Skip to content

Commit

Permalink
chore: update SBOM for Python 3.10
Browse files Browse the repository at this point in the history
  • Loading branch information
@web-flow
web-flow authored May 8, 2023
1 parent 0ed6c2d commit 3ee5f20
Show file tree
Hide file tree
Showing 2 changed files with 54 additions and 68 deletions.
65 changes: 26 additions & 39 deletions sbom/cve-bin-tool-py3.10.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,10 +2,10 @@
"$schema": "http://cyclonedx.org/schema/bom-1.4.schema.json",
"bomFormat": "CycloneDX",
"specVersion": "1.4",
"serialNumber": "urn:uuid9b76c916-732e-4270-b318-b3184bd48654",
"serialNumber": "urn:uuid36cfedf5-2606-42b2-b435-8e20091fea86",
"version": 1,
"metadata": {
"timestamp": "2023-04-24T00:26:29Z",
"timestamp": "2023-05-08T01:28:26Z",
"tools": [
{
"name": "sbom4python",
Expand Down Expand Up @@ -309,7 +309,7 @@
"type": "library",
"bom-ref": "9-yarl",
"name": "yarl",
"version": "1.9.1",
"version": "1.9.2",
"supplier": {
"name": "Andrew Svetlov",
"contact": [
Expand All @@ -318,7 +318,7 @@
}
]
},
"cpe": "cpe:2.3:a:andrew_svetlov:yarl:1.9.1:*:*:*:*:*:*:*",
"cpe": "cpe:2.3:a:andrew_svetlov:yarl:1.9.2:*:*:*:*:*:*:*",
"description": "Yet another URL library",
"licenses": [
{
Expand All @@ -335,12 +335,12 @@
"comment": "Home page for project"
},
{
"url": "https://pypi.org/project/yarl/1.9.1",
"url": "https://pypi.org/project/yarl/1.9.2",
"type": "distribution",
"comment": "Download location for component"
}
],
"purl": "pkg:pypi/yarl@1.9.1"
"purl": "pkg:pypi/yarl@1.9.2"
},
{
"type": "library",
Expand Down Expand Up @@ -1877,7 +1877,7 @@
"type": "library",
"bom-ref": "50-requests",
"name": "requests",
"version": "2.28.2",
"version": "2.30.0",
"supplier": {
"name": "Kenneth Reitz",
"contact": [
Expand All @@ -1886,7 +1886,7 @@
}
]
},
"cpe": "cpe:2.3:a:kenneth_reitz:requests:2.28.2:*:*:*:*:*:*:*",
"cpe": "cpe:2.3:a:kenneth_reitz:requests:2.30.0:*:*:*:*:*:*:*",
"description": "Python HTTP for Humans.",
"licenses": [
{
Expand All @@ -1903,12 +1903,12 @@
"comment": "Home page for project"
},
{
"url": "https://pypi.org/project/requests/2.28.2",
"url": "https://pypi.org/project/requests/2.30.0",
"type": "distribution",
"comment": "Download location for component"
}
],
"purl": "pkg:pypi/requests@2.28.2",
"purl": "pkg:pypi/requests@2.30.0",
"properties": [
{
"name": "License Comments",
Expand All @@ -1920,7 +1920,7 @@
"type": "library",
"bom-ref": "51-certifi",
"name": "certifi",
"version": "2022.12.7",
"version": "2023.5.7",
"supplier": {
"name": "Kenneth Reitz",
"contact": [
Expand All @@ -1929,7 +1929,7 @@
}
]
},
"cpe": "cpe:2.3:a:kenneth_reitz:certifi:2022.12.7:*:*:*:*:*:*:*",
"cpe": "cpe:2.3:a:kenneth_reitz:certifi:2023.5.7:*:*:*:*:*:*:*",
"description": "Python package for providing Mozilla's CA Bundle.",
"licenses": [
{
Expand All @@ -1946,18 +1946,18 @@
"comment": "Home page for project"
},
{
"url": "https://pypi.org/project/certifi/2022.12.7",
"url": "https://pypi.org/project/certifi/2023.5.7",
"type": "distribution",
"comment": "Download location for component"
}
],
"purl": "pkg:pypi/certifi@2022.12.7"
"purl": "pkg:pypi/certifi@2023.5.7"
},
