Merge pull request #3 from no-ta/merge-lite-example-1

Merge lite example 1
NorioKobota · Jul 20, 2024 · 8612d57 · 8612d57
2 parents b04d429 + c64a58f
commit 8612d57
Show file tree

Hide file tree

Showing 7 changed files with 723 additions and 0 deletions.
diff --git a/lite/example1-with-VEX/Lite-example-1-1-with-VEX.json b/lite/example1-with-VEX/Lite-example-1-1-with-VEX.json
@@ -0,0 +1,189 @@
+{
+    "@context": "https://spdx.github.io/spdx-spec/v3.0/model/spdx-context.jsonld",
+    "@graph": [
+        {
+            "type": "SpdxDocument",
+            "spdxId": "https://spdx.org/spdxdocs/08f113e9-a0b0-4482-a0ed-c4e18e5136be/Document/1",
+            "name": "Lite-SpdxDocument",
+            "comment": "if any",
+            "creationInfo": "_:creationinfo",
+            "verifiedUsing": [{
+                "type": "Hash",
+                "algorithm": "sha3_512",
+                "hashValue": "hash value of Sbom object"
+            }],
+            "rootElement": [ "https://spdx.org/spdxdocs/08f113e9-a0b0-4482-a0ed-c4e18e5136be/Sbom/1" ],
+            "element": [
+                "https://spdx.org/spdxdocs/08f113e9-a0b0-4482-a0ed-c4e18e5136be/Sbom/1",
+                "https://spdx.org/spdxdocs/08f113e9-a0b0-4482-a0ed-c4e18e5136be/Bom/1"
+            ],
+            "namespaceMap": [{
+                "type": "NamespaceMap",
+                "prefix": "lite-example",
+                "namespace": "https://spdx.org/spdxdocs/08f113e9-a0b0-4482-a0ed-c4e18e5136be/Lite/1"
+            }],
+            "dataLicense": "CC0-1.0"
+        },
+        {
+            "type": "software_Sbom",
+            "spdxId": "https://spdx.org/spdxdocs/08f113e9-a0b0-4482-a0ed-c4e18e5136be/Sbom/1",
+            "creationInfo": "_:creationinfo",
+            "rootElement": [ "https://spdx.org/spdxdocs/08f113e9-a0b0-4482-a0ed-c4e18e5136be/Package/1" ],
+            "element": [
+                "https://spdx.org/spdxdocs/08f113e9-a0b0-4482-a0ed-c4e18e5136be/Package/1",
+                "https://spdx.org/spdxdocs/08f113e9-a0b0-4482-a0ed-c4e18e5136be/LicenseExpression/1",
+                "https://spdx.org/spdxdocs/08f113e9-a0b0-4482-a0ed-c4e18e5136be/Relationship/1",
+                "https://spdx.org/spdxdocs/08f113e9-a0b0-4482-a0ed-c4e18e5136be/Relationship/2",
+                "https://spdx.org/spdxdocs/08f113e9-a0b0-4482-a0ed-c4e18e5136be/Relationship/3"
+            ],
+            "software_sbomType": [ "build" ]
+        },
+        {
+            "type": "CreationInfo",
+            "@id": "_:creationinfo",
+            "specVersion": "3.0.0",
+            "comment": "if any",
+            "created": "2024-05-06T00:00:00Z",
+            "createdBy": "https://spdx.org/spdxdocs/08f113e9-a0b0-4482-a0ed-c4e18e5136be/Agent/NorioKobota"
+        },
+        {
+            "type": "Person",
+            "spdxId": "https://spdx.org/spdxdocs/08f113e9-a0b0-4482-a0ed-c4e18e5136be/Agent/NorioKobota",
+            "name": "Norio Kobota",
+            "creationInfo": "_:creationinfo",
+            "externalIdentifier": {
+                "type": "ExternalIdentifier",
+                "externalIdentifierType": "email",
+                "identifier": "[email protected]"
+            }
+        },
+        {
+            "type": "software_Package",
+            "spdxId": "https://spdx.org/spdxdocs/08f113e9-a0b0-4482-a0ed-c4e18e5136be/Package/1",
+            "name": "my-package",
+            "comment": "if any",
+            "creationInfo": "_:creationinfo",
+            "verifiedUsing": [{
+                "type": "Hash",
+                "algorithm": "sha3_512",
+                "hashValue": "hash value of the package file"
+            }],
+            "originatedBy": [
+                "https://spdx.org/spdxdocs/08f113e9-a0b0-4482-a0ed-c4e18e5136be/Agent/NorioKobota"
+            ],
+            "suppliedBy": "https://spdx.org/spdxdocs/08f113e9-a0b0-4482-a0ed-c4e18e5136be/Agent/NorioKobota",
+            "builtTime": "2024-05-06T00:00:00Z",
+            "releaseTime": "2024-05-06T00:00:00Z",
+            "validUntilTime": "2034-05-06T00:00:00Z",
+            "supportLevel": "limitedSupport",
+            "software_copyrightText": "copyright text",
+            "software_attributionText": "other attribution text",
+            "software_packageVersion": "v1.0",
+            "software_downloadLocation": "http://dl.example.com/my-package_v1.0.tar",
+            "software_packageUrl": "pkg:github/example/my-package/releases/tag/v1.0",
+            "software_homepage": "website for the Package/1"
+        },
+        {
+            "type": "simpleLicensing_LicenseExpression",
+            "spdxId": "https://spdx.org/spdxdocs/08f113e9-a0b0-4482-a0ed-c4e18e5136be/LicenseExpression/1",
