Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

chore: update SBOM for Python 3.8 #4097

Merged
merged 1 commit into from
Apr 29, 2024
Merged

chore: update SBOM for Python 3.8 #4097

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
80 changes: 64 additions & 16 deletions sbom/cve-bin-tool-py3.8.json
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,11 +1,11 @@
{
"$schema": "http://cyclonedx.org/schema/bom-1.5.schema.json",
"$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json",
"bomFormat": "CycloneDX",
"specVersion": "1.5",
"serialNumber": "urn:uuid:3011e948-50cd-43d1-a1c6-42af9dba80ba",
"specVersion": "1.6",
"serialNumber": "urn:uuid:f71e88da-e1db-49f6-acbf-30c67afd914a",
"version": 1,
"metadata": {
"timestamp": "2024-04-22T00:28:09Z",
"timestamp": "2024-04-29T00:27:35Z",
"tools": {
"components": [
{
Expand Down Expand Up @@ -361,6 +361,12 @@
},
"cpe": "cpe:2.3:a:kim_davies:idna:3.7:*:*:*:*:*:*:*",
"description": "Internationalized Domain Names in Applications (IDNA)",
"hashes": [
{
"alg": "SHA-1",
"content": "1d365e17e10d72d0b7876316fc7b9ca0eebdd38d"
}
],
"externalReferences": [
{
"url": "https://pypi.org/project/idna/3.7",
Expand Down Expand Up @@ -699,6 +705,12 @@
},
"cpe": "cpe:2.3:a:andrey_kislyuk:argcomplete:3.3.0:*:*:*:*:*:*:*",
"description": "Bash tab completion for argparse",
"hashes": [
{
"alg": "SHA-1",
"content": "c7cc834df1fddcf94bd35b740fef7c7ab8e9c350"
}
],
"licenses": [
{
"license": {
Expand Down Expand Up @@ -1376,6 +1388,12 @@
},
"cpe": "cpe:2.3:a:the_python_cryptographic_authority_and_individual_contributors:cryptography:42.0.5:*:*:*:*:*:*:*",
"description": "cryptography is a package which provides cryptographic recipes and primitives to Python developers.",
"hashes": [
{
"alg": "SHA-1",
"content": "33833f031d9d36234e11d9671be150d53b9e598d"
}
],
"licenses": [
{
"expression": "Apache-2.0 OR BSD-3-Clause"
Expand Down Expand Up @@ -1463,6 +1481,12 @@
},
"cpe": "cpe:2.3:a:eli_bendersky:pycparser:2.22:*:*:*:*:*:*:*",
"description": "C parser in Python",
"hashes": [
{
"alg": "SHA-1",
"content": "129d32ef805d715d90a3b2035b13168c17ca63d2"
}
],
"licenses": [
{
"license": {
Expand Down Expand Up @@ -1733,6 +1757,12 @@
},
"cpe": "cpe:2.3:a:jason_r._coombs:importlib-metadata:7.1.0:*:*:*:*:*:*:*",
"description": "Read metadata from Python packages",
"hashes": [
{
"alg": "SHA-1",
"content": "f5d6b5f3f3f6fffe01b340c5a19562433db148a9"
}
],
"externalReferences": [
{
"url": "https://pypi.org/project/importlib_metadata/7.1.0",
Expand Down Expand Up @@ -1767,6 +1797,12 @@
},
"cpe": "cpe:2.3:a:jason_r._coombs:zipp:3.18.1:*:*:*:*:*:*:*",
"description": "Backport of pathlib-compatible object wrapper for zip files",
"hashes": [
{
"alg": "SHA-1",
"content": "bfae83474a730e8cc9b8a71027fb859b46b3875c"
}
],
"externalReferences": [
{
"url": "https://pypi.org/project/zipp/3.18.1",
Expand Down Expand Up @@ -1801,6 +1837,12 @@
},
"cpe": "cpe:2.3:a:barry_warsaw:importlib-resources:6.4.0:*:*:*:*:*:*:*",
"description": "Read resources from Python packages",
"hashes": [
{
"alg": "SHA-1",
"content": "1f4d3f10a3ed5d65b3092a39369c08e71e30a97c"
}
],
"externalReferences": [
{
"url": "https://pypi.org/project/importlib_resources/6.4.0",
Expand Down Expand Up @@ -1982,20 +2024,20 @@
"type": "library",
