Page History
...
In addition to above measures the JS7 ships with a Software Bill of Materials (SBOM) that provides the information to users which 3rd-party component versions and licenses are included
Display feature availability | ||
---|---|---|
|
SBOM
The JS7 SBOM is provided from the OWASP CyclonDX format.
Tools to manage and to visualize the SBOM include the OWASP dependency-track. In addition a number of web sites are available that allow to visualize the SBOM.
Download
The SBOM ships with from the sbom.json
file that is available with for download from JOC Cockpit.
- URL:
http(s)://<host>:<port>/joc/sbom.json
- Directory:
JETTY_BASE/webapps/joc/sbom.json
Example
Find the following example of an SBOM file:
- Download: sbom.json
Code Block | ||||||||
---|---|---|---|---|---|---|---|---|
| ||||||||
{
"bomFormat": "CycloneDX",
"specVersion": "1.3",
"serialNumber": "urn:uuid:725fd204-c3cf-4f2a-9e48-ee0cdfb17f2a",
"version": 1,
"metadata": {
"timestamp": "2023-01-02T06:08:35.977Z",
"tools": [
{
"vendor": "CycloneDX",
"name": "Node.js module",
"version": "3.10.6"
}
],
"component": {
"type": "library",
"bom-ref": "pkg:npm/joc-cockpit@2.5.0",
"name": "joc-cockpit",
"version": "2.5.0",
"description": "This project was generated with [Angular CLI](https://github.com/angular/angular-cli) version 14.1.1.",
"purl": "pkg:npm/joc-cockpit@2.5.0"
}
},
"components": [
{
"type": "library",
"bom-ref": "pkg:npm/%40angular/animations@14.2.12",
"author": "angular",
"group": "@angular",
"name": "animations",
"version": "14.2.12",
"description": "Angular - animations integration with web-animations",
"hashes": [
{
"alg": "SHA-512",
"content": "83076715992f554afe7a750d7e17c2191186a8d1e7d7ebd303cd5aa4b7c762127182388b52d1137382933ab41ebed0e6d36da911df8b4abbebf2bfbb6a0fa393"
}
],
"licenses": [
{
"license": {
"id": "MIT"
}
}
],
"purl": "pkg:npm/%40angular/animations@14.2.12",
"externalReferences": [
{
"type": "website",
"url": "https://github.com/angular/angular#readme"
},
{
"type": "issue-tracker",
"url": "https://github.com/angular/angular/issues"
},
{
"type": "vcs",
"url": "git+https://github.com/angular/angular.git"
}
]
},
{
"type": "library",
"bom-ref": "pkg:npm/tslib@2.4.1",
"author": "Microsoft Corp.",
"name": "tslib",
"version": "2.4.1",
"description": "Runtime library for TypeScript helper functions",
"hashes": [
{
"alg": "SHA-512",
"content": "b46cb2e1d02344813023b073b01d25ca75a03a97ea8d476af755d70252160f63b02811fba0297f1991bf1d3e01387ad394f30e01294c43bbdec93aa999172b34"
}
],
"licenses": [
{
"license": {
"id": "0BSD"
}
}
],
"purl": "pkg:npm/tslib@2.4.1",
"externalReferences": [
{
"type": "website",
"url": "https://www.typescriptlang.org/"
},
{
"type": "issue-tracker",
"url": "https://github.com/Microsoft/TypeScript/issues"
},
{
"type": "vcs",
"url": "git+https://github.com/Microsoft/tslib.git"
}
]
},
... |
Overview
Content Tools