mirror of
https://github.com/anchore/syft.git
synced 2025-11-17 16:33:21 +01:00
feat: use originator logic to fill supplier (#1980)
* feat: use Originator to fill supplier for NTIA minimum --------- Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>
This commit is contained in:
Christopher Angelo Phillips
GitHub
parent
756d0f29af
commit
8e893dfc20
@ -240,9 +240,11 @@ func toRootPackage(s source.Description) *spdx.Package {
|
|||||||
PackageSPDXIdentifier: spdx.ElementID(SanitizeElementID(fmt.Sprintf("DocumentRoot-%s-%s", prefix, name))),
|
PackageSPDXIdentifier: spdx.ElementID(SanitizeElementID(fmt.Sprintf("DocumentRoot-%s-%s", prefix, name))),
|
||||||
PackageVersion: version,
|
PackageVersion: version,
|
||||||
PackageChecksums: checksums,
|
PackageChecksums: checksums,
|
||||||
PackageSupplier: nil,
|
|
||||||
PackageExternalReferences: nil,
|
PackageExternalReferences: nil,
|
||||||
PrimaryPackagePurpose: purpose,
|
PrimaryPackagePurpose: purpose,
|
||||||
|
PackageSupplier: &spdx.Supplier{
|
||||||
|
Supplier: NOASSERTION,
|
||||||
|
},
|
||||||
}
|
}
|
||||||
|
|
||||||
if purl != nil {
|
if purl != nil {
|
||||||
@ -357,7 +359,7 @@ func toPackages(catalog *pkg.Collection, sbom sbom.SBOM) (results []*spdx.Packag
|
|||||||
// 7.6: Package Originator: may have single result for either Person or Organization,
|
// 7.6: Package Originator: may have single result for either Person or Organization,
|
||||||
// or NOASSERTION
|
// or NOASSERTION
|
||||||
// Cardinality: optional, one
|
// Cardinality: optional, one
|
||||||
PackageSupplier: nil,
|
PackageSupplier: toPackageSupplier(p),
|
||||||
|
|
||||||
PackageOriginator: toPackageOriginator(p),
|
PackageOriginator: toPackageOriginator(p),
|
||||||
|
|
||||||
@ -514,6 +516,21 @@ func toPackageOriginator(p pkg.Package) *spdx.Originator {
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
func toPackageSupplier(p pkg.Package) *spdx.Supplier {
|
||||||
|
// this uses the Originator function for now until
|
||||||
|
// a better distinction can be made for supplier
|
||||||
|
kind, supplier := Originator(p)
|
||||||
|
if kind == "" || supplier == "" {
|
||||||
|
return &spdx.Supplier{
|
||||||
|
Supplier: NOASSERTION,
|
||||||
|
}
|
||||||
|
}
|
||||||
|
return &spdx.Supplier{
|
||||||
|
Supplier: supplier,
|
||||||
|
SupplierType: kind,
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
func formatSPDXExternalRefs(p pkg.Package) (refs []*spdx.PackageExternalReference) {
|
func formatSPDXExternalRefs(p pkg.Package) (refs []*spdx.PackageExternalReference) {
|
||||||
for _, ref := range ExternalRefs(p) {
|
for _, ref := range ExternalRefs(p) {
|
||||||
refs = append(refs, &spdx.PackageExternalReference{
|
refs = append(refs, &spdx.PackageExternalReference{
|
||||||
|
|||||||
@ -51,12 +51,14 @@ func Test_toFormatModel(t *testing.T) {
|
|||||||
SPDXVersion: spdx.Version,
|
SPDXVersion: spdx.Version,
|
||||||
DataLicense: spdx.DataLicense,
|
DataLicense: spdx.DataLicense,
|
||||||
DocumentName: "alpine",
|
