Skip to content

chore: update SBOM for Python 3.9 #4364

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 1 commit into from
Aug 19, 2024
Merged

chore: update SBOM for Python 3.9 #4364

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
72 changes: 33 additions & 39 deletions sbom/cve-bin-tool-py3.9.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,10 +2,10 @@
"$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json",
"bomFormat": "CycloneDX",
"specVersion": "1.6",
"serialNumber": "urn:uuid:87b9b11e-38e1-4e9a-8f7a-3548bf602f43",
"serialNumber": "urn:uuid:a7c4e360-1ac7-4f5a-b5f9-e86512a3016c",
"version": 1,
"metadata": {
"timestamp": "2024-08-12T00:35:43Z",
"timestamp": "2024-08-19T00:37:24Z",
"lifecycles": [
{
"phase": "build"
Expand Down Expand Up @@ -74,7 +74,7 @@
"type": "library",
"bom-ref": "2-aiohttp",
"name": "aiohttp",
"version": "3.10.3",
"version": "3.10.4",
"description": "Async http client/server framework (asyncio)",
"licenses": [
{
Expand All @@ -87,12 +87,12 @@
],
"externalReferences": [
{
"url": "https://pypi.org/project/aiohttp/3.10.3",
"url": "https://pypi.org/project/aiohttp/3.10.4",
"type": "distribution",
"comment": "Download location for component"
}
],
"purl": "pkg:pypi/[email protected].3",
"purl": "pkg:pypi/[email protected].4",
"properties": [
{
"name": "language",
Expand All @@ -108,7 +108,7 @@
"type": "library",
"bom-ref": "3-aiohappyeyeballs",
"name": "aiohappyeyeballs",
"version": "2.3.5",
"version": "2.3.7",
"supplier": {
"name": "J. Nick Koston",
"contact": [
Expand All @@ -117,31 +117,25 @@
}
]
},
"cpe": "cpe:2.3:a:j._nick_koston:aiohappyeyeballs:2.3.5:*:*:*:*:*:*:*",
"cpe": "cpe:2.3:a:j._nick_koston:aiohappyeyeballs:2.3.7:*:*:*:*:*:*:*",
"description": "Happy Eyeballs for asyncio",
"hashes": [
{
"alg": "SHA-1",
"content": "01595bbda3380154cc4e72702a1f82502a15940a"
}
],
"licenses": [
{
"license": {
"id": "Python-2.0",
"url": "https://opensource.org/licenses/Python-2.0",
"id": "Python-2.0.1",
"url": "https://www.python.org/download/releases/2.0.1/license/",
"acknowledgement": "concluded"
}
}
],
"externalReferences": [
{
"url": "https://pypi.org/project/aiohappyeyeballs/2.3.5",
"url": "https://pypi.org/project/aiohappyeyeballs/2.3.7",
"type": "distribution",
"comment": "Download location for component"
}
],
"purl": "pkg:pypi/[email protected].5",
"purl": "pkg:pypi/[email protected].7",
"properties": [
{
"name": "language",
Expand Down Expand Up @@ -494,7 +488,7 @@
"type": "library",
"bom-ref": "12-soupsieve",
"name": "soupsieve",
"version": "2.5",
"version": "2.6",
"supplier": {
"name": "Isaac Muse",
"contact": [
Expand All @@ -503,22 +497,16 @@
}
]
},
"cpe": "cpe:2.3:a:isaac_muse:soupsieve:2.5:*:*:*:*:*:*:*",
"cpe": "cpe:2.3:a:isaac_muse:soupsieve:2.6:*:*:*:*:*:*:*",
"description": "A modern CSS selector implementation for Beautiful Soup.",
"hashes": [
{
"alg": "SHA-1",
"content": "51ec317ada7e34f70fad6bfddaef8a2cfac1aebd"
}
],
"externalReferences": [
{
"url": "https://pypi.org/project/soupsieve/2.5",
"url": "https://pypi.org/project/soupsieve/2.6",
"type": "distribution",
"comment": "Download location for component"
}
],
"purl": "pkg:pypi/soupsieve@2.5",
"purl": "pkg:pypi/soupsieve@2.6",
"properties": [
{
"name": "language",
Expand Down Expand Up @@ -1038,7 +1026,7 @@
"type": "library",
"bom-ref": "24-cachetools",
"name": "cachetools",
"version": "5.4.0",
"version": "5.5.0",
"supplier": {
"name": "Thomas Kemmer",
"contact": [
Expand All @@ -1047,7 +1035,7 @@
}
]
},
"cpe": "cpe:2.3:a:thomas_kemmer:cachetools:5.4.0:*:*:*:*:*:*:*",
"cpe": "cpe:2.3:a:thomas_kemmer:cachetools:5.5.0:*:*:*:*:*:*:*",
"description": "Extensible memoizing collections and decorators",
"licenses": [
{
Expand All @@ -1060,12 +1048,12 @@
],
"externalReferences": [
{
"url": "https://pypi.org/project/cachetools/5.4.0",
"url": "https://pypi.org/project/cachetools/5.5.0",
"type": "distribution",
"comment": "Download location for component"
}
],
"purl": "pkg:pypi/cachetools@5.4.0",
"purl": "pkg:pypi/cachetools@5.5.0",
"properties": [
{
"name": "language",
Expand Down Expand Up @@ -2152,7 +2140,7 @@
"type": "library",
"bom-ref": "50-lib4sbom",
"name": "lib4sbom",
"version": "0.7.2",
"version": "0.7.3",
"supplier": {
"name": "Anthony Harrison",
"contact": [
Expand All @@ -2161,7 +2149,7 @@
}
]
},
"cpe": "cpe:2.3:a:anthony_harrison:lib4sbom:0.7.2:*:*:*:*:*:*:*",
"cpe": "cpe:2.3:a:anthony_harrison:lib4sbom:0.7.3:*:*:*:*:*:*:*",
"description": "Software Bill of Material (SBOM) generator and consumer library",
"licenses": [
{
Expand All @@ -2174,12 +2162,12 @@
],
"externalReferences": [
{
"url": "https://pypi.org/project/lib4sbom/0.7.2",
"url": "https://pypi.org/project/lib4sbom/0.7.3",
"type": "distribution",
"comment": "Download location for component"
}
],
"purl": "pkg:pypi/[email protected].2",
"purl": "pkg:pypi/[email protected].3",
"properties": [
{
"name": "language",
Expand Down Expand Up @@ -2391,6 +2379,12 @@
},
"cpe": "cpe:2.3:a:the_purl_authors:packageurl-python:0.15.6:*:*:*:*:*:*:*",
"description": "A purl aka. Package URL parser and builder",
"hashes": [
{
"alg": "SHA-1",
"content": "14a11b50ab723796888133d3722b5b3e2845b084"
}
],
"licenses": [
{
"license": {
Expand Down Expand Up @@ -2988,7 +2982,7 @@
"type": "library",
"bom-ref": "69-setuptools",
"name": "setuptools",
"version": "72.1.0",
"version": "72.2.0",
"supplier": {
"name": "Python Packaging Authority",
"contact": [
Expand All @@ -2997,16 +2991,16 @@
}
]
},
"cpe": "cpe:2.3:a:python_packaging_authority:setuptools:72.1.0:*:*:*:*:*:*:*",
"cpe": "cpe:2.3:a:python_packaging_authority:setuptools:72.2.0:*:*:*:*:*:*:*",
"description": "Easily download, build, install, upgrade, and uninstall Python packages",
"externalReferences": [
{
"url": "https://pypi.org/project/setuptools/72.1.0",
"url": "https://pypi.org/project/setuptools/72.2.0",
"type": "distribution",
"comment": "Download location for component"
}
],
"purl": "pkg:pypi/setuptools@72.1.0",
"purl": "pkg:pypi/setuptools@72.2.0",
"properties": [
{
"name": "language",
Expand Down
57 changes: 28 additions & 29 deletions sbom/cve-bin-tool-py3.9.spdx
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,10 +2,10 @@ SPDXVersion: SPDX-2.3
DataLicense: CC0-1.0
SPDXID: SPDXRef-DOCUMENT
DocumentName: Python-cve-bin-tool
DocumentNamespace: http://spdx.org/spdxdocs/Python-cve-bin-tool-c56f8b9e-ce44-4bbc-a7ef-768580484fd7
DocumentNamespace: http://spdx.org/spdxdocs/Python-cve-bin-tool-b287583b-90ca-4401-89f8-84dbcce81a07
LicenseListVersion: 3.22
Creator: Tool: sbom4python-0.11.1
Created: 2024-08-12T00:34:16Z
Created: 2024-08-19T00:36:00Z
CreatorComment: <text>This document has been automatically generated.</text>
#####

