Support CI generation of SBOMs via golang tooling.

Overview

SPDX Software Bill of Materials (SBOM) Generator

Overview

Software Package Data Exchange (SPDX) is an open standard for communicating software bill of materials (SBOM) information that supports accurate identification of software components, explicit mapping of relationships between components, and the association of security and licensing information with each component.

spdx-sbom-generatortool to help those in the community that want to generate SPDX Software Bill of Materials (SBOMs) with current package managers. It has a command line Interface (CLI) that lets you generate SBOM information, including components, licenses, copyrights, and security references of your software using SPDX v2.2 specification and aligning with the current known minimum elements from NTIA. It automatically determines which package managers or build systems are actually being used by the software.

spdx-sbom-generatoris supporting the following package managers:

  • GoMod (go)
  • Cargo (Rust)
  • Composer (PHP)
  • DotNet (.NET)
  • Maven (Java)
  • NPM (Node.js)
  • Yarn (Node.js)
  • PIP (Python)
  • Pipenv (Python)
  • Gems (Ruby)
  • Swift Package Manager (Swift)

Installation

You can download the following binaries and copy paste the application or binary in your cloned project on your local to generate the SPDX SBOM file. You need to execute the following in the command line tool:

./spdx-sbom-generator

The following binaries are available to download for various operating system:

On Windows, you can also download and install the appropriate binary with Scoop: scoop install spdx-sbom-generator.

Note: The spdx-sbom-generator CLI is under development. You may expect some breakages and stability issues with the current release. A stable version is under development and will be available to the open source community in the upcoming beta release.

Available command Options

Use the below command to view different options or flags related to SPDX SBOM generator:

./spdx-sbom-generator -h

The following different commands are listed when you use the help in the SPDX SBOM generator:

./spdx-sbom-generator -h

Output Package Manager dependency on SPDX format

Usage:
  spdx-sbom-generator [flags]

Flags:
  -h, --help                   help for spdx-sbom-generator
  -i, --include-license-text   include full license text (default: false)
  -o, --output-dir string      directory to write output file to (default: current directory)
  -p, --path string            the path to package file or the path to a directory which will be recursively analyzed for the package files (default '.') (default ".")
  -s, --schema string          <version> Target schema version (default: '2.2') (default "2.2")
  -f, --format string          output file format (default: 'spdx')

Output Options

The following list supports various formats in which you can generate the SPDX SBOM file:

  • spdx (Default format)

  • JSON

  • RDF (In progress)

Use the below command to generate the SPDX SBOM file in SPDX format:

./spdx-sbom-generator -o /out/spdx/

Output Sample

The following snippet is a sample SPDX SBOM file:

SPDXVersion: SPDX-2.2
DataLicense: CC0-1.0
SPDXID: SPDXRef-DOCUMENT
DocumentName: spdx-sbom-generator
DocumentNamespace: http://spdx.org/spdxpackages/spdx-sbom-generator--57918521-3212-4369-a8ed-3d681ec1d7a1
Creator: Tool: spdx-sbom-generator-XXXXX
Created: 2021-05-23 11:25:29.1672276 -0400 -04 m=+0.538283001

##### Package representing the Go distribution

PackageName: go
SPDXID: SPDXRef-Package-go
PackageVersion: v0.46.3
PackageSupplier: NOASSERTION
PackageDownloadLocation: pkg:golang/cloud.google.com/[email protected]
FilesAnalyzed: false
PackageChecksum: TEST: SHA-1 224ffa55932c22cef869e85aa33e2ada43f0fb8d
PackageHomePage: pkg:golang/cloud.google.com/[email protected]
PackageLicenseConcluded: NOASSERTION
PackageLicenseDeclared: NOASSERTION
PackageCopyrightText: NOASSERTION
PackageLicenseComments: NOASSERTION
PackageComment: NOASSERTION

Relationship: SPDXRef-DOCUMENT DESCRIBES SPDXRef-Package-go

##### Package representing the Bigquery Distribution

PackageName: bigquery
SPDXID: SPDXRef-Package-bigquery
PackageVersion: v1.0.1
PackageSupplier: NOASSERTION
PackageDownloadLocation: pkg:golang/cloud.google.com/go/[email protected]
FilesAnalyzed: false
PackageChecksum: TEST: SHA-1 8168e852b675afc9a63b502feeefac90944a5a2a
PackageHomePage: pkg:golang/cloud.google.com/go/[email protected]
PackageLicenseConcluded: NOASSERTION
PackageLicenseDeclared: NOASSERTION
PackageCopyrightText: NOASSERTION
PackageLicenseComments: NOASSERTION
PackageComment: NOASSERTION

Relationship: SPDXRef-Package-go CONTAINS SPDXRef-Package-bigquery

Docker Images

You can run this program using a Docker image that contains spdx-sbom-generator. To do this, first install Docker.

You’ll then need to pull (download) a Docker image that contains the program. An easy way is to run docker pull spdx/spdx-sbom-generator

spdx-sbom-generator: this is an Alpine image with the spdx-sbom-generator binary installed. You can re-run the pull command to update the image.

Finally, run the program, using this form

$ docker run -it --rm \
    -v "/path/to/repository:/repository" \
    -v "$(pwd)/out:/out" \
    spdx/spdx-sbom-generator -p /repository/ -o /out/

Architecture

General Architecture

Data Contract

The interface requires the following functions:

type IPlugin interface {
  SetRootModule(path string) error
  GetVersion() (string, error)
  GetMetadata() PluginMetadata
  GetRootModule(path string) (*Module, error)
  ListUsedModules(path string) ([]Module, error)
  ListModulesWithDeps(path string) ([]Module, error)
  IsValid(path string) bool

Module model definition:

type Module struct {
  Version          string `json:"Version,omitempty"`
  Name             string
  Path             string `json:"Path,omitempty"`
  LocalPath        string `json:"Dir,noempty"`
  Supplier         SupplierContact
  PackageURL       string
  CheckSum         *CheckSum
  PackageHomePage  string
  LicenseConcluded string
  LicenseDeclared  string
  CommentsLicense  string
  OtherLicense     []*License
  Copyright        string
  PackageComment   string
  Root             bool
  Modules          map[string]*Module
}

PluginMetadata model definition:

type PluginMetadata struct {
    Name       string
    Slug       string
    Manifest   []string
    ModulePath []string
}

How to Generate Module Values

  • CheckSum: We have built an internal method that calculates CheckSum for a given content (in bytes) using algorithm that is defined on models.CheckSum. You now have an option to provide Content field for models.CheckSum{} and CheckSum will calculate automatically, but if you want to calculate CheckSum on your own you still can provide Value field for models.CheckSum{}.

