Skip to content

Commit f117e84

Browse files
vrukeshvrukesh
authored
Add SBOM JSON files for ATfE, llvmlibc overlay and newlib overlay (arm#183) (arm#198)
Add SBOM JSON files for ATfE, llvmlibc overlay and newlib overlay; and Python scripts which generate these SBOM JSON files. This is cherry-pick from arm-software branch commit: e5cde59
1 parent 1ed0a41 commit f117e84

File tree

7 files changed

+1031
-1
lines changed

7 files changed

+1031
-1
lines changed

arm-software/embedded/ATfE-SBOM-llvmlibc-overlay.spdx.json

Lines changed: 65 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,65 @@
1+
{
2+
"SPDXID": "SPDXRef-DOCUMENT",
3+
"creationInfo": {
4+
"created": "2025-03-11T14:57:55Z",
5+
"creators": [
6+
"Organization: Arm Limited ([email protected])"
7+
]
8+
},
9+
"dataLicense": "CC0-1.0",
10+
"name": "Arm Toolchain for Embedded LLVM libc overlay",
11+
"spdxVersion": "SPDX-2.3",
12+
"documentNamespace": "https://github.com/arm/arm-toolchain/tree/arm-software/arm-software/embedded",
13+
"packages": [
14+
{
15+
"SPDXID": "SPDXRef-Package-7b00a6db-5a0c-5d02-800d-c0bd1a9b0290",
16+
"downloadLocation": "https://github.com/arm/arm-toolchain/tree/arm-software/arm-software/embedded",
17+
"filesAnalyzed": false,
18+
"licenseComments": "",
19+
"licenseConcluded": "Apache-2.0 WITH LLVM-exception",
20+
"licenseDeclared": "Apache-2.0 WITH LLVM-exception",
21+
"name": "Arm Toolchain for Embedded",
22+
"originator": "Organization: Arm Limited ([email protected])",
23+
"supplier": "Organization: Arm Limited ([email protected])"
24+
},
25+
{
26+
"SPDXID": "SPDXRef-Package-e44bc351-526b-5ca1-93c9-0f88a33b934a",
27+
"downloadLocation": "https://github.com/llvm/llvm-project/tree/main/compiler-rt",
28+
"filesAnalyzed": false,
29+
"licenseComments": "",
30+
"licenseConcluded": "Apache-2.0 WITH LLVM-exception",
31+
"licenseDeclared": "Apache-2.0 WITH LLVM-exception",
32+
"name": "compiler-rt",
33+
"originator": "Organization: LLVM Foundation ([email protected])",
34+
"supplier": "Organization: LLVM Foundation ([email protected])"
35+
},
36+
{
37+
"SPDXID": "SPDXRef-Package-09ef5819-9c48-5d94-b42b-4a918b20f6e4",
38+
"downloadLocation": "https://github.com/llvm/llvm-project/tree/main/libc",
39+
"filesAnalyzed": false,
40+
"licenseComments": "",
41+
"licenseConcluded": "Apache-2.0 WITH LLVM-exception",
42+
"licenseDeclared": "Apache-2.0 WITH LLVM-exception",
43+
"name": "libc",
44+
"originator": "Organization: LLVM Foundation ([email protected])",
45+
"supplier": "Organization: LLVM Foundation ([email protected])"
46+
}
47+
],
48+
"relationships": [
49+
{
50+
"spdxElementId": "SPDXRef-DOCUMENT",
51+
"relatedSpdxElement": "SPDXRef-Package-7b00a6db-5a0c-5d02-800d-c0bd1a9b0290",
52+
"relationshipType": "DESCRIBES"
53+
},
54+
{
55+
"spdxElementId": "SPDXRef-DOCUMENT",
56+
"relatedSpdxElement": "SPDXRef-Package-e44bc351-526b-5ca1-93c9-0f88a33b934a",
57+
"relationshipType": "DESCRIBES"
58+
},
59+
{
60+
"spdxElementId": "SPDXRef-DOCUMENT",
61+
"relatedSpdxElement": "SPDXRef-Package-09ef5819-9c48-5d94-b42b-4a918b20f6e4",
62+
"relationshipType": "DESCRIBES"
63+
}
64+
]
65+
}

