Contains the minimal information needed to describe how to find a file within any possible source object (e.g.
Field Name
Type
Description
path
str
RealPath is the canonical absolute form of the path accessed (all symbolic links have been followed and relative path components like '.' and '..' have been removed).
layerID
str
FileSystemID is an ID representing and entire filesystem. For container images, this is a layer digest. For directories or a root filesystem, this is blank.
Descriptor
Describes what created the document as well as surrounding metadata
Field Name
Type
name
str
version
str
Digest
Represents a cryptographic hash of file contents.
Field Name
Type
Description
algorithm
str
Algorithm specifies the hash algorithm used (e.g., "sha256", "md5").
value
str
Value is the hexadecimal string representation of the hash.
ELFSecurityFeatures
Captures security hardening and protection mechanisms in ELF binaries.
Field Name
Type
Description
symbolTableStripped
bool
SymbolTableStripped indicates whether debugging symbols have been removed.
stackCanary
bool
StackCanary indicates whether stack smashing protection is enabled.
nx
bool
NoExecutable indicates whether NX (no-execute) protection is enabled for the stack.
relRO
str
RelocationReadOnly indicates the RELRO protection level.
pie
bool
PositionIndependentExecutable indicates whether the binary is compiled as PIE.
dso
bool
DynamicSharedObject indicates whether the binary is a shared library.
safeStack
bool
LlvmSafeStack represents a compiler-based security mechanism that separates the stack into a safe stack for storing return addresses and other critical data, and an unsafe stack for everything else, to mitigate stack-based memory corruption errors
see https://clang.llvm.org/docs/SafeStack.html
cfi
bool
ControlFlowIntegrity represents runtime checks to ensure a program's control flow adheres to the legal paths determined at compile time, thus protecting against various types of control-flow hijacking attacks
see https://clang.llvm.org/docs/ControlFlowIntegrity.html
fortify
bool
ClangFortifySource is a broad suite of extensions to libc aimed at catching misuses of common library functions
see https://android.googlesource.com/platform//bionic/+/d192dbecf0b2a371eb127c0871f77a9caf81c4d2/docs/clang_fortify_anatomy.md
Executable
Contains metadata about binary files and their security features.
Field Name
Type
Description
format
str
Format denotes either ELF, Mach-O, or PE
hasExports
bool
HasExports indicates whether the binary exports symbols.
hasEntrypoint
bool
HasEntrypoint indicates whether the binary has an entry point function.
importedLibraries
Array<str>
ImportedLibraries lists the shared libraries required by this executable.
Represents a configurable parameter for a kernel module with its type and description.
Field Name
Type
Description
type
str
Type is parameter data type (e.g. int, string, bool, array types)
description
str
Description is a human-readable parameter description explaining what the parameter controls
LinuxRelease
Field Name
Type
prettyName
str
name
str
id
str
idLike
IDLikes
version
str
versionID
str
versionCodename
str
buildID
str
imageID
str
imageVersion
str
variant
str
variantID
str
homeURL
str
supportURL
str
bugReportURL
str
privacyPolicyURL
str
cpeName
str
supportEnd
str
extendedSupport
bool
Location
Represents a path relative to a particular filesystem resolved to a specific file.Reference.
Field Name
Type
Description
path
str
RealPath is the canonical absolute form of the path accessed (all symbolic links have been followed and relative path components like '.' and '..' have been removed).
layerID
str
FileSystemID is an ID representing and entire filesystem. For container images, this is a layer digest. For directories or a root filesystem, this is blank.
accessPath
str
AccessPath is the path used to retrieve file contents (which may or may not have hardlinks / symlinks in the path)
annotations
obj
Package
Represents a pkg.Package object specialized for JSON marshaling and unmarshalling.
Represents all captured data from Bitnami packages described in Bitnami' SPDX files.