Also, you can generate a manifest from a given directory tree using utility/helper method BuildManifestContent, and that is what is used for gomod plugin as Content value.

Interface Definitions

The following list provides the interface definitions:

  • GetVersion: Returns version of current project platform (development language) version i.e: go version

    Input: None

    Output: Version in string format and error (null in case of successful process)

  • GetMetadata: Returns metadata of identify ecosystem pluging

    Input: None

    Output: Plugin metadata

PluginMetadata{
    Name:       "Go Modules",
    Slug:       "go-mod",
    Manifest:   []string{"go.mod"},
    ModulePath: []string{"vendor"},
}
  • SetRootModule: Sets root package information base on path given

    Input: The working directory to read the package from

    Output: Returns error

  • GetRootModule: Returns root package information base on path given

    Input: The working directory to read the package from

    Output: Returns the Package Information of the root Module

  • ListUsedModules: Fetches and lists all packages required by the project in the given project directory, this is a plain list of all used modules (no nested or tree view)

    Input: The working directory to read the package from

    Output: Returns the Package Information of the root Module, and its dependencies in flatten format

  • ListModulesWithDeps: Fetches and lists all packages (root and direct dependencies) required by the project in the given project directory (side-by-side), this is a one level only list of all used modules, and each with its direct dependency only (similar output to ListUsedModules but with direct dependency only)

    Input: The working directory to read the package from

    Output: Returns the Package Information of the root Module, and its direct dependencies

  • IsValid: Check if the project dependency file provided in the contract exists

    Input: The working directory to read the package from

    Output: True or False

  • HasModulesInstalled: Check whether the current project(based on given path) has the dependent packages installed

    Input: The working directory to read the package from

    Output: True or False

Module Structure JSON Example

The sample module structure JSON Code snippet is provided in the following code snippet:

{
       "Version": "v0.0.1-2019.2.3",
       "Name": "honnef.co/go/tools",
       "Path": "honnef.co/go/tools",
       "LocalPath": "",
       "Supplier": {
               "Type": "",
               "Name": "",
               "EMail": ""
       },
       "PackageURL": "pkg:golang/honnef.co/go/[email protected]",
       "CheckSum": {
               "Algorithm": "SHA-1",
               "Value": "66ed272162df8ef5f9e6d7bece3da6828a4ef3eb"
       },
       "PackageHomePage": "",
       "LicenseConcluded": "",
       "LicenseDeclared": "",
       "CommentsLicense": "",
       "OtherLicense": null,
       "Copyright": "",
       "PackageComment": "",
       "Root": false,
       "Modules": {
               "github.com/BurntSushi/toml": {
                       "Version": "v0.3.1",
                       "Name": "github.com/BurntSushi/toml",
                       "Path": "github.com/BurntSushi/toml",
                       "LocalPath": "",
                       "Supplier": {
                               "Type": "",
                               "Name": "",
                               "EMail": ""
                       },
                       "PackageURL": "pkg:golang/github.com/BurntSushi/[email protected]",
                       "CheckSum": {
                               "Algorithm": "SHA-1",
                               "Value": "38263d2f264e90324c9e9b3b1933f0e94fde1c7e"
                       },
                       "PackageHomePage": "",
                       "LicenseConcluded": "",
                       "LicenseDeclared": "",
                       "CommentsLicense": "",
                       "OtherLicense": null,
                       "Copyright": "",
                       "PackageComment": "",
                       "Root": false,
                       "Modules": null
               }
        }
}

For a more complete JSON example look at modules.json.

Utility Methods

The following list provide the utility methods:

  • BuildManifestContent : Walks through a given directory tree, and generates a content based on file paths

    Input: Directory to walk through

    Output: Directory tree in bytes

  • GetLicenses: Returns the detected license object

    Input: The working directory of the package licenses

    Output: The package license object

type License struct {
	ID            string
	Name          string
	ExtractedText string
	Comments      string
	File          string
}
  • LicenseSPDXExists: Check if the package license is a valid SPDX reference

    Input: The package license

    Output: True or False

How to Register a New Plugin

To register for a new plugin, perform the following steps:

  1. Clone a project.

    git clone [email protected]:LF-Engineering/spdx-sbom-generator.git
    
  2. Create a new directory into ./pkg/modules/ with package manager name, for example: npm, you should end with a directory:

    /pkg/modules/npm
    
    
  3. Create a Handler file, for example: handler.go, and follow Data Contract section above. Define package name, and import section as explained in the following code snippet:

    package npm
    
    import (
    	"path/filepath"
    
    	"github.com/spdx/spdx-sbom-generator/pkg/helper"
    	"github.com/spdx/spdx-sbom-generator/pkg/models"
    )
    
    // rest of the file below
    
    
  4. In handler.go, define the plugin struct with at least the plugin metadata info as explained in the following code snippet:

    type npm struct {
    	metadata models.PluginMetadata
    }
    
    
  5. Define plugin registration method (New func) with metadata values as explained in the following code snippet:

    // New ...
    func New() *npm {
    	return &npm{
    		metadata: models.PluginMetadata{
    			Name:       "Node Package Manager",
    			Slug:       "npm",
    			Manifest:   []string{"package.json"},
    			ModulePath: []string{"node_modules"},
    		},
    	}
    }
    
    
  6. In handler.go, create the required interface function (Data contract definition above).

    // GetMetadata ...
    func (m *npm) GetMetadata() models.PluginMetadata {
      return m.metadata
    }
    
    // IsValid ...
    func (m *npm) IsValid(path string) bool {
      for i := range m.metadata.Manifest {
        if helper.Exists(filepath.Join(path, m.metadata.Manifest[i])) {
          return true
        }
      }
      return false
    }
    
    // HasModulesInstalled ...
    func (m *npm) HasModulesInstalled(path string) error {
      for i := range m.metadata.ModulePath {
        if helper.Exists(filepath.Join(path, m.metadata.ModulePath[i])) {
          return nil
        }
      }
      return errDependenciesNotFound
    }
    
    // GetVersion ...
    func (m *npm) GetVersion() (string, error) {
      output, err := exec.Command("npm", "--version").Output()
      if err != nil {
        return "", err
      }
    
      return string(output), nil
    }
    
    // SetRootModule ...
    func (m *npm) SetRootModule(path string) error {
      return nil
    }
    
    // GetRootModule ...
    func (m *npm) GetRootModule(path string) (*models.Module, error) {
      return nil, nil
    }
    
    // ListUsedModules...
    func (m *npm) ListUsedModules(path string) ([]models.Module, error) {
      return nil, nil
    }
    
    // ListModulesWithDeps ...
    func (m *npm) ListModulesWithDeps(path string) ([]models.Module, error) {
      return nil, nil
    }
    
    
  7. In modules.go at ./pkg/modules/ directory, register the new plugin. Add the plugin to register to the existing definition.

    func init() {
        registeredPlugins = append(registeredPlugins,
                gomod.New(),
                npm.New(),
        )
    }
    
    

How to Work With SPDX SBOM Generator

A Makefile for the spdx-sbom-generator is described below with ability to run, test, lint, and build the project binary for different platforms (Linux, Mac, and Windows).

