From 78718e7756b87ad3ef15be393f3ac68ced12003d Mon Sep 17 00:00:00 2001 From: Nisha Kumar Date: Mon, 10 Jun 2024 06:40:24 -0700 Subject: [PATCH 01/12] Add SPDX 3.0 for example7 Signed-off-by: Nisha Kumar --- .../spdx3.0/example7-golang.spdx.jsonld | 103 ++++++++++++++++++ 1 file changed, 103 insertions(+) create mode 100644 software/example7/spdx3.0/example7-golang.spdx.jsonld diff --git a/software/example7/spdx3.0/example7-golang.spdx.jsonld b/software/example7/spdx3.0/example7-golang.spdx.jsonld new file mode 100644 index 0000000..ca3a48c --- /dev/null +++ b/software/example7/spdx3.0/example7-golang.spdx.jsonld @@ -0,0 +1,103 @@ +{ + "@context": [ + "https://spdx.org/rdf/3.0.0/spdx-context.jsonld" + ], + "@graph": [ + { + "spdxId": "mailto:nishak@vmware.com", + "type": "Person", + "creationInfo": "_:creationInfo", + "comment": "Person or Tool that created this document", + "name": "Nisha K", + "externalIdentifier": [ + { + "type": "ExternalIdentifier", + "externalIdentifierType": "email", + "identifier": "nishak@vmware.com" + } + ] + }, + { + "spdxId": "https://golang.org", + "type": "Organization", + "creationInfo": "_:creationInfo", + "comment": "The organization that originated the software package", + "name": "golang.org" + }, + { + "@id": "_:creationInfo", + "type": "CreationInfo", + "created": "2020-11-24T01:12:27Z", + "createdBy": [ + "mailto:nishak@vmware.com" + ], + "comment": "All objects within the graph will have this same CreationInfo" + }, + { + "spdxId": "https://golang.org/dl/go1.16.4.linux-amd64.tar.gz", + "type": "Software_Package", + "name": "go1.16.4.linux-amd64", + "creationInfo": "_:creationInfo", + "comment": "This is the downloaded tarball to be installed on disk", + "software_packageVersion": "1.16.4", + "software_primaryPurpose": "install", + "software_downloadLocation": "https://golang.org/dl/go1.16.4.linux-amd64.tar.gz", + "originatedBy": "https://golang.org", + "verifiedUsing": [ + { + "type": "Hash", + "algorithm": "sha256", + "hashValue": "7154e88f5a8047aad4b80ebace58a059e36e7e2e4eb3b383127a28c711b4ff59" + } + ] + }, + { + "spdxId": "https://golang.org/dl/go-compiler", + "type": "Software_File", + "name": "go", + "creationInfo": "_:creationInfo", + "comment": "The installation comes with an executable", + "originatedBy": "https://golang.org", + "software_primaryPurpose": "executable" + }, + { + "type": "Relationship", + "spdxId": "https://spdx.org/golang-dist-contains", + "creationInfo": "_:creationInfo", + "relationshipType": "contains", + "from": "https://golang.org/dl/go1.16.4.linux-amd64.tar.gz", + "to": [ + "https://golang.org/dl/go-compiler" + ] + }, + { + "type": "software_Sbom", + "spdxId": "https://spdx.org/go1.16.4-sbom", + "creationInfo": "_:creationInfo", + "comment": "The SBOM communicates that this document is an SBOM", + "rootElement": [ + "https://golang.org/dl/go1.16.4.linux-amd64.tar.gz" + ], + "element": [ + "https://golang.org/dl/go-compiler", + "https://spdx.org/golang-dist-contains" + ] + }, + { + "spdxId": "https://github.com/spdx-examples/example7-golang.spdx.jsonld", + "type": "SpdxDocument", + "creationInfo": "_:creationInfo", + "comment": "This document's primary communication is the SBOM", + "name": "example7-golang.spdx.jsonld", + "profileConformance": [ + "core", + "software" + ], + "dataLicense": "CC0-1.0", + "createdUsing": [ + "manual" + ], + "rootElement": "https://golang.org/dl/go1.16.4-sbom" + } + ] +} From 53c620b1f8829700487f9f74b2116b3876eab3fe Mon Sep 17 00:00:00 2001 From: Nisha Kumar Date: Tue, 11 Jun 2024 11:22:07 -0700 Subject: [PATCH 02/12] Basic updates: fix glaring mistakes - Use URN instead of URI for spdxId - Fix capitalization on types - Move `createdUsing` to `CreationInfo` object Signed-off-by: Nisha Kumar --- .../spdx3.0/example7-golang.spdx.jsonld | 46 +++++++++---------- 1 file changed, 23 insertions(+), 23 deletions(-) diff --git a/software/example7/spdx3.0/example7-golang.spdx.jsonld b/software/example7/spdx3.0/example7-golang.spdx.jsonld index ca3a48c..48520df 100644 --- a/software/example7/spdx3.0/example7-golang.spdx.jsonld +++ b/software/example7/spdx3.0/example7-golang.spdx.jsonld @@ -4,7 +4,7 @@ ], "@graph": [ { - "spdxId": "mailto:nishak@vmware.com", + "spdxId": "urn:uuid:cc81c9c0-c466-4e22-b3f6-945a65f5d07b", "type": "Person", "creationInfo": "_:creationInfo", "comment": "Person or Tool that created this document", @@ -18,7 +18,7 @@ ] }, { - "spdxId": "https://golang.org", + "spdxId": "urn:uuid:a5d2b614-1c0a-477d-b1fc-dc391f2c1c6d", "type": "Organization", "creationInfo": "_:creationInfo", "comment": "The organization that originated the software package", @@ -29,20 +29,23 @@ "type": "CreationInfo", "created": "2020-11-24T01:12:27Z", "createdBy": [ - "mailto:nishak@vmware.com" + "urn:uuid:cc81c9c0-c466-4e22-b3f6-945a65f5d07b" + ], + "createdUsing": [ + "manual" ], "comment": "All objects within the graph will have this same CreationInfo" }, { - "spdxId": "https://golang.org/dl/go1.16.4.linux-amd64.tar.gz", - "type": "Software_Package", - "name": "go1.16.4.linux-amd64", + "spdxId": "urn:uuid:a9f18ff3-17fa-419d-8966-abe4b992312b", + "type": "software_Package", + "name": "go1.16.4.linux-amd64.tar.gz", "creationInfo": "_:creationInfo", "comment": "This