docs: add example sboms (fixes #26)

Author: anthonyharrison

examples/README.md

@@ -0,0 +1,3 @@
+# Examples
+
+Various examples of SBOMs generated by sbom4python.

examples/pip.cdx.json

@@ -0,0 +1,109 @@
+{
+  "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json",
+  "bomFormat": "CycloneDX",
+  "specVersion": "1.6",
+  "serialNumber": "urn:uuid:c62c4124-f89f-44eb-9d50-28e904f52864",
+  "version": 1,
+  "metadata": {
+    "timestamp": "2024-12-01T22:11:45Z",
+    "lifecycles": [
+      {
+        "phase": "build"
+      }
+    ],
+    "tools": {
+      "components": [
+        {
+          "name": "sbom4python",
+          "version": "0.12.0",
+          "type": "application"
+        }
+      ]
+    },
+    "component": {
+      "type": "application",
+      "bom-ref": "CDXRef-DOCUMENT",
+      "name": "Python-pip"
+    }
+  },
+  "components": [
+    {
+      "type": "application",
+      "bom-ref": "1-pip",
+      "name": "pip",
+      "version": "22.3",
+      "supplier": {
+        "name": "The pip developers",
+        "contact": [
+          {
+            "email": "[email protected]"
+          }
+        ]
+      },
+      "cpe": "cpe:2.3:a:the_pip_developers:pip:22.3:*:*:*:*:*:*:*",
+      "description": "The PyPA recommended tool for installing Python packages.",
+      "hashes": [
+        {
+          "alg": "SHA-256",
+          "content": "1daab4b8d3b97d1d763caeb01a4640a2250a0ea899e257b1e44b9eded91e15ab"
+        }
+      ],
+      "licenses": [
+        {
+          "license": {
+            "id": "MIT",
+            "url": "https://opensource.org/license/mit/",
+            "acknowledgement": "concluded"
+          }
+        }
+      ],
+      "externalReferences": [
+        {
+          "url": "https://pip.pypa.io/",
+          "type": "website",
+          "comment": "Home page for project"
+        },
+        {
+          "url": "https://pypi.org/project/pip/22.3/#files",
+          "type": "distribution",
+          "comment": "Download location for component"
+        },
+        {
+          "url": "https://pip.pypa.io",
+          "type": "documentation"
+        },
+        {
+          "url": "https://github.com/pypa/pip",
+          "type": "vcs"
+        },
+        {
+          "url": "https://pip.pypa.io/en/stable/news/",
+          "type": "log"
+        }
+      ],
+      "purl": "pkg:pypi/[email protected]",
+      "properties": [
+        {
+          "name": "release_date",
+          "value": "2022-10-15T11:41:14.000Z"
+        },
+        {
+          "name": "language",
+          "value": "Python"
+        },
+        {
+          "name": "python_version",
+          "value": "3.10.8"
+        }
+      ]
+    }
+  ],
+  "dependencies": [
+    {
+      "ref": "CDXRef-DOCUMENT",
+      "dependsOn": [
+        "1-pip"
+      ]
+    }
+  ]
+}

examples/pip.spdx

@@ -0,0 +1,33 @@
+SPDXVersion: SPDX-2.3
+DataLicense: CC0-1.0
+SPDXID: SPDXRef-DOCUMENT
+DocumentName: Python-pip
+DocumentNamespace: http://spdx.org/spdxdocs/Python-pip-e95b8c00-863d-4be7-ae23-9ce6d78d96ba
+LicenseListVersion: 3.25.0
+Creator: Tool: sbom4python-0.12.0
+Created: 2024-12-01T22:12:06Z
+CreatorComment: <text>This document has been automatically generated.</text>
+##### 
+
+PackageName: pip
+SPDXID: SPDXRef-1-pip
+PackageVersion: 22.3
+PrimaryPackagePurpose: APPLICATION
+PackageSupplier: Organization: The pip developers ([email protected])
+PackageDownloadLocation: https://pypi.org/project/pip/22.3/#files
+FilesAnalyzed: false
+PackageHomePage: https://pip.pypa.io/
+PackageChecksum: SHA256: 1daab4b8d3b97d1d763caeb01a4640a2250a0ea899e257b1e44b9eded91e15ab
+PackageLicenseDeclared: MIT
+PackageLicenseConcluded: MIT
+PackageCopyrightText: NOASSERTION
+PackageSummary: <text>The PyPA recommended tool for installing Python packages.</text>
+BuiltDate: 2022-10-15T11:41:14.000Z
+ExternalRef: OTHER documentation https://pip.pypa.io
+ExternalRef: OTHER vcs https://github.com/pypa/pip
+ExternalRef: OTHER log https://pip.pypa.io/en/stable/news/
+ExternalRef: PACKAGE_MANAGER purl pkg:pypi/[email protected]
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:the_pip_developers:pip:22.3:*:*:*:*:*:*:*
+##### 
+
+Relationship: SPDXRef-DOCUMENT DESCRIBES SPDXRef-1-pip