning the incoming package/file

func (*ScanSpec) ScanLicenseText ¶

func (s *ScanSpec) ScanLicenseText(licenseLibrary *licenses.LicenseLibrary, resultsCache map[normalizer.Digest]*ScanResult) *ScanResult

ScanLicenseText scans the specified license file to retrieve license information

type ScanSpecs ¶

type ScanSpecs struct {
	// package manager to search for
	// This is the standard package manager, for example, pypi for python, npm for nodejs, etc
	PackageManager string
	// programming language to search for
	Language string
	// a list of scan specification
	// for a single package manager or a language, specify a list of packages with their respective specifications
	Specs []ScanSpec
	// contains filtered or unexported fields
}

ScanSpecs holds the package manager, the programming language, and a list of multiple packages with their specifications

func (*ScanSpecs) ScanFile ¶

func (s *ScanSpecs) ScanFile() []*ScanResult

ScanFile looks up a specific file by name to retrieve license data. If the license data is not available, scan the specified file, persist the scanned result into a datastore, and return the license data.

func (*ScanSpecs) ScanLicenseText ¶

func (s *ScanSpecs) ScanLicenseText() ([]*ScanResult, error)

ScanLicenseText scans the specified license file to retrieve license information

func (*ScanSpecs) WithFlags ¶

func (s *ScanSpecs) WithFlags(flags *pflag.FlagSet) *ScanSpecs

WithConfig sets the config to use for the scan

Source Files ¶

View all Source files

scan.go

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL