diff --git a/software/example7/spdx3.0/example7-bin.spdx.json b/software/example7/spdx3.0/example7-bin.spdx.json new file mode 100644 index 0000000..32e012d --- /dev/null +++ b/software/example7/spdx3.0/example7-bin.spdx.json @@ -0,0 +1,166 @@ +{ + "@context": "https://spdx.org/rdf/3.0.0/spdx-context.jsonld", + "@graph": [ + { + "spdxId": "urn:uuid:6731cd26-926c-486b-8127-340c0f11a228", + "type": "Person", + "creationInfo": "_:creationInfo", + "comment": "Person or Tool that created this document", + "name": "Nisha K", + "externalIdentifier": [ + { + "type": "ExternalIdentifier", + "externalIdentifierType": "email", + "identifier": "nishak@vmware.com" + } + ] + }, + { + "@id": "_:creationInfo", + "type": "CreationInfo", + "specVersion": "3.0.0", + "created": "2020-11-24T01:12:27Z", + "createdBy": [ + "urn:uuid:6731cd26-926c-486b-8127-340c0f11a228" + ], + "comment": "All objects within the graph will have this same CreationInfo" + }, + { + "spdxId": "urn:uuid:3773937f-6db8-49f9-920f-7d1a6b0cfcbb", + "type": "software_File", + "name": "hello", + "creationInfo": "_:creationInfo", + "comment": "This binary was created by building go source code", + "originatedBy": [ + "urn:uuid:6731cd26-926c-486b-8127-340c0f11a228" + ], + "software_primaryPurpose": "executable" + }, + { + "type": "LifecycleScopedRelationship", + "scope": "build", + "spdxId": "urn:uuid:98dd3b3f-6b8f-49a1-88b6-628750516f1e", + "creationInfo": "_:creationInfo", + "relationshipType": "usesTool", + "from": "urn:uuid:e1877974-0aaa-48e6-931f-db4898c543f8", + "to": [ + "urn:uuid:a9f18ff3-17fa-419d-8966-abe4b992312b" + ] + }, + { + "type": "LifecycleScopedRelationship", + "scope": "build", + "spdxId": "urn:uuid:a7b65a78-8ed2-4b20-a91b-40f94ecdb81c", + "creationInfo": "_:creationInfo", + "relationshipType": "generates", + "from": "urn:uuid:3b2939bf-fcce-4617-a06f-115168870b95", + "to": [ + "urn:uuid:3773937f-6db8-49f9-920f-7d1a6b0cfcbb" + ] + }, + { + "type": "LifecycleScopedRelationship", + "scope": "build", + "spdxId": "urn:uuid:5524e7dd-5d2f-44fa-86b0-ccaa3cf6fa63", + "creationInfo": "_:creationInfo", + "relationshipType": "hasStaticLink", + "from": "urn:uuid:3773937f-6db8-49f9-920f-7d1a6b0cfcbb", + "to": [ + "urn:uuid:4918b993-36f8-4e75-bf94-2f017575eae5", + "urn:uuid:84e4231d-fc1d-4b4e-9609-05781f81fa73" + ] + }, + { + "type": "software_Sbom", + "spdxId": "urn:uuid:4c7ec5f3-875b-4f99-8c4c-f0a718da8c4f", + "creationInfo": "_:creationInfo", + "comment": "The SBOM communicates that this document is an SBOM", + "rootElement": [ + "urn:uuid:3773937f-6db8-49f9-920f-7d1a6b0cfcbb" + ], + "element": [ + "urn:uuid:6731cd26-926c-486b-8127-340c0f11a228", + "urn:uuid:3773937f-6db8-49f9-920f-7d1a6b0cfcbb", + "urn:uuid:98dd3b3f-6b8f-49a1-88b6-628750516f1e", + "urn:uuid:a7b65a78-8ed2-4b20-a91b-40f94ecdb81c", + "urn:uuid:5524e7dd-5d2f-44fa-86b0-ccaa3cf6fa63" + ] + }, + { + "spdxId": "urn:uuid:6a1ea0da-1801-495b-9d35-2735e79eee1b", + "type": "SpdxDocument", + "creationInfo": "_:creationInfo", + "comment": "This document's primary communication is the SBOM", + "name": "example7-bin.spdx", + "profileConformance": [ + "core", + "software" + ], + "rootElement": [ + "urn:uuid:4c7ec5f3-875b-4f99-8c4c-f0a718da8c4f" + ], + "imports": [ + { + "type": "ExternalMap", + "externalSpdxId": "urn:uuid:a9f18ff3-17fa-419d-8966-abe4b992312b", + "locationHint": "https://github.com/spdx/spdx-examples/software/example7/example7-golang.spdx.jsonld", + "verifiedUsing": [ + { + "type": "Hash", + "algorithm": "sha256", + "hashValue": "15ed567c36a30fb37f7d19f0f471434b9453909bf62d925194efe713ede62086" + } + ] + }, + { + "type": "ExternalMap", + "externalSpdxId": "urn:uuid:3b2939bf-fcce-4617-a06f-115168870b95", + "locationHint": "https://github.com/spdx/spdx-examples/software/example7/example7-golang.spdx.jsonld", + "verifiedUsing": [ + { + "type": "Hash", + "algorithm": "sha256", + "hashValue": "15ed567c36a30fb37f7d19f0f471434b9453909bf62d925194efe713ede62086" + } + ] + }, + { + "type": "ExternalMap", + "externalSpdxId": "urn:uuid:e1877974-0aaa-48e6-931f-db4898c543f8", + "locationHint": "https://github.com/spdx/spdx-examples/software/example7/example7-go-module.spdx.jsonld", + "verifiedUsing": [ + { + "type": "Hash", + "algorithm": "sha256", + "hashValue": "7bb2343efdccb4a2a2947219c87747673854fc6b550b2f98518af342f8dded17" + } + ] + }, + { + "type": "ExternalMap", + "externalSpdxId": "urn:uuid:4918b993-36f8-4e75-bf94-2f017575eae5", + "locationHint": "https://github.com/spdx/spdx-examples/software/example7/example7-third-party-modules.spdx.jsonld", + "verifiedUsing": [ + { + "type": "Hash", + "algorithm": "sha256", + "hashValue": "0e3532e0773d24d1a3a0a58592effd67daf22ac89282dc18805e1eef23f68dfe" + } + ] + }, + { + "type": "ExternalMap", + "externalSpdxId": "urn:uuid:84e4231d-fc1d-4b4e-9609-05781f81fa73", + "locationHint": "https://github.com/spdx/spdx-examples/software/example7/example7-third-party-modules.spdx.jsonld", + "verifiedUsing": [ + { + "type": "Hash", + "algorithm": "sha256", + "hashValue": "0e3532e0773d24d1a3a0a58592effd67daf22ac89282dc18805e1eef23f68dfe" + } + ] + } + ] + } + ] +} diff --git a/software/example7/spdx3.0/example7-go-module.spdx.json b/software/example7/spdx3.0/example7-go-module.spdx.json new file mode 100644 index 0000000..2b35962 --- /dev/null +++ b/software/example7/spdx3.0/example7-go-module.spdx.json @@ -0,0 +1,68 @@ +{ + "@context": "https://spdx.org/rdf/3.0.0/spdx-context.jsonld", + "@graph": [ + { + "spdxId": "urn:uuid:cf7dddac-8ce5-4a16-8860-ee255be7b4c8", + "type": "Person", + "creationInfo": "_:creationInfo", + "comment": "Person or Tool that created this document. Assuming that this document was created by the same person/tool but at a different time", + "name": "Nisha K", + "externalIdentifier": [ + { + "type": "ExternalIdentifier", + "externalIdentifierType": "email", + "identifier": "nishak@vmware.com" + } + ] + }, + { + "@id": "_:creationInfo", + "type": "CreationInfo", + "specVersion": "3.0.0", + "created": "2020-11-25T01:12:27Z", + "createdBy": [ + "urn:uuid:cf7dddac-8ce5-4a16-8860-ee255be7b4c8" + ], + "comment": "All objects within the graph will have this same CreationInfo" + }, + { + "spdxId": "urn:uuid:e1877974-0aaa-48e6-931f-db4898c543f8", + "type": "software_Package", + "name": "example.com/hello", + "creationInfo": "_:creationInfo", + "comment": "This is version controlled source code, generated by the ssame person who made this document", + "software_primaryPurpose": "source", + "software_downloadLocation": "git://github.com/spdx/spdx-examples.git#software/example7/src/hello", + "originatedBy": [ + "urn:uuid:cf7dddac-8ce5-4a16-8860-ee255be7b4c8" + ] + }, + { + "type": "software_Sbom", + "spdxId": "urn:uuid:711c6f39-6c80-494e-b848-1c01e8962345", + "creationInfo": "_:creationInfo", + "comment": "The SBOM communicates that this document is an SBOM. The SBOM only has one software package and its creator", + "rootElement": [ + "urn:uuid:e1877974-0aaa-48e6-931f-db4898c543f8" + ], + "element": [ + "urn:uuid:cf7dddac-8ce5-4a16-8860-ee255be7b4c8", + "urn:uuid:e1877974-0aaa-48e6-931f-db4898c543f8" + ] + }, + { + "spdxId": "urn:uuid:b61745ef-59c7-4804-878d-fccbe455bd80", + "type": "SpdxDocument", + "creationInfo": "_:creationInfo", + "comment": "This