Field Name
Type
Description
name
str
Name is the package name as found in the Bitnami SPDX file
arch
str
Architecture is the target CPU architecture (amd64 or arm64 in Bitnami images)
distro
str
Distro is the distribution name this package is for (base OS like debian, ubuntu, etc.)
revision
str
Revision is the Bitnami-specific package revision number (incremented for Bitnami rebuilds of same upstream version)
version
str
Version is the package version as found in the Bitnami SPDX file
path
str
Path is the installation path in the filesystem where the package is located
files
Array<str>
Files are the file paths owned by this package (tracked via SPDX relationships)
CConanFileEntry
ConanfileEntry represents a single "Requires" entry from a conanfile.txt.
Field Name
Type
Description
ref
str
Ref is the package reference string in format name/version@user/channel
CConanInfoEntry
ConaninfoEntry represents a single "full_requires" entry from a conaninfo.txt.
Field Name
Type
Description
ref
str
Ref is the package reference string in format name/version@user/channel
package_id
str
PackageID is a unique package variant identifier
CConanLockEntry
ConanV1LockEntry represents a single "node" entry from a conan.lock V1 file.
Field Name
Type
Description
ref
str
Ref is the package reference string in format name/version@user/channel
package_id
str
PackageID is a unique package variant identifier computed from settings/options (static hash in Conan 1.x, can have collisions with complex dependency graphs)
prev
str
Prev is the previous lock entry reference for versioning
requires
Array<str>
Requires are the runtime package dependencies
build_requires
Array<str>
BuildRequires are the build-time dependencies (e.g. cmake, compilers)
py_requires
Array<str>
PythonRequires are the Python dependencies needed for Conan recipes
options
KeyValues
Options are package configuration options as key-value pairs (e.g. shared=True, fPIC=True)
path
str
Path is the filesystem path to the package in Conan cache
context
str
Context is the build context information
CConanLockV2Entry
ConanV2LockEntry represents a single "node" entry from a conan.lock V2 file.
Field Name
Type
Description
ref
str
Ref is the package reference string in format name/version@user/channel
packageID
str
PackageID is a unique package variant identifier (dynamic in Conan 2.0, more accurate than V1)
username
str
Username is the Conan user/organization name
channel
str
Channel is the Conan channel name indicating stability/purpose (e.g. stable, testing, experimental)
recipeRevision
str
RecipeRevision is a git-like revision hash (RREV) of the recipe
packageRevision
str
PackageRevision is a git-like revision hash of the built binary package
timestamp
str
TimeStamp is when this package was built/locked
CocoaPodfileLockEntry
Represents a single entry from the "Pods" section of a Podfile.lock file.
Field Name
Type
Description
checksum
str
Checksum is the SHA-1 hash of the podspec file for integrity verification (generated via `pod ipc spec ... | openssl sha1`), ensuring all team members use the same pod specification version
CondaMetadataEntry
CondaMetaPackage represents metadata for a Conda package extracted from the conda-meta/*.json files.
Field Name
Type
Description
arch
str
Arch is the target CPU architecture for the package (e.g., "arm64", "x86_64").
name
str
Name is the package name as found in the conda-meta JSON file.
version
str
Version is the package version as found in the conda-meta JSON file.
build
str
Build is the build string identifier (e.g., "h90dfc92_1014").
build_number
int
BuildNumber is the sequential build number for this version.
channel
str
Channel is the Conda channel URL where the package was retrieved from.
subdir
str
Subdir is the subdirectory within the channel (e.g., "osx-arm64", "linux-64").
noarch
str
Noarch indicates if the package is platform-independent (e.g., "python", "generic").
license
str
License is the package license identifier.
license_family
str
LicenseFamily is the general license category (e.g., "MIT", "Apache", "GPL").
md5
str
MD5 is the MD5 hash of the package archive.
sha256
str
SHA256 is the SHA-256 hash of the package archive.
size
int
Size is the package archive size in bytes.
timestamp
int
Timestamp is the Unix timestamp when the package was built.
fn
str
Filename is the original package archive filename (e.g., "zlib-1.2.11-h90dfc92_1014.tar.bz2").
url
str
URL is the full download URL for the package archive.
extracted_package_dir
str
ExtractedPackageDir is the local cache directory where the package was extracted.
depends
Array<str>
Depends is the list of runtime dependencies with version constraints.
files
Array<str>
Files is the list of files installed by this package.
Environment is SDK version constraints for Dart and Flutter
platforms
Array<str>
Platforms are the supported platforms (Android, iOS, web, etc.)
ignored_advisories
Array<str>
IgnoredAdvisories are the security advisories to explicitly ignore for this package
DartPubspecEnvironment
Represents SDK version constraints from the environment section of pubspec.yaml.
Field Name
Type
Description
sdk
str
SDK is the Dart SDK version constraint (e.g. ">=2.12.0 <3.0.0")
flutter
str
Flutter is the Flutter SDK version constraint if this is a Flutter package
DartPubspecLockEntry
Is a struct that represents a single entry found in the "packages" section in a Dart pubspec.lock file.
Field Name
Type
Description
name
str
Name is the package name as found in the pubspec.lock file
version
str
Version is the package version as found in the pubspec.lock file
hosted_url
str
HostedURL is the URL of the package repository for hosted packages (typically pub.dev, but can be custom repository identified by hosted-url). When PUB_HOSTED_URL environment variable changes, lockfile tracks the source.
vcs_url
str
VcsURL is the URL of the VCS repository for git/path dependencies (for packages fetched from version control systems like Git)
DotnetDepsEntry
Is a struct that represents a single entry found in the "libraries" section in a .NET [*.]deps.json file.
Field Name
Type
Description
name
str
Name is the package name as found in the deps.json file
version
str
Version is the package version as found in the deps.json file
path
str
Path is the relative path to the package within the deps structure (e.g. "app.metrics/3.0.0")
sha512
str
Sha512 is the SHA-512 hash of the NuGet package content WITHOUT the signed content for verification (won't match hash from NuGet API or manual calculation of .nupkg file)
hashPath
str
HashPath is the relative path to the .nupkg.sha512 hash file (e.g. "app.metrics.3.0.0.nupkg.sha512")
executables
obj
Executables are the map of .NET Portable Executable files within this package with their version resources
DotnetPackagesLockEntry
Is a struct that represents a single entry found in the "dependencies" section in a .NET packages.lock.json file.
Field Name
Type
Description
name
str
Name is the package name as found in the packages.lock.json file
version
str
Version is the package version as found in the packages.lock.json file
contentHash
str
ContentHash is the hash of the package content for verification
type
str
Type is the dependency type indicating how this dependency was added (Direct=explicit in project file, Transitive=pulled in by another package, Project=project reference)
DotnetPortableExecutableEntry
Is a struct that represents a single entry found within "VersionResources" section of a .NET Portable Executable binary file.
Field Name
Type
Description
assemblyVersion
str
AssemblyVersion is the .NET assembly version number (strong-named version)
legalCopyright
str
LegalCopyright is the copyright notice string
comments
str
Comments are additional comments or description embedded in PE resources
internalName
str
InternalName is the internal name of the file
companyName
str
CompanyName is the company that produced the file
productName
str
ProductName is the name of the product this file is part of
productVersion
str
ProductVersion is the version of the product (may differ from AssemblyVersion)
DpkgArchiveEntry
Represents package metadata extracted from a .deb archive file.