arm-software/embedded/ATfE-SBOM-newlib-overlay.spdx.json

Lines changed: 111 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,111 @@
1+
{
2+
"SPDXID": "SPDXRef-DOCUMENT",
3+
"creationInfo": {
4+
"created": "2025-03-11T14:57:58Z",
5+
"creators": [
6+
"Organization: Arm Limited ([email protected])"
7+
]
8+
},
9+
"dataLicense": "CC0-1.0",
10+
"name": "Arm Toolchain for Embedded newlib overlay",
11+
"spdxVersion": "SPDX-2.3",
12+
"documentNamespace": "https://github.com/arm/arm-toolchain/tree/arm-software/arm-software/embedded",
13+
"packages": [
14+
{
15+
"SPDXID": "SPDXRef-Package-7b00a6db-5a0c-5d02-800d-c0bd1a9b0290",
16+
"downloadLocation": "https://github.com/arm/arm-toolchain/tree/arm-software/arm-software/embedded",
17+
"filesAnalyzed": false,
18+
"licenseComments": "",
19+
"licenseConcluded": "Apache-2.0 WITH LLVM-exception",
20+
"licenseDeclared": "Apache-2.0 WITH LLVM-exception",
21+
"name": "Arm Toolchain for Embedded",
22+
"originator": "Organization: Arm Limited ([email protected])",
23+
"supplier": "Organization: Arm Limited ([email protected])"
24+
},
25+
{
26+
"SPDXID": "SPDXRef-Package-e44bc351-526b-5ca1-93c9-0f88a33b934a",
27+
"downloadLocation": "https://github.com/llvm/llvm-project/tree/main/compiler-rt",
28+
"filesAnalyzed": false,
29+
"licenseComments": "",
30+
"licenseConcluded": "Apache-2.0 WITH LLVM-exception",
31+
"licenseDeclared": "Apache-2.0 WITH LLVM-exception",
32+
"name": "compiler-rt",
33+
"originator": "Organization: LLVM Foundation ([email protected])",
34+
"supplier": "Organization: LLVM Foundation ([email protected])"
35+
},
36+
{
37+
"SPDXID": "SPDXRef-Package-55633fe2-115b-594e-a5ec-84ece9a16f80",
38+
"downloadLocation": "https://github.com/llvm/llvm-project/tree/main/libcxx",
39+
"filesAnalyzed": false,
40+
"licenseComments": "",
41+
"licenseConcluded": "Apache-2.0 WITH LLVM-exception",
42+
"licenseDeclared": "Apache-2.0 WITH LLVM-exception",
43+
"name": "libcxx",
44+
"originator": "Organization: LLVM Foundation ([email protected])",
45+
"supplier": "Organization: LLVM Foundation ([email protected])"
46+
},
47+
{
48+
"SPDXID": "SPDXRef-Package-90f44391-c061-5db7-ad32-4c0951366e9e",
49+
"downloadLocation": "https://github.com/llvm/llvm-project/tree/main/libcxxabi",
50+
"filesAnalyzed": false,
51+
"licenseComments": "",
52+
"licenseConcluded": "Apache-2.0 WITH LLVM-exception",
53+
"licenseDeclared": "Apache-2.0 WITH LLVM-exception",
54+
"name": "libcxxabi",
55+
"originator": "Organization: LLVM Foundation ([email protected])",
56+
"supplier": "Organization: LLVM Foundation ([email protected])"
57+
},
58+
{
59+
"SPDXID": "SPDXRef-Package-95411904-8af0-5830-8fbc-4185e16949de",
60+
"downloadLocation": "https://github.com/llvm/llvm-project/tree/main/libunwind",
61+
"filesAnalyzed": false,
62+
"licenseComments": "",
63+
"licenseConcluded": "Apache-2.0 WITH LLVM-exception",
64+
"licenseDeclared": "Apache-2.0 WITH LLVM-exception",
65+
"name": "libunwind",
66+
"originator": "Organization: LLVM Foundation ([email protected])",
67+
"supplier": "Organization: LLVM Foundation ([email protected])"
68+
},
69+
{
70+
"SPDXID": "SPDXRef-Package-43e25662-200b-584e-b946-57bddf7cb24a",
71+
"downloadLocation": "https://sourceware.org/newlib/",
72+
"filesAnalyzed": false,
73+
"licenseComments": "Detailed list of licenses is at: https://github.com/picolibc/picolibc/blob/main/COPYING.NEWLIB",
74+
"name": "newlib",
75+
"originator": "Organization: https://sourceware.org/newlib/ ([email protected])",
76+
"supplier": "Organization: https://sourceware.org/newlib/ ([email protected])"
77+
}
78+
],
79+
"relationships": [
80+
{
81+
"spdxElementId": "SPDXRef-DOCUMENT",
82+
"relatedSpdxElement": "SPDXRef-Package-7b00a6db-5a0c-5d02-800d-c0bd1a9b0290",
83+
"relationshipType": "DESCRIBES"
84+
},
85+
{
86+
"spdxElementId": "SPDXRef-DOCUMENT",
87+
"relatedSpdxElement": "SPDXRef-Package-e44bc351-526b-5ca1-93c9-0f88a33b934a",
88+
"relationshipType": "DESCRIBES"
89+
},
90+
{
91+
"spdxElementId": "SPDXRef-DOCUMENT",
92+
"relatedSpdxElement": "SPDXRef-Package-55633fe2-115b-594e-a5ec-84ece9a16f80",
93+
"relationshipType": "DESCRIBES"
94+
},
95+
{
96+
"spdxElementId": "SPDXRef-DOCUMENT",
97+
"relatedSpdxElement": "SPDXRef-Package-90f44391-c061-5db7-ad32-4c0951366e9e",
98+
"relationshipType": "DESCRIBES"
99+
},
100+
{
101+
"spdxElementId": "SPDXRef-DOCUMENT",
102+
"relatedSpdxElement": "SPDXRef-Package-95411904-8af0-5830-8fbc-4185e16949de",
103+
"relationshipType": "DESCRIBES"
104+
},
105+
{
106+
"spdxElementId": "SPDXRef-DOCUMENT",
107+
"relatedSpdxElement": "SPDXRef-Package-43e25662-200b-584e-b946-57bddf7cb24a",
108+
"relationshipType": "DESCRIBES"
109+
}
110+
]
111+
}

arm-software/embedded/ATfE-SBOM.spdx.json

Lines changed: 159 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,159 @@
1+
{
2+
"SPDXID": "SPDXRef-DOCUMENT",
3+
"creationInfo": {
4+
"created": "2025-03-11T14:57:51Z",
5+
"creators": [
6+
"Organization: Arm Limited ([email protected])"
7+
]
8+
},
9+
"dataLicense": "CC0-1.0",
10+
"name": "Arm Toolchain for Embedded",
11+
"spdxVersion": "SPDX-2.3",
12+
"documentNamespace": "https://github.com/arm/arm-toolchain/tree/arm-software/arm-software/embedded",
13+
"packages": [
14+
{
15+
"SPDXID": "SPDXRef-Package-7b00a6db-5a0c-5d02-800d-c0bd1a9b0290",
16+
"downloadLocation": "https://github.com/arm/arm-toolchain/tree/arm-software/arm-software/embedded",
17+
"filesAnalyzed": false,
18+
"licenseComments": "",
19+
"licenseConcluded": "Apache-2.0 WITH LLVM-exception",
20+
"licenseDeclared": "Apache-2.0 WITH LLVM-exception",
21+
"name": "Arm Toolchain for Embedded",
22+
"originator": "Organization: Arm Limited ([email protected])",
23+
"supplier": "Organization: Arm Limited ([email protected])"
24+
},
25+
{
26+
"SPDXID": "SPDXRef-Package-e47101d8-f397-517a-826a-074c99307e4a",
27+
"downloadLocation": "https://github.com/llvm/llvm-project",
28+
"filesAnalyzed": false,
29+
"licenseComments": "",
30+
"licenseConcluded": "Apache-2.0 WITH LLVM-exception",
31+
"licenseDeclared": "Apache-2.0 WITH LLVM-exception",
32+
"name": "llvm-project",
33+
"originator": "Organization: LLVM Foundation ([email protected])",
34+
"supplier": "Organization: LLVM Foundation ([email protected])"
35+
},
36+
{
37+
"SPDXID": "SPDXRef-Package-2f874dca-9a59-5f2c-8623-486b883acceb",
38+
"downloadLocation": "https://github.com/llvm/llvm-project/tree/main/clang",
39+
"filesAnalyzed": false,
40+
"licenseComments": "",
41+
"licenseConcluded": "Apache-2.0 WITH LLVM-exception",
42+
"licenseDeclared": "Apache-2.0 WITH LLVM-exception",
43+
"name": "clang",
44+
"originator": "Organization: LLVM Foundation ([email protected])",
45+
"supplier": "Organization: LLVM Foundation ([email protected])"
46+
},
47+
{
48+
"SPDXID": "SPDXRef-Package-a247e320-5008-5abf-98dd-286d8ce8d45d",
49+
"downloadLocation": "https://github.com/llvm/llvm-project/tree/main/lld",
50+
"filesAnalyzed": false,
51+
"licenseComments": "",
52+
"licenseConcluded": "Apache-2.0 WITH LLVM-exception",
53+
"licenseDeclared": "Apache-2.0 WITH LLVM-exception",
54+
"name": "lld",
55+
"originator": "Organization: LLVM Foundation ([email protected])",
56+
"supplier": "Organization: LLVM Foundation ([email protected])"
57+
},
58+
{
59+
"SPDXID": "SPDXRef-Package-e44bc351-526b-5ca1-93c9-0f88a33b934a",
60+
"downloadLocation": "https://github.com/llvm/llvm-project/tree/main/compiler-rt",
61+
"filesAnalyzed": false,
62+
"licenseComments": "",
63+
"licenseConcluded": "Apache-2.0 WITH LLVM-exception",
64+
"licenseDeclared": "Apache-2.0 WITH LLVM-exception",
65+
"name": "compiler-rt",
66+
"originator": "Organization: LLVM Foundation ([email protected])",
67+
"supplier": "Organization: LLVM Foundation ([email protected])"
68+
},
69+
{
70+
"SPDXID": "SPDXRef-Package-55633fe2-115b-594e-a5ec-84ece9a16f80",
71+
"downloadLocation": "https://github.com/llvm/llvm-project/tree/main/libcxx",
72+
"filesAnalyzed": false,
73+
"licenseComments": "",
74+
"licenseConcluded": "Apache-2.0 WITH LLVM-exception",
75+
