Skip to content

Commit 6f8f8bf

Browse files
goneallgoneall
authored
Merge pull request spdx#85 from nishakm/example7-spdx3
Add SPDX 3.0 for example7
2 parents 88a7203 + 4a9291b commit 6f8f8bf

File tree

4 files changed

+439
-0
lines changed

4 files changed

+439
-0
lines changed

software/example7/spdx3.0/example7-bin.spdx.json

Lines changed: 166 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,166 @@
1+
{
2+
"@context": "https://spdx.org/rdf/3.0.0/spdx-context.jsonld",
3+
"@graph": [
4+
{
5+
"spdxId": "urn:uuid:6731cd26-926c-486b-8127-340c0f11a228",
6+
"type": "Person",
7+
"creationInfo": "_:creationInfo",
8+
"comment": "Person or Tool that created this document",
9+
"name": "Nisha K",
10+
"externalIdentifier": [
11+
{
12+
"type": "ExternalIdentifier",
13+
"externalIdentifierType": "email",
14+
"identifier": "[email protected]"
15+
}
16+
]
17+
},
18+
{
19+
"@id": "_:creationInfo",
20+
"type": "CreationInfo",
21+
"specVersion": "3.0.0",
22+
"created": "2020-11-24T01:12:27Z",
23+
"createdBy": [
24+
"urn:uuid:6731cd26-926c-486b-8127-340c0f11a228"
25+
],
26+
"comment": "All objects within the graph will have this same CreationInfo"
27+
},
28+
{
29+
"spdxId": "urn:uuid:3773937f-6db8-49f9-920f-7d1a6b0cfcbb",
30+
"type": "software_File",
31+
"name": "hello",
32+
"creationInfo": "_:creationInfo",
33+
"comment": "This binary was created by building go source code",
34+
"originatedBy": [
35+
"urn:uuid:6731cd26-926c-486b-8127-340c0f11a228"
36+
],
37+
"software_primaryPurpose": "executable"
38+
},
39+
{
40+
"type": "LifecycleScopedRelationship",
41+
"scope": "build",
42+
"spdxId": "urn:uuid:98dd3b3f-6b8f-49a1-88b6-628750516f1e",
43+
"creationInfo": "_:creationInfo",
44+
"relationshipType": "usesTool",
45+
"from": "urn:uuid:e1877974-0aaa-48e6-931f-db4898c543f8",
46+
"to": [
47+
"urn:uuid:a9f18ff3-17fa-419d-8966-abe4b992312b"
48+
]
49+
},
50+
{
51+
"type": "LifecycleScopedRelationship",
52+
"scope": "build",
53+
"spdxId": "urn:uuid:a7b65a78-8ed2-4b20-a91b-40f94ecdb81c",
54+
"creationInfo": "_:creationInfo",
55+
"relationshipType": "generates",
56+
"from": "urn:uuid:3b2939bf-fcce-4617-a06f-115168870b95",
57+
"to": [
58+
"urn:uuid:3773937f-6db8-49f9-920f-7d1a6b0cfcbb"
59+
]
60+
},
61+
{
62+
"type": "LifecycleScopedRelationship",
63+
"scope": "build",
64+
"spdxId": "urn:uuid:5524e7dd-5d2f-44fa-86b0-ccaa3cf6fa63",
65+
"creationInfo": "_:creationInfo",
66+
"relationshipType": "hasStaticLink",
67+
"from": "urn:uuid:3773937f-6db8-49f9-920f-7d1a6b0cfcbb",
68+
"to": [
69+
"urn:uuid:4918b993-36f8-4e75-bf94-2f017575eae5",
70+
"urn:uuid:84e4231d-fc1d-4b4e-9609-05781f81fa73"
71+
]
72+
},
73+
{
74+
"type": "software_Sbom",
75+
"spdxId": "urn:uuid:4c7ec5f3-875b-4f99-8c4c-f0a718da8c4f",
76+
"creationInfo": "_:creationInfo",
77+
"comment": "The SBOM communicates that this document is an SBOM",
78+
