sbom-tool icon indicating copy to clipboard operation
sbom-tool copied to clipboard

Published 20 hours ago verified publisher icon microsoft

Displays dependency tree in relationships section for Nuget and Maven

Open tarun06 opened this issue 1 year ago • 2 comments

This PR solves the issue https://github.com/microsoft/sbom-tool/issues/251 . It depends on component detector pr https://github.com/microsoft/component-detection/pull/927

It lists Hierarchy of packages in relationship section of the SBOM. here is the output

`

{ "files": [...], "packages": [ { "name": "Microsoft.Extensions.Caching.Memory", "SPDXID": "SPDXRef-Package-3505490951140ED4F9AEE7B75E2DF347926C49A4EC41E3FDDB277E46F56C6E46", "downloadLocation": "NOASSERTION", "filesAnalyzed": false, "licenseConcluded": "NOASSERTION", "licenseDeclared": "NOASSERTION", "copyrightText": "NOASSERTION", "versionInfo": "7.0.0", "externalRefs": [ { "referenceCategory": "PACKAGE-MANAGER", "referenceType": "purl", "referenceLocator": "pkg:nuget/[email protected]" } ], "supplier": "NOASSERTION" }, { "name": "Microsoft.EntityFrameworkCore.Analyzers", "SPDXID": "SPDXRef-Package-A0B0F68FECEEAEE4F98067023C661AC2C54C9517BEF753711F43E003CC250716", "downloadLocation": "NOASSERTION", "filesAnalyzed": false, "licenseConcluded": "NOASSERTION", "licenseDeclared": "NOASSERTION", "copyrightText": "NOASSERTION", "versionInfo": "7.0.5", "externalRefs": [ { "referenceCategory": "PACKAGE-MANAGER", "referenceType": "purl", "referenceLocator": "pkg:nuget/[email protected]" } ], "supplier": "NOASSERTION" }, { "name": "Microsoft.EntityFrameworkCore.Abstractions", "SPDXID": "SPDXRef-Package-D0DC877776F81F3401A4EF7EF930E3196DE65AF657771CD3446B39A00199FDB5", "downloadLocation": "NOASSERTION", "filesAnalyzed": false, "licenseConcluded": "NOASSERTION", "licenseDeclared": "NOASSERTION", "copyrightText": "NOASSERTION", "versionInfo": "7.0.5", "externalRefs": [ { "referenceCategory": "PACKAGE-MANAGER", "referenceType": "purl", "referenceLocator": "pkg:nuget/[email protected]" } ], "supplier": "NOASSERTION" }, { "name": "Microsoft.EntityFrameworkCore", "SPDXID": "SPDXRef-Package-3E570839C2016B9FB360FFCAD405CDEAC3EB94B123CD29985990D9364576D7D9", "downloadLocation": "NOASSERTION", "filesAnalyzed": false, "licenseConcluded": "NOASSERTION", "licenseDeclared": "NOASSERTION", "copyrightText": "NOASSERTION", "versionInfo": "7.0.5", "externalRefs": [ { "referenceCategory": "PACKAGE-MANAGER", "referenceType": "purl", "referenceLocator": "pkg:nuget/[email protected]" } ], "supplier": "NOASSERTION" }, { "name": "Microsoft.Extensions.Caching.Abstractions", "SPDXID": "SPDXRef-Package-1A8ED08FCCB0E96A340A7589485C1A7D63FFDAD628A019657EC7169841E3DB83", "downloadLocation": "NOASSERTION", "filesAnalyzed": false, "licenseConcluded": "NOASSERTION", "licenseDeclared": "NOASSERTION", "copyrightText": "NOASSERTION", "versionInfo": "7.0.0", "externalRefs": [ { "referenceCategory": "PACKAGE-MANAGER", "referenceType": "purl", "referenceLocator": "pkg:nuget/[email