Created
January 7, 2025 09:05
-
-
Save viveksahu26/51ea4129f216ba6a7726a90ee92cfaf8 to your computer and use it in GitHub Desktop.
flat merge using primaryCompFile
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| $ go run main.go assemble --flatMerge --primaryCompFile sbomex-cdx.json sbomgr-cdx.json -o flat-pc-merge-sbom.spdx.json | |
| { | |
| "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", | |
| "bomFormat": "CycloneDX", | |
| "specVersion": "1.6", | |
| "serialNumber": "urn:uuid:1cef94a5-0ba6-411e-b8eb-c952dd34f85c", | |
| "version": 1, | |
| "metadata": { | |
| "timestamp": "2025-01-07T09:03:33Z", | |
| "tools": { | |
| "components": [ | |
| { | |
| "type": "application", | |
| "supplier": { | |
| "name": "Interlynk", | |
| "url": [ | |
| "https://interlynk.io" | |
| ], | |
| "contact": [ | |
| { | |
| "email": "[email protected]" | |
| } | |
| ] | |
| }, | |
| "name": "sbomasm", | |
| "version": "devel", | |
| "description": "Assembler \u0026 Editor for your sboms", | |
| "licenses": [ | |
| { | |
| "license": { | |
| "id": "Apache-2.0" | |
| } | |
| } | |
| ] | |
| }, | |
| { | |
| "type": "application", | |
| "supplier": { | |
| "name": "anchore" | |
| }, | |
| "name": "syft", | |
| "version": "0.78.0" | |
| } | |
| ] | |
| }, | |
| "component": { | |
| "bom-ref": "lynk:34a4598c-8db9-4d8e-9e99-94abb8a63e35", | |
| "type": "file", | |
| "name": "sbomex", | |
| "version": "v1.0.9" | |
| }, | |
| "licenses": [ | |
| { | |
| "license": { | |
| "id": "CC-BY-1.0" | |
| } | |
| } | |
| ] | |
| }, | |
| "components": [ | |
| { | |
| "bom-ref": "lynk:5d5cb01d-9d9c-4ed8-a476-a9fc9ba445a4", | |
| "type": "file", | |
| "name": "sbomgr", | |
| "version": "v2.1.9" | |
| }, | |
| { | |
| "bom-ref": "lynk:f3eca14f-4d08-46cb-aadf-2e9ca9774c1d", | |
| "type": "library", | |
| "name": "github.com/google/uuid", | |
| "version": "v1.3.0", | |
| "cpe": "cpe:2.3:a:google:uuid:v1.3.0:*:*:*:*:*:*:*", | |
| "purl": "pkg:golang/github.com/google/[email protected]", | |
| "properties": [ | |
| { | |
| "name": "syft:package:foundBy", | |
| "value": "go-module-binary-cataloger" | |
| }, | |
| { | |
| "name": "syft:package:language", | |
| "value": "go" | |
| }, | |
| { | |
| "name": "syft:package:metadataType", | |
| "value": "GolangBinMetadata" | |
| }, | |
| { | |
| "name": "syft:package:type", | |
| "value": "go-module" | |
| }, | |
| { | |
| "name": "syft:location:0:path", | |
| "value": "dist/sbomex-linux-amd64" | |
| }, | |
| { | |
| "name": "syft:metadata:architecture", | |
| "value": "amd64" | |
| }, | |
| { | |
| "name": "syft:metadata:goCompiledVersion", | |
| "value": "go1.20" | |
| }, | |
| { | |
| "name": "syft:metadata:h1Digest", | |
| "value": "h1:t6JiXgmwXMjEs8VusXIJk2BXHsn+wx8BZdTaoZ5fu7I=" | |
| }, | |
| { | |
