Skip to content
/ spdx-examples Public
forked from spdx/spdx-examples

Examples of SPDX files for software combinations

License

GPL-3.0 license
0 stars 56 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

KoukiHama/spdx-examples

BranchesTags
 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

24 Commits
example1
example1
 
 
example2
example2
 
 
example3
example3
 
 
example4
example4
 
 
example5
example5
 
 
example6
example6
 
 
.gitignore
.gitignore
 
 
COPYING
COPYING
 
 
README.md
README.md
 
 

Repository files navigation

SPDX Examples

This repository includes demonstrations of SPDX documents for various examples of software combinations.

The examples include source code and built / packaged binaries for a variety of scenarios. The software in the repository is (for the most part) not taken from real projects. However, the examples are intended to be demonstrations of how SPDX can convey software bill of materials (SBOM) information for a variety of real-world scenarios.

Format of examples

Each example directory is structured as follows:

  • content/src/: contains the example's source code
  • content/build/: contains the example's built artifacts
  • spdx/: contains one or more tag-value SPDX documents for the sources and the build artifacts
  • README.md: more details about the particular example

Each directory contains a Makefile which is used to create the build artifacts. It assumes that the necessary tools (make, gcc, etc.) are present on your system, and doesn't do any autoconfiguration or the like. If somebody else wants to add that for greater build flexibility, they are welcome to do so, but that isn't really my goal here :)

Examples

# Sources Binaries SPDX Comments
1 1 C file compiled with gcc 1 document source and binary treated as one package
2 1 C file compiled with gcc 2 documents source and binary in separate packages
3 2 C files compiled with gcc 2 documents shared library, dynamically linked at runtime
4 2 C files compiled with gcc 2 documents shared library, dynamically linked at runtime, including system libs
5 2 Go files compiled with go 2 documents source and binary in separate packages
6 2 Go files compiled with go 3 documents source and binary in separate packages, separate doc for standard libs

Licenses

Copyright Contributors to the spdx-examples project.

Unless otherwise specified, source code in this repository is licensed under the GNU General Public License, Version 3 or later (GPL-3.0-or-later). A copy is included in the COPYING file.

Other licenses may be specified as well for certain files for purposes of illustration or where third-party components are used.

Documentation in this repository is licensed under the Creative Commons Attribution 4.0 International license (CC-BY-4.0), available at https://creativecommons.org/licenses/by/4.0/.

SPDX documents in this repository are provided under CC0 1.0 Universal (CC0-1.0), available at https://creativecommons.org/publicdomain/zero/1.0/.

About

Examples of SPDX files for software combinations

Resources

Readme

License

GPL-3.0 license
Activity

Stars

0 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages

  • C 55.8%
  • Makefile 29.7%
  • Go 14.5%