Field Name
Type
Description
package
str
Package is the package name as found in the status file
source
str
Source is the source package name this binary was built from (one source can produce multiple binary packages)
version
str
Version is the binary package version as found in the status file
sourceVersion
str
SourceVersion is the source package version (may differ from binary version when binNMU rebuilds occur)
architecture
str
Architecture is the target architecture per Debian spec (specific arch like amd64/arm64, wildcard like any, architecture-independent "all", or "source" for source packages)
maintainer
str
Maintainer is the package maintainer's name and email in RFC822 format (name must come first, then email in angle brackets)
installedSize
int
InstalledSize is the total size of installed files in kilobytes
provides
Array<str>
Provides are the virtual packages provided by this package (allows other packages to depend on capabilities. Can include versioned provides like "libdigest-md5-perl (= 2.55.01)")
depends
Array<str>
Depends are the packages required for this package to function (will not be installed unless these requirements are met, creates strict ordering constraint)
preDepends
Array<str>
PreDepends are the packages that must be installed and configured BEFORE even starting installation of this package (stronger than Depends, discouraged unless absolutely necessary as it adds strict constraints for apt)
Digest is the file content hash (typically MD5 for dpkg compatibility with legacy systems)
isConfigFile
bool
IsConfigFile is whether this file is marked as a configuration file (dpkg will preserve user modifications during upgrades)
DpkgDbEntry
Represents all captured data for a Debian package DB entry; available fields are described at http://manpages.ubuntu.com/manpages/xenial/man1/dpkg-query.1.html in the --showformat section.
Field Name
Type
Description
package
str
Package is the package name as found in the status file
source
str
Source is the source package name this binary was built from (one source can produce multiple binary packages)
version
str
Version is the binary package version as found in the status file
sourceVersion
str
SourceVersion is the source package version (may differ from binary version when binNMU rebuilds occur)
architecture
str
Architecture is the target architecture per Debian spec (specific arch like amd64/arm64, wildcard like any, architecture-independent "all", or "source" for source packages)
maintainer
str
Maintainer is the package maintainer's name and email in RFC822 format (name must come first, then email in angle brackets)
installedSize
int
InstalledSize is the total size of installed files in kilobytes
provides
Array<str>
Provides are the virtual packages provided by this package (allows other packages to depend on capabilities. Can include versioned provides like "libdigest-md5-perl (= 2.55.01)")
depends
Array<str>
Depends are the packages required for this package to function (will not be installed unless these requirements are met, creates strict ordering constraint)
preDepends
Array<str>
PreDepends are the packages that must be installed and configured BEFORE even starting installation of this package (stronger than Depends, discouraged unless absolutely necessary as it adds strict constraints for apt)
Digest is the file content hash (typically MD5 for dpkg compatibility with legacy systems)
isConfigFile
bool
IsConfigFile is whether this file is marked as a configuration file (dpkg will preserve user modifications during upgrades)
ElfBinaryPackageNoteJsonPayload
Represents metadata captured from the .note.package section of an ELF-formatted binary
Field Name
Type
Description
type
str
Type is the type of the package (e.g. "rpm", "deb", "apk", etc.)
architecture
str
Architecture of the binary package (e.g. "amd64", "arm", etc.)
osCPE
str
OSCPE is a CPE name for the OS, typically corresponding to CPE_NAME in os-release (e.g. cpe:/o:fedoraproject:fedora:33)
os
str
OS is the OS name, typically corresponding to ID in os-release (e.g. "fedora")
osVersion
str
osVersion is the version of the OS, typically corresponding to VERSION_ID in os-release (e.g. "33")
system
str
System is a context-specific name for the system that the binary package is intended to run on or a part of
vendor
str
Vendor is the individual or organization that produced the source code for the binary
sourceRepo
str
SourceRepo is the URL to the source repository for which the binary was built from
commit
str
Commit is the commit hash of the source repository for which the binary was built from
ElixirMixLockEntry
Is a struct that represents a single entry in a mix.lock file
Field Name
Type
Description
name
str
Name is the package name as found in the mix.lock file
version
str
Version is the package version as found in the mix.lock file
pkgHash
str
PkgHash is the outer checksum (SHA-256) of the entire Hex package tarball for integrity verification (preferred method, replaces deprecated inner checksum)
pkgHashExt
str
PkgHashExt is the extended package hash format (inner checksum is deprecated - SHA-256 of concatenated file contents excluding CHECKSUM file, now replaced by outer checksum)
ErlangRebarLockEntry
Represents a single package entry from the "deps" section within an Erlang rebar.lock file.
