forked from ossf/scorecard
-
Notifications
You must be signed in to change notification settings - Fork 0
/
mapping.go
89 lines (71 loc) · 2.87 KB
/
mapping.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
// Copyright 2022 Security Scorecard Authors
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
package dependencydiff
import (
"fmt"
)
// Ecosystem is a package ecosystem supported by OSV, GitHub, etc.
type ecosystem string
// OSV ecosystem naming data source: https://ossf.github.io/osv-schema/#affectedpackage-field
// nolint
const (
// The Go ecosystem.
ecosystemGo ecosystem = "Go"
// The NPM ecosystem.
ecosystemNpm ecosystem = "npm"
// The Android ecosystem
ecosystemAndroid ecosystem = "Android" // nolint:unused
// The crates.io ecosystem for RUST.
ecosystemCrates ecosystem = "crates.io"
// For reports from the OSS-Fuzz project that have no more appropriate ecosystem.
ecosystemOssFuzz ecosystem = "OSS-Fuzz" // nolint:unused
// The Python PyPI ecosystem. PyPI is the main package source of pip.
ecosystemPyPI ecosystem = "PyPI"
// The RubyGems ecosystem.
ecosystemRubyGems ecosystem = "RubyGems"
// The PHP package manager ecosystem. Packagist is the main Composer repository.
ecosystemPackagist ecosystem = "Packagist"
// The Maven Java package ecosystem.
ecosystemMaven ecosystem = "Maven"
// The NuGet package ecosystem.
ecosystemNuGet ecosystem = "Nuget"
// The Linux kernel.
ecosystemLinux ecosystem = "Linux" // nolint:unused
// The Debian package ecosystem.
ecosystemDebian ecosystem = "Debian" // nolint:unused
// Hex is the package manager of Erlang.
// TODO: GitHub doesn't support hex as the ecosystem for Erlang yet. Add this to the map in the future.
ecosystemHex ecosystem = "Hex" // nolint:unused
)
var (
//gitHubToOSV defines the ecosystem naming mapping relationship between GitHub and others.
gitHubToOSV = map[string]ecosystem{
// GitHub ecosystem naming data source: https://docs.github.com/en/code-security/supply-chain-security/
// understanding-your-software-supply-chain/about-the-dependency-graph#supported-package-ecosystems
"gomod": ecosystemGo, /* go.mod and go.sum */
"cargo": ecosystemCrates,
"pip": ecosystemPyPI, /* pip and poetry */
"npm": ecosystemNpm, /* npm and yarn */
"maven": ecosystemMaven,
"composer": ecosystemPackagist,
"rubygems": ecosystemRubyGems,
"nuget": ecosystemNuGet,
}
)
func toEcosystem(e string) (ecosystem, error) {
if ecosystemOSV, found := gitHubToOSV[e]; found {
return ecosystemOSV, nil
}
return "", fmt.Errorf("%w for github entry %s", errMappingNotFound, e)
}