Data

Tools

Indexes

Applications

Experiments

Packages

An open API service providing package, version and dependency metadata of many open source software ecosystems and registries.

Top 7.0% on proxy.golang.org
Top 1.8% dependent packages on proxy.golang.org
Top 2.5% dependent repos on proxy.golang.org

proxy.golang.org : github.com/veraison/swid

Package swid provides an API for creating and interacting with Software Identification (SWID) Tags as defined by ISO/IEC 19770-2:2015 as well as by their "concise" counterpart (CoSWID) defined by draft-ietf-sacm-coswid. The library aims at using the most space-efficient encoding when using CBOR and the most expressive one when using XML and JSON, preferring to serialize strings rather tham of their equivalent code-points. When decoding, the most space efficient representation is used. In dealing with unknown code-points, we follow the Postel principle: refusing to encode unknown protocol entities, while accepting unknown values - provided they fit the underlying type system. A tag can be created with a call to NewTag() specifying a tag ID, the name of the software being described and its version: This will generate a Tag with a minimal structure. You can then use the API to add additional information and meta data to the tag. You will need to add one or more "entity" entries, representing the organization(s) responsible for the information contained in the tag. All entities have an associated "role" and a recommended "registration id": The newly created entity can be attached to the parent tag using the AddEntity method: Next any number of files, directories as well as other kinds of resources can be collected, e.g.: And subsequently added to the tag's "payload": Note that the same data structures could be added to an "evidence" instead, were the tag describing a "live" system rather than a software package. Once the tag is complete, it can be serialized using one of the CBOR, XML or JSON marshalers: A tag can be de-serialized using one of the "From" interfaces. For example, to decode a CoSWID tag from a memory buffer: Similarly, for a SWID tag: Or a CoSWID/JSON tag: Note that all nested fields are accessible from outside the swid package, so (for now) no special getters are provided by the API. Enjoy!

Registry - Source - Documentation - JSON
purl: pkg:golang/github.com/veraison/swid
Keywords: coswid , swid
License: Apache-2.0
Latest release: about 2 years ago
First release: over 4 years ago
Namespace: github.com/veraison
Dependent packages: 9
Dependent repositories: 4
Stars: 5 on GitHub
Forks: 2 on GitHub
See more repository details: repos.ecosyste.ms
Last synced: about 1 month ago

    Loading...
    Readme
    Loading...