Skip to content

Commit

Permalink
chore: update SBOM for Python 3.11 (intel#4093)
Browse files Browse the repository at this point in the history 
Co-authored-by: GitHub <noreply@github.com>
  • Loading branch information
@github-actions @web-flow
github-actions[bot] and web-flow authored Apr 29, 2024
1 parent 4eb0333 commit 4693beb
Show file tree
Hide file tree
Showing 2 changed files with 58 additions and 30 deletions.
56 changes: 40 additions & 16 deletions sbom/cve-bin-tool-py3.11.json
View file
Original file line number Diff line number Diff line change
@@ -1,11 +1,11 @@
{
"$schema": "http://cyclonedx.org/schema/bom-1.5.schema.json",
"$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json",
"bomFormat": "CycloneDX",
"specVersion": "1.5",
"serialNumber": "urn:uuid:a724c9fa-1450-4ee9-90df-ea70f46028f5",
"specVersion": "1.6",
"serialNumber": "urn:uuid:ad8db8e0-3eb6-4112-98e5-e6255b2ea7ef",
"version": 1,
"metadata": {
"timestamp": "2024-04-22T00:27:30Z",
"timestamp": "2024-04-29T00:26:51Z",
"tools": {
"components": [
{
Expand Down Expand Up @@ -313,6 +313,12 @@
},
"cpe": "cpe:2.3:a:kim_davies:idna:3.7:*:*:*:*:*:*:*",
"description": "Internationalized Domain Names in Applications (IDNA)",
"hashes": [
{
"alg": "SHA-1",
"content": "1d365e17e10d72d0b7876316fc7b9ca0eebdd38d"
}
],
"externalReferences": [
{
"url": "https://pypi.org/project/idna/3.7",
Expand Down Expand Up @@ -651,6 +657,12 @@
},
"cpe": "cpe:2.3:a:andrey_kislyuk:argcomplete:3.3.0:*:*:*:*:*:*:*",
"description": "Bash tab completion for argparse",
"hashes": [
{
"alg": "SHA-1",
"content": "c7cc834df1fddcf94bd35b740fef7c7ab8e9c350"
}
],
"licenses": [
{
"license": {
Expand Down Expand Up @@ -1328,6 +1340,12 @@
},
"cpe": "cpe:2.3:a:the_python_cryptographic_authority_and_individual_contributors:cryptography:42.0.5:*:*:*:*:*:*:*",
"description": "cryptography is a package which provides cryptographic recipes and primitives to Python developers.",
"hashes": [
{
"alg": "SHA-1",
"content": "33833f031d9d36234e11d9671be150d53b9e598d"
}
],
"licenses": [
{
"expression": "Apache-2.0 OR BSD-3-Clause"
Expand Down Expand Up @@ -1415,6 +1433,12 @@
},
"cpe": "cpe:2.3:a:eli_bendersky:pycparser:2.22:*:*:*:*:*:*:*",
"description": "C parser in Python",
"hashes": [
{
"alg": "SHA-1",
"content": "129d32ef805d715d90a3b2035b13168c17ca63d2"
}
],
"licenses": [
{
"license": {
Expand Down Expand Up @@ -1832,20 +1856,20 @@
"type": "library",
"bom-ref": "43-referencing",
"name": "referencing",
"version": "0.34.0",
"version": "0.35.0",
"supplier": {
"name": "Julian Berman"
},
"cpe": "cpe:2.3:a:julian_berman:referencing:0.34.0:*:*:*:*:*:*:*",
"cpe": "cpe:2.3:a:julian_berman:referencing:0.35.0:*:*:*:*:*:*:*",
"description": "JSON Referencing + Python",
"externalReferences": [
{
"url": "https://pypi.org/project/referencing/0.34.0",
"url": "https://pypi.org/project/referencing/0.35.0",
"type": "distribution",
"comment": "Download location for component"
}
],
"purl": "pkg:pypi/referencing@0.34.0",
"purl": "pkg:pypi/referencing@0.35.0",
"properties": [
{
"name": "language",
Expand Down Expand Up @@ -1898,7 +1922,7 @@
"type": "library",
"bom-ref": "45-lib4sbom",
"name": "lib4sbom",
"version": "0.7.0",
"version": "0.7.1",
"supplier": {
"name": "Anthony Harrison",
"contact": [
Expand All @@ -1907,7 +1931,7 @@
}
]
},
"cpe": "cpe:2.3:a:anthony_harrison:lib4sbom:0.7.0:*:*:*:*:*:*:*",
"cpe": "cpe:2.3:a:anthony_harrison:lib4sbom:0.7.1:*:*:*:*:*:*:*",
"description": "Software Bill of Material (SBOM) generator and consumer library",
"licenses": [
{
Expand All @@ -1919,12 +1943,12 @@
],
"externalReferences": [
{
"url": "https://pypi.org/project/lib4sbom/0.7.0",
"url": "https://pypi.org/project/lib4sbom/0.7.1",
"type": "distribution",
"comment": "Download location for component"
}
],
"purl": "pkg:pypi/lib4sbom@0.7.0",
"purl": "pkg:pypi/lib4sbom@0.7.1",
"properties": [
{
"name": "language",
Expand Down Expand Up @@ -2635,7 +2659,7 @@
"type": "library",
"bom-ref": "62-xmlschema",
"name": "xmlschema",
"version": "3.3.0",
"version": "3.3.1",
"supplier": {
"name": "Davide Brunato",
"contact": [
Expand All @@ -2644,7 +2668,7 @@
}
]
},
"cpe": "cpe:2.3:a:davide_brunato:xmlschema:3.3.0:*:*:*:*:*:*:*",
"cpe": "cpe:2.3:a:davide_brunato:xmlschema:3.3.1:*:*:*:*:*:*:*",
"description": "An XML Schema validator and decoder",
"licenses": [
{
Expand All @@ -2656,12 +2680,12 @@
],
"externalReferences": [
{
"url": "https://pypi.org/project/xmlschema/3.3.0",
"url": "https://pypi.org/project/xmlschema/3.3.1",
"type": "distribution",
"comment": "Download location for component"
}
],
"purl": "pkg:pypi/xmlschema@3.3.0",
"purl": "pkg:pypi/xmlschema@3.3.1",
"properties": [
{
"name": "language",
Expand Down
32 changes: 18 additions & 14 deletions sbom/cve-bin-tool-py3.11.spdx
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,10 +2,10 @@ SPDXVersion: SPDX-2.3
DataLicense: CC0-1.0
SPDXID: SPDXRef-DOCUMENT
DocumentName: Python-cve-bin-tool
DocumentNamespace: http://spdx.org/spdxdocs/Python-cve-bin-tool-82f58543-22bd-4a27-9870-1027bc4a581b
DocumentNamespace: http://spdx.org/spdxdocs/Python-cve-bin-tool-4fe3f4bd-5244-43a9-9517-86e273fd5e72
LicenseListVersion: 3.22
Creator: Tool: sbom4python-0.10.4
Created: 2024-04-22T00:26:28Z
Created: 2024-04-29T00:25:47Z
CreatorComment: <text>This document has been automatically generated.</text>
#####

Expand Down Expand Up @@ -124,6 +124,7 @@ PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Kim Davies (kim+pypi@gumleaf.org)
PackageDownloadLocation: https://pypi.org/project/idna/3.7
FilesAnalyzed: false
PackageChecksum: SHA1: 1d365e17e10d72d0b7876316fc7b9ca0eebdd38d
PackageLicenseDeclared: NOASSERTION
PackageLicenseConcluded: NOASSERTION
PackageCopyrightText: NOASSERTION
Expand Down Expand Up @@ -252,6 +253,7 @@ PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Andrey Kislyuk (kislyuk@gmail.com)
PackageDownloadLocation: https://pypi.org/project/argcomplete/3.3.0
FilesAnalyzed: false
PackageChecksum: SHA1: c7cc834df1fddcf94bd35b740fef7c7ab8e9c350
PackageLicenseDeclared: NOASSERTION
PackageLicenseConcluded: Apache-2.0
PackageLicenseComments: <text>argcomplete declares Apache Software License which is not currently a valid SPDX License identifier or expression.</text>
Expand Down Expand Up @@ -495,6 +497,7 @@ PrimaryPackagePurpose: LIBRARY
PackageSupplier: Organization: The Python Cryptographic Authority and individual contributors (cryptography-dev@python.org)
PackageDownloadLocation: https://pypi.org/project/cryptography/42.0.5
FilesAnalyzed: false
PackageChecksum: SHA1: 33833f031d9d36234e11d9671be150d53b9e598d
PackageLicenseDeclared: Apache-2.0 OR BSD-3-Clause
PackageLicenseConcluded: Apache-2.0 OR BSD-3-Clause
PackageCopyrightText: NOASSERTION
Expand Down Expand Up @@ -526,6 +529,7 @@ PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Eli Bendersky (eliben@gmail.com)
PackageDownloadLocation: https://pypi.org/project/pycparser/2.22
FilesAnalyzed: false
PackageChecksum: SHA1: 129d32ef805d715d90a3b2035b13168c17ca63d2
PackageLicenseDeclared: BSD-3-Clause
PackageLicenseConcluded: BSD-3-Clause
PackageCopyrightText: NOASSERTION
Expand Down Expand Up @@ -678,17 +682,17 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:julian_berman:jsonschema-specification

PackageName: referencing
SPDXID: SPDXRef-Package-43-referencing
PackageVersion: 0.34.0
PackageVersion: 0.35.0
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Julian Berman
PackageDownloadLocation: https://pypi.org/project/referencing/0.34.0
PackageDownloadLocation: https://pypi.org/project/referencing/0.35.0
FilesAnalyzed: false
PackageLicenseDeclared: NOASSERTION
PackageLicenseConcluded: NOASSERTION
PackageCopyrightText: NOASSERTION
PackageSummary: <text>JSON Referencing + Python</text>
ExternalRef: PACKAGE_MANAGER purl pkg:pypi/referencing@0.34.0
ExternalRef: SECURITY cpe23Type cpe:2.3:a:julian_berman:referencing:0.34.0:*:*:*:*:*:*:*
ExternalRef: PACKAGE_MANAGER purl pkg:pypi/referencing@0.35.0
ExternalRef: SECURITY cpe23Type cpe:2.3:a:julian_berman:referencing:0.35.0:*:*:*:*:*:*:*
#####

PackageName: rpds-py
Expand All @@ -708,17 +712,17 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:julian_berman:rpds-py:0.18.0:*:*:*:*:*

PackageName: lib4sbom
SPDXID: SPDXRef-Package-45-lib4sbom
PackageVersion: 0.7.0
PackageVersion: 0.7.1
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Anthony Harrison (anthony.p.harrison@gmail.com)
PackageDownloadLocation: https://pypi.org/project/lib4sbom/0.7.0
PackageDownloadLocation: https://pypi.org/project/lib4sbom/0.7.1
FilesAnalyzed: false
PackageLicenseDeclared: Apache-2.0
PackageLicenseConcluded: Apache-2.0
PackageCopyrightText: NOASSERTION
PackageSummary: <text>Software Bill of Material (SBOM) generator and consumer library</text>
ExternalRef: PACKAGE_MANAGER purl pkg:pypi/lib4sbom@0.7.0
ExternalRef: SECURITY cpe23Type cpe:2.3:a:anthony_harrison:lib4sbom:0.7.0:*:*:*:*:*:*:*
ExternalRef: PACKAGE_MANAGER purl pkg:pypi/lib4sbom@0.7.1
ExternalRef: SECURITY cpe23Type cpe:2.3:a:anthony_harrison:lib4sbom:0.7.1:*:*:*:*:*:*:*
#####

PackageName: pyyaml
Expand Down Expand Up @@ -977,17 +981,17 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:sean_ross:rpmfile:2.0.0:*:*:*:*:*:*:*

PackageName: xmlschema
SPDXID: SPDXRef-Package-62-xmlschema
PackageVersion: 3.3.0
PackageVersion: 3.3.1
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Davide Brunato (brunato@sissa.it)
PackageDownloadLocation: https://pypi.org/project/xmlschema/3.3.0
PackageDownloadLocation: https://pypi.org/project/xmlschema/3.3.1
FilesAnalyzed: false
PackageLicenseDeclared: MIT
PackageLicenseConcluded: MIT
PackageCopyrightText: NOASSERTION
PackageSummary: <text>An XML Schema validator and decoder</text>
ExternalRef: PACKAGE_MANAGER purl pkg:pypi/xmlschema@3.3.0
ExternalRef: SECURITY cpe23Type cpe:2.3:a:davide_brunato:xmlschema:3.3.0:*:*:*:*:*:*:*
ExternalRef: PACKAGE_MANAGER purl pkg:pypi/xmlschema@3.3.1
ExternalRef: SECURITY cpe23Type cpe:2.3:a:davide_brunato:xmlschema:3.3.1:*:*:*:*:*:*:*
#####

PackageName: elementpath
Expand Down

0 comments on commit 4693beb

Please sign in to comment.