DocumentName: "alpine",
|
||||||
|
|
||||||
Packages: []*spdx.Package{
|
Packages: []*spdx.Package{
|
||||||
{
|
{
|
||||||
PackageSPDXIdentifier: "Package-pkg-1-pkg-1",
|
PackageSPDXIdentifier: "Package-pkg-1-pkg-1",
|
||||||
PackageName: "pkg-1",
|
PackageName: "pkg-1",
|
||||||
PackageVersion: "version-1",
|
PackageVersion: "version-1",
|
||||||
|
PackageSupplier: &spdx.Supplier{
|
||||||
|
Supplier: "NOASSERTION",
|
||||||
|
},
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
PackageSPDXIdentifier: "DocumentRoot-Image-alpine",
|
PackageSPDXIdentifier: "DocumentRoot-Image-alpine",
|
||||||
@ -71,6 +73,9 @@ func Test_toFormatModel(t *testing.T) {
|
|||||||
Locator: "pkg:oci/alpine@sha256:d34db33f?arch=&tag=latest",
|
Locator: "pkg:oci/alpine@sha256:d34db33f?arch=&tag=latest",
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
|
PackageSupplier: &spdx.Supplier{
|
||||||
|
Supplier: "NOASSERTION",
|
||||||
|
},
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
Relationships: []*spdx.Relationship{
|
Relationships: []*spdx.Relationship{
|
||||||
@ -122,12 +127,18 @@ func Test_toFormatModel(t *testing.T) {
|
|||||||
PackageSPDXIdentifier: "Package-pkg-1-pkg-1",
|
PackageSPDXIdentifier: "Package-pkg-1-pkg-1",
|
||||||
PackageName: "pkg-1",
|
PackageName: "pkg-1",
|
||||||
PackageVersion: "version-1",
|
PackageVersion: "version-1",
|
||||||
|
PackageSupplier: &spdx.Supplier{
|
||||||
|
Supplier: "NOASSERTION",
|
||||||
|
},
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
PackageSPDXIdentifier: "DocumentRoot-Directory-some-directory",
|
PackageSPDXIdentifier: "DocumentRoot-Directory-some-directory",
|
||||||
PackageName: "some/directory",
|
PackageName: "some/directory",
|
||||||
PackageVersion: "",
|
PackageVersion: "",
|
||||||
PrimaryPackagePurpose: "FILE",
|
PrimaryPackagePurpose: "FILE",
|
||||||
|
PackageSupplier: &spdx.Supplier{
|
||||||
|
Supplier: "NOASSERTION",
|
||||||
|
},
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
Relationships: []*spdx.Relationship{
|
Relationships: []*spdx.Relationship{
|
||||||
@ -180,12 +191,14 @@ func Test_toFormatModel(t *testing.T) {
|
|||||||
SPDXVersion: spdx.Version,
|
SPDXVersion: spdx.Version,
|
||||||
DataLicense: spdx.DataLicense,
|
DataLicense: spdx.DataLicense,
|
||||||
DocumentName: "path/to/some.file",
|
DocumentName: "path/to/some.file",
|
||||||
|
|
||||||
Packages: []*spdx.Package{
|
Packages: []*spdx.Package{
|
||||||
{
|
{
|
||||||
PackageSPDXIdentifier: "Package-pkg-1-pkg-1",
|
PackageSPDXIdentifier: "Package-pkg-1-pkg-1",
|
||||||
PackageName: "pkg-1",
|
PackageName: "pkg-1",
|
||||||
PackageVersion: "version-1",
|
PackageVersion: "version-1",
|
||||||
|
PackageSupplier: &spdx.Supplier{
|
||||||
|
Supplier: "NOASSERTION",
|
||||||
|
},
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
PackageSPDXIdentifier: "DocumentRoot-File-path-to-some.file",
|
PackageSPDXIdentifier: "DocumentRoot-File-path-to-some.file",
|
||||||
@ -193,6 +206,9 @@ func Test_toFormatModel(t *testing.T) {
|
|||||||
