Loading tools/sbom/generate-sbom.py +5 −1 Original line number Diff line number Diff line Loading @@ -279,12 +279,13 @@ def get_sbom_fragments(installed_file_metadata, metadata_file_path): name, external_refs = get_source_package_info(installed_file_metadata, metadata_file_path) source_package_id = new_package_id(name, PKG_SOURCE) source_package = sbom_data.Package(id=source_package_id, name=name, version=args.build_version, download_location=sbom_data.VALUE_NONE, supplier='Organization: ' + args.product_mfr, external_refs=external_refs) upstream_package_id = new_package_id(name, PKG_UPSTREAM) upstream_package = sbom_data.Package(id=upstream_package_id, name=name, version=version, supplier='Organization: ' + homepage if homepage else None, supplier=('Organization: ' + homepage) if homepage else sbom_data.VALUE_NOASSERTION, download_location=download_location) packages += [source_package, upstream_package] relationships.append(sbom_data.Relationship(id1=source_package_id, Loading @@ -296,6 +297,7 @@ def get_sbom_fragments(installed_file_metadata, metadata_file_path): prebuilt_package_id = new_package_id(name, PKG_PREBUILT) prebuilt_package = sbom_data.Package(id=prebuilt_package_id, name=name, download_location=sbom_data.VALUE_NONE, version=args.build_version, supplier='Organization: ' + args.product_mfr) packages.append(prebuilt_package) Loading Loading @@ -438,6 +440,7 @@ def main(): product_package = sbom_data.Package(id=sbom_data.SPDXID_PRODUCT, name=sbom_data.PACKAGE_NAME_PRODUCT, download_location=sbom_data.VALUE_NONE, version=args.build_version, supplier='Organization: ' + args.product_mfr, files_analyzed=True) Loading @@ -445,6 +448,7 @@ def main(): doc.packages.append(sbom_data.Package(id=sbom_data.SPDXID_PLATFORM, name=sbom_data.PACKAGE_NAME_PLATFORM, download_location=sbom_data.VALUE_NONE, version=args.build_version, supplier='Organization: ' + args.product_mfr)) Loading tools/sbom/sbom_data.py +3 −0 Original line number Diff line number Diff line Loading @@ -33,6 +33,9 @@ SPDXID_PLATFORM = 'SPDXRef-PLATFORM' PACKAGE_NAME_PRODUCT = 'PRODUCT' PACKAGE_NAME_PLATFORM = 'PLATFORM' VALUE_NOASSERTION = 'NOASSERTION' VALUE_NONE = 'NONE' class PackageExternalRefCategory: SECURITY = 'SECURITY' Loading tools/sbom/sbom_writers.py +2 −2 Original line number Diff line number Diff line Loading @@ -86,7 +86,7 @@ class TagValueWriter: @staticmethod def marshal_package(package): download_location = 'NONE' download_location = sbom_data.VALUE_NOASSERTION if package.download_location: download_location = package.download_location tagvalues = [ Loading Loading @@ -296,7 +296,7 @@ class JSONWriter: package = { PropNames.NAME: p.name, PropNames.SPDXID: p.id, PropNames.PACKAGE_DOWNLOAD_LOCATION: p.download_location if p.download_location else 'NONE', PropNames.PACKAGE_DOWNLOAD_LOCATION: p.download_location if p.download_location else sbom_data.VALUE_NOASSERTION, PropNames.FILES_ANALYZED: p.files_analyzed } if p.version: Loading tools/sbom/sbom_writers_test.py +5 −0 Original line number Diff line number Diff line Loading @@ -49,6 +49,7 @@ class SBOMWritersTest(unittest.TestCase): self.sbom_doc.add_package( sbom_data.Package(id=sbom_data.SPDXID_PRODUCT, name=sbom_data.PACKAGE_NAME_PRODUCT, download_location=sbom_data.VALUE_NONE, supplier=SUPPLIER_GOOGLE, version=BUILD_FINGER_PRINT, files_analyzed=True, Loading @@ -58,6 +59,7 @@ class SBOMWritersTest(unittest.TestCase): self.sbom_doc.add_package( sbom_data.Package(id=sbom_data.SPDXID_PLATFORM, name=sbom_data.PACKAGE_NAME_PLATFORM, download_location=sbom_data.VALUE_NONE, supplier=SUPPLIER_GOOGLE, version=BUILD_FINGER_PRINT, )) Loading @@ -65,6 +67,7 @@ class SBOMWritersTest(unittest.TestCase): self.sbom_doc.add_package( sbom_data.Package(id=SPDXID_PREBUILT_PACKAGE1, name='Prebuilt package1', download_location=sbom_data.VALUE_NONE, supplier=SUPPLIER_GOOGLE, version=BUILD_FINGER_PRINT, )) Loading @@ -72,6 +75,7 @@ class SBOMWritersTest(unittest.TestCase): self.sbom_doc.add_package( sbom_data.Package(id=SPDXID_SOURCE_PACKAGE1, name='Source package1', download_location=sbom_data.VALUE_NONE, supplier=SUPPLIER_GOOGLE, version=BUILD_FINGER_PRINT, external_refs=[sbom_data.PackageExternalRef( Loading Loading @@ -121,6 +125,7 @@ class SBOMWritersTest(unittest.TestCase): self.unbundled_sbom_doc.add_package( sbom_data.Package(id=SPDXID_SOURCE_PACKAGE1, name='Unbundled apk package', download_location=sbom_data.VALUE_NONE, supplier=SUPPLIER_GOOGLE, version=BUILD_FINGER_PRINT)) self.unbundled_sbom_doc.add_relationship(sbom_data.Relationship(id1=SPDXID_FILE1, Loading tools/sbom/testdata/expected_json_sbom.spdx.json +1 −1 Original line number Diff line number Diff line Loading @@ -74,7 +74,7 @@ { "name": "Upstream package1", "SPDXID": "SPDXRef-UPSTREAM-package1", "downloadLocation": "NONE", "downloadLocation": "NOASSERTION", "filesAnalyzed": false, "versionInfo": "1.1", "supplier": "Organization: upstream" Loading Loading
tools/sbom/generate-sbom.py +5 −1 Original line number Diff line number Diff line Loading @@ -279,12 +279,13 @@ def get_sbom_fragments(installed_file_metadata, metadata_file_path): name, external_refs = get_source_package_info(installed_file_metadata, metadata_file_path) source_package_id = new_package_id(name, PKG_SOURCE) source_package = sbom_data.Package(id=source_package_id, name=name, version=args.build_version, download_location=sbom_data.VALUE_NONE, supplier='Organization: ' + args.product_mfr, external_refs=external_refs) upstream_package_id = new_package_id(name, PKG_UPSTREAM) upstream_package = sbom_data.Package(id=upstream_package_id, name=name, version=version, supplier='Organization: ' + homepage if homepage else None, supplier=('Organization: ' + homepage) if homepage else sbom_data.VALUE_NOASSERTION, download_location=download_location) packages += [source_package, upstream_package] relationships.append(sbom_data.Relationship(id1=source_package_id, Loading @@ -296,6 +297,7 @@ def get_sbom_fragments(installed_file_metadata, metadata_file_path): prebuilt_package_id = new_package_id(name, PKG_PREBUILT) prebuilt_package = sbom_data.Package(id=prebuilt_package_id, name=name, download_location=sbom_data.VALUE_NONE, version=args.build_version, supplier='Organization: ' + args.product_mfr) packages.append(prebuilt_package) Loading Loading @@ -438,6 +440,7 @@ def main(): product_package = sbom_data.Package(id=sbom_data.SPDXID_PRODUCT, name=sbom_data.PACKAGE_NAME_PRODUCT, download_location=sbom_data.VALUE_NONE, version=args.build_version, supplier='Organization: ' + args.product_mfr, files_analyzed=True) Loading @@ -445,6 +448,7 @@ def main(): doc.packages.append(sbom_data.Package(id=sbom_data.SPDXID_PLATFORM, name=sbom_data.PACKAGE_NAME_PLATFORM, download_location=sbom_data.VALUE_NONE, version=args.build_version, supplier='Organization: ' + args.product_mfr)) Loading