Expand All @@ -26,33 +26,32 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:terri_oda:cve-bin-tool:3.3.1.dev0:*:*:

PackageName: aiohttp
SPDXID: SPDXRef-Package-2-aiohttp
PackageVersion: 3.10.3
PackageVersion: 3.10.4
PrimaryPackagePurpose: LIBRARY
PackageSupplier: NOASSERTION
PackageDownloadLocation: https://pypi.org/project/aiohttp/3.10.3
PackageDownloadLocation: https://pypi.org/project/aiohttp/3.10.4
FilesAnalyzed: false
PackageLicenseDeclared: NOASSERTION
PackageLicenseConcluded: Apache-2.0
PackageLicenseComments: <text>aiohttp declares Apache 2 which is not currently a valid SPDX License identifier or expression.</text>
PackageCopyrightText: NOASSERTION
PackageSummary: <text>Async http client/server framework (asyncio)</text>
ExternalRef: PACKAGE_MANAGER purl pkg:pypi/[email protected].3
ExternalRef: PACKAGE_MANAGER purl pkg:pypi/[email protected].4
#####

PackageName: aiohappyeyeballs
SPDXID: SPDXRef-Package-3-aiohappyeyeballs
PackageVersion: 2.3.5
PackageVersion: 2.3.7
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Organization: J. Nick Koston ([email protected])
PackageDownloadLocation: https://pypi.org/project/aiohappyeyeballs/2.3.5
PackageDownloadLocation: https://pypi.org/project/aiohappyeyeballs/2.3.7
FilesAnalyzed: false
PackageChecksum: SHA1: 01595bbda3380154cc4e72702a1f82502a15940a
PackageLicenseDeclared: Python-2.0
PackageLicenseConcluded: Python-2.0
PackageLicenseDeclared: Python-2.0.1
PackageLicenseConcluded: Python-2.0.1
PackageCopyrightText: NOASSERTION
PackageSummary: <text>Happy Eyeballs for asyncio</text>
ExternalRef: PACKAGE_MANAGER purl pkg:pypi/[email protected].5
ExternalRef: SECURITY cpe23Type cpe:2.3:a:j._nick_koston:aiohappyeyeballs:2.3.5:*:*:*:*:*:*:*
ExternalRef: PACKAGE_MANAGER purl pkg:pypi/[email protected].7
ExternalRef: SECURITY cpe23Type cpe:2.3:a:j._nick_koston:aiohappyeyeballs:2.3.7:*:*:*:*:*:*:*
#####

PackageName: aiosignal
Expand Down Expand Up @@ -184,18 +183,17 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:leonard_richardson:beautifulsoup4:4.12

PackageName: soupsieve
SPDXID: SPDXRef-Package-12-soupsieve
PackageVersion: 2.5
PackageVersion: 2.6
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Isaac Muse ([email protected])
PackageDownloadLocation: https://pypi.org/project/soupsieve/2.5
PackageDownloadLocation: https://pypi.org/project/soupsieve/2.6
FilesAnalyzed: false
PackageChecksum: SHA1: 51ec317ada7e34f70fad6bfddaef8a2cfac1aebd
PackageLicenseDeclared: NOASSERTION
PackageLicenseConcluded: NOASSERTION
PackageCopyrightText: NOASSERTION
PackageSummary: <text>A modern CSS selector implementation for Beautiful Soup.</text>
ExternalRef: PACKAGE_MANAGER purl pkg:pypi/soupsieve@2.5
ExternalRef: SECURITY cpe23Type cpe:2.3:a:isaac_muse:soupsieve:2.5:*:*:*:*:*:*:*
ExternalRef: PACKAGE_MANAGER purl pkg:pypi/soupsieve@2.6
ExternalRef: SECURITY cpe23Type cpe:2.3:a:isaac_muse:soupsieve:2.6:*:*:*:*:*:*:*
#####

PackageName: cvss
Expand Down Expand Up @@ -378,17 +376,17 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:google_cloud_platform:google-auth:2.17