PackageVersion: "sha256:d34db33f",
|
PackageVersion: "sha256:d34db33f",
|
||||||
PrimaryPackagePurpose: "FILE",
|
PrimaryPackagePurpose: "FILE",
|
||||||
PackageChecksums: []spdx.Checksum{{Algorithm: "SHA256", Value: "d34db33f"}},
|
PackageChecksums: []spdx.Checksum{{Algorithm: "SHA256", Value: "d34db33f"}},
|
||||||
|
PackageSupplier: &spdx.Supplier{
|
||||||
|
Supplier: "NOASSERTION",
|
||||||
|
},
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
Relationships: []*spdx.Relationship{
|
Relationships: []*spdx.Relationship{
|
||||||
|
|||||||
@ -17,6 +17,7 @@
|
|||||||
"name": "package-1",
|
"name": "package-1",
|
||||||
"SPDXID": "SPDXRef-Package-python-package-1-9265397e5e15168a",
|
"SPDXID": "SPDXRef-Package-python-package-1-9265397e5e15168a",
|
||||||
"versionInfo": "1.0.1",
|
"versionInfo": "1.0.1",
|
||||||
|
"supplier": "NOASSERTION",
|
||||||
"downloadLocation": "NOASSERTION",
|
"downloadLocation": "NOASSERTION",
|
||||||
"filesAnalyzed": false,
|
"filesAnalyzed": false,
|
||||||
"sourceInfo": "acquired package info from installed python package manifest file: /some/path/pkg1",
|
"sourceInfo": "acquired package info from installed python package manifest file: /some/path/pkg1",
|
||||||
@ -40,6 +41,7 @@
|
|||||||
"name": "package-2",
|
"name": "package-2",
|
||||||
"SPDXID": "SPDXRef-Package-deb-package-2-db4abfe497c180d3",
|
"SPDXID": "SPDXRef-Package-deb-package-2-db4abfe497c180d3",
|
||||||
"versionInfo": "2.0.1",
|
"versionInfo": "2.0.1",
|
||||||
|
"supplier": "NOASSERTION",
|
||||||
"downloadLocation": "NOASSERTION",
|
"downloadLocation": "NOASSERTION",
|
||||||
"filesAnalyzed": false,
|
"filesAnalyzed": false,
|
||||||
"sourceInfo": "acquired package info from DPKG DB: /some/path/pkg1",
|
"sourceInfo": "acquired package info from DPKG DB: /some/path/pkg1",
|
||||||
@ -62,6 +64,7 @@
|
|||||||
{
|
{
|
||||||
"name": "some/path",
|
"name": "some/path",
|
||||||
"SPDXID": "SPDXRef-DocumentRoot-Directory-some-path",
|
"SPDXID": "SPDXRef-DocumentRoot-Directory-some-path",
|
||||||
|
"supplier": "NOASSERTION",
|
||||||
"downloadLocation": "",
|
"downloadLocation": "",
|
||||||
"filesAnalyzed": false,
|
"filesAnalyzed": false,
|
||||||
"primaryPackagePurpose": "FILE"
|
"primaryPackagePurpose": "FILE"
|
||||||
|
|||||||
@ -17,6 +17,7 @@
|
|||||||
"name": "package-1",
|
"name": "package-1",
|
||||||
"SPDXID": "SPDXRef-Package-python-package-1-125840abc1c66dd7",
|
"SPDXID": "SPDXRef-Package-python-package-1-125840abc1c66dd7",
|
||||||
"versionInfo": "1.0.1",
|
"versionInfo": "1.0.1",
|
||||||
|
"supplier": "NOASSERTION",
|
||||||
"downloadLocation": "NOASSERTION",
|
"downloadLocation": "NOASSERTION",
|
||||||
"filesAnalyzed": false,
|
"filesAnalyzed": false,
|
||||||
"sourceInfo": "acquired package info from installed python package manifest file: /somefile-1.txt",
|
"sourceInfo": "acquired package info from installed python package manifest file: /somefile-1.txt",
|
||||||
@ -40,6 +41,7 @@
|
|||||||
"name": "package-2",
|
"name": "package-2",
|
||||||
