mirror of
https://github.com/anchore/syft.git
synced 2025-11-18 17:03:17 +01:00
9aca23f766
* remove existing spdxjson presenter + helpers Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * add new spdx22json format Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * add common sdpxhelpers (migrated) Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * use new common spdx helpers Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * wire up new spdx22json format object Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * remove lossless syft-specific property bags Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * remove spdxjson decoder and validator Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * add nil checks in spdx test helpers Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * remove empty default case Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * use explicit golden snapshot Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
91 lines
4.2 KiB
Plaintext
91 lines
4.2 KiB
Plaintext
{
|
|
"SPDXID": "SPDXRef-DOCUMENT",
|
|
"name": "user-image-input",
|
|
"spdxVersion": "SPDX-2.2",
|
|
"creationInfo": {
|
|
"created": "2021-10-22T19:25:38.341582Z",
|
|
"creators": [
|
|
"Organization: Anchore, Inc",
|
|
"Tool: syft-[not provided]"
|
|
],
|
|
"licenseListVersion": "3.14"
|
|
},
|
|
"syftSourceData": {
|
|
"Scheme": "ImageScheme",
|
|
"ImageMetadata": {
|
|
"userInput": "user-image-input",
|
|
"imageID": "sha256:2480160b55bec40c44d3b145c7b2c1c47160db8575c3dcae086d76b9370ae7ca",
|
|
"manifestDigest": "sha256:2731251dc34951c0e50fcc643b4c5f74922dad1a5d98f302b504cf46cd5d9368",
|
|
"mediaType": "application/vnd.docker.distribution.manifest.v2+json",
|
|
"tags": [
|
|
"stereoscope-fixture-image-simple:85066c51088bdd274f7a89e99e00490f666c49e72ffc955707cd6e18f0e22c5b"
|
|
],
|
|
"imageSize": 38,
|
|
"layers": [
|
|
{
|
|
"mediaType": "application/vnd.docker.image.rootfs.diff.tar.gzip",
|
|
"digest": "sha256:fb6beecb75b39f4bb813dbf177e501edd5ddb3e69bb45cedeb78c676ee1b7a59",
|
|
"size": 22
|
|
},
|
|
{
|
|
"mediaType": "application/vnd.docker.image.rootfs.diff.tar.gzip",
|
|
"digest": "sha256:319b588ce64253a87b533c8ed01cf0025e0eac98e7b516e12532957e1244fdec",
|
|
"size": 16
|
|
}
|
|
],
|
|
"manifest": "eyJzY2hlbWFWZXJzaW9uIjoyLCJtZWRpYVR5cGUiOiJhcHBsaWNhdGlvbi92bmQuZG9ja2VyLmRpc3RyaWJ1dGlvbi5tYW5pZmVzdC52Mitqc29uIiwiY29uZmlnIjp7Im1lZGlhVHlwZSI6ImFwcGxpY2F0aW9uL3ZuZC5kb2NrZXIuY29udGFpbmVyLmltYWdlLnYxK2pzb24iLCJzaXplIjo2NjcsImRpZ2VzdCI6InNoYTI1NjoyNDgwMTYwYjU1YmVjNDBjNDRkM2IxNDVjN2IyYzFjNDcxNjBkYjg1NzVjM2RjYWUwODZkNzZiOTM3MGFlN2NhIn0sImxheWVycyI6W3sibWVkaWFUeXBlIjoiYXBwbGljYXRpb24vdm5kLmRvY2tlci5pbWFnZS5yb290ZnMuZGlmZi50YXIuZ3ppcCIsInNpemUiOjIwNDgsImRpZ2VzdCI6InNoYTI1NjpmYjZiZWVjYjc1YjM5ZjRiYjgxM2RiZjE3N2U1MDFlZGQ1ZGRiM2U2OWJiNDVjZWRlYjc4YzY3NmVlMWI3YTU5In0seyJtZWRpYVR5cGUiOiJhcHBsaWNhdGlvbi92bmQuZG9ja2VyLmltYWdlLnJvb3Rmcy5kaWZmLnRhci5nemlwIiwic2l6ZSI6MjA0OCwiZGlnZXN0Ijoic2hhMjU2OjMxOWI1ODhjZTY0MjUzYTg3YjUzM2M4ZWQwMWNmMDAyNWUwZWFjOThlN2I1MTZlMTI1MzI5NTdlMTI0NGZkZWMifV19",
