stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 1 Releases Wiki Activity

Resolve Concelier/Excititor merge conflicts

Browse Source
This commit is contained in:
root
2025-10-20 14:19:25 +03:00
parent 67d581d2e8 5fd4032c7c
commit 09b6a28172
2687 changed files with 212646 additions and 85913 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
samples/scanner/README.md Normal file
View File

@@ -0,0 +1,12 @@
# Scanner Samples
Curated SBOM and BOM Index fixtures covering representative container types referenced throughout Sprint 10. Each sample folder under `images/` corresponds to a container profile, while `../runtime` holds trimmed filesystem fixtures used by analyzer and perf tests.
| Sample | Highlights |
| ------ | ---------- |
| `nginx` | Alpine packages with mixed inventory/runtime coverage. |
| `alpine-busybox` | Minimal BusyBox rootfs with musl runtime linkage. |
| `distroless-go` | Go binary with Distroless base and Go build-info evidence. |
| `dotnet-aot` | Ahead-of-time compiled .NET worker exposing NuGet dependencies. |
| `python-venv` | Python virtualenv with `*.dist-info` evidence. |
| `npm-monorepo` | Node workspace packages resolved via `package.json`. |

3
samples/scanner/images/alpine-busybox/README.md Normal file
View File

@@ -0,0 +1,3 @@
# Alpine + BusyBox Sample
Fixtures showcase the tiny Alpine image that powers many minimal containers. BusyBox and musl appear in usage because they back the entrypoint shell, while alpine-baselayout remains inventory-only.

42
samples/scanner/images/alpine-busybox/bom-index.json Normal file
View File

@@ -0,0 +1,42 @@
{
"schema": "stellaops/bom-index@1",
"image": {
"repository": "docker.io/library/alpine",
"digest": "sha256:9a214327ec7df5bc8f1d3f12171873be7d778fdbf473d6f9a63d5de6c6bfb2d3",
"tag": "3.20"
},
"generatedAt": "2025-10-19T00:00:00Z",
"generator": "stellaops/scanner@10.0.0-preview1",
"components": [
{
"purl": "pkg:apk/alpine/busybox@1.36.1-r2?arch=x86_64",
"layerDigest": "sha256:5555555555555555555555555555555555555555555555555555555555555555",
"usage": ["inventory", "runtime"],
"licenses": ["GPL-2.0-only"],
"evidence": {
"kind": "apk-database",
"path": "/lib/apk/db/installed"
}
},
{
"purl": "pkg:apk/alpine/musl@1.2.5-r0?arch=x86_64",
"layerDigest": "sha256:6666666666666666666666666666666666666666666666666666666666666666",
"usage": ["inventory", "runtime"],
"licenses": ["MIT"],
"evidence": {
"kind": "apk-database",
"path": "/lib/apk/db/installed"
}
},
{
"purl": "pkg:apk/alpine/alpine-baselayout@3.4.3-r0?arch=x86_64",
"layerDigest": "sha256:7777777777777777777777777777777777777777777777777777777777777777",
"usage": ["inventory"],
"licenses": ["GPL-2.0-only"],
"evidence": {
"kind": "apk-database",
"path": "/lib/apk/db/installed"
}
}
]
}

34
samples/scanner/images/alpine-busybox/inventory.cdx.json Normal file
View File

@@ -0,0 +1,34 @@
{
"bomFormat": "CycloneDX",
"specVersion": "1.5",
"version": 1,
"metadata": {
"timestamp": "2025-10-19T00:00:00Z",
"component": {
"type": "container",
"name": "alpine-busybox",
"version": "3.20",
"bomRef": "pkg:docker/library/alpine@sha256:9a214327ec7df5bc8f1d3f12171873be7d778fdbf473d6f9a63d5de6c6bfb2d3"
}
},
"components": [
{
"type": "application",
"bomRef": "pkg:apk/alpine/busybox@1.36.1-r2?arch=x86_64",
"name": "busybox",
"version": "1.36.1-r2"
},
{
"type": "library",
"bomRef": "pkg:apk/alpine/musl@1.2.5-r0?arch=x86_64",
"name": "musl",
"version": "1.2.5-r0"
},
{
"type": "application",
"bomRef": "pkg:apk/alpine/alpine-baselayout@3.4.3-r0?arch=x86_64",
"name": "alpine-baselayout",
"version": "3.4.3-r0"
}
]
}

28
samples/scanner/images/alpine-busybox/usage.cdx.json Normal file
View File

@@ -0,0 +1,28 @@
{
"bomFormat": "CycloneDX",
"specVersion": "1.5",
"version": 1,
"metadata": {
"timestamp": "2025-10-19T00:00:00Z",
"component": {
"type": "container",
"name": "alpine-busybox",
"version": "3.20",
"bomRef": "pkg:docker/library/alpine@sha256:9a214327ec7df5bc8f1d3f12171873be7d778fdbf473d6f9a63d5de6c6bfb2d3"
}
},
"components": [
{
"type": "application",
"bomRef": "pkg:apk/alpine/busybox@1.36.1-r2?arch=x86_64",
"name": "busybox",
"version": "1.36.1-r2"
},
{
"type": "library",
"bomRef": "pkg:apk/alpine/musl@1.2.5-r0?arch=x86_64",
"name": "musl",
"version": "1.2.5-r0"
}
]
}

3
samples/scanner/images/distroless-go/README.md Normal file
View File

@@ -0,0 +1,3 @@
# Distroless + Go Sample
Demonstrates a Go binary shipped on top of Distroless. Only the compiled service appears in the usage SBOM, while the Go standard library remains inventory-only and still tracked in the BOM Index.

32
samples/scanner/images/distroless-go/bom-index.json Normal file
View File

@@ -0,0 +1,32 @@
{
"schema": "stellaops/bom-index@1",
"image": {
"repository": "gcr.io/distroless/base",
"digest": "sha256:0dd2f0f15c9f8abfba6a0ce0d7d6a24e2e1071c977733f6e77cbe51b87f15ad9",
"tag": "nonroot"
},
"generatedAt": "2025-10-19T00:00:00Z",
"generator": "stellaops/scanner@10.0.0-preview1",
"components": [
{
"purl": "pkg:golang/github.com/stellaops/sample-service@v1.4.0",
"layerDigest": "sha256:8888888888888888888888888888888888888888888888888888888888888888",
"usage": ["inventory", "runtime"],
"licenses": ["Apache-2.0"],
"evidence": {
"kind": "go-buildinfo",
"path": "/workspace/service"
}
},
{
"purl": "pkg:golang/std@go1.22.5",
"layerDigest": "sha256:9999999999999999999999999999999999999999999999999999999999999999",
"usage": ["inventory"],
"licenses": ["BSD-3-Clause"],
"evidence": {
"kind": "go-buildinfo",
"path": "/workspace/service"
}
}
]
}

34
samples/scanner/images/distroless-go/inventory.cdx.json Normal file
View File

@@ -0,0 +1,34 @@
{
"bomFormat": "CycloneDX",
"specVersion": "1.5",
"version": 1,
"metadata": {
"timestamp": "2025-10-19T00:00:00Z",
"component": {
"type": "container",
"name": "distroless-go",
"version": "2025.10.0",
"bomRef": "pkg:docker/gcr.io/distroless/base@sha256:0dd2f0f15c9f8abfba6a0ce0d7d6a24e2e1071c977733f6e77cbe51b87f15ad9"
}
},
"components": [
{
"type": "application",
"bomRef": "pkg:golang/github.com/stellaops/sample-service@v1.4.0",
"name": "github.com/stellaops/sample-service",
"version": "v1.4.0",
"properties": [
{
"name": "stellaops.entrypoint",
"value": "/workspace/service"
}
]
},
{
"type": "library",
"bomRef": "pkg:golang/std@go1.22.5",
"name": "golang-stdlib",
"version": "go1.22.5"
}
]
}

22
samples/scanner/images/distroless-go/usage.cdx.json Normal file
View File

@@ -0,0 +1,22 @@
{
"bomFormat": "CycloneDX",
"specVersion": "1.5",
"version": 1,
"metadata": {
"timestamp": "2025-10-19T00:00:00Z",
"component": {
"type": "container",
"name": "distroless-go",
"version": "2025.10.0",
"bomRef": "pkg:docker/gcr.io/distroless/base@sha256:0dd2f0f15c9f8abfba6a0ce0d7d6a24e2e1071c977733f6e77cbe51b87f15ad9"
}
},
"components": [
{
"type": "application",
"bomRef": "pkg:golang/github.com/stellaops/sample-service@v1.4.0",
"name": "github.com/stellaops/sample-service",
"version": "v1.4.0"
}
]
}

3
samples/scanner/images/dotnet-aot/README.md Normal file
View File

@@ -0,0 +1,3 @@
# .NET AOT Sample
An ahead-of-time compiled worker showcasing how native .NET deployments appear in SBOM outputs. The BOM Index ties NuGet packages back to the generated `deps.json` evidence.

52
samples/scanner/images/dotnet-aot/bom-index.json Normal file
View File

@@ -0,0 +1,52 @@
{
"schema": "stellaops/bom-index@1",
"image": {
"repository": "registry.stella-ops.org/sample/dotnet-aot",
"digest": "sha256:5be6f3ad9d2b1e4fcb4c6f40d9c664fca97f5b4d9ccb8e1d8f970e8b2bce1123",
"tag": "1.0.0"
},
"generatedAt": "2025-10-19T00:00:00Z",
"generator": "stellaops/scanner@10.0.0-preview1",
"components": [
{
"purl": "pkg:nuget/Sample.Worker@1.0.0",
"layerDigest": "sha256:aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa",
"usage": ["inventory", "runtime"],
"licenses": ["MIT"],
"evidence": {
"kind": "deps-json",
"path": "/app/Sample.Worker.deps.json"
}
},
{
"purl": "pkg:nuget/Microsoft.Extensions.Hosting@8.0.0",
"layerDigest": "sha256:bbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbb",
"usage": ["inventory"],
"licenses": ["MIT"],
"evidence": {
"kind": "deps-json",
"path": "/app/Sample.Worker.deps.json"
}
},
{
"purl": "pkg:nuget/System.Text.Json@8.0.0",
"layerDigest": "sha256:cccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccc",
"usage": ["inventory", "runtime"],
"licenses": ["MIT"],
"evidence": {
"kind": "deps-json",
"path": "/app/Sample.Worker.deps.json"
}
},
{
"purl": "pkg:nuget/Microsoft.NETCore.App.Runtime.AOT.win-x64.Cross@8.0.0",
"layerDigest": "sha256:dddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddd",
"usage": ["inventory"],
"licenses": ["MIT"],
"evidence": {
"kind": "deps-json",
"path": "/app/Sample.Worker.deps.json"
}
}
]
}

40
samples/scanner/images/dotnet-aot/inventory.cdx.json Normal file
View File

@@ -0,0 +1,40 @@
{
"bomFormat": "CycloneDX",
"specVersion": "1.5",
"version": 1,
"metadata": {
"timestamp": "2025-10-19T00:00:00Z",
"component": {
"type": "container",
"name": "dotnet-aot",
"version": "8.0.0",
"bomRef": "pkg:docker/stellaops/sample-dotnet-aot@sha256:5be6f3ad9d2b1e4fcb4c6f40d9c664fca97f5b4d9ccb8e1d8f970e8b2bce1123"
}
},
"components": [
{
"type": "application",
"bomRef": "pkg:nuget/Sample.Worker@1.0.0",
"name": "Sample.Worker",
"version": "1.0.0"
},
{
"type": "library",
"bomRef": "pkg:nuget/Microsoft.Extensions.Hosting@8.0.0",
"name": "Microsoft.Extensions.Hosting",
"version": "8.0.0"
},
{
"type": "library",
"bomRef": "pkg:nuget/System.Text.Json@8.0.0",
"name": "System.Text.Json",
"version": "8.0.0"
},
{
"type": "library",
"bomRef": "pkg:nuget/Microsoft.NETCore.App.Runtime.AOT.win-x64.Cross@8.0.0",
"name": "NativeAotRuntime",
"version": "8.0.0"
}
]
}

28
samples/scanner/images/dotnet-aot/usage.cdx.json Normal file
View File

@@ -0,0 +1,28 @@
{
"bomFormat": "CycloneDX",
"specVersion": "1.5",
"version": 1,
"metadata": {
"timestamp": "2025-10-19T00:00:00Z",
"component": {
"type": "container",
"name": "dotnet-aot",
"version": "8.0.0",
"bomRef": "pkg:docker/stellaops/sample-dotnet-aot@sha256:5be6f3ad9d2b1e4fcb4c6f40d9c664fca97f5b4d9ccb8e1d8f970e8b2bce1123"
}
},
"components": [
{
"type": "application",
"bomRef": "pkg:nuget/Sample.Worker@1.0.0",
"name": "Sample.Worker",
"version": "1.0.0"
},
{
"type": "library",
"bomRef": "pkg:nuget/System.Text.Json@8.0.0",
"name": "System.Text.Json",
"version": "8.0.0"
}
]
}

3
samples/scanner/images/nginx/README.md Normal file
View File

@@ -0,0 +1,3 @@
# Nginx Inventory Sample
CycloneDX inventory, usage, and BOM Index fixtures for the `docker.io/library/nginx:1.25.4` image. The SBOMs capture base Alpine packages and the BOM Index links each component to the layer that introduced it.

