Files
arm-trusted-firmware/docs/sbom.cdx.json
T
Richard HughesandYann Gautier 3bd1d85f1e chore(docs): add a SBOM template in CycloneDX format
Improve supply chain security by including a SBOM file with substituted
values.

This will be used to construct a composite platform SBOM.

Change-Id: Ia34338854a0eaa4f3a8799c23e46aae382792252
Signed-off-by: Richard Hughes <richard@hughsie.com>
Signed-off-by: Yann Gautier <yann.gautier@st.com>
(cherry picked from commit 5e04d63612)
2025-05-23 14:31:17 +02:00

48 lines
1.1 KiB
JSON

{
"bomFormat": "CycloneDX",
"specVersion": "1.6",
"version": 1,
"metadata": {
"authors": [
{
"name": "@VCS_SBOM_AUTHORS@"
}
]
},
"components": [
{
"type": "library",
"bom-ref": "pkg:github/TrustedFirmware-A/trusted-firmware-a@@VCS_TAG@",
"cpe": "cpe:2.3:a:trustedfirmware.org:trusted-firmware-a:@VCS_TAG@:*:*:*:*:*:*:*",
"name": "trusted-firmware-a",
"version": "@VCS_VERSION@",
"description": "Reference implementation of secure software for Arm A-Profile architectures",
"authors": [
{
"name": "@VCS_AUTHORS@"
}
],
"supplier": {
"name": "trustedfirmware.org"
},
"licenses": [
{
"license": {
"id": "BSD-3-Clause"
}
}
],
"externalReferences": [
{
"type": "vcs",
"url": "https://review.trustedfirmware.org/TF-A/trusted-firmware-a"
},
{
"type": "vcs",
"url": "https://github.com/TrustedFirmware-A/trusted-firmware-a"
}
]
}
]
}