|
| 1 | +SPDXVersion: SPDX-2.3 |
| 2 | +DataLicense: CC0-1.0 |
| 3 | +SPDXID: SPDXRef-DOCUMENT |
| 4 | +DocumentName: openchain-telco-sbom-validator-0.3.1 |
| 5 | +DocumentNamespace: https://nokia.com/spdx/openchain-telco-sbom-validator-0.3.1 |
| 6 | + |
| 7 | +## Creation Information |
| 8 | +LicenseListVersion: 3.26 |
| 9 | +Creator: Organization: Nokia |
| 10 | +Creator: Tool: Nokia Compliance Tool - 1.0 |
| 11 | +Created: 2025-06-27T16:04:52Z |
| 12 | +CreatorComment: CISA SBOM type: Source |
| 13 | + |
| 14 | +##### Package: openchain-telco-sbom-validator |
| 15 | + |
| 16 | +PackageName: openchain-telco-sbom-validator |
| 17 | +SPDXID: SPDXRef-openchain-telco-sbom-validator |
| 18 | +PackageVersion: 0.3.1 |
| 19 | +PackageDownloadLocation: https://files.pythonhosted.org/packages/27/d0/886ecbc41ef4ace42a85a0d84699f9f366ba079ae3e47362fc5d00cb33bf/openchain_telco_sbom_validator-0.3.1.tar.gz |
| 20 | +FilesAnalyzed: false |
| 21 | +PackageLicenseConcluded: Apache-2.0 |
| 22 | +PackageLicenseDeclared: Apache-2.0 |
| 23 | +PackageCopyrightText: (c) 2024-2025 Nokia Authors Gergely Csatari, Marc-Etienne Vargenau |
| 24 | +PackageSupplier: Organization: https://pypi.org |
| 25 | +PackageOriginator: Organization: Nokia |
| 26 | +PackageChecksum: SHA256: c082254f3ab554e915f5f39c27fbb5319a79b66952f7e2482a75113560d4f171 |
| 27 | +PackageChecksum: MD5: 9deeb666f0efd95a9bd5dfab26cd416b |
| 28 | +ExternalRef: PACKAGE-MANAGER purl pkg:pypi/ [email protected] |
| 29 | + |
| 30 | +##### Package: ntia-conformance-checker |
| 31 | + |
| 32 | +PackageName: ntia-conformance-checker |
| 33 | +SPDXID: SPDXRef-Package-python-ntia-conformance-checker |
| 34 | +PackageVersion: 3.2.0 |
| 35 | +PackageSupplier: Organization: https://pypi.org |
| 36 | +PackageDownloadLocation: https://files.pythonhosted.org/packages/f6/1b/af3e028ffb25aba8b9efcaee5ab0430699769924d0e2274300ef19eed003/ntia_conformance_checker-3.2.0.tar.gz |
| 37 | +FilesAnalyzed: false |
| 38 | +PackageLicenseConcluded: Apache-2.0 |
| 39 | +PackageLicenseDeclared: Apache-2.0 |
| 40 | +PackageCopyrightText: 2024 SPDX contributors |
| 41 | +PackageChecksum: SHA256: 474ae33d7477c9db361a53dac3137066f94f56f0ac42c3e65f4de3ddb4c2c326 |
| 42 | +PackageChecksum: MD5: 475ad3e19c1e7ed6f0b4c3783b5cd219 |
| 43 | +ExternalRef: PACKAGE-MANAGER purl pkg:pypi/ [email protected] |
| 44 | + |
| 45 | +##### Package: packageurl-python |
| 46 | + |
| 47 | +PackageName: packageurl-python |
| 48 | +SPDXID: SPDXRef-Package-python-packageurl-python |
| 49 | +PackageVersion: 0.17.1 |
| 50 | +PackageSupplier: Organization: https://pypi.org |
| 51 | +PackageDownloadLocation: https://files.pythonhosted.org/packages/a9/b6/d28c4fa7535530879e7d64176f7ff081fb6308b50cac8e30f038a89e8fdd/packageurl_python-0.17.1.tar.gz |
| 52 | +FilesAnalyzed: false |
| 53 | +PackageLicenseConcluded: MIT |
| 54 | +PackageLicenseDeclared: MIT |
| 55 | +PackageCopyrightText: Copyright (c) the purl authors |
| 56 | +PackageChecksum: SHA256: 5db592a990b60bc02446033c50fb1803a26c5124cd72c5a2cd1b8ea1ae741969 |
| 57 | +PackageChecksum: MD5: bc2a019812c3f3afe2186b18bcc4319c |
| 58 | +ExternalRef: PACKAGE-MANAGER purl pkg:pypi/ [email protected] |
| 59 | + |
| 60 | +##### Package: prettytable |
| 61 | + |
| 62 | +PackageName: prettytable |
| 63 | +SPDXID: SPDXRef-Package-python-prettytable |
| 64 | +PackageVersion: 3.16.0 |
| 65 | +PackageSupplier: Organization: https://pypi.org |
| 66 | +PackageDownloadLocation: https://files.pythonhosted.org/packages/99/b1/85e18ac92afd08c533603e3393977b6bc1443043115a47bb094f3b98f94f/prettytable-3.16.0.tar.gz |
| 67 | +FilesAnalyzed: false |
| 68 | +PackageLicenseConcluded: BSD-3-Clause |
