github.com/devseccon/trivy@v0.47.1-0.20231123133102-bd902a0bd996/pkg/sbom/spdx/testdata/happy/bom.json (about) 1 { 2 "SPDXID": "SPDXRef-DOCUMENT", 3 "creationInfo": { 4 "created": "2022-09-12T17:02:46.826609Z", 5 "creators": [ 6 "Tool: trivy-dev", 7 "Organization: aquasecurity" 8 ] 9 }, 10 "dataLicense": "CC0-1.0", 11 "documentNamespace": "http://aquasecurity.github.io/trivy/container/meven-test-project-eb7a0384-b04a-4fc6-8afb-1662fe59ca79", 12 "name": "maven-test-projecct", 13 "packages": [ 14 { 15 "SPDXID": "SPDXRef-Application-150e605f5f17224d", 16 "filesAnalyzed": false, 17 "name": "jar", 18 "sourceInfo": "Java" 19 }, 20 { 21 "SPDXID": "SPDXRef-Application-24f8a80152e2c0fc", 22 "filesAnalyzed": false, 23 "name": "node-pkg", 24 "sourceInfo": "Node.js" 25 }, 26 { 27 "SPDXID": "SPDXRef-Application-36324ee492e03f0a", 28 "filesAnalyzed": false, 29 "name": "gobinary", 30 "sourceInfo": "app/gobinary/gobinary" 31 }, 32 { 33 "SPDXID": "SPDXRef-Application-4af197c15114fb0e", 34 "filesAnalyzed": false, 35 "name": "composer", 36 "sourceInfo": "app/composer/composer.lock" 37 }, 38 { 39 "SPDXID": "SPDXRef-ContainerImage-b5d81cde5f95c8fc", 40 "attributionTexts": [ 41 "SchemaVersion: 2", 42 "ImageID: sha256:49193a2310dbad4c02382da87ac624a80a92387a4f7536235f9ba590e5bcd7b5", 43 "DiffID: sha256:dd565ff850e7003356e2b252758f9bdc1ff2803f61e995e24c7844f6297f8fc3", 44 "DiffID: sha256:3c79e832b1b4891a1cb4a326ef8524e0bd14a2537150ac0e203a5677176c1ca1", 45 "RepoTag: maven-test-project:latest", 46 "RepoTag: tmp-test:latest" 47 ], 48 "filesAnalyzed": false, 49 "name": "meven-test-project" 50 }, 51 { 52 "SPDXID": "SPDXRef-OperatingSystem-bd17bf9010aa612c", 53 "filesAnalyzed": false, 54 "name": "alpine", 55 "versionInfo": "3.16.0" 56 }, 57 { 58 "SPDXID": "SPDXRef-Package-2906575950df652b", 59 "attributionTexts": [ 60 "LayerDiffID: sha256:3c79e832b1b4891a1cb4a326ef8524e0bd14a2537150ac0e203a5677176c1ca1" 61 ], 62 "externalRefs": [ 63 { 64 "referenceCategory": "PACKAGE-MANAGER", 65 "referenceLocator": "pkg:composer/pear/log@1.13.1", 66 "referenceType": "purl" 67 } 68 ], 69 "filesAnalyzed": false, 70 "licenseConcluded": "NONE", 71 "licenseDeclared": "NONE", 72 "name": "pear/log", 73 "versionInfo": "1.13.1" 74 }, 75 { 76 "SPDXID": "SPDXRef-Package-2a53baa495b9ddaf", 77 "attributionTexts": [ 78 "LayerDiffID: sha256:3c79e832b1b4891a1cb4a326ef8524e0bd14a2537150ac0e203a5677176c1ca1" 79 ], 80 "externalRefs": [ 81 { 82 "referenceCategory": "PACKAGE-MANAGER", 83 "referenceLocator": "pkg:maven/org.codehaus.mojo/child-project@1.0", 84 "referenceType": "purl" 85 } 86 ], 87 "filesAnalyzed": false, 88 "licenseConcluded": "NONE", 89 "licenseDeclared": "NONE", 90 "name": "org.codehaus.mojo:child-project", 91 "versionInfo": "1.0" 92 }, 93 { 94 "SPDXID": "SPDXRef-Package-5e2e255ac76747ef", 95 "attributionTexts": [ 96 "LayerDiffID: sha256:3c79e832b1b4891a1cb4a326ef8524e0bd14a2537150ac0e203a5677176c1ca1" 97 ], 98 "externalRefs": [ 99 { 100 "referenceCategory": "PACKAGE-MANAGER", 101 "referenceLocator": "pkg:composer/pear/pear_exception@v1.0.0", 102 "referenceType": "purl" 103 } 104 ], 105 "filesAnalyzed": false, 106 "licenseConcluded": "NONE", 107 "licenseDeclared": "NONE", 108 "name": "pear/pear_exception", 109 "versionInfo": "v1.0.0" 110 }, 111 { 112 "SPDXID": "SPDXRef-Package-5f1dbaff8de5eb06", 113 "attributionTexts": [ 114 "LayerDiffID: sha256:3c79e832b1b4891a1cb4a326ef8524e0bd14a2537150ac0e203a5677176c1ca1" 115 ], 116 "externalRefs": [ 117 { 118 "referenceCategory": "PACKAGE-MANAGER", 119 "referenceLocator": "pkg:npm/bootstrap@5.0.2", 