Skip to content

Commit

Permalink
Merge pull request #40 from RedHatProductSecurity/fix-timestamps
Browse files Browse the repository at this point in the history
SPDX allows ISO 8601 but docs require YYYY-MM-DDThh:mm:ssZ
  • Loading branch information
mprpic authored Nov 19, 2024
2 parents fe7d713 + 5ca67e8 commit 4913b75
Show file tree
Hide file tree
Showing 28 changed files with 275 additions and 273 deletions.
4 changes: 3 additions & 1 deletion docs/sbom.md
Original file line number Diff line number Diff line change
Expand Up @@ -155,7 +155,7 @@ The following snippet shows a minimal SBOM document:
"dataLicense": "CC0-1.0",// (2)!
"SPDXID": "SPDXRef-DOCUMENT",// (3)!
"creationInfo": {
"created": "2006-08-14T02:34:56+00:00",
"created": "2006-08-14T02:34:56Z",// (4)!
"creators": [
"Tool: example SPDX document only"
]
Expand All @@ -175,6 +175,8 @@ The following snippet shows a minimal SBOM document:
3. [`SPDXID`](https://spdx.github.io/spdx-spec/v2.3/document-creation-information/#63-spdx-identifier-field)
must be set to `SPDXRef-DOCUMENT`.

4. UTC timestamps must use the `YYYY-MM-DDThh:mm:ssZ` format.

A more detailed breakdown of some of the fields:

