Skip to content

chore: update SBOM for Python 3.10 #3729

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 1 commit into from
Jan 17, 2024
Merged

chore: update SBOM for Python 3.10 #3729

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
67 changes: 35 additions & 32 deletions sbom/cve-bin-tool-py3.10.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,10 +2,10 @@
"$schema": "http://cyclonedx.org/schema/bom-1.5.schema.json",
"bomFormat": "CycloneDX",
"specVersion": "1.5",
"serialNumber": "urn:uuid:c700a6f1-9bd1-4cdc-bd37-9399ed85c2ba",
"serialNumber": "urn:uuid:055a78b9-2a63-4e07-bb1b-ebb33387923e",
"version": 1,
"metadata": {
"timestamp": "2024-01-09T17:40:33Z",
"timestamp": "2024-01-15T00:28:56Z",
"tools": {
"components": [
{
Expand Down Expand Up @@ -1400,6 +1400,12 @@
},
"cpe": "cpe:2.3:a:the_python_cryptographic_authority_and_individual_contributors:cryptography:41.0.7:*:*:*:*:*:*:*",
"description": "cryptography is a package which provides cryptographic recipes and primitives to Python developers.",
"hashes": [
{
"alg": "SHA-1",
"content": "4054596afc6f2b6cfcc54f56c35c34e0e429cb66"
}
],
"licenses": [
{
"expression": "Apache-2.0 OR BSD-3-Clause"
Expand Down Expand Up @@ -1628,7 +1634,7 @@
"type": "library",
"bom-ref": "36-google-auth",
"name": "google-auth",
"version": "2.26.1",
"version": "2.26.2",
"supplier": {
"name": "Google Cloud Platform",
"contact": [
Expand All @@ -1637,7 +1643,7 @@
}
]
},
"cpe": "cpe:2.3:a:google_cloud_platform:google-auth:2.26.1:*:*:*:*:*:*:*",
"cpe": "cpe:2.3:a:google_cloud_platform:google-auth:2.26.2:*:*:*:*:*:*:*",
"description": "Google Authentication Library",
"licenses": [
{
Expand All @@ -1649,12 +1655,12 @@
],
"externalReferences": [
{
"url": "https://pypi.org/project/google-auth/2.26.1",
"url": "https://pypi.org/project/google-auth/2.26.2",
"type": "distribution",
"comment": "Download location for component"
}
],
"purl": "pkg:pypi/[email protected].1",
"purl": "pkg:pypi/[email protected].2",
"properties": [
{
"name": "language",
Expand Down Expand Up @@ -1774,23 +1780,8 @@
"type": "library",
"bom-ref": "39-jinja2",
"name": "jinja2",
"version": "3.1.2",
"supplier": {
"name": "Armin Ronacher",
"contact": [
{
"email": "[email protected]"
}
]
},
"cpe": "cpe:2.3:a:armin_ronacher:jinja2:3.1.2:*:*:*:*:*:*:*",
"version": "3.1.3",
"description": "A very fast and expressive template engine.",
"hashes": [
{
"alg": "SHA-1",
"content": "b08cd4bc64bb980df86ed2876978ae5735572280"
}
],
"licenses": [
{
"license": {
Expand All @@ -1801,12 +1792,12 @@
],
"externalReferences": [
{
"url": "https://pypi.org/project/Jinja2/3.1.2",
"url": "https://pypi.org/project/Jinja2/3.1.3",
"type": "distribution",
"comment": "Download location for component"
}
],
"purl": "pkg:pypi/[email protected].2",
"purl": "pkg:pypi/[email protected].3",
"properties": [
{
"name": "language",
Expand Down Expand Up @@ -1984,11 +1975,11 @@
"type": "library",
"bom-ref": "44-rpds-py",
"name": "rpds-py",
"version": "0.16.2",
"version": "0.17.1",
"supplier": {
"name": "Julian Berman"
},
"cpe": "cpe:2.3:a:julian_berman:rpds-py:0.16.2:*:*:*:*:*:*:*",
"cpe": "cpe:2.3:a:julian_berman:rpds-py:0.17.1:*:*:*:*:*:*:*",
"description": "Python bindings to Rust's persistent data structures (rpds)",
"licenses": [
{
Expand All @@ -2000,12 +1991,12 @@
],
"externalReferences": [
{
"url": "https://pypi.org/project/rpds-py/0.16.2",
"url": "https://pypi.org/project/rpds-py/0.17.1",
"type": "distribution",
"comment": "Download location for component"
}
],
"purl": "pkg:pypi/rpds-py@0.16.2",
"purl": "pkg:pypi/rpds-py@0.17.1",
"properties": [
{
"name": "language",
Expand Down Expand Up @@ -2169,6 +2160,12 @@
},
"cpe": "cpe:2.3:a:the_purl_authors:packageurl-python:0.13.4:*:*:*:*:*:*:*",
"description": "A purl aka. Package URL parser and builder",
"hashes": [
{
"alg": "SHA-1",
"content": "f7f41b89a941278e8f76c0aad3a9409c6583eda8"
}
],
"licenses": [
{
"license": {
Expand Down Expand Up @@ -2701,6 +2698,12 @@
},
"cpe": "cpe:2.3:a:georg_brandl:pygments:2.17.2:*:*:*:*:*:*:*",
"description": "Pygments is a syntax highlighting package written in Python.",
"hashes": [
{
"alg": "SHA-1",
"content": "ee30ce132ae252bd72f3a74c86d9314a2214d0b4"
}
],
"licenses": [
{
"license": {
Expand Down Expand Up @@ -2822,7 +2825,7 @@
"type": "library",
"bom-ref": "63-xmlschema",
"name": "xmlschema",
"version": "3.0.0",
"version": "3.0.1",
"supplier": {
"name": "Davide Brunato",
"contact": [
Expand All @@ -2831,7 +2834,7 @@
}
]
},
"cpe": "cpe:2.3:a:davide_brunato:xmlschema:3.0.0:*:*:*:*:*:*:*",
"cpe": "cpe:2.3:a:davide_brunato:xmlschema:3.0.1:*:*:*:*:*:*:*",
"description": "An XML Schema validator and decoder",
"licenses": [
{
Expand All @@ -2843,12 +2846,12 @@
],
"externalReferences": [
{
"url": "https://pypi.org/project/xmlschema/3.0.0",
"url": "https://pypi.org/project/xmlschema/3.0.1",
"type": "distribution",
"comment": "Download location for component"
}
],
"purl": "pkg:pypi/[email protected].0",
"purl": "pkg:pypi/[email protected].1",
"properties": [
{
"name": "language",
Expand Down
41 changes: 21 additions & 20 deletions sbom/cve-bin-tool-py3.10.spdx
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,10 +2,10 @@ SPDXVersion: SPDX-2.3
DataLicense: CC0-1.0
SPDXID: SPDXRef-DOCUMENT
DocumentName: Python-cve-bin-tool
DocumentNamespace: http://spdx.org/spdxdocs/Python-cve-bin-tool-33aa23be-5a3e-4536-a2d5-a1135a9c2e46
DocumentNamespace: http://spdx.org/spdxdocs/Python-cve-bin-tool-23ce7aee-b65e-4e50-8505-e69ea92226c9
LicenseListVersion: 3.22
Creator: Tool: sbom4python-0.10.3
Created: 2024-01-09T17:39:00Z
Created: 2024-01-15T00:27:22Z
CreatorComment: <text>This document has been automatically generated.</text>
#####

Expand Down Expand Up @@ -497,6 +497,7 @@ PrimaryPackagePurpose: LIBRARY
PackageSupplier: Organization: The Python Cryptographic Authority and individual contributors ([email protected])
PackageDownloadLocation: https://pypi.org/project/cryptography/41.0.7
FilesAnalyzed: false
PackageChecksum: SHA1: 4054596afc6f2b6cfcc54f56c35c34e0e429cb66
PackageLicenseDeclared: Apache-2.0 OR BSD-3-Clause
PackageLicenseConcluded: Apache-2.0 OR BSD-3-Clause
PackageCopyrightText: NOASSERTION
Expand Down Expand Up @@ -573,18 +574,18 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:craig_citro:google-apitools:0.5.32:*:*

PackageName: google-auth
SPDXID: SPDXRef-Package-36-google-auth
PackageVersion: 2.26.1
PackageVersion: 2.26.2
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Organization: Google Cloud Platform ([email protected])
PackageDownloadLocation: https://pypi.org/project/google-auth/2.26.1
PackageDownloadLocation: https://pypi.org/project/google-auth/2.26.2
FilesAnalyzed: false
PackageLicenseDeclared: NOASSERTION
PackageLicenseConcluded: Apache-2.0
PackageLicenseComments: <text>google-auth declares Apache 2.0 which is not currently a valid SPDX License identifier or expression.</text>
PackageCopyrightText: NOASSERTION
PackageSummary: <text>Google Authentication Library</text>
ExternalRef: PACKAGE-MANAGER purl pkg:pypi/[email protected].1
ExternalRef: SECURITY cpe23Type cpe:2.3:a:google_cloud_platform:google-auth:2.26.1:*:*:*:*:*:*:*
ExternalRef: PACKAGE-MANAGER purl pkg:pypi/[email protected].2
ExternalRef: SECURITY cpe23Type cpe:2.3:a:google_cloud_platform:google-auth:2.26.2:*:*:*:*:*:*:*
#####

