outman/googletest
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Add a SBOM template in CycloneDX format

Browse Source 
Improve supply chain security by including a SBOM file with substituted values.

This will be used to construct a composite platform SBOM.

Signed-off-by: Richard Hughes <rhughes@redhat.com>
This commit is contained in:
Richard Hughes 2024-11-21 10:59:40 +00:00 committed by Richard Hughes
parent 35d0c36560
commit 6b9664a984
No known key found for this signature in database
GPG Key ID: 17ACBA8DFA970E17
1 changed files with 48 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

48
sbom.cdx.json Normal file
View File

@ -0,0 +1,48 @@
{
"bomFormat": "CycloneDX",
"specVersion": "1.6",
"version": 1,
"metadata": {
"authors": [
{
"name": "@VCS_SBOM_AUTHORS@"
}
]
},
"components": [
{
"type": "library",
"bom-ref": "pkg:github/google/googletest@@VCS_TAG@",
"cpe": "cpe:2.3:a:google:googletest:@VCS_TAG@:*:*:*:*:*:*:*",
"name": "GoogleTest",
"version": "@VCS_VERSION@",
"description": "A xUnit test framework",
"authors": [
{
"name": "@VCS_AUTHORS@",
"url": "https://raw.githubusercontent.com/google/googletest/refs/heads/main/CONTRIBUTORS"
}
],
"supplier": {
"name": "Google"
},
"licenses": [
{
"license": {
"id": "BSD-3-Clause"
}
}
],
"externalReferences": [
{
"type": "website",
"url": "https://google.github.io/googletest/"
},
{
"type": "vcs",
"url": "https://github.com/google/googletest"
}
]
}
]
}