Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

chore: update SBOM for Python 3.8 #4428

Merged
merged 1 commit into from
Sep 9, 2024
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
58 changes: 26 additions & 32 deletions sbom/cve-bin-tool-py3.8.json
Original file line number Diff line number Diff line change
Expand Up @@ -2,10 +2,10 @@
"$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json",
"bomFormat": "CycloneDX",
"specVersion": "1.6",
"serialNumber": "urn:uuid:d87a674a-b387-4583-a4d4-bfed4fdfb862",
"serialNumber": "urn:uuid:9ac14f65-0f2b-4039-b303-d81b71799569",
"version": 1,
"metadata": {
"timestamp": "2024-09-02T00:36:17Z",
"timestamp": "2024-09-09T00:38:19Z",
"lifecycles": [
{
"phase": "build"
Expand All @@ -31,7 +31,7 @@
"type": "application",
"bom-ref": "1-cve-bin-tool",
"name": "cve-bin-tool",
"version": "3.4rc1",
"version": "3.4",
"supplier": {
"name": "Terri Oda",
"contact": [
Expand All @@ -40,7 +40,7 @@
}
]
},
"cpe": "cpe:2.3:a:terri_oda:cve-bin-tool:3.4rc1:*:*:*:*:*:*:*",
"cpe": "cpe:2.3:a:terri_oda:cve-bin-tool:3.4:*:*:*:*:*:*:*",
"description": "CVE Binary Checker Tool",
"licenses": [
{
Expand All @@ -53,12 +53,12 @@
],
"externalReferences": [
{
"url": "https://pypi.org/project/cve-bin-tool/3.4rc1",
"url": "https://pypi.org/project/cve-bin-tool/3.4",
"type": "distribution",
"comment": "Download location for component"
}
],
"purl": "pkg:pypi/cve-bin-tool@3.4rc1",
"purl": "pkg:pypi/cve-bin-tool@3.4",
"properties": [
{
"name": "language",
Expand Down Expand Up @@ -362,7 +362,7 @@
"type": "library",
"bom-ref": "9-yarl",
"name": "yarl",
"version": "1.9.7",
"version": "1.11.0",
"supplier": {
"name": "Andrew Svetlov",
"contact": [
Expand All @@ -371,7 +371,7 @@
}
]
},
"cpe": "cpe:2.3:a:andrew_svetlov:yarl:1.9.7:*:*:*:*:*:*:*",
"cpe": "cpe:2.3:a:andrew_svetlov:yarl:1.11.0:*:*:*:*:*:*:*",
"description": "Yet another URL library",
"licenses": [
{
Expand All @@ -384,12 +384,12 @@
],
"externalReferences": [
{
"url": "https://pypi.org/project/yarl/1.9.7",
"url": "https://pypi.org/project/yarl/1.11.0",
"type": "distribution",
"comment": "Download location for component"
}
],
"purl": "pkg:pypi/yarl@1.9.7",
"purl": "pkg:pypi/yarl@1.11.0",
"properties": [
{
"name": "language",
Expand Down Expand Up @@ -522,7 +522,7 @@
"type": "library",
"bom-ref": "13-cvss",
"name": "cvss",
"version": "3.1",
"version": "3.2",
"supplier": {
"name": "Stanislav Red Hat Product Security",
"contact": [
Expand All @@ -531,14 +531,8 @@
}
]
},
"cpe": "cpe:2.3:a:stanislav_red_hat_product_security:cvss:3.1:*:*:*:*:*:*:*",
"cpe": "cpe:2.3:a:stanislav_red_hat_product_security:cvss:3.2:*:*:*:*:*:*:*",
"description": "CVSS2/3/4 library with interactive calculator for Python 2 and Python 3",
"hashes": [
{
"alg": "SHA-1",
"content": "e4cf69bea6bcfa1cbc38dca13b9ec8bf3363a475"
}
],
"licenses": [
{
"license": {
Expand All @@ -550,12 +544,12 @@
],
"externalReferences": [
{
"url": "https://pypi.org/project/cvss/3.1",
"url": "https://pypi.org/project/cvss/3.2",
"type": "distribution",
"comment": "Download location for component"
}
],
"purl": "pkg:pypi/cvss@3.1",
"purl": "pkg:pypi/cvss@3.2",
"properties": [
{
"name": "language",
Expand Down Expand Up @@ -1580,7 +1574,7 @@
"type": "library",
"bom-ref": "36-cryptography",
"name": "cryptography",
"version": "43.0.0",
