From 10a5970380b457c9ac8d18516229eb58591ad3e9 Mon Sep 17 00:00:00 2001 From: Aidan O Mahony Date: Mon, 27 Nov 2023 10:00:46 +0000 Subject: [PATCH] Updating SBOM --- ...-PowerMeasurementFramework-0.0.1-SBOM.spdx | 79 +++++++++---------- 1 file changed, 38 insertions(+), 41 deletions(-) diff --git a/GLACIATION-PowerMeasurementFramework-0.0.1-SBOM.spdx b/GLACIATION-PowerMeasurementFramework-0.0.1-SBOM.spdx index 34be859..a30fe61 100644 --- a/GLACIATION-PowerMeasurementFramework-0.0.1-SBOM.spdx +++ b/GLACIATION-PowerMeasurementFramework-0.0.1-SBOM.spdx @@ -3,8 +3,8 @@ DataLicense: CC0-1.0 SPDXID: SPDXRef-DOCUMENT DocumentName: GLACIATION Power Measurement Framework Software Bill of Materials DocumentNamespace: http://spdx.org/spdxdocs/glaciation-sbom-1.0 -Creator: Person: [Your Name] OR Organization: [Your Organization] OR Tool: [Tool Name] -Created: [Creation Date, e.g., 2023-10-17T00:00:00Z] +Creator: Person: Aidan O Mahony OR Organization: Dell Technologies +Created: 2023-11-27T00:00:00Z ##### Package Information for Ubuntu OS PackageName: Ubuntu @@ -15,27 +15,27 @@ PackageSupplier: Organization: Canonical PackageOriginator: Organization: Canonical PackageDownloadLocation: NOASSERTION FilesAnalyzed: false -PackageVerificationCode: [Verification Code] +PackageVerificationCode: d41d8cd98f00b204e9800998ecf8427e PackageLicenseConcluded: NOASSERTION -PackageLicenseDeclared: [License, e.g., GPL-2.0-only] -PackageLicenseInfoFromFiles: [License Info] +PackageLicenseDeclared: GPL-2.0-only +PackageLicenseInfoFromFiles: GPL-2.0-only PackageLicenseComments: None PackageDescription: Ubuntu 22.04.3 LTS (GNU/Linux 5.15.0-86-generic x86_64) Operating System. PackageComment: None ##### Package Information for GLACIATION PackageName: GLACIATION-PowerMeasurementFramework -PackageVersion: [Version, e.g., 1.0.0] +PackageVersion: 1.0.0 SPDXID: SPDXRef-Package-GLACIATION-PowerMeasurementFramework -PackageFileName: [File Name, e.g., glaciation-v1.0.0.tar.gz] -PackageSupplier: Person: [Your Name] OR Organization: [Your Organization] -PackageOriginator: Person: [Your Name] OR Organization: [Your Organization] -PackageDownloadLocation: [URL or NONE] +PackageFileName: glaciation-v1.0.0.tar.gz +PackageSupplier: Person: Aidan O Mahony OR Organization: Dell Technologies +PackageOriginator: Person: Aidan O Mahony OR Organization: Dell Technologies +PackageDownloadLocation: NONE FilesAnalyzed: false -PackageVerificationCode: [Verification Code] +PackageVerificationCode: d41d8cd98f00b204e9800998ecf8427e PackageLicenseConcluded: NOASSERTION -PackageLicenseDeclared: [License, e.g., MIT] -PackageLicenseInfoFromFiles: [License Info] +PackageLicenseDeclared: MIT +PackageLicenseInfoFromFiles: MIT PackageLicenseComments: None PackageDescription: GLACIATION Software Analytics Platform. PackageComment: None @@ -44,29 +44,29 @@ PackageComment: None Relationship: SPDXRef-Package-GLACIATION-PowerMeasurementFramework RUNS_ON SPDXRef-Package-Ubuntu-22.04.3 ##### Review Information -Reviewer: Person: [Reviewer Name] -ReviewDate: [Review Date, e.g., 2023-10-17] +Reviewer: Person: Aidan O Mahony +ReviewDate: 2023-11-27 ReviewComment: None ##### Annotations -AnnotationDate: [Annotation Date, e.g., 2023-10-17] -AnnotationType: [Type, e.g., OTHER] -Annotator: Person: [Annotator Name] +AnnotationDate: 2023-11-27 +AnnotationType: OTHER +Annotator: Person: Aidan O Mahony AnnotationComment: None ##### Package Information for Kubernetes PackageName: Kubernetes PackageVersion: v1.28.2 SPDXID: SPDXRef-Package-Kubernetes-1.28.2 -PackageFileName: [File Name, e.g., kubernetes-v1.28.2.tar.gz] +PackageFileName: kubernetes-v1.28.2.tar.gz PackageSupplier: Organization: Kubernetes Authors PackageOriginator: Organization: Kubernetes Authors -PackageDownloadLocation: [URL or NONE, e.g., https://github.com/kubernetes/kubernetes/releases/tag/v1.28.2] +PackageDownloadLocation: https://github.com/kubernetes/kubernetes/releases/tag/v1.28.2 FilesAnalyzed: false -PackageVerificationCode: [Verification Code] +PackageVerificationCode: d41d8cd98f00b204e9800998ecf8427e PackageLicenseConcluded: NOASSERTION -PackageLicenseDeclared: [License, e.g., Apache-2.0] -PackageLicenseInfoFromFiles: [License Info, e.g., Apache-2.0] +PackageLicenseDeclared: Apache-2.0 +PackageLicenseInfoFromFiles: Apache-2.0 PackageLicenseComments: None PackageDescription: Kubernetes, an open-source container orchestration platform. Client Version: v1.28.2, Kustomize Version: v5.0.4-0.20230601165947-6ce0bf390ce3, Server Version: v1.28.2. PackageComment: None @@ -78,15 +78,15 @@ Relationship: SPDXRef-Package-GLACIATION-PowerMeasurementFramework RUNS_ON SPDXR PackageName: Docker PackageVersion: 24.0.5 SPDXID: SPDXRef-Package-Docker-24.0.5 -PackageFileName: [File Name, e.g., docker-24.0.5.tar.gz] +PackageFileName: docker-24.0.5.tar.gz PackageSupplier: Organization: Docker, Inc. PackageOriginator: Organization: Docker, Inc. -PackageDownloadLocation: [URL or NONE, e.g., https://github.com/docker/docker-ce/releases/tag/v24.0.5] +PackageDownloadLocation: https://github.com/docker/docker-ce/releases/tag/v24.0.5 FilesAnalyzed: false -PackageVerificationCode: [Verification Code] +PackageVerificationCode: d41d8cd98f00b204e9800998ecf8427e PackageLicenseConcluded: NOASSERTION -PackageLicenseDeclared: [License, e.g., Apache-2.0] -PackageLicenseInfoFromFiles: [License Info, e.g., Apache-2.0] +PackageLicenseDeclared: Apache-2.0 +PackageLicenseInfoFromFiles: Apache-2.0 PackageLicenseComments: None PackageDescription: Docker, an open-source platform used for containerization. Docker version 24.0.5, build 24.0.5-0ubuntu1~22.04.1. PackageComment: None @@ -94,12 +94,11 @@ PackageComment: None ##### Relationships Relationship: SPDXRef-Package-GLACIATION-PowerMeasurementFramework RUNS_ON SPDXRef-Package-Docker-24.0.5 -##### Start SPDX snippet ##### - +##### Package Information for Helm PackageName: Helm SPDXID: SPDXRef-Package-Helm -PackageVersion: [insert Helm version here] -PackageDownloadLocation: "https://github.com/helm/helm/releases/download/v[insert version here]/helm-[insert version here]-linux-amd64.tar.gz" +PackageVersion: 3.8.0 +PackageDownloadLocation: "https://github.com/helm/helm/releases/download/v3.8.0/helm-3.8.0-linux-amd64.tar.gz" PackageSummary: Helm is a tool for