PackageName: cachetools
SPDXID: SPDXRef-Package-24-cachetools
PackageVersion: 5.4.0
PackageVersion: 5.5.0
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Thomas Kemmer ([email protected])
PackageDownloadLocation: https://pypi.org/project/cachetools/5.4.0
PackageDownloadLocation: https://pypi.org/project/cachetools/5.5.0
FilesAnalyzed: false
PackageLicenseDeclared: MIT
PackageLicenseConcluded: MIT
PackageCopyrightText: NOASSERTION
PackageSummary: <text>Extensible memoizing collections and decorators</text>
ExternalRef: PACKAGE_MANAGER purl pkg:pypi/cachetools@5.4.0
ExternalRef: SECURITY cpe23Type cpe:2.3:a:thomas_kemmer:cachetools:5.4.0:*:*:*:*:*:*:*
ExternalRef: PACKAGE_MANAGER purl pkg:pypi/cachetools@5.5.0
ExternalRef: SECURITY cpe23Type cpe:2.3:a:thomas_kemmer:cachetools:5.5.0:*:*:*:*:*:*:*
#####

PackageName: pyasn1-modules
Expand Down Expand Up @@ -788,17 +786,17 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:julian_berman:rpds-py:0.20.0:*:*:*:*:*

PackageName: lib4sbom
SPDXID: SPDXRef-Package-50-lib4sbom
PackageVersion: 0.7.2
PackageVersion: 0.7.3
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Anthony Harrison ([email protected])
PackageDownloadLocation: https://pypi.org/project/lib4sbom/0.7.2
PackageDownloadLocation: https://pypi.org/project/lib4sbom/0.7.3
FilesAnalyzed: false
PackageLicenseDeclared: Apache-2.0
PackageLicenseConcluded: Apache-2.0
PackageCopyrightText: NOASSERTION
PackageSummary: <text>Software Bill of Material (SBOM) generator and consumer library</text>
ExternalRef: PACKAGE_MANAGER purl pkg:pypi/[email protected].2
ExternalRef: SECURITY cpe23Type cpe:2.3:a:anthony_harrison:lib4sbom:0.7.2:*:*:*:*:*:*:*
ExternalRef: PACKAGE_MANAGER purl pkg:pypi/[email protected].3
ExternalRef: SECURITY cpe23Type cpe:2.3:a:anthony_harrison:lib4sbom:0.7.3:*:*:*:*:*:*:*
#####

PackageName: pyyaml
Expand Down Expand Up @@ -872,6 +870,7 @@ PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: the purl authors
PackageDownloadLocation: https://pypi.org/project/packageurl-python/0.15.6
FilesAnalyzed: false
PackageChecksum: SHA1: 14a11b50ab723796888133d3722b5b3e2845b084
PackageLicenseDeclared: MIT
PackageLicenseConcluded: MIT
PackageCopyrightText: NOASSERTION
Expand Down Expand Up @@ -1086,17 +1085,17 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:sean_ross:rpmfile:2.1.0:*:*:*:*:*:*:*

PackageName: setuptools
SPDXID: SPDXRef-Package-69-setuptools
PackageVersion: 72.1.0
PackageVersion: 72.2.0
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Organization: Python Packaging Authority ([email protected])
PackageDownloadLocation: https://pypi.org/project/setuptools/72.1.0
PackageDownloadLocation: https://pypi.org/project/setuptools/72.2.0
FilesAnalyzed: false
PackageLicenseDeclared: NOASSERTION
PackageLicenseConcluded: NOASSERTION
PackageCopyrightText: NOASSERTION
PackageSummary: <text>Easily download, build, install, upgrade, and uninstall Python packages</text>
ExternalRef: PACKAGE_MANAGER purl pkg:pypi/setuptools@72.1.0
ExternalRef: SECURITY cpe23Type cpe:2.3:a:python_packaging_authority:setuptools:72.1.0:*:*:*:*:*:*:*
ExternalRef: PACKAGE_MANAGER purl pkg:pypi/setuptools@72.2.0
ExternalRef: SECURITY cpe23Type cpe:2.3:a:python_packaging_authority:setuptools:72.2.0:*:*:*:*:*:*:*
#####

PackageName: toml
Expand Down