| 69 | +PackageLicenseDeclared: BSD-3-Clause |
| 70 | +PackageCopyrightText: Copyright (c) 2009-2014, Luke Maurits < [email protected]> |
| 71 | +PackageChecksum: SHA256: 3c64b31719d961bf69c9a7e03d0c1e477320906a98da63952bc6698d6164ff57 |
| 72 | +PackageChecksum: MD5: 85a6f1812e31ea2dcf8119f219c1a032 |
| 73 | +ExternalRef: PACKAGE-MANAGER purl pkg:pypi/ [email protected] |
| 74 | + |
| 75 | +##### Package: requests |
| 76 | + |
| 77 | +PackageName: requests |
| 78 | +SPDXID: SPDXRef-Package-python-requests |
| 79 | +PackageVersion: 2.32.4 |
| 80 | +PackageSupplier: Organization: https://pypi.org |
| 81 | +PackageDownloadLocation: https://files.pythonhosted.org/packages/e1/0a/929373653770d8a0d7ea76c37de6e41f11eb07559b103b1c02cafb3f7cf8/requests-2.32.4.tar.gz |
| 82 | +FilesAnalyzed: false |
| 83 | +PackageLicenseConcluded: Apache-2.0 |
| 84 | +PackageLicenseDeclared: Apache-2.0 |
| 85 | +PackageCopyrightText: Copyright 2019 Kenneth Reitz. All rights reserved. |
| 86 | +PackageChecksum: SHA256: 27d0316682c8a29834d3264820024b62a36942083d52caf2f14c0591336d3422 |
| 87 | +PackageChecksum: MD5: 4a380c14fe0f4465c9dbf79ffacefd8f |
| 88 | +ExternalRef: PACKAGE-MANAGER purl pkg:pypi/ [email protected] |
| 89 | + |
| 90 | +##### Package: spdx-tools |
| 91 | + |
| 92 | +PackageName: spdx-tools |
| 93 | +SPDXID: SPDXRef-Package-python-spdx-tools |
| 94 | +PackageVersion: 0.8.3 |
| 95 | +PackageSupplier: Organization: https://pypi.org |
| 96 | +PackageDownloadLocation: https://files.pythonhosted.org/packages/f1/99/3470b28dc4b64fd29db3b1dcf5e84c743ec88e25ea7b214794f5930f0319/spdx-tools-0.8.3.tar.gz |
| 97 | +FilesAnalyzed: false |
| 98 | +PackageLicenseConcluded: Apache-2.0 |
| 99 | +PackageLicenseDeclared: Apache-2.0 |
| 100 | +PackageCopyrightText: 2023 spdx contributors |
| 101 | +PackageChecksum: SHA256: 68b8f9ce2893b5216bd90b2e63f1c821c2884e4ebc4fd295ebbf1fa8b8a94b93 |
| 102 | +PackageChecksum: MD5: ebbd9ca439294df364a99e4f491fbbe8 |
| 103 | +ExternalRef: PACKAGE-MANAGER purl pkg:pypi/ [email protected] |
| 104 | + |
| 105 | +##### Package: validators |
| 106 | + |
| 107 | +PackageName: validators |
| 108 | +SPDXID: SPDXRef-Package-python-validators |
| 109 | +PackageVersion: 0.35.0 |
| 110 | +PackageSupplier: Organization: https://pypi.org |
| 111 | +PackageDownloadLocation: https://files.pythonhosted.org/packages/53/66/a435d9ae49850b2f071f7ebd8119dd4e84872b01630d6736761e6e7fd847/validators-0.35.0.tar.gz |
| 112 | +FilesAnalyzed: false |
| 113 | +PackageLicenseConcluded: MIT |
| 114 | +PackageLicenseDeclared: MIT |
| 115 | +PackageCopyrightText: Copyright (c) 2013 - 2025 Konsta Vesterinen |
| 116 | +PackageChecksum: SHA256: 992d6c48a4e77c81f1b4daba10d16c3a9bb0dbb79b3a19ea847ff0928e70497a |
| 117 | +PackageChecksum: MD5: 8376f37ec2028053cee8f4789dadd947 |
| 118 | +ExternalRef: PACKAGE-MANAGER purl pkg:pypi/ [email protected] |
| 119 | + |
| 120 | +##### Relationships |
| 121 | + |
| 122 | +Relationship: SPDXRef-DOCUMENT DESCRIBES SPDXRef-openchain-telco-sbom-validator |
| 123 | +Relationship: SPDXRef-openchain-telco-sbom-validator CONTAINS SPDXRef-Package-python-ntia-conformance-checker |
| 124 | +Relationship: SPDXRef-openchain-telco-sbom-validator CONTAINS SPDXRef-Package-python-packageurl-python |
| 125 | +Relationship: SPDXRef-openchain-telco-sbom-validator CONTAINS SPDXRef-Package-python-prettytable |
| 126 | +Relationship: SPDXRef-openchain-telco-sbom-validator CONTAINS SPDXRef-Package-python-requests |
| 127 | +Relationship: SPDXRef-openchain-telco-sbom-validator CONTAINS SPDXRef-Package-python-spdx-tools |
| 128 | +Relationship: SPDXRef-openchain-telco-sbom-validator CONTAINS SPDXRef-Package-python-validators |
0 commit comments