Skip to content

Commit

Permalink
add container product example
Browse files Browse the repository at this point in the history
  • Loading branch information
jasinner committed Nov 22, 2024
1 parent d3a4e66 commit 0eb0501
Show file tree
Hide file tree
Showing 3 changed files with 170 additions and 2 deletions.
28 changes: 26 additions & 2 deletions sbom/examples/product/create_product_sbom.py
Original file line number Diff line number Diff line change
Expand Up @@ -3,6 +3,21 @@
from types import SimpleNamespace

# A root component package identified by purls containing all the repositories it is available from.
ubi9_micro_9_4_6_1716471860 = SimpleNamespace(
name="ubi9-micro-container",
version="9.4-6.1716471860",
filename="",
license_concluded="GPL-2.0-or-later",
checksums=["sha-256:1c8483e0fda0e990175eb9855a5f15e0910d2038dd397d9e2b357630f0321e6d"],
# It's not really clear which purl to 'pick' as the summary.
# Maybe the longest one out of ubi-micro or ubi9-micro?
purl_summary="pkg:oci/ubi9-micro@sha256%3A1c8483e0fda0e990175eb9855a5f15e0910d2038dd397d9e2b357630f0321e6d",
purls=[
"pkg:oci/ubi-micro@sha256%3A1c8483e0fda0e990175eb9855a5f15e0910d2038dd397d9e2b357630f0321e6d?repository_url=registry.access.redhat.com/ubi9/ubi-micro&tag=9.4-6.1716471860",
"pkg:oci/ubi9-micro@sha256%3A1c8483e0fda0e990175eb9855a5f15e0910d2038dd397d9e2b357630f0321e6d?repository_url=registry.access.redhat.com/ubi9-micro&tag=9.4-6.1716471860",
],
)

gcc_11_3_1_4_3 = SimpleNamespace(
name="gcc",
version="11.3.1-4.3.el9",
Expand Down Expand Up @@ -91,7 +106,7 @@
packages=[openssl_3_0_7_18],
)

rhel_9_main_eus = SimpleNamespace(
rhel_9_2_main_eus = SimpleNamespace(
name="Red Hat Enterprise Linux",
name_short="RHEL",
version="9.2 MAIN+EUS",
Expand All @@ -105,6 +120,15 @@
packages=[openssl_3_0_7_17, gcc_11_3_1_4_3],
)

rhel_9_4_main_eus = SimpleNamespace(
name="Red Hat Enterprise Linux",
name_short="RHEL",
version="9.4 MAIN+EUS",
cpes=["cpe:/o:redhat:enterprise_linux:9::baseos"],
released="2008-08-01T02:34:56Z",
packages=[ubi9_micro_9_4_6_1716471860],
)


def create_spdx(product):
name = f"{product.name} {product.version}"
Expand Down Expand Up @@ -245,7 +269,7 @@ def create_cdx(product):