tools/sbom/sbom_data.py +3 −0 Original line number Diff line number Diff line Loading @@ -33,6 +33,9 @@ SPDXID_PLATFORM = 'SPDXRef-PLATFORM' PACKAGE_NAME_PRODUCT = 'PRODUCT' PACKAGE_NAME_PLATFORM = 'PLATFORM' VALUE_NOASSERTION = 'NOASSERTION' VALUE_NONE = 'NONE' class PackageExternalRefCategory: SECURITY = 'SECURITY' Loading
tools/sbom/sbom_writers.py +2 −2 Original line number Diff line number Diff line Loading @@ -86,7 +86,7 @@ class TagValueWriter: @staticmethod def marshal_package(package): download_location = 'NONE' download_location = sbom_data.VALUE_NOASSERTION if package.download_location: download_location = package.download_location tagvalues = [ Loading Loading @@ -296,7 +296,7 @@ class JSONWriter: package = { PropNames.NAME: p.name, PropNames.SPDXID: p.id, PropNames.PACKAGE_DOWNLOAD_LOCATION: p.download_location if p.download_location else 'NONE', PropNames.PACKAGE_DOWNLOAD_LOCATION: p.download_location if p.download_location else sbom_data.VALUE_NOASSERTION, PropNames.FILES_ANALYZED: p.files_analyzed } if p.version: Loading
tools/sbom/sbom_writers_test.py +5 −0 Original line number Diff line number Diff line Loading @@ -49,6 +49,7 @@ class SBOMWritersTest(unittest.TestCase): self.sbom_doc.add_package( sbom_data.Package(id=sbom_data.SPDXID_PRODUCT, name=sbom_data.PACKAGE_NAME_PRODUCT, download_location=sbom_data.VALUE_NONE, supplier=SUPPLIER_GOOGLE, version=BUILD_FINGER_PRINT, files_analyzed=True, Loading @@ -58,6 +59,7 @@ class SBOMWritersTest(unittest.TestCase): self.sbom_doc.add_package( sbom_data.Package(id=sbom_data.SPDXID_PLATFORM, name=sbom_data.PACKAGE_NAME_PLATFORM, download_location=sbom_data.VALUE_NONE, supplier=SUPPLIER_GOOGLE, version=BUILD_FINGER_PRINT, )) Loading @@ -65,6 +67,7 @@ class SBOMWritersTest(unittest.TestCase): self.sbom_doc.add_package( sbom_data.Package(id=SPDXID_PREBUILT_PACKAGE1, name='Prebuilt package1', download_location=sbom_data.VALUE_NONE, supplier=SUPPLIER_GOOGLE, version=BUILD_FINGER_PRINT, )) Loading @@ -72,6 +75,7 @@ class SBOMWritersTest(unittest.TestCase): self.sbom_doc.add_package( sbom_data.Package(id=SPDXID_SOURCE_PACKAGE1, name='Source package1', download_location=sbom_data.VALUE_NONE, supplier=SUPPLIER_GOOGLE, version=BUILD_FINGER_PRINT, external_refs=[sbom_data.PackageExternalRef( Loading Loading @@ -121,6 +125,7 @@ class SBOMWritersTest(unittest.TestCase): self.unbundled_sbom_doc.add_package( sbom_data.Package(id=SPDXID_SOURCE_PACKAGE1, name='Unbundled apk package', download_location=sbom_data.VALUE_NONE, supplier=SUPPLIER_GOOGLE, version=BUILD_FINGER_PRINT)) self.unbundled_sbom_doc.add_relationship(sbom_data.Relationship(id1=SPDXID_FILE1, Loading
tools/sbom/testdata/expected_json_sbom.spdx.json +1 −1 Original line number Diff line number Diff line Loading @@ -74,7 +74,7 @@ { "name": "Upstream package1", "SPDXID": "SPDXRef-UPSTREAM-package1", "downloadLocation": "NONE", "downloadLocation": "NOASSERTION", "filesAnalyzed": false, "versionInfo": "1.1", "supplier": "Organization: upstream" Loading