"licenseDeclared": "Apache-2.0 WITH LLVM-exception",
76+
"name": "libcxx",
77+
"originator": "Organization: LLVM Foundation ([email protected])",
78+
"supplier": "Organization: LLVM Foundation ([email protected])"
79+
},
80+
{
81+
"SPDXID": "SPDXRef-Package-90f44391-c061-5db7-ad32-4c0951366e9e",
82+
"downloadLocation": "https://github.com/llvm/llvm-project/tree/main/libcxxabi",
83+
"filesAnalyzed": false,
84+
"licenseComments": "",
85+
"licenseConcluded": "Apache-2.0 WITH LLVM-exception",
86+
"licenseDeclared": "Apache-2.0 WITH LLVM-exception",
87+
"name": "libcxxabi",
88+
"originator": "Organization: LLVM Foundation ([email protected])",
89+
"supplier": "Organization: LLVM Foundation ([email protected])"
90+
},
91+
{
92+
"SPDXID": "SPDXRef-Package-95411904-8af0-5830-8fbc-4185e16949de",
93+
"downloadLocation": "https://github.com/llvm/llvm-project/tree/main/libunwind",
94+
"filesAnalyzed": false,
95+
"licenseComments": "",
96+
"licenseConcluded": "Apache-2.0 WITH LLVM-exception",
97+
"licenseDeclared": "Apache-2.0 WITH LLVM-exception",
98+
"name": "libunwind",
99+
"originator": "Organization: LLVM Foundation ([email protected])",
100+
"supplier": "Organization: LLVM Foundation ([email protected])"
101+
},
102+
{
103+
"SPDXID": "SPDXRef-Package-8f339123-88e4-5ff4-9a69-bc4b0c8d65d0",
104+
"downloadLocation": "https://github.com/picolibc/picolibc",
105+
"filesAnalyzed": false,
106+
"licenseComments": "Detailed list of licenses is at: https://github.com/picolibc/picolibc/blob/main/COPYING.picolibc",
107+
"name": "picolibc",
108+
"originator": "Person: Keith Packard (https://github.com/keith-packard)",
109+
"supplier": "Person: Keith Packard (https://github.com/keith-packard)"
110+
}
111+
],
112+
"relationships": [
113+
{
114+
"spdxElementId": "SPDXRef-DOCUMENT",
115+
"relatedSpdxElement": "SPDXRef-Package-7b00a6db-5a0c-5d02-800d-c0bd1a9b0290",
116+
"relationshipType": "DESCRIBES"
117+
},
118+
{
119+
"spdxElementId": "SPDXRef-DOCUMENT",
120+
"relatedSpdxElement": "SPDXRef-Package-e47101d8-f397-517a-826a-074c99307e4a",
121+
"relationshipType": "DESCRIBES"
122+
},
123+
{
124+
"spdxElementId": "SPDXRef-DOCUMENT",
125+
"relatedSpdxElement": "SPDXRef-Package-2f874dca-9a59-5f2c-8623-486b883acceb",
126+
"relationshipType": "DESCRIBES"
127+
},
128+
{
129+
"spdxElementId": "SPDXRef-DOCUMENT",
130+
"relatedSpdxElement": "SPDXRef-Package-a247e320-5008-5abf-98dd-286d8ce8d45d",
131+
"relationshipType": "DESCRIBES"
132+
},
133+
{
134+
"spdxElementId": "SPDXRef-DOCUMENT",
135+
"relatedSpdxElement": "SPDXRef-Package-e44bc351-526b-5ca1-93c9-0f88a33b934a",
136+
"relationshipType": "DESCRIBES"
137+
},
138+
{
139+
"spdxElementId": "SPDXRef-DOCUMENT",
140+
"relatedSpdxElement": "SPDXRef-Package-55633fe2-115b-594e-a5ec-84ece9a16f80",
141+
"relationshipType": "DESCRIBES"
142+
},
143+
{
144+
"spdxElementId": "SPDXRef-DOCUMENT",
145+
"relatedSpdxElement": "SPDXRef-Package-90f44391-c061-5db7-ad32-4c0951366e9e",
146+
"relationshipType": "DESCRIBES"
147+
},
148+
{
149+
"spdxElementId": "SPDXRef-DOCUMENT",
150+
"relatedSpdxElement": "SPDXRef-Package-95411904-8af0-5830-8fbc-4185e16949de",
151+
"relationshipType": "DESCRIBES"
152+
},
153+
{
154+
"spdxElementId": "SPDXRef-DOCUMENT",
155+
"relatedSpdxElement": "SPDXRef-Package-8f339123-88e4-5ff4-9a69-bc4b0c8d65d0",
156+
"relationshipType": "DESCRIBES"
157+
}
158+
]
159+
}

