github.com/google/osv-scalibr@v0.4.1/extractor/filesystem/sbom/spdx/testdata/sbom.spdx.json (about) 1 { 2 "SPDXID" : "SPDXRef-DOCUMENT", 3 "spdxVersion" : "SPDX-2.3", 4 "creationInfo" : { 5 "created" : "2023-04-28T15:44:16Z", 6 "creators" : [ "Person: John Doe" ], 7 "licenseListVersion" : "3.18" 8 }, 9 "name" : "examplesbom", 10 "dataLicense" : "CC0-1.0", 11 "documentNamespace" : "http://example.org/documents/examplesbom-1.0.1", 12 "documentDescribes": [ 13 "SPDXRef-nginx", 14 "SPDXRef-openssl" 15 ], 16 "packages" : [ { 17 "SPDXID" : "SPDXRef-nginx", 18 "description" : "Nginx 1.21.1", 19 "filesAnalyzed" : false, 20 "downloadLocation": "http://example.org/nginx.rar", 21 "copyrightText": "NOASSERTION", 22 "licenseConcluded": "NOASSERTION", 23 "licenseDeclared": "NOASSERTION", 24 "name" : "Nginx", 25 "summary" : "Nginx", 26 "externalRefs": [ { 27 "referenceCategory" : "SECURITY", 28 "referenceLocator" : "cpe:2.3:a:nginx:nginx:1.21.1", 29 "referenceType": "cpe23Type" 30 } ] 31 }, { 32 "SPDXID" : "SPDXRef-openssl", 33 "description" : "openssl 1.1.1", 34 "filesAnalyzed" : false, 35 "downloadLocation": "http://example.org/nginx.rar", 36 "copyrightText": "NOASSERTION", 37 "licenseConcluded": "NOASSERTION", 38 "licenseDeclared": "NOASSERTION", 39 "name" : "openssl", 40 "summary" : "openssl", 41 "externalRefs": [ { 42 "referenceCategory" : "SECURITY", 43 "referenceLocator" : "pkg:generic/openssl@1.1.1l", 44 "referenceType": "purl" 45 } ] 46 } ] 47 }