Skip to content

Instantly share code, notes, and snippets.

@zvr

zvr/licenses-example.json

Created March 10, 2023 10:06
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save zvr/0c07cf7c88c12abb62822592cf73e033 to your computer and use it in GitHub Desktop.
Save zvr/0c07cf7c88c12abb62822592cf73e033 to your computer and use it in GitHub Desktop.
Download ZIP
Small SPDX SBOM with arbitrary license strings
Raw
licenses-example.json
{
"spdxVersion": "SPDX-2.3",
"documentNamespace": "http://example.com/sbom/20230308",
"creationInfo": {
"creators": [
"Organization: Example Corp. ()"
],
"created": "2023-03-08T10:34:23Z",
"licenseListVersion": "3.17",
"comment": "Example SBOM"
},
"dataLicense": "CC0-1.0",
"SPDXID": "SPDXRef-DOCUMENT",
"name": "Bundle",
"packages": [
{
"SPDXID": "SPDXRef-Package",
"name": "Whole bunfdle",
"downloadLocation": "https://example.com/bundle.tar.gz",
"filesAnalyzed": false,
"licenseConcluded": "NOASSERTION",
"licenseDeclared": "NOASSERTION",
"copyrightText": "NOASSERTION",
"versionInfo": "2023.03.02",
"checksums": [
{
"algorithm": "SHA256",
"checksumValue": "01e2dc8613022db653a69b70f48922644400f12b3402cf57e1850df9e3c71ce5"
}
]
},
{
"SPDXID": "SPDXRef-Package-1",
"name": "clang",
"downloadLocation": "NOASSERTION",
"filesAnalyzed": false,
"licenseConcluded": "Apache-2.0-with-LLVM-exception",
"licenseDeclared": "NOASSERTION",
"copyrightText": "NOASSERTION",
"versionInfo": "12.0.0"
},
{
"SPDXID": "SPDXRef-Package-2",
"name": "cryptsetup",
"downloadLocation": "NOASSERTION",
"filesAnalyzed": false,
"licenseConcluded": "GPL-2.0-with-OpenSSL-exception",
"licenseDeclared": "NOASSERTION",
"copyrightText": "NOASSERTION",
"versionInfo": "2.4.3"
},
{
"SPDXID": "SPDXRef-Package-3",
"name": "gcc-runtime",
"downloadLocation": "NOASSERTION",
"filesAnalyzed": false,
"licenseConcluded": "GPL-3.0-with-GCC-exception",
"licenseDeclared": "NOASSERTION",
"copyrightText": "NOASSERTION",
"versionInfo": "11.3.0"
}
],
"documentDescribes": [
"SPDXRef-Package"
],
"relationships": [
{
"spdxElementId": "SPDXRef-Package",
"relatedSpdxElement": "SPDXRef-Package-1",
"relationshipType": "CONTAINS"
},
{
"spdxElementId": "SPDXRef-Package",
"relatedSpdxElement": "SPDXRef-Package-2",
"relationshipType": "CONTAINS"
},
{
"spdxElementId": "SPDXRef-Package",
"relatedSpdxElement": "SPDXRef-Package-3",
"relationshipType": "CONTAINS"
}
]
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment