sbom.spdx.json 6.2 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207
  1. {
  2. "SPDXID": "SPDXRef-DOCUMENT",
  3. "name": "SBOM-SPDX-9639e3bb-f1ce-4ffd-8202-e2232b60550e",
  4. "spdxVersion": "SPDX-2.3",
  5. "creationInfo": {
  6. "created": "",
  7. "creators": [
  8. "Organization: Apple, Inc."
  9. ]
  10. },
  11. "dataLicense": "Apache-2.0",
  12. "documentNamespace": "urn:uuid:2e25672d-2c81-4bca-bf5b-9cc3b6805653",
  13. "documentDescribes": [
  14. "SPDXRef-Package-static-linux-sdk"
  15. ],
  16. "packages": [
  17. {
  18. "SPDXID": "SPDXRef-Package-static-linux-sdk",
  19. "name": "Swift Static SDK for Linux",
  20. "versionInfo": "0.1.0",
  21. "filesAnalyzed": false,
  22. "licenseDeclared": "Apache-2.0",
  23. "licenseConcluded": "Apache-2.0",
  24. "downloadLocation": "https://swift.org/install/sdk",
  25. "copyrightText": "NOASSERTION",
  26. "checksums": []
  27. },
  28. {
  29. "SPDXID": "SPDXRef-Package-swift",
  30. "name": "swift",
  31. "versionInfo": "6.3.2-RELEASE",
  32. "filesAnalyzed": false,
  33. "licenseDeclared": "Apache-2.0",
  34. "licenseConcluded": "Apache-2.0",
  35. "downloadLocation": "https://swift.org",
  36. "copyrightText": "NOASSERTION",
  37. "checksums": []
  38. },
  39. {
  40. "SPDXID": "SPDXRef-Package-musl",
  41. "name": "musl",
  42. "versionInfo": "1.2.5",
  43. "filesAnalyzed": false,
  44. "licenseDeclared": "MIT",
  45. "licenseConcluded": "MIT",
  46. "downloadLocation": "https://musl.org",
  47. "copyrightText": "NOASSERTION",
  48. "checksums": []
  49. },
  50. {
  51. "SPDXID": "SPDXRef-Package-musl-fts",
  52. "name": "musl-fts",
  53. "versionInfo": "1.2.7",
  54. "filesAnalyzed": false,
  55. "licenseDeclared": "BSD-3-Clause",
  56. "licenseConcluded": "BSD-3-Clause",
  57. "downloadLocation": "https://github.com/void-linux/musl-fts",
  58. "copyrightText": "NOASSERTION",
  59. "checksums": []
  60. },
  61. {
  62. "SPDXID": "SPDXRef-Package-libxml2",
  63. "name": "libxml2",
  64. "versionInfo": "2.14.5",
  65. "filesAnalyzed": false,
  66. "licenseDeclared": "MIT",
  67. "licenseConcluded": "MIT",
  68. "downloadLocation": "https://github.com/GNOME/libxml2",
  69. "copyrightText": "NOASSERTION",
  70. "checksums": []
  71. },
  72. {
  73. "SPDXID": "SPDXRef-Package-curl",
  74. "name": "curl",
  75. "versionInfo": "8.15.0",
  76. "filesAnalyzed": false,
  77. "licenseDeclared": "MIT",
  78. "licenseConcluded": "MIT",
  79. "downloadLocation": "https://curl.se",
  80. "copyrightText": "NOASSERTION",
  81. "checksums": []
  82. },
  83. {
  84. "SPDXID": "SPDXRef-Package-boringssl",
  85. "name": "boringssl",
  86. "versionInfo": "",
  87. "filesAnalyzed": false,
  88. "licenseDeclared": "OpenSSL AND ISC AND MIT",
  89. "licenseConcluded": "OpenSSL AND ISC AND MIT",
  90. "downloadLocation": "https://boringssl.googlesource.com/boringssl/",
  91. "copyrightText": "NOASSERTION",
  92. "checksums": []
  93. },
  94. {
  95. "SPDXID": "SPDXRef-Package-zlib",
  96. "name": "zlib",
  97. "versionInfo": "1.3.1",
  98. "filesAnalyzed": false,
  99. "licenseDeclared": "Zlib",
  100. "licenseConcluded": "Zlib",
  101. "downloadLocation": "https://zlib.net",
  102. "copyrightText": "NOASSERTION",
  103. "checksums": []
  104. },
  105. {
  106. "SPDXID": "SPDXRef-Package-bzip2",
  107. "name": "bzip2",
