espressif/mbedtls
1
0
Fork 0
mirror of https://github.com/espressif/mbedtls.git synced 2025-05-09 11:21:21 +08:00
Code Issues Packages Projects Releases Wiki Activity

initial version of the sbom.yml file

Browse Source 
This is an initial version of the sbom.yml file for Espressif's mbedtls.
It's used by the esp-idf-sbom[1] tool to generate an SBOM file in the SPDX
format for esp-idf projects.

[1] - https://github.com/espressif/esp-idf-sbom

Signed-off-by: Frantisek Hrbata <frantisek.hrbata@espressif.com>

fix(sbom): add note about Espressif modifications

Since our mbedtls code is not a pure upstream version, let's add a note
about this in the SBOM manifest description, which will be included in
the generated SPDX file. We used the same approach e.g. for freertos.

Signed-off-by: Frantisek Hrbata <frantisek.hrbata@espressif.com>
This commit is contained in:
Frantisek Hrbata 2023-06-19 16:21:49 +02:00 committed by nilesh.kale
parent e9b0c91fd7
commit 3f0cdd8b5e
1 changed files with 5 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
sbom.yml Normal file
View File

@ -0,0 +1,5 @@
version: 3.6.1
cpe: cpe:2.3:a:arm:mbed_tls:{}:*:*:*:*:*:*:*
supplier: 'Organization: Espressif Systems (Shanghai) CO LTD'
originator: 'Organization: Trusted Firmware <mbed-tls-security@lists.trustedfirmware.org>'
description: An open source, portable, easy to use, readable and flexible SSL library with additional features and patches from Espressif.