is the downloaded tarball to be installed on disk", "software_packageVersion": "1.16.4", "software_primaryPurpose": "install", "software_downloadLocation": "https://golang.org/dl/go1.16.4.linux-amd64.tar.gz", - "originatedBy": "https://golang.org", + "originatedBy": "urn:uuid:a5d2b614-1c0a-477d-b1fc-dc391f2c1c6d", "verifiedUsing": [ { "type": "Hash", @@ -52,52 +55,49 @@ ] }, { - "spdxId": "https://golang.org/dl/go-compiler", - "type": "Software_File", + "spdxId": "urn:uuid:3b2939bf-fcce-4617-a06f-115168870b95", + "type": "software_File", "name": "go", "creationInfo": "_:creationInfo", "comment": "The installation comes with an executable", - "originatedBy": "https://golang.org", + "originatedBy": "urn:uuid:a5d2b614-1c0a-477d-b1fc-dc391f2c1c6d", "software_primaryPurpose": "executable" }, { "type": "Relationship", - "spdxId": "https://spdx.org/golang-dist-contains", + "spdxId": "urn:uuid:92c6754b-d6e9-48b7-8b86-54fdc89995a6", "creationInfo": "_:creationInfo", "relationshipType": "contains", - "from": "https://golang.org/dl/go1.16.4.linux-amd64.tar.gz", + "from": "urn:uuid:a9f18ff3-17fa-419d-8966-abe4b992312b", "to": [ - "https://golang.org/dl/go-compiler" + "urn:uuid:3b2939bf-fcce-4617-a06f-115168870b95" ] }, { "type": "software_Sbom", - "spdxId": "https://spdx.org/go1.16.4-sbom", + "spdxId": "urn:uuid:d523d308-8348-4051-85ea-a67a14978fad", "creationInfo": "_:creationInfo", "comment": "The SBOM communicates that this document is an SBOM", "rootElement": [ - "https://golang.org/dl/go1.16.4.linux-amd64.tar.gz" + "urn:uuid:a9f18ff3-17fa-419d-8966-abe4b992312b" ], "element": [ - "https://golang.org/dl/go-compiler", - "https://spdx.org/golang-dist-contains" + "urn:uuid:3b2939bf-fcce-4617-a06f-115168870b95", + "urn:uuid:92c6754b-d6e9-48b7-8b86-54fdc89995a6" ] }, { - "spdxId": "https://github.com/spdx-examples/example7-golang.spdx.jsonld", + "spdxId": "urn:uuid:93867a66-8945-45c2-ac11-4277d3af38fa", "type": "SpdxDocument", "creationInfo": "_:creationInfo", "comment": "This document's primary communication is the SBOM", - "name": "example7-golang.spdx.jsonld", + "name": "example7-golang.spdx", "profileConformance": [ "core", "software" ], "dataLicense": "CC0-1.0", - "createdUsing": [ - "manual" - ], - "rootElement": "https://golang.org/dl/go1.16.4-sbom" + "rootElement": "urn:uuid:d523d308-8348-4051-85ea-a67a14978fad" } ] } From cb9caa64bf5e086f8a27d280e6309d7c1f5e5b6a Mon Sep 17 00:00:00 2001 From: Nisha Kumar Date: Tue, 11 Jun 2024 15:21:24 -0700 Subject: [PATCH 03/12] Add SPDX 3.0 JSONLD document for a go module Signed-off-by: Nisha Kumar --- .../spdx3.0/example7-go-module.spdx.jsonld | 72 +++++++++++++++++++ 1 file changed, 72 insertions(+) create mode 100644 software/example7/spdx3.0/example7-go-module.spdx.jsonld diff --git a/software/example7/spdx3.0/example7-go-module.spdx.jsonld b/software/example7/spdx3.0/example7-go-module.spdx.jsonld new file mode 100644 index 0000000..66b823f --- /dev/null +++ b/software/example7/spdx3.0/example7-go-module.spdx.jsonld @@ -0,0 +1,72 @@ +{ + "@context": [ + "https://spdx.org/rdf/3.0.0/spdx-context.jsonld" + ], + "@graph": [ + { + "spdxId": "urn:uuid:cf7dddac-8ce5-4a16-8860-ee255be7b4c8", + "type": "Person", + "creationInfo": "_:creationInfo", + "comment": "Person or Tool that created this document. Assuming that this document was created by the same person/tool but at a different time", + "name": "Nisha K", + "externalIdentifier": [ + { + "type": "ExternalIdentifier", + "externalIdentifierType": "email", + "identifier": "nishak@vmware.com" + } + ] + }, + { + "spdxId": "urn:uuid:d8bfb4bd-f3b9-4d5e-b83d-dd48038ecfde", + "type": "Organization", + "creationInfo": "_:creationInfo", + "comment": "The organization that originated the software package", + "name": "golang.org" + }, + { + "@id": "_:creationInfo", + "type": "CreationInfo", + "created": "2020-11-25T01:12:27Z", + "createdBy": [ + "urn:uuid:cf7dddac-8ce5-4a16-8860-ee255be7b4c8" + ], + "createdUsing": [ + "manual" + ], + "comment": "All objects within the graph will have this same CreationInfo" + }, + { + "spdxId": "urn:uuid:e1877974-0aaa-48e6-931f-db4898c543f8", + "type": "software_Package", + "name": "example.com/hello", + "creationInfo": "_:creationInfo", + "comment": "This is version controlled source code, generated by the ssame person who made this document", + "software_primaryPurpose": "source", + "software_downloadLocation": "git://github.com/spdx/spdx-examples.git#software/example7/src/hello", + "originatedBy": "urn:uuid:cf7dddac-8ce5-4a16-8860-ee255be7b4c8" + }, + { + "type": "software_Sbom", + "spdxId": "urn:uuid:711c6f39-6c80-494e-b848-1c01e8962345", + "creationInfo": "_:creationInfo", + "comment": "The SBOM communicates that this document is an SBOM. The SBOM only has one element", + "rootElement": [ + "urn:uuid:a9f18ff3-17fa-419d-8966-abe4b992312b" + ] + }, + { + "spdxId": "urn:uuid:b61745ef-59c7-4804-878d-fccbe455bd80", + "type": "SpdxDocument", + "creationInfo": "_:creationInfo", + "comment": "This document's primary communication is the SBOM", + "name": "example7-go-module.spdx", + "profileConformance": [ + "core", + "software" + ], + "dataLicense": "CC0-1.0", + "rootElement": "urn:uuid:711c6f39-6c80-494e-b848-1c01e8962345" + } + ] +} From 