From c01907d72a0c2cf0a369846adbea60ebdc5e6734 Mon Sep 17 00:00:00 2001 From: Tim Waugh Date: Wed, 11 Sep 2024 12:31:35 +0100 Subject: [PATCH] Include purls for parent images --- ...perator-container-1.1.2-25_amd64.spdx.json | 24 ++++++-- ...perator-container-1.1.2-25_arm64.spdx.json | 24 ++++++-- ...rator-container-1.1.2-25_ppc64le.spdx.json | 24 ++++++-- ...container-9.4-6.1716471860_amd64.spdx.json | 18 ++++-- ...container-9.4-6.1716471860_arm64.spdx.json | 18 ++++-- ...ntainer-9.4-6.1716471860_ppc64le.spdx.json | 18 ++++-- ...container-9.4-6.1716471860_s390x.spdx.json | 18 ++++-- .../container_image/release/from_catalog.py | 59 +++++++++++++++---- ...perator-container-1.1.2-25_amd64.spdx.json | 24 ++++++-- ...perator-container-1.1.2-25_arm64.spdx.json | 24 ++++++-- ...rator-container-1.1.2-25_ppc64le.spdx.json | 24 ++++++-- ...container-9.4-6.1716471860_amd64.spdx.json | 18 ++++-- ...container-9.4-6.1716471860_arm64.spdx.json | 18 ++++-- ...ntainer-9.4-6.1716471860_ppc64le.spdx.json | 18 ++++-- ...container-9.4-6.1716471860_s390x.spdx.json | 18 ++++-- 15 files changed, 251 insertions(+), 96 deletions(-) diff --git a/sbom/examples/container_image/build/kernel-module-management-operator-container-1.1.2-25_amd64.spdx.json b/sbom/examples/container_image/build/kernel-module-management-operator-container-1.1.2-25_amd64.spdx.json index 934120d..d0966d6 100644 --- a/sbom/examples/container_image/build/kernel-module-management-operator-container-1.1.2-25_amd64.spdx.json +++ b/sbom/examples/container_image/build/kernel-module-management-operator-container-1.1.2-25_amd64.spdx.json @@ -3994,21 +3994,33 @@ }, { "SPDXID": "SPDXRef-parent-image-0-amd64", - "name": "rhel9-go-toolset:1.19.4-18_amd64", - "versionInfo": "NOASSERTION", + "name": "rhel9-go-toolset_amd64", + "versionInfo": "1.19.4-18", "supplier": "Organization: Red Hat", "downloadLocation": "NOASSERTION", "licenseDeclared": "NOASSERTION", - "externalRefs": [] + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceType": "purl", + "referenceLocator": "pkg:oci/rhel9-go-toolset@sha256:354b40a0fdcd1a9dd9af1b88f9a45fc2b0c8065980dfd9b5097e137a7db6e0bd" + } + ] }, { "SPDXID": "SPDXRef-parent-image-1-amd64", - "name": "rhel:9.2-1191_amd64", - "versionInfo": "NOASSERTION", + "name": "rhel_amd64", + "versionInfo": "9.2-1191", "supplier": "Organization: Red Hat", "downloadLocation": "NOASSERTION", "licenseDeclared": "NOASSERTION", - "externalRefs": [] + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceType": "purl", + "referenceLocator": "pkg:oci/rhel@sha256:8759d95740eb14a6b6253a574edeea7de6840be30d38c630675ae2a0c76b9f93" + } + ] } ], "relationships": [ diff --git a/sbom/examples/container_image/build/kernel-module-management-operator-container-1.1.2-25_arm64.spdx.json b/sbom/examples/container_image/build/kernel-module-management-operator-container-1.1.2-25_arm64.spdx.json index d1658bd..48acd5a 100644 --- a/sbom/examples/container_image/build/kernel-module-management-operator-container-1.1.2-25_arm64.spdx.json +++ b/sbom/examples/container_image/build/kernel-module-management-operator-container-1.1.2-25_arm64.spdx.json @@ -3994,21 +3994,33 @@ }, { "SPDXID": "SPDXRef-parent-image-0-arm64", - "name": "rhel9-go-toolset:1.19.4-18_arm64", - "versionInfo": "NOASSERTION", + "name": "rhel9-go-toolset_arm64", + "versionInfo": "1.19.4-18", "supplier": "Organization: Red Hat", "downloadLocation": "NOASSERTION", "licenseDeclared": "NOASSERTION", - "externalRefs": [] + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceType": "purl", + "referenceLocator": "pkg:oci/rhel9-go-toolset@sha256:355b1d0a6e12250247d157949dcdc68d8a9508fc027223515a6d4662f4ec03f6" + } + ] }, { "SPDXID": "SPDXRef-parent-image-1-arm64", - "name": "rhel:9.2-1191_arm64", - "versionInfo": "NOASSERTION", + "name": "rhel_arm64", + "versionInfo": "9.2-1191", "supplier": "Organization: Red Hat", "downloadLocation": "NOASSERTION", "licenseDeclared": "NOASSERTION", - "externalRefs": [] + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceType": "purl", + "referenceLocator": "pkg:oci/rhel@sha256:8d79ed0aaf36d7bf914411aab26e3a78308fe6217ca865ad7cc107c9078bfb12" + } + ] } ], "relationships": [ diff --git a/sbom/examples/container_image/build/kernel-module-management-operator-container-1.1.2-25_ppc64le.spdx.json b/sbom/examples/container_image/build/kernel-module-management-operator-container-1.1.2-25_ppc64le.spdx.json index 27008c6..841706d 100644 --- a/sbom/examples/container_image/build/kernel-module-management-operator-container-1.1.2-25_ppc64le.spdx.json +++ b/sbom/examples/container_image/build/kernel-module-management-operator-container-1.1.2-25_ppc64le.spdx.json @@ -3994,21 +3994,33 @@ }, { "SPDXID": "SPDXRef-parent-image-0-ppc64le", - "name": "rhel9-go-toolset:1.19.4-18_ppc64le", - "versionInfo": "NOASSERTION", + "name": "rhel9-go-toolset_ppc64le", + "versionInfo": "1.19.4-18", "supplier": "Organization: Red Hat", "downloadLocation": "NOASSERTION", "licenseDeclared": "NOASSERTION", - "externalRefs": [] + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceType": "purl", + "referenceLocator": "pkg:oci/rhel9-go-toolset@sha256:a6b2fd68651aa7d544e53676f99f9017cf241b855bcdc2400d81081bba6f329a" + } + ] }, { "SPDXID": "SPDXRef-parent-image-1-ppc64le", - "name": "rhel:9.2-1191_ppc64le", - "versionInfo": "NOASSERTION", + "name": "rhel_ppc64le", + "versionInfo": "9.2-1191", "supplier": "Organization: Red Hat", "downloadLocation": "NOASSERTION", "licenseDeclared": "NOASSERTION", - "externalRefs": [] + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceType": "purl", + "referenceLocator": "pkg:oci/rhel@sha256:cb23b09712fa36dfa2cd39ea60afb439c17fd0fec60a26a59e122618c8a33379" + } + ] } ], "relationships": [ diff --git a/sbom/examples/container_image/build/ubi9-micro-container-9.4-6.1716471860_amd64.spdx.json b/sbom/examples/container_image/build/ubi9-micro-container-9.4-6.1716471860_amd64.spdx.json index 989d03b..2dd691f 100644 --- a/sbom/examples/container_image/build/ubi9-micro-container-9.4-6.1716471860_amd64.spdx.json +++ b/sbom/examples/container_image/build/ubi9-micro-container-9.4-6.1716471860_amd64.spdx.json @@ -479,12 +479,18 @@ }, { "SPDXID": "SPDXRef-parent-image-0-amd64", - "name": "ubi9:9.4-947_amd64", - "versionInfo": "NOASSERTION", + "name": "ubi9_amd64", + "versionInfo": "9.4-947", "supplier": "Organization: Red Hat", "downloadLocation": "NOASSERTION", "licenseDeclared": "NOASSERTION", - "externalRefs": [] + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceType": "purl", + "referenceLocator": "pkg:oci/ubi9@sha256:11d5b4a77bfc15341d4b6dffa3d6ed510189fec9583db77cfc107067b5f906c5" + } + ] } ], "relationships": [ @@ -494,9 +500,9 @@ "relatedSpdxElement": "SPDXRef-ubi9-micro-container-amd64" }, { - "spdxElementId": "SPDXRef-ubi9-micro-container-amd64", - "relationshipType": "DESCENDANT_OF", - "relatedSpdxElement": "SPDXRef-parent-image-0-amd64" + "spdxElementId": "SPDXRef-parent-image-0-amd64", + "relationshipType": "BUILD_TOOL_OF", + "relatedSpdxElement": "SPDXRef-ubi9-micro-container-amd64" }, { "spdxElementId": "SPDXRef-ubi9-micro-container-amd64", diff --git a/sbom/examples/container_image/build/ubi9-micro-container-9.4-6.1716471860_arm64.spdx.json b/sbom/examples/container_image/build/ubi9-micro-container-9.4-6.1716471860_arm64.spdx.json index 1c6502b..0da7989 100644 --- a/sbom/examples/container_image/build/ubi9-micro-container-9.4-6.1716471860_arm64.spdx.json +++ b/sbom/examples/container_image/build/ubi9-micro-container-9.4-6.1716471860_arm64.spdx.json @@ -479,12 +479,18 @@ }, { "SPDXID": "SPDXRef-parent-image-0-arm64", - "name": "ubi9:9.4-947_arm64", - "versionInfo": "NOASSERTION", + "name": "ubi9_arm64", + "versionInfo": "9.4-947", "supplier": "Organization: Red Hat", "downloadLocation": "NOASSERTION", "licenseDeclared": "NOASSERTION", - "externalRefs": [] + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceType": "purl", + "referenceLocator": "pkg:oci/ubi9@sha256:cad979d0a2eb78699b62efaf4797f51c4781dfc2a17d9bef5a3a2f5d67cc8e8c" + } + ] } ], "relationships": [ @@ -494,9 +500,9 @@ "relatedSpdxElement": "SPDXRef-ubi9-micro-container-arm64" }, { - "spdxElementId": "SPDXRef-ubi9-micro-container-arm64", - "relationshipType": "DESCENDANT_OF", - "relatedSpdxElement": "SPDXRef-parent-image-0-arm64" + "spdxElementId": "SPDXRef-parent-image-0-arm64", + "relationshipType": "BUILD_TOOL_OF", + "relatedSpdxElement": "SPDXRef-ubi9-micro-container-arm64" }, { "spdxElementId": "SPDXRef-ubi9-micro-container-arm64", diff --git a/sbom/examples/container_image/build/ubi9-micro-container-9.4-6.1716471860_ppc64le.spdx.json b/sbom/examples/container_image/build/ubi9-micro-container-9.4-6.1716471860_ppc64le.spdx.json index c9173e1..7575e78 100644 --- a/sbom/examples/container_image/build/ubi9-micro-container-9.4-6.1716471860_ppc64le.spdx.json +++ b/sbom/examples/container_image/build/ubi9-micro-container-9.4-6.1716471860_ppc64le.spdx.json @@ -479,12 +479,18 @@ }, { "SPDXID": "SPDXRef-parent-image-0-ppc64le", - "name": "ubi9:9.4-947_ppc64le", - "versionInfo": "NOASSERTION", + "name": "ubi9_ppc64le", + "versionInfo": "9.4-947", "supplier": "Organization: Red Hat", "downloadLocation": "NOASSERTION", "licenseDeclared": "NOASSERTION", - "externalRefs": [] + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceType": "purl", + "referenceLocator": "pkg:oci/ubi9@sha256:8a3b5f66fcf8335ba23cd4d7210faf794bcf1f05c19ef6365459852f51d06b49" + } + ] } ], "relationships": [ @@ -494,9 +500,9 @@ "relatedSpdxElement": "SPDXRef-ubi9-micro-container-ppc64le" }, { - "spdxElementId": "SPDXRef-ubi9-micro-container-ppc64le", - "relationshipType": "DESCENDANT_OF", - "relatedSpdxElement": "SPDXRef-parent-image-0-ppc64le" + "spdxElementId": "SPDXRef-parent-image-0-ppc64le", + "relationshipType": "BUILD_TOOL_OF", + "relatedSpdxElement": "SPDXRef-ubi9-micro-container-ppc64le" }, { "spdxElementId": "SPDXRef-ubi9-micro-container-ppc64le", diff --git a/sbom/examples/container_image/build/ubi9-micro-container-9.4-6.1716471860_s390x.spdx.json b/sbom/examples/container_image/build/ubi9-micro-container-9.4-6.1716471860_s390x.spdx.json index 819d0c7..64ee71e 100644 --- a/sbom/examples/container_image/build/ubi9-micro-container-9.4-6.1716471860_s390x.spdx.json +++ b/sbom/examples/container_image/build/ubi9-micro-container-9.4-6.1716471860_s390x.spdx.json @@ -479,12 +479,18 @@ }, { "SPDXID": "SPDXRef-parent-image-0-s390x", - "name": "ubi9:9.4-947_s390x", - "versionInfo": "NOASSERTION", + "name": "ubi9_s390x", + "versionInfo": "9.4-947", "supplier": "Organization: Red Hat", "downloadLocation": "NOASSERTION", "licenseDeclared": "NOASSERTION", - "externalRefs": [] + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceType": "purl", + "referenceLocator": "pkg:oci/ubi9@sha256:dee3c77221eab321e79ad2b0277b91856879a8f5b675a48ad83af26c7a774fb3" + } + ] } ], "relationships": [ @@ -494,9 +500,9 @@ "relatedSpdxElement": "SPDXRef-ubi9-micro-container-s390x" }, { - "spdxElementId": "SPDXRef-ubi9-micro-container-s390x", - "relationshipType": "DESCENDANT_OF", - "relatedSpdxElement": "SPDXRef-parent-image-0-s390x" + "spdxElementId": "SPDXRef-parent-image-0-s390x", + "relationshipType": "BUILD_TOOL_OF", + "relatedSpdxElement": "SPDXRef-ubi9-micro-container-s390x" }, { "spdxElementId": "SPDXRef-ubi9-micro-container-s390x", diff --git a/sbom/examples/container_image/release/from_catalog.py b/sbom/examples/container_image/release/from_catalog.py index 7ab6fd7..a6c4fc9 100644 --- a/sbom/examples/container_image/release/from_catalog.py +++ b/sbom/examples/container_image/release/from_catalog.py @@ -164,10 +164,11 @@ def generate_sboms_for_image(image_nvr): } image_index_pkg["externalRefs"].append(ref) - spdx_image_id = f"SPDXRef-{image_nvr_name}-{image['architecture']}" + arch = image["architecture"] + spdx_image_id = f"SPDXRef-{image_nvr_name}-{arch}" image_pkg = { "SPDXID": spdx_image_id, - "name": f"{image_nvr_name}_{image['architecture']}", + "name": f"{image_nvr_name}_{arch}", "versionInfo": image_nvr_version, "supplier": "Organization: Red Hat", "downloadLocation": "NOASSERTION", @@ -183,7 +184,7 @@ def generate_sboms_for_image(image_nvr): for name, repo_url, tag in sorted(repos): purl = ( f"pkg:oci/{name}@sha256%3A{image_index_digest}?" - f"arch={image['architecture']}&repository_url={repo_url}&tag={tag}" + f"arch={arch}&repository_url={repo_url}&tag={tag}" ) ref = { "referenceCategory": "PACKAGE-MANAGER", @@ -194,22 +195,56 @@ def generate_sboms_for_image(image_nvr): per_arch_images.append(image_pkg) # Add in parent images - parent_images = koji_session.getBuild(image_nvr) - for key in ("extra", "typeinfo", "image", "parent_images"): - parent_images = parent_images.get(key, {}) + image_data = koji_session.getBuild(image_nvr) + for key in ("extra", "typeinfo", "image"): + image_data = image_data.get(key, {}) - parent_images = [img.rsplit("/")[-1] for img in parent_images if img != "scratch"] + parent_image_builds = image_data.get("parent_image_builds", {}) + parent_images = image_data.get("parent_images", []) direct_parent_index = len(parent_images) - 1 for index, parent_image in enumerate(parent_images): - parent_spdx_id = f"SPDXRef-parent-image-{index}-{image['architecture']}" + try: + parent_image_build_id = parent_image_builds[parent_image]["id"] + except KeyError: + # Skip scratch builds + continue + + parent_archives = koji_session.listArchives(parent_image_build_id) + parent_digests = [ + list(a["extra"]["docker"]["digests"].values())[0] + for a in parent_archives + if a["btype"] == "image" and a["extra"]["docker"]["config"]["architecture"] == arch + ] + if parent_digests: + version = f"@{parent_digests[0]}" + else: + version = "" + + registry, rest = parent_image.split("/", maxsplit=1) + use_registry = registry in ("registry.redhat.io", "registry.access.redhat.com") + name, tag = rest.rsplit(":", maxsplit=1) + if "/" in name: + namespace, name = name.rsplit("/", maxsplit=1) + registry += "/" + namespace + + registry_q = f"&repository_url={registry}" if use_registry else "" + parent_spdx_id = f"SPDXRef-parent-image-{index}-{arch}" + purl = f"pkg:oci/{name}{version}?tag={tag}{registry_q}" + parent_pkg = { "SPDXID": parent_spdx_id, - "name": f"{parent_image}_{image['architecture']}", - "versionInfo": "NOASSERTION", + "name": f"{name}_{arch}", + "versionInfo": f"{tag}", "supplier": "Organization: Red Hat", "downloadLocation": "NOASSERTION", "licenseDeclared": "NOASSERTION", - "externalRefs": [], + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceType": "purl", + "referenceLocator": purl, + }, + ], } other_pkgs.append(parent_pkg) @@ -266,7 +301,7 @@ def generate_sboms_for_image(image_nvr): packages.append(rpm_pkg) create_sbom( - image_id=f"{image_nvr}_" f"{image['architecture']}", + image_id=f"{image_nvr}_" f"{arch}", root_package=image_pkg, packages=packages, rel_type="CONTAINS", diff --git a/sbom/examples/container_image/release/kernel-module-management-operator-container-1.1.2-25_amd64.spdx.json b/sbom/examples/container_image/release/kernel-module-management-operator-container-1.1.2-25_amd64.spdx.json index 571993e..4009f88 100644 --- a/sbom/examples/container_image/release/kernel-module-management-operator-container-1.1.2-25_amd64.spdx.json +++ b/sbom/examples/container_image/release/kernel-module-management-operator-container-1.1.2-25_amd64.spdx.json @@ -3994,21 +3994,33 @@ }, { "SPDXID": "SPDXRef-parent-image-0-amd64", - "name": "rhel9-go-toolset:1.19.4-18_amd64", - "versionInfo": "NOASSERTION", + "name": "rhel9-go-toolset_amd64", + "versionInfo": "1.19.4-18", "supplier": "Organization: Red Hat", "downloadLocation": "NOASSERTION", "licenseDeclared": "NOASSERTION", - "externalRefs": [] + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceType": "purl", + "referenceLocator": "pkg:oci/rhel9-go-toolset@sha256:354b40a0fdcd1a9dd9af1b88f9a45fc2b0c8065980dfd9b5097e137a7db6e0bd?tag=1.19.4-18" + } + ] }, { "SPDXID": "SPDXRef-parent-image-1-amd64", - "name": "rhel:9.2-1191_amd64", - "versionInfo": "NOASSERTION", + "name": "rhel_amd64", + "versionInfo": "9.2-1191", "supplier": "Organization: Red Hat", "downloadLocation": "NOASSERTION", "licenseDeclared": "NOASSERTION", - "externalRefs": [] + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceType": "purl", + "referenceLocator": "pkg:oci/rhel@sha256:8759d95740eb14a6b6253a574edeea7de6840be30d38c630675ae2a0c76b9f93?tag=9.2-1191&repository_url=registry.redhat.io/rhel9-2-els" + } + ] } ], "relationships": [ diff --git a/sbom/examples/container_image/release/kernel-module-management-operator-container-1.1.2-25_arm64.spdx.json b/sbom/examples/container_image/release/kernel-module-management-operator-container-1.1.2-25_arm64.spdx.json index da2ee7b..67046b5 100644 --- a/sbom/examples/container_image/release/kernel-module-management-operator-container-1.1.2-25_arm64.spdx.json +++ b/sbom/examples/container_image/release/kernel-module-management-operator-container-1.1.2-25_arm64.spdx.json @@ -3994,21 +3994,33 @@ }, { "SPDXID": "SPDXRef-parent-image-0-arm64", - "name": "rhel9-go-toolset:1.19.4-18_arm64", - "versionInfo": "NOASSERTION", + "name": "rhel9-go-toolset_arm64", + "versionInfo": "1.19.4-18", "supplier": "Organization: Red Hat", "downloadLocation": "NOASSERTION", "licenseDeclared": "NOASSERTION", - "externalRefs": [] + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceType": "purl", + "referenceLocator": "pkg:oci/rhel9-go-toolset@sha256:355b1d0a6e12250247d157949dcdc68d8a9508fc027223515a6d4662f4ec03f6?tag=1.19.4-18" + } + ] }, { "SPDXID": "SPDXRef-parent-image-1-arm64", - "name": "rhel:9.2-1191_arm64", - "versionInfo": "NOASSERTION", + "name": "rhel_arm64", + "versionInfo": "9.2-1191", "supplier": "Organization: Red Hat", "downloadLocation": "NOASSERTION", "licenseDeclared": "NOASSERTION", - "externalRefs": [] + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceType": "purl", + "referenceLocator": "pkg:oci/rhel@sha256:8d79ed0aaf36d7bf914411aab26e3a78308fe6217ca865ad7cc107c9078bfb12?tag=9.2-1191&repository_url=registry.redhat.io/rhel9-2-els" + } + ] } ], "relationships": [ diff --git a/sbom/examples/container_image/release/kernel-module-management-operator-container-1.1.2-25_ppc64le.spdx.json b/sbom/examples/container_image/release/kernel-module-management-operator-container-1.1.2-25_ppc64le.spdx.json index ad5336a..759dab7 100644 --- a/sbom/examples/container_image/release/kernel-module-management-operator-container-1.1.2-25_ppc64le.spdx.json +++ b/sbom/examples/container_image/release/kernel-module-management-operator-container-1.1.2-25_ppc64le.spdx.json @@ -3994,21 +3994,33 @@ }, { "SPDXID": "SPDXRef-parent-image-0-ppc64le", - "name": "rhel9-go-toolset:1.19.4-18_ppc64le", - "versionInfo": "NOASSERTION", + "name": "rhel9-go-toolset_ppc64le", + "versionInfo": "1.19.4-18", "supplier": "Organization: Red