`creationInfo`
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,7 @@
"dataLicense": "CC0-1.0",
"SPDXID": "SPDXRef-DOCUMENT",
"creationInfo": {
"created": "2006-08-14T02:34:56+00:00",
"created": "2006-08-14T02:34:56Z",
"creators": [
"Tool: example SPDX document only"
]
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,7 @@
"dataLicense": "CC0-1.0",
"SPDXID": "SPDXRef-DOCUMENT",
"creationInfo": {
"created": "2006-08-14T02:34:56+00:00",
"created": "2006-08-14T02:34:56Z",
"creators": [
"Tool: example SPDX document only"
]
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,7 @@
"dataLicense": "CC0-1.0",
"SPDXID": "SPDXRef-DOCUMENT",
"creationInfo": {
"created": "2006-08-14T02:34:56+00:00",
"created": "2006-08-14T02:34:56Z",
"creators": [
"Tool: example SPDX document only"
]
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,7 @@
"dataLicense": "CC0-1.0",
"SPDXID": "SPDXRef-DOCUMENT",
"creationInfo": {
"created": "2006-08-14T02:34:56+00:00",
"created": "2006-08-14T02:34:56Z",
"creators": [
"Tool: example SPDX document only"
]
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,7 @@
"dataLicense": "CC0-1.0",
"SPDXID": "SPDXRef-DOCUMENT",
"creationInfo": {
"created": "2006-08-14T02:34:56+00:00",
"created": "2006-08-14T02:34:56Z",
"creators": [
"Tool: example SPDX document only"
]
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,7 @@
"dataLicense": "CC0-1.0",
"SPDXID": "SPDXRef-DOCUMENT",
"creationInfo": {
"created": "2006-08-14T02:34:56+00:00",
"created": "2006-08-14T02:34:56Z",
"creators": [
"Tool: example SPDX document only"
]
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,7 @@
"dataLicense": "CC0-1.0",
"SPDXID": "SPDXRef-DOCUMENT",
"creationInfo": {
"created": "2006-08-14T02:34:56+00:00",
"created": "2006-08-14T02:34:56Z",
"creators": [
"Tool: example SPDX document only"
]
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,7 @@
"dataLicense": "CC0-1.0",
"SPDXID": "SPDXRef-DOCUMENT",
"creationInfo": {
"created": "2006-08-14T02:34:56+00:00",
"created": "2006-08-14T02:34:56Z",
"creators": [
"Tool: example SPDX document only"
]
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,7 @@
"dataLicense": "CC0-1.0",
"SPDXID": "SPDXRef-DOCUMENT",
"creationInfo": {
"created": "2006-08-14T02:34:56+00:00",
"created": "2006-08-14T02:34:56Z",
"creators": [
"Tool: example SPDX document only"
]
Expand Down
2 changes: 1 addition & 1 deletion sbom/examples/container_image/release/from_catalog.py
Original file line number Diff line number Diff line change
Expand Up @@ -62,7 +62,7 @@ def create_sbom(image_id, root_package, packages, rel_type, other_pkgs=None, oth
"dataLicense": "CC0-1.0",
"SPDXID": "SPDXRef-DOCUMENT",
"creationInfo": {
"created": "2006-08-14T02:34:56+00:00",
"created": "2006-08-14T02:34:56Z",
"creators": [
"Tool: example SPDX document only",
],
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,7 @@
"dataLicense": "CC0-1.0",
"SPDXID": "SPDXRef-DOCUMENT",
"creationInfo": {
"created": "2006-08-14T02:34:56+00:00",
"created": "2006-08-14T02:34:56Z",
"creators": [
"Tool: example SPDX document only"
]
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,7 @@
"dataLicense": "CC0-1.0",
"SPDXID": "SPDXRef-DOCUMENT",
"creationInfo": {
"created": "2006-08-14T02:34:56+00:00",
"created": "2006-08-14T02:34:56Z",
"creators": [
"Tool: example SPDX document only"
]
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,7 @@
"dataLicense": "CC0-1.0",
"SPDXID": "SPDXRef-DOCUMENT",
"creationInfo": {
"created": "2006-08-14T02:34:56+00:00",
"created": "2006-08-14T02:34:56Z",
"creators": [
"Tool: example SPDX document only"
]
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,7 @@
"dataLicense": "CC0-1.0",
"SPDXID": "SPDXRef-DOCUMENT",
"creationInfo": {
"created": "2006-08-14T02:34:56+00:00",
"created": "2006-08-14T02:34:56Z",
"creators": [
"Tool: example SPDX document only"
]
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,7 @@
"dataLicense": "CC0-1.0",
"SPDXID": "SPDXRef-DOCUMENT",
"creationInfo": {
"created": "2006-08-14T02:34:56+00:00",
"created": "2006-08-14T02:34:56Z",
"creators": [
"Tool: example SPDX document only"
]
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,7 @@
"dataLicense": "CC0-1.0",
"SPDXID": "SPDXRef-DOCUMENT",
"creationInfo": {
"created": "2006-08-14T02:34:56+00:00",
"created": "2006-08-14T02:34:56Z",
"creators": [
"Tool: example SPDX document only"
]
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,7 @@
"dataLicense": "CC0-1.0",
"SPDXID": "SPDXRef-DOCUMENT",
"creationInfo": {