2219fd6068b35fa1e22d50cb0ff8e408dbd5b0ff Mon Sep 17 00:00:00 2001 From: Nisha Kumar Date: Wed, 12 Jun 2024 09:52:05 -0700 Subject: [PATCH 04/12] example7: spdx3.0: Modifications to schema - Remove "createdUsing" as these files are manually created - "rootElement" is a list - "element" in the SBOM element is a list of all elements in the SBOM Signed-off-by: Nisha Kumar --- .../example7/spdx3.0/example7-go-module.spdx.jsonld | 12 ++++++++---- .../example7/spdx3.0/example7-golang.spdx.jsonld | 10 ++++++---- 2 files changed, 14 insertions(+), 8 deletions(-) diff --git a/software/example7/spdx3.0/example7-go-module.spdx.jsonld b/software/example7/spdx3.0/example7-go-module.spdx.jsonld index 66b823f..70788f5 100644 --- a/software/example7/spdx3.0/example7-go-module.spdx.jsonld +++ b/software/example7/spdx3.0/example7-go-module.spdx.jsonld @@ -31,9 +31,6 @@ "createdBy": [ "urn:uuid:cf7dddac-8ce5-4a16-8860-ee255be7b4c8" ], - "createdUsing": [ - "manual" - ], "comment": "All objects within the graph will have this same CreationInfo" }, { @@ -54,6 +51,11 @@ "rootElement": [ "urn:uuid:a9f18ff3-17fa-419d-8966-abe4b992312b" ] + "element": [ + "urn:uuid:cf7dddac-8ce5-4a16-8860-ee255be7b4c8", + "urn:uuid:a9f18ff3-17fa-419d-8966-abe4b992312b", + "urn:uuid:d8bfb4bd-f3b9-4d5e-b83d-dd48038ecfde", + ] }, { "spdxId": "urn:uuid:b61745ef-59c7-4804-878d-fccbe455bd80", @@ -66,7 +68,9 @@ "software" ], "dataLicense": "CC0-1.0", - "rootElement": "urn:uuid:711c6f39-6c80-494e-b848-1c01e8962345" + "rootElement": [ + "urn:uuid:711c6f39-6c80-494e-b848-1c01e8962345" + ] } ] } diff --git a/software/example7/spdx3.0/example7-golang.spdx.jsonld b/software/example7/spdx3.0/example7-golang.spdx.jsonld index 48520df..ac15968 100644 --- a/software/example7/spdx3.0/example7-golang.spdx.jsonld +++ b/software/example7/spdx3.0/example7-golang.spdx.jsonld @@ -31,9 +31,6 @@ "createdBy": [ "urn:uuid:cc81c9c0-c466-4e22-b3f6-945a65f5d07b" ], - "createdUsing": [ - "manual" - ], "comment": "All objects within the graph will have this same CreationInfo" }, { @@ -82,6 +79,9 @@ "urn:uuid:a9f18ff3-17fa-419d-8966-abe4b992312b" ], "element": [ + "urn:uuid:a5d2b614-1c0a-477d-b1fc-dc391f2c1c6d", + "urn:uuid:cc81c9c0-c466-4e22-b3f6-945a65f5d07b", + "urn:uuid:a9f18ff3-17fa-419d-8966-abe4b992312b", "urn:uuid:3b2939bf-fcce-4617-a06f-115168870b95", "urn:uuid:92c6754b-d6e9-48b7-8b86-54fdc89995a6" ] @@ -97,7 +97,9 @@ "software" ], "dataLicense": "CC0-1.0", - "rootElement": "urn:uuid:d523d308-8348-4051-85ea-a67a14978fad" + "rootElement": [ + "urn:uuid:d523d308-8348-4051-85ea-a67a14978fad" + ] } ] } From 08541581cee54889770cb45c8cd14a098b8a48b9 Mon Sep 17 00:00:00 2001 From: Nisha Kumar Date: Mon, 5 Aug 2024 11:42:27 -0700 Subject: [PATCH 05/12] Fix JSON parsing errors Signed-off-by: Nisha Kumar --- software/example7/spdx3.0/example7-go-module.spdx.jsonld | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/software/example7/spdx3.0/example7-go-module.spdx.jsonld b/software/example7/spdx3.0/example7-go-module.spdx.jsonld index 70788f5..f1c81bb 100644 --- a/software/example7/spdx3.0/example7-go-module.spdx.jsonld +++ b/software/example7/spdx3.0/example7-go-module.spdx.jsonld @@ -50,11 +50,11 @@ "comment": "The SBOM communicates that this document is an SBOM. The SBOM only has one element", "rootElement": [ "urn:uuid:a9f18ff3-17fa-419d-8966-abe4b992312b" - ] + ], "element": [ "urn:uuid:cf7dddac-8ce5-4a16-8860-ee255be7b4c8", "urn:uuid:a9f18ff3-17fa-419d-8966-abe4b992312b", - "urn:uuid:d8bfb4bd-f3b9-4d5e-b83d-dd48038ecfde", + "urn:uuid:d8bfb4bd-f3b9-4d5e-b83d-dd48038ecfde" ] }, { From d07093e9fc49d665bb4cf6b79c477c35b19a5a7e Mon Sep 17 00:00:00 2001 From: Nisha Kumar Date: Mon, 5 Aug 2024 11:52:50 -0700 Subject: [PATCH 06/12] Fix elements - Remove Organization element - Fix root element and element list uuids Signed-off-by: Nisha Kumar --- .../spdx3.0/example7-go-module.spdx.jsonld | 14 +++----------- 1 file changed, 3 insertions(+), 11 deletions(-) diff --git a/software/example7/spdx3.0/example7-go-module.spdx.jsonld b/software/example7/spdx3.0/example7-go-module.spdx.jsonld index f1c81bb..2cd842b 100644 --- a/software/example7/spdx3.0/example7-go-module.spdx.jsonld +++ b/software/example7/spdx3.0/example7-go-module.spdx.jsonld @@ -17,13 +17,6 @@ } ] }, - { - "spdxId": "urn:uuid:d8bfb4bd-f3b9-4d5e-b83d-dd48038ecfde", - "type": "Organization", - "creationInfo": "_:creationInfo", - "comment": "The organization that originated the software package", - "name": "golang.org" - }, { "@id": "_:creationInfo", "type": "CreationInfo", @@ -47,14 +40,13 @@ "type": "software_Sbom", "spdxId": "urn:uuid:711c6f39-6c80-494e-b848-1c01e8962345", "creationInfo": "_:creationInfo", - "comment": "The SBOM communicates that this document is an SBOM. The SBOM only has one element", + "comment": "The SBOM communicates that this document is an SBOM. The SBOM only has one software package and its creator", "rootElement": [ - "urn:uuid:a9f18ff3-17fa-419d-8966-abe4b992312b" + "urn:uuid:e1877974-0aaa-48e6-931f-db4898c543f8" ], "element": [ "urn:uuid:cf7dddac-8ce5-4a16-8860-ee255be7b4c8", - "urn:uuid:a9f18ff3-17fa-419d-8966-abe4b992312b", - "urn:uuid:d8bfb4bd-f3b9-4d5e-b83d-dd48038ecfde" + "urn:uuid:e1877974-0aaa-48e6-931f-db4898c543f8" ] }, { From 