Skip to content

Commit 0307172

Browse files
vrukeshvrukesh
authored
Add SBOM JSON file for ATfL and Python script which generates this SBOM JSON file. (#213)
Add SBOM JSON file for ATfL and Python script which generates this SBOM JSON file.
1 parent 701a699 commit 0307172

File tree

4 files changed

+568
-0
lines changed

4 files changed

+568
-0
lines changed

arm-software/linux/SBOM_Files/ATfL-SBOM.spdx.json

Lines changed: 209 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,209 @@
1+
{
2+
"SPDXID": "SPDXRef-DOCUMENT",
3+
"creationInfo": {
4+
"created": "2025-03-19T11:32:04Z",
5+
"creators": [
6+
"Organization: Arm Limited ([email protected])"
7+
]
8+
},
9+
"dataLicense": "CC0-1.0",
10+
"name": "Arm Toolchain for Linux",
11+
"spdxVersion": "SPDX-2.3",
12+
"documentNamespace": "https://github.com/arm/arm-toolchain/tree/release/arm-software/20.x/arm-software/linux",
13+
"packages": [
14+
{
15+
"SPDXID": "SPDXRef-Package-37bb5ee7-1c83-515e-9765-e992ae62c4ec",
16+
"downloadLocation": "https://github.com/arm/arm-toolchain/tree/release/arm-software/20.x/arm-software/linux",
17+
"filesAnalyzed": false,
18+
"licenseComments": "",
19+
"licenseConcluded": "Apache-2.0 WITH LLVM-exception",
20+
"licenseDeclared": "Apache-2.0 WITH LLVM-exception",
21+
"name": "Arm Toolchain for Linux",
22+
"originator": "Organization: Arm Limited ([email protected])",
23+
"supplier": "Organization: Arm Limited ([email protected])"
24+
},
25+
{
26+
"SPDXID": "SPDXRef-Package-76d3426c-6918-5acf-8031-633f7069a3bb",
27+
"downloadLocation": "https://github.com/llvm/llvm-project/tree/llvmorg-20.1.0",
28+
"filesAnalyzed": false,
29+
"licenseComments": "",
30+
"licenseConcluded": "Apache-2.0 WITH LLVM-exception",
31+
"licenseDeclared": "Apache-2.0 WITH LLVM-exception",
32+
"name": "llvm-project",
33+
"originator": "Organization: LLVM Foundation ([email protected])",
34+
"supplier": "Organization: LLVM Foundation ([email protected])"
35+
},
36+
{
37+
"SPDXID": "SPDXRef-Package-81de4012-6de9-54ed-a921-354bcfa8e2cf",
38+
"downloadLocation": "https://github.com/llvm/llvm-project/tree/llvmorg-20.1.0/clang",
39+
"filesAnalyzed": false,
40+
"licenseComments": "",
41+
"licenseConcluded": "Apache-2.0 WITH LLVM-exception",
42+
"licenseDeclared": "Apache-2.0 WITH LLVM-exception",
43+
"name": "clang",
44+
"originator": "Organization: LLVM Foundation ([email protected])",
45+
"supplier": "Organization: LLVM Foundation ([email protected])"
46+
},
47+
{
48+
"SPDXID": "SPDXRef-Package-ff65f62a-5f78-5906-9db9-ffbc8593376c",
49+
"downloadLocation": "https://github.com/llvm/llvm-project/tree/llvmorg-20.1.0/lld",
50+
"filesAnalyzed": false,
51+
"licenseComments": "",
52+
"licenseConcluded": "Apache-2.0 WITH LLVM-exception",
53+
"licenseDeclared": "Apache-2.0 WITH LLVM-exception",
54+
"name": "lld",
55+
"originator": "Organization: LLVM Foundation ([email protected])",
56+
"supplier": "Organization: LLVM Foundation ([email protected])"
57+
},
58+
{
59+
"SPDXID": "SPDXRef-Package-d1e59c04-8142-5b6f-80e9-865dbefb908c",
60+
"downloadLocation": "https://github.com/llvm/llvm-project/tree/llvmorg-20.1.0/compiler-rt",