| "name": "syft:metadata:mainModule", | |
| "value": "github.com/interlynk-io/sbomex" | |
| } | |
| ] | |
| }, | |
| { | |
| "bom-ref": "lynk:235f452a-a8a5-4b22-b9ab-ef4b3bf443f1", | |
| "type": "library", | |
| "name": "github.com/inconshreveable/mousetrap", | |
| "version": "v1.1.0", | |
| "cpe": "cpe:2.3:a:inconshreveable:mousetrap:v1.1.0:*:*:*:*:*:*:*", | |
| "purl": "pkg:golang/github.com/inconshreveable/[email protected]", | |
| "properties": [ | |
| { | |
| "name": "syft:package:foundBy", | |
| "value": "go-module-binary-cataloger" | |
| }, | |
| { | |
| "name": "syft:package:language", | |
| "value": "go" | |
| }, | |
| { | |
| "name": "syft:package:metadataType", | |
| "value": "GolangBinMetadata" | |
| }, | |
| { | |
| "name": "syft:package:type", | |
| "value": "go-module" | |
| }, | |
| { | |
| "name": "syft:location:0:path", | |
| "value": "dist/sbomex-windows-amd64.exe" | |
| }, | |
| { | |
| "name": "syft:metadata:architecture", | |
| "value": "amd64" | |
| }, | |
| { | |
| "name": "syft:metadata:goCompiledVersion", | |
| "value": "go1.20" | |
| }, | |
| { | |
| "name": "syft:metadata:h1Digest", | |
| "value": "h1:wN+x4NVGpMsO7ErUn/mUI3vEoE6Jt13X2s0bqwp9tc8=" | |
| }, | |
| { | |
| "name": "syft:metadata:mainModule", | |
| "value": "github.com/interlynk-io/sbomex" | |
| } | |
| ] | |
| }, | |
| { | |
| "bom-ref": "lynk:5c4efc28-3977-4146-ae0f-8e5dfc0cfe48", | |
| "type": "library", | |
| "name": "billiard", | |
| "version": "3.6.0.0", | |
| "cpe": "cpe:2.3:a:python-billiard:python-billiard:3.6.0.0:*:*:*:*:*:*:*", | |
| "purl": "pkg:pypi/[email protected]", | |
| "properties": [ | |
| { | |
| "name": "syft:package:foundBy", | |
| "value": "sbom-cataloger" | |
| }, | |
| { | |
| "name": "syft:package:language", | |
| "value": "python" | |
| }, | |
| { | |
| "name": "syft:package:type", | |
| "value": "python" | |
| }, | |
| { | |
| "name": "syft:cpe23", | |
| "value": "cpe:2.3:a:python-billiard:python_billiard:3.6.0.0:*:*:*:*:*:*:*" | |
| }, | |
| { | |
| "name": "syft:cpe23", | |
| "value": "cpe:2.3:a:python_billiard:python-billiard:3.6.0.0:*:*:*:*:*:*:*" | |
| }, | |
| { | |
| "name": "syft:cpe23", | |
| "value": "cpe:2.3:a:python_billiard:python_billiard:3.6.0.0:*:*:*:*:*:*:*" | |
| }, | |
| { | |
| "name": "syft:cpe23", | |
| "value": "cpe:2.3:a:billiard:python-billiard:3.6.0.0:*:*:*:*:*:*:*" | |
| }, | |
| { | |
| "name": "syft:cpe23", | |
| "value": "cpe:2.3:a:billiard:python_billiard:3.6.0.0:*:*:*:*:*:*:*" | |
| }, | |
| { | |
| "name": "syft:cpe23", | |
| "value": "cpe:2.3:a:python-billiard:billiard:3.6.0.0:*:*:*:*:*:*:*" | |
| }, | |
| { | |
| "name": "syft:cpe23", | |
| "value": "cpe:2.3:a:python_billiard:billiard:3.6.0.0:*:*:*:*:*:*:*" | |
| }, | |
| { | |
| "name": "syft:cpe23", | |
| "value": "cpe:2.3:a:python:python-billiard:3.6.0.0:*:*:*:*:*:*:*" | |