13bf52016df46f6b178c865c4618e6023f92908c Mon Sep 17 00:00:00 2001 From: Nisha Kumar Date: Mon, 5 Aug 2024 17:30:02 -0700 Subject: [PATCH 07/12] Add example 7 third party modules Signed-off-by: Nisha Kumar --- .../example7-third-party-modules.spdx.jsonld | 95 +++++++++++++++++++ 1 file changed, 95 insertions(+) create mode 100644 software/example7/spdx3.0/example7-third-party-modules.spdx.jsonld diff --git a/software/example7/spdx3.0/example7-third-party-modules.spdx.jsonld b/software/example7/spdx3.0/example7-third-party-modules.spdx.jsonld new file mode 100644 index 0000000..86e381b --- /dev/null +++ b/software/example7/spdx3.0/example7-third-party-modules.spdx.jsonld @@ -0,0 +1,95 @@ +{ + "@context": [ + "https://spdx.org/rdf/3.0.0/spdx-context.jsonld" + ], + "@graph": [ + { + "spdxId": "urn:uuid:75f4bf57-0976-446d-869a-67856a1fa5bb", + "type": "Person", + "creationInfo": "_:creationInfo", + "comment": "Person or Tool that created this document. Assuming that this document was created by the same person/tool but at a different time", + "name": "Nisha K", + "externalIdentifier": [ + { + "type": "ExternalIdentifier", + "externalIdentifierType": "email", + "identifier": "nishak@vmware.com" + } + ] + }, + { + "spdxId": "urn:uuid:4b3add7d-8d36-488d-b7cc-f3891af633d1", + "type": "Organization", + "creationInfo": "_:creationInfo", + "comment": "It is unclear who originated the packages in the SBOM. However, there are domain names", + "name": "golang.org" + }, + { + "spdxId": "urn:uuid:1c20ec6e-6e84-417a-8b7f-51bb69f62cb2", + "type": "Organization", + "creationInfo": "_:creationInfo", + "comment": "It is unclear who originated the packages in the SBOM. However, there are domain names", + "name": "rsc.io" + }, + { + "@id": "_:creationInfo", + "type": "CreationInfo", + "created": "2020-11-25T01:12:27Z", + "createdBy": [ + "urn:uuid:75f4bf57-0976-446d-869a-67856a1fa5bb" + ], + "comment": "All objects within the graph will have this same CreationInfo" + }, + { + "spdxId": "urn:uuid:4918b993-36f8-4e75-bf94-2f017575eae5", + "type": "software_Package", + "name": "golang.org/x/text", + "creationInfo": "_:creationInfo", + "comment": "Go module dependency. The author is not given", + "software_primaryPurpose": "library", + "software_downloadLocation": "git://golang.org/x/text@v0.0.0-20170915032832-14c0d48ead0c", + "originatedBy": "urn:uuid:4b3add7d-8d36-488d-b7cc-f3891af633d1" + }, + { + "spdxId": "urn:uuid:84e4231d-fc1d-4b4e-9609-05781f81fa73", + "type": "software_Package", + "name": "rsc.io/quote", + "creationInfo": "_:creationInfo", + "comment": "Go module dependency. The author is not given", + "software_primaryPurpose": "library", + "software_downloadLocation": "git://rsc.io/sampler@v1.3.0", + "originatedBy": "urn:uuid:1c20ec6e-6e84-417a-8b7f-51bb69f62cb2" + }, + { + "type": "software_Sbom", + "spdxId": "urn:uuid:30bebcfc-096f-4cbd-9fea-da1b8c5f8ea6", + "creationInfo": "_:creationInfo", + "comment": "The SBOM communicates that this document is an SBOM. The SBOM has more than one root element", + "rootElement": [ + "urn:uuid:4918b993-36f8-4e75-bf94-2f017575eae5", + "urn:uuid:84e4231d-fc1d-4b4e-9609-05781f81fa73" + ], + "element": [ + "urn:uuid:75f4bf57-0976-446d-869a-67856a1fa5bb", + "urn:uuid:0ae67aec-e3f7-4020-b0bc-068486068127", + "urn:uuid:4918b993-36f8-4e75-bf94-2f017575eae5", + "urn:uuid:84e4231d-fc1d-4b4e-9609-05781f81fa73" + ] + }, + { + "spdxId": "urn:uuid:28789527-d15c-4c77-93b3-d6f25df6c1ef", + "type": "SpdxDocument", + "creationInfo": "_:creationInfo", + "comment": "This document's primary communication is the SBOM", + "name": "example7-third-party-modules.spdx", + "profileConformance": [ + "core", + "software" + ], + "dataLicense": "CC0-1.0", + "rootElement": [ + "urn:uuid:30bebcfc-096f-4cbd-9fea-da1b8c5f8ea6" + ] + } + ] +} From 298156a603f84cdcc2939bdf789be7319cfc2c40 Mon Sep 17 00:00:00 2001 From: Nisha Kumar Date: Tue, 6 Aug 2024 20:07:09 -0700 Subject: [PATCH 08/12] Add binary JSONLD document Signed-off-by: Nisha Kumar --- .../example7/spdx3.0/example7-bin.spdx.jsonld | 160 ++++++++++++++++++ 1 file changed, 160 insertions(+) create mode 100644 software/example7/spdx3.0/example7-bin.spdx.jsonld diff --git a/software/example7/spdx3.0/example7-bin.spdx.jsonld b/software/example7/spdx3.0/example7-bin.spdx.jsonld new file mode 100644 index 0000000..aded29f --- /dev/null +++ b/software/example7/spdx3.0/example7-bin.spdx.jsonld @@ -0,0 +1,160 @@ +{ + "@context": [ + "https://spdx.org/rdf/3.0.0/spdx-context.jsonld" + ], + "@graph": [ + { + "spdxId": "urn:uuid:6731cd26-926c-486b-8127-340c0f11a228", + "type": "Person", + "creationInfo": "_:creationInfo", + "comment": "Person or Tool that created this document", + "name": "Nisha K", + "externalIdentifier": [ + { + "type": "ExternalIdentifier", + "externalIdentifierType": "email", + "identifier": "nishak@vmware.com" + } + ] + }, + { + "@id": "_:creationInfo", + "type": "CreationInfo", + "created": "2020-11-24T01:12:27Z", + "createdBy": [ + "urn:uuid:6731cd26-926c-486b-8127-340c0f11a228" + ], + "comment": "All objects within the graph will have this same