52
samples/scanner/images/nginx/bom-index.json Normal file
View File

@@ -0,0 +1,52 @@
{
"schema": "stellaops/bom-index@1",
"image": {
"repository": "docker.io/library/nginx",
"digest": "sha256:8f47d7c6b538c0d9533b78913cba3d5e671e7c4b4e7c6a2bb9a1a1c4d4f8e123",
"tag": "1.25.4"
},
"generatedAt": "2025-10-19T00:00:00Z",
"generator": "stellaops/scanner@10.0.0-preview1",
"components": [
{
"purl": "pkg:apk/alpine/nginx@1.25.4-r1?arch=x86_64",
"layerDigest": "sha256:1111111111111111111111111111111111111111111111111111111111111111",
"usage": ["inventory", "runtime"],
"licenses": ["BSD-2-Clause"],
"evidence": {
"kind": "apk-database",
"path": "/lib/apk/db/installed"
}
},
{
"purl": "pkg:apk/alpine/openssl@3.2.2-r0?arch=x86_64",
"layerDigest": "sha256:2222222222222222222222222222222222222222222222222222222222222222",
"usage": ["inventory", "runtime"],
"licenses": ["Apache-2.0"],
"evidence": {
"kind": "apk-database",
"path": "/lib/apk/db/installed"
}
},
{
"purl": "pkg:apk/alpine/pcre2@10.42-r1?arch=x86_64",
"layerDigest": "sha256:3333333333333333333333333333333333333333333333333333333333333333",
"usage": ["inventory"],
"licenses": ["BSD-3-Clause"],
"evidence": {
"kind": "apk-database",
"path": "/lib/apk/db/installed"
}
},
{
"purl": "pkg:apk/alpine/zlib@1.3-r2?arch=x86_64",
"layerDigest": "sha256:4444444444444444444444444444444444444444444444444444444444444444",
"usage": ["inventory"],
"licenses": ["Zlib"],
"evidence": {
"kind": "apk-database",
"path": "/lib/apk/db/installed"
}
}
]
}

53
samples/scanner/images/nginx/inventory.cdx.json Normal file
View File

@@ -0,0 +1,53 @@
{
"bomFormat": "CycloneDX",
"specVersion": "1.5",
"version": 1,
"metadata": {
"timestamp": "2025-10-19T00:00:00Z",
"component": {
"type": "container",
"name": "nginx",
"version": "1.25.4",
"bomRef": "pkg:docker/library/nginx@sha256:8f47d7c6b538c0d9533b78913cba3d5e671e7c4b4e7c6a2bb9a1a1c4d4f8e123"
},
"tools": [
{
"name": "StellaOps Scanner",
"version": "10.0.0-preview1"
}
]
},
"components": [
{
"type": "application",
"bomRef": "pkg:apk/alpine/nginx@1.25.4-r1?arch=x86_64",
"name": "nginx",
"version": "1.25.4-r1",
"licenses": [
{
"license": {
"id": "2BSD"
}
}
]
},
{
"type": "library",
"bomRef": "pkg:apk/alpine/openssl@3.2.2-r0?arch=x86_64",
"name": "openssl",
"version": "3.2.2-r0"
},
{
"type": "library",
"bomRef": "pkg:apk/alpine/pcre2@10.42-r1?arch=x86_64",
"name": "pcre2",
"version": "10.42-r1"
},
{
"type": "library",
"bomRef": "pkg:apk/alpine/zlib@1.3-r2?arch=x86_64",
"name": "zlib",
"version": "1.3-r2"
}
]
}

28
samples/scanner/images/nginx/usage.cdx.json Normal file
View File

@@ -0,0 +1,28 @@
{
"bomFormat": "CycloneDX",
"specVersion": "1.5",
"version": 1,
"metadata": {
"timestamp": "2025-10-19T00:00:00Z",
"component": {
"type": "container",
"name": "nginx",
"version": "1.25.4",
"bomRef": "pkg:docker/library/nginx@sha256:8f47d7c6b538c0d9533b78913cba3d5e671e7c4b4e7c6a2bb9a1a1c4d4f8e123"
}
},
"components": [
{
"type": "application",
"bomRef": "pkg:apk/alpine/nginx@1.25.4-r1?arch=x86_64",
"name": "nginx",
"version": "1.25.4-r1"
},
{
"type": "library",
"bomRef": "pkg:apk/alpine/openssl@3.2.2-r0?arch=x86_64",
"name": "openssl",
"version": "3.2.2-r0"
}
]
}

