Skip to content

Commit

Permalink
Merge pull request #20 from RedHatProductSecurity/sbom-docs
Browse files Browse the repository at this point in the history
Add SBOM guidelines
  • Loading branch information
mprpic authored Sep 25, 2024
2 parents 381092c + 6b95bd9 commit 155f11c
Show file tree
Hide file tree
Showing 32 changed files with 707 additions and 89 deletions.
601 changes: 601 additions & 0 deletions docs/sbom.md

Large diffs are not rendered by default.

3 changes: 3 additions & 0 deletions docs/stylesheets/extra.css
Original file line number Diff line number Diff line change
@@ -0,0 +1,3 @@
.md-typeset {
line-height: 1.4;
}
16 changes: 12 additions & 4 deletions mkdocs.yml
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
site_name: Red Hat Security Data Guidelines
site_url: https://redhatproductsecurity.github.io/security-data-guidelines/
edit_uri: "https://github.com/RedHatProductSecurity/security-data-guidelines/blob/main/docs"
copyright: Copyright &copy; Red Hat, Inc. &nbsp;&centerdot;&nbsp; <a href="https://creativecommons.org/licenses/by/4.0/">CC BY 4.0</a>
copyright: Copyright &copy; Red Hat, Inc. &nbsp;&centerdot;&nbsp; <a href="https://creativecommons.org/licenses/by/4.0/">CC-BY-4.0</a>

theme:
name: material
Expand All @@ -19,30 +19,37 @@ theme:
language: en
favicon: images/favicon.png
logo: images/logo.png
font:
text: Red Hat Text
code: Red Hat Mono
palette:
- scheme: default
toggle:
icon: material/toggle-switch-off-outline
icon: material/brightness-4
name: Switch to dark mode
primary: black
- scheme: slate
toggle:
icon: material/toggle-switch
icon: material/brightness-7
name: Switch to light mode
primary: black

nav:
- Home: "index.md"
- SBOM: "sbom.md"
- purl: "purl.md"

plugins:
- social
- search

extra_css:
- stylesheets/extra.css

extra:
social:
- icon: fontawesome/brands/github-alt
link: https://github.com/RedHatProductSecurity
link: https://github.com/RedHatProductSecurity/security-data-guidelines
- icon: fontawesome/regular/envelope
link: "mailto:[email protected]"

Expand All @@ -55,6 +62,7 @@ markdown_extensions:
- attr_list
- abbr # https://squidfunk.github.io/mkdocs-material/reference/tooltips/#adding-abbreviations
- md_in_html
- def_list # https://squidfunk.github.io/mkdocs-material/reference/lists/#using-definition-lists
- pymdownx.superfences
- pymdownx.tabbed:
alternate_style: true
Expand Down
Original file line number Diff line number Diff line change
@@ -1,9 +1,9 @@
{
"spdxVersion": "SPDX-2.3",
"dataLicense": "CC0-1.0",
"dataLicense": "CC-BY-4.0",
"SPDXID": "SPDXRef-DOCUMENT",
"creationInfo": {
"created": "2006-08-14T02:34:56-06:00",
"created": "2006-08-14T02:34:56Z",
"creators": [
"Tool: example SPDX document only"
]
Expand Down Expand Up @@ -118,4 +118,4 @@
"relatedSpdxElement": "SPDXRef-image-index"
}
]
}
}
Original file line number Diff line number Diff line change
@@ -1,9 +1,9 @@
{
"spdxVersion": "SPDX-2.3",
"dataLicense": "CC0-1.0",
"dataLicense": "CC-BY-4.0",
"SPDXID": "SPDXRef-DOCUMENT",
"creationInfo": {
"created": "2006-08-14T02:34:56-06:00",
"created": "2006-08-14T02:34:56Z",
"creators": [
"Tool: example SPDX document only"
]
Expand Down Expand Up @@ -4900,4 +4900,4 @@
"relatedSpdxElement": "SPDXRef-x86_64-zlib"
}
]
}
}
Original file line number Diff line number Diff line change
@@ -1,9 +1,9 @@
{
"spdxVersion": "SPDX-2.3",
"dataLicense": "CC0-1.0",
"dataLicense": "CC-BY-4.0",
"SPDXID": "SPDXRef-DOCUMENT",
"creationInfo": {
"created": "2006-08-14T02:34:56-06:00",
"created": "2006-08-14T02:34:56Z",
"creators": [
"Tool: example SPDX document only"
]
Expand Down Expand Up @@ -4900,4 +4900,4 @@
"relatedSpdxElement": "SPDXRef-aarch64-zlib"
}
]
}
}
Original file line number Diff line number Diff line change
@@ -1,9 +1,9 @@
{
"spdxVersion": "SPDX-2.3",
"dataLicense": "CC0-1.0",
"dataLicense": "CC-BY-4.0",
"SPDXID": "SPDXRef-DOCUMENT",
"creationInfo": {
"created": "2006-08-14T02:34:56-06:00",
"created": "2006-08-14T02:34:56Z",
"creators": [
"Tool: example SPDX document only"
]
Expand Down Expand Up @@ -4900,4 +4900,4 @@
"relatedSpdxElement": "SPDXRef-ppc64le-zlib"
}
]
}
}
4 changes: 3 additions & 1 deletion sbom/examples/container_image/build/remove_release_data.py
Original file line number Diff line number Diff line change
Expand Up @@ -21,4 +21,6 @@