"rootElement": [
79+
"urn:uuid:3773937f-6db8-49f9-920f-7d1a6b0cfcbb"
80+
],
81+
"element": [
82+
"urn:uuid:6731cd26-926c-486b-8127-340c0f11a228",
83+
"urn:uuid:3773937f-6db8-49f9-920f-7d1a6b0cfcbb",
84+
"urn:uuid:98dd3b3f-6b8f-49a1-88b6-628750516f1e",
85+
"urn:uuid:a7b65a78-8ed2-4b20-a91b-40f94ecdb81c",
86+
"urn:uuid:5524e7dd-5d2f-44fa-86b0-ccaa3cf6fa63"
87+
]
88+
},
89+
{
90+
"spdxId": "urn:uuid:6a1ea0da-1801-495b-9d35-2735e79eee1b",
91+
"type": "SpdxDocument",
92+
"creationInfo": "_:creationInfo",
93+
"comment": "This document's primary communication is the SBOM",
94+
"name": "example7-bin.spdx",
95+
"profileConformance": [
96+
"core",
97+
"software"
98+
],
99+
"rootElement": [
100+
"urn:uuid:4c7ec5f3-875b-4f99-8c4c-f0a718da8c4f"
101+
],
102+
"imports": [
103+
{
104+
"type": "ExternalMap",
105+
"externalSpdxId": "urn:uuid:a9f18ff3-17fa-419d-8966-abe4b992312b",
106+
"locationHint": "https://github.com/spdx/spdx-examples/software/example7/example7-golang.spdx.jsonld",
107+
"verifiedUsing": [
108+
{
109+
"type": "Hash",
110+
"algorithm": "sha256",
111+
"hashValue": "15ed567c36a30fb37f7d19f0f471434b9453909bf62d925194efe713ede62086"
112+
}
113+
]
114+
},
115+
{
116+
"type": "ExternalMap",
117+
"externalSpdxId": "urn:uuid:3b2939bf-fcce-4617-a06f-115168870b95",
118+
"locationHint": "https://github.com/spdx/spdx-examples/software/example7/example7-golang.spdx.jsonld",
119+
"verifiedUsing": [
120+
{
121+
"type": "Hash",
122+
"algorithm": "sha256",
123+
"hashValue": "15ed567c36a30fb37f7d19f0f471434b9453909bf62d925194efe713ede62086"
124+
}
125+
]
126+
},
127+
{
128+
"type": "ExternalMap",
129+
"externalSpdxId": "urn:uuid:e1877974-0aaa-48e6-931f-db4898c543f8",
130+
"locationHint": "https://github.com/spdx/spdx-examples/software/example7/example7-go-module.spdx.jsonld",
131+
"verifiedUsing": [
132+
{
133+
"type": "Hash",
134+
"algorithm": "sha256",
135+
"hashValue": "7bb2343efdccb4a2a2947219c87747673854fc6b550b2f98518af342f8dded17"
136+
}
137+
]
138+
},
139+
{
140+
"type": "ExternalMap",
141+
"externalSpdxId": "urn:uuid:4918b993-36f8-4e75-bf94-2f017575eae5",
142+
"locationHint": "https://github.com/spdx/spdx-examples/software/example7/example7-third-party-modules.spdx.jsonld",
143+
"verifiedUsing": [
144+
{
145+
"type": "Hash",
146+
"algorithm": "sha256",
147+
"hashValue": "0e3532e0773d24d1a3a0a58592effd67daf22ac89282dc18805e1eef23f68dfe"
148+
}
149+
]
150+
},
151+
{
152+
"type": "ExternalMap",
153+
"externalSpdxId": "urn:uuid:84e4231d-fc1d-4b4e-9609-05781f81fa73",
154+
"locationHint": "https://github.com/spdx/spdx-examples/software/example7/example7-third-party-modules.spdx.jsonld",
155+
"verifiedUsing": [
156+
{
157+
"type": "Hash",
158+
"algorithm": "sha256",
159+
"hashValue": "0e3532e0773d24d1a3a0a58592effd67daf22ac89282dc18805e1eef23f68dfe"
160+
}
161+
]
162+
}
163+
]
164+
}
165+
]
166+
}

