diff --git a/docs/sbom.md b/docs/sbom.md index b899f26..88c3cfe 100644 --- a/docs/sbom.md +++ b/docs/sbom.md @@ -152,7 +152,7 @@ The following snippet shows a minimal SBOM document: ```json { "spdxVersion": "SPDX-2.3",// (1)! - "dataLicense": "CC-BY-4.0",// (2)! + "dataLicense": "CC0-1.0",// (2)! "SPDXID": "SPDXRef-DOCUMENT",// (3)! "creationInfo": { "created": "2006-08-14T02:34:56Z",// (4)! @@ -170,8 +170,7 @@ The following snippet shows a minimal SBOM document: 1. SPDX version 2.3 as described at [https://spdx.github.io/spdx-spec/v2.3/](https://spdx.github.io/spdx-spec/v2.3/). - 2. All Red Hat security data is published under the - [Creative Commons Attribution 4.0 International License](https://creativecommons.org/licenses/by/4.0/). + 2. The CC0-1.0 license is required by the SPDX specification. 3. [`SPDXID`](https://spdx.github.io/spdx-spec/v2.3/document-creation-information/#63-spdx-identifier-field) must be set to `SPDXRef-DOCUMENT`. diff --git a/sbom/examples/container_image/build/kernel-module-management-operator-container-1.1.2-25.spdx.json b/sbom/examples/container_image/build/kernel-module-management-operator-container-1.1.2-25.spdx.json index 7cbd3e7..51941b9 100644 --- a/sbom/examples/container_image/build/kernel-module-management-operator-container-1.1.2-25.spdx.json +++ b/sbom/examples/container_image/build/kernel-module-management-operator-container-1.1.2-25.spdx.json @@ -1,6 +1,6 @@ { "spdxVersion": "SPDX-2.3", - "dataLicense": "CC-BY-4.0", + "dataLicense": "CC0-1.0", "SPDXID": "SPDXRef-DOCUMENT", "creationInfo": { "created": "2006-08-14T02:34:56Z", diff --git a/sbom/examples/container_image/build/kernel-module-management-operator-container-1.1.2-25_amd64.spdx.json b/sbom/examples/container_image/build/kernel-module-management-operator-container-1.1.2-25_amd64.spdx.json index b87b911..2150c09 100644 --- a/sbom/examples/container_image/build/kernel-module-management-operator-container-1.1.2-25_amd64.spdx.json +++ b/sbom/examples/container_image/build/kernel-module-management-operator-container-1.1.2-25_amd64.spdx.json @@ -1,6 +1,6 @@ { "spdxVersion": "SPDX-2.3", - "dataLicense": "CC-BY-4.0", + "dataLicense": "CC0-1.0", "SPDXID": "SPDXRef-DOCUMENT", "creationInfo": { "created": "2006-08-14T02:34:56Z", diff --git a/sbom/examples/container_image/build/kernel-module-management-operator-container-1.1.2-25_arm64.spdx.json b/sbom/examples/container_image/build/kernel-module-management-operator-container-1.1.2-25_arm64.spdx.json index 02a2fca..37810f9 100644 --- a/sbom/examples/container_image/build/kernel-module-management-operator-container-1.1.2-25_arm64.spdx.json +++ b/sbom/examples/container_image/build/kernel-module-management-operator-container-1.1.2-25_arm64.spdx.json @@ -1,6 +1,6 @@ { "spdxVersion": "SPDX-2.3", - "dataLicense": "CC-BY-4.0", + "dataLicense": "CC0-1.0", "SPDXID": "SPDXRef-DOCUMENT", "creationInfo": { "created": "2006-08-14T02:34:56Z", diff --git a/sbom/examples/container_image/build/kernel-module-management-operator-container-1.1.2-25_ppc64le.spdx.json b/sbom/examples/container_image/build/kernel-module-management-operator-container-1.1.2-25_ppc64le.spdx.json index 504b426..4b51852 100644 --- a/sbom/examples/container_image/build/kernel-module-management-operator-container-1.1.2-25_ppc64le.spdx.json +++ b/sbom/examples/container_image/build/kernel-module-management-operator-container-1.1.2-25_ppc64le.spdx.json @@ -1,6 +1,6 @@ { "spdxVersion": "SPDX-2.3", - "dataLicense": "CC-BY-4.0", + "dataLicense": "CC0-1.0", "SPDXID": "SPDXRef-DOCUMENT", "creationInfo": { "created": "2006-08-14T02:34:56Z", diff --git a/sbom/examples/container_image/build/ubi9-micro-container-9.4-6.1716471860.spdx.json b/sbom/examples/container_image/build/ubi9-micro-container-9.4-6.1716471860.spdx.json index 500b889..e934d2c 100644 --- a/sbom/examples/container_image/build/ubi9-micro-container-9.4-6.1716471860.spdx.json +++ b/sbom/examples/container_image/build/ubi9-micro-container-9.4-6.1716471860.spdx.json @@ -1,6 +1,6 @@ { "spdxVersion": "SPDX-2.3", - "dataLicense": "CC-BY-4.0", + "dataLicense": "CC0-1.0", "SPDXID": "SPDXRef-DOCUMENT", "creationInfo": { "created": "2006-08-14T02:34:56Z", diff --git a/sbom/examples/container_image/build/ubi9-micro-container-9.4-6.1716471860_amd64.spdx.json b/sbom/examples/container_image/build/ubi9-micro-container-9.4-6.1716471860_amd64.spdx.json index 0a5e455..1203933 100644 --- a/sbom/examples/container_image/build/ubi9-micro-container-9.4-6.1716471860_amd64.spdx.json +++ b/sbom/examples/container_image/build/ubi9-micro-container-9.4-6.1716471860_amd64.spdx.json @@ -1,6 +1,6 @@ { "spdxVersion": "SPDX-2.3", - "dataLicense": "CC-BY-4.0", + "dataLicense": "CC0-1.0", "SPDXID": "SPDXRef-DOCUMENT", "creationInfo": { "created": "2006-08-14T02:34:56Z", diff --git a/sbom/examples/container_image/build/ubi9-micro-container-9.4-6.1716471860_arm64.spdx.json b/sbom/examples/container_image/build/ubi9-micro-container-9.4-6.1716471860_arm64.spdx.json index 131c2d7..f0d23fd 100644 --- a/sbom/examples/container_image/build/ubi9-micro-container-9.4-6.1716471860_arm64.spdx.json +++ b/sbom/examples/container_image/build/ubi9-micro-container-9.4-6.1716471860_arm64.spdx.json @@ -1,6 +1,6 @@ { "spdxVersion": "SPDX-2.3", - "dataLicense": "CC-BY-4.0", + "dataLicense": "CC0-1.0", "SPDXID": "SPDXRef-DOCUMENT", "creationInfo": { "created": "2006-08-14T02:34:56Z", diff --git a/sbom/examples/container_image/build/ubi9-micro-container-9.4-6.1716471860_ppc64le.spdx.json b/sbom/examples/container_image/build/ubi9-micro-container-9.4-6.1716471860_ppc64le.spdx.json index 21af89e..fd85728 100644 --- a/sbom/examples/container_image/build/ubi9-micro-container-9.4-6.1716471860_ppc64le.spdx.json +++ b/sbom/examples/container_image/build/ubi9-micro-container-9.4-6.1716471860_ppc64le.spdx.json @@ -1,6 +1,6 @@ { "spdxVersion": "SPDX-2.3", - "dataLicense": "CC-BY-4.0", + "dataLicense": "CC0-1.0", "SPDXID": "SPDXRef-DOCUMENT", "creationInfo": { "created": "2006-08-14T02:34:56Z", diff --git a/sbom/examples/container_image/build/ubi9-micro-container-9.4-6.1716471860_s390x.spdx.json b/sbom/examples/container_image/build/ubi9-micro-container-9.4-6.1716471860_s390x.spdx.json index 9f350e4..fa5c01e 100644 --- a/sbom/examples/container_image/build/ubi9-micro-container-9.4-6.1716471860_s390x.spdx.json +++ b/sbom/examples/container_image/build/ubi9-micro-container-9.4-6.1716471860_s390x.spdx.json @@ -1,6 +1,6 @@ { "spdxVersion": "SPDX-2.3", - "dataLicense": "CC-BY-4.0", + "dataLicense": "CC0-1.0", "SPDXID": "SPDXRef-DOCUMENT", "creationInfo": { "created": "2006-08-14T02:34:56Z", diff --git a/sbom/examples/container_image/release/from_catalog.py b/sbom/examples/container_image/release/from_catalog.py index 37ddda3..ede7ca6 100644 --- a/sbom/examples/container_image/release/from_catalog.py +++ b/sbom/examples/container_image/release/from_catalog.py @@ -59,7 +59,7 @@ def create_sbom(image_id, root_package, packages, rel_type, other_pkgs=None, oth spdx = { "spdxVersion": "SPDX-2.3", - "dataLicense": "CC-BY-4.0", + "dataLicense": "CC0-1.0", "SPDXID": "SPDXRef-DOCUMENT", "creationInfo": { "created": "2006-08-14T02:34:56Z", diff --git a/sbom/examples/container_image/release/kernel-module-management-operator-container-1.1.2-25.spdx.json b/sbom/examples/container_image/release/kernel-module-management-operator-container-1.1.2-25.spdx.json index a2d1382..b6fd198 100644 --- a/sbom/examples/container_image/release/kernel-module-management-operator-container-1.1.2-25.spdx.json +++ b/sbom/examples/container_image/release/kernel-module-management-operator-container-1.1.2-25.spdx.json @@ -1,6 +1,6 @@ { "spdxVersion": "SPDX-2.3", - "dataLicense": "CC-BY-4.0", + "dataLicense": "CC0-1.0", "SPDXID": "SPDXRef-DOCUMENT", "creationInfo": { "created": "2006-08-14T02:34:56Z", diff --git a/sbom/examples/container_image/release/kernel-module-management-operator-container-1.1.2-25_amd64.spdx.json b/sbom/examples/container_image/release/kernel-module-management-operator-container-1.1.2-25_amd64.spdx.json index c6b55ad..40ab2c3 100644 --- a/sbom/examples/container_image/release/kernel-module-management-operator-container-1.1.2-25_amd64.spdx.json +++ b/sbom/examples/container_image/release/kernel-module-management-operator-container-1.1.2-25_amd64.spdx.json @@ -1,6 +1,6 @@ { "spdxVersion": "SPDX-2.3", - "dataLicense": "CC-BY-4.0", + "dataLicense": "CC0-1.0", "SPDXID": "SPDXRef-DOCUMENT", "creationInfo": { "created": "2006-08-14T02:34:56Z", diff --git a/sbom/examples/container_image/release/kernel-module-management-operator-container-1.1.2-25_arm64.spdx.json b/sbom/examples/container_image/release/kernel-module-management-operator-container-1.1.2-25_arm64.spdx.json index 2e07dbe..331259e 100644 --- a/sbom/examples/container_image/release/kernel-module-management-operator-container-1.1.2-25_arm64.spdx.json +++ b/sbom/examples/container_image/release/kernel-module-management-operator-container-1.1.2-25_arm64.spdx.json @@ -1,6 +1,6 @@ { "spdxVersion": "SPDX-2.3", - "dataLicense": "CC-BY-4.0", + "dataLicense": "CC0-1.0", "SPDXID": "SPDXRef-DOCUMENT", "creationInfo": { "created": "2006-08-14T02:34:56Z", diff --git a/sbom/examples/container_image/release/kernel-module-management-operator-container-1.1.2-25_ppc64le.spdx.json b/sbom/examples/container_image/release/kernel-module-management-operator-container-1.1.2-25_ppc64le.spdx.json index 1fa38be..b8d2261 100644 --- a/sbom/examples/container_image/release/kernel-module-management-operator-container-1.1.2-25_ppc64le.spdx.json +++ b/sbom/examples/container_image/release/kernel-module-management-operator-container-1.1.2-25_ppc64le.spdx.json @@ -1,6 +1,6 @@ { "spdxVersion": "SPDX-2.3", - "dataLicense": "CC-BY-4.0", + "dataLicense": "CC0-1.0", "SPDXID": "SPDXRef-DOCUMENT", "creationInfo": { "created": "2006-08-14T02:34:56Z", diff --git a/sbom/examples/container_image/release/ubi9-micro-container-9.4-6.1716471860.spdx.json b/sbom/examples/container_image/release/ubi9-micro-container-9.4-6.1716471860.spdx.json index 0af94d8..3d27fdd 100644 --- a/sbom/examples/container_image/release/ubi9-micro-container-9.4-6.1716471860.spdx.json +++ b/sbom/examples/container_image/release/ubi9-micro-container-9.4-6.1716471860.spdx.json @@ -1,6 +1,6 @@ { "spdxVersion": "SPDX-2.3", - "dataLicense": "CC-BY-4.0", + "dataLicense": "CC0-1.0", "SPDXID": "SPDXRef-DOCUMENT", "creationInfo": { "created": "2006-08-14T02:34:56Z", diff --git a/sbom/examples/container_image/release/ubi9-micro-container-9.4-6.1716471860_amd64.spdx.json b/sbom/examples/container_image/release/ubi9-micro-container-9.4-6.1716471860_amd64.spdx.json index 39ee7b5..43ed4e7 100644 --- a/sbom/examples/container_image/release/ubi9-micro-container-9.4-6.1716471860_amd64.spdx.json +++ b/sbom/examples/container_image/release/ubi9-micro-container-9.4-6.1716471860_amd64.spdx.json @@ -1,6 +1,6 @@ { "spdxVersion": "SPDX-2.3", - "dataLicense": "CC-BY-4.0", + "dataLicense": "CC0-1.0", "SPDXID": "SPDXRef-DOCUMENT", "creationInfo": { "created": "2006-08-14T02:34:56Z", diff --git a/sbom/examples/container_image/release/ubi9-micro-container-9.4-6.1716471860_arm64.spdx.json b/sbom/examples/container_image/release/ubi9-micro-container-9.4-6.1716471860_arm64.spdx.json index c0ce3eb..e226e46 100644 --- a/sbom/examples/container_image/release/ubi9-micro-container-9.4-6.1716471860_arm64.spdx.json +++ b/sbom/examples/container_image/release/ubi9-micro-container-9.4-6.1716471860_arm64.spdx.json @@ -1,6 +1,6 @@ { "spdxVersion": "SPDX-2.3", - "dataLicense": "CC-BY-4.0", + "dataLicense": "CC0-1.0", "SPDXID": "SPDXRef-DOCUMENT", "creationInfo": { "created": "2006-08-14T02:34:56Z", diff --git a/sbom/examples/container_image/release/ubi9-micro-container-9.4-6.1716471860_ppc64le.spdx.json b/sbom/examples/container_image/release/ubi9-micro-container-9.4-6.1716471860_ppc64le.spdx.json index 7526df3..2e11307 100644 --- a/sbom/examples/container_image/release/ubi9-micro-container-9.4-6.1716471860_ppc64le.spdx.json +++ b/sbom/examples/container_image/release/ubi9-micro-container-9.4-6.1716471860_ppc64le.spdx.json @@ -1,6 +1,6 @@ { "spdxVersion": "SPDX-2.3", - "dataLicense": "CC-BY-4.0", + "dataLicense": "CC0-1.0", "SPDXID": "SPDXRef-DOCUMENT", "creationInfo": { "created": "2006-08-14T02:34:56Z", diff --git a/sbom/examples/container_image/release/ubi9-micro-container-9.4-6.1716471860_s390x.spdx.json b/sbom/examples/container_image/release/ubi9-micro-container-9.4-6.1716471860_s390x.spdx.json index 258d1f5..9607dd5 100644 --- a/sbom/examples/container_image/release/ubi9-micro-container-9.4-6.1716471860_s390x.spdx.json +++ b/sbom/examples/container_image/release/ubi9-micro-container-9.4-6.1716471860_s390x.spdx.json @@ -1,6 +1,6 @@ { "spdxVersion": "SPDX-2.3", - "dataLicense": "CC-BY-4.0", + "dataLicense": "CC0-1.0", "SPDXID": "SPDXRef-DOCUMENT", "creationInfo": { "created": "2006-08-14T02:34:56Z", diff --git a/sbom/examples/product/create_product_sbom.py b/sbom/examples/product/create_product_sbom.py index 99ee39b..83bd81e 100644 --- a/sbom/examples/product/create_product_sbom.py +++ b/sbom/examples/product/create_product_sbom.py @@ -46,7 +46,7 @@ def create_spdx(): fname = name_short + ".spdx.json" sbom = { "spdxVersion": "SPDX-2.3", - "dataLicense": "CC-BY-4.0", + "dataLicense": "CC0-1.0", "SPDXID": "SPDXRef-DOCUMENT", "creationInfo": { "created": "2006-08-14T02:34:56Z", diff --git a/sbom/examples/product/rhel-9.2-eus.spdx.json b/sbom/examples/product/rhel-9.2-eus.spdx.json index ca5a41d..90869d9 100644 --- a/sbom/examples/product/rhel-9.2-eus.spdx.json +++ b/sbom/examples/product/rhel-9.2-eus.spdx.json @@ -1,6 +1,6 @@ { "spdxVersion": "SPDX-2.3", - "dataLicense": "CC-BY-4.0", + "dataLicense": "CC0-1.0", "SPDXID": "SPDXRef-DOCUMENT", "creationInfo": { "created": "2006-08-14T02:34:56Z", diff --git