Add a SBOM template in CycloneDX format (#585)

Improve supply chain security by including a SBOM file with substituted values. This will be used to construct a composite platform SBOM. Signed-off-by: Richard Hughes <richard@hughsie.com>
open-quantum-safe · Dec 12, 2024 · 7e1ee0f · 7e1ee0f
1 parent dfa44a9
commit 7e1ee0f
Showing 1 changed file with 45 additions and 0 deletions.
diff --git a/sbom.cdx.json b/sbom.cdx.json
@@ -0,0 +1,45 @@
+{
+  "bomFormat": "CycloneDX",
+  "specVersion": "1.6",
+  "version": 1,
+  "metadata": {
+    "authors": [
+      {
+        "name": "@VCS_SBOM_AUTHORS@"
+      }
+    ]
+  },
+  "components": [
+    {
+      "type": "library",
+      "bom-ref": "pkg:github/open-quantum-safe/oqs-provider@@VCS_TAG@",
+      "name": "oqsprovider",
+      "version": "@VCS_VERSION@",
+      "description": "Research and prototyping OSSL provider for post quantum cryptographic algorithms (NOT RECOMMENDED FOR PRODUCTION USE)",
+      "authors": [
+        {
+          "name": "@VCS_AUTHORS@"
+        }
+      ],
+      "supplier": {
+        "name": "The OQS core team"
+      },
+      "licenses": [
+        {
+          "license": {
+            "id": "MIT"
+          }
+        }
+      ],
+      "externalReferences": [
+        {
+          "type": "vcs",
+          "url": "https://github.com/open-quantum-safe/oqs-provider"
+        }
+      ],
+      "pedigree": {
+        "notes": "DO NOT TRUST"
+      }
+    }
+  ]
+}