-
Notifications
You must be signed in to change notification settings - Fork 168
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
1 parent
3a5d973
commit fc7f73c
Showing
1 changed file
with
25 additions
and
16 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -297,26 +297,14 @@ github | |
| pkg:github/package-url/purl-spec@244fd47e07d1004 | ||
| pkg:github/package-url/purl-spec@244fd47e07d1004#everybody/loves/dogs | ||
|
|
||
| go | ||
| ------ | ||
| ``go`` for Go modules: | ||
|
|
||
| - The ``namespace`` field is empty and implies the go mod proxy. | ||
| - The ``name`` will be the full module path. | ||
| - The ``subpath`` will represent the package path within a module. | ||
| - The ``version`` will be a valid go version or pseudoversion, or empty. | ||
| - Additional Build information for binaries can be included as ``qualifiers`` (i.e VCS info, go version info, GoArch/GoOS info etc) | ||
| - Examples:: | ||
|
|
||
| pkg:go/google.golang.org%2Fgenproto#googleapis/api/annotations | ||
| pkg:go/github.com%2Fjmorion%[email protected]#api | ||
| pkg:go/golang.org%2Fx%2Fvuln?goversion=1.23.2&vcs=git&vcs_modified=true#cmd/govulncheck | ||
| pkg:go/golang.org%2Fx%[email protected]?goversion=1.23.2#cmd/govulncheck | ||
|
|
||
| golang | ||
| ------ | ||
| ``golang`` for Go packages: | ||
|
|
||
| This type was created before Go 1.11 and it is not best suited for | ||
| identifying Go modules. For this purpose, there is an additional `go` | ||
| type for identifying Go artifacts. | ||
|
|
||
| - There is no default package repository: this is implied in the namespace | ||
| using the ``go get`` command conventions. | ||
| - The ``namespace`` and `name` must be lowercased. | ||
|
|
@@ -329,6 +317,27 @@ golang | |
| pkg:golang/google.golang.org/genproto#googleapis/api/annotations | ||
| pkg:golang/github.com/gorilla/context@234fd47e07d1004f0aed9c#api | ||
|
|
||
| go | ||
| ------ | ||
| ``go`` for Go modules: | ||
|
|
||
| - The ``namespace`` is empty. | ||
| - The ``name`` is the unmodified full case-sensitive [Go module path](https://go.dev/ref/mod#module-path). | ||
| For artifacts in the Go standard library or the Go command, the ``name`` is `stdlib`. | ||
| - The ``subpath`` is the unmodified Go package path within a module. | ||
| - The ``version`` may be a valid [Go version](https://go.dev/doc/toolchain#version) for `stdlib`, | ||
| [Go module version](https://go.dev/doc/modules/version-numbers), [`(devel)`](https://go.dev/ref/mod#go-version-m), | ||
| or omitted when empty. | ||
| - The ``qualifiers`` are URL encoded key-value pairs as defined by | ||
| Go's [`debug.BuildSetting`](https://pkg.go.dev/runtime/debug#BuildSetting). | ||
| This list can be extended in the future. | ||
| - Examples:: | ||
|
|
||
| pkg:go/google.golang.org%2Fgenproto#googleapis/api/annotations | ||
| pkg:go/github.com%2Fjmorion%[email protected]#api | ||
| pkg:go/golang.org%2Fx%2Fvuln?vcs=git&vcs.modified=true#cmd/govulncheck | ||
| pkg:go/golang.org%2Fx%[email protected]?goos=linux#cmd/govulncheck | ||
|
|
||
| hackage | ||
| ------- | ||
| ``hackage`` for Haskell packages: | ||
|
|
||