Perform the following steps to work with SPDX SBOM Generator:

  1. Run project on current directory.

    make generate
    

    you can provide the CLI parameters that will be passed along the command, for example:

    ARGS="--path /home/ubuntu/projects/expressjs" make generate
    
  2. Build Linux Intel/AMD 64-bit binary.

    make build
    
  3. Build Mac Intel/AMD 64-bit binary.

    make build-mac
    
  4. Build Mac ARM 64-bit binary.

    make build-mac-arm64
    
  5. Build Windows Intel/AMD 64-bit binary.

    make build-win
    

Licensing

This project’s source code is licensed under the Apache License, Version 2.0. See LICENSE for the full license text.

Additional Information

SPDX

SPDX SBOM

SPDX Tools

SPDX License List

SPDX GitHub Repos

Issues
  • Ability to output to JSON

    Ability to output to JSON

    This pull request adds support for creating JSON SPDX SBOMs (thereby resolving #117 if merged)

    This is achieved by

    • Making the formatter/renderer modular (now implemented by a go interface)
    • Passing down the -f argument to the renderer so that it can use the appropriate implementation
    • Updating the Document and Package structs (which are now annotated as per the official JSON spec/example) to better resemble the structure specified by the SPDX spec
    • Updating the filename resolution logic to take into consideration the format passed down by the user

    Additionally, this pull request also completes the todo item of reimplementing the tag-value format (.spdx) renderer as a go template.

    opened by amithkk 9
  • Java - Maven - NOASSERTION is displayed for both PackageSupplier and PackageDownloadLocation even when values exists as per the conditions mentioned in specification

    Java - Maven - NOASSERTION is displayed for both PackageSupplier and PackageDownloadLocation even when values exists as per the conditions mentioned in specification

    @prathapbproximabiz Tool Version Tested with v.0.0.8 and as well as tested with binaries built from cloned code from main branch of https://github.com/spdx/spdx-sbom-generator on 27-06-2021 Test Repo https://github.com/mybatis/mybatis-3 OS Windows 10

    Observed that NOASSERTION is displayed for both PackageSupplier and PackageDownloadLocation for all packages even when values exists as per the conditions mentioned in specification SPDX files bom-Java-Maven_generated with Latest code.spdx.txt bom-Java-Maven_mybatis-3_v0.0.8_27-Jun-2021.spdx.txt bom-Java-Maven_sample-java-programs_v0.0.8_27-Jun-2021.spdx.txt bom-Java-Maven_zxing_v0.0.8_27-Jun-2021.spdx.txt

    Specification image

    Example image

    image

    bug java maven 
    opened by niruautomation 8
  • Python(Go) - poetry - dependencies listed in METADAT file are not displayed in SPDX file

    Python(Go) - poetry - dependencies listed in METADAT file are not displayed in SPDX file

    @lfpratik Tool Version Cloned code from main branch of https://github.com/spdx/spdx-sbom-generator on 11-06-2021 and built the tool Test Repo https://github.com/lfpratik/spdx-poetry-demo OS Windows 10

    1. Followed all prerequisite steps as per https://confluence.linuxfoundation.org/display/PROD/SPDX+-+Python+Module+-+Prerequisites+For+Windows
    2. Followed Prerequisite and Steps as per below screenshot image
    3. Execute ./spdx-sbom-generator
    4. Observed that all dependencies listed in METADAT file are not displayed in SPDX file Example1 image

    image

    Example2 image

    image

    bug golang python poetry 
    opened by niruautomation 5
  • .net - Warning message is displayed when SPDX file validated in the SPDX validator

    .net - Warning message is displayed when SPDX file validated in the SPDX validator

    @proximapc Tool Version v0.0.6 Test Repo https://github.com/dotnet-architecture/eShopOnWeb OS Windows 10

    1. Clone the repo
    2. Generate the SPDX file with command ./spdx-sbom-generator image

    Validate the SPDX file generated for rust in https://tools.spdx.org/app/validate/ Observed that warnings are displayed SPDX File bom-nuget.spdx.txt

    image

    bug .net 
    opened by niruautomation 5
  • Java - Maven - Warning message is displayed when SPDX file validated in the SPDX validator

    Java - Maven - Warning message is displayed when SPDX file validated in the SPDX validator

    Test Repo used for testing https://github.com/mlehotskylf/sample-java-programs

    1. Clone the https://github.com/spdx/spdx-sbom-generator.git from main branch (Since latest version tool is not available followed this approach for testing)
    2. Execute the make build-win to build the tool
    3. Generate the SPDX file for JAVA module
    4. Validate the generated SPDX file in https://tools.spdx.org/app/validate/
    5. Observed that the warning message is displayed. PFA SPDX file for reference image

    bom-Java-Maven.txt

    opened by niruautomation 5
  • .NET - Value for PackageDownloadLocation is displayed as NOASSERTION even when value exists for {package.repository.url}

    .NET - Value for PackageDownloadLocation is displayed as NOASSERTION even when value exists for {package.repository.url}

    @proximapc Tool Version v0.0.8 Test Repo https://github.com/jasontaylordev/CleanArchitecture OS Windows 10

    Observed that value for PackageDownloadLocation is displayed as NOASSERTION even when value exists for {package.repository.url}. As per specification file {package.repository.url should be displayed for PackageDownloadLocation

    Specification file image

    Example1 Package-FluentValidation-9.3.0 image

    image

    Example2 Package-MediatR-9.0.0 image

    image

    Example3 Package-AutoMapper-10.0.0 image

    image

    bug .net 
    opened by niruautomation 4
  • Node- Yarn/NPM - NOASSERTION is displayed for PackageDownloadLocation even when values exists as per the conditions mentioned in specification

    Node- Yarn/NPM - NOASSERTION is displayed for PackageDownloadLocation even when values exists as per the conditions mentioned in specification

    @khalifapro Tool Version v0.0.8 Test Repo https://github.com/gothinkster/node-express-realworld-example-app OS Windows 10

    Observed that NOASSERTION is displayed for PackageDownloadLocation even when values exists as per the conditions mentioned in specification

    SPDX file bom-yarn_node-express-realworld-example-app_v0.0.8_27-Jun-2021.spdx.txt bom-yarn_typed-install_v0.0.8_27-Jun-2021.spdx.txt bom-yarn_bolt_v0.0.8_27-Jun-2021.spdx.txt bom-npm_node-red_v0.0.8_27-Jun-2021.spdx.txt

    Specification image

    Issue image

    image

    bug node yarn npm 
    opened by niruautomation 3
  • Missing ':' after 'Relationship' tags

    Missing ':' after 'Relationship' tags

    Summary

    When running spdx-sbom-generator on itself, the resulting SBOM is missing the colon (':') after each 'Relationship' tag.