"SPDXID": "SPDXRef-Package-deb-package-2-958443e2d9304af4",
|
"SPDXID": "SPDXRef-Package-deb-package-2-958443e2d9304af4",
|
||||||
"versionInfo": "2.0.1",
|
"versionInfo": "2.0.1",
|
||||||
|
"supplier": "NOASSERTION",
|
||||||
"downloadLocation": "NOASSERTION",
|
"downloadLocation": "NOASSERTION",
|
||||||
"filesAnalyzed": false,
|
"filesAnalyzed": false,
|
||||||
"sourceInfo": "acquired package info from DPKG DB: /somefile-2.txt",
|
"sourceInfo": "acquired package info from DPKG DB: /somefile-2.txt",
|
||||||
@ -63,6 +65,7 @@
|
|||||||
"name": "user-image-input",
|
"name": "user-image-input",
|
||||||
"SPDXID": "SPDXRef-DocumentRoot-Image-user-image-input",
|
"SPDXID": "SPDXRef-DocumentRoot-Image-user-image-input",
|
||||||
"versionInfo": "sha256:2731251dc34951c0e50fcc643b4c5f74922dad1a5d98f302b504cf46cd5d9368",
|
"versionInfo": "sha256:2731251dc34951c0e50fcc643b4c5f74922dad1a5d98f302b504cf46cd5d9368",
|
||||||
|
"supplier": "NOASSERTION",
|
||||||
"downloadLocation": "",
|
"downloadLocation": "",
|
||||||
"filesAnalyzed": false,
|
"filesAnalyzed": false,
|
||||||
"checksums": [
|
"checksums": [
|
||||||
|
|||||||
@ -17,6 +17,7 @@
|
|||||||
"name": "package-1",
|
"name": "package-1",
|
||||||
"SPDXID": "SPDXRef-Package-python-package-1-125840abc1c66dd7",
|
"SPDXID": "SPDXRef-Package-python-package-1-125840abc1c66dd7",
|
||||||
"versionInfo": "1.0.1",
|
"versionInfo": "1.0.1",
|
||||||
|
"supplier": "NOASSERTION",
|
||||||
"downloadLocation": "NOASSERTION",
|
"downloadLocation": "NOASSERTION",
|
||||||
"filesAnalyzed": false,
|
"filesAnalyzed": false,
|
||||||
"sourceInfo": "acquired package info from installed python package manifest file: /somefile-1.txt",
|
"sourceInfo": "acquired package info from installed python package manifest file: /somefile-1.txt",
|
||||||
@ -40,6 +41,7 @@
|
|||||||
"name": "package-2",
|
"name": "package-2",
|
||||||
"SPDXID": "SPDXRef-Package-deb-package-2-958443e2d9304af4",
|
"SPDXID": "SPDXRef-Package-deb-package-2-958443e2d9304af4",
|
||||||
"versionInfo": "2.0.1",
|
"versionInfo": "2.0.1",
|
||||||
|
"supplier": "NOASSERTION",
|
||||||
"downloadLocation": "NOASSERTION",
|
"downloadLocation": "NOASSERTION",
|
||||||
"filesAnalyzed": false,
|
"filesAnalyzed": false,
|
||||||
"sourceInfo": "acquired package info from DPKG DB: /somefile-2.txt",
|
"sourceInfo": "acquired package info from DPKG DB: /somefile-2.txt",
|
||||||
@ -63,6 +65,7 @@
|
|||||||
"name": "user-image-input",
|
"name": "user-image-input",
|
||||||
"SPDXID": "SPDXRef-DocumentRoot-Image-user-image-input",
|
"SPDXID": "SPDXRef-DocumentRoot-Image-user-image-input",
|
||||||
"versionInfo": "sha256:2731251dc34951c0e50fcc643b4c5f74922dad1a5d98f302b504cf46cd5d9368",
|
"versionInfo": "sha256:2731251dc34951c0e50fcc643b4c5f74922dad1a5d98f302b504cf46cd5d9368",
|
||||||
|
"supplier": "NOASSERTION",
|
||||||
"downloadLocation": "",
|
"downloadLocation": "",
|
||||||
"filesAnalyzed": false,
|
"filesAnalyzed": false,
|
||||||
"checksums": [
|
"checksums": [
|
||||||
|
|||||||
Binary file not shown.
