github.com/google/osv-scalibr@v0.4.1/extractor/filesystem/sbom/spdx/testdata/sbom.spdx.yml

github.com/google/osv-scalibr@v0.4.1/extractor/filesystem/sbom/spdx/testdata/sbom.spdx.yml (about)

     1  ---
     2  SPDXID: "SPDXRef-DOCUMENT"
     3  spdxVersion: "SPDX-2.3"
     4  creationInfo:
     5    created: "2023-04-28T15:44:16Z"
     6    creators:
     7    - "Person: John Doe"
     8    licenseListVersion: "3.18"
     9  name: "examplesbom"
    10  dataLicense: "CC0-1.0"
    11  documentDescribes:
    12  - "SPDXRef-nginx"
    13  - "SPDXRef-openssl"
    14  documentNamespace: "http://example.org/documents/examplesbom-1.0.1"
    15  packages:
    16  - SPDXID: "SPDXRef-nginx"
    17    copyrightText: "NOASSERTION"
    18    description: "Nginx 1.21.1"
    19    downloadLocation: "http://example.org/nginx.rar"
    20    externalRefs:
    21    - referenceCategory: "SECURITY"
    22      referenceLocator: "cpe:2.3:a:nginx:nginx:1.21.1"
    23      referenceType: "cpe23Type"
    24    filesAnalyzed: false
    25    licenseConcluded: "NOASSERTION"
    26    licenseDeclared: "NOASSERTION"
    27    name: "Nginx"
    28    summary: "Nginx"
    29  - SPDXID: "SPDXRef-openssl"
    30    copyrightText: "NOASSERTION"
    31    description: "openssl 1.1.1"
    32    downloadLocation: "http://example.org/nginx.rar"
    33    externalRefs:
    34    - referenceCategory: "SECURITY"
    35      referenceLocator: "pkg:generic/openssl@1.1.1l"
    36      referenceType: "purl"
    37    filesAnalyzed: false
    38    licenseConcluded: "NOASSERTION"
    39    licenseDeclared: "NOASSERTION"
    40    name: "openssl"
    41    summary: "openssl"
    42  relationships: []