github.com/nextlinux/gosbom@v0.81.1-0.20230627115839-1ff50c281391/gosbom/formats/spdxjson/test-fixtures/spdx/alpine-3.10.gosbom.spdx.json (about) 1 { 2 "SPDXID": "SPDXRef-DOCUMENT", 3 "name": "alpine-3.10", 4 "spdxVersion": "SPDX-2.2", 5 "creationInfo": { 6 "created": "2022-01-20T21:40:24.439211Z", 7 "creators": [ 8 "Organization: Nextlinux, Inc", 9 "Tool: gosbom-[not provided]" 10 ], 11 "licenseListVersion": "3.15" 12 }, 13 "dataLicense": "CC0-1.0", 14 "documentNamespace": "https://anchore.com/gosbom/image/alpine-3.10-204b304b-beb3-4413-9b38-d8a2e58e3dfb", 15 "packages": [ 16 { 17 "SPDXID": "SPDXRef-a61243292e73923", 18 "name": "busybox", 19 "licenseConcluded": "GPL-2.0", 20 "description": "Size optimized toolbox of many common UNIX utilities", 21 "downloadLocation": "https://busybox.net/", 22 "externalRefs": [ 23 { 24 "referenceCategory": "SECURITY", 25 "referenceLocator": "cpe:2.3:a:busybox:busybox:1.30.1-r5:*:*:*:*:*:*:*", 26 "referenceType": "cpe23Type" 27 }, 28 { 29 "referenceCategory": "PACKAGE_MANAGER", 30 "referenceLocator": "pkg:apk/alpine/busybox@1.30.1-r5?arch=x86_64&distro=alpine-3.10.9", 31 "referenceType": "purl" 32 } 33 ], 34 "filesAnalyzed": false, 35 "licenseDeclared": "GPL-2.0", 36 "originator": "Person: Natanael Copa <ncopa@alpinelinux.org>", 37 "sourceInfo": "acquired package info from APK DB: /lib/apk/db/installed", 38 "versionInfo": "1.30.1-r5" 39 }, 40 { 41 "SPDXID": "SPDXRef-d2f55e316dbe92e4", 42 "name": "libssl1.1", 43 "licenseConcluded": "OpenSSL", 44 "description": "SSL shared libraries", 45 "downloadLocation": "https://www.openssl.org", 46 "externalRefs": [ 47 { 48 "referenceCategory": "SECURITY", 49 "referenceLocator": "cpe:2.3:a:libssl1.1:libssl1.1:1.1.1k-r0:*:*:*:*:*:*:*", 50 "referenceType": "cpe23Type" 51 }, 52 { 53 "referenceCategory": "PACKAGE_MANAGER", 54 "referenceLocator": "pkg:apk/alpine/libssl1.1@1.1.1k-r0?arch=x86_64&distro=alpine-3.10.9", 55 "referenceType": "purl" 56 } 57 ], 58 "filesAnalyzed": false, 59 "licenseDeclared": "OpenSSL", 60 "originator": "Person: Timo Teras <timo.teras@iki.fi>", 61 "sourceInfo": "acquired package info from APK DB: /lib/apk/db/installed", 62 "versionInfo": "1.1.1k-r0" 63 }, 64 { 65 "SPDXID": "SPDXRef-2b24657ad7aaafea", 66 "name": "ssl_client", 67 "licenseConcluded": "GPL-2.0", 68 "description": "EXternal ssl_client for busybox wget", 69 "downloadLocation": "https://busybox.net/", 70 "externalRefs": [ 71 { 72 "referenceCategory": "SECURITY", 73 "referenceLocator": "cpe:2.3:a:ssl-client:ssl-client:1.30.1-r5:*:*:*:*:*:*:*", 74 "referenceType": "cpe23Type" 75 }, 76 { 77 "referenceCategory": "SECURITY", 78 "referenceLocator": "cpe:2.3:a:ssl-client:ssl_client:1.30.1-r5:*:*:*:*:*:*:*", 79 "referenceType": "cpe23Type" 80 }, 81 { 82 "referenceCategory": "SECURITY", 