"bom-ref": "47-referencing",
"name": "referencing",
"version": "0.34.0",
"version": "0.35.0",
"supplier": {
"name": "Julian Berman"
},
"cpe": "cpe:2.3:a:julian_berman:referencing:0.34.0:*:*:*:*:*:*:*",
"cpe": "cpe:2.3:a:julian_berman:referencing:0.35.0:*:*:*:*:*:*:*",
"description": "JSON Referencing + Python",
"externalReferences": [
{
"url": "https://pypi.org/project/referencing/0.34.0",
"url": "https://pypi.org/project/referencing/0.35.0",
"type": "distribution",
"comment": "Download location for component"
}
],
"purl": "pkg:pypi/referencing@0.34.0",
"purl": "pkg:pypi/referencing@0.35.0",
"properties": [
{
"name": "language",
Expand Down Expand Up @@ -2082,7 +2124,7 @@
"type": "library",
"bom-ref": "50-lib4sbom",
"name": "lib4sbom",
"version": "0.7.0",
"version": "0.7.1",
"supplier": {
"name": "Anthony Harrison",
"contact": [
Expand All @@ -2091,7 +2133,7 @@
}
]
},
"cpe": "cpe:2.3:a:anthony_harrison:lib4sbom:0.7.0:*:*:*:*:*:*:*",
"cpe": "cpe:2.3:a:anthony_harrison:lib4sbom:0.7.1:*:*:*:*:*:*:*",
"description": "Software Bill of Material (SBOM) generator and consumer library",
"licenses": [
{
Expand All @@ -2103,12 +2145,12 @@
],
"externalReferences": [
{
"url": "https://pypi.org/project/lib4sbom/0.7.0",
"url": "https://pypi.org/project/lib4sbom/0.7.1",
"type": "distribution",
"comment": "Download location for component"
}
],
"purl": "pkg:pypi/lib4sbom@0.7.0",
"purl": "pkg:pypi/lib4sbom@0.7.1",
"properties": [
{
"name": "language",
Expand Down Expand Up @@ -2788,6 +2830,12 @@
},
"cpe": "cpe:2.3:a:guido_van_jukka_ukasz_michael:typing-extensions:4.11.0:*:*:*:*:*:*:*",
"description": "Backported and Experimental Type Hints for Python 3.8+",
"hashes": [
{
"alg": "SHA-1",
"content": "d4d929d44bd984350e2d17726362295f588eaace"
}
],
"externalReferences": [
{
"url": "https://pypi.org/project/typing_extensions/4.11.0",
Expand Down Expand Up @@ -2901,7 +2949,7 @@
"type": "library",
"bom-ref": "69-xmlschema",
"name": "xmlschema",
"version": "3.3.0",
"version": "3.3.1",
"supplier": {
"name": "Davide Brunato",
"contact": [
Expand All @@ -2910,7 +2958,7 @@
}
]
},
"cpe": "cpe:2.3:a:davide_brunato:xmlschema:3.3.0:*:*:*:*:*:*:*",
"cpe": "cpe:2.3:a:davide_brunato:xmlschema:3.3.1:*:*:*:*:*:*:*",
"description": "An XML Schema validator and decoder",
"licenses": [
{
Expand All @@ -2922,12 +2970,12 @@
],
"externalReferences": [
{
"url": "https://pypi.org/project/xmlschema/3.3.0",
"url": "https://pypi.org/project/xmlschema/3.3.1",
"type": "distribution",
"comment": "Download location for component"
}
],
"purl": "pkg:pypi/xmlschema@3.3.0",
"purl": "pkg:pypi/xmlschema@3.3.1",
"properties": [
{
"name": "language",
Expand Down
36 changes: 22 additions & 14 deletions sbom/cve-bin-tool-py3.8.spdx
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,10 +2,10 @@ SPDXVersion: SPDX-2.3
DataLicense: CC0-1.0
SPDXID: SPDXRef-DOCUMENT
DocumentName: Python-cve-bin-tool
DocumentNamespace: http://spdx.org/spdxdocs/Python-cve-bin-tool-a059f2f9-c142-41b3-b870-0e0c0f91d08b
DocumentNamespace: http://spdx.org/spdxdocs/Python-cve-bin-tool-3e09fd99-db2d-4685-ac0b-5dc0d4c7b348
LicenseListVersion: 3.22
Creator: Tool: sbom4python-0.10.4
Created: 2024-04-22T00:26:48Z
Created: 2024-04-29T00:26:10Z
CreatorComment: <text>This document has been automatically generated.</text>
#####