CreationInfo" + }, + { + "spdxId": "urn:uuid:3773937f-6db8-49f9-920f-7d1a6b0cfcbb", + "type": "software_File", + "name": "hello", + "creationInfo": "_:creationInfo", + "comment": "This binary was created by building go source code", + "originatedBy": "urn:uuid:6731cd26-926c-486b-8127-340c0f11a228", + "software_primaryPurpose": "executable" + }, + { + "type": "ExternalMap", + "externalSpdxId": "urn:uuid:a9f18ff3-17fa-419d-8966-abe4b992312b", + "locationHint": "https://github.com/spdx/spdx-examples/software/example7/example7-golang.spdx.jsonld", + "verifiedUsing": [ + { + "type": "Hash", + "algorithm": "sha256", + "hashValue": "ffde414ff13e529e8ea834f92d0e6df9c56ebace6c359ef3fca9cb60ea6cbb63" + } + ] + }, + { + "type": "ExternalMap", + "externalSpdxId": "urn:uuid:e1877974-0aaa-48e6-931f-db4898c543f8", + "locationHint": "https://github.com/spdx/spdx-examples/software/example7/example7-go-module.spdx.jsonld", + "verifiedUsing": [ + { + "type": "Hash", + "algorithm": "sha256", + "hashValue": "28c680a0232828f5ea550a10e02e9548316d4f8c1c618ae52bdf1d8e6f5a3c3c" + } + ] + }, + { + "type": "ExternalMap", + "externalSpdxId": "urn:uuid:4918b993-36f8-4e75-bf94-2f017575eae5", + "locationHint": "https://github.com/spdx/spdx-examples/software/example7/example7-third-party-modules.spdx.jsonld", + "verifiedUsing": [ + { + "type": "Hash", + "algorithm": "sha256", + "hashValue": "9b34ebb21f3329351be6490733e17c0bd8b3cf4cc7321c0f3207c69844df133d" + } + ] + }, + { + "type": "ExternalMap", + "externalSpdxId": "urn:uuid:84e4231d-fc1d-4b4e-9609-05781f81fa73", + "locationHint": "https://github.com/spdx/spdx-examples/software/example7/example7-third-party-modules.spdx.jsonld", + "verifiedUsing": [ + { + "type": "Hash", + "algorithm": "sha256", + "hashValue": "9b34ebb21f3329351be6490733e17c0bd8b3cf4cc7321c0f3207c69844df133d" + } + ] + }, + { + "spdxId": "urn:uuid:128052d9-d307-43fc-a676-5d8791e12391", + "type": "build_Build", + "comment": "This element is used to express inputs and outputs of the go build" + }, + { + "type": "LifecycleScopedRelationship", + "scope": "build", + "spdxId": "urn:uuid:98dd3b3f-6b8f-49a1-88b6-628750516f1e", + "creationInfo": "_:creationInfo", + "relationshipType": "hasInputs", + "from": "urn:uuid:128052d9-d307-43fc-a676-5d8791e12391", + "to": [ + "urn:uuid:a9f18ff3-17fa-419d-8966-abe4b992312b", + "urn:uuid:e1877974-0aaa-48e6-931f-db4898c543f8" + ] + }, + { + "type": "LifecycleScopedRelationship", + "scope": "build", + "spdxId": "urn:uuid:a7b65a78-8ed2-4b20-a91b-40f94ecdb81c", + "creationInfo": "_:creationInfo", + "relationshipType": "hasOutputs", + "from": "urn:uuid:128052d9-d307-43fc-a676-5d8791e12391", + "to": [ + "urn:uuid:3773937f-6db8-49f9-920f-7d1a6b0cfcbb" + ] + }, + { + "type": "LifecycleScopedRelationship", + "scope": "build", + "spdxId": "urn:uuid:5524e7dd-5d2f-44fa-86b0-ccaa3cf6fa63", + "creationInfo": "_:creationInfo", + "relationshipType": "hasStaticLink", + "from": "urn:uuid:3773937f-6db8-49f9-920f-7d1a6b0cfcbb", + "to": [ + "urn:uuid:4918b993-36f8-4e75-bf94-2f017575eae5", + "urn:uuid:84e4231d-fc1d-4b4e-9609-05781f81fa73" + ] + }, + { + "type": "software_Sbom", + "spdxId": "urn:uuid:4c7ec5f3-875b-4f99-8c4c-f0a718da8c4f", + "creationInfo": "_:creationInfo", + "comment": "The SBOM communicates that this document is an SBOM", + "rootElement": [ + "urn:uuid:3773937f-6db8-49f9-920f-7d1a6b0cfcbb" + ], + "element": [ + "urn:uuid:6731cd26-926c-486b-8127-340c0f11a228", + "urn:uuid:3773937f-6db8-49f9-920f-7d1a6b0cfcbb", + "urn:uuid:128052d9-d307-43fc-a676-5d8791e12391", + "urn:uuid:98dd3b3f-6b8f-49a1-88b6-628750516f1e", + "urn:uuid:a7b65a78-8ed2-4b20-a91b-40f94ecdb81c", + "urn:uuid:5524e7dd-5d2f-44fa-86b0-ccaa3cf6fa63" + ] + }, + { + "spdxId": "urn:uuid:6a1ea0da-1801-495b-9d35-2735e79eee1b", + "type": "SpdxDocument", + "creationInfo": "_:creationInfo", + "comment": "This document's primary communication is the SBOM", + "name": "example7-bin.spdx", + "profileConformance": [ + "core", + "software", + "build" + ], + "dataLicense": "CC0-1.0", + "rootElement": [ + "urn:uuid:4c7ec5f3-875b-4f99-8c4c-f0a718da8c4f" + ] + } + ] +} From 30a8ae0b95c794b0bcad871081456889f4b22467 Mon Sep 17 00:00:00 2001 From: Nisha Kumar Date: Wed, 7 Aug 2024 08:45:46 -0700 Subject: [PATCH 09/12] Rename .jsonld to .json and the folder to spdx-3.0 Signed-off-by: Nisha Kumar --- .../example7-bin.spdx.jsonld => spdx-3.0/example7-bin.spdx.json} | 0 .../example7-go-module.spdx.json} | 0 .../example7-golang.spdx.json} | 0 .../example7-third-party-modules.spdx.json} | 0 4 files changed, 0 insertions(+), 0 deletions(-) rename software/example7/{spdx3.0/example7-bin.spdx.jsonld => spdx-3.0/example7-bin.spdx.json} (100%) rename software/example7/{spdx3.0/example7-go-module.spdx.jsonld => spdx-3.0/example7-go-module.spdx.json} (100%) rename software/example7/{spdx3.0/example7-golang.spdx.jsonld => spdx-3.0/example7-golang.spdx.json} (100%) rename software/example7/{spdx3.0/example7-third-party-modules.spdx.jsonld => spdx-3.0/example7-third-party-modules.spdx.json} (100%) diff --git a/software/example7/spdx3.0/example7-bin.spdx.jsonld b/software/example7/spdx-3.0/example7-bin.spdx.json similarity index 100% rename from software/example7/spdx3.0/example7-bin.spdx.jsonld rename to