software/example7/spdx3.0/example7-go-module.spdx.json

Lines changed: 68 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,68 @@
1+
{
2+
"@context": "https://spdx.org/rdf/3.0.0/spdx-context.jsonld",
3+
"@graph": [
4+
{
5+
"spdxId": "urn:uuid:cf7dddac-8ce5-4a16-8860-ee255be7b4c8",
6+
"type": "Person",
7+
"creationInfo": "_:creationInfo",
8+
"comment": "Person or Tool that created this document. Assuming that this document was created by the same person/tool but at a different time",
9+
"name": "Nisha K",
10+
"externalIdentifier": [
11+
{
12+
"type": "ExternalIdentifier",
13+
"externalIdentifierType": "email",
14+
"identifier": "[email protected]"
15+
}
16+
]
17+
},
18+
{
19+
"@id": "_:creationInfo",
20+
"type": "CreationInfo",
21+
"specVersion": "3.0.0",
22+
"created": "2020-11-25T01:12:27Z",
23+
"createdBy": [
24+
"urn:uuid:cf7dddac-8ce5-4a16-8860-ee255be7b4c8"
25+
],
26+
"comment": "All objects within the graph will have this same CreationInfo"
27+
},
28+
{
29+
"spdxId": "urn:uuid:e1877974-0aaa-48e6-931f-db4898c543f8",
30+
"type": "software_Package",
31+
"name": "example.com/hello",
32+
"creationInfo": "_:creationInfo",
33+
"comment": "This is version controlled source code, generated by the ssame person who made this document",
34+
"software_primaryPurpose": "source",
35+
"software_downloadLocation": "git://github.com/spdx/spdx-examples.git#software/example7/src/hello",
36+
"originatedBy": [
37+
"urn:uuid:cf7dddac-8ce5-4a16-8860-ee255be7b4c8"
38+
]
39+
},
40+
{
41+
"type": "software_Sbom",
42+
"spdxId": "urn:uuid:711c6f39-6c80-494e-b848-1c01e8962345",
43+
"creationInfo": "_:creationInfo",
44+
"comment": "The SBOM communicates that this document is an SBOM. The SBOM only has one software package and its creator",
45+
"rootElement": [
46+
"urn:uuid:e1877974-0aaa-48e6-931f-db4898c543f8"
47+
],
48+
"element": [
49+
"urn:uuid:cf7dddac-8ce5-4a16-8860-ee255be7b4c8",
50+
"urn:uuid:e1877974-0aaa-48e6-931f-db4898c543f8"
51+
]
52+
},
53+
{
54+
"spdxId": "urn:uuid:b61745ef-59c7-4804-878d-fccbe455bd80",
55+
"type": "SpdxDocument",
56+
"creationInfo": "_:creationInfo",
57+
"comment": "This document's primary communication is the SBOM",
58+
"name": "example7-go-module.spdx",
59+
"profileConformance": [
60+
"core",
61+
"software"
62+
],
63+
"rootElement": [
64+
"urn:uuid:711c6f39-6c80-494e-b848-1c01e8962345"
65+
]
66+
}
67+
]
68+
}