with open(f"{sbom_name}.spdx.json", "w") as fp:
json.dump(sbom, fp, indent=2)
# Add an extra newline at the end since a lot of editors add one when you save a file,
# and these files get opened and read in editors a lot.
fp.write(json.dumps(sbom, indent=2) + "\n")
Original file line number Diff line number Diff line change
@@ -1,9 +1,9 @@
{
"spdxVersion": "SPDX-2.3",
"dataLicense": "CC0-1.0",
"dataLicense": "CC-BY-4.0",
"SPDXID": "SPDXRef-DOCUMENT",
"creationInfo": {
"created": "2006-08-14T02:34:56-06:00",
"created": "2006-08-14T02:34:56Z",
"creators": [
"Tool: example SPDX document only"
]
Expand Down Expand Up @@ -169,4 +169,4 @@
"relatedSpdxElement": "SPDXRef-image-index"
}
]
}
}
Original file line number Diff line number Diff line change
@@ -1,9 +1,9 @@
{
"spdxVersion": "SPDX-2.3",
"dataLicense": "CC0-1.0",
"dataLicense": "CC-BY-4.0",
"SPDXID": "SPDXRef-DOCUMENT",
"creationInfo": {
"created": "2006-08-14T02:34:56-06:00",
"created": "2006-08-14T02:34:56Z",
"creators": [
"Tool: example SPDX document only"
]
Expand Down Expand Up @@ -585,4 +585,4 @@
"relatedSpdxElement": "SPDXRef-noarch-tzdata"
}
]
}
}
Original file line number Diff line number Diff line change
@@ -1,9 +1,9 @@
{
"spdxVersion": "SPDX-2.3",
"dataLicense": "CC0-1.0",
"dataLicense": "CC-BY-4.0",
"SPDXID": "SPDXRef-DOCUMENT",
"creationInfo": {
"created": "2006-08-14T02:34:56-06:00",
"created": "2006-08-14T02:34:56Z",
"creators": [
"Tool: example SPDX document only"
]
Expand Down Expand Up @@ -585,4 +585,4 @@
"relatedSpdxElement": "SPDXRef-noarch-tzdata"
}
]
}
}
Original file line number Diff line number Diff line change
@@ -1,9 +1,9 @@
{
"spdxVersion": "SPDX-2.3",
"dataLicense": "CC0-1.0",
"dataLicense": "CC-BY-4.0",
"SPDXID": "SPDXRef-DOCUMENT",
"creationInfo": {
"created": "2006-08-14T02:34:56-06:00",
"created": "2006-08-14T02:34:56Z",
"creators": [
"Tool: example SPDX document only"
]
Expand Down Expand Up @@ -585,4 +585,4 @@
"relatedSpdxElement": "SPDXRef-noarch-tzdata"
}
]
}
}
Original file line number Diff line number Diff line change
@@ -1,9 +1,9 @@
{
"spdxVersion": "SPDX-2.3",
"dataLicense": "CC0-1.0",
"dataLicense": "CC-BY-4.0",
"SPDXID": "SPDXRef-DOCUMENT",
"creationInfo": {
"created": "2006-08-14T02:34:56-06:00",
"created": "2006-08-14T02:34:56Z",
"creators": [
"Tool: example SPDX document only"
]
Expand Down Expand Up @@ -585,4 +585,4 @@
"relatedSpdxElement": "SPDXRef-noarch-tzdata"
}
]
}
}
10 changes: 5 additions & 5 deletions sbom/examples/container_image/release/from_catalog.py
Original file line number Diff line number Diff line change
Expand Up @@ -14,8 +14,6 @@
nvr_api = catalog_url + "images/nvr/"
rpm_manifest_api = catalog_url + "images/id/{catalog_image_id}/rpm-manifest"

rpm_sbom_url = "https://access.redhat.com/security/data/sbom/v1/rpm/"


def get_image_data(image_nvr):
response = requests.get(nvr_api + image_nvr)
Expand Down Expand Up @@ -55,10 +53,10 @@ def create_sbom(image_id, root_package, packages, rel_type):