protected]" } ], "supplier": "NOASSERTION" }, { "name": "Microsoft.Extensions.Logging", "SPDXID": "SPDXRef-Package-D6B10CA94F55A75F0746B799EAE1E7372994298991EA077E6BA70102EA1CB0CE", "downloadLocation": "NOASSERTION", "filesAnalyzed": false, "licenseConcluded": "NOASSERTION", "licenseDeclared": "NOASSERTION", "copyrightText": "NOASSERTION", "versionInfo": "7.0.0", "externalRefs": [ { "referenceCategory": "PACKAGE-MANAGER", "referenceType": "purl", "referenceLocator": "pkg:nuget/[email protected]" } ], "supplier": "NOASSERTION" }, { "name": "Microsoft.Extensions.Logging.Abstractions", "SPDXID": "SPDXRef-Package-40E1A9E59C44F0CD9170AD10FCF36B05A76D5491CC455DE3F2ADE9EBF152931D", "downloadLocation": "NOASSERTION", "filesAnalyzed": false, "licenseConcluded": "NOASSERTION", "licenseDeclared": "NOASSERTION", "copyrightText": "NOASSERTION", "versionInfo": "7.0.0", "externalRefs": [ { "referenceCategory": "PACKAGE-MANAGER", "referenceType": "purl", "referenceLocator": "pkg:nuget/[email protected]" } ], "supplier": "NOASSERTION" }, { "name": "Microsoft.Extensions.DependencyInjection.Abstractions", "SPDXID": "SPDXRef-Package-9072CAF711EF3F7816C9CA11A1500951578C47C5463795B78FBC556470847F01", "downloadLocation": "NOASSERTION", "filesAnalyzed": false, "licenseConcluded": "NOASSERTION", "licenseDeclared": "NOASSERTION", "copyrightText": "NOASSERTION", "versionInfo": "7.0.0", "externalRefs": [ { "referenceCategory": "PACKAGE-MANAGER", "referenceType": "purl", "referenceLocator": "pkg:nuget/[email protected]" } ], "supplier": "NOASSERTION" }, { "name": "Newtonsoft.Json", "SPDXID": "SPDXRef-Package-B886264C88915A93892AFBE3D28CD5B3C8B7990F0C6A47AD506184440C46436E", "downloadLocation": "NOASSERTION", "filesAnalyzed": false, "licenseConcluded": "NOASSERTION", "licenseDeclared": "NOASSERTION", "copyrightText": "NOASSERTION", "versionInfo": "13.0.3", "externalRefs": [ { "referenceCategory": "PACKAGE-MANAGER", "referenceType": "purl", "referenceLocator": "pkg:nuget/[email protected]" } ], "supplier": "NOASSERTION" }, { "name": "Microsoft.Extensions.Primitives", "SPDXID": "SPDXRef-Package-659FC6F6442DDDEB1A085D79166237DC05B228DAF796D7615D512FA9E3217439", "downloadLocation": "NOASSERTION", "filesAnalyzed": false, "licenseConcluded": "NOASSERTION", "licenseDeclared": "NOASSERTION", "copyrightText": "NOASSERTION", "versionInfo": "7.0.0", "externalRefs": [ { "referenceCategory": "PACKAGE-MANAGER", "referenceType": "purl", "referenceLocator": "pkg:nuget/[email protected]" } ], "supplier": "NOASSERTION" }, { "name": "Microsoft.Extensions.DependencyInjection", "SPDXID": "SPDXRef-Package-03D59A9847F8B707779ED14E9E8B45C1DF1CE09F29AEA2706935CA888E6C09CC", "downloadLocation": "NOASSERTION", "filesAnalyzed": false, "licenseConcluded": "NOASSERTION", "licenseDeclared": "NOASSERTION", "copyrightText": "NOASSERTION", "versionInfo": "7.0.0", "externalRefs": [ { "referenceCategory": "PACKAGE-MANAGER", "referenceType": "purl", "referenceLocator": "pkg:nuget/[email