软件物料清单必要字段、实例参考.docx

《软件物料清单必要字段、实例参考.docx》由会员分享，可在线阅读，更多相关《软件物料清单必要字段、实例参考.docx（10页珍藏版）》请在优知文库上搜索。

1、附录A（资料性）软件物料清单必要字段软件物料消弟必要字段如表AJ所示.表A1软件物料清单必要字段元素名字段名字段播述字段类型软件信息softwareSoftwareName软件名称stringSoftwareVersion软件版本MtringintegrityhahAlg杂决克法stringnessajjeDigest福患摘要string清单值息&x:UMntfort!11e清小格式名砍stringfratVersIon格式根本stringserialNuxiber清的标识StrinSti11rxtivp时同世strinj：autbcr创建者string姐件信息exponentsco11nen

2、tld组件标MstrinsConponentNonc姐件名称StringConponentVersion如件版本stringseifDeveIopedProportion自用比例enuofstring)Iicensene许可证名稀arrayofstringintegritybashAlg杂潴算法stringnessai：eDige$t消息摘要Strinx内前依软信息dtcrxicn:icsidemityAId依赖标识引用stringrclntio11jihip关系arrayofxtringidcntityKld技依帽标识弓I用string生命周期（ft护中新风PSdisruptionsdisr

3、uptinnld中断标做stringdisruptionType中断类型stringHffectedObject影响对配string表AT（续）元素名字段名字段描述字段类鞭生命冏期维护中断风1disruptionsdescription凤龄担述stringdisposal处情况booleanestIitetedTitteM计中断时间string找名佶1integritySignnturaFiIC提名文件stringiigitnlCcrtificntFiIc数字证的文件string附录B(奥科性)软件物料清单实例参考B.1软件信息JSON格式示例：a)定制化开发或商业采的软件：software:

4、(soflwareName”:MyApp*,softwareversion:1.2.0,integrity”:(*hashlg*:*MD5x,messageDigest*:fc3aa394c8787e019eda27be38d65cdf,.supplier”:*siipplierName*:supplierA,1,supplierType*:agent,area:China”,developer”:*deveIoperA*,1“1iccnseNa三e”:COlnnereialAgreement*aulhorizalionTcrm:2024Tl-H”b)开源软件：*software,:(*Sof

5、twareName*:*Mypp,softwareVersion:1.2.0,*inlogrity*:(,hashAlr:*,MD5,messageDigest”:,fc3aa39-lc8787e19eda27be38i65clf*I.acquiSitiCnChannel,:openSourCCCOamUnity”,*1icenseNa三e:APaChe-2.O”1JSOX格式示例:“document/:(*fOmatName*:“SBOMDF,3*for三atVersion*:1.0”.*serialNumber*:*urn:uuid:f47acIOb58cc!372lier.C,*supp

6、IierType*:*integratorwfarea:China*,*deveIoper*:“deveIoperA”,“1anguage*:Java”.*1icenseName*:“ConmercialAgreementB*.*duwnloadUrl*:*h11ps:/*hashl*:a,MI)5*messageDigest*:*dlld8cd98f0Ob204e980O99Hecf8427eA，).b)开源软件：(components”:(componentId:lib-O0,componentName:1.ogging1.ibrary*,componentVersion:*v2.5*,“

7、componentDescription:1.ibraryforapplicationlogging.*,*selfDeVelopedProportion*:*none,-rcgIdenlifier:*cpe:/a:microsoft:sql_scrvcr:6.5*,ipurlance:核心批件”，security”:“羟过开源社区安全申杳”，acquisitionchannel:opCnSoUrCeCo三munity”,language:Java*,IicenseName”:pache1.icense2.0”,*downIoad1.rl*:“https:/IogCOrp.co三,log-1i

8、b*.homePgae,:*https:/IogCOrP.com”.*-c11pIctcness*:known”,*integrity*:(hashAlg:M115”,essageDigest:H1d8cd98f00b201e9800998ecf8427e”).8. 4文件信息JSON格式示例：(files”:(,fildd:*file-001TileName:*syslo.java,filePath*:,srccomnyappsys1og.java*,purpose:实现软件11忐信息生成的源代码文件”，*integrity*:(hashAlg”:,UD5,essaxeDixest:,03a

9、c674216f3el5c761ela5c255f067F8. 5代码片段信息JSON格式示例：snippets”:(*snippetld*:*snippet001*.*snippetFiIc*:VsrcZcanZmyappZMain.java”,bytcStartPointcr*:100,*,byteEndPointer,:200,IineSiartPointer”:10,IineEndPointer”:20,snipPetSOUrCe:OpensourceprojectA*.“snipPetUrI:http:irAw.OPenSoUrc。COmnUnity.org/projectA/hom

10、epage,1icenseName,:Apache1.icense2.0”.*integrity*:(shAlg:,MD5,1essageDigest:a8a0M69l)6d581513e56197l6e3d62H*).B,6内部依赖信息JSON格式示例：(dependencies”:(identityAId”:*1ib-001*.*relationship*:dependsn*,*identityBId*:*lib-002*.(*identityAId*:*file-00l*,*relationship*:*contains*,identityBId”:*snippet001”8. 7外部网

11、络服务信息JSON格式示例：*services*:(*serviceld*:*service-001*,*serviceName*:AuthenticationService*,“substitutability”:false.“supplier”:*supplicrNaBe*:*paymentserviceprovider*,“area:China”.h,scviceUr1:*https:/auth.servicecorp,com/api”,*serviceArea*:“国内计算环境”,*serviceProtocol*:hltp,dutDoSCriPtior:包含电话、身份证、银行卡号等个人IS私信息”).8. 8基础环境信息JSON格式示例：(*platfom*:(“assetId”:*java-rntime*,“assetNae:JavaRuntimeEnvironment*,* assetVersion*:*8.0”,* substitutability*:false,* source*:xhttps*.“supplier”:*supplicrName*:Javaprovider*.*area*:China”,1.B.9开发工具信息JSON格式示例：*deveIo三entToo1s*:(*toolld*:*tool-001*,*toolNa11?:*1DE