@ -12,6 +12,7 @@ Created: redacted
|
|||||||
|
|
||||||
PackageName: foobar/baz
|
PackageName: foobar/baz
|
||||||
SPDXID: SPDXRef-DocumentRoot-Directory-foobar-baz
|
SPDXID: SPDXRef-DocumentRoot-Directory-foobar-baz
|
||||||
|
PackageSupplier: NOASSERTION
|
||||||
PrimaryPackagePurpose: FILE
|
PrimaryPackagePurpose: FILE
|
||||||
FilesAnalyzed: false
|
FilesAnalyzed: false
|
||||||
|
|
||||||
@ -19,6 +20,7 @@ FilesAnalyzed: false
|
|||||||
|
|
||||||
PackageName: @at-sign
|
PackageName: @at-sign
|
||||||
SPDXID: SPDXRef-Package--at-sign-3732f7a5679bdec4
|
SPDXID: SPDXRef-Package--at-sign-3732f7a5679bdec4
|
||||||
|
PackageSupplier: NOASSERTION
|
||||||
PackageDownloadLocation: NOASSERTION
|
PackageDownloadLocation: NOASSERTION
|
||||||
FilesAnalyzed: false
|
FilesAnalyzed: false
|
||||||
PackageSourceInfo: acquired package info from the following paths:
|
PackageSourceInfo: acquired package info from the following paths:
|
||||||
@ -30,6 +32,7 @@ PackageCopyrightText: NOASSERTION
|
|||||||
|
|
||||||
PackageName: some/slashes
|
PackageName: some/slashes
|
||||||
SPDXID: SPDXRef-Package-some-slashes-1345166d4801153b
|
SPDXID: SPDXRef-Package-some-slashes-1345166d4801153b
|
||||||
|
PackageSupplier: NOASSERTION
|
||||||
PackageDownloadLocation: NOASSERTION
|
PackageDownloadLocation: NOASSERTION
|
||||||
FilesAnalyzed: false
|
FilesAnalyzed: false
|
||||||
PackageSourceInfo: acquired package info from the following paths:
|
PackageSourceInfo: acquired package info from the following paths:
|
||||||
@ -41,6 +44,7 @@ PackageCopyrightText: NOASSERTION
|
|||||||
|
|
||||||
PackageName: under_scores
|
PackageName: under_scores
|
||||||
SPDXID: SPDXRef-Package-under-scores-290d5c77210978c1
|
SPDXID: SPDXRef-Package-under-scores-290d5c77210978c1
|
||||||
|
PackageSupplier: NOASSERTION
|
||||||
PackageDownloadLocation: NOASSERTION
|
PackageDownloadLocation: NOASSERTION
|
||||||
FilesAnalyzed: false
|
FilesAnalyzed: false
|
||||||
PackageSourceInfo: acquired package info from the following paths:
|
PackageSourceInfo: acquired package info from the following paths:
|
||||||
|
|||||||
@ -51,6 +51,7 @@ LicenseConcluded: NOASSERTION
|
|||||||
PackageName: user-image-input
|
PackageName: user-image-input
|
||||||
SPDXID: SPDXRef-DocumentRoot-Image-user-image-input
|
SPDXID: SPDXRef-DocumentRoot-Image-user-image-input
|
||||||
PackageVersion: sha256:2731251dc34951c0e50fcc643b4c5f74922dad1a5d98f302b504cf46cd5d9368
|
PackageVersion: sha256:2731251dc34951c0e50fcc643b4c5f74922dad1a5d98f302b504cf46cd5d9368
|
||||||
|
PackageSupplier: NOASSERTION
|
||||||
PrimaryPackagePurpose: CONTAINER
|
PrimaryPackagePurpose: CONTAINER
|
||||||
FilesAnalyzed: false
|
FilesAnalyzed: false
|
||||||
PackageChecksum: SHA256: 2731251dc34951c0e50fcc643b4c5f74922dad1a5d98f302b504cf46cd5d9368