    Background

    1. cloned main branch (a795777) and built for Linux Intel/AMD 64-bit version
    2. ran spdx-sbom-generator on its own directory

    Expected behavior

    Every "Relationship" tag should be followed by a colon (':') like other tags, but they are not.

    Screenshots

    missing-colons

    bug 
    opened by swinslow 3
  • Python(Go) - pipenv/venv - Details of Document and root package are not matching with the repo against which SPDX file is generated

    Python(Go) - pipenv/venv - Details of Document and root package are not matching with the repo against which SPDX file is generated

    @lfpratik Tool Version I cloned the code from master on 14-06-2021, build the tool and verified the ticket Test Repo https://github.com/lfpratik/spdx-pipenv-demo OS Windows 10

    1. Followed all prerequisite steps as per https://confluence.linuxfoundation.org/display/PROD/SPDX+-+Python+Module+-+Prerequisites+For+Windows
    2. Followed Prerequisite and Steps as per below screenshot image
    3. Execute ./spdx-sbom-generator
    4. Observed that SPDX file is generated but details of Document and root package are not matching with the repo against which SPDX file is generated

    image

    image

    bug golang python pipenv 
    opened by niruautomation 3
  • Java - Maven - PackageVersion field is not displayed and Version is not displayed for SPDXID for plugin when it is listed as package

    Java - Maven - PackageVersion field is not displayed and Version is not displayed for SPDXID for plugin when it is listed as package

    @prathapbproximabiz Tool Version Cloned code from main branch of https://github.com/spdx/spdx-sbom-generator on 11-06-2021 and built the tool Test Repo https://github.com/zxing/zxing OS Windows 10

    Issue1 PackageVersion field is not displayed for plugin when it is listed as package Issue2 Version is not displayed for SPDXID for plugin when it is listed as package

    SPDX file image

    pom.xml image

    bug java maven 
    opened by niruautomation 3
  • Python(Go) - pipenv - Not able to generate SPDX file

    Python(Go) - pipenv - Not able to generate SPDX file

    @lfpratik Tool Version v0.0.6 Test Repo https://github.com/lfpratik/spdx-pipenv-demo OS Windows 10

    1. Followed all prerequisite steps as per https://confluence.linuxfoundation.org/display/PROD/SPDX+-+Python+Module+-+Prerequisites+For+Windows
    2. Followed Prerequisite and Steps as per below screenshot image
    3. Execute ./spdx-sbom-generator
    4. Observed that SPDX file is not generated and below error is displayed
    [email protected] MINGW64 /d/LFX/Projects/SPDX/Python/Go/spdx-pipenv-demo (main)
    $ pipenv sync
    Installing dependencies from Pipfile.lock (5a4c19)...
    To activate this project's virtualenv, run pipenv shell.
    Alternatively, run a command inside the virtualenv with pipenv run.
    All dependencies are now up-to-date!
    
    [email protected] MINGW64 /d/LFX/Projects/SPDX/Python/Go/spdx-pipenv-demo (main)
    $ pipenv install
    Installing dependencies from Pipfile.lock (5a4c19)...
    To activate this project's virtualenv, run pipenv shell.
    Alternatively, run a command inside the virtualenv with pipenv run.
    
    [email protected] MINGW64 /d/LFX/Projects/SPDX/Python/Go/spdx-pipenv-demo (main)
    $ spdx-sbom-generator
    bash: spdx-sbom-generator: command not found
    
    [email protected] MINGW64 /d/LFX/Projects/SPDX/Python/Go/spdx-pipenv-demo (main)
    $ ./spdx-sbom-generator
    INFO[2021-06-10T19:07:23+05:30] Starting to generate SPDX ...
    INFO[2021-06-10T19:07:23+05:30] Running generator for Module Manager: `pip` with output `bom-pip.spdx`
           21-06-10T19:07:24+05:30] Current Language Version Python 3.9.5
    panic: runtime error: invalid memory address or nil pointer dereference
    [signal 0xc0000005 code=0x0 addr=0x30 pc=0x7940cd]
    
    goroutine 1 [running]:
    spdx-sbom-generator/internal/models.(*CheckSum).String(0x0, 0x0, 0x0)
            /github/workspace/internal/models/models.go:76 +0x2d
    spdx-sbom-generator/internal/format.(*Format).convertToPackage(0xc002eb9b08, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ...)
            /github/workspace/internal/format/format.go:180 +0xd0
    spdx-sbom-generator/internal/format.(*Format).buildPackages(0xc002eb9b08, 0xc000075800, 0x33, 0x34, 0xc002fbea86, 0x13, 0xc0034d33e0, 0x2a, 0xc003333ab0, 0x61)
            /github/workspace/internal/format/format.go:153 +0x125
    spdx-sbom-generator/internal/format.(*Format).Render(0xc002eb9b08, 0xc0030144e0, 0x0)
            /github/workspace/internal/format/format.go:59 +0x13b
    spdx-sbom-generator/internal/handler.(*spdxHandler).Run(0xc002ee6240, 0x6, 0xd311d5)
            /github/workspace/internal/handler/spdx.go:89 +0x548
    main.generate(0x1644880, 0x166c0e8, 0x0, 0x0)
            /github/workspace/cmd/generator/generator.go:105 +0x43a
    github.com/spf13/cobra.(*Command).execute(0x1644880, 0xc0000581a0, 0x0, 0x0, 0x1644880, 0xc0000581a0)
            /go/pkg/mod/github.com/spf13/[email protected]/command.go:856 +0x2b1
    github.com/spf13/cobra.(*Command).ExecuteC(0x1644880, 0x0, 0x0, 0x0)
            /go/pkg/mod/github.com/spf13/[email protected]/command.go:960 +0x350
    github.com/spf13/cobra.(*Command).Execute(...)
            /go/pkg/mod/github.com/spf13/[email protected]/command.go:897
    main.main()
            /github/workspace/cmd/generator/generator.go:37 +0x64
    
    bug golang python pipenv 
    opened by niruautomation 3
  • fix(javagradle): panic: runtime error: slice bounds out of range [:5] with capacity 4

    fix(javagradle): panic: runtime error: slice bounds out of range [:5] with capacity 4

    Summary

    When I run this on a Java Gradle project it crashes.

