Skip to content

Commit

Permalink
Fixes for container image SBOMs
Browse files Browse the repository at this point in the history
  • Loading branch information
@twaugh
twaugh committed Aug 15, 2024
1 parent c517dae commit c219241
Show file tree
Hide file tree
Showing 10 changed files with 21 additions and 7 deletions.
5 changes: 5 additions & 0 deletions sbom/examples/container_image/from_catalog.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -60,6 +60,7 @@ def create_sbom(doc_id, image_id, root_package, packages, rel_type):
],
},
"name": image_id,
"documentNamespace": f"https://access.redhat.com/security/data/sbom/beta/spdx/{image_id}.spdx.json",
"packages": [root_package] + packages,
"relationships": relationships,
}
Expand Down Expand Up @@ -113,9 +114,13 @@ def generate_sboms_for_image(image_nvr):

# Get license information from labels if it is set
image_license = "NOASSERTION"
spdx_license_ids = {
"Apache License 2.0": "Apache-2.0",
}
for label in image["parsed_data"]["labels"]:
if label["name"].lower() == "license":
image_license = label["value"]
image_license = spdx_license_ids.get(image_license, image_license)

# Create an index image object, but since all arch-specific images are descendents of one
# and the same index image, we only have to create it once. Its SBOM is created at the
Expand Down
9 changes: 5 additions & 4 deletions sbom/examples/container_image/kernel-module-management-operator-container-1.1.2-25.spdx.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -9,14 +9,15 @@
]
},
"name": "kernel-module-management-operator-container-1.1.2-25",
"documentNamespace": "https://access.redhat.com/security/data/sbom/beta/spdx/kernel-module-management-operator-container-1.1.2-25.spdx.json",
"packages": [
{
"SPDXID": "SPDXRef-image-index",
"name": "kernel-module-management-operator-container",
"versionInfo": "1.1.2-25",
"supplier": "Organization: Red Hat",
"downloadLocation": "NOASSERTION",
"licenseDeclared": "Apache License 2.0",
"licenseDeclared": "Apache-2.0",
"externalRefs": [
{
"referenceCategory": "PACKAGE-MANAGER",
Expand All @@ -37,7 +38,7 @@
"versionInfo": "1.1.2-25",
"supplier": "Organization: Red Hat",
"downloadLocation": "NOASSERTION",
"licenseDeclared": "Apache License 2.0",
"licenseDeclared": "Apache-2.0",
"externalRefs": [
{
"referenceCategory": "PACKAGE-MANAGER",
Expand All @@ -58,7 +59,7 @@
"versionInfo": "1.1.2-25",
"supplier": "Organization: Red Hat",
"downloadLocation": "NOASSERTION",
"licenseDeclared": "Apache License 2.0",
"licenseDeclared": "Apache-2.0",
"externalRefs": [
{
"referenceCategory": "PACKAGE-MANAGER",
Expand All @@ -79,7 +80,7 @@
"versionInfo": "1.1.2-25",
"supplier": "Organization: Red Hat",
"downloadLocation": "NOASSERTION",
"licenseDeclared": "Apache License 2.0",
"licenseDeclared": "Apache-2.0",
"externalRefs": [
{
"referenceCategory": "PACKAGE-MANAGER",
Expand Down
3 changes: 2 additions & 1 deletion ...ples/container_image/kernel-module-management-operator-container-1.1.2-25_amd64.spdx.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -9,14 +9,15 @@
]
},
"name": "kernel-module-management-operator-container-1.1.2-25_amd64",
"documentNamespace": "https://access.redhat.com/security/data/sbom/beta/spdx/kernel-module-management-operator-container-1.1.2-25_amd64.spdx.json",
"packages": [
{
"SPDXID": "SPDXRef-kernel-module-management-operator-container-amd64",
"name": "kernel-module-management-operator-container_amd64",
"versionInfo": "1.1.2-25",
"supplier": "Organization: Red Hat",
"downloadLocation": "NOASSERTION",
"licenseDeclared": "Apache License 2.0",
"licenseDeclared": "Apache-2.0",
"externalRefs": [
{
"referenceCategory": "PACKAGE-MANAGER",
Expand Down
3 changes: 2 additions & 1 deletion ...ples/container_image/kernel-module-management-operator-container-1.1.2-25_arm64.spdx.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -9,14 +9,15 @@
]
},
"name": "kernel-module-management-operator-container-1.1.2-25_arm64",
"documentNamespace": "https://access.redhat.com/security/data/sbom/beta/spdx/kernel-module-management-operator-container-1.1.2-25_arm64.spdx.json",
"packages": [
{
"SPDXID": "SPDXRef-kernel-module-management-operator-container-arm64",
"name": "kernel-module-management-operator-container_arm64",
"versionInfo": "1.1.2-25",
"supplier": "Organization: Red Hat",
"downloadLocation": "NOASSERTION",
"licenseDeclared": "Apache License 2.0",
"licenseDeclared": "Apache-2.0",
"externalRefs": [
{
"referenceCategory": "PACKAGE-MANAGER",
Expand Down
3 changes: 2 additions & 1 deletion ...es/container_image/kernel-module-management-operator-container-1.1.2-25_ppc64le.spdx.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -9,14 +9,15 @@
]
},
"name": "kernel-module-management-operator-container-1.1.2-25_ppc64le",
"documentNamespace": "https://access.redhat.com/security/data/sbom/beta/spdx/kernel-module-management-operator-container-1.1.2-25_ppc64le.spdx.json",
"packages": [
{
"SPDXID": "SPDXRef-kernel-module-management-operator-container-ppc64le",
"name": "kernel-module-management-operator-container_ppc64le",
"versionInfo": "1.1.2-25",
"supplier": "Organization: Red Hat",
"downloadLocation": "NOASSERTION",
"licenseDeclared": "Apache License 2.0",
"licenseDeclared": "Apache-2.0",
"externalRefs": [
{
"referenceCategory": "PACKAGE-MANAGER",
Expand Down
1 change: 1 addition & 0 deletions sbom/examples/container_image/ubi9-micro-container-9.4-6.1716471860.spdx.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -9,6 +9,7 @@
]
},
"name": "ubi9-micro-container-9.4-6.1716471860",
"documentNamespace": "https://access.redhat.com/security/data/sbom/beta/spdx/ubi9-micro-container-9.4-6.1716471860.spdx.json",
"packages": [
{
"SPDXID": "SPDXRef-image-index",
Expand Down
1 change: 1 addition & 0 deletions sbom/examples/container_image/ubi9-micro-container-9.4-6.1716471860_amd64.spdx.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -9,6 +9,7 @@
]
},
"name": "ubi9-micro-container-9.4-6.1716471860_amd64",
"documentNamespace": "https://access.redhat.com/security/data/sbom/beta/spdx/ubi9-micro-container-9.4-6.1716471860_amd64.spdx.json",
"packages": [
{
"SPDXID": "SPDXRef-ubi9-micro-container-amd64",
Expand Down
1 change: 1 addition & 0 deletions sbom/examples/container_image/ubi9-micro-container-9.4-6.1716471860_arm64.spdx.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -9,6 +9,7 @@
]
},
"name": "ubi9-micro-container-9.4-6.1716471860_arm64",
"documentNamespace": "https://access.redhat.com/security/data/sbom/beta/spdx/ubi9-micro-container-9.4-6.1716471860_arm64.spdx.json",
"packages": [
{
"SPDXID": "SPDXRef-ubi9-micro-container-arm64",
Expand Down
1 change: 1 addition & 0 deletions sbom/examples/container_image/ubi9-micro-container-9.4-6.1716471860_ppc64le.spdx.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -9,6 +9,7 @@
]
},
"name": "ubi9-micro-container-9.4-6.1716471860_ppc64le",
"documentNamespace": "https://access.redhat.com/security/data/sbom/beta/spdx/ubi9-micro-container-9.4-6.1716471860_ppc64le.spdx.json",
"packages": [
{
"SPDXID": "SPDXRef-ubi9-micro-container-ppc64le",
Expand Down
1 change: 1 addition & 0 deletions sbom/examples/container_image/ubi9-micro-container-9.4-6.1716471860_s390x.spdx.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -9,6 +9,7 @@
]
},
"name": "ubi9-micro-container-9.4-6.1716471860_s390x",
"documentNamespace": "https://access.redhat.com/security/data/sbom/beta/spdx/ubi9-micro-container-9.4-6.1716471860_s390x.spdx.json",
"packages": [
{
"SPDXID": "SPDXRef-ubi9-micro-container-s390x",
Expand Down

0 comments on commit c219241

Please sign in to comment.