From 9669c08ca92cb23db479ce3e7e3b865f7706305b Mon Sep 17 00:00:00 2001
From: Richard Hughes <richard@hughsie.com>
Date: Fri, 15 Nov 2024 12:17:38 +0000
Subject: [PATCH] Add a SBOM file in CycloneDX format

Improve supply chain security by including a SBOM file with substituted values.

This will be used to construct a composite platform SBOM.

Signed-off-by: Richard Hughes <richard@hughsie.com>
---
 sbom.cdx.json | 40 ++++++++++++++++++++++++++++++++++++++++
 1 file changed, 40 insertions(+)
 create mode 100644 sbom.cdx.json

diff --git a/sbom.cdx.json b/sbom.cdx.json
new file mode 100644
index 000000000..86d535afb
--- /dev/null
+++ b/sbom.cdx.json
@@ -0,0 +1,40 @@
+{
+  "bomFormat": "CycloneDX",
+  "specVersion": "1.6",
+  "version": 1,
+  "components": [
+    {
+      "type": "library",
+      "bom-ref": "pkg:hostapd/wpa_supplicant@@VCS_TAG@",
+      "cpe": "cpe:2.3:a:hostapd:wpa_supplicant:@VCS_TAG@:*:*:*:*:*:*:*",
+      "name": "wpa_supplicant",
+      "version": "@VCS_VERSION@",
+      "description": "The IEEE 802.1X/WPA component, implementing key negotiation with an authenticator",
+      "authors": [
+        {
+          "name": "@VCS_SBOM_AUTHORS@"
+        }
+      ],
+      "supplier": {
+        "name": "wpa_supplicant developers"
+      },
+      "licenses": [
+        {
+          "license": {
+            "id": "BSD-3-Clause"
+          }
+        }
+      ],
+      "externalReferences": [
+        {
+          "type": "website",
+          "url": "https://hostap.epitest.fi/wpa_supplicant/"
+        },
+        {
+          "type": "vcs",
+          "url": "git://w1.fi/srv/git/hostap.git"
+        }
+      ]
+    }
+  ]
+}
-- 
2.47.0