{
"type": "library",
"bom-ref": "52-urllib3",
"name": "urllib3",
"version": "1.26.15",
"version": "2.0.2",
"supplier": {
"name": "Andrey Petrov",
"contact": [
Expand All @@ -1966,35 +1966,22 @@
}
]
},
"cpe": "cpe:2.3:a:andrey_petrov:urllib3:1.26.15:*:*:*:*:*:*:*",
"cpe": "cpe:2.3:a:andrey_petrov:urllib3:2.0.2:*:*:*:*:*:*:*",
"description": "HTTP library with thread-safe connection pooling, file post, and more.",
"licenses": [
{
"license": {
"id": "MIT",
"url": "https://opensource.org/licenses/MIT"
}
}
],
"externalReferences": [
{
"url": "https://urllib3.readthedocs.io/",
"type": "website",
"comment": "Home page for project"
},
{
"url": "https://pypi.org/project/urllib3/1.26.15",
"url": "https://pypi.org/project/urllib3/2.0.2",
"type": "distribution",
"comment": "Download location for component"
}
],
"purl": "pkg:pypi/urllib3@1.26.15"
"purl": "pkg:pypi/urllib3@2.0.2"
},
{
"type": "library",
"bom-ref": "53-rich",
"name": "rich",
"version": "13.3.4",
"version": "13.3.5",
"supplier": {
"name": "Will McGugan",
"contact": [
Expand All @@ -2003,7 +1990,7 @@
}
]
},
"cpe": "cpe:2.3:a:will_mcgugan:rich:13.3.4:*:*:*:*:*:*:*",
"cpe": "cpe:2.3:a:will_mcgugan:rich:13.3.5:*:*:*:*:*:*:*",
"description": "Render rich text, tables, progress bars, syntax highlighting, markdown and more to the terminal",
"licenses": [
{
Expand All @@ -2020,12 +2007,12 @@
"comment": "Home page for project"
},
{
"url": "https://pypi.org/project/rich/13.3.4",
"url": "https://pypi.org/project/rich/13.3.5",
"type": "distribution",
"comment": "Download location for component"
}
],
"purl": "pkg:pypi/rich@13.3.4"
"purl": "pkg:pypi/rich@13.3.5"
},
{
"type": "library",
Expand Down Expand Up @@ -2222,7 +2209,7 @@
"type": "library",
"bom-ref": "60-elementpath",
"name": "elementpath",
"version": "4.1.1",
"version": "4.1.2",
"supplier": {
"name": "Davide Brunato",
"contact": [
Expand All @@ -2231,7 +2218,7 @@
}
]
},
"cpe": "cpe:2.3:a:davide_brunato:elementpath:4.1.1:*:*:*:*:*:*:*",
"cpe": "cpe:2.3:a:davide_brunato:elementpath:4.1.2:*:*:*:*:*:*:*",
"description": "XPath 1.0/2.0/3.0/3.1 parsers and selectors for ElementTree and lxml",
"licenses": [
{
Expand All @@ -2248,12 +2235,12 @@
"comment": "Home page for project"
},
{
"url": "https://pypi.org/project/elementpath/4.1.1",
"url": "https://pypi.org/project/elementpath/4.1.2",
"type": "distribution",
"comment": "Download location for component"
}
],
"purl": "pkg:pypi/elementpath@4.1.1"
"purl": "pkg:pypi/elementpath@4.1.2"
},
{
"type": "library",
Expand Down
57 changes: 28 additions & 29 deletions sbom/cve-bin-tool-py3.10.spdx
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,10 +2,10 @@ SPDXVersion: SPDX-2.3
DataLicense: CC0-1.0
SPDXID: SPDXRef-DOCUMENT
DocumentName: Python-cve-bin-tool
DocumentNamespace: http://spdx.org/spdxdocs/Python-cve-bin-tool-39a8443b-80ea-4d11-b1fe-547b534a2d42
DocumentNamespace: http://spdx.org/spdxdocs/Python-cve-bin-tool-cc9f292a-a7da-4474-bbdb-a9032d2ff475
LicenseListVersion: 3.20
Creator: Tool: sbom4python-0.9.1
Created: 2023-04-24T00:25:19Z
Created: 2023-05-08T01:27:18Z
CreatorComment: <text>This document has been automatically generated.</text>
#####

