forked from spdx/spdx-examples
-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathexample7-golang.spdx.json
More file actions
107 lines (107 loc) · 3.45 KB
/
example7-golang.spdx.json
File metadata and controls
107 lines (107 loc) · 3.45 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
{
"@context": "https://spdx.org/rdf/3.0.1/spdx-context.jsonld",
"@graph": [
{
"spdxId": "urn:uuid:cc81c9c0-c466-4e22-b3f6-945a65f5d07b",
"type": "Person",
"creationInfo": "_:creationInfo",
"comment": "Person or Tool that created this document",
"name": "Nisha K",
"externalIdentifier": [
{
"type": "ExternalIdentifier",
"externalIdentifierType": "email",
"identifier": "nishak@vmware.com"
}
]
},
{
"spdxId": "urn:uuid:a5d2b614-1c0a-477d-b1fc-dc391f2c1c6d",
"type": "Organization",
"creationInfo": "_:creationInfo",
"comment": "The organization that originated the software package",
"name": "golang.org"
},
{
"@id": "_:creationInfo",
"type": "CreationInfo",
"specVersion": "3.0.1",
"created": "2020-11-24T01:12:27Z",
"createdBy": [
"urn:uuid:cc81c9c0-c466-4e22-b3f6-945a65f5d07b"
],
"comment": "All objects within the graph will have this same CreationInfo"
},
{
"spdxId": "urn:uuid:a9f18ff3-17fa-419d-8966-abe4b992312b",
"type": "software_Package",
"name": "go1.16.4.linux-amd64.tar.gz",
"creationInfo": "_:creationInfo",
"comment": "This is the downloaded tarball to be installed on disk",
"software_packageVersion": "1.16.4",
"software_primaryPurpose": "install",
"software_downloadLocation": "https://golang.org/dl/go1.16.4.linux-amd64.tar.gz",
"originatedBy": [
"urn:uuid:a5d2b614-1c0a-477d-b1fc-dc391f2c1c6d"
],
"verifiedUsing": [
{
"type": "Hash",
"algorithm": "sha256",
"hashValue": "7154e88f5a8047aad4b80ebace58a059e36e7e2e4eb3b383127a28c711b4ff59"
}
]
},
{
"spdxId": "urn:uuid:3b2939bf-fcce-4617-a06f-115168870b95",
"type": "software_File",
"name": "go",
"creationInfo": "_:creationInfo",
"comment": "The installation comes with an executable",
"originatedBy": [
"urn:uuid:a5d2b614-1c0a-477d-b1fc-dc391f2c1c6d"
],
"software_primaryPurpose": "executable"
},
{
"type": "Relationship",
"spdxId": "urn:uuid:92c6754b-d6e9-48b7-8b86-54fdc89995a6",
"creationInfo": "_:creationInfo",
"relationshipType": "contains",
"from": "urn:uuid:a9f18ff3-17fa-419d-8966-abe4b992312b",
"to": [
"urn:uuid:3b2939bf-fcce-4617-a06f-115168870b95"
]
},
{
"type": "software_Sbom",
"spdxId": "urn:uuid:d523d308-8348-4051-85ea-a67a14978fad",
"creationInfo": "_:creationInfo",
"comment": "The SBOM communicates that this document is an SBOM",
"rootElement": [
"urn:uuid:a9f18ff3-17fa-419d-8966-abe4b992312b"
],
"element": [
"urn:uuid:a5d2b614-1c0a-477d-b1fc-dc391f2c1c6d",
"urn:uuid:cc81c9c0-c466-4e22-b3f6-945a65f5d07b",
"urn:uuid:a9f18ff3-17fa-419d-8966-abe4b992312b",
"urn:uuid:3b2939bf-fcce-4617-a06f-115168870b95",
"urn:uuid:92c6754b-d6e9-48b7-8b86-54fdc89995a6"
]
},
{
"spdxId": "urn:uuid:93867a66-8945-45c2-ac11-4277d3af38fa",
"type": "SpdxDocument",
"creationInfo": "_:creationInfo",
"comment": "This document's primary communication is the SBOM",
"name": "example7-golang.spdx",
"profileConformance": [
"core",
"software"
],
"rootElement": [
"urn:uuid:d523d308-8348-4051-85ea-a67a14978fad"
]
}
]
}