mirror of
https://github.com/ARM-software/arm-trusted-firmware.git
synced 2026-07-01 20:25:08 +00:00
Improve supply chain security by including a SBOM file with substituted
values.
This will be used to construct a composite platform SBOM.
Change-Id: Ia34338854a0eaa4f3a8799c23e46aae382792252
Signed-off-by: Richard Hughes <richard@hughsie.com>
Signed-off-by: Yann Gautier <yann.gautier@st.com>
(cherry picked from commit 5e04d63612)
48 lines
1.1 KiB
JSON
48 lines
1.1 KiB
JSON
{
|
|
"bomFormat": "CycloneDX",
|
|
"specVersion": "1.6",
|
|
"version": 1,
|
|
"metadata": {
|
|
"authors": [
|
|
{
|
|
"name": "@VCS_SBOM_AUTHORS@"
|
|
}
|
|
]
|
|
},
|
|
"components": [
|
|
{
|
|
"type": "library",
|
|
"bom-ref": "pkg:github/TrustedFirmware-A/trusted-firmware-a@@VCS_TAG@",
|
|
"cpe": "cpe:2.3:a:trustedfirmware.org:trusted-firmware-a:@VCS_TAG@:*:*:*:*:*:*:*",
|
|
"name": "trusted-firmware-a",
|
|
"version": "@VCS_VERSION@",
|
|
"description": "Reference implementation of secure software for Arm A-Profile architectures",
|
|
"authors": [
|
|
{
|
|
"name": "@VCS_AUTHORS@"
|
|
}
|
|
],
|
|
"supplier": {
|
|
"name": "trustedfirmware.org"
|
|
},
|
|
"licenses": [
|
|
{
|
|
"license": {
|
|
"id": "BSD-3-Clause"
|
|
}
|
|
}
|
|
],
|
|
"externalReferences": [
|
|
{
|
|
"type": "vcs",
|
|
"url": "https://review.trustedfirmware.org/TF-A/trusted-firmware-a"
|
|
},
|
|
{
|
|
"type": "vcs",
|
|
"url": "https://github.com/TrustedFirmware-A/trusted-firmware-a"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
}
|