support enrichment for copyright and downloadlocation #217
Description
This is the next step towards enriching SBOMs with copyright and download location using clearlydefined. We have already enriched SBOM with license in our previous release. Now, we are extending the enrichment process with other 2 fields:
- copyright, and
- downloadLocation
- source location
The REST API to determined the following resources are:
- for download location:
Example:
curl -s -X GET "https://api.clearlydefined.io/definitions?coordinates=go%2Fgolang%2Fcel.dev%2Fexpr%2Fv0.19.1" -H "accept: */*" -H "Accept-Version: 1.0.0" -H "Content-Type: application/json" | jq .described.urls o/p:
{
"registry": "https://pkg.go.dev/cel.dev/expr",
"version": "https://pkg.go.dev/cel.dev/expr@v0.19.1",
"download": "https://proxy.golang.org/cel.dev/expr/@v/v0.19.1.zip"
}- For source location or repository location
Example:
curl -s -X GET "https://api.clearlydefined.io/definitions?coordinates=go%2Fgolang%2Fcel.dev%2Fexpr%2Fv0.19.1" -H "accept: */*" -H "Accept-Version: 1.0.0" -H "Content-Type: application/json" | jq .described.sourceLocationo/p:
{
"type": "go",
"provider": "golang",
"namespace": "cel.dev",
"name": "expr",
"revision": "v0.19.1",
"url": "https://pkg.go.dev/cel.dev/expr@v0.19.1"
}- for copyright,
curl -s -X GET "https://api.clearlydefined.io/definitions?coordinates=go%2Fgolang%2Fcel.dev%2Fexpr%2Fv0.19.1" -H "accept: */*" -H "Accept-Version: 1.0.0" -H "Content-Type: application/json" | jq .licensed.facets.core.attributiono/p:
{
"unknown": 70,
"parties": [
"Copyright 2022 Google LLC",
"Copyright 2023 Google LLC",
"Copyright 2024 Google LLC"
]
}