Hat", "downloadLocation": "NOASSERTION", "licenseDeclared": "NOASSERTION", - "externalRefs": [] + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceType": "purl", + "referenceLocator": "pkg:oci/rhel9-go-toolset@sha256:a6b2fd68651aa7d544e53676f99f9017cf241b855bcdc2400d81081bba6f329a?tag=1.19.4-18" + } + ] }, { "SPDXID": "SPDXRef-parent-image-1-ppc64le", - "name": "rhel:9.2-1191_ppc64le", - "versionInfo": "NOASSERTION", + "name": "rhel_ppc64le", + "versionInfo": "9.2-1191", "supplier": "Organization: Red Hat", "downloadLocation": "NOASSERTION", "licenseDeclared": "NOASSERTION", - "externalRefs": [] + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceType": "purl", + "referenceLocator": "pkg:oci/rhel@sha256:cb23b09712fa36dfa2cd39ea60afb439c17fd0fec60a26a59e122618c8a33379?tag=9.2-1191&repository_url=registry.redhat.io/rhel9-2-els" + } + ] } ], "relationships": [ diff --git a/sbom/examples/container_image/release/ubi9-micro-container-9.4-6.1716471860_amd64.spdx.json b/sbom/examples/container_image/release/ubi9-micro-container-9.4-6.1716471860_amd64.spdx.json index 39d8f5d..020762a 100644 --- a/sbom/examples/container_image/release/ubi9-micro-container-9.4-6.1716471860_amd64.spdx.json +++ b/sbom/examples/container_image/release/ubi9-micro-container-9.4-6.1716471860_amd64.spdx.json @@ -479,12 +479,18 @@ }, { "SPDXID": "SPDXRef-parent-image-0-amd64", - "name": "ubi9:9.4-947_amd64", - "versionInfo": "NOASSERTION", + "name": "ubi9_amd64", + "versionInfo": "9.4-947", "supplier": "Organization: Red Hat", "downloadLocation": "NOASSERTION", "licenseDeclared": "NOASSERTION", - "externalRefs": [] + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceType": "purl", + "referenceLocator": "pkg:oci/ubi9@sha256:11d5b4a77bfc15341d4b6dffa3d6ed510189fec9583db77cfc107067b5f906c5?tag=9.4-947" + } + ] } ], "relationships": [ @@ -494,9 +500,9 @@ "relatedSpdxElement": "SPDXRef-ubi9-micro-container-amd64" }, { - "spdxElementId": "SPDXRef-ubi9-micro-container-amd64", - "relationshipType": "DESCENDANT_OF", - "relatedSpdxElement": "SPDXRef-parent-image-0-amd64" + "spdxElementId": "SPDXRef-parent-image-0-amd64", + "relationshipType": "BUILD_TOOL_OF", + "relatedSpdxElement": "SPDXRef-ubi9-micro-container-amd64" }, { "spdxElementId": "SPDXRef-ubi9-micro-container-amd64", diff --git a/sbom/examples/container_image/release/ubi9-micro-container-9.4-6.1716471860_arm64.spdx.json b/sbom/examples/container_image/release/ubi9-micro-container-9.4-6.1716471860_arm64.spdx.json index ac6be99..bd047e5 100644 --- a/sbom/examples/container_image/release/ubi9-micro-container-9.4-6.1716471860_arm64.spdx.json +++ b/sbom/examples/container_image/release/ubi9-micro-container-9.4-6.1716471860_arm64.spdx.json @@ -479,12 +479,18 @@ }, { "SPDXID": "SPDXRef-parent-image-0-arm64", - "name": "ubi9:9.4-947_arm64", - "versionInfo": "NOASSERTION", + "name": "ubi9_arm64", + "versionInfo": "9.4-947", "supplier": "Organization: Red Hat", "downloadLocation": "NOASSERTION", "licenseDeclared": "NOASSERTION", - "externalRefs": [] + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceType": "purl", + "referenceLocator": "pkg:oci/ubi9@sha256:cad979d0a2eb78699b62efaf4797f51c4781dfc2a17d9bef5a3a2f5d67cc8e8c?tag=9.4-947" + } + ] } ], "relationships": [ @@ -494,9 +500,9 @@ "relatedSpdxElement": "SPDXRef-ubi9-micro-container-arm64" }, { - "spdxElementId": "SPDXRef-ubi9-micro-container-arm64", - "relationshipType": "DESCENDANT_OF", - "relatedSpdxElement": "SPDXRef-parent-image-0-arm64" + "spdxElementId": "SPDXRef-parent-image-0-arm64", + "relationshipType": "BUILD_TOOL_OF", + "relatedSpdxElement": "SPDXRef-ubi9-micro-container-arm64" }, { "spdxElementId": "SPDXRef-ubi9-micro-container-arm64", diff --git a/sbom/examples/container_image/release/ubi9-micro-container-9.4-6.1716471860_ppc64le.spdx.json b/sbom/examples/container_image/release/ubi9-micro-container-9.4-6.1716471860_ppc64le.spdx.json index e7403fc..c088dc3 100644 --- a/sbom/examples/container_image/release/ubi9-micro-container-9.4-6.1716471860_ppc64le.spdx.json +++ b/sbom/examples/container_image/release/ubi9-micro-container-9.4-6.1716471860_ppc64le.spdx.json @@ -479,12 +479,18 @@ }, { "SPDXID": "SPDXRef-parent-image-0-ppc64le", - "name": "ubi9:9.4-947_ppc64le", - "versionInfo": "NOASSERTION", + "name": "ubi9_ppc64le", + "versionInfo": "9.4-947", "supplier": "Organization: Red Hat", "downloadLocation": "NOASSERTION", "licenseDeclared": "NOASSERTION", - "externalRefs": [] + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceType": "purl", + "referenceLocator": "pkg:oci/ubi9@sha256:8a3b5f66fcf8335ba23cd4d7210faf794bcf1f05c19ef6365459852f51d06b49?tag=9.4-947" + } + ] } ], "relationships": [ @@ -494,9 +500,9 @@ "relatedSpdxElement": "SPDXRef-ubi9-micro-container-ppc64le" }, { - "spdxElementId": "SPDXRef-ubi9-micro-container-ppc64le", - "relationshipType": "DESCENDANT_OF", - "relatedSpdxElement": "SPDXRef-parent-image-0-ppc64le" + "spdxElementId": "SPDXRef-parent-image-0-ppc64le", + "relationshipType": "BUILD_TOOL_OF", + "relatedSpdxElement": "SPDXRef-ubi9-micro-container-ppc64le" }, { "spdxElementId": "SPDXRef-ubi9-micro-container-ppc64le", diff --git a/sbom/examples/container_image/release/ubi9-micro-container-9.4-6.1716471860_s390x.spdx.json b/sbom/examples/container_image/release/ubi9-micro-container-9.4-6.1716471860_s390x.spdx.json index f03d7eb..259c9de 100644 --- a/sbom/examples/container_image/release/ubi9-micro-container-9.4-6.1716471860_s390x.spdx.json +++ b/sbom/examples/container_image/release/ubi9-micro-container-9.4-6.1716471860_s390x.spdx.json @@ -479,12 +479,18 @@ }, { "SPDXID": "SPDXRef-parent-image-0-s390x", - "name": "ubi9:9.4-947_s390x", - "versionInfo": "NOASSERTION", + "name": "ubi9_s390x", + "versionInfo": "9.4-947", "supplier": "Organization: Red Hat", "downloadLocation": "NOASSERTION", "licenseDeclared": "NOASSERTION", - "externalRefs": [] + "externalRefs": [ + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceType": "purl", + "referenceLocator": "pkg:oci/ubi9@sha256:dee3c77221eab321e79ad2b0277b91856879a8f5b675a48ad83af26c7a774fb3?tag=9.4-947" + } + ] } ], "relationships": [ @@ -494,9 +500,9 @@ "relatedSpdxElement": "SPDXRef-ubi9-micro-container-s390x" }, { - "spdxElementId": "SPDXRef-ubi9-micro-container-s390x", - "relationshipType": "DESCENDANT_OF", - "relatedSpdxElement": "SPDXRef-parent-image-0-s390x" + "spdxElementId": "SPDXRef-parent-image-0-s390x", + "relationshipType": "BUILD_TOOL_OF", + "relatedSpdxElement": "SPDXRef-ubi9-micro-container-s390x" }, { "spdxElementId": "SPDXRef-ubi9-micro-container-s390x",