| }, | |
| { | |
| "name": "syft:cpe23", | |
| "value": "cpe:2.3:a:python:python_billiard:3.6.0.0:*:*:*:*:*:*:*" | |
| }, | |
| { | |
| "name": "syft:cpe23", | |
| "value": "cpe:2.3:a:billiard:billiard:3.6.0.0:*:*:*:*:*:*:*" | |
| }, | |
| { | |
| "name": "syft:cpe23", | |
| "value": "cpe:2.3:a:python:billiard:3.6.0.0:*:*:*:*:*:*:*" | |
| }, | |
| { | |
| "name": "syft:location:0:path", | |
| "value": "samples/trivy-trivy-ci-test.cdx.json" | |
| } | |
| ] | |
| }, | |
| { | |
| "bom-ref": "lynk:e2ddd0f6-25cf-4dc5-b7c5-736a4b6a7bc2", | |
| "type": "library", | |
| "name": "botocore", | |
| "version": "1.12.130", | |
| "cpe": "cpe:2.3:a:python-botocore:python-botocore:1.12.130:*:*:*:*:*:*:*", | |
| "purl": "pkg:pypi/[email protected]", | |
| "properties": [ | |
| { | |
| "name": "syft:package:foundBy", | |
| "value": "sbom-cataloger" | |
| }, | |
| { | |
| "name": "syft:package:language", | |
| "value": "python" | |
| }, | |
| { | |
| "name": "syft:package:type", | |
| "value": "python" | |
| }, | |
| { | |
| "name": "syft:cpe23", | |
| "value": "cpe:2.3:a:python-botocore:python_botocore:1.12.130:*:*:*:*:*:*:*" | |
| }, | |
| { | |
| "name": "syft:cpe23", | |
| "value": "cpe:2.3:a:python_botocore:python-botocore:1.12.130:*:*:*:*:*:*:*" | |
| }, | |
| { | |
| "name": "syft:cpe23", | |
| "value": "cpe:2.3:a:python_botocore:python_botocore:1.12.130:*:*:*:*:*:*:*" | |
| }, | |
| { | |
| "name": "syft:cpe23", | |
| "value": "cpe:2.3:a:botocore:python-botocore:1.12.130:*:*:*:*:*:*:*" | |
| }, | |
| { | |
| "name": "syft:cpe23", | |
| "value": "cpe:2.3:a:botocore:python_botocore:1.12.130:*:*:*:*:*:*:*" | |
| }, | |
| { | |
| "name": "syft:cpe23", | |
| "value": "cpe:2.3:a:python-botocore:botocore:1.12.130:*:*:*:*:*:*:*" | |
| }, | |
| { | |
| "name": "syft:cpe23", | |
| "value": "cpe:2.3:a:python_botocore:botocore:1.12.130:*:*:*:*:*:*:*" | |
| }, | |
| { | |
| "name": "syft:cpe23", | |
| "value": "cpe:2.3:a:python:python-botocore:1.12.130:*:*:*:*:*:*:*" | |
| }, | |
| { | |
| "name": "syft:cpe23", | |
| "value": "cpe:2.3:a:python:python_botocore:1.12.130:*:*:*:*:*:*:*" | |
| }, | |
| { | |
| "name": "syft:cpe23", | |
| "value": "cpe:2.3:a:botocore:botocore:1.12.130:*:*:*:*:*:*:*" | |
| }, | |
| { | |
| "name": "syft:cpe23", | |
| "value": "cpe:2.3:a:python:botocore:1.12.130:*:*:*:*:*:*:*" | |
| }, | |
| { | |
| "name": "syft:location:0:path", | |
| "value": "samples/trivy-trivy-ci-test.cdx.json" | |
| } | |
| ] | |
| } | |
| ], | |
| "dependencies": [ | |
| { | |
| "ref": "lynk:34a4598c-8db9-4d8e-9e99-94abb8a63e35", | |
| "dependsOn": [ | |
| "lynk:3bc58fe2-3f1b-4e9c-861d-25e49e96bbbe", | |
| "lynk:5d5cb01d-9d9c-4ed8-a476-a9fc9ba445a4" | |
| ] | |
| } | |
| ] | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment