diff --git a/sbom-utility-scripts/scripts/merge-cachi2-sboms-script/test_data/merged.bom.json b/sbom-utility-scripts/scripts/merge-cachi2-sboms-script/test_data/merged.bom.json index 5c83bd2..0da3944 100644 --- a/sbom-utility-scripts/scripts/merge-cachi2-sboms-script/test_data/merged.bom.json +++ b/sbom-utility-scripts/scripts/merge-cachi2-sboms-script/test_data/merged.bom.json @@ -3,7 +3,45 @@ "bomFormat": "CycloneDX", "components": [ { - "bom-ref": "pkg:rpm/rhel/basesystem@11-13.el9?arch=noarch&upstream=basesystem-11-13.el9.src.rpm&distro=rhel-9.5&package-id=c5f52a38a9661dc3", + "bom-ref": "pkg:golang/github.com/release-engineering/retrodep@v2.1.0?package-id=b1aab99da74371f7#v2", + "cpe": "cpe:2.3:a:release-engineering:retrodep\\/v2:v2.1.0:*:*:*:*:*:*:*", + "name": "github.com/release-engineering/retrodep/v2", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "go-module-file-cataloger" + }, + { + "name": "syft:package:language", + "value": "go" + }, + { + "name": "syft:package:type", + "value": "go-module" + }, + { + "name": "syft:package:metadataType", + "value": "go-module-entry" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:release_engineering:retrodep\\/v2:v2.1.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:release:retrodep\\/v2:v2.1.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:path", + "value": "/go.mod" + } + ], + "purl": "pkg:golang/github.com/release-engineering/retrodep@v2.1.0#v2", + "type": "library", + "version": "v2.1.0" + }, + { + "bom-ref": "pkg:rpm/rhel/basesystem@11-13.el9?arch=noarch&upstream=basesystem-11-13.el9.src.rpm&distro=rhel-9.5&package-id=fcabd006cb3bfe7d", "cpe": "cpe:2.3:a:basesystem:basesystem:11-13.el9:*:*:*:*:*:*:*", "licenses": [ { @@ -16,7 +54,7 @@ "properties": [ { "name": "syft:package:foundBy", - "value": "sbom-cataloger" + "value": "rpm-db-cataloger" }, { "name": "syft:package:type", @@ -31,16 +69,12 @@ "value": "cpe:2.3:a:redhat:basesystem:11-13.el9:*:*:*:*:*:*:*" }, { - "name": "syft:cpe23", - "value": "cpe:2.3:a:basesystem:basesystem:11-13.el9:*:*:*:*:*:*:*" - }, - { - "name": "syft:cpe23", - "value": "cpe:2.3:a:redhat:basesystem:11-13.el9:*:*:*:*:*:*:*" + "name": "syft:location:0:layerID", + "value": "sha256:80526afc1420aa15b68150d4edd3d97bead4bb6f451b560a9465456f7c9273b1" }, { "name": "syft:location:0:path", - "value": "/ubi-micro.bom.json" + "value": "/var/lib/rpm/rpmdb.sqlite" }, { "name": "syft:metadata:release", @@ -61,7 +95,7 @@ "version": "11-13.el9" }, { - "bom-ref": "pkg:rpm/rhel/bash@5.1.8-9.el9?arch=x86_64&upstream=bash-5.1.8-9.el9.src.rpm&distro=rhel-9.5&package-id=70bc982e916e30d4", + "bom-ref": "pkg:rpm/rhel/bash@5.1.8-9.el9?arch=x86_64&upstream=bash-5.1.8-9.el9.src.rpm&distro=rhel-9.5&package-id=a6062d7253817d9d", "cpe": "cpe:2.3:a:redhat:bash:5.1.8-9.el9:*:*:*:*:*:*:*", "licenses": [ { @@ -74,7 +108,7 @@ "properties": [ { "name": "syft:package:foundBy", - "value": "sbom-cataloger" + "value": "rpm-db-cataloger" }, { "name": "syft:package:type", @@ -89,16 +123,12 @@ "value": "cpe:2.3:a:bash:bash:5.1.8-9.el9:*:*:*:*:*:*:*" }, { - "name": "syft:cpe23", - "value": "cpe:2.3:a:redhat:bash:5.1.8-9.el9:*:*:*:*:*:*:*" - }, - { - "name": "syft:cpe23", - "value": "cpe:2.3:a:bash:bash:5.1.8-9.el9:*:*:*:*:*:*:*" + "name": "syft:location:0:layerID", + "value": "sha256:80526afc1420aa15b68150d4edd3d97bead4bb6f451b560a9465456f7c9273b1" }, { "name": "syft:location:0:path", - "value": "/ubi-micro.bom.json" + "value": "/var/lib/rpm/rpmdb.sqlite" }, { "name": "syft:metadata:release", @@ -119,7 +149,7 @@ "version": "5.1.8-9.el9" }, { - "bom-ref": "pkg:rpm/rhel/coreutils-single@8.32-36.el9?arch=x86_64&upstream=coreutils-8.32-36.el9.src.rpm&distro=rhel-9.5&package-id=f26726f28e90ce75", + "bom-ref": "pkg:rpm/rhel/coreutils-single@8.32-36.el9?arch=x86_64&upstream=coreutils-8.32-36.el9.src.rpm&distro=rhel-9.5&package-id=bc07797a46d14a80", "cpe": "cpe:2.3:a:coreutils-single:coreutils-single:8.32-36.el9:*:*:*:*:*:*:*", "licenses": [ { @@ -132,7 +162,7 @@ "properties": [ { "name": "syft:package:foundBy", - "value": "sbom-cataloger" + "value": "rpm-db-cataloger" }, { "name": "syft:package:type", @@ -171,40 +201,12 @@ "value": "cpe:2.3:a:redhat:coreutils_single:8.32-36.el9:*:*:*:*:*:*:*" }, { - "name": "syft:cpe23", - "value": "cpe:2.3:a:coreutils-single:coreutils-single:8.32-36.el9:*:*:*:*:*:*:*" - }, - { - "name": "syft:cpe23", - "value": "cpe:2.3:a:coreutils-single:coreutils_single:8.32-36.el9:*:*:*:*:*:*:*" - }, - { - "name": "syft:cpe23", - "value": "cpe:2.3:a:coreutils_single:coreutils-single:8.32-36.el9:*:*:*:*:*:*:*" - }, - { - "name": "syft:cpe23", - "value": "cpe:2.3:a:coreutils_single:coreutils_single:8.32-36.el9:*:*:*:*:*:*:*" - }, - { - "name": "syft:cpe23", - "value": "cpe:2.3:a:coreutils:coreutils-single:8.32-36.el9:*:*:*:*:*:*:*" - }, - { - "name": "syft:cpe23", - "value": "cpe:2.3:a:coreutils:coreutils_single:8.32-36.el9:*:*:*:*:*:*:*" - }, - { - "name": "syft:cpe23", - "value": "cpe:2.3:a:redhat:coreutils-single:8.32-36.el9:*:*:*:*:*:*:*" - }, - { - "name": "syft:cpe23", - "value": "cpe:2.3:a:redhat:coreutils_single:8.32-36.el9:*:*:*:*:*:*:*" + "name": "syft:location:0:layerID", + "value": "sha256:80526afc1420aa15b68150d4edd3d97bead4bb6f451b560a9465456f7c9273b1" }, { "name": "syft:location:0:path", - "value": "/ubi-micro.bom.json" + "value": "/var/lib/rpm/rpmdb.sqlite" }, { "name": "syft:metadata:release", @@ -225,7 +227,7 @@ "version": "8.32-36.el9" }, { - "bom-ref": "pkg:rpm/rhel/filesystem@3.16-5.el9?arch=x86_64&upstream=filesystem-3.16-5.el9.src.rpm&distro=rhel-9.5&package-id=77424b7b1080bae1", + "bom-ref": "pkg:rpm/rhel/filesystem@3.16-5.el9?arch=x86_64&upstream=filesystem-3.16-5.el9.src.rpm&distro=rhel-9.5&package-id=5423c4a724c69dca", "cpe": "cpe:2.3:a:filesystem:filesystem:3.16-5.el9:*:*:*:*:*:*:*", "licenses": [ { @@ -238,7 +240,7 @@ "properties": [ { "name": "syft:package:foundBy", - "value": "sbom-cataloger" + "value": "rpm-db-cataloger" }, { "name": "syft:package:type", @@ -253,16 +255,12 @@ "value": "cpe:2.3:a:redhat:filesystem:3.16-5.el9:*:*:*:*:*:*:*" }, { - "name": "syft:cpe23", - "value": "cpe:2.3:a:filesystem:filesystem:3.16-5.el9:*:*:*:*:*:*:*" - }, - { - "name": "syft:cpe23", - "value": "cpe:2.3:a:redhat:filesystem:3.16-5.el9:*:*:*:*:*:*:*" + "name": "syft:location:0:layerID", + "value": "sha256:80526afc1420aa15b68150d4edd3d97bead4bb6f451b560a9465456f7c9273b1" }, { "name": "syft:location:0:path", - "value": "/ubi-micro.bom.json" + "value": "/var/lib/rpm/rpmdb.sqlite" }, { "name": "syft:metadata:release", @@ -283,57 +281,7 @@ "version": "3.16-5.el9" }, { - "bom-ref": "pkg:golang/github.com/release-engineering/retrodep@v2.1.0?package-id=b1aab99da74371f7#v2", - "cpe": "cpe:2.3:a:release-engineering:retrodep\\/v2:v2.1.0:*:*:*:*:*:*:*", - "name": "github.com/release-engineering/retrodep/v2", - "properties": [ - { - "name": "syft:package:foundBy", - "value": "sbom-cataloger" - }, - { - "name": "syft:package:language", - "value": "go" - }, - { - "name": "syft:package:type", - "value": "go-module" - }, - { - "name": "syft:package:metadataType", - "value": "go-module-entry" - }, - { - "name": "syft:cpe23", - "value": "cpe:2.3:a:release_engineering:retrodep\\/v2:v2.1.0:*:*:*:*:*:*:*" - }, - { - "name": "syft:cpe23", - "value": "cpe:2.3:a:release:retrodep\\/v2:v2.1.0:*:*:*:*:*:*:*" - }, - { - "name": "syft:cpe23", - "value": "cpe:2.3:a:release-engineering:retrodep\\/v2:v2.1.0:*:*:*:*:*:*:*" - }, - { - "name": "syft:cpe23", - "value": "cpe:2.3:a:release_engineering:retrodep\\/v2:v2.1.0:*:*:*:*:*:*:*" - }, - { - "name": "syft:cpe23", - "value": "cpe:2.3:a:release:retrodep\\/v2:v2.1.0:*:*:*:*:*:*:*" - }, - { - "name": "syft:location:0:path", - "value": "/gomod-pandemonium.bom.json" - } - ], - "purl": "pkg:golang/github.com/release-engineering/retrodep@v2.1.0#v2", - "type": "library", - "version": "v2.1.0" - }, - { - "bom-ref": "pkg:rpm/rhel/glibc@2.34-125.el9_5.1?arch=x86_64&upstream=glibc-2.34-125.el9_5.1.src.rpm&distro=rhel-9.5&package-id=9489b86e448d8dfd", + "bom-ref": "pkg:rpm/rhel/glibc@2.34-125.el9_5.1?arch=x86_64&upstream=glibc-2.34-125.el9_5.1.src.rpm&distro=rhel-9.5&package-id=ab6bbd6d165109d2", "cpe": "cpe:2.3:a:redhat:glibc:2.34-125.el9_5.1:*:*:*:*:*:*:*", "licenses": [ { @@ -346,7 +294,7 @@ "properties": [ { "name": "syft:package:foundBy", - "value": "sbom-cataloger" + "value": "rpm-db-cataloger" }, { "name": "syft:package:type", @@ -361,16 +309,12 @@ "value": "cpe:2.3:a:glibc:glibc:2.34-125.el9_5.1:*:*:*:*:*:*:*" }, { - "name": "syft:cpe23", - "value": "cpe:2.3:a:redhat:glibc:2.34-125.el9_5.1:*:*:*:*:*:*:*" - }, - { - "name": "syft:cpe23", - "value": "cpe:2.3:a:glibc:glibc:2.34-125.el9_5.1:*:*:*:*:*:*:*" + "name": "syft:location:0:layerID", + "value": "sha256:80526afc1420aa15b68150d4edd3d97bead4bb6f451b560a9465456f7c9273b1" }, { "name": "syft:location:0:path", - "value": "/ubi-micro.bom.json" + "value": "/var/lib/rpm/rpmdb.sqlite" }, { "name": "syft:metadata:release", @@ -391,7 +335,7 @@ "version": "2.34-125.el9_5.1" }, { - "bom-ref": "pkg:rpm/rhel/glibc-common@2.34-125.el9_5.1?arch=x86_64&upstream=glibc-2.34-125.el9_5.1.src.rpm&distro=rhel-9.5&package-id=311b45c789b83bf4", + "bom-ref": "pkg:rpm/rhel/glibc-common@2.34-125.el9_5.1?arch=x86_64&upstream=glibc-2.34-125.el9_5.1.src.rpm&distro=rhel-9.5&package-id=5d2e03b4ae3e405b", "cpe": "cpe:2.3:a:glibc-common:glibc-common:2.34-125.el9_5.1:*:*:*:*:*:*:*", "licenses": [ { @@ -404,7 +348,7 @@ "properties": [ { "name": "syft:package:foundBy", - "value": "sbom-cataloger" + "value": "rpm-db-cataloger" }, { "name": "syft:package:type", @@ -443,40 +387,12 @@ "value": "cpe:2.3:a:glibc:glibc_common:2.34-125.el9_5.1:*:*:*:*:*:*:*" }, { - "name": "syft:cpe23", - "value": "cpe:2.3:a:glibc-common:glibc-common:2.34-125.el9_5.1:*:*:*:*:*:*:*" - }, - { - "name": "syft:cpe23", - "value": "cpe:2.3:a:glibc-common:glibc_common:2.34-125.el9_5.1:*:*:*:*:*:*:*" - }, - { - "name": "syft:cpe23", - "value": "cpe:2.3:a:glibc_common:glibc-common:2.34-125.el9_5.1:*:*:*:*:*:*:*" - }, - { - "name": "syft:cpe23", - "value": "cpe:2.3:a:glibc_common:glibc_common:2.34-125.el9_5.1:*:*:*:*:*:*:*" - }, - { - "name": "syft:cpe23", - "value": "cpe:2.3:a:redhat:glibc-common:2.34-125.el9_5.1:*:*:*:*:*:*:*" - }, - { - "name": "syft:cpe23", - "value": "cpe:2.3:a:redhat:glibc_common:2.34-125.el9_5.1:*:*:*:*:*:*:*" - }, - { - "name": "syft:cpe23", - "value": "cpe:2.3:a:glibc:glibc-common:2.34-125.el9_5.1:*:*:*:*:*:*:*" - }, - { - "name": "syft:cpe23", - "value": "cpe:2.3:a:glibc:glibc_common:2.34-125.el9_5.1:*:*:*:*:*:*:*" + "name": "syft:location:0:layerID", + "value": "sha256:80526afc1420aa15b68150d4edd3d97bead4bb6f451b560a9465456f7c9273b1" }, { "name": "syft:location:0:path", - "value": "/ubi-micro.bom.json" + "value": "/var/lib/rpm/rpmdb.sqlite" }, { "name": "syft:metadata:release", @@ -497,7 +413,7 @@ "version": "2.34-125.el9_5.1" }, { - "bom-ref": "pkg:rpm/rhel/glibc-minimal-langpack@2.34-125.el9_5.1?arch=x86_64&upstream=glibc-2.34-125.el9_5.1.src.rpm&distro=rhel-9.5&package-id=987fcae5ecc095f4", + "bom-ref": "pkg:rpm/rhel/glibc-minimal-langpack@2.34-125.el9_5.1?arch=x86_64&upstream=glibc-2.34-125.el9_5.1.src.rpm&distro=rhel-9.5&package-id=d35bdd9cfa0b8d62", "cpe": "cpe:2.3:a:glibc-minimal-langpack:glibc-minimal-langpack:2.34-125.el9_5.1:*:*:*:*:*:*:*", "licenses": [ { @@ -510,7 +426,7 @@ "properties": [ { "name": "syft:package:foundBy", - "value": "sbom-cataloger" + "value": "rpm-db-cataloger" }, { "name": "syft:package:type", @@ -565,56 +481,12 @@ "value": "cpe:2.3:a:glibc:glibc_minimal_langpack:2.34-125.el9_5.1:*:*:*:*:*:*:*" }, { - "name": "syft:cpe23", - "value": "cpe:2.3:a:glibc-minimal-langpack:glibc-minimal-langpack:2.34-125.el9_5.1:*:*:*:*:*:*:*" - }, - { - "name": "syft:cpe23", - "value": "cpe:2.3:a:glibc-minimal-langpack:glibc_minimal_langpack:2.34-125.el9_5.1:*:*:*:*:*:*:*" - }, - { - "name": "syft:cpe23", - "value": "cpe:2.3:a:glibc_minimal_langpack:glibc-minimal-langpack:2.34-125.el9_5.1:*:*:*:*:*:*:*" - }, - { - "name": "syft:cpe23", - "value": "cpe:2.3:a:glibc_minimal_langpack:glibc_minimal_langpack:2.34-125.el9_5.1:*:*:*:*:*:*:*" - }, - { - "name": "syft:cpe23", - "value": "cpe:2.3:a:glibc-minimal:glibc-minimal-langpack:2.34-125.el9_5.1:*:*:*:*:*:*:*" - }, - { - "name": "syft:cpe23", - "value": "cpe:2.3:a:glibc-minimal:glibc_minimal_langpack:2.34-125.el9_5.1:*:*:*:*:*:*:*" - }, - { - "name": "syft:cpe23", - "value": "cpe:2.3:a:glibc_minimal:glibc-minimal-langpack:2.34-125.el9_5.1:*:*:*:*:*:*:*" - }, - { - "name": "syft:cpe23", - "value": "cpe:2.3:a:glibc_minimal:glibc_minimal_langpack:2.34-125.el9_5.1:*:*:*:*:*:*:*" - }, - { - "name": "syft:cpe23", - "value": "cpe:2.3:a:redhat:glibc-minimal-langpack:2.34-125.el9_5.1:*:*:*:*:*:*:*" - }, - { - "name": "syft:cpe23", - "value": "cpe:2.3:a:redhat:glibc_minimal_langpack:2.34-125.el9_5.1:*:*:*:*:*:*:*" - }, - { - "name": "syft:cpe23", - "value": "cpe:2.3:a:glibc:glibc-minimal-langpack:2.34-125.el9_5.1:*:*:*:*:*:*:*" - }, - { - "name": "syft:cpe23", - "value": "cpe:2.3:a:glibc:glibc_minimal_langpack:2.34-125.el9_5.1:*:*:*:*:*:*:*" + "name": "syft:location:0:layerID", + "value": "sha256:80526afc1420aa15b68150d4edd3d97bead4bb6f451b560a9465456f7c9273b1" }, { "name": "syft:location:0:path", - "value": "/ubi-micro.bom.json" + "value": "/var/lib/rpm/rpmdb.sqlite" }, { "name": "syft:metadata:release", @@ -635,7 +507,7 @@ "version": "2.34-125.el9_5.1" }, { - "bom-ref": "pkg:rpm/rhel/gpg-pubkey@5a6340b3-6229229e?distro=rhel-9.5&package-id=6f295cf72da6a770", + "bom-ref": "pkg:rpm/rhel/gpg-pubkey@5a6340b3-6229229e?distro=rhel-9.5&package-id=6a4614b48b443e33", "cpe": "cpe:2.3:a:gpg-pubkey:gpg-pubkey:5a6340b3-6229229e:*:*:*:*:*:*:*", "licenses": [ { @@ -648,7 +520,7 @@ "properties": [ { "name": "syft:package:foundBy", - "value": "sbom-cataloger" + "value": "rpm-db-cataloger" }, { "name": "syft:package:type", @@ -679,32 +551,12 @@ "value": "cpe:2.3:a:gpg:gpg_pubkey:5a6340b3-6229229e:*:*:*:*:*:*:*" }, { - "name": "syft:cpe23", - "value": "cpe:2.3:a:gpg-pubkey:gpg-pubkey:5a6340b3-6229229e:*:*:*:*:*:*:*" - }, - { - "name": "syft:cpe23", - "value": "cpe:2.3:a:gpg-pubkey:gpg_pubkey:5a6340b3-6229229e:*:*:*:*:*:*:*" - }, - { - "name": "syft:cpe23", - "value": "cpe:2.3:a:gpg_pubkey:gpg-pubkey:5a6340b3-6229229e:*:*:*:*:*:*:*" - }, - { - "name": "syft:cpe23", - "value": "cpe:2.3:a:gpg_pubkey:gpg_pubkey:5a6340b3-6229229e:*:*:*:*:*:*:*" - }, - { - "name": "syft:cpe23", - "value": "cpe:2.3:a:gpg:gpg-pubkey:5a6340b3-6229229e:*:*:*:*:*:*:*" - }, - { - "name": "syft:cpe23", - "value": "cpe:2.3:a:gpg:gpg_pubkey:5a6340b3-6229229e:*:*:*:*:*:*:*" + "name": "syft:location:0:layerID", + "value": "sha256:80526afc1420aa15b68150d4edd3d97bead4bb6f451b560a9465456f7c9273b1" }, { "name": "syft:location:0:path", - "value": "/ubi-micro.bom.json" + "value": "/var/lib/rpm/rpmdb.sqlite" }, { "name": "syft:metadata:release", @@ -720,7 +572,7 @@ "version": "5a6340b3-6229229e" }, { - "bom-ref": "pkg:rpm/rhel/gpg-pubkey@fd431d51-4ae0493b?distro=rhel-9.5&package-id=c388b788c5f4618d", + "bom-ref": "pkg:rpm/rhel/gpg-pubkey@fd431d51-4ae0493b?distro=rhel-9.5&package-id=0b9edfc7dd36b25d", "cpe": "cpe:2.3:a:gpg-pubkey:gpg-pubkey:fd431d51-4ae0493b:*:*:*:*:*:*:*", "licenses": [ { @@ -733,7 +585,7 @@ "properties": [ { "name": "syft:package:foundBy", - "value": "sbom-cataloger" + "value": "rpm-db-cataloger" }, { "name": "syft:package:type", @@ -764,32 +616,12 @@ "value": "cpe:2.3:a:gpg:gpg_pubkey:fd431d51-4ae0493b:*:*:*:*:*:*:*" }, { - "name": "syft:cpe23", - "value": "cpe:2.3:a:gpg-pubkey:gpg-pubkey:fd431d51-4ae0493b:*:*:*:*:*:*:*" - }, - { - "name": "syft:cpe23", - "value": "cpe:2.3:a:gpg-pubkey:gpg_pubkey:fd431d51-4ae0493b:*:*:*:*:*:*:*" - }, - { - "name": "syft:cpe23", - "value": "cpe:2.3:a:gpg_pubkey:gpg-pubkey:fd431d51-4ae0493b:*:*:*:*:*:*:*" - }, - { - "name": "syft:cpe23", - "value": "cpe:2.3:a:gpg_pubkey:gpg_pubkey:fd431d51-4ae0493b:*:*:*:*:*:*:*" - }, - { - "name": "syft:cpe23", - "value": "cpe:2.3:a:gpg:gpg-pubkey:fd431d51-4ae0493b:*:*:*:*:*:*:*" - }, - { - "name": "syft:cpe23", - "value": "cpe:2.3:a:gpg:gpg_pubkey:fd431d51-4ae0493b:*:*:*:*:*:*:*" + "name": "syft:location:0:layerID", + "value": "sha256:80526afc1420aa15b68150d4edd3d97bead4bb6f451b560a9465456f7c9273b1" }, { "name": "syft:location:0:path", - "value": "/ubi-micro.bom.json" + "value": "/var/lib/rpm/rpmdb.sqlite" }, { "name": "syft:metadata:release", @@ -805,7 +637,7 @@ "version": "fd431d51-4ae0493b" }, { - "bom-ref": "pkg:rpm/rhel/libacl@2.3.1-4.el9?arch=x86_64&upstream=acl-2.3.1-4.el9.src.rpm&distro=rhel-9.5&package-id=595e70db205f0935", + "bom-ref": "pkg:rpm/rhel/libacl@2.3.1-4.el9?arch=x86_64&upstream=acl-2.3.1-4.el9.src.rpm&distro=rhel-9.5&package-id=6a12891a28711ed0", "cpe": "cpe:2.3:a:libacl:libacl:2.3.1-4.el9:*:*:*:*:*:*:*", "licenses": [ { @@ -818,7 +650,7 @@ "properties": [ { "name": "syft:package:foundBy", - "value": "sbom-cataloger" + "value": "rpm-db-cataloger" }, { "name": "syft:package:type", @@ -833,16 +665,12 @@ "value": "cpe:2.3:a:redhat:libacl:2.3.1-4.el9:*:*:*:*:*:*:*" }, { - "name": "syft:cpe23", - "value": "cpe:2.3:a:libacl:libacl:2.3.1-4.el9:*:*:*:*:*:*:*" - }, - { - "name": "syft:cpe23", - "value": "cpe:2.3:a:redhat:libacl:2.3.1-4.el9:*:*:*:*:*:*:*" + "name": "syft:location:0:layerID", + "value": "sha256:80526afc1420aa15b68150d4edd3d97bead4bb6f451b560a9465456f7c9273b1" }, { "name": "syft:location:0:path", - "value": "/ubi-micro.bom.json" + "value": "/var/lib/rpm/rpmdb.sqlite" }, { "name": "syft:metadata:release", @@ -863,7 +691,7 @@ "version": "2.3.1-4.el9" }, { - "bom-ref": "pkg:rpm/rhel/libattr@2.5.1-3.el9?arch=x86_64&upstream=attr-2.5.1-3.el9.src.rpm&distro=rhel-9.5&package-id=f22ce785f4cb2598", + "bom-ref": "pkg:rpm/rhel/libattr@2.5.1-3.el9?arch=x86_64&upstream=attr-2.5.1-3.el9.src.rpm&distro=rhel-9.5&package-id=246362466b6f01d4", "cpe": "cpe:2.3:a:libattr:libattr:2.5.1-3.el9:*:*:*:*:*:*:*", "licenses": [ { @@ -876,7 +704,7 @@ "properties": [ { "name": "syft:package:foundBy", - "value": "sbom-cataloger" + "value": "rpm-db-cataloger" }, { "name": "syft:package:type", @@ -891,16 +719,12 @@ "value": "cpe:2.3:a:redhat:libattr:2.5.1-3.el9:*:*:*:*:*:*:*" }, { - "name": "syft:cpe23", - "value": "cpe:2.3:a:libattr:libattr:2.5.1-3.el9:*:*:*:*:*:*:*" - }, - { - "name": "syft:cpe23", - "value": "cpe:2.3:a:redhat:libattr:2.5.1-3.el9:*:*:*:*:*:*:*" + "name": "syft:location:0:layerID", + "value": "sha256:80526afc1420aa15b68150d4edd3d97bead4bb6f451b560a9465456f7c9273b1" }, { "name": "syft:location:0:path", - "value": "/ubi-micro.bom.json" + "value": "/var/lib/rpm/rpmdb.sqlite" }, { "name": "syft:metadata:release", @@ -921,7 +745,7 @@ "version": "2.5.1-3.el9" }, { - "bom-ref": "pkg:rpm/rhel/libcap@2.48-9.el9_2?arch=x86_64&upstream=libcap-2.48-9.el9_2.src.rpm&distro=rhel-9.5&package-id=834f8cbd6a96a118", + "bom-ref": "pkg:rpm/rhel/libcap@2.48-9.el9_2?arch=x86_64&upstream=libcap-2.48-9.el9_2.src.rpm&distro=rhel-9.5&package-id=e129417de8081c72", "cpe": "cpe:2.3:a:libcap:libcap:2.48-9.el9_2:*:*:*:*:*:*:*", "licenses": [ { @@ -934,7 +758,7 @@ "properties": [ { "name": "syft:package:foundBy", - "value": "sbom-cataloger" + "value": "rpm-db-cataloger" }, { "name": "syft:package:type", @@ -949,16 +773,12 @@ "value": "cpe:2.3:a:redhat:libcap:2.48-9.el9_2:*:*:*:*:*:*:*" }, { - "name": "syft:cpe23", - "value": "cpe:2.3:a:libcap:libcap:2.48-9.el9_2:*:*:*:*:*:*:*" - }, - { - "name": "syft:cpe23", - "value": "cpe:2.3:a:redhat:libcap:2.48-9.el9_2:*:*:*:*:*:*:*" + "name": "syft:location:0:layerID", + "value": "sha256:80526afc1420aa15b68150d4edd3d97bead4bb6f451b560a9465456f7c9273b1" }, { "name": "syft:location:0:path", - "value": "/ubi-micro.bom.json" + "value": "/var/lib/rpm/rpmdb.sqlite" }, { "name": "syft:metadata:release", @@ -979,7 +799,7 @@ "version": "2.48-9.el9_2" }, { - "bom-ref": "pkg:rpm/rhel/libgcc@11.5.0-2.el9?arch=x86_64&upstream=gcc-11.5.0-2.el9.src.rpm&distro=rhel-9.5&package-id=036d41cc6ce4f88a", + "bom-ref": "pkg:rpm/rhel/libgcc@11.5.0-2.el9?arch=x86_64&upstream=gcc-11.5.0-2.el9.src.rpm&distro=rhel-9.5&package-id=492434936db2f877", "cpe": "cpe:2.3:a:libgcc:libgcc:11.5.0-2.el9:*:*:*:*:*:*:*", "licenses": [ { @@ -992,7 +812,7 @@ "properties": [ { "name": "syft:package:foundBy", - "value": "sbom-cataloger" + "value": "rpm-db-cataloger" }, { "name": "syft:package:type", @@ -1007,16 +827,12 @@ "value": "cpe:2.3:a:redhat:libgcc:11.5.0-2.el9:*:*:*:*:*:*:*" }, { - "name": "syft:cpe23", - "value": "cpe:2.3:a:libgcc:libgcc:11.5.0-2.el9:*:*:*:*:*:*:*" - }, - { - "name": "syft:cpe23", - "value": "cpe:2.3:a:redhat:libgcc:11.5.0-2.el9:*:*:*:*:*:*:*" + "name": "syft:location:0:layerID", + "value": "sha256:80526afc1420aa15b68150d4edd3d97bead4bb6f451b560a9465456f7c9273b1" }, { "name": "syft:location:0:path", - "value": "/ubi-micro.bom.json" + "value": "/var/lib/rpm/rpmdb.sqlite" }, { "name": "syft:metadata:release", @@ -1037,7 +853,7 @@ "version": "11.5.0-2.el9" }, { - "bom-ref": "pkg:rpm/rhel/libselinux@3.6-1.el9?arch=x86_64&upstream=libselinux-3.6-1.el9.src.rpm&distro=rhel-9.5&package-id=757b3ad6c9f342ff", + "bom-ref": "pkg:rpm/rhel/libselinux@3.6-1.el9?arch=x86_64&upstream=libselinux-3.6-1.el9.src.rpm&distro=rhel-9.5&package-id=79db8c526f87ba3b", "cpe": "cpe:2.3:a:libselinux:libselinux:3.6-1.el9:*:*:*:*:*:*:*", "licenses": [ { @@ -1050,7 +866,7 @@ "properties": [ { "name": "syft:package:foundBy", - "value": "sbom-cataloger" + "value": "rpm-db-cataloger" }, { "name": "syft:package:type", @@ -1065,16 +881,12 @@ "value": "cpe:2.3:a:redhat:libselinux:3.6-1.el9:*:*:*:*:*:*:*" }, { - "name": "syft:cpe23", - "value": "cpe:2.3:a:libselinux:libselinux:3.6-1.el9:*:*:*:*:*:*:*" - }, - { - "name": "syft:cpe23", - "value": "cpe:2.3:a:redhat:libselinux:3.6-1.el9:*:*:*:*:*:*:*" + "name": "syft:location:0:layerID", + "value": "sha256:80526afc1420aa15b68150d4edd3d97bead4bb6f451b560a9465456f7c9273b1" }, { "name": "syft:location:0:path", - "value": "/ubi-micro.bom.json" + "value": "/var/lib/rpm/rpmdb.sqlite" }, { "name": "syft:metadata:release", @@ -1095,7 +907,7 @@ "version": "3.6-1.el9" }, { - "bom-ref": "pkg:rpm/rhel/libsepol@3.6-1.el9?arch=x86_64&upstream=libsepol-3.6-1.el9.src.rpm&distro=rhel-9.5&package-id=e2f6759466eb7d48", + "bom-ref": "pkg:rpm/rhel/libsepol@3.6-1.el9?arch=x86_64&upstream=libsepol-3.6-1.el9.src.rpm&distro=rhel-9.5&package-id=9891839d8f699944", "cpe": "cpe:2.3:a:libsepol:libsepol:3.6-1.el9:*:*:*:*:*:*:*", "licenses": [ { @@ -1108,7 +920,7 @@ "properties": [ { "name": "syft:package:foundBy", - "value": "sbom-cataloger" + "value": "rpm-db-cataloger" }, { "name": "syft:package:type", @@ -1123,16 +935,12 @@ "value": "cpe:2.3:a:redhat:libsepol:3.6-1.el9:*:*:*:*:*:*:*" }, { - "name": "syft:cpe23", - "value": "cpe:2.3:a:libsepol:libsepol:3.6-1.el9:*:*:*:*:*:*:*" - }, - { - "name": "syft:cpe23", - "value": "cpe:2.3:a:redhat:libsepol:3.6-1.el9:*:*:*:*:*:*:*" + "name": "syft:location:0:layerID", + "value": "sha256:80526afc1420aa15b68150d4edd3d97bead4bb6f451b560a9465456f7c9273b1" }, { "name": "syft:location:0:path", - "value": "/ubi-micro.bom.json" + "value": "/var/lib/rpm/rpmdb.sqlite" }, { "name": "syft:metadata:release", @@ -1153,7 +961,7 @@ "version": "3.6-1.el9" }, { - "bom-ref": "pkg:rpm/rhel/ncurses-base@6.2-10.20210508.el9?arch=noarch&upstream=ncurses-6.2-10.20210508.el9.src.rpm&distro=rhel-9.5&package-id=3d75fc5e58b4c660", + "bom-ref": "pkg:rpm/rhel/ncurses-base@6.2-10.20210508.el9?arch=noarch&upstream=ncurses-6.2-10.20210508.el9.src.rpm&distro=rhel-9.5&package-id=a0d19211c8c4589b", "cpe": "cpe:2.3:a:ncurses-base:ncurses-base:6.2-10.20210508.el9:*:*:*:*:*:*:*", "licenses": [ { @@ -1166,7 +974,7 @@ "properties": [ { "name": "syft:package:foundBy", - "value": "sbom-cataloger" + "value": "rpm-db-cataloger" }, { "name": "syft:package:type", @@ -1205,40 +1013,12 @@ "value": "cpe:2.3:a:redhat:ncurses_base:6.2-10.20210508.el9:*:*:*:*:*:*:*" }, { - "name": "syft:cpe23", - "value": "cpe:2.3:a:ncurses-base:ncurses-base:6.2-10.20210508.el9:*:*:*:*:*:*:*" - }, - { - "name": "syft:cpe23", - "value": "cpe:2.3:a:ncurses-base:ncurses_base:6.2-10.20210508.el9:*:*:*:*:*:*:*" - }, - { - "name": "syft:cpe23", - "value": "cpe:2.3:a:ncurses_base:ncurses-base:6.2-10.20210508.el9:*:*:*:*:*:*:*" - }, - { - "name": "syft:cpe23", - "value": "cpe:2.3:a:ncurses_base:ncurses_base:6.2-10.20210508.el9:*:*:*:*:*:*:*" - }, - { - "name": "syft:cpe23", - "value": "cpe:2.3:a:ncurses:ncurses-base:6.2-10.20210508.el9:*:*:*:*:*:*:*" - }, - { - "name": "syft:cpe23", - "value": "cpe:2.3:a:ncurses:ncurses_base:6.2-10.20210508.el9:*:*:*:*:*:*:*" - }, - { - "name": "syft:cpe23", - "value": "cpe:2.3:a:redhat:ncurses-base:6.2-10.20210508.el9:*:*:*:*:*:*:*" - }, - { - "name": "syft:cpe23", - "value": "cpe:2.3:a:redhat:ncurses_base:6.2-10.20210508.el9:*:*:*:*:*:*:*" + "name": "syft:location:0:layerID", + "value": "sha256:80526afc1420aa15b68150d4edd3d97bead4bb6f451b560a9465456f7c9273b1" }, { "name": "syft:location:0:path", - "value": "/ubi-micro.bom.json" + "value": "/var/lib/rpm/rpmdb.sqlite" }, { "name": "syft:metadata:release", @@ -1259,7 +1039,7 @@ "version": "6.2-10.20210508.el9" }, { - "bom-ref": "pkg:rpm/rhel/ncurses-libs@6.2-10.20210508.el9?arch=x86_64&upstream=ncurses-6.2-10.20210508.el9.src.rpm&distro=rhel-9.5&package-id=97c4d0c10f88b8e0", + "bom-ref": "pkg:rpm/rhel/ncurses-libs@6.2-10.20210508.el9?arch=x86_64&upstream=ncurses-6.2-10.20210508.el9.src.rpm&distro=rhel-9.5&package-id=31b40b2b21390159", "cpe": "cpe:2.3:a:ncurses-libs:ncurses-libs:6.2-10.20210508.el9:*:*:*:*:*:*:*", "licenses": [ { @@ -1272,7 +1052,7 @@ "properties": [ { "name": "syft:package:foundBy", - "value": "sbom-cataloger" + "value": "rpm-db-cataloger" }, { "name": "syft:package:type", @@ -1311,40 +1091,12 @@ "value": "cpe:2.3:a:redhat:ncurses_libs:6.2-10.20210508.el9:*:*:*:*:*:*:*" }, { - "name": "syft:cpe23", - "value": "cpe:2.3:a:ncurses-libs:ncurses-libs:6.2-10.20210508.el9:*:*:*:*:*:*:*" - }, - { - "name": "syft:cpe23", - "value": "cpe:2.3:a:ncurses-libs:ncurses_libs:6.2-10.20210508.el9:*:*:*:*:*:*:*" - }, - { - "name": "syft:cpe23", - "value": "cpe:2.3:a:ncurses_libs:ncurses-libs:6.2-10.20210508.el9:*:*:*:*:*:*:*" - }, - { - "name": "syft:cpe23", - "value": "cpe:2.3:a:ncurses_libs:ncurses_libs:6.2-10.20210508.el9:*:*:*:*:*:*:*" - }, - { - "name": "syft:cpe23", - "value": "cpe:2.3:a:ncurses:ncurses-libs:6.2-10.20210508.el9:*:*:*:*:*:*:*" - }, - { - "name": "syft:cpe23", - "value": "cpe:2.3:a:ncurses:ncurses_libs:6.2-10.20210508.el9:*:*:*:*:*:*:*" - }, - { - "name": "syft:cpe23", - "value": "cpe:2.3:a:redhat:ncurses-libs:6.2-10.20210508.el9:*:*:*:*:*:*:*" - }, - { - "name": "syft:cpe23", - "value": "cpe:2.3:a:redhat:ncurses_libs:6.2-10.20210508.el9:*:*:*:*:*:*:*" + "name": "syft:location:0:layerID", + "value": "sha256:80526afc1420aa15b68150d4edd3d97bead4bb6f451b560a9465456f7c9273b1" }, { "name": "syft:location:0:path", - "value": "/ubi-micro.bom.json" + "value": "/var/lib/rpm/rpmdb.sqlite" }, { "name": "syft:metadata:release", @@ -1365,7 +1117,7 @@ "version": "6.2-10.20210508.el9" }, { - "bom-ref": "pkg:rpm/rhel/pcre2@10.40-6.el9?arch=x86_64&upstream=pcre2-10.40-6.el9.src.rpm&distro=rhel-9.5&package-id=37a65e784a24d7d3", + "bom-ref": "pkg:rpm/rhel/pcre2@10.40-6.el9?arch=x86_64&upstream=pcre2-10.40-6.el9.src.rpm&distro=rhel-9.5&package-id=1a97d50a68b062d7", "cpe": "cpe:2.3:a:redhat:pcre2:10.40-6.el9:*:*:*:*:*:*:*", "licenses": [ { @@ -1378,7 +1130,7 @@ "properties": [ { "name": "syft:package:foundBy", - "value": "sbom-cataloger" + "value": "rpm-db-cataloger" }, { "name": "syft:package:type", @@ -1393,16 +1145,12 @@ "value": "cpe:2.3:a:pcre2:pcre2:10.40-6.el9:*:*:*:*:*:*:*" }, { - "name": "syft:cpe23", - "value": "cpe:2.3:a:redhat:pcre2:10.40-6.el9:*:*:*:*:*:*:*" - }, - { - "name": "syft:cpe23", - "value": "cpe:2.3:a:pcre2:pcre2:10.40-6.el9:*:*:*:*:*:*:*" + "name": "syft:location:0:layerID", + "value": "sha256:80526afc1420aa15b68150d4edd3d97bead4bb6f451b560a9465456f7c9273b1" }, { "name": "syft:location:0:path", - "value": "/ubi-micro.bom.json" + "value": "/var/lib/rpm/rpmdb.sqlite" }, { "name": "syft:metadata:release", @@ -1423,7 +1171,7 @@ "version": "10.40-6.el9" }, { - "bom-ref": "pkg:rpm/rhel/pcre2-syntax@10.40-6.el9?arch=noarch&upstream=pcre2-10.40-6.el9.src.rpm&distro=rhel-9.5&package-id=f6daf885475ee95e", + "bom-ref": "pkg:rpm/rhel/pcre2-syntax@10.40-6.el9?arch=noarch&upstream=pcre2-10.40-6.el9.src.rpm&distro=rhel-9.5&package-id=8f3dd37865073b05", "cpe": "cpe:2.3:a:pcre2-syntax:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", "licenses": [ { @@ -1436,7 +1184,7 @@ "properties": [ { "name": "syft:package:foundBy", - "value": "sbom-cataloger" + "value": "rpm-db-cataloger" }, { "name": "syft:package:type", @@ -1475,40 +1223,12 @@ "value": "cpe:2.3:a:pcre2:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*" }, { - "name": "syft:cpe23", - "value": "cpe:2.3:a:pcre2-syntax:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*" - }, - { - "name": "syft:cpe23", - "value": "cpe:2.3:a:pcre2-syntax:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*" - }, - { - "name": "syft:cpe23", - "value": "cpe:2.3:a:pcre2_syntax:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*" - }, - { - "name": "syft:cpe23", - "value": "cpe:2.3:a:pcre2_syntax:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*" - }, - { - "name": "syft:cpe23", - "value": "cpe:2.3:a:redhat:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*" - }, - { - "name": "syft:cpe23", - "value": "cpe:2.3:a:redhat:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*" - }, - { - "name": "syft:cpe23", - "value": "cpe:2.3:a:pcre2:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*" - }, - { - "name": "syft:cpe23", - "value": "cpe:2.3:a:pcre2:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*" + "name": "syft:location:0:layerID", + "value": "sha256:80526afc1420aa15b68150d4edd3d97bead4bb6f451b560a9465456f7c9273b1" }, { "name": "syft:location:0:path", - "value": "/ubi-micro.bom.json" + "value": "/var/lib/rpm/rpmdb.sqlite" }, { "name": "syft:metadata:release", @@ -1529,7 +1249,7 @@ "version": "10.40-6.el9" }, { - "bom-ref": "pkg:rpm/rhel/redhat-release@9.5-0.6.el9?arch=x86_64&upstream=redhat-release-9.5-0.6.el9.src.rpm&distro=rhel-9.5&package-id=bc7c9796f66e5424", + "bom-ref": "pkg:rpm/rhel/redhat-release@9.5-0.6.el9?arch=x86_64&upstream=redhat-release-9.5-0.6.el9.src.rpm&distro=rhel-9.5&package-id=bbf1d165194eceb0", "cpe": "cpe:2.3:a:redhat-release:redhat-release:9.5-0.6.el9:*:*:*:*:*:*:*", "licenses": [ { @@ -1542,7 +1262,7 @@ "properties": [ { "name": "syft:package:foundBy", - "value": "sbom-cataloger" + "value": "rpm-db-cataloger" }, { "name": "syft:package:type", @@ -1573,32 +1293,12 @@ "value": "cpe:2.3:a:redhat:redhat_release:9.5-0.6.el9:*:*:*:*:*:*:*" }, { - "name": "syft:cpe23", - "value": "cpe:2.3:a:redhat-release:redhat-release:9.5-0.6.el9:*:*:*:*:*:*:*" - }, - { - "name": "syft:cpe23", - "value": "cpe:2.3:a:redhat-release:redhat_release:9.5-0.6.el9:*:*:*:*:*:*:*" - }, - { - "name": "syft:cpe23", - "value": "cpe:2.3:a:redhat_release:redhat-release:9.5-0.6.el9:*:*:*:*:*:*:*" - }, - { - "name": "syft:cpe23", - "value": "cpe:2.3:a:redhat_release:redhat_release:9.5-0.6.el9:*:*:*:*:*:*:*" - }, - { - "name": "syft:cpe23", - "value": "cpe:2.3:a:redhat:redhat-release:9.5-0.6.el9:*:*:*:*:*:*:*" - }, - { - "name": "syft:cpe23", - "value": "cpe:2.3:a:redhat:redhat_release:9.5-0.6.el9:*:*:*:*:*:*:*" + "name": "syft:location:0:layerID", + "value": "sha256:80526afc1420aa15b68150d4edd3d97bead4bb6f451b560a9465456f7c9273b1" }, { "name": "syft:location:0:path", - "value": "/ubi-micro.bom.json" + "value": "/var/lib/rpm/rpmdb.sqlite" }, { "name": "syft:metadata:release", @@ -1619,7 +1319,7 @@ "version": "9.5-0.6.el9" }, { - "bom-ref": "pkg:rpm/rhel/setup@2.13.7-10.el9?arch=noarch&upstream=setup-2.13.7-10.el9.src.rpm&distro=rhel-9.5&package-id=88280d5fc8384d2e", + "bom-ref": "pkg:rpm/rhel/setup@2.13.7-10.el9?arch=noarch&upstream=setup-2.13.7-10.el9.src.rpm&distro=rhel-9.5&package-id=befa3e6a19701472", "cpe": "cpe:2.3:a:redhat:setup:2.13.7-10.el9:*:*:*:*:*:*:*", "licenses": [ { @@ -1632,7 +1332,7 @@ "properties": [ { "name": "syft:package:foundBy", - "value": "sbom-cataloger" + "value": "rpm-db-cataloger" }, { "name": "syft:package:type", @@ -1647,16 +1347,12 @@ "value": "cpe:2.3:a:setup:setup:2.13.7-10.el9:*:*:*:*:*:*:*" }, { - "name": "syft:cpe23", - "value": "cpe:2.3:a:redhat:setup:2.13.7-10.el9:*:*:*:*:*:*:*" - }, - { - "name": "syft:cpe23", - "value": "cpe:2.3:a:setup:setup:2.13.7-10.el9:*:*:*:*:*:*:*" + "name": "syft:location:0:layerID", + "value": "sha256:80526afc1420aa15b68150d4edd3d97bead4bb6f451b560a9465456f7c9273b1" }, { "name": "syft:location:0:path", - "value": "/ubi-micro.bom.json" + "value": "/var/lib/rpm/rpmdb.sqlite" }, { "name": "syft:metadata:release", @@ -1677,7 +1373,7 @@ "version": "2.13.7-10.el9" }, { - "bom-ref": "pkg:rpm/rhel/tzdata@2024b-2.el9?arch=noarch&upstream=tzdata-2024b-2.el9.src.rpm&distro=rhel-9.5&package-id=ef003e8e892d4bd5", + "bom-ref": "pkg:rpm/rhel/tzdata@2024b-2.el9?arch=noarch&upstream=tzdata-2024b-2.el9.src.rpm&distro=rhel-9.5&package-id=f21803b5b9d9adef", "cpe": "cpe:2.3:a:redhat:tzdata:2024b-2.el9:*:*:*:*:*:*:*", "licenses": [ { @@ -1690,7 +1386,7 @@ "properties": [ { "name": "syft:package:foundBy", - "value": "sbom-cataloger" + "value": "rpm-db-cataloger" }, { "name": "syft:package:type", @@ -1705,16 +1401,12 @@ "value": "cpe:2.3:a:tzdata:tzdata:2024b-2.el9:*:*:*:*:*:*:*" }, { - "name": "syft:cpe23", - "value": "cpe:2.3:a:redhat:tzdata:2024b-2.el9:*:*:*:*:*:*:*" - }, - { - "name": "syft:cpe23", - "value": "cpe:2.3:a:tzdata:tzdata:2024b-2.el9:*:*:*:*:*:*:*" + "name": "syft:location:0:layerID", + "value": "sha256:80526afc1420aa15b68150d4edd3d97bead4bb6f451b560a9465456f7c9273b1" }, { "name": "syft:location:0:path", - "value": "/ubi-micro.bom.json" + "value": "/var/lib/rpm/rpmdb.sqlite" }, { "name": "syft:metadata:release", @@ -1734,6 +1426,47 @@ "type": "library", "version": "2024b-2.el9" }, + { + "bom-ref": "os:rhel@9.5", + "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", + "description": "Red Hat Enterprise Linux 9.5 (Plow)", + "externalReferences": [ + { + "type": "issue-tracker", + "url": "https://issues.redhat.com/" + }, + { + "type": "website", + "url": "https://www.redhat.com/" + } + ], + "name": "rhel", + "properties": [ + { + "name": "syft:distro:id", + "value": "rhel" + }, + { + "name": "syft:distro:idLike:0", + "value": "fedora" + }, + { + "name": "syft:distro:prettyName", + "value": "Red Hat Enterprise Linux 9.5 (Plow)" + }, + { + "name": "syft:distro:versionID", + "value": "9.5" + } + ], + "swid": { + "name": "rhel", + "tagId": "rhel", + "version": "9.5" + }, + "type": "operating-system", + "version": "9.5" + }, { "name": "bufio", "properties": [ @@ -4854,8 +4587,8 @@ ], "metadata": { "component": { - "bom-ref": "bb05696238c449df", - "name": "./syft-sboms", + "bom-ref": "af63bd4c8601b7f1", + "name": ".", "type": "file" }, "timestamp": "2024-12-18T11:08:00+01:00", diff --git a/sbom-utility-scripts/scripts/merge-cachi2-sboms-script/test_merge_cachi2_sboms.py b/sbom-utility-scripts/scripts/merge-cachi2-sboms-script/test_merge_cachi2_sboms.py index c730b40..9a841fc 100644 --- a/sbom-utility-scripts/scripts/merge-cachi2-sboms-script/test_merge_cachi2_sboms.py +++ b/sbom-utility-scripts/scripts/merge-cachi2-sboms-script/test_merge_cachi2_sboms.py @@ -107,9 +107,15 @@ def test_merge_n_syft_sboms( @pytest.mark.parametrize( "args", [ - ["cachi2.bom.json", "syft.merged-by-syft.bom.json"], - ["cachi2:cachi2.bom.json", "syft:syft.merged-by-syft.bom.json"], - ["syft:syft.merged-by-syft.bom.json", "cachi2:cachi2.bom.json"], + ["cachi2.bom.json", "syft.merged-by-us.bom.json"], + ["cachi2:cachi2.bom.json", "syft:syft.merged-by-us.bom.json"], + ["syft:syft.merged-by-us.bom.json", "cachi2:cachi2.bom.json"], + [ + "cachi2:cachi2.bom.json", + # merging these 4 should result in syft.merged-by-us.bom.json + # merging the result with the cachi2.bom.json should be the same as the cases above + *INDIVIDUAL_SYFT_SBOMS, + ], ], ) def test_merge_cachi2_and_syft_sbom( @@ -131,11 +137,11 @@ def test_merge_cachi2_and_syft_sbom( taken_from_syft = diff_counts(count_components(expected_sbom), count_components(cachi2_sbom)) assert taken_from_syft == { + "pkg:golang/github.com/release-engineering/retrodep@v2.1.0#v2": 1, "pkg:rpm/rhel/basesystem@11-13.el9?arch=noarch&distro=rhel-9.5&upstream=basesystem-11-13.el9.src.rpm": 1, "pkg:rpm/rhel/bash@5.1.8-9.el9?arch=x86_64&distro=rhel-9.5&upstream=bash-5.1.8-9.el9.src.rpm": 1, "pkg:rpm/rhel/coreutils-single@8.32-36.el9?arch=x86_64&distro=rhel-9.5&upstream=coreutils-8.32-36.el9.src.rpm": 1, "pkg:rpm/rhel/filesystem@3.16-5.el9?arch=x86_64&distro=rhel-9.5&upstream=filesystem-3.16-5.el9.src.rpm": 1, - "pkg:golang/github.com/release-engineering/retrodep@v2.1.0#v2": 1, "pkg:rpm/rhel/glibc@2.34-125.el9_5.1?arch=x86_64&distro=rhel-9.5&upstream=glibc-2.34-125.el9_5.1.src.rpm": 1, "pkg:rpm/rhel/glibc-common@2.34-125.el9_5.1?arch=x86_64&distro=rhel-9.5&upstream=glibc-2.34-125.el9_5.1.src.rpm": 1, "pkg:rpm/rhel/glibc-minimal-langpack@2.34-125.el9_5.1?arch=x86_64&distro=rhel-9.5&upstream=glibc-2.34-125.el9_5.1.src.rpm": 1, @@ -154,6 +160,7 @@ def test_merge_cachi2_and_syft_sbom( "pkg:rpm/rhel/redhat-release@9.5-0.6.el9?arch=x86_64&distro=rhel-9.5&upstream=redhat-release-9.5-0.6.el9.src.rpm": 1, "pkg:rpm/rhel/setup@2.13.7-10.el9?arch=noarch&distro=rhel-9.5&upstream=setup-2.13.7-10.el9.src.rpm": 1, "pkg:rpm/rhel/tzdata@2024b-2.el9?arch=noarch&distro=rhel-9.5&upstream=tzdata-2024b-2.el9.src.rpm": 1, + "rhel@9.5": 1, }