    Background

    Provide context to the issue - provide steps to reproduce the behavior, such as:

    1. Clone repository https://github.com/hyperledger/cactus
    2. run cd cactus/packages/cactus-plugin-ledger-connector-corda/src/main-server/kotlin/gen/kotlin-spring
    3. Run docker run -it --rm -v "$(pwd)/:/repository" -v "$(pwd)/out:/out" spdx/spdx-sbom-generator -p /repository/ -o /out/
    4. Observe the following error:
    panic: runtime error: slice bounds out of range [:5] with capacity 4
    
    goroutine 1 [running]:
    github.com/spdx/spdx-sbom-generator/pkg/modules/javagradle.parseDependencyOutput(0xc0033a0000, 0x254a3, 0x3fe00, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ...)
            /src/pkg/modules/javagradle/dependencies.go:83 +0xaf2
    github.com/spdx/spdx-sbom-generator/pkg/modules/javagradle.dependencies(0x7ffeaac7df42, 0xc, 0xc8e9e6, 0xd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ...)
            /src/pkg/modules/javagradle/dependencies.go:48 +0x2e7
    github.com/spdx/spdx-sbom-generator/pkg/modules/javagradle.getDependencies(...)
            /src/pkg/modules/javagradle/dependencies.go:30
    github.com/spdx/spdx-sbom-generator/pkg/modules/javagradle.getDependencyModules(0xc003310119, 0x5, 0xc002e94366, 0x1d, 0x0, 0x0, 0x0, 0x0, 0xc8a628, 0x8, ...)
            /src/pkg/modules/javagradle/handler.go:111 +0x14d
    github.com/spdx/spdx-sbom-generator/pkg/modules/javagradle.(*gradle).ListModulesWithDeps(0xc000028300, 0x7ffeaac7df42, 0xc, 0x0, 0x0, 0x1, 0x1, 0xc7a020)
            /src/pkg/modules/javagradle/handler.go:100 +0x258
    github.com/spdx/spdx-sbom-generator/pkg/modules.(*Manager).Run(0xc00315d540, 0x4, 0xcae7af)
            /src/pkg/modules/modules.go:99 +0x157
    github.com/spdx/spdx-sbom-generator/pkg/handler.(*spdxHandler).Run(0xc0031c4240, 0xb, 0x7ffeaac7df42)
            /src/pkg/handler/spdx.go:73 +0x2ec
    main.generate(0x1400b60, 0xc00315d4c0, 0x0, 0x4)
            /src/cmd/generator/generator.go:105 +0x449
    github.com/spf13/cobra.(*Command).execute(0x1400b60, 0xc00001e150, 0x4, 0x4, 0x1400b60, 0xc00001e150)
            /src/vendor/github.com/spf13/cobra/command.go:856 +0x2c2
    github.com/spf13/cobra.(*Command).ExecuteC(0x1400b60, 0x41ae01, 0x0, 0x0)
            /src/vendor/github.com/spf13/cobra/command.go:960 +0x375
    github.com/spf13/cobra.(*Command).Execute(...)
            /src/vendor/github.com/spf13/cobra/command.go:897
    main.main()
            /src/cmd/generator/generator.go:37 +0x65
    

    Expected behavior

    No crash.

    Screenshots

    N/A

    Repository

    Which repository causes this error?

    Additional Context

    The complete log output:

    cactus/packages/cactus-plugin-ledger-connector-corda/src/main-server/kotlin/gen/kotlin-spring$ docker run -it --rm     -v "$(pwd)/:/repository"     -v "$(pwd)/out:/out"     spdx/spdx-sbom-generator -p /repository/ -o /out/
    INFO[2022-06-14T23:32:22Z] Starting to generate SPDX ...                
    INFO[2022-06-14T23:32:23Z] Running generator for Module Manager: `Java-Gradle` with output `/out/bom-Java-Gradle.spdx` 
    INFO[2022-06-14T23:32:27Z] Current Language Version Downloading https://services.gradle.org/distributions/gradle-6.7-bin.zip
    .........10%..........20%..........30%..........40%..........50%.........60%..........70%..........80%..........90%..........100%
    
    Welcome to Gradle 6.7!
    
    Here are the highlights of this release:
     - File system watching is ready for production use
     - Declare the version of Java your build requires
     - Java 15 support
    
    For more details see https://docs.gradle.org/6.7/release-notes.html
    
    
    ------------------------------------------------------------
    Gradle 6.7
    ------------------------------------------------------------
    
    Build time:   2020-10-14 16:13:12 UTC
    Revision:     312ba9e0f4f8a02d01854d1ed743b79ed996dfd3
    
    Kotlin:       1.3.72
    Groovy:       2.5.12
    Ant:          Apache Ant(TM) version 1.10.8 compiled on May 10 2020
    JVM:          11.0.11 (Alpine 11.0.11+9-alpine-r0)
    OS:           Linux 5.13.0-48-generic amd64
     
    panic: runtime error: slice bounds out of range [:5] with capacity 4
    
    goroutine 1 [running]:
    github.com/spdx/spdx-sbom-generator/pkg/modules/javagradle.parseDependencyOutput(0xc0033a0000, 0x254a3, 0x3fe00, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ...)
            /src/pkg/modules/javagradle/dependencies.go:83 +0xaf2
    github.com/spdx/spdx-sbom-generator/pkg/modules/javagradle.dependencies(0x7ffeaac7df42, 0xc, 0xc8e9e6, 0xd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ...)
            /src/pkg/modules/javagradle/dependencies.go:48 +0x2e7
    github.com/spdx/spdx-sbom-generator/pkg/modules/javagradle.getDependencies(...)
            /src/pkg/modules/javagradle/dependencies.go:30
    github.com/spdx/spdx-sbom-generator/pkg/modules/javagradle.getDependencyModules(0xc003310119, 0x5, 0xc002e94366, 0x1d, 0x0, 0x0, 0x0, 0x0, 0xc8a628, 0x8, ...)
            /src/pkg/modules/javagradle/handler.go:111 +0x14d
    github.com/spdx/spdx-sbom-generator/pkg/modules/javagradle.(*gradle).ListModulesWithDeps(0xc000028300, 0x7ffeaac7df42, 0xc, 0x0, 0x0, 0x1, 0x1, 0xc7a020)
            /src/pkg/modules/javagradle/handler.go:100 +0x258
    github.com/spdx/spdx-sbom-generator/pkg/modules.(*Manager).Run(0xc00315d540, 0x4, 0xcae7af)
            /src/pkg/modules/modules.go:99 +0x157
    github.com/spdx/spdx-sbom-generator/pkg/handler.(*spdxHandler).Run(0xc0031c4240, 0xb, 0x7ffeaac7df42)
            /src/pkg/handler/spdx.go:73 +0x2ec
    main.generate(0x1400b60, 0xc00315d4c0, 0x0, 0x4)
            /src/cmd/generator/generator.go:105 +0x449
    github.com/spf13/cobra.(*Command).execute(0x1400b60, 0xc00001e150, 0x4, 0x4, 0x1400b60, 0xc00001e150)
            /src/vendor/github.com/spf13/cobra/command.go:856 +0x2c2
    github.com/spf13/cobra.(*Command).ExecuteC(0x1400b60, 0x41ae01, 0x0, 0x0)
            /src/vendor/github.com/spf13/cobra/command.go:960 +0x375
    github.com/spf13/cobra.(*Command).Execute(...)
            /src/vendor/github.com/spf13/cobra/command.go:897
    main.main()
            /src/cmd/generator/generator.go:37 +0x65
    

    Acceptance Criteria

    The "done" criteria when this feature or problem is resolved. Such as:

    1. Unit Tests added and running in CI
    2. Functional Tests updated to cover bug, if applicable
    3. Bug-fix has been released also as a container image

    References

    N/A

    bug 
    opened by petermetz 0
  • SPDX SBOM - Getting running with required dependencies on macOS

    SPDX SBOM - Getting running with required dependencies on macOS

    Summary

    Unclear how to install cleanly

    Background

    Provide context to the issue - provide steps to reproduce the behavior, such as:

    Tried two ways: (on MacOS 12.5 Beta currently)

    • Used homebrew on macos `brew install spdx-sbom-generator'
    • Downloaded latest version of spdx-sbom-generator (after removing above) [Useful if there was a '--version' CLI option]

    Expected behavior

    Use tool to start scanning my files

    Screenshots

    I am in the top level of my source tree, and run the command:

    master git:(master) spdx-sbom-generator
    INFO[2022-06-13T13:22:07+01:00] Starting to generate SPDX ...                
    FATA[2022-06-13T13:22:07+01:00] Failed to initialize command: * Please install dependencies by running the following command :
    	1) bundle config set --local path 'vendor/bundle' && bundle install && bundle exec rake install
    	2) run the spdx-sbom-generator tool command 
    ➜  master git:(master) type spdx-sbom-generator                                         
    spdx-sbom-generator is /Users/jonesn/bin/spdx-sbom-generator
    ➜  master git:(master) bundle config set --local path 'vendor/bundle' && bundle install && bundle exec rake install
    Fetching gem metadata from https://rubygems.org/...........
    Fetching gem metadata from https://rubygems.org/.
    Resolving dependencies.....
    Following files may not be writable, so sudo is needed:
      /Library/Ruby/Gems/2.6.0
      /Library/Ruby/Gems/2.6.0/build_info
      /Library/Ruby/Gems/2.6.0/cache
      /Library/Ruby/Gems/2.6.0/doc
      /Library/Ruby/Gems/2.6.0/extensions
      /Library/Ruby/Gems/2.6.0/gems
      /Library/Ruby/Gems/2.6.0/specifications
    Fetching concurrent-ruby 1.1.10
    
    
    Your user account isn't allowed to install to the system RubyGems.
      You can cancel this installation and run:
    
          bundle install --path vendor/bundle
    
      to install the gems into ./vendor/bundle/, or you can enter your password
      and install the bundled gems to RubyGems using sudo.
    
      Password: 
    sudo: a password is required
    

    It's not clear what the tool is doing at this point - I couldn't see any reference on the README. Using homebrew, much of the tools are installed via this package manager, so I am careful not to allow overwrites.

    I would have expected clarification in the docs, or it could be that there is something wrong?

    Repository

    https://github.com/odpi/egeria

    • though at this point scanning hasn't started

    Additional Context

    n/a

    Acceptance Criteria

    Progress to next step of scanning code

    References

    Update

    I then decided to allow the ruby module updates, having checked what I had in this local directory (not wanting overwrites) only to get:

    ➜  master git:(master) bundle config set --local path 'vendor/bundle' && bundle install && bundle exec rake install
    Fetching gem metadata from https://rubygems.org/...........
    Fetching gem metadata from https://rubygems.org/.
    Resolving dependencies....
    Following files may not be writable, so sudo is needed:
      /Library/Ruby/Gems/2.6.0
      /Library/Ruby/Gems/2.6.0/build_info
      /Library/Ruby/Gems/2.6.0/cache
      /Library/Ruby/Gems/2.6.0/doc
      /Library/Ruby/Gems/2.6.0/extensions
      /Library/Ruby/Gems/2.6.0/gems
      /Library/Ruby/Gems/2.6.0/specifications
    Fetching concurrent-ruby 1.1.10
    
    
    Your user account isn't allowed to install to the system RubyGems.
      You can cancel this installation and run:
    
          bundle install --path vendor/bundle
    
      to install the gems into ./vendor/bundle/, or you can enter your password
      and install the bundled gems to RubyGems using sudo.
    
      Password: 
    
    
    Your user account isn't allowed to install to the system RubyGems.
      You can cancel this installation and run:
    
          bundle install --path vendor/bundle
    
      to install the gems into ./vendor/bundle/, or you can enter your password
      and install the bundled gems to RubyGems using sudo.
    