a/sbom/examples/rpm/build/from-koji.py b/sbom/examples/rpm/build/from-koji.py index 638ef79..c0b7910 100755 --- a/sbom/examples/rpm/build/from-koji.py +++ b/sbom/examples/rpm/build/from-koji.py @@ -417,7 +417,7 @@ def handle_srpm(filename, name): spdx = { "spdxVersion": "SPDX-2.3", - "dataLicense": "CC-BY-4.0", + "dataLicense": "CC0-1.0", "SPDXID": "SPDXRef-DOCUMENT", "creationInfo": { "created": "2006-08-14T02:34:56Z", diff --git a/sbom/examples/rpm/build/openshift-pipelines-client-1.14.3-11352.el8.spdx.json b/sbom/examples/rpm/build/openshift-pipelines-client-1.14.3-11352.el8.spdx.json index 6b9d7c0..80ccba6 100644 --- a/sbom/examples/rpm/build/openshift-pipelines-client-1.14.3-11352.el8.spdx.json +++ b/sbom/examples/rpm/build/openshift-pipelines-client-1.14.3-11352.el8.spdx.json @@ -1,6 +1,6 @@ { "spdxVersion": "SPDX-2.3", - "dataLicense": "CC-BY-4.0", + "dataLicense": "CC0-1.0", "SPDXID": "SPDXRef-DOCUMENT", "creationInfo": { "created": "2006-08-14T02:34:56Z", diff --git a/sbom/examples/rpm/build/openssl-3.0.7-18.el9_2.spdx.json b/sbom/examples/rpm/build/openssl-3.0.7-18.el9_2.spdx.json index 2531e7c..8913c88 100644 --- a/sbom/examples/rpm/build/openssl-3.0.7-18.el9_2.spdx.json +++ b/sbom/examples/rpm/build/openssl-3.0.7-18.el9_2.spdx.json @@ -1,6 +1,6 @@ { "spdxVersion": "SPDX-2.3", - "dataLicense": "CC-BY-4.0", + "dataLicense": "CC0-1.0", "SPDXID": "SPDXRef-DOCUMENT", "creationInfo": { "created": "2006-08-14T02:34:56Z", diff --git a/sbom/examples/rpm/build/poppler-21.01.0-19.el9.spdx.json b/sbom/examples/rpm/build/poppler-21.01.0-19.el9.spdx.json index 40391db..19bac3d 100644 --- a/sbom/examples/rpm/build/poppler-21.01.0-19.el9.spdx.json +++ b/sbom/examples/rpm/build/poppler-21.01.0-19.el9.spdx.json @@ -1,6 +1,6 @@ { "spdxVersion": "SPDX-2.3", - "dataLicense": "CC-BY-4.0", + "dataLicense": "CC0-1.0", "SPDXID": "SPDXRef-DOCUMENT", "creationInfo": { "created": "2006-08-14T02:34:56Z", diff --git a/sbom/examples/rpm/release/openshift-pipelines-client-1.14.3-11352.el8.spdx.json b/sbom/examples/rpm/release/openshift-pipelines-client-1.14.3-11352.el8.spdx.json index 84412f3..63cc165 100644 --- a/sbom/examples/rpm/release/openshift-pipelines-client-1.14.3-11352.el8.spdx.json +++ b/sbom/examples/rpm/release/openshift-pipelines-client-1.14.3-11352.el8.spdx.json @@ -1,6 +1,6 @@ { "spdxVersion": "SPDX-2.3", - "dataLicense": "CC-BY-4.0", + "dataLicense": "CC0-1.0", "SPDXID": "SPDXRef-DOCUMENT", "creationInfo": { "created": "2006-08-14T02:34:56Z", diff --git a/sbom/examples/rpm/release/openssl-3.0.7-18.el9_2.spdx.json b/sbom/examples/rpm/release/openssl-3.0.7-18.el9_2.spdx.json index 8e1b076..5d1abf7 100644 --- a/sbom/examples/rpm/release/openssl-3.0.7-18.el9_2.spdx.json +++ b/sbom/examples/rpm/release/openssl-3.0.7-18.el9_2.spdx.json @@ -1,6 +1,6 @@ { "spdxVersion": "SPDX-2.3", - "dataLicense": "CC-BY-4.0", + "dataLicense": "CC0-1.0", "SPDXID": "SPDXRef-DOCUMENT", "creationInfo": { "created": "2006-08-14T02:34:56Z", diff --git a/sbom/examples/rpm/release/poppler-21.01.0-19.el9.spdx.json b/sbom/examples/rpm/release/poppler-21.01.0-19.el9.spdx.json index e98b5bb..f75dc3a 100644 --- a/sbom/examples/rpm/release/poppler-21.01.0-19.el9.spdx.json +++ b/sbom/examples/rpm/release/poppler-21.01.0-19.el9.spdx.json @@ -1,6 +1,6 @@ { "spdxVersion": "SPDX-2.3", - "dataLicense": "CC-BY-4.0", + "dataLicense": "CC0-1.0", "SPDXID": "SPDXRef-DOCUMENT", "creationInfo": { "created": "2006-08-14T02:34:56Z",