3
samples/scanner/images/npm-monorepo/README.md Normal file
View File

@@ -0,0 +1,3 @@
# NPM Monorepo Sample
Mirrors the fixture under `samples/runtime/npm-monorepo`. The SBOMs highlight the workspace packages plus transitive dependencies, and the BOM Index pins evidence to individual `package.json` files.

52
samples/scanner/images/npm-monorepo/bom-index.json Normal file
View File

@@ -0,0 +1,52 @@
{
"schema": "stellaops/bom-index@1",
"image": {
"repository": "registry.stella-ops.org/samples/npm-monorepo",
"digest": "sha256:1cf2ab9d373086ed5bd1a8f4aa6f491f8844bbb0d6be8df449c16ad6c8fa7c55",
"tag": "2025.10.0"
},
"generatedAt": "2025-10-19T00:00:00Z",
"generator": "stellaops/scanner@10.0.0-preview1",
"components": [
{
"purl": "pkg:npm/%40stella/web@1.5.3",
"layerDigest": "sha256:1212121212121212121212121212121212121212121212121212121212121212",
"usage": ["inventory", "runtime"],
"licenses": ["MIT"],
"evidence": {
"kind": "package-json",
"path": "node_modules/@stella/web/package.json"
}
},
{
"purl": "pkg:npm/%40stella/core@2.0.0",
"layerDigest": "sha256:1313131313131313131313131313131313131313131313131313131313131313",
"usage": ["inventory", "runtime"],
"licenses": ["Apache-2.0"],
"evidence": {
"kind": "package-json",
"path": "node_modules/@stella/core/package.json"
}
},
{
"purl": "pkg:npm/lodash@4.17.21",
"layerDigest": "sha256:1414141414141414141414141414141414141414141414141414141414141414",
"usage": ["inventory"],
"licenses": ["MIT"],
"evidence": {
"kind": "package-json",
"path": "node_modules/lodash/package.json"
}
},
{
"purl": "pkg:npm/rxjs@7.8.1",
"layerDigest": "sha256:1515151515151515151515151515151515151515151515151515151515151515",
"usage": ["inventory", "runtime"],
"licenses": ["Apache-2.0"],
"evidence": {
"kind": "package-json",
"path": "node_modules/rxjs/package.json"
}
}
]
}

40
samples/scanner/images/npm-monorepo/inventory.cdx.json Normal file
View File

@@ -0,0 +1,40 @@
{
"bomFormat": "CycloneDX",
"specVersion": "1.5",
"version": 1,
"metadata": {
"timestamp": "2025-10-19T00:00:00Z",
"component": {
"type": "container",
"name": "npm-monorepo",
"version": "2025.10.0",
"bomRef": "pkg:docker/registry.stella-ops.org/samples/npm-monorepo@sha256:1cf2ab9d373086ed5bd1a8f4aa6f491f8844bbb0d6be8df449c16ad6c8fa7c55"
}
},
"components": [
{
"type": "application",
"bomRef": "pkg:npm/%40stella/core@2.0.0",
"name": "@stella/core",
"version": "2.0.0"
},
{
"type": "application",
"bomRef": "pkg:npm/%40stella/web@1.5.3",
"name": "@stella/web",
"version": "1.5.3"
},
{
"type": "library",
"bomRef": "pkg:npm/lodash@4.17.21",
"name": "lodash",
"version": "4.17.21"
},
{
"type": "library",
"bomRef": "pkg:npm/rxjs@7.8.1",
"name": "rxjs",
"version": "7.8.1"
}
]
}