software/example7/spdx-3.0/example7-bin.spdx.json diff --git a/software/example7/spdx3.0/example7-go-module.spdx.jsonld b/software/example7/spdx-3.0/example7-go-module.spdx.json similarity index 100% rename from software/example7/spdx3.0/example7-go-module.spdx.jsonld rename to software/example7/spdx-3.0/example7-go-module.spdx.json diff --git a/software/example7/spdx3.0/example7-golang.spdx.jsonld b/software/example7/spdx-3.0/example7-golang.spdx.json similarity index 100% rename from software/example7/spdx3.0/example7-golang.spdx.jsonld rename to software/example7/spdx-3.0/example7-golang.spdx.json diff --git a/software/example7/spdx3.0/example7-third-party-modules.spdx.jsonld b/software/example7/spdx-3.0/example7-third-party-modules.spdx.json similarity index 100% rename from software/example7/spdx3.0/example7-third-party-modules.spdx.jsonld rename to software/example7/spdx-3.0/example7-third-party-modules.spdx.json From 97fc56bbed98298e84d687d857e815ba2093246b Mon Sep 17 00:00:00 2001 From: Nisha Kumar Date: Wed, 7 Aug 2024 10:21:52 -0700 Subject: [PATCH 10/12] Schema fixes - Add specVersion to creationInfo object - Only one context allowed - originatedBy is an array - dataLicense is not required - Fix element list in example7-third-party-modules.spdx.json - Remove build conformance (requires more information about the build) Signed-off-by: Nisha Kumar --- .../example7/spdx-3.0/example7-bin.spdx.json | 15 +++++++-------- .../spdx-3.0/example7-go-module.spdx.json | 12 ++++++------ .../example7/spdx-3.0/example7-golang.spdx.json | 16 +++++++++------- .../example7-third-party-modules.spdx.json | 17 ++++++++++------- 4 files changed, 32 insertions(+), 28 deletions(-) diff --git a/software/example7/spdx-3.0/example7-bin.spdx.json b/software/example7/spdx-3.0/example7-bin.spdx.json index aded29f..33456f9 100644 --- a/software/example7/spdx-3.0/example7-bin.spdx.json +++ b/software/example7/spdx-3.0/example7-bin.spdx.json @@ -1,7 +1,5 @@ { - "@context": [ - "https://spdx.org/rdf/3.0.0/spdx-context.jsonld" - ], + "@context": "https://spdx.org/rdf/3.0.0/spdx-context.jsonld", "@graph": [ { "spdxId": "urn:uuid:6731cd26-926c-486b-8127-340c0f11a228", @@ -20,6 +18,7 @@ { "@id": "_:creationInfo", "type": "CreationInfo", + "specVersion": "3.0.0", "created": "2020-11-24T01:12:27Z", "createdBy": [ "urn:uuid:6731cd26-926c-486b-8127-340c0f11a228" @@ -32,7 +31,9 @@ "name": "hello", "creationInfo": "_:creationInfo", "comment": "This binary was created by building go source code", - "originatedBy": "urn:uuid:6731cd26-926c-486b-8127-340c0f11a228", + "originatedBy": [ + "urn:uuid:6731cd26-926c-486b-8127-340c0f11a228" + ], "software_primaryPurpose": "executable" }, { @@ -147,11 +148,9 @@ "comment": "This document's primary communication is the SBOM", "name": "example7-bin.spdx", "profileConformance": [ - "core", - "software", - "build" + "core", + "software" ], - "dataLicense": "CC0-1.0", "rootElement": [ "urn:uuid:4c7ec5f3-875b-4f99-8c4c-f0a718da8c4f" ] diff --git a/software/example7/spdx-3.0/example7-go-module.spdx.json b/software/example7/spdx-3.0/example7-go-module.spdx.json index 2cd842b..2b35962 100644 --- a/software/example7/spdx-3.0/example7-go-module.spdx.json +++ b/software/example7/spdx-3.0/example7-go-module.spdx.json @@ -1,7 +1,5 @@ { - "@context": [ - "https://spdx.org/rdf/3.0.0/spdx-context.jsonld" - ], + "@context": "https://spdx.org/rdf/3.0.0/spdx-context.jsonld", "@graph": [ { "spdxId": "urn:uuid:cf7dddac-8ce5-4a16-8860-ee255be7b4c8", @@ -20,6 +18,7 @@ { "@id": "_:creationInfo", "type": "CreationInfo", + "specVersion": "3.0.0", "created": "2020-11-25T01:12:27Z", "createdBy": [ "urn:uuid:cf7dddac-8ce5-4a16-8860-ee255be7b4c8" @@ -34,7 +33,9 @@ "comment": "This is version controlled source code, generated by the ssame person who made this document", "software_primaryPurpose": "source", "software_downloadLocation": "git://github.com/spdx/spdx-examples.git#software/example7/src/hello", - "originatedBy": "urn:uuid:cf7dddac-8ce5-4a16-8860-ee255be7b4c8" + "originatedBy": [ + "urn:uuid:cf7dddac-8ce5-4a16-8860-ee255be7b4c8" + ] }, { "type": "software_Sbom", @@ -56,10 +57,9 @@ "comment": "This document's primary communication is the SBOM", "name": "example7-go-module.spdx", "profileConformance": [ - "core", + "core", "software" ], - "dataLicense": "CC0-1.0", "rootElement": [ "urn:uuid:711c6f39-6c80-494e-b848-1c01e8962345" ] diff --git a/software/example7/spdx-3.0/example7-golang.spdx.json b/software/example7/spdx-3.0/example7-golang.spdx.json index ac15968..1040090 100644 --- a/software/example7/spdx-3.0/example7-golang.spdx.json +++ b/software/example7/spdx-3.0/example7-golang.spdx.json @@ -1,7 +1,5 @@ { - "@context": [ - "https://spdx.org/rdf/3.0.0/spdx-context.jsonld" - ], + "@context": "https://spdx.org/rdf/3.0.0/spdx-context.jsonld", "@graph": [ { "spdxId": "urn:uuid:cc81c9c0-c466-4e22-b3f6-945a65f5d07b", @@ -27,6 +25,7 @@ { "@id": "_:creationInfo", "type": "CreationInfo", + "specVersion": "3.0.0", "created": "2020-11-24T01:12:27Z", "createdBy": [ "urn:uuid:cc81c9c0-c466-4e22-b3f6-945a65f5d07b" @@ -42,7 +41,9 @@ "software_packageVersion": "1.16.4", "software_primaryPurpose": "install", "software_downloadLocation": "https://golang.org/dl/go1.16.4.linux-amd64.tar.gz", - "originatedBy": "urn:uuid:a5d2b614-1c0a-477d-b1fc-dc391f2c1c6d", + "originatedBy": [ + "urn:uuid:a5d2b614-1c0a-477d-b1fc-dc391f2c1c6d" + ], "verifiedUsing": [ { "type": "Hash", @@ -57,7 +58,9 @@ "name": "go", "creationInfo": "_:creationInfo", "comment": "The installation comes with an executable", - "originatedBy": "urn:uuid:a5d2b614-1c0a-477d-b1fc-dc391f2c1c6d", + "originatedBy": [ + "urn:uuid:a5d2b614-1c0a-477d-b1fc-dc391f2c1c6d" + ], "software_primaryPurpose": "executable" }, { @@ -93,10 +96,9 @@ "comment": "This document's primary communication is the SBOM", "name": "example7-golang.spdx", "profileConformance": [ - "core", + "core", "software" ], - "dataLicense": "CC0-1.0", "rootElement": [ "urn:uuid:d523d308-8348-4051-85ea-a67a14978fad" ] diff --git a/software/example7/spdx-3.0/example7-third-party-modules.spdx.json b/software/example7/spdx-3.0/example7-third-party-modules.spdx.json index 86e381b..4ce119b 100644 --- a/software/example7/spdx-3.0/example7-third-party-modules.spdx.json +++ b/software/example7/spdx-3.0/example7-third-party-modules.spdx.json @@ -1,7 +1,5 @@ { - "@context": [ - "https://spdx.org/rdf/3.0.0/spdx-context.jsonld" - ], + "@context": "https://spdx.org/rdf/3.0.0/spdx-context.jsonld", "@graph": [ { "spdxId": "urn:uuid:75f4bf57-0976-446d-869a-67856a1fa5bb", @@ -34,6 +32,7 @@ { "@id": "_:creationInfo", "type": "CreationInfo", + "specVersion": "3.0.0", "created": "2020-11-25T01:12:27Z", "createdBy": [ "urn:uuid:75f4bf57-0976-446d-869a-67856a1fa5bb" @@ -48,7 +47,9 @@ "comment": "Go module dependency. The author is not given", "software_primaryPurpose": "library", "software_downloadLocation": "git://golang.org/x/text@v0.0.0-20170915032832-14c0d48ead0c", - "originatedBy": "urn:uuid:4b3add7d-8d36-488d-b7cc-f3891af633d1" + "originatedBy": [ + "urn:uuid:4b3add7d-8d36-488d-b7cc-f3891af633d1" + ] }, { "spdxId": "urn:uuid:84e4231d-fc1d-4b4e-9609-05781f81fa73", @@ -58,7 +59,9 @@ "comment": "Go module dependency. The author is not given", "software_primaryPurpose": "library", "software_downloadLocation": "git://rsc.io/sampler@v1.3.0", - "originatedBy": "urn:uuid:1c20ec6e-6e84-417a-8b7f-51bb69f62cb2" + "originatedBy": [ + "urn:uuid:1c20ec6e-6e84-417a-8b7f-51bb69f62cb2" + ] }, { "type": "software_Sbom", @@ -71,7 +74,8 @@ ], "element": [ "urn:uuid:75f4bf57-0976-446d-869a-67856a1fa5bb", - "urn:uuid:0ae67aec-e3f7-4020-b0bc-068486068127", + "urn:uuid:4b3add7d-8d36-488d-b7cc-f3891af633d1", + "urn:uuid:1c20ec6e-6e84-417a-8b7f-51bb69f62cb2", "urn:uuid:4918b993-36f8-4e75-bf94-2f017575eae5", "urn:uuid:84e4231d-fc1d-4b4e-9609-05781f81fa73" ] @@ -86,7 +90,6 @@ "core", "software" ], - "dataLicense": "CC0-1.0", "rootElement": [ "urn:uuid:30bebcfc-096f-4cbd-9fea-da1b8c5f8ea6" ] From 23abdcc01f9b1865ea70d5db9b97f206c0ebe39d Mon Sep 17 00:00:00 2001 From: Nisha Kumar Date: Thu, 8 Aug 2024 08:30:34 -0700 Subject: [PATCH 11/12] Updates to example7 binary sbom - Recalculate hashes for ExternalMap - Remove Build element - Update relationships - Remove Build id from element list - Move all ExternalMap elements to SpdxDocument "imports" Signed-off-by: Nisha Kumar --- .../example7/spdx-3.0/example7-bin.spdx.json | 127 +++++++++--------- 1 file changed, 67 insertions(+), 60 deletions(-) diff --git a/software/example7/spdx-3.0/example7-bin.spdx.json b/software/example7/spdx-3.0/example7-bin.spdx.json index 33456f9..32e012d 100644 --- a/software/example7/spdx-3.0/example7-bin.spdx.json +++ b/software/example7/spdx-3.0/example7-bin.spdx.json @@ -36,69 +36,15 @@ ], "software_primaryPurpose": "executable" }, - { - "type": "ExternalMap", - "externalSpdxId": "urn:uuid:a9f18ff3-17fa-419d-8966-abe4b992312b", - "locationHint": "https://github.com/spdx/spdx-examples/software/example7/example7-golang.spdx.jsonld", - "verifiedUsing": [ - { - "type": "Hash", - "algorithm": "sha256", - "hashValue": "ffde414ff13e529e8ea834f92d0e6df9c56ebace6c359ef3fca9cb60ea6cbb63" - } - ] - }, - { - "type": "ExternalMap", - "externalSpdxId": "urn:uuid:e1877974-0aaa-48e6-931f-db4898c543f8", - "locationHint": "https://github.com/spdx/spdx-examples/software/example7/example7-go-module.spdx.jsonld", - "verifiedUsing": [ - { - "type": "Hash", - "algorithm": "sha256", - "hashValue": "28c680a0232828f5ea550a10e02e9548316d4f8c1c618ae52bdf1d8e6f5a3c3c" - } - ] - }, - { - "type": "ExternalMap", - "externalSpdxId": "urn:uuid:4918b993-36f8-4e75-bf94-2f017575eae5", - "locationHint": "https://github.com/spdx/spdx-examples/software/example7/example7-third-party-modules.spdx.jsonld", - "verifiedUsing": [ - { - "type": "Hash", - "algorithm": "sha256", - "hashValue": "9b34ebb21f3329351be6490733e17c0bd8b3cf4cc7321c0f3207c69844df133d" - } - ] - }, - { - "type": "ExternalMap", - "externalSpdxId": "urn:uuid:84e4231d-fc1d-4b4e-9609-05781f81fa73", - "locationHint": "https://github.com/spdx/spdx-examples/software/example7/example7-third-party-modules.spdx.jsonld", - "verifiedUsing": [ - { - "type": "Hash", - "algorithm": "sha256", - "hashValue": "9b34ebb21f3329351be6490733e17c0bd8b3cf4cc7321c0f3207c69844df133d" - } - ] - }, - { - "spdxId": "urn:uuid:128052d9-d307-43fc-a676-5d8791e12391", - "type": "build_Build", - "comment": "This element is used to express inputs and