Constructor Detail

• Package

  Package(Identifier id, String purl, String cpe, Set<String> authors, Set<String> declaredLicenses, ProcessedDeclaredLicense declaredLicensesProcessed, SpdxExpression concludedLicense, String description, String homepageUrl, RemoteArtifact binaryArtifact, RemoteArtifact sourceArtifact, VcsInfo vcs, VcsInfo vcsProcessed, Boolean isMetadataOnly, Boolean isModified)

Method Detail

• getId

   final Identifier getId()

  The unique identifier of this package. The id's type is the name of the package type or protocol (e.g. "Maven" for a file from a Maven repository).

• getPurl

   final String getPurl()

  An additional identifier in package URL syntax.

• getCpe

   final String getCpe()

  An optional additional identifier in CPE syntax.

• getAuthors

   final Set<String> getAuthors()

  The set of authors declared for this package.

• getDeclaredLicenses

   final Set<String> getDeclaredLicenses()

  The set of licenses declared for this package. This does not necessarily correspond to the licenses as detected by a scanner. Both need to be taken into account for any conclusions.

• getDeclaredLicensesProcessed

   final ProcessedDeclaredLicense getDeclaredLicensesProcessed()

  The declared licenses as SpdxExpression. If declaredLicenses contains multiple licenses they are concatenated with SpdxOperator.AND.

• getConcludedLicense

   final SpdxExpression getConcludedLicense()

  The concluded license as an SpdxExpression. It can be used to override the declared / detected licenses of a package.

  ORT itself does not set this field, it needs to be set by the user using a PackageCuration.

• getDescription

   final String getDescription()

  The description of the package, as provided by the package manager.

• getHomepageUrl

   final String getHomepageUrl()

  The homepage of the package.

• getBinaryArtifact

   final RemoteArtifact getBinaryArtifact()

  The remote artifact where the binary package can be downloaded.

• getSourceArtifact

   final RemoteArtifact getSourceArtifact()

  The remote artifact where the source package can be downloaded.

• getVcs

   final VcsInfo getVcs()

  Original VCS-related information as defined in the package's metadata.

• getVcsProcessed

   final VcsInfo getVcsProcessed()

  Processed VCS-related information about the package in normalized form. The information is either derived from vcs, guessed from additional data as a fallback, or empty. On top of that PackageCurations may have been applied.

• isMetadataOnly

   final Boolean isMetadataOnly()

  Indicates whether the package is just metadata, like e.g. Maven BOM artifacts which only define constraints for dependency versions.

• isModified

   final Boolean isModified()

  Indicates whether the source code of the package has been modified compared to the original source code, e.g., in case of a fork of an upstream Open Source project.

• diff

   final PackageCurationData diff(Package other)

  Compares this package with other and creates a PackageCurationData containing the values from this package which are different in other. All equal values are set to null. Only the fields present in PackageCurationData are compared.

• toCuratedPackage

   final CuratedPackage toCuratedPackage()

  Create a CuratedPackage from this package with an empty list of applied curations.

• toReference

   final PackageReference toReference(PackageLinkage linkage, Set<PackageReference> dependencies, List<Issue> issues)

  Return a PackageReference to refer to this Package with optional dependencies and issues.