Skip to content

Commit

Permalink
Initial example1-with-VEX
Browse files Browse the repository at this point in the history 
Signed-off-by: notanaka <[email protected]>
  • Loading branch information
@no-ta @NorioKobota
no-ta authored and NorioKobota committed Jul 2, 2024
1 parent 4b49a28 commit 3b13c8f
Show file tree
Hide file tree
Showing 7 changed files with 723 additions and 0 deletions.
189 changes: 189 additions & 0 deletions lite/example1-with-VEX/Lite-example-1-1-with-VEX.jsonld
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,189 @@
{
"@context": "https://raw.githubusercontent.com/spdx/spdx-3-serialization-prototype-playground/main/jsonld/spdx-3.0-context.json-ld",
"@graph": [
{
"type": "SpdxDocument",
"spdxId": "http://spdx.example.com/Document/1",
"name": "Lite-SpdxDocument",
"comment": "if any",
"creationInfo": "_:creationinfo",
"verifiedUsing": [{
"type": "Hash",
"algorithm": "sha3_512",
"hashValue": "hash value of Sbom object"
}],
"rootElement": "http://spdx.example.com/Sbom/1",
"element": [
"http://spdx.example.com/Sbom/1",
"http://spdx.example.com/Bom/1"
],
"namespaceMap": [{
"type": "NamespaceMap",
"prefix": "lite-example",
"namespace": "http://spdx.example.com/Lite/1"
}],
"dataLicense": "CC0-1.0"
},
{
"type": "Sbom",
"spdxId": "http://spdx.example.com/Sbom/1",
"creationInfo": "_:creationinfo",
"rootElement": "http://spdx.example.com/Package/1",
"element": [
"http://spdx.example.com/Package/1",
"http://spdx.example.com/LicenseExpression/1",
"http://spdx.example.com/Relationship/1",
"http://spdx.example.com/Relationship/2",
"http://spdx.example.com/Relationship/3"
],
"sbomType": "build"
},
{
"type": "CreationInfo",
"@id": "_:creationinfo",
"specVersion": "3.0.0",
"comment": "if any",
"created": "2024-05-06T00:00:00Z",
"createdBy": "http://spdx.example.com/Agent/NorioKobota"
},
{
"type": "Person",
"spdxId": "http://spdx.example.com/Agent/NorioKobota",
"name": "Norio Kobota",
"creationInfo": "_:creationinfo",
"externalIdentifier": {
"type": "ExternalIdentifier",
"externalIdentifierType": "email",
"identifier": "[email protected]"
}
},
{
"type": "Package",
"spdxId": "http://spdx.example.com/Package/1",
"name": "my-package",
"comment": "if any",
"creationInfo": "_:creationinfo",
"verifiedUsing": [{
"type": "Hash",
"algorithm": "sha3_512",
"hashValue": "hash value of the package file"
}],
"originatedBy": [
"http://spdx.example.com/Agent/NorioKobota"
],
"suppliedBy": "http://spdx.example.com/Agent/NorioKobota",
"builtTime": "2024-05-06T00:00:00Z",
"releaseTime": "2024-05-06T00:00:00Z",
"validUntilTime": "2034-05-06T00:00:00Z",
"supportLevel": "limitedSupport",
"copyrightText": "copyright text",
"attributionText": "other attribution text",
"packageVersion": "v1.0",
"downloadLocation": "http://dl.example.com/my-package_v1.0.tar",
"packageUrl": "pkg:github/example/my-package/releases/tag/v1.0",
"homepage": "website for the Package/1"
},
{
"type": "LicenseExpression",
"spdxId": "http://spdx.example.com/LicenseExpression/1",
"creationInfo": "_:creationinfo",
"licenseExpression": "MIT",
"licenseListVersion": "3.23.0"
},
{
"type": "Relationship",
"spdxId": "http://spdx.example.com/Relationship/1",
"creationInfo": "_:creationinfo",
"from": "http://spdx.example.com/Sbom/1",
"to": [
"http://spdx.example.com/Package/1"
],
"relationshipType": "contains"
},
{
"type": "Relationship",
"spdxId": "http://spdx.example.com/Relationship/2",
"creationInfo": "_:creationinfo",
"from": "http://spdx.example.com/Package/1",
"to": [
"http://spdx.example.com/LicenseExpression/1"
],
"relationshipType": "hasDeclaredLicense"
},
{
"type": "Relationship",
"spdxId": "http://spdx.example.com/Relationship/3",
"creationInfo": "_:creationinfo",
"from": "http://spdx.example.com/Package/1",
"to": [
"http://spdx.example.com/LicenseExpression/1"
],
"relationshipType": "hasConcludedLicense"
},
{
"type": "Bom",
"spdxId": "http://spdx.example.com/Bom/1",
"creationInfo": "_:creationinfo_vex1",
"extension": [{
"cdxPropName": "VexDocumentVersion",
"cdxPropValue": "0"
}],
"rootElement": [
"http://spdx.example.com/Vulnerability/1"
],
"element": [
"http://spdx.example.com/Vunlnerability/1",
"http://spdx.example.com/Relationship/vul1",
"http://spdx.example.com/VexUnderInvestigationVulnAssessmentRelationship/1"
]
},
{
"type": "CreationInfo",
"@id": "_:creationinfo_vex1",
"specVersion": "3.0.0",
"comment": "if any",
"created": "2024-05-06T00:00:00Z",
"createdBy": "http://spdx.example.com/Agent/NorioKobota"
},
{
"type": "Vulnerability",
"spdxId": "http://spdx.example.com/Vulnerability/1",
"name": "CVE-1234-1234",
"comment": "if any",
"creationInfo": "_:creationinfo_vex1",
"externalIdetifier": {
"identifier": "CVE-1234-1234",
"comment": "must"
},
"publishedTime": "2024-05-06T00:00:00Z",
"modifiedTime": "2024-05-06T00:00:00Z"
},
{
"type": "Relationship",
"spdxId": "http://spdx.example.com/Relationship/vul1",
"creationInfo": "_:creationinfo_vex1",
"from": "http://spdx.example.com/Package/1",
"to": [
"http://spdx.example.com/Vulnerability/1"
],
"relationshipType": "hasAssociatedVulnerability"
},
{
"type": "VexUnderInvestigationVulnAssessmentRelationship",
"spdxId": "http://spdx.example.com/VexUnderInvestigationVulnAssessmentRelationship/1",
"name": "if any",
"comment": "if any",
"creationInfo": "_:creationinfo_vex1",
"from": "http://spdx.example.com/Vulnerability/1",
"to": [
"http://spdx.example.com/Package/1"
],
"relationshipType": "underInvestigationFor",
"/Core/suppliedBy": [
"http://spdx.example.com/Agent/NorioKobota"
],
"vexVersion": "0",
"statusNotes": "if any"
}
]
}
Loading

0 comments on commit 3b13c8f

Please sign in to comment.