83 "referenceLocator": "cpe:2.3:a:ssl_client:ssl-client:1.30.1-r5:*:*:*:*:*:*:*", 84 "referenceType": "cpe23Type" 85 }, 86 { 87 "referenceCategory": "SECURITY", 88 "referenceLocator": "cpe:2.3:a:ssl_client:ssl_client:1.30.1-r5:*:*:*:*:*:*:*", 89 "referenceType": "cpe23Type" 90 }, 91 { 92 "referenceCategory": "SECURITY", 93 "referenceLocator": "cpe:2.3:a:ssl:ssl-client:1.30.1-r5:*:*:*:*:*:*:*", 94 "referenceType": "cpe23Type" 95 }, 96 { 97 "referenceCategory": "SECURITY", 98 "referenceLocator": "cpe:2.3:a:ssl:ssl_client:1.30.1-r5:*:*:*:*:*:*:*", 99 "referenceType": "cpe23Type" 100 }, 101 { 102 "referenceCategory": "PACKAGE_MANAGER", 103 "referenceLocator": "pkg:apk/alpine/ssl_client@1.30.1-r5?arch=x86_64&upstream=busybox&distro=alpine-3.10.9", 104 "referenceType": "purl" 105 } 106 ], 107 "filesAnalyzed": false, 108 "licenseDeclared": "GPL-2.0", 109 "originator": "Person: Natanael Copa <ncopa@alpinelinux.org>", 110 "sourceInfo": "acquired package info from APK DB: /lib/apk/db/installed", 111 "versionInfo": "1.30.1-r5" 112 } 113 ], 114 "files": [ 115 { 116 "SPDXID": "SPDXRef-a07392483a2d0750", 117 "comment": "layerID: sha256:9fb3aa2f8b8023a4bebbf92aa567caf88e38e969ada9f0ac12643b2847391635", 118 "licenseConcluded": "NOASSERTION", 119 "fileName": "/bin/busybox" 120 }, 121 { 122 "SPDXID": "SPDXRef-aa3cfed221706d80", 123 "comment": "layerID: sha256:9fb3aa2f8b8023a4bebbf92aa567caf88e38e969ada9f0ac12643b2847391635", 124 "licenseConcluded": "NOASSERTION", 125 "fileName": "/lib/libssl.so.1.1" 126 } 127 ], 128 "relationships": [ 129 { 130 "spdxElementId": "SPDXRef-a61243292e73923", 131 "relationshipType": "CONTAINS", 132 "relatedSpdxElement": "SPDXRef-a07392483a2d0750" 133 }, 134 { 135 "spdxElementId": "SPDXRef-a61243292e73923", 136 "relationshipType": "CONTAINS", 137 "relatedSpdxElement": "SPDXRef-a07392483a2d0750" 138 }, 139 { 140 "spdxElementId": "SPDXRef-a61243292e73923", 141 "relationshipType": "CONTAINS", 142 "relatedSpdxElement": "SPDXRef-499bb68237b0f2b8" 143 }, 144 { 145 "spdxElementId": "SPDXRef-a61243292e73923", 146 "relationshipType": "CONTAINS", 147 "relatedSpdxElement": "SPDXRef-df78c68c8206be69" 148 }, 149 { 150 "spdxElementId": "SPDXRef-a61243292e73923", 151 "relationshipType": "CONTAINS", 152 "relatedSpdxElement": "SPDXRef-7c980486fc17af43" 153 }, 154 { 155 "spdxElementId": "SPDXRef-a61243292e73923", 156 "relationshipType": "CONTAINS", 157 "relatedSpdxElement": "SPDXRef-8762661e65166719" 158 }, 159 { 160 "spdxElementId": "SPDXRef-d2f55e316dbe92e4", 161 "relationshipType": "CONTAINS", 162 "relatedSpdxElement": "SPDXRef-aa3cfed221706d80" 163 }, 164 { 165 "spdxElementId": "SPDXRef-d2f55e316dbe92e4", 166 "relationshipType": "CONTAINS", 167 "relatedSpdxElement": "SPDXRef-aa3cfed221706d80" 168 } 169 ] 170 }