Expand Down Expand Up @@ -141,6 +141,7 @@ PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Kim Davies (kim+pypi@gumleaf.org)
PackageDownloadLocation: https://pypi.org/project/idna/3.7
FilesAnalyzed: false
PackageChecksum: SHA1: 1d365e17e10d72d0b7876316fc7b9ca0eebdd38d
PackageLicenseDeclared: NOASSERTION
PackageLicenseConcluded: NOASSERTION
PackageCopyrightText: NOASSERTION
Expand Down Expand Up @@ -269,6 +270,7 @@ PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Andrey Kislyuk (kislyuk@gmail.com)
PackageDownloadLocation: https://pypi.org/project/argcomplete/3.3.0
FilesAnalyzed: false
PackageChecksum: SHA1: c7cc834df1fddcf94bd35b740fef7c7ab8e9c350
PackageLicenseDeclared: NOASSERTION
PackageLicenseConcluded: Apache-2.0
PackageLicenseComments: <text>argcomplete declares Apache Software License which is not currently a valid SPDX License identifier or expression.</text>
Expand Down Expand Up @@ -512,6 +514,7 @@ PrimaryPackagePurpose: LIBRARY
PackageSupplier: Organization: The Python Cryptographic Authority and individual contributors (cryptography-dev@python.org)
PackageDownloadLocation: https://pypi.org/project/cryptography/42.0.5
FilesAnalyzed: false
PackageChecksum: SHA1: 33833f031d9d36234e11d9671be150d53b9e598d
PackageLicenseDeclared: Apache-2.0 OR BSD-3-Clause
PackageLicenseConcluded: Apache-2.0 OR BSD-3-Clause
PackageCopyrightText: NOASSERTION
Expand Down Expand Up @@ -543,6 +546,7 @@ PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Eli Bendersky (eliben@gmail.com)
PackageDownloadLocation: https://pypi.org/project/pycparser/2.22
FilesAnalyzed: false
PackageChecksum: SHA1: 129d32ef805d715d90a3b2035b13168c17ca63d2
PackageLicenseDeclared: BSD-3-Clause
PackageLicenseConcluded: BSD-3-Clause
PackageCopyrightText: NOASSERTION
Expand Down Expand Up @@ -639,6 +643,7 @@ PrimaryPackagePurpose: LIBRARY
PackageSupplier: Organization: Jason R. Coombs (jaraco@jaraco.com)
PackageDownloadLocation: https://pypi.org/project/importlib_metadata/7.1.0
FilesAnalyzed: false
PackageChecksum: SHA1: f5d6b5f3f3f6fffe01b340c5a19562433db148a9
PackageLicenseDeclared: NOASSERTION
PackageLicenseConcluded: NOASSERTION
PackageCopyrightText: NOASSERTION
Expand All @@ -654,6 +659,7 @@ PrimaryPackagePurpose: LIBRARY
PackageSupplier: Organization: Jason R. Coombs (jaraco@jaraco.com)
PackageDownloadLocation: https://pypi.org/project/zipp/3.18.1
FilesAnalyzed: false
PackageChecksum: SHA1: bfae83474a730e8cc9b8a71027fb859b46b3875c
PackageLicenseDeclared: NOASSERTION
PackageLicenseConcluded: NOASSERTION
PackageCopyrightText: NOASSERTION
Expand All @@ -669,6 +675,7 @@ PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Barry Warsaw (barry@python.org)
PackageDownloadLocation: https://pypi.org/project/importlib_resources/6.4.0
FilesAnalyzed: false
PackageChecksum: SHA1: 1f4d3f10a3ed5d65b3092a39369c08e71e30a97c
PackageLicenseDeclared: NOASSERTION
PackageLicenseConcluded: NOASSERTION
PackageCopyrightText: NOASSERTION
Expand Down Expand Up @@ -740,17 +747,17 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:julian_berman:jsonschema-specification

