mbedtls/sbom.yml at mbedtls-3.6.2-idf - mbedtls - Gitea: Git with a cup of tea

espressif/mbedtls

mirror of https://github.com/espressif/mbedtls.git synced 2025-08-06 15:00:15 +08:00

Files

Frantisek Hrbata 17eee1136d initial version of the sbom.yml file

This is an initial version of the sbom.yml file for Espressif's mbedtls.
It's used by the esp-idf-sbom[1] tool to generate an SBOM file in the SPDX
format for esp-idf projects.

[1] - https://github.com/espressif/esp-idf-sbom

Signed-off-by: Frantisek Hrbata <frantisek.hrbata@espressif.com>

fix(sbom): add note about Espressif modifications

Since our mbedtls code is not a pure upstream version, let's add a note
about this in the SBOM manifest description, which will be included in
the generated SPDX file. We used the same approach e.g. for freertos.

Signed-off-by: Frantisek Hrbata <frantisek.hrbata@espressif.com>

2024-10-16 09:03:07 +05:30

6 lines

352 B

YAML

Raw Permalink Blame History

 version: 3.6.2
 cpe: cpe:2.3:a:arm:mbed_tls:{}:*:*:*:*:*:*:*
 supplier: 'Organization: Espressif Systems (Shanghai) CO LTD'
 originator: 'Organization: Trusted Firmware <mbed-tls-security@lists.trustedfirmware.org>'
 description: An open source, portable, easy to use, readable and flexible SSL library with additional features and patches from Espressif.