|
|
"config": "eyJhcmNoaXRlY3R1cmUiOiJhbWQ2NCIsImNvbmZpZyI6eyJFbnYiOlsiUEFUSD0vdXNyL2xvY2FsL3NiaW46L3Vzci9sb2NhbC9iaW46L3Vzci9zYmluOi91c3IvYmluOi9zYmluOi9iaW4iXSwiV29ya2luZ0RpciI6Ii8iLCJPbkJ1aWxkIjpudWxsfSwiY3JlYXRlZCI6IjIwMjEtMTAtMDRUMTE6NDA6MDAuNjM4Mzk0NVoiLCJoaXN0b3J5IjpbeyJjcmVhdGVkIjoiMjAyMS0xMC0wNFQxMTo0MDowMC41OTA3MzE2WiIsImNyZWF0ZWRfYnkiOiJBREQgZmlsZS0xLnR4dCAvc29tZWZpbGUtMS50eHQgIyBidWlsZGtpdCIsImNvbW1lbnQiOiJidWlsZGtpdC5kb2NrZXJmaWxlLnYwIn0seyJjcmVhdGVkIjoiMjAyMS0xMC0wNFQxMTo0MDowMC42MzgzOTQ1WiIsImNyZWF0ZWRfYnkiOiJBREQgZmlsZS0yLnR4dCAvc29tZWZpbGUtMi50eHQgIyBidWlsZGtpdCIsImNvbW1lbnQiOiJidWlsZGtpdC5kb2NrZXJmaWxlLnYwIn1dLCJvcyI6ImxpbnV4Iiwicm9vdGZzIjp7InR5cGUiOiJsYXllcnMiLCJkaWZmX2lkcyI6WyJzaGEyNTY6ZmI2YmVlY2I3NWIzOWY0YmI4MTNkYmYxNzdlNTAxZWRkNWRkYjNlNjliYjQ1Y2VkZWI3OGM2NzZlZTFiN2E1OSIsInNoYTI1NjozMTliNTg4Y2U2NDI1M2E4N2I1MzNjOGVkMDFjZjAwMjVlMGVhYzk4ZTdiNTE2ZTEyNTMyOTU3ZTEyNDRmZGVjIl19fQ==",
|
|
"repoDigests": []
|
|
},
|
|
"Path": ""
|
|
},
|
|
"dataLicense": "CC0-1.0",
|
|
"documentNamespace": "https:/anchore.com/syft/image/user-image-input-7c996682-9cdf-45cd-b70b-e771d740c9ed",
|
|
"packages": [
|
|
{
|
|
"SPDXID": "SPDXRef-Package-python-package-1-1.0.1",
|
|
"name": "package-1",
|
|
"licenseConcluded": "MIT",
|
|
"downloadLocation": "NOASSERTION",
|
|
"externalRefs": [
|
|
{
|
|
"referenceCategory": "SECURITY",
|
|
"referenceLocator": "cpe:2.3:*:some:package:1:*:*:*:*:*:*:*",
|
|
"referenceType": "cpe23Type"
|
|
},
|
|
{
|
|
"referenceCategory": "PACKAGE_MANAGER",
|
|
"referenceLocator": "a-purl-1",
|
|
"referenceType": "purl"
|
|
}
|
|
],
|
|
"filesAnalyzed": false,
|
|
"licenseDeclared": "MIT",
|
|
"sourceInfo": "acquired package info from installed python package manifest file: /somefile-1.txt",
|
|
"versionInfo": "1.0.1"
|
|
},
|
|
{
|
|
"SPDXID": "SPDXRef-Package-deb-package-2-2.0.1",
|
|
"name": "package-2",
|
|
"licenseConcluded": "NONE",
|
|
"downloadLocation": "NOASSERTION",
|
|
"externalRefs": [
|
|
{
|
|
"referenceCategory": "SECURITY",
|
|
"referenceLocator": "cpe:2.3:*:some:package:2:*:*:*:*:*:*:*",
|
|
"referenceType": "cpe23Type"
|
|
},
|
|
{
|
|
"referenceCategory": "PACKAGE_MANAGER",
|
|
"referenceLocator": "a-purl-2",
|
|
"referenceType": "purl"
|
|
}
|
|
],
|
|
"filesAnalyzed": false,
|
|
"licenseDeclared": "NONE",
|
|
"sourceInfo": "acquired package info from DPKG DB: /somefile-2.txt",
|
|
"versionInfo": "2.0.1"
|
|
}
|
|
]
|
|
}
|