|
PackageChecksum: SHA256: 2731251dc34951c0e50fcc643b4c5f74922dad1a5d98f302b504cf46cd5d9368
|
||||||
@ -61,6 +62,7 @@ ExternalRef: PACKAGE-MANAGER purl pkg:oci/user-image-input@sha256:2731251dc34951
|
|||||||
PackageName: package-2
|
PackageName: package-2
|
||||||
SPDXID: SPDXRef-Package-deb-package-2-958443e2d9304af4
|
SPDXID: SPDXRef-Package-deb-package-2-958443e2d9304af4
|
||||||
PackageVersion: 2.0.1
|
PackageVersion: 2.0.1
|
||||||
|
PackageSupplier: NOASSERTION
|
||||||
PackageDownloadLocation: NOASSERTION
|
PackageDownloadLocation: NOASSERTION
|
||||||
FilesAnalyzed: false
|
FilesAnalyzed: false
|
||||||
PackageSourceInfo: acquired package info from DPKG DB: /somefile-2.txt
|
PackageSourceInfo: acquired package info from DPKG DB: /somefile-2.txt
|
||||||
@ -75,6 +77,7 @@ ExternalRef: PACKAGE-MANAGER purl pkg:deb/debian/package-2@2.0.1
|
|||||||
PackageName: package-1
|
PackageName: package-1
|
||||||
SPDXID: SPDXRef-Package-python-package-1-125840abc1c66dd7
|
SPDXID: SPDXRef-Package-python-package-1-125840abc1c66dd7
|
||||||
PackageVersion: 1.0.1
|
PackageVersion: 1.0.1
|
||||||
|
PackageSupplier: NOASSERTION
|
||||||
PackageDownloadLocation: NOASSERTION
|
PackageDownloadLocation: NOASSERTION
|
||||||
FilesAnalyzed: false
|
FilesAnalyzed: false
|
||||||
PackageSourceInfo: acquired package info from installed python package manifest file: /somefile-1.txt
|
PackageSourceInfo: acquired package info from installed python package manifest file: /somefile-1.txt
|
||||||
|
|||||||
@ -12,6 +12,7 @@ Created: redacted
|
|||||||
|
|
||||||
PackageName: some/path
|
PackageName: some/path
|
||||||
SPDXID: SPDXRef-DocumentRoot-Directory-some-path
|
SPDXID: SPDXRef-DocumentRoot-Directory-some-path
|
||||||
|
PackageSupplier: NOASSERTION
|
||||||
PrimaryPackagePurpose: FILE
|
PrimaryPackagePurpose: FILE
|
||||||
FilesAnalyzed: false
|
FilesAnalyzed: false
|
||||||
|
|
||||||
@ -20,6 +21,7 @@ FilesAnalyzed: false
|
|||||||
PackageName: package-2
|
PackageName: package-2
|
||||||
SPDXID: SPDXRef-Package-deb-package-2-db4abfe497c180d3
|
SPDXID: SPDXRef-Package-deb-package-2-db4abfe497c180d3
|
||||||
PackageVersion: 2.0.1
|
PackageVersion: 2.0.1
|
||||||
|
PackageSupplier: NOASSERTION
|
||||||
PackageDownloadLocation: NOASSERTION
|
PackageDownloadLocation: NOASSERTION
|
||||||
FilesAnalyzed: false
|
FilesAnalyzed: false
|
||||||
PackageSourceInfo: acquired package info from DPKG DB: /some/path/pkg1
|
PackageSourceInfo: acquired package info from DPKG DB: /some/path/pkg1
|
||||||
@ -34,6 +36,7 @@ ExternalRef: PACKAGE-MANAGER purl pkg:deb/debian/package-2@2.0.1
|
|||||||
PackageName: package-1
|
PackageName: package-1
|
||||||
SPDXID: SPDXRef-Package-python-package-1-9265397e5e15168a
|
