-
Notifications
You must be signed in to change notification settings - Fork 457
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
Showing
2 changed files
with
52 additions
and
52 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -2,10 +2,10 @@ | |
"$schema": "http://cyclonedx.org/schema/bom-1.4.schema.json", | ||
"bomFormat": "CycloneDX", | ||
"specVersion": "1.5", | ||
"serialNumber": "urn:uuidb0b9a9ed-5af2-4fc7-b352-6af31df7b6ae", | ||
"serialNumber": "urn:uuidd6f17b21-d3b2-4528-bee5-76e137998772", | ||
"version": 1, | ||
"metadata": { | ||
"timestamp": "2023-07-31T00:30:17Z", | ||
"timestamp": "2023-08-07T01:01:03Z", | ||
"tools": { | ||
"components": [ | ||
{ | ||
|
@@ -1053,7 +1053,7 @@ | |
"type": "library", | ||
"bom-ref": "32-cryptography", | ||
"name": "cryptography", | ||
"version": "41.0.2", | ||
"version": "41.0.3", | ||
"supplier": { | ||
"name": "The Python Cryptographic Authority and individual contributors", | ||
"contact": [ | ||
|
@@ -1062,7 +1062,7 @@ | |
} | ||
] | ||
}, | ||
"cpe": "cpe:2.3:a:the_python_cryptographic_authority_and_individual_contributors:cryptography:41.0.2:*:*:*:*:*:*:*", | ||
"cpe": "cpe:2.3:a:the_python_cryptographic_authority_and_individual_contributors:cryptography:41.0.3:*:*:*:*:*:*:*", | ||
"description": "cryptography is a package which provides cryptographic recipes and primitives to Python developers.", | ||
"licenses": [ | ||
{ | ||
|
@@ -1073,12 +1073,12 @@ | |
], | ||
"externalReferences": [ | ||
{ | ||
"url": "https://pypi.org/project/cryptography/41.0.2", | ||
"url": "https://pypi.org/project/cryptography/41.0.3", | ||
"type": "distribution", | ||
"comment": "Download location for component" | ||
} | ||
], | ||
"purl": "pkg:pypi/[email protected].2" | ||
"purl": "pkg:pypi/[email protected].3" | ||
}, | ||
{ | ||
"type": "library", | ||
|
@@ -1491,11 +1491,11 @@ | |
"type": "library", | ||
"bom-ref": "46-jsonschema", | ||
"name": "jsonschema", | ||
"version": "4.18.4", | ||
"version": "4.18.6", | ||
"supplier": { | ||
"name": "Julian Berman" | ||
}, | ||
"cpe": "cpe:2.3:a:julian_berman:jsonschema:4.18.4:*:*:*:*:*:*:*", | ||
"cpe": "cpe:2.3:a:julian_berman:jsonschema:4.18.6:*:*:*:*:*:*:*", | ||
"description": "An implementation of JSON Schema validation for Python", | ||
"licenses": [ | ||
{ | ||
|
@@ -1507,12 +1507,12 @@ | |
], | ||
"externalReferences": [ | ||
{ | ||
"url": "https://pypi.org/project/jsonschema/4.18.4", | ||
"url": "https://pypi.org/project/jsonschema/4.18.6", | ||
"type": "distribution", | ||
"comment": "Download location for component" | ||
} | ||
], | ||
"purl": "pkg:pypi/[email protected].4" | ||
"purl": "pkg:pypi/[email protected].6" | ||
}, | ||
{ | ||
"type": "library", | ||
|
@@ -1545,11 +1545,11 @@ | |
"type": "library", | ||
"bom-ref": "48-referencing", | ||
"name": "referencing", | ||
"version": "0.30.0", | ||
"version": "0.30.2", | ||
"supplier": { | ||
"name": "Julian Berman" | ||
}, | ||
"cpe": "cpe:2.3:a:julian_berman:referencing:0.30.0:*:*:*:*:*:*:*", | ||
"cpe": "cpe:2.3:a:julian_berman:referencing:0.30.2:*:*:*:*:*:*:*", | ||
"description": "JSON Referencing + Python", | ||
"licenses": [ | ||
{ | ||
|
@@ -1561,12 +1561,12 @@ | |
], | ||
"externalReferences": [ | ||
{ | ||
"url": "https://pypi.org/project/referencing/0.30.0", | ||
"url": "https://pypi.org/project/referencing/0.30.2", | ||
"type": "distribution", | ||
"comment": "Download location for component" | ||
} | ||