PackageName: referencing
SPDXID: SPDXRef-Package-47-referencing
PackageVersion: 0.34.0
PackageVersion: 0.35.0
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Julian Berman
PackageDownloadLocation: https://pypi.org/project/referencing/0.34.0
PackageDownloadLocation: https://pypi.org/project/referencing/0.35.0
FilesAnalyzed: false
PackageLicenseDeclared: NOASSERTION
PackageLicenseConcluded: NOASSERTION
PackageCopyrightText: NOASSERTION
PackageSummary: <text>JSON Referencing + Python</text>
ExternalRef: PACKAGE_MANAGER purl pkg:pypi/referencing@0.34.0
ExternalRef: SECURITY cpe23Type cpe:2.3:a:julian_berman:referencing:0.34.0:*:*:*:*:*:*:*
ExternalRef: PACKAGE_MANAGER purl pkg:pypi/referencing@0.35.0
ExternalRef: SECURITY cpe23Type cpe:2.3:a:julian_berman:referencing:0.35.0:*:*:*:*:*:*:*
#####

PackageName: rpds-py
Expand Down Expand Up @@ -785,17 +792,17 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:vinay_sajip:pkgutil-resolve-name:1.3.1

PackageName: lib4sbom
SPDXID: SPDXRef-Package-50-lib4sbom
PackageVersion: 0.7.0
PackageVersion: 0.7.1
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Anthony Harrison (anthony.p.harrison@gmail.com)
PackageDownloadLocation: https://pypi.org/project/lib4sbom/0.7.0
PackageDownloadLocation: https://pypi.org/project/lib4sbom/0.7.1
FilesAnalyzed: false
PackageLicenseDeclared: Apache-2.0
PackageLicenseConcluded: Apache-2.0
PackageCopyrightText: NOASSERTION
PackageSummary: <text>Software Bill of Material (SBOM) generator and consumer library</text>
ExternalRef: PACKAGE_MANAGER purl pkg:pypi/lib4sbom@0.7.0
ExternalRef: SECURITY cpe23Type cpe:2.3:a:anthony_harrison:lib4sbom:0.7.0:*:*:*:*:*:*:*
ExternalRef: PACKAGE_MANAGER purl pkg:pypi/lib4sbom@0.7.1
ExternalRef: SECURITY cpe23Type cpe:2.3:a:anthony_harrison:lib4sbom:0.7.1:*:*:*:*:*:*:*
#####

PackageName: pyyaml
Expand Down Expand Up @@ -1044,6 +1051,7 @@ PrimaryPackagePurpose: LIBRARY
PackageSupplier: Organization: Guido van Jukka ukasz Michael (levkivskyi@gmail.com)
PackageDownloadLocation: https://pypi.org/project/typing_extensions/4.11.0
FilesAnalyzed: false
PackageChecksum: SHA1: d4d929d44bd984350e2d17726362295f588eaace
PackageLicenseDeclared: NOASSERTION
PackageLicenseConcluded: NOASSERTION
PackageCopyrightText: NOASSERTION
Expand Down Expand Up @@ -1085,17 +1093,17 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:william_pearson:toml:0.10.2:*:*:*:*:*:

PackageName: xmlschema
SPDXID: SPDXRef-Package-69-xmlschema
PackageVersion: 3.3.0
PackageVersion: 3.3.1
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Davide Brunato (brunato@sissa.it)
PackageDownloadLocation: https://pypi.org/project/xmlschema/3.3.0
PackageDownloadLocation: https://pypi.org/project/xmlschema/3.3.1
FilesAnalyzed: false
PackageLicenseDeclared: MIT
PackageLicenseConcluded: MIT
PackageCopyrightText: NOASSERTION
PackageSummary: <text>An XML Schema validator and decoder</text>
ExternalRef: PACKAGE_MANAGER purl pkg:pypi/xmlschema@3.3.0
ExternalRef: SECURITY cpe23Type cpe:2.3:a:davide_brunato:xmlschema:3.3.0:*:*:*:*:*:*:*
ExternalRef: PACKAGE_MANAGER purl pkg:pypi/xmlschema@3.3.1
ExternalRef: SECURITY cpe23Type cpe:2.3:a:davide_brunato:xmlschema:3.3.1:*:*:*:*:*:*:*
#####

PackageName: elementpath
Expand Down
Loading