Skip to content

Commit

Permalink
Add a SBOM template in CycloneDX format
Browse files Browse the repository at this point in the history
Improve supply chain security by including a SBOM file with substituted values.

This will be used to construct a composite platform SBOM.

Signed-off-by: Richard Hughes <[email protected]>
  • Loading branch information
hughsie committed Nov 25, 2024
1 parent 93bd41c commit 32d5c4c
Showing 1 changed file with 43 additions and 0 deletions.
43 changes: 43 additions & 0 deletions packaging/sbom.cdx.json
Original file line number Diff line number Diff line change
@@ -0,0 +1,43 @@
{
"bomFormat": "CycloneDX",
"specVersion": "1.6",
"version": 1,
"metadata": {
"authors": [
{
"name": "@VCS_SBOM_AUTHORS@"
}
]
},
"components": [
{
"type": "library",
"bom-ref": "pkg:github/latchset/pkcs11-provider@@VCS_TAG@",
"cpe": "cpe:2.3:a:latchset:pkcs11-provider:@VCS_TAG@:*:*:*:*:*:*:*",
"name": "pkcs11-provider",
"version": "@VCS_VERSION@",
"description": "OpenSSL 3.x provider to access Hardware and Software Tokens using the PKCS#11 Cryptographic Token Interface",
"supplier": {
"name": "pkcs11-provider developers"
},
"authors": [
{
"name": "@VCS_AUTHORS@"
}
],
"licenses": [
{
"license": {
"id": "Apache-2.0"
}
}
],
"externalReferences": [
{
"type": "vcs",
"url": "https://github.com/latchset/pkcs11-provider"
}
]
}
]
}

0 comments on commit 32d5c4c

Please sign in to comment.