], | ||
"purl": "pkg:pypi/[email protected].0" | ||
"purl": "pkg:pypi/[email protected].2" | ||
}, | ||
{ | ||
"type": "library", | ||
|
@@ -1623,7 +1623,7 @@ | |
"type": "library", | ||
"bom-ref": "51-lib4sbom", | ||
"name": "lib4sbom", | ||
"version": "0.4.0", | ||
"version": "0.4.1", | ||
"supplier": { | ||
"name": "Anthony Harrison", | ||
"contact": [ | ||
|
@@ -1632,7 +1632,7 @@ | |
} | ||
] | ||
}, | ||
"cpe": "cpe:2.3:a:anthony_harrison:lib4sbom:0.4.0:*:*:*:*:*:*:*", | ||
"cpe": "cpe:2.3:a:anthony_harrison:lib4sbom:0.4.1:*:*:*:*:*:*:*", | ||
"description": "Software Bill of Material (SBOM) generator and consumer library", | ||
"licenses": [ | ||
{ | ||
|
@@ -1644,12 +1644,12 @@ | |
], | ||
"externalReferences": [ | ||
{ | ||
"url": "https://pypi.org/project/lib4sbom/0.4.0", | ||
"url": "https://pypi.org/project/lib4sbom/0.4.1", | ||
"type": "distribution", | ||
"comment": "Download location for component" | ||
} | ||
], | ||
"purl": "pkg:pypi/[email protected].0" | ||
"purl": "pkg:pypi/[email protected].1" | ||
}, | ||
{ | ||
"type": "library", | ||
|
@@ -1940,7 +1940,7 @@ | |
"type": "library", | ||
"bom-ref": "60-rich", | ||
"name": "rich", | ||
"version": "13.5.0", | ||
"version": "13.5.2", | ||
"supplier": { | ||
"name": "Will McGugan", | ||
"contact": [ | ||
|
@@ -1949,7 +1949,7 @@ | |
} | ||
] | ||
}, | ||
"cpe": "cpe:2.3:a:will_mcgugan:rich:13.5.0:*:*:*:*:*:*:*", | ||
"cpe": "cpe:2.3:a:will_mcgugan:rich:13.5.2:*:*:*:*:*:*:*", | ||
"description": "Render rich text, tables, progress bars, syntax highlighting, markdown and more to the terminal", | ||
"licenses": [ | ||
{ | ||
|
@@ -1961,12 +1961,12 @@ | |
], | ||
"externalReferences": [ | ||
{ | ||
"url": "https://pypi.org/project/rich/13.5.0", | ||
"url": "https://pypi.org/project/rich/13.5.2", | ||
"type": "distribution", | ||
"comment": "Download location for component" | ||
} | ||
], | ||
"purl": "pkg:pypi/[email protected].0" | ||
"purl": "pkg:pypi/[email protected].2" | ||
}, | ||
{ | ||
"type": "library", | ||
|
@@ -2020,7 +2020,7 @@ | |
"type": "library", | ||
"bom-ref": "63-pygments", | ||
"name": "pygments", | ||
"version": "2.15.1", | ||
"version": "2.16.1", | ||
"supplier": { | ||
"name": "Georg Brandl", | ||
"contact": [ | ||
|
@@ -2029,7 +2029,7 @@ | |
} | ||
] | ||
}, | ||
"cpe": "cpe:2.3:a:georg_brandl:pygments:2.15.1:*:*:*:*:*:*:*", | ||
"cpe": "cpe:2.3:a:georg_brandl:pygments:2.16.1:*:*:*:*:*:*:*", | ||
"description": "Pygments is a syntax highlighting package written in Python.", | ||
"licenses": [ | ||
{ | ||
|
@@ -2041,12 +2041,12 @@ | |
], | ||
"externalReferences": [ | ||
{ | ||
"url": "https://pypi.org/project/Pygments/2.15.1", | ||
"url": "https://pypi.org/project/Pygments/2.16.1", | ||
"type": "distribution", | ||
"comment": "Download location for component" | ||
} | ||
], | ||
"purl": "pkg:pypi/pygments@2.15.1" | ||
"purl": "pkg:pypi/pygments@2.16.1" | ||
}, | ||
{ | ||
"type": "library", | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -2,10 +2,10 @@ SPDXVersion: SPDX-2.3 | |
DataLicense: CC0-1.0 | ||
SPDXID: SPDXRef-DOCUMENT | ||
DocumentName: Python-cve-bin-tool | ||
DocumentNamespace: http://spdx.org/spdxdocs/Python-cve-bin-tool-936fd797-5b9a-4dc0-aa03-d245a01f264a | ||
DocumentNamespace: http://spdx.org/spdxdocs/Python-cve-bin-tool-4ebe989f-e3b4-43e2-996a-aee6d2303adf | ||
LicenseListVersion: 3.21 | ||
Creator: Tool: sbom4python-0.10.0 | ||
Created: 2023-07-31T00:28:01Z | ||
Created: 2023-08-07T00:59:13Z | ||
CreatorComment: <text>This document has been automatically generated.</text> | ||
##### | ||
|
||
|
@@ -490,17 +490,17 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:the_pyopenssl_developers:pyopenssl:23. | |
|
||
PackageName: cryptography | ||
SPDXID: SPDXRef-Package-32-cryptography | ||
PackageVersion: 41.0.2 | ||
PackageVersion: 41.0.3 | ||
PrimaryPackagePurpose: LIBRARY | ||
PackageSupplier: Organization: The Python Cryptographic Authority and individual contributors ([email protected]) | ||
PackageDownloadLocation: https://pypi.org/project/cryptography/41.0.2 | ||
PackageDownloadLocation: https://pypi.org/project/cryptography/41.0.3 | ||
FilesAnalyzed: false | ||
PackageLicenseDeclared: Apache-2.0 OR BSD-3-Clause | ||
PackageLicenseConcluded: Apache-2.0 OR BSD-3-Clause | ||
PackageCopyrightText: NOASSERTION | ||
PackageSummary: <text>cryptography is a package which provides cryptographic recipes and primitives to Python developers.</text> | ||
ExternalRef: PACKAGE-MANAGER purl pkg:pypi/[email protected].2 | ||
ExternalRef: SECURITY cpe23Type cpe:2.3:a:the_python_cryptographic_authority_and_individual_contributors:cryptography:41.0.2:*:*:*:*:*:*:* | ||
ExternalRef: PACKAGE-MANAGER purl pkg:pypi/[email protected].3 | ||
ExternalRef: SECURITY cpe23Type cpe:2.3:a:the_python_cryptographic_authority_and_individual_contributors:cryptography:41.0.3:*:*:*:*:*:*:* | ||
##### | ||
|
||
PackageName: cffi | ||
|
@@ -703,17 +703,17 @@ ExternalRef: PACKAGE-MANAGER purl pkg:pypi/[email protected] | |
|
||
PackageName: jsonschema | ||
SPDXID: SPDXRef-Package-46-jsonschema | ||
PackageVersion: 4.18.4 | ||
PackageVersion: 4.18.6 | ||
PrimaryPackagePurpose: LIBRARY | ||
PackageSupplier: Person: Julian Berman | ||
PackageDownloadLocation: https://pypi.org/project/jsonschema/4.18.4 | ||
PackageDownloadLocation: https://pypi.org/project/jsonschema/4.18.6 | ||
FilesAnalyzed: false | ||
PackageLicenseDeclared: MIT | ||
PackageLicenseConcluded: MIT | ||
PackageCopyrightText: NOASSERTION | ||
PackageSummary: <text>An implementation of JSON Schema validation for Python</text> | ||
ExternalRef: PACKAGE-MANAGER purl pkg:pypi/[email protected].4 | ||
ExternalRef: SECURITY cpe23Type cpe:2.3:a:julian_berman:jsonschema:4.18.4:*:*:*:*:*:*:* | ||
ExternalRef: PACKAGE-MANAGER purl pkg:pypi/[email protected].6 | ||
ExternalRef: SECURITY cpe23Type cpe:2.3:a:julian_berman:jsonschema:4.18.6:*:*:*:*:*:*:* | ||
##### | ||
|
||
PackageName: jsonschema-specifications | ||
|
@@ -733,17 +733,17 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:julian_berman:jsonschema-specification | |
|
||
PackageName: referencing | ||
SPDXID: SPDXRef-Package-48-referencing | ||
PackageVersion: 0.30.0 | ||
PackageVersion: 0.30.2 | ||
PrimaryPackagePurpose: LIBRARY | ||
PackageSupplier: Person: Julian Berman | ||
PackageDownloadLocation: https://pypi.org/project/referencing/0.30.0 | ||
PackageDownloadLocation: https://pypi.org/project/referencing/0.30.2 | ||
FilesAnalyzed: false | ||
PackageLicenseDeclared: MIT | ||
PackageLicenseConcluded: MIT | ||
PackageCopyrightText: NOASSERTION | ||
PackageSummary: <text>JSON Referencing + Python</text> | ||
ExternalRef: PACKAGE-MANAGER purl pkg:pypi/[email protected].0 | ||
ExternalRef: SECURITY cpe23Type cpe:2.3:a:julian_berman:referencing:0.30.0:*:*:*:*:*:*:* | ||
ExternalRef: PACKAGE-MANAGER purl pkg:pypi/[email protected].2 | ||
ExternalRef: SECURITY cpe23Type cpe:2.3:a:julian_berman:referencing:0.30.2:*:*:*:*:*:*:* | ||
##### | ||
|
||
PackageName: rpds-py | ||
|
@@ -778,17 +778,17 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:vinay_sajip:pkgutil-resolve-name:1.3.1 | |
|
||
PackageName: lib4sbom | ||
SPDXID: SPDXRef-Package-51-lib4sbom | ||
PackageVersion: 0.4.0 | ||
PackageVersion: 0.4.1 | ||
PrimaryPackagePurpose: LIBRARY | ||
PackageSupplier: Person: Anthony Harrison ([email protected]) | ||
PackageDownloadLocation: https://pypi.org/project/lib4sbom/0.4.0 | ||
PackageDownloadLocation: https://pypi.org/project/lib4sbom/0.4.1 | ||
FilesAnalyzed: false | ||
PackageLicenseDeclared: Apache-2.0 | ||
PackageLicenseConcluded: Apache-2.0 | ||
PackageCopyrightText: NOASSERTION | ||
PackageSummary: <text>Software Bill of Material (SBOM) generator and consumer library</text> | ||
ExternalRef: PACKAGE-MANAGER purl pkg:pypi/[email protected].0 | ||
ExternalRef: SECURITY cpe23Type cpe:2.3:a:anthony_harrison:lib4sbom:0.4.0:*:*:*:*:*:*:* | ||
ExternalRef: PACKAGE-MANAGER purl pkg:pypi/[email protected].1 | ||
ExternalRef: SECURITY cpe23Type cpe:2.3:a:anthony_harrison:lib4sbom:0.4.1:*:*:*:*:*:*:* | ||
##### | ||
|
||
PackageName: pyyaml | ||
|
@@ -918,17 +918,17 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:kenneth_reitz:certifi:2023.7.22:*:*:*: | |
|
||
PackageName: rich | ||
SPDXID: SPDXRef-Package-60-rich | ||
PackageVersion: 13.5.0 | ||
PackageVersion: 13.5.2 | ||
PrimaryPackagePurpose: LIBRARY | ||
PackageSupplier: Person: Will McGugan ([email protected]) | ||
PackageDownloadLocation: https://pypi.org/project/rich/13.5.0 | ||
PackageDownloadLocation: https://pypi.org/project/rich/13.5.2 | ||
FilesAnalyzed: false | ||
PackageLicenseDeclared: MIT | ||
PackageLicenseConcluded: MIT | ||
PackageCopyrightText: NOASSERTION | ||
PackageSummary: <text>Render rich text, tables, progress bars, syntax highlighting, markdown and more to the terminal</text> | ||
ExternalRef: PACKAGE-MANAGER purl pkg:pypi/[email protected].0 | ||
ExternalRef: SECURITY cpe23Type cpe:2.3:a:will_mcgugan:rich:13.5.0:*:*:*:*:*:*:* | ||
ExternalRef: PACKAGE-MANAGER purl pkg:pypi/[email protected].2 | ||
ExternalRef: SECURITY cpe23Type cpe:2.3:a:will_mcgugan:rich:13.5.2:*:*:*:*:*:*:* | ||
##### | ||
|
||
PackageName: markdown-it-py | ||
|
@@ -963,17 +963,17 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:taneli_hukkinen:mdurl:0.1.2:*:*:*:*:*: | |
|
||
PackageName: pygments | ||
SPDXID: SPDXRef-Package-63-pygments | ||
PackageVersion: 2.15.1 | ||
PackageVersion: 2.16.1 | ||
PrimaryPackagePurpose: LIBRARY | ||
PackageSupplier: Person: Georg Brandl ([email protected]) | ||
PackageDownloadLocation: https://pypi.org/project/Pygments/2.15.1 | ||
PackageDownloadLocation: https://pypi.org/project/Pygments/2.16.1 | ||
FilesAnalyzed: false | ||
PackageLicenseDeclared: BSD-2-Clause | ||
PackageLicenseConcluded: BSD-2-Clause | ||
PackageCopyrightText: NOASSERTION | ||
PackageSummary: <text>Pygments is a syntax highlighting package written in Python.</text> | ||
ExternalRef: PACKAGE-MANAGER purl pkg:pypi/pygments@2.15.1 | ||
ExternalRef: SECURITY cpe23Type cpe:2.3:a:georg_brandl:pygments:2.15.1:*:*:*:*:*:*:* | ||
ExternalRef: PACKAGE-MANAGER purl pkg:pypi/pygments@2.16.1 | ||
ExternalRef: SECURITY cpe23Type cpe:2.3:a:georg_brandl:pygments:2.16.1:*:*:*:*:*:*:* | ||
##### | ||
|
||
PackageName: typing-extensions | ||
|