PackageName: cachetools
Expand Down Expand Up @@ -622,18 +623,16 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:ori_livneh:monotonic:1.6:*:*:*:*:*:*:*

PackageName: jinja2
SPDXID: SPDXRef-Package-39-jinja2
PackageVersion: 3.1.2
PackageVersion: 3.1.3
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Armin Ronacher ([email protected])
PackageDownloadLocation: https://pypi.org/project/Jinja2/3.1.2
PackageSupplier: NOASSERTION
PackageDownloadLocation: https://pypi.org/project/Jinja2/3.1.3
FilesAnalyzed: false
PackageChecksum: SHA1: b08cd4bc64bb980df86ed2876978ae5735572280
PackageLicenseDeclared: BSD-3-Clause
PackageLicenseConcluded: BSD-3-Clause
PackageCopyrightText: NOASSERTION
PackageSummary: <text>A very fast and expressive template engine.</text>
ExternalRef: PACKAGE-MANAGER purl pkg:pypi/[email protected]
ExternalRef: SECURITY cpe23Type cpe:2.3:a:armin_ronacher:jinja2:3.1.2:*:*:*:*:*:*:*
ExternalRef: PACKAGE-MANAGER purl pkg:pypi/[email protected]
#####

PackageName: markupsafe
Expand Down Expand Up @@ -700,17 +699,17 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:julian_berman:referencing:0.32.1:*:*:*

PackageName: rpds-py
SPDXID: SPDXRef-Package-44-rpds-py
PackageVersion: 0.16.2
PackageVersion: 0.17.1
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Julian Berman
PackageDownloadLocation: https://pypi.org/project/rpds-py/0.16.2
PackageDownloadLocation: https://pypi.org/project/rpds-py/0.17.1
FilesAnalyzed: false
PackageLicenseDeclared: MIT
PackageLicenseConcluded: MIT
PackageCopyrightText: NOASSERTION
PackageSummary: <text>Python bindings to Rust's persistent data structures (rpds)</text>
ExternalRef: PACKAGE-MANAGER purl pkg:pypi/rpds-py@0.16.2
ExternalRef: SECURITY cpe23Type cpe:2.3:a:julian_berman:rpds-py:0.16.2:*:*:*:*:*:*:*
ExternalRef: PACKAGE-MANAGER purl pkg:pypi/rpds-py@0.17.1
ExternalRef: SECURITY cpe23Type cpe:2.3:a:julian_berman:rpds-py:0.17.1:*:*:*:*:*:*:*
#####

PackageName: lib4sbom
Expand Down Expand Up @@ -768,6 +767,7 @@ PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: the purl authors
PackageDownloadLocation: https://pypi.org/project/packageurl-python/0.13.4
FilesAnalyzed: false
PackageChecksum: SHA1: f7f41b89a941278e8f76c0aad3a9409c6583eda8
PackageLicenseDeclared: MIT
PackageLicenseConcluded: MIT
PackageCopyrightText: NOASSERTION
Expand Down Expand Up @@ -959,6 +959,7 @@ PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Georg Brandl ([email protected])
PackageDownloadLocation: https://pypi.org/project/Pygments/2.17.2
FilesAnalyzed: false
PackageChecksum: SHA1: ee30ce132ae252bd72f3a74c86d9314a2214d0b4
PackageLicenseDeclared: BSD-2-Clause
PackageLicenseConcluded: BSD-2-Clause
PackageCopyrightText: NOASSERTION
Expand Down Expand Up @@ -1000,17 +1001,17 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:william_pearson:toml:0.10.2:*:*:*:*:*:

PackageName: xmlschema
SPDXID: SPDXRef-Package-63-xmlschema
PackageVersion: 3.0.0
PackageVersion: 3.0.1
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Davide Brunato ([email protected])
PackageDownloadLocation: https://pypi.org/project/xmlschema/3.0.0
PackageDownloadLocation: https://pypi.org/project/xmlschema/3.0.1
FilesAnalyzed: false
PackageLicenseDeclared: MIT
PackageLicenseConcluded: MIT
PackageCopyrightText: NOASSERTION
PackageSummary: <text>An XML Schema validator and decoder</text>
ExternalRef: PACKAGE-MANAGER purl pkg:pypi/[email protected].0
ExternalRef: SECURITY cpe23Type cpe:2.3:a:davide_brunato:xmlschema:3.0.0:*:*:*:*:*:*:*
ExternalRef: PACKAGE-MANAGER purl pkg:pypi/[email protected].1
ExternalRef: SECURITY cpe23Type cpe:2.3:a:davide_brunato:xmlschema:3.0.1:*:*:*:*:*:*:*
#####

PackageName: elementpath
Expand Down