Skip to content

chore: update SBOM for Python 3.12 #4094

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 1 commit into from
Apr 29, 2024
Merged

chore: update SBOM for Python 3.12 #4094

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
56 changes: 40 additions & 16 deletions sbom/cve-bin-tool-py3.12.json
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,11 +1,11 @@
{
"$schema": "http://cyclonedx.org/schema/bom-1.5.schema.json",
"$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json",
"bomFormat": "CycloneDX",
"specVersion": "1.5",
"serialNumber": "urn:uuid:0acfe7bf-745e-4b5d-b8fe-4730e94a4f6d",
"specVersion": "1.6",
"serialNumber": "urn:uuid:6cea83d8-e0e4-409a-9626-7141d6bb5e04",
"version": 1,
"metadata": {
"timestamp": "2024-04-22T00:27:41Z",
"timestamp": "2024-04-29T00:26:56Z",
"tools": {
"components": [
{
Expand Down Expand Up @@ -313,6 +313,12 @@
},
"cpe": "cpe:2.3:a:kim_davies:idna:3.7:*:*:*:*:*:*:*",
"description": "Internationalized Domain Names in Applications (IDNA)",
"hashes": [
{
"alg": "SHA-1",
"content": "1d365e17e10d72d0b7876316fc7b9ca0eebdd38d"
}
],
"externalReferences": [
{
"url": "https://pypi.org/project/idna/3.7",
Expand Down Expand Up @@ -651,6 +657,12 @@
},
"cpe": "cpe:2.3:a:andrey_kislyuk:argcomplete:3.3.0:*:*:*:*:*:*:*",
"description": "Bash tab completion for argparse",
"hashes": [
{
"alg": "SHA-1",
"content": "c7cc834df1fddcf94bd35b740fef7c7ab8e9c350"
}
],
"licenses": [
{
"license": {
Expand Down Expand Up @@ -1328,6 +1340,12 @@
},
"cpe": "cpe:2.3:a:the_python_cryptographic_authority_and_individual_contributors:cryptography:42.0.5:*:*:*:*:*:*:*",
"description": "cryptography is a package which provides cryptographic recipes and primitives to Python developers.",
"hashes": [
{
"alg": "SHA-1",
"content": "33833f031d9d36234e11d9671be150d53b9e598d"
}
],
"licenses": [
{
"expression": "Apache-2.0 OR BSD-3-Clause"
Expand Down Expand Up @@ -1415,6 +1433,12 @@
},
"cpe": "cpe:2.3:a:eli_bendersky:pycparser:2.22:*:*:*:*:*:*:*",
"description": "C parser in Python",
"hashes": [
{
"alg": "SHA-1",
"content": "129d32ef805d715d90a3b2035b13168c17ca63d2"
}
],
"licenses": [
{
"license": {
Expand Down Expand Up @@ -1832,20 +1856,20 @@
"type": "library",
"bom-ref": "43-referencing",
"name": "referencing",
"version": "0.34.0",
"version": "0.35.0",
"supplier": {
"name": "Julian Berman"
},
"cpe": "cpe:2.3:a:julian_berman:referencing:0.34.0:*:*:*:*:*:*:*",
"cpe": "cpe:2.3:a:julian_berman:referencing:0.35.0:*:*:*:*:*:*:*",
"description": "JSON Referencing + Python",
"externalReferences": [
{
"url": "https://pypi.org/project/referencing/0.34.0",
"url": "https://pypi.org/project/referencing/0.35.0",
"type": "distribution",
"comment": "Download location for component"
}
],
"purl": "pkg:pypi/referencing@0.34.0",
"purl": "pkg:pypi/referencing@0.35.0",
"properties": [
{
"name": "language",
Expand Down Expand Up @@ -1898,7 +1922,7 @@
"type": "library",
"bom-ref": "45-lib4sbom",
"name": "lib4sbom",
"version": "0.7.0",
"version": "0.7.1",
"supplier": {
"name": "Anthony Harrison",
"contact": [
Expand All @@ -1907,7 +1931,7 @@
}
]
},
"cpe": "cpe:2.3:a:anthony_harrison:lib4sbom:0.7.0:*:*:*:*:*:*:*",
"cpe": "cpe:2.3:a:anthony_harrison:lib4sbom:0.7.1:*:*:*:*:*:*:*",
"description": "Software Bill of Material (SBOM) generator and consumer library",
"licenses": [
{
Expand All @@ -1919,12 +1943,12 @@
],
"externalReferences": [
{
"url": "https://pypi.org/project/lib4sbom/0.7.0",
"url": "https://pypi.org/project/lib4sbom/0.7.1",
"type": "distribution",
"comment": "Download location for component"
}
],
"purl": "pkg:pypi/[email protected].0",
"purl": "pkg:pypi/[email protected].1",
"properties": [
{
"name": "language",
Expand Down Expand Up @@ -2635,7 +2659,7 @@
"type": "library",
"bom-ref": "62-xmlschema",
"name": "xmlschema",
"version": "3.3.0",
"version": "3.3.1",
"supplier": {
"name": "Davide Brunato",
"contact": [
Expand All @@ -2644,7 +2668,7 @@
}
]
},
"cpe": "cpe:2.3:a:davide_brunato:xmlschema:3.3.0:*:*:*:*:*:*:*",
"cpe": "cpe:2.3:a:davide_brunato:xmlschema:3.3.1:*:*:*:*:*:*:*",
"description": "An XML Schema validator and decoder",
"licenses": [
{
Expand All @@ -2656,12 +2680,12 @@
],
"externalReferences": [
{
"url": "https://pypi.org/project/xmlschema/3.3.0",
"url": "https://pypi.org/project/xmlschema/3.3.1",
"type": "distribution",
"comment": "Download location for component"
}
],
"purl": "pkg:pypi/[email protected].0",
"purl": "pkg:pypi/[email protected].1",
"properties": [
{
"name": "language",
Expand Down
32 changes: 18 additions & 14 deletions sbom/cve-bin-tool-py3.12.spdx
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,10 +2,10 @@ SPDXVersion: SPDX-2.3
DataLicense: CC0-1.0
SPDXID: SPDXRef-DOCUMENT
DocumentName: Python-cve-bin-tool
DocumentNamespace: http://spdx.org/spdxdocs/Python-cve-bin-tool-aaa91dd7-47bb-4ce8-b80c-b04e18631b28
DocumentNamespace: http://spdx.org/spdxdocs/Python-cve-bin-tool-0f3c0601-aa4c-44f2-9ea1-8d4b70b94f9a
LicenseListVersion: 3.22
Creator: Tool: sbom4python-0.10.4
Created: 2024-04-22T00:26:28Z
Created: 2024-04-29T00:25:47Z
CreatorComment: <text>This document has been automatically generated.</text>
#####