protected]" } ], "supplier": "NOASSERTION" }, { "name": "Microsoft.Extensions.Options", "SPDXID": "SPDXRef-Package-902A49EE1292AAB53E6AB794ED81360C3AB9D97FB3A6E6D16678720C8CF9DE4A", "downloadLocation": "NOASSERTION", "filesAnalyzed": false, "licenseConcluded": "NOASSERTION", "licenseDeclared": "NOASSERTION", "copyrightText": "NOASSERTION", "versionInfo": "7.0.0", "externalRefs": [ { "referenceCategory": "PACKAGE-MANAGER", "referenceType": "purl", "referenceLocator": "pkg:nuget/[email protected]" } ], "supplier": "NOASSERTION" }, { "name": "System.Runtime.CompilerServices.Unsafe", "SPDXID": "SPDXRef-Package-1B140F7FA3F784DD56CC7A8B4145E9AD58D8CDD4C249A0F27F2262E47C9B41AF", "downloadLocation": "NOASSERTION", "filesAnalyzed": false, "licenseConcluded": "NOASSERTION", "licenseDeclared": "NOASSERTION", "copyrightText": "NOASSERTION", "versionInfo": "6.0.0", "externalRefs": [ { "referenceCategory": "PACKAGE-MANAGER", "referenceType": "purl", "referenceLocator": "pkg:nuget/[email protected]" } ], "supplier": "NOASSERTION" }, { "name": "test", "SPDXID": "SPDXRef-RootPackage", "downloadLocation": "NOASSERTION", "packageVerificationCode": { "packageVerificationCodeValue": "62b8955c1539a2992ba95cbc22517787c2906c94" }, "filesAnalyzed": true, "licenseConcluded": "NOASSERTION", "licenseInfoFromFiles": [ "NOASSERTION" ], "licenseDeclared": "NOASSERTION", "copyrightText": "NOASSERTION", "versionInfo": "1.0", "externalRefs": [ { "referenceCategory": "PACKAGE-MANAGER", "referenceType": "purl", "referenceLocator": "pkg:swid/soko/www.test.com/[email protected]?tag_id=ef4d4899-f13b-4244-ad0f-ddf636cfaf44" } ], "supplier": "Organization: soko", "hasFiles": [ "SPDXRef-File--obj-Debug-net6.0-TestSbom.GlobalUsings.g.cs-35D3B87FE8DA7BFCCDCFFA070E3BB6BE112A4E34", "SPDXRef-File--bin-Debug-net6.0-Microsoft.EntityFrameworkCore.dll-DFCA7C271DA0506216BDC633009FF867147E89AA", "SPDXRef-File--obj-Debug-net6.0-ref-TestSbom.dll-6E0360945BC27AFF85532402952A90ADB3AFF908", "SPDXRef-File--obj-Debug-net6.0-TestSbom.csproj.CopyComplete-DA39A3EE5E6B4B0D3255BFEF95601890AFD80709", "SPDXRef-File--obj-TestSbom.csproj.nuget.g.props-8F35316BC9F606DB0DDE2726751528475158FE30", "SPDXRef-File--bin-Debug-net6.0-TestSbom.deps.json-1F7D8B8802102E91DDA95523533D73C634D6EFCD", "SPDXRef-File--bin-Debug-net6.0-Microsoft.Extensions.Caching.Memory.dll-0CFA3F1BE8F6B8F9A9439DCBA0BBED12DB4D58C0", "SPDXRef-File--obj-Debug-net6.0-TestSbom.csproj.FileListAbsolute.txt-9B2CA5A1477D9C0C284248BF0AEB9840DDA3AE36", "SPDXRef-File--obj-Debug-net6.0-.NETCoreApp-Version-v6.0.AssemblyAttributes.cs-6B1215ADDE948589162C699DE73CC867CD4D9826", "SPDXRef-File--bin-Debug-net6.0-TestSbom.exe-5276E2E6E5F5DEA26CB482BDE865C5E7360766AC", "SPDXRef-File--bin-Debug-net6.0-Microsoft.Extensions.DependencyInjection.dll-5F62514899132AED440854E599B742683BCEA1D5", "SPDXRef-File--Program.cs-02314002D64A8A7FB389BF90258C7049B1A448B3", "SPDXRef-File--obj-Debug-net6.0-TestSbom.pdb-504FD6545BF8439C024B3816A6BD8C8F2B00F2C0", "SPDXRef-File--obj-Debug-net6.0-TestSbom.csproj.AssemblyReference.cache-BF89A401D10782B65A46D27E6025F7ACA0DF1D7B", "SPDXRef-File--obj-TestSbom.csproj.nuget.dgspec.json-AB15BC416B8A66DD44256DD8406EE58FFDA57E30", "SPDXRef-File--bin-Debug-net6