Skip to content

Commit

Permalink
Add sbom descripton file for Software BOM
Browse files Browse the repository at this point in the history 
This file is used by the esp-idf-sbom tool to generate
an SBOM file in the SPDX format for esp-idf projects.
  • Loading branch information
@david-cermak
david-cermak committed Oct 11, 2023
1 parent 0f2d472 commit 90c1e93
Showing 1 changed file with 11 additions and 0 deletions.
11 changes: 11 additions & 0 deletions sbom.yml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,11 @@
name: 'lwip'
version: '2.1.2'
cpe: cpe:2.3:a:lwip_project:lwip:{}:*:*:*:*:*:*:*
supplier: 'Organization: Espressif Systems (Shanghai) CO LTD'
originator: 'Organization: non-GNU software and documentation, lwIP Project <[email protected]>'
description: A Lightweight TCP/IP stack with additional features and patches from Espressif.
cve-exclude-list:
- cve: CVE-2020-22284
reason: The fix for this vulnerability has been incorporated from the lwIP project upstream as ecd6009a, 6ffe30d9 and 8f5a0aaa.
- cve: CVE-2020-22283
reason: The fix for this vulnerability has been incorporated from the lwIP project upstream as 379d5504, ba3b04e7 and 843a1161 (Note that this vulnerability is not listed in the NVD against lwip version 2.1.2, but version - N/A).

0 comments on commit 90c1e93

Please sign in to comment.