      Password: 
    Installing concurrent-ruby 1.1.10
    Fetching i18n 0.9.5
    Installing i18n 0.9.5
    Fetching minitest 5.15.0
    Installing minitest 5.15.0
    Fetching thread_safe 0.3.6
    Installing thread_safe 0.3.6
    Fetching tzinfo 1.2.9
    Installing tzinfo 1.2.9
    Fetching zeitwerk 2.5.4
    Installing zeitwerk 2.5.4
    Fetching activesupport 6.0.5
    Installing activesupport 6.0.5
    Fetching public_suffix 4.0.7
    Installing public_suffix 4.0.7
    Fetching addressable 2.8.0
    Installing addressable 2.8.0
    Using bundler 1.17.2
    Fetching coffee-script-source 1.11.1
    Installing coffee-script-source 1.11.1
    Fetching execjs 2.8.1
    Installing execjs 2.8.1
    Fetching coffee-script 2.4.1
    Installing coffee-script 2.4.1
    Fetching colorator 1.1.0
    Installing colorator 1.1.0
    Fetching commonmarker 0.23.5
    Installing commonmarker 0.23.5 with native extensions
    Gem::Ext::BuildError: ERROR: Failed to build gem native extension.
    
    current directory:
    /private/var/folders/r4/__255k7j04b669bbthwrk9340000gn/T/bundler20220613-81709-iaijkxcommonmarker-0.23.5/gems/commonmarker-0.23.5/ext/commonmarker
    /System/Library/Frameworks/Ruby.framework/Versions/2.6/usr/bin/ruby -I
    /System/Library/Frameworks/Ruby.framework/Versions/2.6/usr/lib/ruby/2.6.0 -r ./siteconf20220613-81709-9cj8wb.rb
    extconf.rb
    mkmf.rb can't find header files for ruby at
    /System/Library/Frameworks/Ruby.framework/Versions/2.6/usr/lib/ruby/include/ruby.h
    
    You might have to install separate package for the ruby development
    environment, ruby-dev or ruby-devel for example.
    
    extconf failed, exit code 1
    
    Gem files will remain installed in
    /var/folders/r4/__255k7j04b669bbthwrk9340000gn/T/bundler20220613-81709-iaijkxcommonmarker-0.23.5/gems/commonmarker-0.23.5
    for inspection.
    Results logged to
    /var/folders/r4/__255k7j04b669bbthwrk9340000gn/T/bundler20220613-81709-iaijkxcommonmarker-0.23.5/extensions/universal-darwin-21/2.6.0/commonmarker-0.23.5/gem_make.out
    
    An error occurred while installing commonmarker (0.23.5), and Bundler cannot continue.
    Make sure that `gem install commonmarker -v '0.23.5' --source 'https://rubygems.org/'` succeeds before bundling.
    
    In Gemfile:
      github-pages was resolved to 226, which depends on
        jekyll-commonmark-ghpages was resolved to 0.2.0, which depends on
          jekyll-commonmark was resolved to 1.4.0, which depends on
            commonmarker
    

    This looks like typical package version dependency issues - perhaps as a standalone tool we need to use a 'local context' of some kind. Not knowing ruby, perhaps this should be in the documentation?

    Ah

    You might have to install separate package for the ruby development
    environment, ruby-dev or ruby-devel for example.
    

    I think as the tool is intended for go, java developers etc, some elaboration around getting the dependencies right to be able to run it would be really useful?

    bug 
    opened by planetf1 1
  • panic: runtime error: index out of range [1] with length 1

    panic: runtime error: index out of range [1] with length 1

    Summary

    I wanted to try out this tool and just ran it. It didn't produce any usable output and just threw a cryptic error.

    INFO[2022-06-09T14:24:20Z] Starting to generate SPDX ...                
    INFO[2022-06-09T14:24:20Z] Running generator for Module Manager: `yarn` with output `/out/bom-yarn.spdx` 
    INFO[2022-06-09T14:24:20Z] Current Language Version 1.22.11             
    panic: runtime error: index out of range [1] with length 1
    
    goroutine 1 [running]:
    github.com/spdx/spdx-sbom-generator/pkg/modules/yarn.appendNestedDependencies(0xc003200000, 0x3e4, 0x4ec, 0x3e4, 0x4ec, 0x0)
            /src/pkg/modules/yarn/handler.go:394 +0x7c6
    github.com/spdx/spdx-sbom-generator/pkg/modules/yarn.(*yarn).ListModulesWithDeps(0xc00001e370, 0x7ffe13e39f42, 0xc, 0x0, 0x0, 0x1, 0x1, 0xc7a020)
            /src/pkg/modules/yarn/handler.go:169 +0xef
    github.com/spdx/spdx-sbom-generator/pkg/modules.(*Manager).Run(0xc00306b000, 0x4, 0xcae7af)
            /src/pkg/modules/modules.go:99 +0x157
    github.com/spdx/spdx-sbom-generator/pkg/handler.(*spdxHandler).Run(0xc0030e4180, 0xb, 0x7ffe13e39f42)
            /src/pkg/handler/spdx.go:73 +0x2ec
    main.generate(0x1400b60, 0xc00306aec0, 0x0, 0x4)
            /src/cmd/generator/generator.go:105 +0x449
    github.com/spf13/cobra.(*Command).execute(0x1400b60, 0xc00001e150, 0x4, 0x4, 0x1400b60, 0xc00001e150)
            /src/vendor/github.com/spf13/cobra/command.go:856 +0x2c2
    github.com/spf13/cobra.(*Command).ExecuteC(0x1400b60, 0x41ae01, 0x0, 0x0)
            /src/vendor/github.com/spf13/cobra/command.go:960 +0x375
    github.com/spf13/cobra.(*Command).Execute(...)
            /src/vendor/github.com/spf13/cobra/command.go:897
    main.main()
            /src/cmd/generator/generator.go:37 +0x65
    

    Background

    $ docker run -it --rm \
        -v "$(pwd):/repository" \
        -v "$(pwd)/out:/out" \
        spdx/spdx-sbom-generator -p /repository/ -o /out/
    

    Expected behavior

    I don't know what to expect, but it's not this.

    Repository

    Which repository causes this error?

    https://github.com/oliversalzburg/plantdb

    bug 
    opened by oliversalzburg 0
  • [Question]How to solve the error message:

    [Question]How to solve the error message:" Plugin yarn return error unable to generate SPDX file, no modules founded. "

    Summary

    Describe the bug - a clear and concise overview of what the bug is. When i exec the command: ./spdx-sbom-generator -p /react-grid-layout-1.3.4 -o out/

    There are error tips: Command has completed with errors for some package managers, see details below Plugin yarn return error unable to generate SPDX file, no modules founded. Please install them before running spdx-sbom-generator, e.g.: yarn install

    I have installed the yarn $ yarn --version 0.32+git

    Background

    provide steps to reproduce the behavior, such as:

    1. Download spdx-sbom-generator-v0.0.10-linux-amd64.tar.gz
    2. unzip the package
    3. run ./spdx-sbom-generator -p /react-grid-layout-1.3.4 -o out/

    error tips: Command has completed with errors for some package managers, see details below Plugin yarn return error unable to generate SPDX file, no modules founded. Please install them before running spdx-sbom-generator, e.g.: yarn install

    Additional Context

    I have installed the yarm

    $ yarn --version 0.32+git

    how to solve this issue? thanks

    bug 
    opened by jesse-zhangh 0
  • GoMod: SHA256 values not consistent

    GoMod: SHA256 values not consistent

    Description

    Running the spdx-sbom-generator built with docker provided image and built locally with same Go version (Go1.16.5) calculates different hash value for every dependent package of matching version.