outputs of the go build" - }, { "type": "LifecycleScopedRelationship", "scope": "build", "spdxId": "urn:uuid:98dd3b3f-6b8f-49a1-88b6-628750516f1e", "creationInfo": "_:creationInfo", - "relationshipType": "hasInputs", - "from": "urn:uuid:128052d9-d307-43fc-a676-5d8791e12391", + "relationshipType": "usesTool", + "from": "urn:uuid:e1877974-0aaa-48e6-931f-db4898c543f8", "to": [ - "urn:uuid:a9f18ff3-17fa-419d-8966-abe4b992312b", - "urn:uuid:e1877974-0aaa-48e6-931f-db4898c543f8" + "urn:uuid:a9f18ff3-17fa-419d-8966-abe4b992312b" ] }, { @@ -106,8 +52,8 @@ "scope": "build", "spdxId": "urn:uuid:a7b65a78-8ed2-4b20-a91b-40f94ecdb81c", "creationInfo": "_:creationInfo", - "relationshipType": "hasOutputs", - "from": "urn:uuid:128052d9-d307-43fc-a676-5d8791e12391", + "relationshipType": "generates", + "from": "urn:uuid:3b2939bf-fcce-4617-a06f-115168870b95", "to": [ "urn:uuid:3773937f-6db8-49f9-920f-7d1a6b0cfcbb" ] @@ -135,7 +81,6 @@ "element": [ "urn:uuid:6731cd26-926c-486b-8127-340c0f11a228", "urn:uuid:3773937f-6db8-49f9-920f-7d1a6b0cfcbb", - "urn:uuid:128052d9-d307-43fc-a676-5d8791e12391", "urn:uuid:98dd3b3f-6b8f-49a1-88b6-628750516f1e", "urn:uuid:a7b65a78-8ed2-4b20-a91b-40f94ecdb81c", "urn:uuid:5524e7dd-5d2f-44fa-86b0-ccaa3cf6fa63" @@ -153,6 +98,68 @@ ], "rootElement": [ "urn:uuid:4c7ec5f3-875b-4f99-8c4c-f0a718da8c4f" + ], + "imports": [ + { + "type": "ExternalMap", + "externalSpdxId": "urn:uuid:a9f18ff3-17fa-419d-8966-abe4b992312b", + "locationHint": "https://github.com/spdx/spdx-examples/software/example7/example7-golang.spdx.jsonld", + "verifiedUsing": [ + { + "type": "Hash", + "algorithm": "sha256", + "hashValue": "15ed567c36a30fb37f7d19f0f471434b9453909bf62d925194efe713ede62086" + } + ] + }, + { + "type": "ExternalMap", + "externalSpdxId": "urn:uuid:3b2939bf-fcce-4617-a06f-115168870b95", + "locationHint": "https://github.com/spdx/spdx-examples/software/example7/example7-golang.spdx.jsonld", + "verifiedUsing": [ + { + "type": "Hash", + "algorithm": "sha256", + "hashValue": "15ed567c36a30fb37f7d19f0f471434b9453909bf62d925194efe713ede62086" + } + ] + }, + { + "type": "ExternalMap", + "externalSpdxId": "urn:uuid:e1877974-0aaa-48e6-931f-db4898c543f8", + "locationHint": "https://github.com/spdx/spdx-examples/software/example7/example7-go-module.spdx.jsonld", + "verifiedUsing": [ + { + "type": "Hash", + "algorithm": "sha256", + "hashValue": "7bb2343efdccb4a2a2947219c87747673854fc6b550b2f98518af342f8dded17" + } + ] + }, + { + "type": "ExternalMap", + "externalSpdxId": "urn:uuid:4918b993-36f8-4e75-bf94-2f017575eae5", + "locationHint": "https://github.com/spdx/spdx-examples/software/example7/example7-third-party-modules.spdx.jsonld", + "verifiedUsing": [ + { + "type": "Hash", + "algorithm": "sha256", + "hashValue": "0e3532e0773d24d1a3a0a58592effd67daf22ac89282dc18805e1eef23f68dfe" + } + ] + }, + { + "type": "ExternalMap", + "externalSpdxId": "urn:uuid:84e4231d-fc1d-4b4e-9609-05781f81fa73", + "locationHint": "https://github.com/spdx/spdx-examples/software/example7/example7-third-party-modules.spdx.jsonld", + "verifiedUsing": [ + { + "type": "Hash", + "algorithm": "sha256", + "hashValue": "0e3532e0773d24d1a3a0a58592effd67daf22ac89282dc18805e1eef23f68dfe" + } + ] + } ] } ] From 4a9291bc6f04856f936cd9d3e8a8f0ddcd88213a Mon Sep 17 00:00:00 2001 From: Nisha Kumar Date: Wed, 25 Sep 2024 13:46:32 -0700 Subject: [PATCH 12/12] Move files back to folder called spdx3.0 Signed-off-by: Nisha Kumar --- software/example7/{spdx-3.0 => spdx3.0}/example7-bin.spdx.json | 0 .../example7/{spdx-3.0 => spdx3.0}/example7-go-module.spdx.json | 0 software/example7/{spdx-3.0 => spdx3.0}/example7-golang.spdx.json | 0 .../{spdx-3.0 => spdx3.0}/example7-third-party-modules.spdx.json | 0 4 files changed, 0 insertions(+), 0 deletions(-) rename software/example7/{spdx-3.0 => spdx3.0}/example7-bin.spdx.json (100%) rename software/example7/{spdx-3.0 => spdx3.0}/example7-go-module.spdx.json (100%) rename software/example7/{spdx-3.0 => spdx3.0}/example7-golang.spdx.json (100%) rename software/example7/{spdx-3.0 => spdx3.0}/example7-third-party-modules.spdx.json (100%) diff --git a/software/example7/spdx-3.0/example7-bin.spdx.json b/software/example7/spdx3.0/example7-bin.spdx.json similarity index 100% rename from software/example7/spdx-3.0/example7-bin.spdx.json rename to software/example7/spdx3.0/example7-bin.spdx.json diff --git a/software/example7/spdx-3.0/example7-go-module.spdx.json b/software/example7/spdx3.0/example7-go-module.spdx.json similarity index 100% rename from software/example7/spdx-3.0/example7-go-module.spdx.json rename to software/example7/spdx3.0/example7-go-module.spdx.json diff --git a/software/example7/spdx-3.0/example7-golang.spdx.json b/software/example7/spdx3.0/example7-golang.spdx.json similarity index 100% rename from software/example7/spdx-3.0/example7-golang.spdx.json rename to software/example7/spdx3.0/example7-golang.spdx.json diff --git a/software/example7/spdx-3.0/example7-third-party-modules.spdx.json b/software/example7/spdx3.0/example7-third-party-modules.spdx.json similarity index 100% rename from software/example7/spdx-3.0/example7-third-party-modules.spdx.json rename to software/example7/spdx3.0/example7-third-party-modules.spdx.json