Expand Down Expand Up @@ -140,18 +140,18 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:andrew_svetlov:multidict:6.0.4:*:*:*:*

PackageName: yarl
SPDXID: SPDXRef-Package-9-yarl
PackageVersion: 1.9.1
PackageVersion: 1.9.2
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Andrew Svetlov (andrew.svetlov@gmail.com)
PackageDownloadLocation: https://pypi.org/project/yarl/1.9.1
PackageDownloadLocation: https://pypi.org/project/yarl/1.9.2
FilesAnalyzed: false
PackageHomePage: https://github.com/aio-libs/yarl/
PackageLicenseDeclared: Apache-2.0
PackageLicenseConcluded: Apache-2.0
PackageCopyrightText: NOASSERTION
PackageSummary: <text>Yet another URL library</text>
ExternalRef: PACKAGE-MANAGER purl pkg:pypi/yarl@1.9.1
ExternalRef: SECURITY cpe23Type cpe:2.3:a:andrew_svetlov:yarl:1.9.1:*:*:*:*:*:*:*
ExternalRef: PACKAGE-MANAGER purl pkg:pypi/yarl@1.9.2
ExternalRef: SECURITY cpe23Type cpe:2.3:a:andrew_svetlov:yarl:1.9.2:*:*:*:*:*:*:*
#####

PackageName: idna
Expand Down Expand Up @@ -811,67 +811,66 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:julien_danjou:tenacity:8.2.2:*:*:*:*:*

PackageName: requests
SPDXID: SPDXRef-Package-50-requests
PackageVersion: 2.28.2
PackageVersion: 2.30.0
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Kenneth Reitz (me@kennethreitz.org)
PackageDownloadLocation: https://pypi.org/project/requests/2.28.2
PackageDownloadLocation: https://pypi.org/project/requests/2.30.0
FilesAnalyzed: false
PackageHomePage: https://requests.readthedocs.io
PackageLicenseDeclared: NOASSERTION
PackageLicenseConcluded: Apache-2.0
PackageLicenseComments: <text>requests declares Apache 2.0 which is not currently a valid SPDX License identifier or expression.</text>
PackageCopyrightText: NOASSERTION
PackageSummary: <text>Python HTTP for Humans.</text>
ExternalRef: PACKAGE-MANAGER purl pkg:pypi/requests@2.28.2
ExternalRef: SECURITY cpe23Type cpe:2.3:a:kenneth_reitz:requests:2.28.2:*:*:*:*:*:*:*
ExternalRef: PACKAGE-MANAGER purl pkg:pypi/requests@2.30.0
ExternalRef: SECURITY cpe23Type cpe:2.3:a:kenneth_reitz:requests:2.30.0:*:*:*:*:*:*:*
#####

PackageName: certifi
SPDXID: SPDXRef-Package-51-certifi
PackageVersion: 2022.12.7
PackageVersion: 2023.5.7
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Kenneth Reitz (me@kennethreitz.com)
PackageDownloadLocation: https://pypi.org/project/certifi/2022.12.7
PackageDownloadLocation: https://pypi.org/project/certifi/2023.5.7
FilesAnalyzed: false
PackageHomePage: https://github.com/certifi/python-certifi
PackageLicenseDeclared: MPL-2.0
PackageLicenseConcluded: MPL-2.0
PackageCopyrightText: NOASSERTION
PackageSummary: <text>Python package for providing Mozilla's CA Bundle.</text>
ExternalRef: PACKAGE-MANAGER purl pkg:pypi/certifi@2022.12.7
ExternalRef: SECURITY cpe23Type cpe:2.3:a:kenneth_reitz:certifi:2022.12.7:*:*:*:*:*:*:*
ExternalRef: PACKAGE-MANAGER purl pkg:pypi/certifi@2023.5.7
ExternalRef: SECURITY cpe23Type cpe:2.3:a:kenneth_reitz:certifi:2023.5.7:*:*:*:*:*:*:*
#####

