Add a SBOM file in CycloneDX format

Improve supply chain security by including a SBOM file with substituted values. This will be used to construct a composite platform SBOM. Signed-off-by: Richard Hughes <richard@hughsie.com> Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
2024-11-16 11:28:16 +00:00 · 2024-11-16 11:28:16 +00:00 · d1656730ab
parent b75515af45
commit d1656730ab
1 changed files with 41 additions and 0 deletions
--- a/libfdt/sbom.cdx.json
+++ b/libfdt/sbom.cdx.json
@ -0,0 +1,41 @@
+{
+  "bomFormat": "CycloneDX",
+  "specVersion": "1.6",
+  "version": 1,
+  "components": [
+    {
+      "type": "library",
+      "bom-ref": "pkg:github/dgibson/libfdt@@VCS_TAG@",
+      "cpe": "cpe:2.3:a:dgibson:libfdt:@VCS_TAG@:*:*:*:*:*:*:*",
+      "name": "libfdt",
+      "version": "@VCS_VERSION@",
+      "description": "Utility library for reading and manipulating the FDT binary format",
+      "authors": [
+        {
+          "name": "@VCS_SBOM_AUTHORS@"
+        }
+      ],
+      "supplier": {
+        "name": "libfdt developers"
+      },
+      "licenses": [
+        {
+          "license": {
+            "id": "BSD-2-Clause"
+          }
+        },
+        {
+          "license": {
+            "id": "GPL-2.0-or-later"
+          }
+        }
+      ],
+      "externalReferences": [
+        {
+          "type": "vcs",
+          "url": "https://github.com/dgibson/dtc"
+        }
+      ]
+    }
+  ]
+}