software/example7/spdx3.0/example7-golang.spdx.json

Lines changed: 107 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,107 @@
1+
{
2+
"@context": "https://spdx.org/rdf/3.0.0/spdx-context.jsonld",
3+
"@graph": [
4+
{
5+
"spdxId": "urn:uuid:cc81c9c0-c466-4e22-b3f6-945a65f5d07b",
6+
"type": "Person",
7+
"creationInfo": "_:creationInfo",
8+
"comment": "Person or Tool that created this document",
9+
"name": "Nisha K",
10+
"externalIdentifier": [
11+
{
12+
"type": "ExternalIdentifier",
13+
"externalIdentifierType": "email",
14+
"identifier": "[email protected]"
15+
}
16+
]
17+
},
18+
{
19+
"spdxId": "urn:uuid:a5d2b614-1c0a-477d-b1fc-dc391f2c1c6d",
20+
"type": "Organization",
21+
"creationInfo": "_:creationInfo",
22+
"comment": "The organization that originated the software package",
23+
"name": "golang.org"
24+
},
25+
{
26+
"@id": "_:creationInfo",
27+
"type": "CreationInfo",
28+
"specVersion": "3.0.0",
29+
"created": "2020-11-24T01:12:27Z",
30+
"createdBy": [
31+
"urn:uuid:cc81c9c0-c466-4e22-b3f6-945a65f5d07b"
32+
],
33+
"comment": "All objects within the graph will have this same CreationInfo"
34+
},
35+
{
36+
"spdxId": "urn:uuid:a9f18ff3-17fa-419d-8966-abe4b992312b",
37+
"type": "software_Package",
38+
"name": "go1.16.4.linux-amd64.tar.gz",
39+
"creationInfo": "_:creationInfo",
40+
"comment": "This is the downloaded tarball to be installed on disk",
41+
"software_packageVersion": "1.16.4",
42+
"software_primaryPurpose": "install",
43+
"software_downloadLocation": "https://golang.org/dl/go1.16.4.linux-amd64.tar.gz",
44+
"originatedBy": [
45+
"urn:uuid:a5d2b614-1c0a-477d-b1fc-dc391f2c1c6d"
46+
],
47+
"verifiedUsing": [
48+
{
49+
"type": "Hash",
50+
"algorithm": "sha256",
51+
"hashValue": "7154e88f5a8047aad4b80ebace58a059e36e7e2e4eb3b383127a28c711b4ff59"
52+
}
53+
]
54+
},
55+
{
56+
"spdxId": "urn:uuid:3b2939bf-fcce-4617-a06f-115168870b95",
57+
"type": "software_File",
58+
"name": "go",
59+
"creationInfo": "_:creationInfo",
60+
"comment": "The installation comes with an executable",
61+
"originatedBy": [
62+
"urn:uuid:a5d2b614-1c0a-477d-b1fc-dc391f2c1c6d"
63+
],
64+
"software_primaryPurpose": "executable"
65+
},
66+
{
67+
"type": "Relationship",
68+
"spdxId": "urn:uuid:92c6754b-d6e9-48b7-8b86-54fdc89995a6",
69+
"creationInfo": "_:creationInfo",
70+
"relationshipType": "contains",
71+
"from": "urn:uuid:a9f18ff3-17fa-419d-8966-abe4b992312b",
72+
"to": [
73+
"urn:uuid:3b2939bf-fcce-4617-a06f-115168870b95"
74+
]
75+
},
76+
{
77+
"type": "software_Sbom",
78+
"spdxId": "urn:uuid:d523d308-8348-4051-85ea-a67a14978fad",
79+
"creationInfo": "_:creationInfo",
80+
"comment": "The SBOM communicates that this document is an SBOM",
81+
"rootElement": [
82+
"urn:uuid:a9f18ff3-17fa-419d-8966-abe4b992312b"
83+
],
84+
"element": [
85+
"urn:uuid:a5d2b614-1c0a-477d-b1fc-dc391f2c1c6d",
86+
"urn:uuid:cc81c9c0-c466-4e22-b3f6-945a65f5d07b",
87+
"urn:uuid:a9f18ff3-17fa-419d-8966-abe4b992312b",
88+
"urn:uuid:3b2939bf-fcce-4617-a06f-115168870b95",
89+
"urn:uuid:92c6754b-d6e9-48b7-8b86-54fdc89995a6"
90+
]
91+
},
92+
{
93+
"spdxId": "urn:uuid:93867a66-8945-45c2-ac11-4277d3af38fa",
94+
"type": "SpdxDocument",
95+
"creationInfo": "_:creationInfo",
96+
"comment": "This document's primary communication is the SBOM",
97+
"name": "example7-golang.spdx",
98+
"profileConformance": [
99+
"core",
100+
"software"
101+
],
102+
"rootElement": [
103+
"urn:uuid:d523d308-8348-4051-85ea-a67a14978fad"
104+
]
105+
}
106+
]
107+
}

0 commit comments

Comments
 (0)