120 "referenceType": "purl" 121 } 122 ], 123 "filesAnalyzed": false, 124 "licenseConcluded": "MIT", 125 "licenseDeclared": "MIT", 126 "name": "bootstrap", 127 "versionInfo": "5.0.2" 128 }, 129 { 130 "SPDXID": "SPDXRef-Package-84ebffe38343d949", 131 "attributionTexts": [ 132 "LayerDiffID: sha256:3c79e832b1b4891a1cb4a326ef8524e0bd14a2537150ac0e203a5677176c1ca1" 133 ], 134 "externalRefs": [ 135 { 136 "referenceCategory": "PACKAGE-MANAGER", 137 "referenceLocator": "pkg:golang/github.com/package-url/packageurl-go@v0.1.1-0.20220203205134-d70459300c8a", 138 "referenceType": "purl" 139 } 140 ], 141 "filesAnalyzed": false, 142 "licenseConcluded": "NONE", 143 "licenseDeclared": "NONE", 144 "name": "github.com/package-url/packageurl-go", 145 "versionInfo": "v0.1.1-0.20220203205134-d70459300c8a" 146 }, 147 { 148 "SPDXID": "SPDXRef-Package-b7ebaf0233f1ef7b", 149 "attributionTexts": [ 150 "LayerDiffID: sha256:dd565ff850e7003356e2b252758f9bdc1ff2803f61e995e24c7844f6297f8fc3" 151 ], 152 "externalRefs": [ 153 { 154 "referenceCategory": "PACKAGE-MANAGER", 155 "referenceLocator": "pkg:apk/alpine/musl@1.2.3-r0?distro=3.16.0", 156 "referenceType": "purl" 157 } 158 ], 159 "filesAnalyzed": false, 160 "licenseConcluded": "MIT", 161 "licenseDeclared": "MIT", 162 "name": "musl", 163 "sourceInfo": "built package from: musl 1.2.3-r0", 164 "versionInfo": "1.2.3-r0" 165 } 166 ], 167 "relationships": [ 168 { 169 "relatedSpdxElement": "SPDXRef-ContainerImage-b5d81cde5f95c8fc", 170 "relationshipType": "DESCRIBES", 171 "spdxElementId": "SPDXRef-DOCUMENT" 172 }, 173 { 174 "relatedSpdxElement": "SPDXRef-OperatingSystem-bd17bf9010aa612c", 175 "relationshipType": "CONTAINS", 176 "spdxElementId": "SPDXRef-ContainerImage-b5d81cde5f95c8fc" 177 }, 178 { 179 "relatedSpdxElement": "SPDXRef-Package-b7ebaf0233f1ef7b", 180 "relationshipType": "DEPENDS_ON", 181 "spdxElementId": "SPDXRef-OperatingSystem-bd17bf9010aa612c" 182 }, 183 { 184 "relatedSpdxElement": "SPDXRef-Application-150e605f5f17224d", 185 "relationshipType": "CONTAINS", 186 "spdxElementId": "SPDXRef-ContainerImage-b5d81cde5f95c8fc" 187 }, 188 { 189 "relatedSpdxElement": "SPDXRef-Package-2a53baa495b9ddaf", 190 "relationshipType": "DEPENDS_ON", 191 "spdxElementId": "SPDXRef-Application-150e605f5f17224d" 192 }, 193 { 194 "relatedSpdxElement": "SPDXRef-Application-24f8a80152e2c0fc", 195 "relationshipType": "CONTAINS", 196 "spdxElementId": "SPDXRef-ContainerImage-b5d81cde5f95c8fc" 197 }, 198 { 199 "relatedSpdxElement": "SPDXRef-Package-5f1dbaff8de5eb06", 200 "relationshipType": "DEPENDS_ON", 201 "spdxElementId": "SPDXRef-Application-24f8a80152e2c0fc" 202 }, 203 { 204 "relatedSpdxElement": "SPDXRef-Application-4af197c15114fb0e", 205 "relationshipType": "CONTAINS", 206 "spdxElementId": "SPDXRef-ContainerImage-b5d81cde5f95c8fc" 207 }, 208 { 209 "relatedSpdxElement": "SPDXRef-Package-2906575950df652b", 210 "relationshipType": "DEPENDS_ON", 211 "spdxElementId": "SPDXRef-Application-4af197c15114fb0e" 212 }, 213 { 214 "relatedSpdxElement": "SPDXRef-Package-5e2e255ac76747ef", 215 "relationshipType": "DEPENDS_ON", 216 "spdxElementId": "SPDXRef-Application-4af197c15114fb0e" 217 }, 218 { 219 "relatedSpdxElement": "SPDXRef-Application-36324ee492e03f0a", 220 "relationshipType": "CONTAINS", 221 "spdxElementId": "SPDXRef-ContainerImage-b5d81cde5f95c8fc" 222 }, 223 { 224 "relatedSpdxElement": "SPDXRef-Package-84ebffe38343d949", 225 "relationshipType": "DEPENDS_ON", 226 "spdxElementId": "SPDXRef-Application-36324ee492e03f0a" 227 } 228 ], 229 "spdxVersion": "SPDX-2.2" 230 }