61+
"filesAnalyzed": false,
62+
"licenseComments": "",
63+
"licenseConcluded": "Apache-2.0 WITH LLVM-exception",
64+
"licenseDeclared": "Apache-2.0 WITH LLVM-exception",
65+
"name": "compiler-rt",
66+
"originator": "Organization: LLVM Foundation ([email protected])",
67+
"supplier": "Organization: LLVM Foundation ([email protected])"
68+
},
69+
{
70+
"SPDXID": "SPDXRef-Package-9950a68a-8cb1-5122-b54a-62cc239be3da",
71+
"downloadLocation": "https://github.com/llvm/llvm-project/tree/llvmorg-20.1.0/libcxx",
72+
"filesAnalyzed": false,
73+
"licenseComments": "",
74+
"licenseConcluded": "Apache-2.0 WITH LLVM-exception",
75+
"licenseDeclared": "Apache-2.0 WITH LLVM-exception",
76+
"name": "libcxx",
77+
"originator": "Organization: LLVM Foundation ([email protected])",
78+
"supplier": "Organization: LLVM Foundation ([email protected])"
79+
},
80+
{
81+
"SPDXID": "SPDXRef-Package-ed6e4e4c-c9d8-59e2-a9c1-8ba83215dd89",
82+
"downloadLocation": "https://github.com/llvm/llvm-project/tree/llvmorg-20.1.0/libcxxabi",
83+
"filesAnalyzed": false,
84+
"licenseComments": "",
85+
"licenseConcluded": "Apache-2.0 WITH LLVM-exception",
86+
"licenseDeclared": "Apache-2.0 WITH LLVM-exception",
87+
"name": "libcxxabi",
88+
"originator": "Organization: LLVM Foundation ([email protected])",
89+
"supplier": "Organization: LLVM Foundation ([email protected])"
90+
},
91+
{
92+
"SPDXID": "SPDXRef-Package-2b319418-9078-5c3d-b946-a6888c475b54",
93+
"downloadLocation": "https://github.com/llvm/llvm-project/tree/llvmorg-20.1.0/libunwind",
94+
"filesAnalyzed": false,
95+
"licenseComments": "",
96+
"licenseConcluded": "Apache-2.0 WITH LLVM-exception",
97+
"licenseDeclared": "Apache-2.0 WITH LLVM-exception",
98+
"name": "libunwind",
99+
"originator": "Organization: LLVM Foundation ([email protected])",
100+
"supplier": "Organization: LLVM Foundation ([email protected])"
101+
},
102+
{
103+
"SPDXID": "SPDXRef-Package-31d3d0c3-4f0d-59f0-b0ed-23becff47fc6",
104+
"downloadLocation": "https://github.com/llvm/llvm-project/tree/llvmorg-20.1.0/openmp",
105+
"filesAnalyzed": false,
106+
"licenseComments": "",
107+
"licenseConcluded": "Apache-2.0 WITH LLVM-exception",
108+
"licenseDeclared": "Apache-2.0 WITH LLVM-exception",
109+
"name": "openmp",
110+
"originator": "Organization: LLVM Foundation ([email protected])",
111+
"supplier": "Organization: LLVM Foundation ([email protected])"
112+
},
113+
{
114+
"SPDXID": "SPDXRef-Package-35eac354-6cc2-5901-92ef-9f1d99b08a1b",
115+
"downloadLocation": "https://github.com/llvm/llvm-project/tree/llvmorg-20.1.0/flang",
116+
"filesAnalyzed": false,
117+
"licenseComments": "",
118+
"licenseConcluded": "Apache-2.0 WITH LLVM-exception",
119+
"licenseDeclared": "Apache-2.0 WITH LLVM-exception",
120+
"name": "flang",
121+
"originator": "Organization: LLVM Foundation ([email protected])",
122+
"supplier": "Organization: LLVM Foundation ([email protected])"
123+
},
124+
{
125+
"SPDXID": "SPDXRef-Package-8dcd07b7-27cd-5214-abb6-3b75cefd2036",
126+
"downloadLocation": "https://github.com/madler/zlib",
127+
