github.com/devseccon/trivy@v0.47.1-0.20231123133102-bd902a0bd996/pkg/fanal/analyzer/sbom/testdata/postgresql.spdx.json (about) 1 { 2 "SPDXID": "SPDXRef-postgresql", 3 "spdxVersion": "SPDX-2.3", 4 "creationInfo": { 5 "created": "2023-07-13T19:24:23.609Z", 6 "creators": [ 7 "Organization: VMware, Inc." 8 ] 9 }, 10 "name": "SPDX document for PostgreSQL 15.3.0", 11 "dataLicense": "CC0-1.0", 12 "documentDescribes": [ 13 "SPDXRef-postgresql" 14 ], 15 "documentNamespace": "postgresql-15.3.0", 16 "packages": [ 17 { 18 "SPDXID": "SPDXRef-postgresql", 19 "name": "PostgreSQL", 20 "versionInfo": "15.3.0", 21 "downloadLocation": "https://ftp.postgresql.org/pub/source/v15.3/postgresql-15.3.tar.gz", 22 "licenseConcluded": "PostgreSQL", 23 "licenseDeclared": "PostgreSQL", 24 "filesAnalyzed": false, 25 "externalRefs": [ 26 { 27 "referenceCategory": "SECURITY", 28 "referenceType": "cpe23Type", 29 "referenceLocator": "cpe:2.3:*:postgresql:postgresql:15.3.0:*:*:*:*:*:*:*" 30 }, 31 { 32 "referenceCategory": "PACKAGE-MANAGER", 33 "referenceType": "purl", 34 "referenceLocator": "pkg:bitnami/postgresql@15.3.0" 35 } 36 ] 37 }, 38 { 39 "SPDXID": "SPDXRef-geos", 40 "name": "GEOS", 41 "versionInfo": "3.8.3", 42 "downloadLocation": "https://github.com/libgeos/geos/archive/3.8.3.tar.gz", 43 "licenseConcluded": "LGPL-2.1-only", 44 "licenseDeclared": "LGPL-2.1-only", 45 "filesAnalyzed": false, 46 "externalRefs": [ 47 { 48 "referenceCategory": "SECURITY", 49 "referenceType": "cpe23Type", 50 "referenceLocator": "cpe:2.3:*:libgeos:geos:3.8.3:*:*:*:*:*:*:*" 51 }, 52 { 53 "referenceCategory": "PACKAGE-MANAGER", 54 "referenceType": "purl", 55 "referenceLocator": "pkg:bitnami/geos@3.8.3" 56 } 57 ] 58 }, 59 { 60 "SPDXID": "SPDXRef-proj", 61 "name": "Proj", 62 "versionInfo": "6.3.2", 63 "downloadLocation": "https://github.com/OSGeo/PROJ/archive/6.3.2.tar.gz", 64 "licenseConcluded": "MIT", 65 "licenseDeclared": "MIT", 66 "filesAnalyzed": false, 67 "externalRefs": [ 68 { 69 "referenceCategory": "SECURITY", 70 "referenceType": "cpe23Type", 71 "referenceLocator": "cpe:2.3:*:proj:proj:6.3.2:*:*:*:*:*:*:*" 72 }, 73 { 74 "referenceCategory": "PACKAGE-MANAGER", 75 "referenceType": "purl", 76 "referenceLocator": "pkg:bitnami/proj@6.3.2" 77 } 78 ] 79 }, 80 { 81 "SPDXID": "SPDXRef-gdal", 82 "name": "GDAL", 83 "versionInfo": "3.7.1", 84 "downloadLocation": "https://github.com/OSGeo/gdal/releases/download/v3.7.1/gdal-3.7.1.tar.gz", 85 "licenseConcluded": "MIT", 86 "licenseDeclared": "MIT", 87 "filesAnalyzed": false, 88 "externalRefs": [ 89 { 90 "referenceCategory": "SECURITY", 91 "referenceType": "cpe23Type", 92 "referenceLocator": "cpe:2.3:*:osgeo:gdal:3.7.1:*:*:*:*:*:*:*" 93 }, 94 { 95 "referenceCategory": "PACKAGE-MANAGER", 96 "referenceType": "purl", 97 "referenceLocator": "pkg:bitnami/gdal@3.7.1" 98 } 99 ] 100 } 101 ], 102 "files": [], 103 "relationships": [ 104 { 105 "spdxElementId": "SPDXRef-postgresql", 106 "relationshipType": "CONTAINS", 107 "relatedSpdxElement": "SPDXRef-geos" 108 }, 109 { 110 "spdxElementId": "SPDXRef-postgresql", 111 "relationshipType": "CONTAINS", 112 "relatedSpdxElement": "SPDXRef-proj" 113 }, 114 { 115 "spdxElementId": "SPDXRef-postgresql", 116 "relationshipType": "CONTAINS", 117 "relatedSpdxElement": "SPDXRef-gdal" 118 } 119 ] 120 }