Merge pull request #51 from jedevc/golang-check-for-evidence-relation…

…ship
docker · Apr 18, 2023 · 108aa14 · 108aa14
2 parents cad666e + 177d04d
commit 108aa14
Show file tree

Hide file tree

Showing 2 changed files with 20 additions and 0 deletions.
diff --git a/examples/golang/checks/sbom-base.spdx.json b/examples/golang/checks/sbom-base.spdx.json
@@ -7,6 +7,11 @@
       {
         "name": "github.com/spf13/cobra"
       }
+    ],
+    "files": [
+      {
+        "fileName": "/app/app"
+      }
     ]
   }
 }
diff --git a/examples/golang/checks/sbom.spdx.json b/examples/golang/checks/sbom.spdx.json
@@ -5,8 +5,23 @@
     "SPDXID": "SPDXRef-DOCUMENT",
     "packages": [
       {
+        "SPDXID": "=package",
         "name": "github.com/spf13/cobra"
       }
+    ],
+    "files": [
+      {
+        "SPDXID": "=filename",
+        "fileName": "/bin/app"
+      }
+    ],
+    "relationships": [
+      {
+        "spdxElementId": "==package",
+        "relationshipType": "OTHER",
+        "comment": "evident-by: indicates the package's existence is evident by the given file",
+        "relatedSpdxElement": "==filename"
+      }
     ]
   }
 }