document's primary communication is the SBOM", + "name": "example7-go-module.spdx", + "profileConformance": [ + "core", + "software" + ], + "rootElement": [ + "urn:uuid:711c6f39-6c80-494e-b848-1c01e8962345" + ] + } + ] +} diff --git a/software/example7/spdx3.0/example7-golang.spdx.json b/software/example7/spdx3.0/example7-golang.spdx.json new file mode 100644 index 0000000..1040090 --- /dev/null +++ b/software/example7/spdx3.0/example7-golang.spdx.json @@ -0,0 +1,107 @@ +{ + "@context": "https://spdx.org/rdf/3.0.0/spdx-context.jsonld", + "@graph": [ + { + "spdxId": "urn:uuid:cc81c9c0-c466-4e22-b3f6-945a65f5d07b", + "type": "Person", + "creationInfo": "_:creationInfo", + "comment": "Person or Tool that created this document", + "name": "Nisha K", + "externalIdentifier": [ + { + "type": "ExternalIdentifier", + "externalIdentifierType": "email", + "identifier": "nishak@vmware.com" + } + ] + }, + { + "spdxId": "urn:uuid:a5d2b614-1c0a-477d-b1fc-dc391f2c1c6d", + "type": "Organization", + "creationInfo": "_:creationInfo", + "comment": "The organization that originated the software package", + "name": "golang.org" + }, + { + "@id": "_:creationInfo", + "type": "CreationInfo", + "specVersion": "3.0.0", + "created": "2020-11-24T01:12:27Z", + "createdBy": [ + "urn:uuid:cc81c9c0-c466-4e22-b3f6-945a65f5d07b" + ], + "comment": "All objects within the graph will have this same CreationInfo" + }, + { + "spdxId": "urn:uuid:a9f18ff3-17fa-419d-8966-abe4b992312b", + "type": "software_Package", + "name": "go1.16.4.linux-amd64.tar.gz", + "creationInfo": "_:creationInfo", + "comment": "This is the downloaded tarball to be installed on disk", + "software_packageVersion": "1.16.4", + "software_primaryPurpose": "install", + "software_downloadLocation": "https://golang.org/dl/go1.16.4.linux-amd64.tar.gz", + "originatedBy": [ + "urn:uuid:a5d2b614-1c0a-477d-b1fc-dc391f2c1c6d" + ], + "verifiedUsing": [ + { + "type": "Hash", + "algorithm": "sha256", + "hashValue": "7154e88f5a8047aad4b80ebace58a059e36e7e2e4eb3b383127a28c711b4ff59" + } + ] + }, + { + "spdxId": "urn:uuid:3b2939bf-fcce-4617-a06f-115168870b95", + "type": "software_File", + "name": "go", + "creationInfo": "_:creationInfo", + "comment": "The installation comes with an executable", + "originatedBy": [ + "urn:uuid:a5d2b614-1c0a-477d-b1fc-dc391f2c1c6d" + ], + "software_primaryPurpose": "executable" + }, + { + "type": "Relationship", + "spdxId": "urn:uuid:92c6754b-d6e9-48b7-8b86-54fdc89995a6", + "creationInfo": "_:creationInfo", + "relationshipType": "contains", + "from": "urn:uuid:a9f18ff3-17fa-419d-8966-abe4b992312b", + "to": [ + "urn:uuid:3b2939bf-fcce-4617-a06f-115168870b95" + ] + }, + { + "type": "software_Sbom", + "spdxId": "urn:uuid:d523d308-8348-4051-85ea-a67a14978fad", + "creationInfo": "_:creationInfo", + "comment": "The SBOM communicates that this document is an SBOM", + "rootElement": [ + "urn:uuid:a9f18ff3-17fa-419d-8966-abe4b992312b" + ], + "element": [ + "urn:uuid:a5d2b614-1c0a-477d-b1fc-dc391f2c1c6d", + "urn:uuid:cc81c9c0-c466-4e22-b3f6-945a65f5d07b", + "urn:uuid:a9f18ff3-17fa-419d-8966-abe4b992312b", + "urn:uuid:3b2939bf-fcce-4617-a06f-115168870b95", + "urn:uuid:92c6754b-d6e9-48b7-8b86-54fdc89995a6" + ] + }, + { + "spdxId": "urn:uuid:93867a66-8945-45c2-ac11-4277d3af38fa", + "type": "SpdxDocument", + "creationInfo": "_:creationInfo", + "comment": "This document's primary communication is the SBOM", + "name": "example7-golang.spdx", + "profileConformance": [ + "core", + "software" + ], + "rootElement": [ + "urn:uuid:d523d308-8348-4051-85ea-a67a14978fad" + ] + } + ] +} diff --git a/software/example7/spdx3.0/example7-third-party-modules.spdx.json b/software/example7/spdx3.0/example7-third-party-modules.spdx.json new file mode 100644 index 0000000..4ce119b --- /dev/null +++ b/software/example7/spdx3.0/example7-third-party-modules.spdx.json @@ -0,0 +1,98 @@ +{ + "@context": "https://spdx.org/rdf/3.0.0/spdx-context.jsonld", + "@graph": [ + { + "spdxId": "urn:uuid:75f4bf57-0976-446d-869a-67856a1fa5bb", + "type": "Person", + "creationInfo": "_:creationInfo", + "comment": "Person or Tool that created this document. Assuming that this document was created by the same person/tool but at a different time", + "name": "Nisha K", + "externalIdentifier": [ + { + "type": "ExternalIdentifier", + "externalIdentifierType": "email", + "identifier": "nishak@vmware.com" + } + ] + }, + { + "spdxId": "urn:uuid:4b3add7d-8d36-488d-b7cc-f3891af633d1", + "type": "Organization", + "creationInfo": "_:creationInfo", + "comment": "It is unclear who originated the packages in the SBOM. However, there are domain names", + "name": "golang.org" + }, + { + "spdxId": "urn:uuid:1c20ec6e-6e84-417a-8b7f-51bb69f62cb2", + "type": "Organization", + "creationInfo": "_:creationInfo", + "comment": "It is unclear who originated the packages in the SBOM. However, there are domain names", + "name": "rsc.io" + }, + { + "@id": "_:creationInfo", + "type": "CreationInfo", + "specVersion": "3.0.0", + "created": "2020-11-25T01:12:27Z", + "createdBy": [ + "urn:uuid:75f4bf57-0976-446d-869a-67856a1fa5bb" + ], + "comment": "All objects within the graph will have this same CreationInfo" + }, + { + "spdxId": "urn:uuid:4918b993-36f8-4e75-bf94-2f017575eae5", + "type": "software_Package", + "name": "golang.org/x/text", + "creationInfo": "_:creationInfo", + "comment": "Go module dependency. The author is not given", + "software_primaryPurpose": "library", + "software_downloadLocation": "git://golang.org/x/text@v0.0.0-20170915032832-14c0d48ead0c", + "originatedBy": [ + "urn:uuid:4b3add7d-8d36-488d-b7cc-f3891af633d1" + ] + }, + { + "spdxId": "urn:uuid:84e4231d-fc1d-4b4e-9609-05781f81fa73", + "type": "software_Package", + "name": "rsc.io/quote", + "creationInfo": "_:creationInfo", + "comment": "Go module dependency. The author is not given", + "software_primaryPurpose": "library", + "software_downloadLocation": "git://rsc.io/sampler@v1.3.0", + "originatedBy": [ + "urn:uuid:1c20ec6e-6e84-417a-8b7f-51bb69f62cb2" + ] + }, + { + "type": "software_Sbom", + "spdxId": "urn:uuid:30bebcfc-096f-4cbd-9fea-da1b8c5f8ea6", + "creationInfo": "_:creationInfo", + "comment": "The SBOM communicates that this document is an SBOM. The SBOM has more than one root element", + "rootElement": [ + "urn:uuid:4918b993-36f8-4e75-bf94-2f017575eae5", + "urn:uuid:84e4231d-fc1d-4b4e-9609-05781f81fa73" + ], + "element": [ + "urn:uuid:75f4bf57-0976-446d-869a-67856a1fa5bb", + "urn:uuid:4b3add7d-8d36-488d-b7cc-f3891af633d1", + "urn:uuid:1c20ec6e-6e84-417a-8b7f-51bb69f62cb2", + "urn:uuid:4918b993-36f8-4e75-bf94-2f017575eae5", + "urn:uuid:84e4231d-fc1d-4b4e-9609-05781f81fa73" + ] + }, + { + "spdxId": "urn:uuid:28789527-d15c-4c77-93b3-d6f25df6c1ef", + "type": "SpdxDocument", + "creationInfo": "_:creationInfo", + "comment": "This document's primary communication is the SBOM", + "name": "example7-third-party-modules.spdx", + "profileConformance": [ + "core", + "software" + ], + "rootElement": [ + "urn:uuid:30bebcfc-096f-4cbd-9fea-da1b8c5f8ea6" + ] + } + ] +}