Field Name
Type
Description
name
str
Name is the package name as found in the rebar.lock file
version
str
Version is the package version as found in the rebar.lock file
pkgHash
str
PkgHash is the outer checksum (SHA-256) of the entire Hex package tarball for integrity verification (preferred method over deprecated inner checksum)
pkgHashExt
str
PkgHashExt is the extended package hash format (inner checksum deprecated - was SHA-256 of concatenated file contents)
GithubActionsUseStatement
Represents a single 'uses' statement in a GitHub Actions workflow file referencing an action or reusable workflow.
Field Name
Type
Description
value
str
Value is the action reference (e.g. "actions/checkout@v3")
comment
str
Comment is the inline comment associated with this uses statement
GoModuleBuildinfoEntry
GolangBinaryBuildinfoEntry represents all captured data for a Golang binary
Field Name
Type
Description
goBuildSettings
KeyValues
BuildSettings contains the Go build settings and flags used to compile the binary (e.g., GOARCH, GOOS, CGO_ENABLED).
goCompiledVersion
str
GoCompiledVersion is the version of Go used to compile the binary.
architecture
str
Architecture is the target CPU architecture for the binary (extracted from GOARCH build setting).
h1Digest
str
H1Digest is the Go module hash in h1: format for the main module from go.sum.
mainModule
str
MainModule is the main module path for the binary (e.g., "github.com/anchore/syft").
goCryptoSettings
Array<str>
GoCryptoSettings contains FIPS and cryptographic configuration settings if present.
goExperiments
Array<str>
GoExperiments lists experimental Go features enabled during compilation (e.g., "arenas", "cgocheck2").
GoModuleEntry
GolangModuleEntry represents all captured data for a Golang source scan with go.mod/go.sum
Field Name
Type
Description
h1Digest
str
H1Digest is the Go module hash in h1: format from go.sum for verifying module contents.
GoSourceEntry
GolangSourceEntry represents all captured data for a Golang package found through source analysis
Field Name
Type
Description
h1Digest
str
H1Digest is the Go module hash in h1: format from go.sum for verifying module contents.
os
str
OperatingSystem is the target OS for build constraints (e.g., "linux", "darwin", "windows").
architecture
str
Architecture is the target CPU architecture for build constraints (e.g., "amd64", "arm64").
buildTags
str
BuildTags are the build tags used to conditionally compile code (e.g., "integration,debug").
cgoEnabled
bool
CgoEnabled indicates whether CGO was enabled for this package.
HaskellHackageStackEntry
HackageStackYamlEntry represents a single entry from the "extra-deps" section of a stack.yaml file.
Field Name
Type
Description
pkgHash
str
PkgHash is the package content hash for verification
HaskellHackageStackLockEntry
HackageStackYamlLockEntry represents a single entry from the "packages" section of a stack.yaml.lock file.
Field Name
Type
Description
pkgHash
str
PkgHash is the package content hash for verification
snapshotURL
str
SnapshotURL is the URL to the Stack snapshot this package came from
HomebrewFormula
Represents metadata about a Homebrew formula package extracted from formula JSON files.
Field Name
Type
Description
tap
str
Tap is Homebrew tap this formula belongs to (e.g. "homebrew/core")
homepage
str
Homepage is the upstream project homepage URL
description
str
Description is a human-readable formula description
JavaArchive
Encapsulates all Java ecosystem metadata for a package as well as an (optional) parent relationship.
Field Name
Type
Description
virtualPath
str
VirtualPath is path within the archive hierarchy, where nested entries are delimited with ':' (for nested JARs)
Parent is the parent POM reference for inheritance (child POMs inherit configuration from parent)
groupId
str
GroupID is Maven group identifier (reversed domain name like org.apache.maven)
artifactId
str
ArtifactID is Maven artifact identifier (project name)
version
str
Version is project version (together with groupId and artifactId forms Maven coordinates groupId:artifactId:version)
name
str
Name is a human-readable project name (displayed in Maven-generated documentation)
description
str
Description is detailed project description
url
str
URL is the project URL (typically project website or repository)
JavaPomProperties
Represents the fields of interest extracted from a Java archive's pom.properties file.
Field Name
Type
Description
path
str
Path is path to the pom.properties file within the archive
name
str
Name is the project name
groupId
str
GroupID is Maven group identifier uniquely identifying the project across all projects (follows reversed domain name convention like com.company.project)
artifactId
str
ArtifactID is Maven artifact identifier, the name of the jar/artifact (unique within the groupId scope)
version
str
Version is artifact version
scope
str
Scope is dependency scope determining when dependency is available (compile=default all phases, test=test compilation/execution only, runtime=runtime and test not compile, provided=expected from JDK or container)
extraFields
obj
Extra is additional custom properties not in standard Maven coordinates
JavaJvmInstallation
JavaVMInstallation represents a Java Virtual Machine installation discovered on the system with its release information and file list.
Release is JVM release information and version details
files
Array<str>
Files are the list of files that are part of this JVM installation
JavaVMRelease
Represents JVM version and build information extracted from the release file in a Java installation.
Field Name
Type
Description
implementor
str
Implementor is extracted with the `java.vendor` JVM property
implementorVersion
str
ImplementorVersion is extracted with the `java.vendor.version` JVM property
javaRuntimeVersion
str
JavaRuntimeVersion is extracted from the 'java.runtime.version' JVM property
javaVersion
str
JavaVersion matches that from `java -version` command output
javaVersionDate
str
JavaVersionDate is extracted from the 'java.version.date' JVM property
libc
str
Libc can either be 'glibc' or 'musl'
modules
Array<str>
Modules is a list of JVM modules that are packaged
osArch
str
OsArch is the target CPU architecture
osName
str
OsName is the name of the target runtime operating system environment
osVersion
str
OsVersion is the version of the target runtime operating system environment
source
str
Source refers to the origin repository of OpenJDK source
buildSource
str
BuildSource Git SHA of the build repository
buildSourceRepo
str
BuildSourceRepo refers to rhe repository URL for the build source
sourceRepo
str
SourceRepo refers to the OpenJDK repository URL
fullVersion
str
FullVersion is extracted from the 'java.runtime.version' JVM property
semanticVersion
str
SemanticVersion is derived from the OpenJDK version
buildInfo
str
BuildInfo contains additional build information
jvmVariant
str
JvmVariant specifies the JVM variant (e.g., Hotspot or OpenJ9)
jvmVersion
str
JvmVersion is extracted from the 'java.vm.version' JVM property
imageType
str
ImageType can be 'JDK' or 'JRE'
buildType
str
BuildType can be 'commercial' (used in some older oracle JDK distributions)
JavascriptNpmPackage
NpmPackage represents the contents of a javascript package.json file.
Field Name
Type
Description
name
str
Name is the package name as found in package.json
version
str
Version is the package version as found in package.json
author
str
Author is package author name
homepage
str
Homepage is project homepage URL
description
str
Description is a human-readable package description
url
str
URL is repository or project URL
private
bool
Private is whether this is a private package
JavascriptNpmPackageLockEntry
NpmPackageLockEntry represents a single entry within the "packages" section of a package-lock.json file.
Field Name
Type
Description
resolved
str
Resolved is URL where this package was downloaded from (registry source)
integrity
str
Integrity is Subresource Integrity hash for verification using standard SRI format (sha512-... or sha1-...). npm changed from SHA-1 to SHA-512 in newer versions. For registry sources this is the integrity from registry, for remote tarballs it's SHA-512 of the file. npm verifies tarball matches this hash before unpacking, throwing EINTEGRITY error if mismatch detected.
JavascriptYarnLockEntry
YarnLockEntry represents a single entry section of a yarn.lock file.
