1// SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later 2 3package v2_3 4 5import "github.com/spdx/tools-golang/spdx/common" 6 7// File is a File section of an SPDX Document for version 2.3 of the spec. 8type File struct { 9 // 8.1: File Name 10 // Cardinality: mandatory, one 11 FileName string `json:"fileName"` 12 13 // 8.2: File SPDX Identifier: "SPDXRef-[idstring]" 14 // Cardinality: mandatory, one 15 FileSPDXIdentifier common.ElementID `json:"SPDXID"` 16 17 // 8.3: File Types 18 // Cardinality: optional, multiple 19 FileTypes []string `json:"fileTypes,omitempty"` 20 21 // 8.4: File Checksum: may have keys for SHA1, SHA256, MD5, SHA3-256, SHA3-384, SHA3-512, BLAKE2b-256, BLAKE2b-384, BLAKE2b-512, BLAKE3, ADLER32 22 // Cardinality: mandatory, one SHA1, others may be optionally provided 23 Checksums []common.Checksum `json:"checksums"` 24 25 // 8.5: Concluded License: SPDX License Expression, "NONE" or "NOASSERTION" 26 // Cardinality: optional, one 27 LicenseConcluded string `json:"licenseConcluded,omitempty"` 28 29 // 8.6: License Information in File: SPDX License Expression, "NONE" or "NOASSERTION" 30 // Cardinality: optional, one or many 31 LicenseInfoInFiles []string `json:"licenseInfoInFiles,omitempty"` 32 33 // 8.7: Comments on License 34 // Cardinality: optional, one 35 LicenseComments string `json:"licenseComments,omitempty"` 36 37 // 8.8: Copyright Text: copyright notice(s) text, "NONE" or "NOASSERTION" 38 // Cardinality: mandatory, one 39 FileCopyrightText string `json:"copyrightText"` 40 41 // DEPRECATED in version 2.1 of spec 42 // 8.9-8.11: Artifact of Project variables (defined below) 43 // Cardinality: optional, one or many 44 ArtifactOfProjects []*ArtifactOfProject `json:"artifactOfs,omitempty"` 45 46 // 8.12: File Comment 47 // Cardinality: optional, one 48 FileComment string `json:"comment,omitempty"` 49 50 // 8.13: File Notice 51 // Cardinality: optional, one 52 FileNotice string `json:"noticeText,omitempty"` 53 54 // 8.14: File Contributor 55 // Cardinality: optional, one or many 56 FileContributors []string `json:"fileContributors,omitempty"` 57 58 // 8.15: File Attribution Text 59 // Cardinality: optional, one or many 60 FileAttributionTexts []string `json:"attributionTexts,omitempty"` 61 62 // DEPRECATED in version 2.0 of spec 63 // 8.16: File Dependencies 64 // Cardinality: optional, one or many 65 FileDependencies []string `json:"fileDependencies,omitempty"` 66 67 // Snippets contained in this File 68 // Note that Snippets could be defined in a different Document! However, 69 // the only ones that _THIS_ document can contain are this ones that are 70 // defined here -- so this should just be an ElementID. 71 Snippets map[common.ElementID]*Snippet `json:"-" yaml:"-"` 72 73 Annotations []Annotation `json:"annotations,omitempty"` 74} 75 76// ArtifactOfProject is a DEPRECATED collection of data regarding 77// a Package, as defined in sections 8.9-8.11 in version 2.3 of the spec. 78// NOTE: the JSON schema does not define the structure of this object: 79// https://github.com/spdx/spdx-spec/blob/development/v2.3.1/schemas/spdx-schema.json#L480 80type ArtifactOfProject struct { 81 82 // DEPRECATED in version 2.1 of spec 83 // 8.9: Artifact of Project Name 84 // Cardinality: conditional, required if present, one per AOP 85 Name string `json:"name"` 86 87 // DEPRECATED in version 2.1 of spec 88 // 8.10: Artifact of Project Homepage: URL or "UNKNOWN" 89 // Cardinality: optional, one per AOP 90 HomePage string `json:"homePage"` 91 92 // DEPRECATED in version 2.1 of spec 93 // 8.11: Artifact of Project Uniform Resource Identifier 94 // Cardinality: optional, one per AOP 95 URI string `json:"URI"` 96} 97