def main():
curr_dir = Path(__file__).parent
for product in (rhel_9_main_eus, rhel_9_eus):
for product in (rhel_9_4_main_eus, rhel_9_2_main_eus, rhel_9_eus):
fname, sbom = create_spdx(product)
with open(curr_dir / fname, "w") as fp:
fp.write(json.dumps(sbom, indent=2) + "\n")
Expand Down
74 changes: 74 additions & 0 deletions sbom/examples/product/rhel-9.4-main+eus.cdx.json
Original file line number Diff line number Diff line change
@@ -0,0 +1,74 @@
{
"bomFormat": "CycloneDX",
"specVersion": "1.6",
"version": 1,
"serialNumber": "urn:uuid:337d9115-4e7c-4e76-b389-51f7aed6eba8",
"metadata": {
"component": {
"type": "operating-system",
"name": "Red Hat Enterprise Linux",
"version": "9.4 MAIN+EUS",
"supplier": {
"name": "Red Hat",
"url": [
"https://www.redhat.com"
]
},
"evidence": {
"identity": [
{
"field": "cpe",
"concludedValue": "cpe:/o:redhat:enterprise_linux:9::baseos"
}
]
}
},
"timestamp": "2008-08-01T02:34:56Z",
"tools": [
{
"name": "example tool",
"version": "1.2.3"
}
]
},
"components": [
{
"type": "library",
"name": "ubi9-micro-container",
"version": "9.4-6.1716471860",
"purl": "pkg:oci/ubi9-micro@sha256%3A1c8483e0fda0e990175eb9855a5f15e0910d2038dd397d9e2b357630f0321e6d",
"bom-ref": "pkg:oci/ubi9-micro@sha256%3A1c8483e0fda0e990175eb9855a5f15e0910d2038dd397d9e2b357630f0321e6d",
"supplier": {
"name": "Red Hat",
"url": [
"https://www.redhat.com"
]
},
"licenses": [
{
"license": {
"id": "GPL-2.0-or-later"
}
}
],
"hashes": [
{
"alg": "SHA-256",
"content": "1c8483e0fda0e990175eb9855a5f15e0910d2038dd397d9e2b357630f0321e6d"
}
],
"evidence": {
"identity": [
{
"field": "purl",
"concludedValue": "pkg:oci/ubi-micro@sha256%3A1c8483e0fda0e990175eb9855a5f15e0910d2038dd397d9e2b357630f0321e6d?repository_url=registry.access.redhat.com/ubi9/ubi-micro&tag=9.4-6.1716471860"
},
{
"field": "purl",
"concludedValue": "pkg:oci/ubi9-micro@sha256%3A1c8483e0fda0e990175eb9855a5f15e0910d2038dd397d9e2b357630f0321e6d?repository_url=registry.access.redhat.com/ubi9-micro&tag=9.4-6.1716471860"
}
]
}
}
]
}
70 changes: 70 additions & 0 deletions sbom/examples/product/rhel-9.4-main+eus.spdx.json
Original file line number Diff line number Diff line change
@@ -0,0 +1,70 @@
{
"spdxVersion": "SPDX-2.3",
"dataLicense": "CC0-1.0",
"SPDXID": "SPDXRef-DOCUMENT",
"creationInfo": {
"created": "2008-08-01T02:34:56Z",
"creators": [
"Tool: example SPDX document only"
]
},
"name": "Red Hat Enterprise Linux 9.4 MAIN+EUS",
"documentNamespace": "https://www.redhat.com/rhel-9.4-main+eus.spdx.json",
"packages": [
{
"SPDXID": "SPDXRef-RHEL-9.4-MAIN+EUS",
"name": "Red Hat Enterprise Linux",
"versionInfo": "9.4 MAIN+EUS",
"supplier": "Organization: Red Hat",
"downloadLocation": "NOASSERTION",
"licenseConcluded": "NOASSERTION",
"externalRefs": [
{
"referenceCategory": "SECURITY",
"referenceLocator": "cpe:/o:redhat:enterprise_linux:9::baseos",
"referenceType": "cpe22Type"
}
]
},
{
"SPDXID": "SPDXRef-ubi9-micro-container-9.4-6.1716471860",
"name": "ubi9-micro-container",
"versionInfo": "9.4-6.1716471860",
"supplier": "Organization: Red Hat",
"downloadLocation": "NOASSERTION",
"packageFileName": "",
"licenseConcluded": "GPL-2.0-or-later",
"externalRefs": [
{
"referenceCategory": "PACKAGE-MANAGER",
"referenceType": "purl",
"referenceLocator": "pkg:oci/ubi-micro@sha256%3A1c8483e0fda0e990175eb9855a5f15e0910d2038dd397d9e2b357630f0321e6d?repository_url=registry.access.redhat.com/ubi9/ubi-micro&tag=9.4-6.1716471860"
},
{
"referenceCategory": "PACKAGE-MANAGER",
"referenceType": "purl",
"referenceLocator": "pkg:oci/ubi9-micro@sha256%3A1c8483e0fda0e990175eb9855a5f15e0910d2038dd397d9e2b357630f0321e6d?repository_url=registry.access.redhat.com/ubi9-micro&tag=9.4-6.1716471860"
}
],
"checksums": [
{
"algorithm": "SHA256",
"checksumValue": "1c8483e0fda0e990175eb9855a5f15e0910d2038dd397d9e2b357630f0321e6d"
}
]
}
],
"files": [],
"relationships": [
{
"spdxElementId": "SPDXRef-DOCUMENT",
"relationshipType": "DESCRIBES",
"relatedSpdxElement": "SPDXRef-RHEL-9.4-MAIN+EUS"
},
{
"spdxElementId": "SPDXRef-ubi9-micro-container-9.4-6.1716471860",
"relationshipType": "PACKAGE_OF",
"relatedSpdxElement": "SPDXRef-RHEL-9.4-MAIN+EUS"
}
]
}

0 comments on commit 0eb0501

Please sign in to comment.