-
Notifications
You must be signed in to change notification settings - Fork 135
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge pull request #188 from tardyp/sbom
Add spdxlite 2.2 SBOM parsing support Signed-off-by: Philippe Ombredanne <pombredanne@nexb.com>
- Loading branch information
Showing
17 changed files
with
658 additions
and
357 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,144 @@ | ||
{ | ||
"id": "SPDXRef-DOCUMENT", | ||
"specVersion": { | ||
"major": 2, | ||
"minor": 2 | ||
}, | ||
"documentNamespace": "http://spdx.org/spdxdocs/spdx-document-xyz", | ||
"name": "xyz-0.1.0", | ||
"comment": null, | ||
"dataLicense": { | ||
"type": "Single", | ||
"identifier": "CC0-1.0", | ||
"name": "Creative Commons Zero v1.0 Universal" | ||
}, | ||
"licenseListVersion": { | ||
"major": 3, | ||
"minor": 9 | ||
}, | ||
"creators": [ | ||
{ | ||
"name": "Example Inc.", | ||
"email": null, | ||
"type": "Organization" | ||
}, | ||
{ | ||
"name": "Thomas Steenbergen", | ||
"email": null, | ||
"type": "Person" | ||
} | ||
], | ||
"created": "2020-07-23T18:30:22Z", | ||
"creatorComment": null, | ||
"packages": [ | ||
{ | ||
"id": "SPDXRef-Package-xyz", | ||
"name": "xyz", | ||
"packageFileName": null, | ||
"summary": "Awesome product created by Example Inc.", | ||
"description": null, | ||
"versionInfo": "0.1.0", | ||
"sourceInfo": null, | ||
"downloadLocation": "git+ssh://gitlab.example.com:3389/products/xyz.git@b2c358080011af6a366d2512a25a379fbe7b1f78", | ||
"homepage": "https://example.com/products/xyz", | ||
"originator": null, | ||
"supplier": null, | ||
"licenseConcluded": { | ||
"type": "Single", | ||
"identifier": "NOASSERTION", | ||
"name": "NOASSERTION" | ||
}, | ||
"licenseDeclared": { | ||
"type": "Conjunction", | ||
"identifier": [ | ||
"Apache-2.0", | ||
"LicenseRef-Proprietary-ExampleInc", | ||
"curl" | ||
], | ||
"name": [ | ||
"Apache License 2.0", | ||
"LicenseRef-Proprietary-ExampleInc", | ||
"curl License" | ||
] | ||
}, | ||
"copyrightText": "copyright 2004-2020 Example Inc. All Rights Reserved.", | ||
"licenseComment": null, | ||
"checksum": null, | ||
"files": [], | ||
"licenseInfoFromFiles": [], | ||
"verificationCode": { | ||
"value": null, | ||
"excludedFilesNames": [] | ||
} | ||
}, | ||
{ | ||
"id": "SPDXRef-Package-curl", | ||
"name": "curl", | ||
"packageFileName": "./libs/curl", | ||
"summary": null, | ||
"description": "A command line tool and library for transferring data with URL syntax, supporting HTTP, HTTPS, FTP, FTPS, GOPHER, TFTP, SCP, SFTP, SMB, TELNET, DICT, LDAP, LDAPS, MQTT, FILE, IMAP, SMTP, POP3, RTSP and RTMP. libcurl offers a myriad of powerful features.", | ||
"versionInfo": "7.70.0", | ||
"sourceInfo": null, | ||
"downloadLocation": "https://github.com/curl/curl/releases/download/curl-7_70_0/curl-7.70.0.tar.gz", | ||
"homepage": "https://curl.haxx.se/", | ||
"originator": null, | ||
"supplier": null, | ||
"licenseConcluded": { | ||
"type": "Single", | ||
"identifier": "NOASSERTION", | ||
"name": "NOASSERTION" | ||
}, | ||
"licenseDeclared": { | ||
"type": "Single", | ||
"identifier": "curl", | ||
"name": "curl License" | ||
}, | ||
"copyrightText": "Copyright (c) 1996 - 2020, Daniel Stenberg, <daniel@haxx.se>, and many contributors, see the THANKS file.", | ||
"licenseComment": null, | ||
"checksum": null, | ||
"files": [], | ||
"licenseInfoFromFiles": [], | ||
"verificationCode": { | ||
"value": null, | ||
"excludedFilesNames": [] | ||
} | ||
}, | ||
{ | ||
"id": "SPDXRef-Package-openssl", | ||
"name": "openssl", | ||
"packageFileName": "./libs/openssl", | ||
"summary": null, | ||
"description": "OpenSSL is a robust, commercial-grade, full-featured Open Source Toolkit for the Transport Layer Security (TLS) protocol formerly known as the Secure Sockets Layer (SSL) protocol. The protocol implementation is based on a full-strength general purpose cryptographic library, which can also be used stand-alone.", | ||
"versionInfo": "1.1.1g", | ||
"sourceInfo": null, | ||
"downloadLocation": "git+ssh://github.com/openssl/openssl.git@e2e09d9fba1187f8d6aafaa34d4172f56f1ffb72", | ||
"homepage": "https://www.openssl.org/", | ||
"originator": null, | ||
"supplier": null, | ||
"licenseConcluded": { | ||
"type": "Single", | ||
"identifier": "NOASSERTION", | ||
"name": "NOASSERTION" | ||
}, | ||
"licenseDeclared": { | ||
"type": "Single", | ||
"identifier": "Apache-2.0", | ||
"name": "Apache License 2.0" | ||
}, | ||
"copyrightText": "copyright 2004-2020 The OpenSSL Project Authors. All Rights Reserved.", | ||
"licenseComment": null, | ||
"checksum": null, | ||
"files": [], | ||
"licenseInfoFromFiles": [], | ||
"verificationCode": { | ||
"value": null, | ||
"excludedFilesNames": [] | ||
} | ||
} | ||
], | ||
"externalDocumentRefs": [], | ||
"extractedLicenses": [], | ||
"annotations": [], | ||
"reviews": [], | ||
"snippets": [] | ||
} |
Oops, something went wrong.