1// SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later 2 3package v2_2 4 5import "github.com/spdx/tools-golang/spdx/common" 6 7// Package is a Package section of an SPDX Document for version 2.2 of the spec. 8type Package struct { 9 // NOT PART OF SPEC 10 // flag: does this "package" contain files that were in fact "unpackaged", 11 // e.g. included directly in the Document without being in a Package? 12 IsUnpackaged bool `json:"-"` 13 14 // 7.1: Package Name 15 // Cardinality: mandatory, one 16 PackageName string `json:"name"` 17 18 // 7.2: Package SPDX Identifier: "SPDXRef-[idstring]" 19 // Cardinality: mandatory, one 20 PackageSPDXIdentifier common.ElementID `json:"SPDXID"` 21 22 // 7.3: Package Version 23 // Cardinality: optional, one 24 PackageVersion string `json:"versionInfo,omitempty"` 25 26 // 7.4: Package File Name 27 // Cardinality: optional, one 28 PackageFileName string `json:"packageFileName,omitempty"` 29 30 // 7.5: Package Supplier: may have single result for either Person or Organization, 31 // or NOASSERTION 32 // Cardinality: optional, one 33 PackageSupplier *common.Supplier `json:"supplier,omitempty"` 34 35 // 7.6: Package Originator: may have single result for either Person or Organization, 36 // or NOASSERTION 37 // Cardinality: optional, one 38 PackageOriginator *common.Originator `json:"originator,omitempty"` 39 40 // 7.7: Package Download Location 41 // Cardinality: mandatory, one 42 PackageDownloadLocation string `json:"downloadLocation"` 43 44 // 7.8: FilesAnalyzed 45 // Cardinality: optional, one; default value is "true" if omitted 46 FilesAnalyzed bool `json:"filesAnalyzed,omitempty"` 47 // NOT PART OF SPEC: did FilesAnalyzed tag appear? 48 IsFilesAnalyzedTagPresent bool `json:"-"` 49 50 // 7.9: Package Verification Code 51 PackageVerificationCode common.PackageVerificationCode `json:"packageVerificationCode"` 52 53 // 7.10: Package Checksum: may have keys for SHA1, SHA256, SHA512 and/or MD5 54 // Cardinality: optional, one or many 55 PackageChecksums []common.Checksum `json:"checksums,omitempty"` 56 57 // 7.11: Package Home Page 58 // Cardinality: optional, one 59 PackageHomePage string `json:"homepage,omitempty"` 60 61 // 7.12: Source Information 62 // Cardinality: optional, one 63 PackageSourceInfo string `json:"sourceInfo,omitempty"` 64 65 // 7.13: Concluded License: SPDX License Expression, "NONE" or "NOASSERTION" 66 // Cardinality: mandatory, one 67 PackageLicenseConcluded string `json:"licenseConcluded"` 68 69 // 7.14: All Licenses Info from Files: SPDX License Expression, "NONE" or "NOASSERTION" 70 // Cardinality: mandatory, one or many if filesAnalyzed is true / omitted; 71 // zero (must be omitted) if filesAnalyzed is false 72 PackageLicenseInfoFromFiles []string `json:"licenseInfoFromFiles"` 73 74 // 7.15: Declared License: SPDX License Expression, "NONE" or "NOASSERTION" 75 // Cardinality: mandatory, one 76 PackageLicenseDeclared string `json:"licenseDeclared"` 77 78 // 7.16: Comments on License 79 // Cardinality: optional, one 80 PackageLicenseComments string `json:"licenseComments,omitempty"` 81 82 // 7.17: Copyright Text: copyright notice(s) text, "NONE" or "NOASSERTION" 83 // Cardinality: mandatory, one 84 PackageCopyrightText string `json:"copyrightText"` 85 86 // 7.18: Package Summary Description 87 // Cardinality: optional, one 88 PackageSummary string `json:"summary,omitempty"` 89 90 // 7.19: Package Detailed Description 91 // Cardinality: optional, one 92 PackageDescription string `json:"description,omitempty"` 93 94 // 7.20: Package Comment 95 // Cardinality: optional, one 96 PackageComment string `json:"comment,omitempty"` 97 98 // 7.21: Package External Reference 99 // Cardinality: optional, one or many 100 PackageExternalReferences []*PackageExternalReference `json:"externalRefs,omitempty"` 101 102 // 7.22: Package External Reference Comment 103 // Cardinality: conditional (optional, one) for each External Reference 104 // contained within PackageExternalReference2_1 struct, if present 105 106 // 7.23: Package Attribution Text 107 // Cardinality: optional, one or many 108 PackageAttributionTexts []string `json:"attributionTexts,omitempty"` 109 110 // Files contained in this Package 111 Files []*File `json:"files,omitempty"` 112 113 Annotations []Annotation `json:"annotations,omitempty"` 114} 115 116// PackageExternalReference is an External Reference to additional info 117// about a Package, as defined in section 7.21 in version 2.2 of the spec. 118type PackageExternalReference struct { 119 // category is "SECURITY", "PACKAGE-MANAGER" or "OTHER" 120 Category string `json:"referenceCategory"` 121 122 // type is an [idstring] as defined in Appendix VI; 123 // called RefType here due to "type" being a Golang keyword 124 RefType string `json:"referenceType"` 125 126 // locator is a unique string to access the package-specific 127 // info, metadata or content within the target location 128 Locator string `json:"referenceLocator"` 129 130 // 7.22: Package External Reference Comment 131 // Cardinality: conditional (optional, one) for each External Reference 132 ExternalRefComment string `json:"comment,omitempty"` 133} 134