PackageName: urllib3
SPDXID: SPDXRef-Package-52-urllib3
PackageVersion: 1.26.15
PackageVersion: 2.0.2
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Andrey Petrov (andrey.petrov@shazow.net)
PackageDownloadLocation: https://pypi.org/project/urllib3/1.26.15
PackageDownloadLocation: https://pypi.org/project/urllib3/2.0.2
FilesAnalyzed: false
PackageHomePage: https://urllib3.readthedocs.io/
PackageLicenseDeclared: MIT
PackageLicenseConcluded: MIT
PackageLicenseDeclared: NOASSERTION
PackageLicenseConcluded: NOASSERTION
PackageCopyrightText: NOASSERTION
PackageSummary: <text>HTTP library with thread-safe connection pooling, file post, and more.</text>
ExternalRef: PACKAGE-MANAGER purl pkg:pypi/urllib3@1.26.15
ExternalRef: SECURITY cpe23Type cpe:2.3:a:andrey_petrov:urllib3:1.26.15:*:*:*:*:*:*:*
ExternalRef: PACKAGE-MANAGER purl pkg:pypi/urllib3@2.0.2
ExternalRef: SECURITY cpe23Type cpe:2.3:a:andrey_petrov:urllib3:2.0.2:*:*:*:*:*:*:*
#####

PackageName: rich
SPDXID: SPDXRef-Package-53-rich
PackageVersion: 13.3.4
PackageVersion: 13.3.5
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Will McGugan (willmcgugan@gmail.com)
PackageDownloadLocation: https://pypi.org/project/rich/13.3.4
PackageDownloadLocation: https://pypi.org/project/rich/13.3.5
FilesAnalyzed: false
PackageHomePage: https://github.com/Textualize/rich
PackageLicenseDeclared: MIT
PackageLicenseConcluded: MIT
PackageCopyrightText: NOASSERTION
PackageSummary: <text>Render rich text, tables, progress bars, syntax highlighting, markdown and more to the terminal</text>
ExternalRef: PACKAGE-MANAGER purl pkg:pypi/rich@13.3.4
ExternalRef: SECURITY cpe23Type cpe:2.3:a:will_mcgugan:rich:13.3.4:*:*:*:*:*:*:*
ExternalRef: PACKAGE-MANAGER purl pkg:pypi/rich@13.3.5
ExternalRef: SECURITY cpe23Type cpe:2.3:a:will_mcgugan:rich:13.3.5:*:*:*:*:*:*:*
#####

PackageName: markdown-it-py
Expand Down Expand Up @@ -969,18 +968,18 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:davide_brunato:xmlschema:2.2.3:*:*:*:*

PackageName: elementpath
SPDXID: SPDXRef-Package-60-elementpath
PackageVersion: 4.1.1
PackageVersion: 4.1.2
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Davide Brunato (brunato@sissa.it)
PackageDownloadLocation: https://pypi.org/project/elementpath/4.1.1
PackageDownloadLocation: https://pypi.org/project/elementpath/4.1.2
FilesAnalyzed: false
PackageHomePage: https://github.com/sissaschool/elementpath
PackageLicenseDeclared: MIT
PackageLicenseConcluded: MIT
PackageCopyrightText: NOASSERTION
PackageSummary: <text>XPath 1.0/2.0/3.0/3.1 parsers and selectors for ElementTree and lxml</text>
ExternalRef: PACKAGE-MANAGER purl pkg:pypi/elementpath@4.1.1
ExternalRef: SECURITY cpe23Type cpe:2.3:a:davide_brunato:elementpath:4.1.1:*:*:*:*:*:*:*
ExternalRef: PACKAGE-MANAGER purl pkg:pypi/elementpath@4.1.2
ExternalRef: SECURITY cpe23Type cpe:2.3:a:davide_brunato:elementpath:4.1.2:*:*:*:*:*:*:*
#####

PackageName: zstandard
Expand Down

0 comments on commit 3ee5f20

Please sign in to comment.