Added SBOM generator module to implement the spdx
utility bill of material
Added methods to graph.go to extract the annotation types
Test: m compliance_sbom
Test: tested against real targets, see go/paste/4932131502424064
Bug: 241591242
Change-Id: I344c15d64cd034d72076f9d9a677e593e288e3a6
diff --git a/tools/compliance/graph.go b/tools/compliance/graph.go
index e69f3e2..d7f1750 100644
--- a/tools/compliance/graph.go
+++ b/tools/compliance/graph.go
@@ -139,6 +139,24 @@
return e.annotations
}
+// IsRuntimeDependency returns true for edges representing shared libraries
+// linked dynamically at runtime.
+func (e *TargetEdge) IsRuntimeDependency() bool {
+ return edgeIsDynamicLink(e)
+}
+
+// IsDerivation returns true for edges where the target is a derivative
+// work of dependency.
+func (e *TargetEdge) IsDerivation() bool {
+ return edgeIsDerivation(e)
+}
+
+// IsBuildTool returns true for edges where the target is built
+// by dependency.
+func (e *TargetEdge) IsBuildTool() bool {
+ return !edgeIsDerivation(e) && !edgeIsDynamicLink(e)
+}
+
// String returns a human-readable string representation of the edge.
func (e *TargetEdge) String() string {
return fmt.Sprintf("%s -[%s]> %s", e.target.name, strings.Join(e.annotations.AsList(), ", "), e.dependency.name)
@@ -188,6 +206,11 @@
return s.edge.dependency
}
+// Edge describes the target edge.
+func (s TargetEdgePathSegment) Edge() *TargetEdge {
+ return s.edge
+}
+
// Annotations describes the type of edge by the set of annotations attached to
// it.
//
@@ -300,6 +323,11 @@
return tn.proto.GetPackageName()
}
+// ModuleName returns the module name of the target.
+func (tn *TargetNode) ModuleName() string {
+ return tn.proto.GetModuleName()
+}
+
// Projects returns the projects defining the target node. (unordered)
//
// In an ideal world, only 1 project defines a target, but the interaction