Field Name
Type
Description
resolved
str
Resolved is URL where this package was downloaded from
integrity
str
Integrity is Subresource Integrity hash for verification (SRI format)
LinuxKernelArchive
LinuxKernel represents all captured data for a Linux kernel
Field Name
Type
Description
name
str
Name is kernel name (typically "Linux")
architecture
str
Architecture is the target CPU architecture
version
str
Version is kernel version string
extendedVersion
str
ExtendedVersion is additional version information
buildTime
str
BuildTime is when the kernel was built
author
str
Author is who built the kernel
format
str
Format is kernel image format (e.g. bzImage, zImage)
rwRootFS
bool
RWRootFS is whether root filesystem is mounted read-write
swapDevice
int
SwapDevice is swap device number
rootDevice
int
RootDevice is root device number
videoMode
str
VideoMode is default video mode setting
LinuxKernelModule
Represents a loadable kernel module (.ko file) with its metadata, parameters, and dependencies.
Field Name
Type
Description
name
str
Name is module name
version
str
Version is module version string
sourceVersion
str
SourceVersion is the source code version identifier
path
str
Path is the filesystem path to the .ko kernel object file (absolute path)
description
str
Description is a human-readable module description
author
str
Author is module author name and email
license
str
License is module license (e.g. GPL, BSD) which must be compatible with kernel
kernelVersion
str
KernelVersion is kernel version this module was built for
versionMagic
str
VersionMagic is version magic string for compatibility checking (includes kernel version, SMP status, module loading capabilities like "3.17.4-302.fc21.x86_64 SMP mod_unload modversions"). Module will NOT load if vermagic doesn't match running kernel.
parameters
obj
Parameters are the module parameters that can be configured at load time (user-settable values like module options)
LuarocksPackage
Represents a Lua package managed by the LuaRocks package manager with metadata from .rockspec files.
Field Name
Type
Description
name
str
Name is the package name as found in the .rockspec file
version
str
Version is the package version as found in the .rockspec file
license
str
License is license identifier
homepage
str
Homepage is project homepage URL
description
str
Description is a human-readable package description
url
str
URL is the source download URL
dependencies
obj
Dependencies are the map of dependency names to version constraints
NixStoreEntry
Represents a package in the Nix store (/nix/store) with its derivation information and metadata.
Field Name
Type
Description
path
str
Path is full store path for this output (e.g. /nix/store/abc123...-package-1.0)
output
str
Output is the specific output name for multi-output packages (empty string for default "out" output, can be "bin", "dev", "doc", etc.)
outputHash
str
OutputHash is hash prefix of the store path basename (first part before the dash)
Derivation is information about the .drv file that describes how this package was built
files
Array<str>
Files are the list of files under the nix/store path for this package
NixDerivation
Represents a Nix .drv file that describes how to build a package including inputs, outputs, and build instructions.
Field Name
Type
Description
path
str
Path is path to the .drv file in Nix store
system
str
System is target system string indicating where derivation can be built (e.g. "x86_64-linux", "aarch64-darwin"). Must match current system for local builds.
Source is the source repository information for development (typically git repo, used when passing --prefer-source). Originates from source code repository.
Source is the source repository information for development (typically git repo, used when passing --prefer-source). Originates from source code repository.
Digest is file content hash (MD5 for regular files in CONTENTS format: "obj filename md5hash mtime")
PythonPackage
Represents all captured data for a python egg or wheel package (specifically as outlined in the PyPA core metadata specification https://packaging.python.org/en/latest/specifications/core-metadata/).
Field Name
Type
Description
name
str
Name is the package name from the Name field in PKG-INFO or METADATA.
version
str
Version is the package version from the Version field in PKG-INFO or METADATA.
author
str
Author is the package author name from the Author field.
authorEmail
str
AuthorEmail is the package author's email address from the Author-Email field.
platform
str
Platform indicates the target platform for the package (e.g., "any", "linux", "win32").
Digest contains the hash algorithm and value for file integrity verification.
userName
str
UserName is the owner username for the file.
groupName
str
GroupName is the group name for the file.
flags
str
Flags indicates the file type (e.g., "%config", "%doc", "%ghost").
RpmSignature
Represents a GPG signature for an RPM package used for authenticity verification.
Field Name
Type
Description
algo
str
PublicKeyAlgorithm is the public key algorithm used for signing (e.g., "RSA").
hash
str
HashAlgorithm is the hash algorithm used for the signature (e.g., "SHA256").
created
str
Created is the timestamp when the signature was created.
issuer
str
IssuerKeyID is the GPG key ID that created the signature.