spdx = {
"spdxVersion": "SPDX-2.3",
"dataLicense": "CC0-1.0",
"dataLicense": "CC-BY-4.0",
"SPDXID": "SPDXRef-DOCUMENT",
"creationInfo": {
"created": "2006-08-14T02:34:56-06:00",
"created": "2006-08-14T02:34:56Z",
"creators": [
"Tool: example SPDX document only",
],
Expand All @@ -70,7 +68,9 @@ def create_sbom(image_id, root_package, packages, rel_type):
}

with open(f"{image_id}.spdx.json", "w") as fp:
json.dump(spdx, fp, indent=2)
# Add an extra newline at the end since a lot of editors add one when you save a file,
# and these files get opened and read in editors a lot.
fp.write(json.dumps(spdx, indent=2) + "\n")


def generate_sboms_for_image(image_nvr):
Expand Down
Original file line number Diff line number Diff line change
@@ -1,9 +1,9 @@
{
"spdxVersion": "SPDX-2.3",
"dataLicense": "CC0-1.0",
"dataLicense": "CC-BY-4.0",
"SPDXID": "SPDXRef-DOCUMENT",
"creationInfo": {
"created": "2006-08-14T02:34:56-06:00",
"created": "2006-08-14T02:34:56Z",
"creators": [
"Tool: example SPDX document only"
]
Expand Down Expand Up @@ -118,4 +118,4 @@
"relatedSpdxElement": "SPDXRef-image-index"
}
]
}
}
Original file line number Diff line number Diff line change
@@ -1,9 +1,9 @@
{
"spdxVersion": "SPDX-2.3",
"dataLicense": "CC0-1.0",
"dataLicense": "CC-BY-4.0",
"SPDXID": "SPDXRef-DOCUMENT",
"creationInfo": {
"created": "2006-08-14T02:34:56-06:00",
"created": "2006-08-14T02:34:56Z",
"creators": [
"Tool: example SPDX document only"
]
Expand Down Expand Up @@ -4900,4 +4900,4 @@
"relatedSpdxElement": "SPDXRef-x86_64-zlib"
}
]
}
}
Original file line number Diff line number Diff line change
@@ -1,9 +1,9 @@
{
"spdxVersion": "SPDX-2.3",
"dataLicense": "CC0-1.0",
"dataLicense": "CC-BY-4.0",
"SPDXID": "SPDXRef-DOCUMENT",
"creationInfo": {
"created": "2006-08-14T02:34:56-06:00",
"created": "2006-08-14T02:34:56Z",
"creators": [
"Tool: example SPDX document only"
]
Expand Down Expand Up @@ -4900,4 +4900,4 @@
"relatedSpdxElement": "SPDXRef-aarch64-zlib"
}
]
}
}
Original file line number Diff line number Diff line change
@@ -1,9 +1,9 @@
{
"spdxVersion": "SPDX-2.3",
"dataLicense": "CC0-1.0",
"dataLicense": "CC-BY-4.0",
"SPDXID": "SPDXRef-DOCUMENT",
"creationInfo": {
"created": "2006-08-14T02:34:56-06:00",
"created": "2006-08-14T02:34:56Z",
"creators": [
"Tool: example SPDX document only"
]
Expand Down Expand Up @@ -4900,4 +4900,4 @@
"relatedSpdxElement": "SPDXRef-ppc64le-zlib"
}
]
}
}
Original file line number Diff line number Diff line change
@@ -1,9 +1,9 @@
{
"spdxVersion": "SPDX-2.3",
"dataLicense": "CC0-1.0",
"dataLicense": "CC-BY-4.0",
"SPDXID": "SPDXRef-DOCUMENT",
"creationInfo": {
"created": "2006-08-14T02:34:56-06:00",
"created": "2006-08-14T02:34:56Z",
"creators": [
"Tool: example SPDX document only"
]
Expand Down Expand Up @@ -169,4 +169,4 @@
"relatedSpdxElement": "SPDXRef-image-index"
}
]
}
}
Original file line number Diff line number Diff line change
@@ -1,9 +1,9 @@
{
"spdxVersion": "SPDX-2.3",
"dataLicense": "CC0-1.0",
"dataLicense": "CC-BY-4.0",
"SPDXID": "SPDXRef-DOCUMENT",
"creationInfo": {
"created": "2006-08-14T02:34:56-06:00",
"created": "2006-08-14T02:34:56Z",
"creators": [
"Tool: example SPDX document only"
]
Expand Down Expand Up @@ -585,4 +585,4 @@
"relatedSpdxElement": "SPDXRef-noarch-tzdata"
}
]
}
}
Loading

0 comments on commit 155f11c

Please sign in to comment.