Skip to content

Instantly share code, notes, and snippets.

@matglas

matglas/flat-pc-merge-sbom.cdx.json

Forked from viveksahu26/flat-pc-merge-sbom.cdx.json
Last active January 7, 2025 10:55
Show Gist options
  • Save matglas/97aa2dcd7a79b8f0af9bff79cee3f757 to your computer and use it in GitHub Desktop.
Save matglas/97aa2dcd7a79b8f0af9bff79cee3f757 to your computer and use it in GitHub Desktop.
Download ZIP
flat merge using primaryCompFile
Raw
flat-pc-merge-sbom.cdx.json
$ go run main.go assemble --flatMerge --primaryCompFile sbomex-cdx.json sbomgr-cdx.json -o flat-pc-merge-sbom.spdx.json
{
"$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json",
"bomFormat": "CycloneDX",
"specVersion": "1.6",
"serialNumber": "urn:uuid:1cef94a5-0ba6-411e-b8eb-c952dd34f85c",
"version": 1,
"metadata": {
"timestamp": "2025-01-07T09:03:33Z",
"tools": {
"components": [
{
"type": "application",
"supplier": {
"name": "Interlynk",
"url": [
"https://interlynk.io"
],
"contact": [
{
"email": "[email protected]"
}
]
},
"name": "sbomasm",
"version": "devel",
"description": "Assembler \u0026 Editor for your sboms",
"licenses": [
{
"license": {
"id": "Apache-2.0"
}
}
]
},
{
"type": "application",
"supplier": {
"name": "anchore"
},
"name": "syft",
"version": "0.78.0"
}
]
},
"component": {
"bom-ref": "lynk:34a4598c-8db9-4d8e-9e99-94abb8a63e35",
"type": "file",
"name": "sbomex",
"version": "v1.0.9"
},
"licenses": [
{
"license": {
"id": "CC-BY-1.0"
}
}
]
},
"components": [
{
"bom-ref": "lynk:5d5cb01d-9d9c-4ed8-a476-a9fc9ba445a4",
"type": "file",
"name": "sbomgr",
"version": "v2.1.9"
},
{
"bom-ref": "lynk:f3eca14f-4d08-46cb-aadf-2e9ca9774c1d",
"type": "library",
"name": "github.com/google/uuid",
"version": "v1.3.0",
"cpe": "cpe:2.3:a:google:uuid:v1.3.0:*:*:*:*:*:*:*",
"purl": "pkg:golang/github.com/google/[email protected]",
"properties": [
{
"name": "syft:package:foundBy",
"value": "go-module-binary-cataloger"
},
{
"name": "syft:package:language",
"value": "go"
},
{
"name": "syft:package:metadataType",
"value": "GolangBinMetadata"
},
{
"name": "syft:package:type",
"value": "go-module"
},
{
"name": "syft:location:0:path",
"value": "dist/sbomex-linux-amd64"
},
{
"name": "syft:metadata:architecture",
"value": "amd64"
},
{
"name": "syft:metadata:goCompiledVersion",
"value": "go1.20"
},
{
"name": "syft:metadata:h1Digest",
"value": "h1:t6JiXgmwXMjEs8VusXIJk2BXHsn+wx8BZdTaoZ5fu7I="
},
{
"name": "syft:metadata:mainModule",
"value": "github.com/interlynk-io/sbomex"
}
]
},
{
"bom-ref": "lynk:235f452a-a8a5-4b22-b9ab-ef4b3bf443f1",
"type": "library",
"name": "github.com/inconshreveable/mousetrap",
"version": "v1.1.0",
"cpe": "cpe:2.3:a:inconshreveable:mousetrap:v1.1.0:*:*:*:*:*:*:*",
"purl": "pkg:golang/github.com/inconshreveable/[email protected]",
"properties": [
{
"name": "syft:package:foundBy",
"value": "go-module-binary-cataloger"
},
{
"name": "syft:package:language",
"value": "go"
},
{
"name": "syft:package:metadataType",
"value": "GolangBinMetadata"
},
{
"name": "syft:package:type",
"value": "go-module"
},
{
"name": "syft:location:0:path",
"value": "dist/sbomex-windows-amd64.exe"
},
{
"name": "syft:metadata:architecture",
"value": "amd64"
},
{
"name": "syft:metadata:goCompiledVersion",
"value": "go1.20"
},
{
"name": "syft:metadata:h1Digest",
"value": "h1:wN+x4NVGpMsO7ErUn/mUI3vEoE6Jt13X2s0bqwp9tc8="
},
{
"name": "syft:metadata:mainModule",
"value": "github.com/interlynk-io/sbomex"
}
]
},
{
"bom-ref": "lynk:5c4efc28-3977-4146-ae0f-8e5dfc0cfe48",
