“pkg:deb/ubuntu/
[email protected]?arch=amd64&distro=ubuntu-24.04&package- id=bfe0855a529838fa”, “dependsOn”: [ “pkg:deb/ubuntu/base-
[email protected]?arch=amd64&distro=ubuntu-24.04&package- id=628f5a2163cf1196”, “pkg:deb/ubuntu/
[email protected] 2ubuntu17.3?arch=amd64&distro=ubuntu-24.04&package- id=21d76c4fb81983b3&upstream=gnupg2”, “pkg:deb/ubuntu/libapt-
[email protected]?arch=amd64&distro=ubuntu-24.04&package- id=13d506459809d51e&upstream=apt”, ”, “pkg:deb/ubuntu/
[email protected] 0ubuntu8.5?arch=amd64&distro=ubuntu-24.04&package- id=7879568dca2ffae6&upstream=glibc .// ] },.// “relationships”: [ { "spdxElementId": "SPDXRef- pkg:deb/ubuntu/
[email protected]?arch=amd64¥u0026distro=ubuntu- 24.04¥u0026package-id=bfe0855a529838fa", "relatedSpdxElement": "SPDXRef-pkg:deb/ubuntu/base-
[email protected]?arch=amd64¥u0026distro=ubuntu- 24.04¥u0026package-id=628f5a2163cf1196", "relationshipType": "CONTAINS" }, { "spdxElementId": "SPDXRef- pkg:deb/ubuntu/
[email protected]?arch=amd64¥u0026distro=ubuntu- 24.04¥u0026package-id=bfe0855a529838fa", "relatedSpdxElement": "SPDXRef- pkg:deb/ubuntu/
[email protected] 2ubuntu17.3?arch=amd64¥u0026distro=ubuntu-24.04¥u0026package- id=21d76c4fb81983b3¥u0026upstream=gnupg2", "relationshipType": "CONTAINS" }, { "spdxElementId": "SPDXRef- pkg:deb/ubuntu/
[email protected]?arch=amd64¥u0026distro=ubuntu- 24.04¥u0026package-id=bfe0855a529838fa", "relatedSpdxElement": "SPDXRef-pkg:deb/ubuntu/libapt-
[email protected]?arch=amd64¥u0026distro=ubuntu-24.04¥u0026package- id=13d506459809d51e¥u0026upstream=apt", "relationshipType": "CONTAINS" }, { "spdxElementId": "SPDXRef- pkg:deb/ubuntu/
[email protected]?arch=amd64¥u0026distro=ubuntu- 24.04¥u0026package-id=bfe0855a529838fa", "relatedSpdxElement": "SPDXRef- pkg:deb/ubuntu/
[email protected] 0ubuntu8.5?arch=amd64¥u0026distro=ubuntu-24.04¥u0026package- id=7879568dca2ffae6¥u0026upstream=glibc", "relationshipType": "CONTAINS" },.// Input (CycloneDX) Output (SPDX) [凡例] 保持されている内容 失われている内容 置き換わっている内容 aptがbase-passwd, gpgv, libapt-pkg….に依存してい る syftで直接SPDXを出力すると、関 係が逆で “DEPENDENCY_OF”として出る