Expand Down Expand Up @@ -124,6 +124,7 @@ PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Kim Davies ([email protected])
PackageDownloadLocation: https://pypi.org/project/idna/3.7
FilesAnalyzed: false
PackageChecksum: SHA1: 1d365e17e10d72d0b7876316fc7b9ca0eebdd38d
PackageLicenseDeclared: NOASSERTION
PackageLicenseConcluded: NOASSERTION
PackageCopyrightText: NOASSERTION
Expand Down Expand Up @@ -252,6 +253,7 @@ PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Andrey Kislyuk ([email protected])
PackageDownloadLocation: https://pypi.org/project/argcomplete/3.3.0
FilesAnalyzed: false
PackageChecksum: SHA1: c7cc834df1fddcf94bd35b740fef7c7ab8e9c350
PackageLicenseDeclared: NOASSERTION
PackageLicenseConcluded: Apache-2.0
PackageLicenseComments: <text>argcomplete declares Apache Software License which is not currently a valid SPDX License identifier or expression.</text>
Expand Down Expand Up @@ -495,6 +497,7 @@ PrimaryPackagePurpose: LIBRARY
PackageSupplier: Organization: The Python Cryptographic Authority and individual contributors ([email protected])
PackageDownloadLocation: https://pypi.org/project/cryptography/42.0.5
FilesAnalyzed: false
PackageChecksum: SHA1: 33833f031d9d36234e11d9671be150d53b9e598d
PackageLicenseDeclared: Apache-2.0 OR BSD-3-Clause
PackageLicenseConcluded: Apache-2.0 OR BSD-3-Clause
PackageCopyrightText: NOASSERTION
Expand Down Expand Up @@ -526,6 +529,7 @@ PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Eli Bendersky ([email protected])
PackageDownloadLocation: https://pypi.org/project/pycparser/2.22
FilesAnalyzed: false
PackageChecksum: SHA1: 129d32ef805d715d90a3b2035b13168c17ca63d2
PackageLicenseDeclared: BSD-3-Clause
PackageLicenseConcluded: BSD-3-Clause
PackageCopyrightText: NOASSERTION
Expand Down Expand Up @@ -678,17 +682,17 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:julian_berman:jsonschema-specification

