Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

chore: update SBOM for Python 3.9 #3188

Merged
merged 1 commit into from
Aug 3, 2023
Merged

chore: update SBOM for Python 3.9 #3188

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
61 changes: 32 additions & 29 deletions sbom/cve-bin-tool-py3.9.json
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,17 +1,20 @@
{
"$schema": "http://cyclonedx.org/schema/bom-1.4.schema.json",
"bomFormat": "CycloneDX",
"specVersion": "1.4",
"serialNumber": "urn:uuide5365fa2-de05-43d0-a018-fda815a5092c",
"specVersion": "1.5",
"serialNumber": "urn:uuid3c692e0e-ab92-4d11-82c5-f84ba168d1a4",
"version": 1,
"metadata": {
"timestamp": "2023-07-24T00:30:14Z",
"tools": [
{
"name": "sbom4python",
"version": "0.9.2"
}
],
"timestamp": "2023-07-31T00:29:01Z",
"tools": {
"components": [
{
"name": "sbom4python",
"version": "0.10.0",
"type": "application"
}
]
},
"component": {
"type": "application",
"bom-ref": "CDXRef-DOCUMENT",
Expand Down Expand Up @@ -842,7 +845,7 @@
"type": "library",
"bom-ref": "26-pyparsing",
"name": "pyparsing",
"version": "3.1.0",
"version": "3.1.1",
"supplier": {
"name": "Paul McGuire",
"contact": [
Expand All @@ -851,16 +854,16 @@
}
]
},
"cpe": "cpe:2.3:a:paul_mcguire:pyparsing:3.1.0:*:*:*:*:*:*:*",
"cpe": "cpe:2.3:a:paul_mcguire:pyparsing:3.1.1:*:*:*:*:*:*:*",
"description": "pyparsing module - Classes and methods to define and execute parsing grammars",
"externalReferences": [
{
"url": "https://pypi.org/project/pyparsing/3.1.0",
"url": "https://pypi.org/project/pyparsing/3.1.1",
"type": "distribution",
"comment": "Download location for component"
}
],
"purl": "pkg:pypi/pyparsing@3.1.0"
"purl": "pkg:pypi/pyparsing@3.1.1"
},
{
"type": "library",
Expand Down Expand Up @@ -1572,7 +1575,7 @@
"type": "library",
"bom-ref": "49-lib4sbom",
"name": "lib4sbom",
"version": "0.3.1",
"version": "0.4.0",
"supplier": {
"name": "Anthony Harrison",
"contact": [
Expand All @@ -1581,7 +1584,7 @@
}
]
},
"cpe": "cpe:2.3:a:anthony_harrison:lib4sbom:0.3.1:*:*:*:*:*:*:*",
"cpe": "cpe:2.3:a:anthony_harrison:lib4sbom:0.4.0:*:*:*:*:*:*:*",
"description": "Software Bill of Material (SBOM) generator and consumer library",
"licenses": [
{
Expand All @@ -1593,12 +1596,12 @@
],
"externalReferences": [
{
"url": "https://pypi.org/project/lib4sbom/0.3.1",
"url": "https://pypi.org/project/lib4sbom/0.4.0",
"type": "distribution",
"comment": "Download location for component"
}
],
"purl": "pkg:pypi/lib4sbom@0.3.1"
"purl": "pkg:pypi/lib4sbom@0.4.0"
},
{
"type": "library",
Expand Down Expand Up @@ -1889,7 +1892,7 @@
"type": "library",
"bom-ref": "58-rich",
"name": "rich",
"version": "13.4.2",
"version": "13.5.0",
"supplier": {
"name": "Will McGugan",
"contact": [
Expand All @@ -1898,7 +1901,7 @@
}
]
},
"cpe": "cpe:2.3:a:will_mcgugan:rich:13.4.2:*:*:*:*:*:*:*",
"cpe": "cpe:2.3:a:will_mcgugan:rich:13.5.0:*:*:*:*:*:*:*",
"description": "Render rich text, tables, progress bars, syntax highlighting, markdown and more to the terminal",
"licenses": [
{
Expand All @@ -1910,12 +1913,12 @@
],
"externalReferences": [
{
"url": "https://pypi.org/project/rich/13.4.2",
"url": "https://pypi.org/project/rich/13.5.0",
"type": "distribution",
"comment": "Download location for component"
}
],
"purl": "pkg:pypi/rich@13.4.2"
"purl": "pkg:pypi/rich@13.5.0"
},
{
"type": "library",
Expand Down Expand Up @@ -2065,7 +2068,7 @@
"type": "library",
"bom-ref": "64-xmlschema",
"name": "xmlschema",
"version": "2.3.1",
"version": "2.4.0",
"supplier": {
"name": "Davide Brunato",
"contact": [
Expand All @@ -2074,7 +2077,7 @@
}
]
},
"cpe": "cpe:2.3:a:davide_brunato:xmlschema:2.3.1:*:*:*:*:*:*:*",
"cpe": "cpe:2.3:a:davide_brunato:xmlschema:2.4.0:*:*:*:*:*:*:*",
"description": "An XML Schema validator and decoder",
"licenses": [
{
Expand All @@ -2086,18 +2089,18 @@
],
"externalReferences": [
{
"url": "https://pypi.org/project/xmlschema/2.3.1",
"url": "https://pypi.org/project/xmlschema/2.4.0",
"type": "distribution",
"comment": "Download location for component"
}
],
"purl": "pkg:pypi/xmlschema@2.3.1"
"purl": "pkg:pypi/xmlschema@2.4.0"
},
{
"type": "library",
"bom-ref": "65-elementpath",
"name": "elementpath",
"version": "4.1.4",
"version": "4.1.5",
"supplier": {
"name": "Davide Brunato",
"contact": [
Expand All @@ -2106,7 +2109,7 @@
}
]
},
"cpe": "cpe:2.3:a:davide_brunato:elementpath:4.1.4:*:*:*:*:*:*:*",
"cpe": "cpe:2.3:a:davide_brunato:elementpath:4.1.5:*:*:*:*:*:*:*",
"description": "XPath 1.0/2.0/3.0/3.1 parsers and selectors for ElementTree and lxml",
"licenses": [
{
Expand All @@ -2118,12 +2121,12 @@
],
"externalReferences": [
{
"url": "https://pypi.org/project/elementpath/4.1.4",
"url": "https://pypi.org/project/elementpath/4.1.5",
"type": "distribution",
"comment": "Download location for component"
}
],
"purl": "pkg:pypi/elementpath@4.1.4"
"purl": "pkg:pypi/elementpath@4.1.5"
},
{
"type": "library",
Expand Down
48 changes: 24 additions & 24 deletions sbom/cve-bin-tool-py3.9.spdx
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,10 +2,10 @@ SPDXVersion: SPDX-2.3
DataLicense: CC0-1.0
SPDXID: SPDXRef-DOCUMENT
DocumentName: Python-cve-bin-tool
DocumentNamespace: http://spdx.org/spdxdocs/Python-cve-bin-tool-c6a09f63-8827-481d-a8c1-f9c93bff5c4e
LicenseListVersion: 3.20
Creator: Tool: sbom4python-0.9.2
Created: 2023-07-24T00:28:37Z
DocumentNamespace: http://spdx.org/spdxdocs/Python-cve-bin-tool-b156fd17-2f37-4a7b-807e-2a717e67496b
LicenseListVersion: 3.21
Creator: Tool: sbom4python-0.10.0
Created: 2023-07-31T00:27:30Z
CreatorComment: <text>This document has been automatically generated.</text>
#####