"type": "library",
"name": "billiard",
"version": "3.6.0.0",
"cpe": "cpe:2.3:a:python-billiard:python-billiard:3.6.0.0:*:*:*:*:*:*:*",
"purl": "pkg:pypi/[email protected]",
"properties": [
{
"name": "syft:package:foundBy",
"value": "sbom-cataloger"
},
{
"name": "syft:package:language",
"value": "python"
},
{
"name": "syft:package:type",
"value": "python"
},
{
"name": "syft:cpe23",
"value": "cpe:2.3:a:python-billiard:python_billiard:3.6.0.0:*:*:*:*:*:*:*"
},
{
"name": "syft:cpe23",
"value": "cpe:2.3:a:python_billiard:python-billiard:3.6.0.0:*:*:*:*:*:*:*"
},
{
"name": "syft:cpe23",
"value": "cpe:2.3:a:python_billiard:python_billiard:3.6.0.0:*:*:*:*:*:*:*"
},
{
"name": "syft:cpe23",
"value": "cpe:2.3:a:billiard:python-billiard:3.6.0.0:*:*:*:*:*:*:*"
},
{
"name": "syft:cpe23",
"value": "cpe:2.3:a:billiard:python_billiard:3.6.0.0:*:*:*:*:*:*:*"
},
{
"name": "syft:cpe23",
"value": "cpe:2.3:a:python-billiard:billiard:3.6.0.0:*:*:*:*:*:*:*"
},
{
"name": "syft:cpe23",
"value": "cpe:2.3:a:python_billiard:billiard:3.6.0.0:*:*:*:*:*:*:*"
},
{
"name": "syft:cpe23",
"value": "cpe:2.3:a:python:python-billiard:3.6.0.0:*:*:*:*:*:*:*"
},
{
"name": "syft:cpe23",
"value": "cpe:2.3:a:python:python_billiard:3.6.0.0:*:*:*:*:*:*:*"
},
{
"name": "syft:cpe23",
"value": "cpe:2.3:a:billiard:billiard:3.6.0.0:*:*:*:*:*:*:*"
},
{
"name": "syft:cpe23",
"value": "cpe:2.3:a:python:billiard:3.6.0.0:*:*:*:*:*:*:*"
},
{
"name": "syft:location:0:path",
"value": "samples/trivy-trivy-ci-test.cdx.json"
}
]
},
{
"bom-ref": "lynk:e2ddd0f6-25cf-4dc5-b7c5-736a4b6a7bc2",
"type": "library",
"name": "botocore",
"version": "1.12.130",
"cpe": "cpe:2.3:a:python-botocore:python-botocore:1.12.130:*:*:*:*:*:*:*",
"purl": "pkg:pypi/[email protected]",
"properties": [
{
"name": "syft:package:foundBy",
"value": "sbom-cataloger"
},
{
"name": "syft:package:language",
"value": "python"
},
{
"name": "syft:package:type",
"value": "python"
},
{
"name": "syft:cpe23",
"value": "cpe:2.3:a:python-botocore:python_botocore:1.12.130:*:*:*:*:*:*:*"
},
{
"name": "syft:cpe23",
"value": "cpe:2.3:a:python_botocore:python-botocore:1.12.130:*:*:*:*:*:*:*"
},
{
"name": "syft:cpe23",
"value": "cpe:2.3:a:python_botocore:python_botocore:1.12.130:*:*:*:*:*:*:*"
},
{
"name": "syft:cpe23",
"value": "cpe:2.3:a:botocore:python-botocore:1.12.130:*:*:*:*:*:*:*"
},
{
"name": "syft:cpe23",
"value": "cpe:2.3:a:botocore:python_botocore:1.12.130:*:*:*:*:*:*:*"
},
{
"name": "syft:cpe23",
"value": "cpe:2.3:a:python-botocore:botocore:1.12.130:*:*:*:*:*:*:*"
},
{
"name": "syft:cpe23",
"value": "cpe:2.3:a:python_botocore:botocore:1.12.130:*:*:*:*:*:*:*"
},
{
"name": "syft:cpe23",
"value": "cpe:2.3:a:python:python-botocore:1.12.130:*:*:*:*:*:*:*"
},
{
"name": "syft:cpe23",
"value": "cpe:2.3:a:python:python_botocore:1.12.130:*:*:*:*:*:*:*"
},
{
"name": "syft:cpe23",
"value": "cpe:2.3:a:botocore:botocore:1.12.130:*:*:*:*:*:*:*"
},
{
"name": "syft:cpe23",
"value": "cpe:2.3:a:python:botocore:1.12.130:*:*:*:*:*:*:*"
},
{
"name": "syft:location:0:path",
"value": "samples/trivy-trivy-ci-test.cdx.json"
}
]
}
],
"dependencies": [
{
"ref": "lynk:34a4598c-8db9-4d8e-9e99-94abb8a63e35",
"dependsOn": [
"lynk:3bc58fe2-3f1b-4e9c-861d-25e49e96bbbe",
"lynk:5d5cb01d-9d9c-4ed8-a476-a9fc9ba445a4"
]
},
{
"ref": "lynk:5d5cb01d-9d9c-4ed8-a476-a9fc9ba445a4",
"dependsOn": [
"lynk:e2ddd0f6-25cf-4dc5-b7c5-736a4b6a7bc2",
"lynk:5c4efc28-3977-4146-ae0f-8e5dfc0cfe48"
]
}
]
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment