spdx-json形式SBOMの例(肝心な箇所を抜粋)
{
"SPDXID": "SPDXRef-DOCUMENT",
"creationInfo": {
"created": "2023-08-29T17:15:48Z",
"creators": [
"Organization: AlmaLinux OS Foundation (
[email protected])",
"Tool: AlmaLinux Build System 0.1",
"Tool: alma-sbom 0.0.1",
"Tool: Community Attestation Service (CAS) 1.0.3",
"Tool: spdx-tools 0.8"
]
"dataLicense": "CC0-1.0",
"name": "kernel-5.14.0-284.25.1.el9_2",
"spdxVersion": "SPDX-2.3",
"documentNamespace": "https://security.almalinux.org/spdx-kernel-5.14.0-284.25.1.el9_2-92899c49-a9f4-4e23-a7e9-88aecef29281",
"packages": [
{
"SPDXID": "SPDXRef-0",
"annotations": [
{
"annotationDate": "2023-08-29T17:15:48Z",
"annotationType": "OTHER",
"annotator": "Tool: alma-sbom 0.0.1",
"comment": "almalinux:albs:build:source:gitURL=https://git.almalinux.org/rpms/kernel.git"
}, {
"annotationDate": "2023-08-29T17:15:48Z",
"annotationType": "OTHER",
"annotator": "Tool: alma-sbom 0.0.1",
"comment": "almalinux:albs:build:source:gitCommit=51d9463cdf02fe04bad689227cbf102e07318fd2"
}
],
"externalRefs": [
{
"referenceCategory": "SECURITY",
"referenceLocator": "cpe:2.3:a:almalinux:kernel:5.14.0-284.25.1.el9_2:*:*:*:*:*:*:*",
"referenceType": "cpe23Type"
}
],
"name": "kernel",
"supplier": "Organization: AlmaLinux OS Foundation (
[email protected])",
"versionInfo": "5.14.0-284.25.1.el9_2"
}
]
}