mirror of
https://github.com/openssl/openssl.git
synced 2026-01-18 17:11:31 +01:00
6545de9bbe
Improve supply chain security by including a SBOM file with substituted values. This will be used to construct a composite platform SBOM. Signed-off-by: Richard Hughes <rhughes@redhat.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/26020)
49 lines
1.0 KiB
JSON
49 lines
1.0 KiB
JSON
{
|
|
"bomFormat": "CycloneDX",
|
|
"specVersion": "1.6",
|
|
"version": 1,
|
|
"metadata": {
|
|
"authors": [
|
|
{
|
|
"name": "@VCS_SBOM_AUTHORS@"
|
|
}
|
|
]
|
|
},
|
|
"components": [
|
|
{
|
|
"type": "library",
|
|
"bom-ref": "pkg:github/openssl/openssl@@VCS_TAG@",
|
|
"cpe": "cpe:2.3:a:openssl:openssl:@VCS_TAG@:*:*:*:*:*:*:*",
|
|
"name": "OpenSSL",
|
|
"version": "@VCS_VERSION@",
|
|
"description": "TLS/SSL and crypto library",
|
|
"authors": [
|
|
{
|
|
"name": "@VCS_AUTHORS@",
|
|
"url": "https://raw.githubusercontent.com/openssl/openssl/refs/heads/master/AUTHORS.md"
|
|
}
|
|
],
|
|
"supplier": {
|
|
"name": "The OpenSSL Project"
|
|
},
|
|
"licenses": [
|
|
{
|
|
"license": {
|
|
"id": "Apache-2.0"
|
|
}
|
|
}
|
|
],
|
|
"externalReferences": [
|
|
{
|
|
"type": "website",
|
|
"url": "https://www.openssl.org/"
|
|
},
|
|
{
|
|
"type": "vcs",
|
|
"url": "https://github.com/openssl/openssl"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
}
|