"filesAnalyzed": false,
128+
"licenseComments": "",
129+
"licenseConcluded": "Zlib",
130+
"licenseDeclared": "Zlib",
131+
"name": "zlib",
132+
"originator": "Person: Jean-loup Gailly and Mark Adler ([email protected])",
133+
"supplier": "Person: Jean-loup Gailly and Mark Adler ([email protected])"
134+
},
135+
{
136+
"SPDXID": "SPDXRef-Package-b6230829-4834-5ab5-bad3-5ff4aa04ae8a",
137+
"downloadLocation": "https://github.com/facebook/zstd",
138+
"filesAnalyzed": false,
139+
"licenseComments": "",
140+
"licenseConcluded": "BSD-3-Clause AND GPL-2.0-only",
141+
"licenseDeclared": "BSD-3-Clause AND GPL-2.0-only",
142+
"name": "zstd",
143+
"originator": "Person: Yann Collet, Nick Terrell, Przemyslaw Skibinski ([email protected], [email protected])",
144+
"supplier": "Person: Yann Collet, Nick Terrell, Przemyslaw Skibinski ([email protected], [email protected])"
145+
}
146+
],
147+
"relationships": [
148+
{
149+
"spdxElementId": "SPDXRef-DOCUMENT",
150+
"relatedSpdxElement": "SPDXRef-Package-37bb5ee7-1c83-515e-9765-e992ae62c4ec",
151+
"relationshipType": "DESCRIBES"
152+
},
153+
{
154+
"spdxElementId": "SPDXRef-DOCUMENT",
155+
"relatedSpdxElement": "SPDXRef-Package-76d3426c-6918-5acf-8031-633f7069a3bb",
156+
"relationshipType": "DESCRIBES"
157+
},
158+
{
159+
"spdxElementId": "SPDXRef-DOCUMENT",
160+
"relatedSpdxElement": "SPDXRef-Package-81de4012-6de9-54ed-a921-354bcfa8e2cf",
161+
"relationshipType": "DESCRIBES"
162+
},
163+
{
164+
"spdxElementId": "SPDXRef-DOCUMENT",
165+
"relatedSpdxElement": "SPDXRef-Package-ff65f62a-5f78-5906-9db9-ffbc8593376c",
166+
"relationshipType": "DESCRIBES"
167+
},
168+
{
169+
"spdxElementId": "SPDXRef-DOCUMENT",
170+
"relatedSpdxElement": "SPDXRef-Package-d1e59c04-8142-5b6f-80e9-865dbefb908c",
171+
"relationshipType": "DESCRIBES"
172+
},
173+
{
174+
"spdxElementId": "SPDXRef-DOCUMENT",
175+
"relatedSpdxElement": "SPDXRef-Package-9950a68a-8cb1-5122-b54a-62cc239be3da",
176+
"relationshipType": "DESCRIBES"
177+
},
178+
{
179+
"spdxElementId": "SPDXRef-DOCUMENT",
180+
"relatedSpdxElement": "SPDXRef-Package-ed6e4e4c-c9d8-59e2-a9c1-8ba83215dd89",
181+
"relationshipType": "DESCRIBES"
182+
},
183+
{
184+
"spdxElementId": "SPDXRef-DOCUMENT",
185+
"relatedSpdxElement": "SPDXRef-Package-2b319418-9078-5c3d-b946-a6888c475b54",
186+
"relationshipType": "DESCRIBES"
187+
},
188+
{
189+
"spdxElementId": "SPDXRef-DOCUMENT",
190+
"relatedSpdxElement": "SPDXRef-Package-35eac354-6cc2-5901-92ef-9f1d99b08a1b",
191+
"relationshipType": "DESCRIBES"
192+
},
193+
{
194+
"spdxElementId": "SPDXRef-DOCUMENT",
195+
"relatedSpdxElement": "SPDXRef-Package-31d3d0c3-4f0d-59f0-b0ed-23becff47fc6",
196+
"relationshipType": "DESCRIBES"
197+
},
198+
{
199+
"spdxElementId": "SPDXRef-DOCUMENT",
200+
"relatedSpdxElement": "SPDXRef-Package-8dcd07b7-27cd-5214-abb6-3b75cefd2036",
201+
"relationshipType": "DESCRIBES"
202+
},
203+
{
204+
"spdxElementId": "SPDXRef-DOCUMENT",
205+
"relatedSpdxElement": "SPDXRef-Package-b6230829-4834-5ab5-bad3-5ff4aa04ae8a",
206+
"relationshipType": "DESCRIBES"
207+
}
208+
]
209+
}

0 commit comments

Comments
 (0)