github.com/devseccon/trivy@v0.47.1-0.20231123133102-bd902a0bd996/pkg/sbom/spdx/testdata/sad/invalid-source-info.json (about) 1 { 2 "SPDXID": "SPDXRef-DOCUMENT", 3 "creationInfo": { 4 "created": "2022-09-12T17:02:46.826609Z", 5 "creators": [ 6 "Tool: trivy-dev", 7 "Organization: aquasecurity" 8 ] 9 }, 10 "dataLicense": "CC0-1.0", 11 "documentNamespace": "http://aquasecurity.github.io/trivy/container/meven-test-project-eb7a0384-b04a-4fc6-8afb-1662fe59ca79", 12 "name": "maven-test-projecct", 13 "packages": [ 14 { 15 "SPDXID": "SPDXRef-ContainerImage-b5d81cde5f95c8fc", 16 "filesAnalyzed": false, 17 "name": "meven-test-project" 18 }, 19 { 20 "SPDXID": "SPDXRef-OperatingSystem-bd17bf9010aa612c", 21 "filesAnalyzed": false, 22 "name": "alpine", 23 "versionInfo": "3.16.0" 24 }, 25 { 26 "SPDXID": "SPDXRef-Package-b7ebaf0233f1ef7b", 27 "externalRefs": [ 28 { 29 "referenceCategory": "PACKAGE-MANAGER", 30 "referenceLocator": "pkg:apk/alpine/musl@1.2.3-r0?distro=3.16.0", 31 "referenceType": "purl" 32 } 33 ], 34 "filesAnalyzed": false, 35 "name": "musl", 36 "sourceInfo": "built package from: invalid", 37 "versionInfo": "1.2.3-r0" 38 } 39 ], 40 "relationships": [ 41 { 42 "relatedSpdxElement": "SPDXRef-ContainerImage-b5d81cde5f95c8fc", 43 "relationshipType": "DESCRIBE", 44 "spdxElementId": "SPDXRef-DOCUMENT" 45 }, 46 { 47 "relatedSpdxElement": "SPDXRef-OperatingSystem-bd17bf9010aa612c", 48 "relationshipType": "CONTAINS", 49 "spdxElementId": "SPDXRef-ContainerImage-b5d81cde5f95c8fc" 50 }, 51 { 52 "relatedSpdxElement": "SPDXRef-Package-b7ebaf0233f1ef7b", 53 "relationshipType": "DEPENDS_ON", 54 "spdxElementId": "SPDXRef-OperatingSystem-bd17bf9010aa612c" 55 } 56 ], 57 "spdxVersion": "SPDX-2.2" 58 }