commit 39deb24f408cad00676d165e389dc5691cd92d5d
author Nigel Tao <nigeltao@golang.org> Mon May 19 14:13:22 2025 +1000
committer GitHub <noreply@github.com> Mon May 19 14:13:22 2025 +1000
tree afec9a294fa2dae38d0595bce1ea2f8789134785
parent 7250990196ab0306f16b639feefbbca4d5323080
parent 13d041626c066b518d07a13b0822f25f992316cc

Merge pull request #155 from hughsie/hughsie/sbom

Add a SBOM template in CycloneDX format

doc/sbom.cdx.json

diff --git a/doc/sbom.cdx.json b/doc/sbom.cdx.json
new file mode 100644
index 0000000..14be33d
--- /dev/null
+++ b/doc/sbom.cdx.json
@@ -0,0 +1,48 @@
+{
+  "bomFormat": "CycloneDX",
+  "specVersion": "1.6",
+  "version": 1,
+  "metadata": {
+    "authors": [
+      {
+        "name": "@VCS_SBOM_AUTHORS@"
+      }
+    ]
+  },
+  "components": [
+    {
+      "type": "library",
+      "bom-ref": "pkg:github/google/wuffs@@VCS_TAG@",
+      "cpe": "cpe:2.3:a:google:wuffs:@VCS_TAG@:*:*:*:*:*:*:*",
+      "name": "Wuffs",
+      "version": "@VCS_VERSION@",
+      "description": "A memory-safe programming language for Wrangling Untrusted File Formats Safely",
+      "authors": [
+        {
+          "name": "@VCS_AUTHORS@"
+        }
+      ],
+      "supplier": {
+        "name": "Google"
+      },
+      "licenses": [
+        {
+          "license": {
+            "id": "MIT"
+          }
+        },
+        {
+          "license": {
+            "id": "Apache-2.0"
+          }
+        }
+      ],
+      "externalReferences": [
+        {
+          "type": "vcs",
+          "url": "https://github.com/google/wuffs"
+        }
+      ]
+    }
+  ]
+}