34
samples/scanner/images/npm-monorepo/usage.cdx.json Normal file
View File

@@ -0,0 +1,34 @@
{
"bomFormat": "CycloneDX",
"specVersion": "1.5",
"version": 1,
"metadata": {
"timestamp": "2025-10-19T00:00:00Z",
"component": {
"type": "container",
"name": "npm-monorepo",
"version": "2025.10.0",
"bomRef": "pkg:docker/registry.stella-ops.org/samples/npm-monorepo@sha256:1cf2ab9d373086ed5bd1a8f4aa6f491f8844bbb0d6be8df449c16ad6c8fa7c55"
}
},
"components": [
{
"type": "application",
"bomRef": "pkg:npm/%40stella/web@1.5.3",
"name": "@stella/web",
"version": "1.5.3"
},
{
"type": "application",
"bomRef": "pkg:npm/%40stella/core@2.0.0",
"name": "@stella/core",
"version": "2.0.0"
},
{
"type": "library",
"bomRef": "pkg:npm/rxjs@7.8.1",
"name": "rxjs",
"version": "7.8.1"
}
]
}

3
samples/scanner/images/python-venv/README.md Normal file
View File

@@ -0,0 +1,3 @@
# Python Virtualenv Sample
Pairs with the runtime fixture under `samples/runtime/python-venv`. The SBOMs highlight how requests pulls in urllib3 and certifi, and the BOM Index records the `*.dist-info/METADATA` evidence paths used by the Python analyzer.

42
samples/scanner/images/python-venv/bom-index.json Normal file
View File

@@ -0,0 +1,42 @@
{
"schema": "stellaops/bom-index@1",
"image": {
"repository": "docker.io/library/python",
"digest": "sha256:dbed08b7d9675c2be627bbecac182a04c36d3f4ffd542c4fba7c7a850a6578dc",
"tag": "3.12-slim"
},
"generatedAt": "2025-10-19T00:00:00Z",
"generator": "stellaops/scanner@10.0.0-preview1",
"components": [
{
"purl": "pkg:pypi/requests@2.32.0",
"layerDigest": "sha256:eeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeee",
"usage": ["inventory", "runtime"],
"licenses": ["Apache-2.0"],
"evidence": {
"kind": "dist-info",
"path": "lib/python3.11/site-packages/requests-2.32.0.dist-info/METADATA"
}
},
{
"purl": "pkg:pypi/urllib3@2.2.1",
"layerDigest": "sha256:ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff",
"usage": ["inventory", "runtime"],
"licenses": ["MIT"],
"evidence": {
"kind": "dist-info",
"path": "lib/python3.11/site-packages/urllib3-2.2.1.dist-info/METADATA"
}
},
{
"purl": "pkg:pypi/certifi@2024.6.2",
"layerDigest": "sha256:0000000000000000000000000000000000000000000000000000000000000000",
"usage": ["inventory"],
"licenses": ["MPL-2.0"],
"evidence": {
"kind": "dist-info",
"path": "lib/python3.11/site-packages/certifi-2024.6.2.dist-info/METADATA"
}
}
]
}

34
samples/scanner/images/python-venv/inventory.cdx.json Normal file
View File

@@ -0,0 +1,34 @@
{
"bomFormat": "CycloneDX",
"specVersion": "1.5",
"version": 1,
"metadata": {
"timestamp": "2025-10-19T00:00:00Z",
"component": {
"type": "container",
"name": "python-venv",
"version": "3.12-slim",
"bomRef": "pkg:docker/library/python@sha256:dbed08b7d9675c2be627bbecac182a04c36d3f4ffd542c4fba7c7a850a6578dc"
}
},
"components": [
{
"type": "application",
"bomRef": "pkg:pypi/requests@2.32.0",
"name": "requests",
"version": "2.32.0"
},
{
"type": "library",
"bomRef": "pkg:pypi/urllib3@2.2.1",
"name": "urllib3",
"version": "2.2.1"
},
{
"type": "library",
"bomRef": "pkg:pypi/certifi@2024.6.2",
"name": "certifi",
"version": "2024.6.2"
}
]
}

28
samples/scanner/images/python-venv/usage.cdx.json Normal file
View File

@@ -0,0 +1,28 @@
{
"bomFormat": "CycloneDX",
"specVersion": "1.5",
"version": 1,
"metadata": {
"timestamp": "2025-10-19T00:00:00Z",
"component": {
"type": "container",
"name": "python-venv",
"version": "3.12-slim",
"bomRef": "pkg:docker/library/python@sha256:dbed08b7d9675c2be627bbecac182a04c36d3f4ffd542c4fba7c7a850a6578dc"
}
},
"components": [
{
"type": "application",
"bomRef": "pkg:pypi/requests@2.32.0",
"name": "requests",
"version": "2.32.0"
},
{
"type": "library",
"bomRef": "pkg:pypi/urllib3@2.2.1",
"name": "urllib3",
"version": "2.2.1"
}
]
}