RubyGemspec
Represents all metadata parsed from the *.gemspec file
Field Name
Type
Description
name
str
Name is gem name as specified in the gemspec
version
str
Version is gem version as specified in the gemspec
files
Array<str>
Files is logical list of files in the gem (NOT directly usable as filesystem paths. Example: bundler gem lists "lib/bundler/vendor/uri/lib/uri/ldap.rb" but actual path is "/usr/local/lib/ruby/3.2.0/bundler/vendor/uri/lib/uri/ldap.rb". Would need gem installation path, ruby version, and env vars like GEM_HOME to resolve actual paths.)
authors
Array<str>
Authors are the list of gem authors (stored as array regardless of using `author` or `authors` method in gemspec)
homepage
str
Homepage is project homepage URL
RustCargoAuditEntry
RustBinaryAuditEntry represents Rust crate metadata extracted from a compiled binary using cargo-auditable format.
Field Name
Type
Description
name
str
Name is crate name as specified in audit section of the build binary
version
str
Version is crate version as specified in audit section of the build binary
source
str
Source is the source registry or repository where this crate came from
RustCargoLockEntry
Represents a locked dependency from a Cargo.lock file with precise version and checksum information.
Field Name
Type
Description
name
str
Name is crate name as specified in Cargo.toml
version
str
Version is crate version as specified in Cargo.toml
source
str
Source is the source registry or repository URL in format "registry+https://github.com/rust-lang/crates.io-index" for registry packages
checksum
str
Checksum is content checksum for registry packages only (hexadecimal string). Cargo doesn't require or include checksums for git dependencies. Used to detect MITM attacks by verifying downloaded crate matches lockfile checksum.
dependencies
Array<str>
Dependencies are the list of dependencies with version constraints
SnapEntry
Represents metadata for a Snap package extracted from snap.yaml or snapcraft.yaml files.
Field Name
Type
Description
snapType
str
SnapType indicates the snap type (base, kernel, app, gadget, or snapd).
base
str
Base is the base snap name that this snap depends on (e.g., "core20", "core22").
snapName
str
SnapName is the snap package name.
snapVersion
str
SnapVersion is the snap package version.
architecture
str
Architecture is the target CPU architecture (e.g., "amd64", "arm64").
SwiftPackageManagerLockEntry
SwiftPackageManagerResolvedEntry represents a resolved dependency from a Package.resolved file with its locked version and source location.
Field Name
Type
Description
revision
str
Revision is git commit hash of the resolved package
SwiplpackPackage
SwiplPackEntry represents a SWI-Prolog package from the pack system with metadata about the package and its dependencies.
Field Name
Type
Description
name
str
Name is the package name as found in the .toml file
version
str
Version is the package version as found in the .toml file
author
str
Author is author name
authorEmail
str
AuthorEmail is author email address
packager
str
Packager is packager name (if different from author)
packagerEmail
str
PackagerEmail is packager email address
homepage
str
Homepage is project homepage URL
dependencies
Array<str>
Dependencies are the list of required dependencies
TerraformLockProviderEntry
Represents a single provider entry in a Terraform dependency lock file (.terraform.lock.hcl).
Field Name
Type
Description
url
str
URL is the provider source address (e.g., "registry.terraform.io/hashicorp/aws").
constraints
str
Constraints specifies the version constraints for the provider (e.g., "~> 4.0").
version
str
Version is the locked provider version selected during terraform init.
hashes
Array<str>
Hashes are cryptographic checksums for the provider plugin archives across different platforms.
WordpressPluginEntry
Represents all metadata parsed from the wordpress plugin file
Field Name
Type
Description
pluginInstallDirectory
str
PluginInstallDirectory is directory name where the plugin is installed
author
str
Author is plugin author name
authorUri
str
AuthorURI is author's website URL
2 - v15
Complete reference for Syft JSON schema version 15.0.0