+            "creationInfo": "_:creationinfo",
+            "simpleLicensing_licenseExpression": "MIT",
+            "simpleLicensing_licenseListVersion": "3.23.0"
+        },
+        {
+            "type": "Relationship",
+            "spdxId": "https://spdx.org/spdxdocs/08f113e9-a0b0-4482-a0ed-c4e18e5136be/Relationship/1",
+            "creationInfo": "_:creationinfo",
+            "from": "https://spdx.org/spdxdocs/08f113e9-a0b0-4482-a0ed-c4e18e5136be/Sbom/1",
+            "to": [
+                "https://spdx.org/spdxdocs/08f113e9-a0b0-4482-a0ed-c4e18e5136be/Package/1"
+            ],
+            "relationshipType": "contains"
+        },
+        {
+            "type": "Relationship",
+            "spdxId": "https://spdx.org/spdxdocs/08f113e9-a0b0-4482-a0ed-c4e18e5136be/Relationship/2",
+            "creationInfo": "_:creationinfo",
+            "from": "https://spdx.org/spdxdocs/08f113e9-a0b0-4482-a0ed-c4e18e5136be/Package/1",
+            "to": [
+                "https://spdx.org/spdxdocs/08f113e9-a0b0-4482-a0ed-c4e18e5136be/LicenseExpression/1"
+            ],
+            "relationshipType": "hasDeclaredLicense"
+        },
+        {
+            "type": "Relationship",
+            "spdxId": "https://spdx.org/spdxdocs/08f113e9-a0b0-4482-a0ed-c4e18e5136be/Relationship/3",
+            "creationInfo": "_:creationinfo",
+            "from": "https://spdx.org/spdxdocs/08f113e9-a0b0-4482-a0ed-c4e18e5136be/Package/1",
+            "to": [
+                "https://spdx.org/spdxdocs/08f113e9-a0b0-4482-a0ed-c4e18e5136be/LicenseExpression/1"
+            ],
+            "relationshipType": "hasConcludedLicense"
+        },
+        {
+            "type": "Bom",
+            "spdxId": "https://spdx.org/spdxdocs/08f113e9-a0b0-4482-a0ed-c4e18e5136be/Bom/1",
+            "creationInfo": "_:creationinfo_vex1",
+            "extension": [{
+	      "cdxPropName": "VexDocumentVersion",
+	      "cdxPropValue": "0"
+	    }],
+            "rootElement": [
+                "https://spdx.org/spdxdocs/08f113e9-a0b0-4482-a0ed-c4e18e5136be/Vulnerability/1"
+            ],
+            "element": [
+                "https://spdx.org/spdxdocs/08f113e9-a0b0-4482-a0ed-c4e18e5136be/Vunlnerability/1",
+                "https://spdx.org/spdxdocs/08f113e9-a0b0-4482-a0ed-c4e18e5136be/Relationship/vul1",
+                "https://spdx.org/spdxdocs/08f113e9-a0b0-4482-a0ed-c4e18e5136be/VexUnderInvestigationVulnAssessmentRelationship/1"
+            ]
+        },
+        {
+            "type": "CreationInfo",
+            "@id": "_:creationinfo_vex1",
+            "specVersion": "3.0.0",
+            "comment": "if any",
+            "created": "2024-05-06T00:00:00Z",
+            "createdBy": "https://spdx.org/spdxdocs/08f113e9-a0b0-4482-a0ed-c4e18e5136be/Agent/NorioKobota"
+        },
+        {
+            "type": "Vulnerability",
+            "spdxId": "https://spdx.org/spdxdocs/08f113e9-a0b0-4482-a0ed-c4e18e5136be/Vulnerability/1",
+            "name": "CVE-1234-1234",
+            "comment": "if any",
+            "creationInfo": "_:creationinfo_vex1",
+            "externalIdetifier": {
+                "identifier": "CVE-1234-1234",
+                "comment": "must"
+            },
+            "security_publishedTime": "2024-05-06T00:00:00Z",
+            "security_modifiedTime": "2024-05-06T00:00:00Z"
+        },
+        {
+            "type": "Relationship",
+            "spdxId": "https://spdx.org/spdxdocs/08f113e9-a0b0-4482-a0ed-c4e18e5136be/Relationship/vul1",
+            "creationInfo": "_:creationinfo_vex1",
+            "from": "https://spdx.org/spdxdocs/08f113e9-a0b0-4482-a0ed-c4e18e5136be/Package/1",
+            "to": [
+                "https://spdx.org/spdxdocs/08f113e9-a0b0-4482-a0ed-c4e18e5136be/Vulnerability/1"
+            ],
+            "relationshipType": "hasAssociatedVulnerability"
+        },
+        {
+            "type": "VexUnderInvestigationVulnAssessmentRelationship",
+            "spdxId": "https://spdx.org/spdxdocs/08f113e9-a0b0-4482-a0ed-c4e18e5136be/VexUnderInvestigationVulnAssessmentRelationship/1",
+            "name": "if any",
+            "comment": "if any",
+            "creationInfo": "_:creationinfo_vex1",
+            "from": "https://spdx.org/spdxdocs/08f113e9-a0b0-4482-a0ed-c4e18e5136be/Vulnerability/1",
+            "to": [
+                "https://spdx.org/spdxdocs/08f113e9-a0b0-4482-a0ed-c4e18e5136be/Package/1"
+            ],
+            "relationshipType": "underInvestigationFor",
+            "suppliedBy": [
+                "https://spdx.org/spdxdocs/08f113e9-a0b0-4482-a0ed-c4e18e5136be/Agent/NorioKobota"
+            ],
+            "security_vexVersion": "0",
+            "security_statusNotes": "if any"
+        }
+    ]
+}