"version": "43.0.1",
"supplier": {
"name": "The cryptography developers The Python Cryptographic Authority and individual contributors",
"contact": [
Expand All @@ -1589,7 +1583,7 @@
}
]
},
"cpe": "cpe:2.3:a:the_cryptography_developers_the_python_cryptographic_authority_and_individual_contributors:cryptography:43.0.0:*:*:*:*:*:*:*",
"cpe": "cpe:2.3:a:the_cryptography_developers_the_python_cryptographic_authority_and_individual_contributors:cryptography:43.0.1:*:*:*:*:*:*:*",
"description": "cryptography is a package which provides cryptographic recipes and primitives to Python developers.",
"licenses": [
{
Expand All @@ -1598,12 +1592,12 @@
],
"externalReferences": [
{
"url": "https://pypi.org/project/cryptography/43.0.0",
"url": "https://pypi.org/project/cryptography/43.0.1",
"type": "distribution",
"comment": "Download location for component"
}
],
"purl": "pkg:pypi/cryptography@43.0.0",
"purl": "pkg:pypi/cryptography@43.0.1",
"properties": [
{
"name": "language",
Expand All @@ -1619,7 +1613,7 @@
"type": "library",
"bom-ref": "37-cffi",
"name": "cffi",
"version": "1.17.0",
"version": "1.17.1",
"supplier": {
"name": "Armin Maciej Fijalkowski",
"contact": [
Expand All @@ -1628,7 +1622,7 @@
}
]
},
"cpe": "cpe:2.3:a:armin_maciej_fijalkowski:cffi:1.17.0:*:*:*:*:*:*:*",
"cpe": "cpe:2.3:a:armin_maciej_fijalkowski:cffi:1.17.1:*:*:*:*:*:*:*",
"description": "Foreign Function Interface for Python calling C code.",
"licenses": [
{
Expand All @@ -1641,12 +1635,12 @@
],
"externalReferences": [
{
"url": "https://pypi.org/project/cffi/1.17.0",
"url": "https://pypi.org/project/cffi/1.17.1",
"type": "distribution",
"comment": "Download location for component"
}
],
"purl": "pkg:pypi/cffi@1.17.0",
"purl": "pkg:pypi/cffi@1.17.1",
"properties": [
{
"name": "language",
Expand Down Expand Up @@ -3090,7 +3084,7 @@
"type": "library",
"bom-ref": "72-setuptools",
"name": "setuptools",
"version": "74.0.0",
"version": "74.1.2",
"supplier": {
"name": "Python Packaging Authority",
"contact": [
Expand All @@ -3099,16 +3093,16 @@
}
]
},
"cpe": "cpe:2.3:a:python_packaging_authority:setuptools:74.0.0:*:*:*:*:*:*:*",
"cpe": "cpe:2.3:a:python_packaging_authority:setuptools:74.1.2:*:*:*:*:*:*:*",
"description": "Easily download, build, install, upgrade, and uninstall Python packages",
"externalReferences": [
{
"url": "https://pypi.org/project/setuptools/74.0.0",
"url": "https://pypi.org/project/setuptools/74.1.2",
"type": "distribution",
"comment": "Download location for component"
}
],
"purl": "pkg:pypi/setuptools@74.0.0",
"purl": "pkg:pypi/setuptools@74.1.2",
"properties": [
{
"name": "language",
Expand Down
53 changes: 26 additions & 27 deletions sbom/cve-bin-tool-py3.8.spdx
Original file line number Diff line number Diff line change
Expand Up @@ -2,26 +2,26 @@ SPDXVersion: SPDX-2.3
DataLicense: CC0-1.0
SPDXID: SPDXRef-DOCUMENT
DocumentName: Python-cve-bin-tool
DocumentNamespace: http://spdx.org/spdxdocs/Python-cve-bin-tool-36380a6d-1569-477d-a8b9-2881d984a8f1
DocumentNamespace: http://spdx.org/spdxdocs/Python-cve-bin-tool-d7cae49c-e580-434a-9e7a-c67ec6bf03a0
LicenseListVersion: 3.22
Creator: Tool: sbom4python-0.11.1
Created: 2024-09-02T00:34:50Z
Created: 2024-09-09T00:36:55Z
CreatorComment: <text>This document has been automatically generated.</text>
#####