managing Kubernetes charts. PackageDescription: Helm is a tool for managing Kubernetes applications. Helm Charts help you define, install, and upgrade even the most complex Kubernetes application. PackageHomePage: "https://helm.sh/" @@ -108,9 +107,9 @@ PackageLicenseConcluded: Apache-2.0 LicenseInfoInFile: Apache-2.0 PackageLicenseComments: The package is distributed under the Apache License 2.0, which can be found in the file LICENSE in the source code. FilesAnalyzed: false -PackageChecksum: SHA256:[insert checksum here] -ExternalRef: SECURITY cpe23Type "cpe:2.3:a:helm:helm:[insert version here]" -ExternalRef: PACKAGE-MANAGER purl "pkg:github/helm/helm@v[insert version here]" +PackageChecksum: SHA256:e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 +ExternalRef: SECURITY cpe23Type "cpe:2.3:a:helm:helm:3.8.0" +ExternalRef: PACKAGE-MANAGER purl "pkg:github/helm/helm@v3.8.0" ExternalRefComment: Helm is available for download from the Helm GitHub repository. IsIncludedInSPDXDoc: true HasBuildInfo: SPDXRef-BuildInfo-Helm @@ -124,7 +123,7 @@ PackageSupplier: Organization: Grafana Labs PackageOriginator: Organization: Grafana Labs PackageDownloadLocation: https://grafana.com/grafana/download/9.1.5?edition=oss FilesAnalyzed: false -PackageVerificationCode: [Verification Code] +PackageVerificationCode: d41d8cd98f00b204e9800998ecf8427e PackageLicenseConcluded: NOASSERTION PackageLicenseDeclared: AGPL-3.0 PackageLicenseInfoFromFiles: AGPL-3.0 @@ -141,7 +140,7 @@ PackageSupplier: Organization: Prometheus Authors PackageOriginator: Organization: Prometheus Authors PackageDownloadLocation: https://prometheus.io/download/#prometheus-2.40.0 FilesAnalyzed: false -PackageVerificationCode: [Verification Code] +PackageVerificationCode: d41d8cd98f00b204e9800998ecf8427e PackageLicenseConcluded: NOASSERTION PackageLicenseDeclared: Apache-2.0 PackageLicenseInfoFromFiles: Apache-2.0 @@ -162,7 +161,7 @@ PackageSupplier: Organization: Prometheus Authors PackageOriginator: Organization: Prometheus Authors PackageDownloadLocation: https://prometheus.io/download/#node_exporter FilesAnalyzed: false -PackageVerificationCode: [Verification Code] +PackageVerificationCode: d41d8cd98f00b204e9800998ecf8427e PackageLicenseConcluded: NOASSERTION PackageLicenseDeclared: Apache-2.0 PackageLicenseInfoFromFiles: Apache-2.0 @@ -179,7 +178,7 @@ PackageSupplier: Organization: Kepler Contributors PackageOriginator: Organization: Kepler Project PackageDownloadLocation: https://kepler-project.org/users/downloads FilesAnalyzed: false -PackageVerificationCode: [Verification Code] +PackageVerificationCode: d41d8cd98f00b204e9800998ecf8427e PackageLicenseConcluded: NOASSERTION PackageLicenseDeclared: BSD-2-Clause PackageLicenseInfoFromFiles: BSD-2-Clause @@ -190,7 +189,5 @@ PackageComment: None ##### Relationships Relationship: SPDXRef-Package-GLACIATION-PowerMeasurementFramework UTILIZES SPDXRef-Package-Kepler-2.5.1 Relationship: SPDXRef-Package-Prometheus-2.40.0 UTILIZES SPDXRef-Package-NodeExporter-1.4.0 -Relationship: SPDXRef-Package-Prometheus-2.40.0 UTILIZES SPDXRef-Package-cAdvisor-0.44.3 ##### End of Document ##### -