SPDXID: SPDXRef-Package-python-package-1-9265397e5e15168a
|
||||||
PackageVersion: 1.0.1
|
PackageVersion: 1.0.1
|
||||||
|
PackageSupplier: NOASSERTION
|
||||||
PackageDownloadLocation: NOASSERTION
|
PackageDownloadLocation: NOASSERTION
|
||||||
FilesAnalyzed: false
|
FilesAnalyzed: false
|
||||||
PackageSourceInfo: acquired package info from installed python package manifest file: /some/path/pkg1
|
PackageSourceInfo: acquired package info from installed python package manifest file: /some/path/pkg1
|
||||||
|
|||||||
@ -13,6 +13,7 @@ Created: redacted
|
|||||||
PackageName: user-image-input
|
PackageName: user-image-input
|
||||||
SPDXID: SPDXRef-DocumentRoot-Image-user-image-input
|
SPDXID: SPDXRef-DocumentRoot-Image-user-image-input
|
||||||
PackageVersion: sha256:2731251dc34951c0e50fcc643b4c5f74922dad1a5d98f302b504cf46cd5d9368
|
PackageVersion: sha256:2731251dc34951c0e50fcc643b4c5f74922dad1a5d98f302b504cf46cd5d9368
|
||||||
|
PackageSupplier: NOASSERTION
|
||||||
PrimaryPackagePurpose: CONTAINER
|
PrimaryPackagePurpose: CONTAINER
|
||||||
FilesAnalyzed: false
|
FilesAnalyzed: false
|
||||||
PackageChecksum: SHA256: 2731251dc34951c0e50fcc643b4c5f74922dad1a5d98f302b504cf46cd5d9368
|
PackageChecksum: SHA256: 2731251dc34951c0e50fcc643b4c5f74922dad1a5d98f302b504cf46cd5d9368
|
||||||
@ -23,6 +24,7 @@ ExternalRef: PACKAGE-MANAGER purl pkg:oci/user-image-input@sha256:2731251dc34951
|
|||||||
PackageName: package-2
|
PackageName: package-2
|
||||||
SPDXID: SPDXRef-Package-deb-package-2-958443e2d9304af4
|
SPDXID: SPDXRef-Package-deb-package-2-958443e2d9304af4
|
||||||
PackageVersion: 2.0.1
|
PackageVersion: 2.0.1
|
||||||
|
PackageSupplier: NOASSERTION
|
||||||
PackageDownloadLocation: NOASSERTION
|
PackageDownloadLocation: NOASSERTION
|
||||||
FilesAnalyzed: false
|
FilesAnalyzed: false
|
||||||
PackageSourceInfo: acquired package info from DPKG DB: /somefile-2.txt
|
PackageSourceInfo: acquired package info from DPKG DB: /somefile-2.txt
|
||||||
@ -37,6 +39,7 @@ ExternalRef: PACKAGE-MANAGER purl pkg:deb/debian/package-2@2.0.1
|
|||||||
PackageName: package-1
|
PackageName: package-1
|
||||||
SPDXID: SPDXRef-Package-python-package-1-125840abc1c66dd7
|
SPDXID: SPDXRef-Package-python-package-1-125840abc1c66dd7
|
||||||
PackageVersion: 1.0.1
|
PackageVersion: 1.0.1
|
||||||
|
PackageSupplier: NOASSERTION
|
||||||
PackageDownloadLocation: NOASSERTION
|
PackageDownloadLocation: NOASSERTION
|
||||||
FilesAnalyzed: false
|
FilesAnalyzed: false
|
||||||
PackageSourceInfo: acquired package info from installed python package manifest file: /somefile-1.txt
|
PackageSourceInfo: acquired package info from installed python package manifest file: /somefile-1.txt
|
||||||
|
|||||||
Binary file not shown.
Loading…
x
Reference in New Issue
Block a user