arm-software/embedded/CMakeLists.txt

Lines changed: 14 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -319,6 +319,12 @@ if(LLVM_TOOLCHAIN_C_LIBRARY MATCHES "^newlib")
319319
DESTINATION bin
320320
COMPONENT llvm-toolchain-${LLVM_TOOLCHAIN_C_LIBRARY}-configs
321321
)
322+
install(
323+
FILES
324+
${CMAKE_CURRENT_SOURCE_DIR}/ATfE-SBOM-newlib-overlay.spdx.json
325+
DESTINATION .
326+
COMPONENT llvm-toolchain-${LLVM_TOOLCHAIN_C_LIBRARY}-configs
327+
)
322328
install(
323329
DIRECTORY
324330
${CMAKE_CURRENT_SOURCE_DIR}/newlib-samples/
@@ -353,6 +359,13 @@ if(LLVM_TOOLCHAIN_C_LIBRARY STREQUAL llvmlibc)
353359
COMPONENT llvm-toolchain-llvmlibc-configs
354360
)
355361

362+
install(
363+
FILES
364+
${CMAKE_CURRENT_SOURCE_DIR}/ATfE-SBOM-llvmlibc-overlay.spdx.json
365+
DESTINATION .
366+
COMPONENT llvm-toolchain-llvmlibc-configs
367+
)
368+
356369
install(
357370
DIRECTORY
358371
${CMAKE_CURRENT_SOURCE_DIR}/llvmlibc-samples/src
@@ -686,7 +699,7 @@ install(
686699
)
687700

688701
install(
689-
FILES CHANGELOG.md LICENSE.txt README.md
702+
FILES CHANGELOG.md LICENSE.txt README.md ATfE-SBOM.spdx.json
690703
DESTINATION .
691704
COMPONENT llvm-toolchain-docs
692705
)

0 commit comments

Comments
 (0)