.0-Newtonsoft.Json.dll-F3130F7FD4B414B5AEC04EB87ED800EB84DD2154", "SPDXRef-File--bin-Debug-net6.0-Microsoft.Extensions.Caching.Abstractions.dll-CBB5349B9EF110D51AB28CF6E9EA8ACCA6C16E2A", "SPDXRef-File--obj-Debug-net6.0-TestSbom.genruntimeconfig.cache-DC6FF88845C301EF8FDA1B6C2C9A341A5EC9F628", "SPDXRef-File--obj-Debug-net6.0-TestSbom.AssemblyInfoInputs.cache-2E01BBEF76E1674647864041D94624382F41A73E", "SPDXRef-File--obj-project.assets.json-DC2DC0D19805D6675C5117473825173541F3774B", "SPDXRef-File--bin-Debug-net6.0-Microsoft.Extensions.Options.dll-F65C6BAA8A36CBB5B28249177FD74FA1279CFD1C", "SPDXRef-File--bin-Debug-net6.0-Microsoft.EntityFrameworkCore.Abstractions.dll-9AF2DE71A525B194046C30907C246A8C734729D6", "SPDXRef-File--obj-Debug-net6.0-TestSbom.GeneratedMSBuildEditorConfig.editorconfig-805C8271C88266F8154A6E7D73AC7ADFB2E4980C", "SPDXRef-File--obj-Debug-net6.0-TestSbom.AssemblyInfo.cs-26E2291584E716FF799C542A7565E8D89012C36B", "SPDXRef-File--bin-Debug-net6.0-TestSbom.runtimeconfig.json-FDDB6AA875C839338EE9613336F23367F726DB17", "SPDXRef-File--bin-Debug-net6.0-Microsoft.Extensions.Logging.dll-C623BA7AAF28DFE6B54FC0AD43C6EBA912C6B336", "SPDXRef-File--TestSbom.sln-F4B456AE7135A5C48AE15722A4AA69593AA14057", "SPDXRef-File--bin-Debug-net6.0-Microsoft.Extensions.Primitives.dll-A51ACEA6A9183D6C73DCEDB5B0536F2A5EFD5F43", "SPDXRef-File--obj-Debug-net6.0-TestSbom.dll-08A7DB3DB478379D7E149043688F5DDC9637ABD5", "SPDXRef-File--obj-Debug-net6.0-apphost.exe-5276E2E6E5F5DEA26CB482BDE865C5E7360766AC", "SPDXRef-File--bin-Debug-net6.0-TestSbom.pdb-504FD6545BF8439C024B3816A6BD8C8F2B00F2C0", "SPDXRef-File--bin-Debug-net6.0-Microsoft.Extensions.Logging.Abstractions.dll-EB1C84DA67D382390397E30FE801A38944BCF48C", "SPDXRef-File--TestSbom.csproj-068371A207A7FEFBBE84CDB26A0DC45E8C5745B8", "SPDXRef-File--obj-Debug-net6.0-TestSbom.assets.cache-E2476AD84407C84C573B1D255A8A4B78D6336C97", "SPDXRef-File--obj-project.nuget.cache-7D40FB85C37D7C3E11C7FA28F03F6C727C40108E", "SPDXRef-File--obj-Debug-net6.0-refint-TestSbom.dll-6E0360945BC27AFF85532402952A90ADB3AFF908", "SPDXRef-File--obj-Debug-net6.0-TestSbom.csproj.CoreCompileInputs.cache-20C0E327D340E8B3EC900C3C70031929D918801C", "SPDXRef-File--obj-TestSbom.csproj.nuget.g.targets-A7D0B31730F7623CDF4F75999400205A2C3905D8", "SPDXRef-File--bin-Debug-net6.0-TestSbom.dll-08A7DB3DB478379D7E149043688F5DDC9637ABD5", "SPDXRef-File--bin-Debug-net6.0-Microsoft.Extensions.DependencyInjection.Abstractions.dll-B75730D6C1EF5E0CA6D7F7A1A5EE540AEE940836" ] } ], "externalDocumentRefs": [], "relationships": [ { "relationshipType": "DESCRIBES", "relatedSpdxElement": "SPDXRef-RootPackage", "spdxElementId": "SPDXRef-DOCUMENT" }, { "relationshipType": "DEPENDS_ON", "relatedSpdxElement": "SPDXRef-Package-03D59A9847F8B707779ED14E9E8B45C1DF1CE09F29AEA2706935CA888E6C09CC", "spdxElementId": "SPDXRef-Package-3E570839C2016B9FB360FFCAD405CDEAC3EB94B123CD29985990D9364576D7D9" }, { "relationshipType": "DEPENDS_ON", "relatedSpdxElement": "SPDXRef-Package-659FC6F6442DDDEB1A085D79166237DC05B228DAF796D7615D512FA9E3217439", "spdxElementId": "SPDXRef-Package-1A8ED08FCCB0E96A340A7589485C1A7D63FFDAD628A019657EC7169841E3DB83" }, { "relationshipType": "DEPENDS_ON", "relatedSpdxElement": "SPDXRef-Package-1B140F7FA3F784DD56CC7A8B4145E9AD58D8CDD4C249A0F27F2262E47C9B41AF", "spdxElementId": "SPDXRef-Package-659FC6F6442DDDEB1A085D79166237DC05B228DAF796D7615D512FA9E3217439" }, { "relationshipType": "DEPENDS_ON", "relatedSpdxElement": "SPDXRef-Package-40E1A9E59C44F0CD9170AD10FCF36B05A76D5491CC455DE3F2ADE9EBF152931D", "spdxElementId": "SPDXRef-Package-3505490951140ED4F9AEE7B75E2DF347926C49A4EC41E3FDDB277E46F56C6E46" }, { "relationshipType": "DEPENDS_ON", "relatedSpdxElement": "SPDXRef-Package-D6B10CA94F55A75F0746B799EAE1E7372994298991EA077E6BA70102EA1CB0CE", "spdxElementId": "SPDXRef-Package-3E570839C2016B9FB360FFCAD405CDEAC3EB94B123CD29985990D9364576D7D9" }, { "relationshipType": "DEPENDS_ON", "relatedSpdxElement": "SPDXRef-Package-9072CAF711EF3F7816C9CA11A1500951578C47C5463795B78FBC556470847F01", "spdxElementId": "SPDXRef-Package-3505490951140ED4F9AEE7B75E2DF347926C49A4EC41E3FDDB277E46F56C6E46" }, { "relationshipType": "DEPENDS_ON", "relatedSpdxElement": "SPDXRef-Package-1A8ED08FCCB0E96A340A7589485C1A7D63FFDAD628A019657EC7169841E3DB83", "spdxElementId": "SPDXRef-Package-3505490951140ED4F9AEE7B75E2DF347926C49A4EC41E3FDDB277E46F56C6E46" }, { "relationshipType": "DEPENDS_ON", "relatedSpdxElement": "SPDXRef-Package-3E570839C2016B9FB360FFCAD405CDEAC3EB94B123CD29985990D9364576D7D9", "spdxElementId": "SPDXRef-RootPackage" }, { "relationshipType": "DEPENDS_ON", "relatedSpdxElement": "SPDXRef-Package-B886264C88915A93892AFBE3D28CD5B3C8B7990F0C6A47AD506184440C46436E", "spdxElementId": "SPDXRef-RootPackage" }, { "relationshipType": "DEPENDS_ON", "relatedSpdxElement": "SPDXRef-Package-D0DC877776F81F3401A4EF7EF930E3196DE65AF657771CD3446B39A00199FDB5", "spdxElementId": "SPDXRef-Package-3E570839C2016B9FB360FFCAD405CDEAC3EB94B123CD29985990D9364576D7D9" }, { "relationshipType": "DEPENDS_ON", "relatedSpdxElement": "SPDXRef-Package-902A49EE1292AAB53E6AB794ED81360C3AB9D97FB3A6E6D16678720C8CF9DE4A", "spdxElementId": "SPDXRef-Package-3505490951140ED4F9AEE7B75E2DF347926C49A4EC41E3FDDB277E46F56C6E46" }, { "relationshipType": "DEPENDS_ON", "relatedSpdxElement": "SPDXRef-Package-A0B0F68FECEEAEE4F98067023C661AC2C54C9517BEF753711F43E003CC250716", "spdxElementId": "SPDXRef-Package-3E570839C2016B9FB360FFCAD405CDEAC3EB94B123CD29985990D9364576D7D9" }, { "relationshipType": "DEPENDS_ON", "relatedSpdxElement": "SPDXRef-Package-3505490951140ED4F9AEE7B75E2DF347926C49A4EC41E3FDDB277E46F56C6E46", "spdxElementId": "SPDXRef-Package-3E570839C2016B9FB360FFCAD405CDEAC3EB94B123CD29985990D9364576D7D9" } ], "spdxVersion": "SPDX-2.2", "dataLicense": "CC0-1.0", "SPDXID": "SPDXRef-DOCUMENT", "name": "test 1.0", "documentNamespace": "https://www.test.com/test/1.0/bqnGpsLeoUilD2Ew5N2F_w", "creationInfo": { "created": "2023-12-05T09:41:19Z", "creators": [ "Organization: soko", "Tool: Microsoft.SBOMTool-2.0.1" ] }, "documentDescribes": [ "SPDXRef-RootPackage" ] } `

tarun06 avatar Dec 05 '23 09:12 tarun06