  108. "versionInfo": "1.0.8",
  109. "filesAnalyzed": false,
  110. "licenseDeclared": "bzip2-1.0.6",
  111. "licenseConcluded": "bzip2-1.0.6",
  112. "downloadLocation": "https://sourceware.org/bzip2/",
  113. "copyrightText": "NOASSERTION",
  114. "checksums": []
  115. },
  116. {
  117. "SPDXID": "SPDXRef-Package-xz",
  118. "name": "XZ Utils",
  119. "versionInfo": "5.8.1",
  120. "filesAnalyzed": false,
  121. "licenseDeclared": "0BSD",
  122. "licenseConcluded": "0BSD",
  123. "downloadLocation": "https://tukaani.org/xz",
  124. "copyrightText": "NOASSERTION",
  125. "checksums": []
  126. },
  127. {
  128. "SPDXID": "SPDXRef-Package-libarchive",
  129. "name": "libarchive",
  130. "versionInfo": "3.8.1",
  131. "filesAnalyzed": false,
  132. "licenseDeclared": "BSD-2-Clause",
  133. "licenseConcluded": "BSD-2-Clause",
  134. "downloadLocation": "https://www.libarchive.org",
  135. "copyrightText": "NOASSERTION",
  136. "checksums": []
  137. },
  138. {
  139. "SPDXID": "SPDXRef-Package-mimalloc",
  140. "name": "mimalloc",
  141. "versionInfo": "2.2.4",
  142. "filesAnalyzed": false,
  143. "licenseDeclared": "MIT",
  144. "licenseConcluded": "MIT",
  145. "downloadLocation": "https://microsoft.github.io/mimalloc/",
  146. "copyrightText": "NOASSERTION",
  147. "checksums": []
  148. }
  149. ],
  150. "relationships": [
  151. {
  152. "spdxElementId": "SPDXRef-Package-static-linux-sdk",
  153. "relationshipType": "GENERATED_FROM",
  154. "relatedSpdxElement": "SPDXRef-Package-swift"
  155. },
  156. {
  157. "spdxElementId": "SPDXRef-Package-static-linux-sdk",
  158. "relationshipType": "GENERATED_FROM",
  159. "relatedSpdxElement": "SPDXRef-Package-musl"
  160. },
  161. {
  162. "spdxElementId": "SPDXRef-Package-static-linux-sdk",
  163. "relationshipType": "GENERATED_FROM",
  164. "relatedSpdxElement": "SPDXRef-Package-musl-fts"
  165. },
  166. {
  167. "spdxElementId": "SPDXRef-Package-static-linux-sdk",
  168. "relationshipType": "GENERATED_FROM",
  169. "relatedSpdxElement": "SPDXRef-Package-libxml2"
  170. },
  171. {
  172. "spdxElementId": "SPDXRef-Package-static-linux-sdk",
  173. "relationshipType": "GENERATED_FROM",
  174. "relatedSpdxElement": "SPDXRef-Package-curl"
  175. },
  176. {
  177. "spdxElementId": "SPDXRef-Package-static-linux-sdk",
  178. "relationshipType": "GENERATED_FROM",
  179. "relatedSpdxElement": "SPDXRef-Package-boringssl"
  180. },
  181. {
  182. "spdxElementId": "SPDXRef-Package-static-linux-sdk",
  183. "relationshipType": "GENERATED_FROM",
  184. "relatedSpdxElement": "SPDXRef-Package-zlib"
  185. },
  186. {
  187. "spdxElementId": "SPDXRef-Package-static-linux-sdk",
  188. "relationshipType": "GENERATED_FROM",
  189. "relatedSpdxElement": "SPDXRef-Package-bzip2"
  190. },
  191. {
  192. "spdxElementId": "SPDXRef-Package-static-linux-sdk",
  193. "relationshipType": "GENERATED_FROM",
  194. "relatedSpdxElement": "SPDXRef-Package-xz"
  195. },
  196. {
  197. "spdxElementId": "SPDXRef-Package-static-linux-sdk",
  198. "relationshipType": "GENERATED_FROM",
  199. "relatedSpdxElement": "SPDXRef-Package-libarchive"
  200. },
  201. {
  202. "spdxElementId": "SPDXRef-Package-static-linux-sdk",
  203. "relationshipType": "GENERATED_FROM",
  204. "relatedSpdxElement": "SPDXRef-Package-mimalloc"
  205. }
  206. ]
  207. }