"created": "2006-08-14T02:34:56+00:00",
"created": "2006-08-14T02:34:56Z",
"creators": [
"Tool: example SPDX document only"
]
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,7 @@
"dataLicense": "CC0-1.0",
"SPDXID": "SPDXRef-DOCUMENT",
"creationInfo": {
"created": "2006-08-14T02:34:56+00:00",
"created": "2006-08-14T02:34:56Z",
"creators": [
"Tool: example SPDX document only"
]
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,7 @@
"dataLicense": "CC0-1.0",
"SPDXID": "SPDXRef-DOCUMENT",
"creationInfo": {
"created": "2006-08-14T02:34:56+00:00",
"created": "2006-08-14T02:34:56Z",
"creators": [
"Tool: example SPDX document only"
]
Expand Down
2 changes: 1 addition & 1 deletion sbom/examples/product/rhel-9.2-eus.spdx.json
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,7 @@
"dataLicense": "CC0-1.0",
"SPDXID": "SPDXRef-DOCUMENT",
"creationInfo": {
"created": "2006-08-14T02:34:56+00:00",
"created": "2006-08-14T02:34:56Z",
"creators": [
"Tool: example SPDX document only"
]
Expand Down
4 changes: 2 additions & 2 deletions sbom/examples/rpm/build/from-koji.py
Original file line number Diff line number Diff line change
Expand Up @@ -386,7 +386,7 @@ def handle_srpm(filename, name):
# Same as document.creationInfo.creators
"annotator": "Tool: example SPDX document only",
# Same as document.creationInfo.created
"annotationDate": "2006-08-14T02:34:56+00:00",
"annotationDate": "2006-08-14T02:34:56Z",
"comment": f"sigmd5: {sigmd5}",
}
],
Expand Down Expand Up @@ -420,7 +420,7 @@ def handle_srpm(filename, name):
"dataLicense": "CC0-1.0",
"SPDXID": "SPDXRef-DOCUMENT",
"creationInfo": {
"created": "2006-08-14T02:34:56+00:00",
"created": "2006-08-14T02:34:56Z",
"creators": [
"Tool: example SPDX document only",
],
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,7 @@
"dataLicense": "CC0-1.0",
"SPDXID": "SPDXRef-DOCUMENT",
"creationInfo": {
"created": "2006-08-14T02:34:56+00:00",
"created": "2006-08-14T02:34:56Z",
"creators": [
"Tool: example SPDX document only"
]
Expand Down Expand Up @@ -18705,7 +18705,7 @@
{
"annotationType": "OTHER",
"annotator": "Tool: example SPDX document only",
"annotationDate": "2006-08-14T02:34:56+00:00",
"annotationDate": "2006-08-14T02:34:56Z",
"comment": "sigmd5: ff3f705ac3e7d126414e2ddac0ca6698"
}
]
Expand Down Expand Up @@ -18826,7 +18826,7 @@
{
"annotationType": "OTHER",
"annotator": "Tool: example SPDX document only",
"annotationDate": "2006-08-14T02:34:56+00:00",
"annotationDate": "2006-08-14T02:34:56Z",
"comment": "sigmd5: 72cb02dc0199f79d373d0711fb9f34a1"
}
]
Expand Down Expand Up @@ -18856,7 +18856,7 @@
{
"annotationType": "OTHER",
"annotator": "Tool: example SPDX document only",
"annotationDate": "2006-08-14T02:34:56+00:00",
"annotationDate": "2006-08-14T02:34:56Z",
"comment": "sigmd5: af4f27125181cd98a50d0ab1e9a674f4"
}
]
Expand Down Expand Up @@ -18886,7 +18886,7 @@
{
"annotationType": "OTHER",
"annotator": "Tool: example SPDX document only",
"annotationDate": "2006-08-14T02:34:56+00:00",
"annotationDate": "2006-08-14T02:34:56Z",
"comment": "sigmd5: a256612eeae23411aed22f8648143ddb"
}
]
Expand Down Expand Up @@ -18916,7 +18916,7 @@
{
"annotationType": "OTHER",
"annotator": "Tool: example SPDX document only",
"annotationDate": "2006-08-14T02:34:56+00:00",
"annotationDate": "2006-08-14T02:34:56Z",
"comment": "sigmd5: b78748d047c9228691469e04046a5e8a"
}
]
Expand Down Expand Up @@ -18946,7 +18946,7 @@
{
"annotationType": "OTHER",
"annotator": "Tool: example SPDX document only",
"annotationDate": "2006-08-14T02:34:56+00:00",
"annotationDate": "2006-08-14T02:34:56Z",
"comment": "sigmd5: 12a4752a5db8103c95014b84bfc3c324"
}
]
Expand Down Expand Up @@ -18976,7 +18976,7 @@
{
"annotationType": "OTHER",
"annotator": "Tool: example SPDX document only",
"annotationDate": "2006-08-14T02:34:56+00:00",
"annotationDate": "2006-08-14T02:34:56Z",
"comment": "sigmd5: aecd200bcec7df622e6f5865535d17a7"
}
]
Expand Down Expand Up @@ -19006,7 +19006,7 @@
{
"annotationType": "OTHER",
"annotator": "Tool: example SPDX document only",
"annotationDate": "2006-08-14T02:34:56+00:00",
"annotationDate": "2006-08-14T02:34:56Z",
"comment": "sigmd5: 64c4de3e0b4df349d3ac5d801e2aac86"
}
]
Expand Down Expand Up @@ -19036,7 +19036,7 @@
{
"annotationType": "OTHER",
"annotator": "Tool: example SPDX document only",
"annotationDate": "2006-08-14T02:34:56+00:00",
"annotationDate": "2006-08-14T02:34:56Z",
"comment": "sigmd5: 20369982b93b4710c630a5032a887938"
}
]
Expand Down
Loading

0 comments on commit 4913b75

Please sign in to comment.