PackageName: cve-bin-tool
SPDXID: SPDXRef-Package-1-cve-bin-tool
PackageVersion: 3.4rc1
PackageVersion: 3.4
PrimaryPackagePurpose: APPLICATION
PackageSupplier: Person: Terri Oda (terri.oda@intel.com)
PackageDownloadLocation: https://pypi.org/project/cve-bin-tool/3.4rc1
PackageDownloadLocation: https://pypi.org/project/cve-bin-tool/3.4
FilesAnalyzed: false
PackageLicenseDeclared: GPL-3.0-or-later
PackageLicenseConcluded: GPL-3.0-or-later
PackageCopyrightText: NOASSERTION
PackageSummary: <text>CVE Binary Checker Tool</text>
ExternalRef: PACKAGE_MANAGER purl pkg:pypi/cve-bin-tool@3.4rc1
ExternalRef: SECURITY cpe23Type cpe:2.3:a:terri_oda:cve-bin-tool:3.4rc1:*:*:*:*:*:*:*
ExternalRef: PACKAGE_MANAGER purl pkg:pypi/cve-bin-tool@3.4
ExternalRef: SECURITY cpe23Type cpe:2.3:a:terri_oda:cve-bin-tool:3.4:*:*:*:*:*:*:*
#####

PackageName: aiohttp
Expand Down Expand Up @@ -136,17 +136,17 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:andrew_svetlov:multidict:6.0.5:*:*:*:*

PackageName: yarl
SPDXID: SPDXRef-Package-9-yarl
PackageVersion: 1.9.7
PackageVersion: 1.11.0
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Andrew Svetlov (andrew.svetlov@gmail.com)
PackageDownloadLocation: https://pypi.org/project/yarl/1.9.7
PackageDownloadLocation: https://pypi.org/project/yarl/1.11.0
FilesAnalyzed: false
PackageLicenseDeclared: Apache-2.0
PackageLicenseConcluded: Apache-2.0
PackageCopyrightText: NOASSERTION
PackageSummary: <text>Yet another URL library</text>
ExternalRef: PACKAGE_MANAGER purl pkg:pypi/yarl@1.9.7
ExternalRef: SECURITY cpe23Type cpe:2.3:a:andrew_svetlov:yarl:1.9.7:*:*:*:*:*:*:*
ExternalRef: PACKAGE_MANAGER purl pkg:pypi/yarl@1.11.0
ExternalRef: SECURITY cpe23Type cpe:2.3:a:andrew_svetlov:yarl:1.11.0:*:*:*:*:*:*:*
#####

PackageName: idna
Expand Down Expand Up @@ -198,19 +198,18 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:isaac_muse:soupsieve:2.6:*:*:*:*:*:*:*

PackageName: cvss
SPDXID: SPDXRef-Package-13-cvss
PackageVersion: 3.1
PackageVersion: 3.2
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Organization: Stanislav Red Hat Product Security (skontar@redhat.com)
PackageDownloadLocation: https://pypi.org/project/cvss/3.1
PackageDownloadLocation: https://pypi.org/project/cvss/3.2
FilesAnalyzed: false
PackageChecksum: SHA1: e4cf69bea6bcfa1cbc38dca13b9ec8bf3363a475
PackageLicenseDeclared: NOASSERTION
PackageLicenseConcluded: LGPL-3.0-or-later
PackageLicenseComments: <text>cvss declares LGPLv3+ which is not currently a valid SPDX License identifier or expression.</text>
PackageCopyrightText: NOASSERTION
PackageSummary: <text>CVSS2/3/4 library with interactive calculator for Python 2 and Python 3</text>
ExternalRef: PACKAGE_MANAGER purl pkg:pypi/cvss@3.1
ExternalRef: SECURITY cpe23Type cpe:2.3:a:stanislav_red_hat_product_security:cvss:3.1:*:*:*:*:*:*:*
ExternalRef: PACKAGE_MANAGER purl pkg:pypi/cvss@3.2
ExternalRef: SECURITY cpe23Type cpe:2.3:a:stanislav_red_hat_product_security:cvss:3.2:*:*:*:*:*:*:*
#####

PackageName: defusedxml
Expand Down Expand Up @@ -570,32 +569,32 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:the_pyopenssl_developers:pyopenssl:24.