PackageName: referencing
SPDXID: SPDXRef-Package-43-referencing
PackageVersion: 0.34.0
PackageVersion: 0.35.0
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Julian Berman
PackageDownloadLocation: https://pypi.org/project/referencing/0.34.0
PackageDownloadLocation: https://pypi.org/project/referencing/0.35.0
FilesAnalyzed: false
PackageLicenseDeclared: NOASSERTION
PackageLicenseConcluded: NOASSERTION
PackageCopyrightText: NOASSERTION
PackageSummary: <text>JSON Referencing + Python</text>
ExternalRef: PACKAGE_MANAGER purl pkg:pypi/referencing@0.34.0
ExternalRef: SECURITY cpe23Type cpe:2.3:a:julian_berman:referencing:0.34.0:*:*:*:*:*:*:*
ExternalRef: PACKAGE_MANAGER purl pkg:pypi/referencing@0.35.0
ExternalRef: SECURITY cpe23Type cpe:2.3:a:julian_berman:referencing:0.35.0:*:*:*:*:*:*:*
#####

PackageName: rpds-py
Expand All @@ -708,17 +712,17 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:julian_berman:rpds-py:0.18.0:*:*:*:*:*

PackageName: lib4sbom
SPDXID: SPDXRef-Package-45-lib4sbom
PackageVersion: 0.7.0
PackageVersion: 0.7.1
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Anthony Harrison ([email protected])
PackageDownloadLocation: https://pypi.org/project/lib4sbom/0.7.0
PackageDownloadLocation: https://pypi.org/project/lib4sbom/0.7.1
FilesAnalyzed: false
PackageLicenseDeclared: Apache-2.0
PackageLicenseConcluded: Apache-2.0
PackageCopyrightText: NOASSERTION
PackageSummary: <text>Software Bill of Material (SBOM) generator and consumer library</text>
ExternalRef: PACKAGE_MANAGER purl pkg:pypi/[email protected].0
ExternalRef: SECURITY cpe23Type cpe:2.3:a:anthony_harrison:lib4sbom:0.7.0:*:*:*:*:*:*:*
ExternalRef: PACKAGE_MANAGER purl pkg:pypi/[email protected].1
ExternalRef: SECURITY cpe23Type cpe:2.3:a:anthony_harrison:lib4sbom:0.7.1:*:*:*:*:*:*:*
#####

PackageName: pyyaml
Expand Down Expand Up @@ -977,17 +981,17 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:sean_ross:rpmfile:2.0.0:*:*:*:*:*:*:*

PackageName: xmlschema
SPDXID: SPDXRef-Package-62-xmlschema
PackageVersion: 3.3.0
PackageVersion: 3.3.1
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Davide Brunato ([email protected])
PackageDownloadLocation: https://pypi.org/project/xmlschema/3.3.0
PackageDownloadLocation: https://pypi.org/project/xmlschema/3.3.1
FilesAnalyzed: false
PackageLicenseDeclared: MIT
PackageLicenseConcluded: MIT
PackageCopyrightText: NOASSERTION
PackageSummary: <text>An XML Schema validator and decoder</text>
ExternalRef: PACKAGE_MANAGER purl pkg:pypi/[email protected].0
ExternalRef: SECURITY cpe23Type cpe:2.3:a:davide_brunato:xmlschema:3.3.0:*:*:*:*:*:*:*
ExternalRef: PACKAGE_MANAGER purl pkg:pypi/[email protected].1
ExternalRef: SECURITY cpe23Type cpe:2.3:a:davide_brunato:xmlschema:3.3.1:*:*:*:*:*:*:*
#####

PackageName: elementpath
Expand Down