github.com/google/osv-scalibr@v0.4.1/extractor/filesystem/sbom/spdx/testdata/purl_and_cpe.spdx.json (about) 1 { 2 "SPDXID": "SPDXRef-DOCUMENT", 3 "spdxVersion": "SPDX-2.3", 4 "creationInfo": { 5 "created": "2023-04-28T15:44:16Z", 6 "creators": ["Person: John Doe"], 7 "licenseListVersion": "3.18" 8 }, 9 "name": "examplesbom", 10 "dataLicense": "CC0-1.0", 11 "documentNamespace": "http://example.org/documents/examplesbom-1.0.1", 12 "documentDescribes": ["SPDXRef-nginx", "SPDXRef-openssl"], 13 "packages": [ 14 { 15 "SPDXID": "SPDXRef-nginx", 16 "description": "Nginx 1.21.1", 17 "filesAnalyzed": false, 18 "downloadLocation": "http://example.org/nginx.rar", 19 "copyrightText": "NOASSERTION", 20 "licenseConcluded": "NOASSERTION", 21 "licenseDeclared": "NOASSERTION", 22 "name": "Nginx", 23 "summary": "Nginx", 24 "externalRefs": [ 25 { 26 "referenceCategory": "SECURITY", 27 "referenceLocator": "cpe:2.3:a:nginx:nginx:1.21.1", 28 "referenceType": "cpe23Type" 29 }, 30 { 31 "referenceCategory": "SECURITY", 32 "referenceLocator": "pkg:generic/nginx@1.21.1", 33 "referenceType": "purl" 34 } 35 ] 36 }, 37 { 38 "SPDXID": "SPDXRef-openssl", 39 "description": "openssl 1.1.1", 40 "filesAnalyzed": false, 41 "downloadLocation": "http://example.org/openssl.rar", 42 "copyrightText": "NOASSERTION", 43 "licenseConcluded": "NOASSERTION", 44 "licenseDeclared": "NOASSERTION", 45 "name": "openssl", 46 "summary": "openssl", 47 "externalRefs": [ 48 { 49 "referenceCategory": "SECURITY", 50 "referenceLocator": "pkg:generic/openssl@1.1.1l", 51 "referenceType": "purl" 52 } 53 ] 54 } 55 ] 56 }