PackageName: cryptography
SPDXID: SPDXRef-Package-36-cryptography
PackageVersion: 43.0.0
PackageVersion: 43.0.1
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Organization: The cryptography developers The Python Cryptographic Authority and individual contributors (cryptography-dev@python.org)
PackageDownloadLocation: https://pypi.org/project/cryptography/43.0.0
PackageDownloadLocation: https://pypi.org/project/cryptography/43.0.1
FilesAnalyzed: false
PackageLicenseDeclared: Apache-2.0 OR BSD-3-Clause
PackageLicenseConcluded: Apache-2.0 OR BSD-3-Clause
PackageCopyrightText: NOASSERTION
PackageSummary: <text>cryptography is a package which provides cryptographic recipes and primitives to Python developers.</text>
ExternalRef: PACKAGE_MANAGER purl pkg:pypi/cryptography@43.0.0
ExternalRef: SECURITY cpe23Type cpe:2.3:a:the_cryptography_developers_the_python_cryptographic_authority_and_individual_contributors:cryptography:43.0.0:*:*:*:*:*:*:*
ExternalRef: PACKAGE_MANAGER purl pkg:pypi/cryptography@43.0.1
ExternalRef: SECURITY cpe23Type cpe:2.3:a:the_cryptography_developers_the_python_cryptographic_authority_and_individual_contributors:cryptography:43.0.1:*:*:*:*:*:*:*
#####

PackageName: cffi
SPDXID: SPDXRef-Package-37-cffi
PackageVersion: 1.17.0
PackageVersion: 1.17.1
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Organization: Armin Maciej Fijalkowski (python-cffi@googlegroups.com)
PackageDownloadLocation: https://pypi.org/project/cffi/1.17.0
PackageDownloadLocation: https://pypi.org/project/cffi/1.17.1
FilesAnalyzed: false
PackageLicenseDeclared: MIT
PackageLicenseConcluded: MIT
PackageCopyrightText: NOASSERTION
PackageSummary: <text>Foreign Function Interface for Python calling C code.</text>
ExternalRef: PACKAGE_MANAGER purl pkg:pypi/cffi@1.17.0
ExternalRef: SECURITY cpe23Type cpe:2.3:a:armin_maciej_fijalkowski:cffi:1.17.0:*:*:*:*:*:*:*
ExternalRef: PACKAGE_MANAGER purl pkg:pypi/cffi@1.17.1
ExternalRef: SECURITY cpe23Type cpe:2.3:a:armin_maciej_fijalkowski:cffi:1.17.1:*:*:*:*:*:*:*
#####

PackageName: pycparser
Expand Down Expand Up @@ -1131,17 +1130,17 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:sean_ross:rpmfile:2.1.0:*:*:*:*:*:*:*

PackageName: setuptools
SPDXID: SPDXRef-Package-72-setuptools
PackageVersion: 74.0.0
PackageVersion: 74.1.2
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Organization: Python Packaging Authority (distutils-sig@python.org)
PackageDownloadLocation: https://pypi.org/project/setuptools/74.0.0
PackageDownloadLocation: https://pypi.org/project/setuptools/74.1.2
FilesAnalyzed: false
PackageLicenseDeclared: NOASSERTION
PackageLicenseConcluded: NOASSERTION
PackageCopyrightText: NOASSERTION
PackageSummary: <text>Easily download, build, install, upgrade, and uninstall Python packages</text>
ExternalRef: PACKAGE_MANAGER purl pkg:pypi/setuptools@74.0.0
ExternalRef: SECURITY cpe23Type cpe:2.3:a:python_packaging_authority:setuptools:74.0.0:*:*:*:*:*:*:*
ExternalRef: PACKAGE_MANAGER purl pkg:pypi/setuptools@74.1.2
ExternalRef: SECURITY cpe23Type cpe:2.3:a:python_packaging_authority:setuptools:74.1.2:*:*:*:*:*:*:*
#####

PackageName: toml
Expand Down
Loading