Expand Down Expand Up @@ -396,17 +396,17 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:joe_gregorio:httplib2:0.20.4:*:*:*:*:*

PackageName: pyparsing
SPDXID: SPDXRef-Package-26-pyparsing
PackageVersion: 3.1.0
PackageVersion: 3.1.1
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Paul McGuire (ptmcg.gm+pyparsing@gmail.com)
PackageDownloadLocation: https://pypi.org/project/pyparsing/3.1.0
PackageDownloadLocation: https://pypi.org/project/pyparsing/3.1.1
FilesAnalyzed: false
PackageLicenseDeclared: NOASSERTION
PackageLicenseConcluded: NOASSERTION
PackageCopyrightText: NOASSERTION
PackageSummary: <text>pyparsing module - Classes and methods to define and execute parsing grammars</text>
ExternalRef: PACKAGE-MANAGER purl pkg:pypi/pyparsing@3.1.0
ExternalRef: SECURITY cpe23Type cpe:2.3:a:paul_mcguire:pyparsing:3.1.0:*:*:*:*:*:*:*
ExternalRef: PACKAGE-MANAGER purl pkg:pypi/pyparsing@3.1.1
ExternalRef: SECURITY cpe23Type cpe:2.3:a:paul_mcguire:pyparsing:3.1.1:*:*:*:*:*:*:*
#####

PackageName: oauth2client
Expand Down Expand Up @@ -748,17 +748,17 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:julian_berman:rpds-py:0.9.2:*:*:*:*:*:

PackageName: lib4sbom
SPDXID: SPDXRef-Package-49-lib4sbom
PackageVersion: 0.3.1
PackageVersion: 0.4.0
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Anthony Harrison (anthony.p.harrison@gmail.com)
PackageDownloadLocation: https://pypi.org/project/lib4sbom/0.3.1
PackageDownloadLocation: https://pypi.org/project/lib4sbom/0.4.0
FilesAnalyzed: false
PackageLicenseDeclared: Apache-2.0
PackageLicenseConcluded: Apache-2.0
PackageCopyrightText: NOASSERTION
PackageSummary: <text>Software Bill of Material (SBOM) generator and consumer library</text>
ExternalRef: PACKAGE-MANAGER purl pkg:pypi/lib4sbom@0.3.1
ExternalRef: SECURITY cpe23Type cpe:2.3:a:anthony_harrison:lib4sbom:0.3.1:*:*:*:*:*:*:*
ExternalRef: PACKAGE-MANAGER purl pkg:pypi/lib4sbom@0.4.0
ExternalRef: SECURITY cpe23Type cpe:2.3:a:anthony_harrison:lib4sbom:0.4.0:*:*:*:*:*:*:*
#####

PackageName: pyyaml
Expand Down Expand Up @@ -888,17 +888,17 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:kenneth_reitz:certifi:2023.7.22:*:*:*:

PackageName: rich
SPDXID: SPDXRef-Package-58-rich
PackageVersion: 13.4.2
PackageVersion: 13.5.0
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Will McGugan (willmcgugan@gmail.com)
PackageDownloadLocation: https://pypi.org/project/rich/13.4.2
PackageDownloadLocation: https://pypi.org/project/rich/13.5.0
FilesAnalyzed: false
PackageLicenseDeclared: MIT
PackageLicenseConcluded: MIT
PackageCopyrightText: NOASSERTION
PackageSummary: <text>Render rich text, tables, progress bars, syntax highlighting, markdown and more to the terminal</text>
ExternalRef: PACKAGE-MANAGER purl pkg:pypi/rich@13.4.2
ExternalRef: SECURITY cpe23Type cpe:2.3:a:will_mcgugan:rich:13.4.2:*:*:*:*:*:*:*
ExternalRef: PACKAGE-MANAGER purl pkg:pypi/rich@13.5.0
ExternalRef: SECURITY cpe23Type cpe:2.3:a:will_mcgugan:rich:13.5.0:*:*:*:*:*:*:*
#####

PackageName: markdown-it-py
Expand Down Expand Up @@ -978,32 +978,32 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:william_pearson:toml:0.10.2:*:*:*:*:*:

PackageName: xmlschema
SPDXID: SPDXRef-Package-64-xmlschema
PackageVersion: 2.3.1
PackageVersion: 2.4.0
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Davide Brunato (brunato@sissa.it)
PackageDownloadLocation: https://pypi.org/project/xmlschema/2.3.1
PackageDownloadLocation: https://pypi.org/project/xmlschema/2.4.0
FilesAnalyzed: false
PackageLicenseDeclared: MIT
PackageLicenseConcluded: MIT
PackageCopyrightText: NOASSERTION
PackageSummary: <text>An XML Schema validator and decoder</text>
ExternalRef: PACKAGE-MANAGER purl pkg:pypi/xmlschema@2.3.1
ExternalRef: SECURITY cpe23Type cpe:2.3:a:davide_brunato:xmlschema:2.3.1:*:*:*:*:*:*:*
ExternalRef: PACKAGE-MANAGER purl pkg:pypi/xmlschema@2.4.0
ExternalRef: SECURITY cpe23Type cpe:2.3:a:davide_brunato:xmlschema:2.4.0:*:*:*:*:*:*:*
#####

PackageName: elementpath
SPDXID: SPDXRef-Package-65-elementpath
PackageVersion: 4.1.4
PackageVersion: 4.1.5
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Davide Brunato (brunato@sissa.it)
PackageDownloadLocation: https://pypi.org/project/elementpath/4.1.4
PackageDownloadLocation: https://pypi.org/project/elementpath/4.1.5
FilesAnalyzed: false
PackageLicenseDeclared: MIT
PackageLicenseConcluded: MIT
PackageCopyrightText: NOASSERTION
PackageSummary: <text>XPath 1.0/2.0/3.0/3.1 parsers and selectors for ElementTree and lxml</text>
ExternalRef: PACKAGE-MANAGER purl pkg:pypi/elementpath@4.1.4
ExternalRef: SECURITY cpe23Type cpe:2.3:a:davide_brunato:elementpath:4.1.4:*:*:*:*:*:*:*
ExternalRef: PACKAGE-MANAGER purl pkg:pypi/elementpath@4.1.5
ExternalRef: SECURITY cpe23Type cpe:2.3:a:davide_brunato:elementpath:4.1.5:*:*:*:*:*:*:*
#####

PackageName: zstandard
Expand Down