    Expected Results

    SHA256 for the exact same package (name and version) must be the same otherwise one cannot verify that the package have not changed.

    Details

    Inspecting the SHA256 value generated for the same package

    SPDXID: SPDXRef-Package-github.com.sirupsen.logrus-v1.8.1

    in each BOM file had a different hash value calculated.

    Attached files, one generated with docker image the other with locally built. From locally built BOM file (bom-go-mod_go1.16.5.spdx.txt):

    `##### Package representing the github.com/sirupsen/logrus

    PackageName: github.com/sirupsen/logrus SPDXID: SPDXRef-Package-github.com.sirupsen.logrus-v1.8.1 PackageVersion: v1.8.1 PackageSupplier: Organization: github.com/sirupsen/logrus PackageDownloadLocation: https://github.com/sirupsen/logrus/releases/tag/v1.8.1 FilesAnalyzed: false PackageChecksum: SHA256: 7f14e6c0671df07198ab98bbff04d56fc4cbf7adfa0d9b83f42b97b9150c6a5e PackageHomePage: https://github.com/sirupsen/logrus `

    From Docker BOM file (bom-go-mod_docker_go1.16.5.spdx.txt):

    `##### Package representing the github.com/sirupsen/logrus

    PackageName: github.com/sirupsen/logrus SPDXID: SPDXRef-Package-github.com.sirupsen.logrus-v1.8.1 PackageVersion: v1.8.1 PackageSupplier: Organization: github.com/sirupsen/logrus PackageDownloadLocation: https://github.com/sirupsen/logrus/releases/tag/v1.8.1 FilesAnalyzed: false PackageChecksum: SHA256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 PackageHomePage: https://github.com/sirupsen/logrus`

    Reference - Uploaded files

    bom-go-mod_docker_go1.16.5.spdx.txt bom-go-mod_go1.16.5.spdx.txt

    opened by opedroso 1
Releases(v0.0.13)
Personal notetaking tooling

jot CLI Task List and Journal jot is a simple journaling program for CLI that helps you keep track of your life. Config File ~/.jot.yaml is read on st

Gabe Conradi 5 Aug 6, 2021
Silotools: Tooling for interacting with SiLos

KONG SiLo USB NFC Tool Description Node script for verifying KONG SiLos via a NFC USB reader such as the ACR-122. Learn more about SiLos at KONG Cash

KONG 0 Dec 8, 2021
Tooling for SiLos

Silotools Tooling for interacting with SiLos Ported to golang from kong-org/silo-usb-nfc Kong Discord Compatibility This tool requires a system with t

Ryan Miller 0 Dec 15, 2021
Code generation for golang's constructor

constructor Generate constructor for a given struct. Usage of constructor: -exclude string the fields to exclude. Use comma to specify multi

Alex Tan Hong Pin 0 Dec 26, 2021
:sunglasses:Package captcha provides an easy to use, unopinionated API for captcha generation

Package captcha provides an easy to use, unopinionated API for captcha generation. Why another captcha generator? I want a simple and framework-indepe

Weilin Shi 106 Jun 26, 2022
Set of functions/methods that will ease GO code generation

Set of functions/methods that will ease GO code generation

Matheus Leonel Balduino 1 Dec 1, 2021
Snowflake algorithm generation worker Id sequence

sequence snowflake algorithm generation worker Id sequence 使用雪花算法生成ID,生成100万个只需要

null 1 Jan 21, 2022
Knit is an inline code generation tool that combines the power of Go's text/template package with automatic spec file loading.

Knit Knit is an inline code generation tool that combines the power of Go's text/template package with automatic spec file loading. Example openapi: "

Tyler 3 Apr 6, 2022
A simple Via CEP Wrapper to demonstrate GoLang tests usage

via-cep-wrapper A simple Via CEP Wrapper to demonstrate GoLang tests usage Purpose Demonstrate how struct services could make easy to build and test a

Bruno 3 May 18, 2022
:chart_with_upwards_trend: Monitors Go MemStats + System stats such as Memory, Swap and CPU and sends via UDP anywhere you want for logging etc...

Package stats Package stats allows for gathering of statistics regarding your Go application and system it is running on and sent them via UDP to a se

Go Playgound 161 May 20, 2022
DSV Parallel Processor takes input files and query specification via a spec file

DSV Parallel Processor Spec file DSV Parallel Processor takes input files and query specification via a spec file (conventionally named "spec.toml").

Wattanit Hotrakool 0 Oct 9, 2021
using go search the Marvel universe characters via marvel api

go-marvel-api using go search the Marvel universe characters via marvel api Build and run tests on the local environemnt Build the project $ go build

Burak KÖSE 1 Oct 5, 2021
Via Cep Wrapper is a api wrapper used to find address by zipcode (Brazil only)

Viacep Wrapper Viacep Wrapper is an API wrapper built with Golang used to find address by zipcode (Brazil only). This project was developed for study

PATRICK SEGANTINE 1 Jan 25, 2022
Functional Programming support for golang.(Streaming API)

Funtional Api for Golang Functional Programming support for golang.(Streaming API) The package can only be used with go 1.18. Do not try in lower vers

Tobias Yin 0 Dec 8, 2021
CoreFoundation Property List support for Go

PACKAGE package plist import "github.com/kballard/go-osx-plist" Package plist implements serializing and deserializing of property list

Lily Ballard 29 Mar 18, 2022
Prometheus support for go-metrics

go-metrics-prometheus This is a reporter for the go-metrics library which will post the metrics to the prometheus client registry . It just updates th

Csergő Bálint 68 Jun 11, 2022
Library to work with MimeHeaders and another mime types. Library support wildcards and parameters.

Mime header Motivation This library created to help people to parse media type data, like headers, and store and match it. The main features of the li

Anton Ohorodnyk 27 May 1, 2022
🏆 A decentralized layer to support NFT on Mixin Messenger and Kernel.

NFO A decentralized layer to support NFT on Mixin Kernel. This MTG sends back an NFT to the receiver whenever it receives a transaction with valid min

Mixin Network 15 May 12, 2022
The Bhojpur BSS is a software-as-a-service product used as an Business Support System based on Bhojpur.NET Platform for application delivery.

Bhojpur BSS - Business Support System The Bhojpur BSS is a software-as-a-service product used as an Business Support System based on Bhojpur.NET Platf

Bhojpur Consulting 0 Dec 30, 2021