From 32d5c4c4862453c60f766c1d7f8800149ef83f8c Mon Sep 17 00:00:00 2001 From: Richard Hughes Date: Mon, 25 Nov 2024 14:37:10 +0000 Subject: [PATCH] Add a SBOM template in CycloneDX format Improve supply chain security by including a SBOM file with substituted values. This will be used to construct a composite platform SBOM. Signed-off-by: Richard Hughes --- packaging/sbom.cdx.json | 43 +++++++++++++++++++++++++++++++++++++++++ 1 file changed, 43 insertions(+) create mode 100644 packaging/sbom.cdx.json diff --git a/packaging/sbom.cdx.json b/packaging/sbom.cdx.json new file mode 100644 index 00000000..7f1d5ea9 --- /dev/null +++ b/packaging/sbom.cdx.json @@ -0,0 +1,43 @@ +{ + "bomFormat": "CycloneDX", + "specVersion": "1.6", + "version": 1, + "metadata": { + "authors": [ + { + "name": "@VCS_SBOM_AUTHORS@" + } + ] + }, + "components": [ + { + "type": "library", + "bom-ref": "pkg:github/latchset/pkcs11-provider@@VCS_TAG@", + "cpe": "cpe:2.3:a:latchset:pkcs11-provider:@VCS_TAG@:*:*:*:*:*:*:*", + "name": "pkcs11-provider", + "version": "@VCS_VERSION@", + "description": "OpenSSL 3.x provider to access Hardware and Software Tokens using the PKCS#11 Cryptographic Token Interface", + "supplier": { + "name": "pkcs11-provider developers" + }, + "authors": [ + { + "name": "@VCS_AUTHORS@" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "externalReferences": [ + { + "type": "vcs", + "url": "https://github.com/latchset/pkcs11-provider" + } + ] + } + ] +}