SwiftBOM- SBOM generator for demo and PoCs

Component d_count
Parent Component	Child BOM exists
Child BOM SPDX	External Reference ?
Component Name CPE
Version
Supplier Name
Relationship
Package File Name
Package Download Location
Files Analyzed
Component Checksum
Package Home Page
Concluded License
Declared License
Comments on License
Copyright Text	NOASSERTION
License Identifier
Extracted Text
License Name
License Comment

## Document Header SPDXVersion: $SPDXVersion DataLicense: $DataLicense SPDXID: $SPDXID DocumentName: $DocumentName DocumentNamespace: $DocumentNamespace Creator: $CreatorType: $Creator Created: $Created CreatorComment: <text>$CreatorComment</text>

## Packages ## 2.4 Primary Component (described by the SBOM) PackageName: $PackageName SPDXID: SPDXRef-$EscPackageName PackageComment: <text>PURL is pkg:supplier/$UrlSupplierName/$UrlPackageName@$PackageVersion $AddPackageComment</text> ExternalRef: PACKAGE-MANAGER purl pkg:supplier/$UrlSupplierName/$UrlPackageName@$PackageVersion PackageVersion: $PackageVersion PackageSupplier: $SupplierType: $SupplierName Relationship: $SPDXID DESCRIBES SPDXRef-$EscPackageName Relationship: SPDXRef-$EscPackageName CONTAINS NONE PackageDownloadLocation: $PackageDownloadLocation FilesAnalyzed: $FilesAnalyzed PackageLicenseConcluded: $PackageLicenseConcluded PackageLicenseDeclared: $PackageLicenseDeclared PackageCopyrightText: $PackageCopyrightText

## 2.4 All-Levels Components ## PackageName: $PackageName SPDXID: SPDXRef-$EscPackageName PackageComment: <text>PURL is pkg:supplier/$UrlSupplierName/$UrlPackageName@$PackageVersion $AddPackageComment</text> ExternalRef: PACKAGE-MANAGER purl pkg:supplier/$UrlSupplierName/$UrlPackageName@$PackageVersion PackageVersion: $PackageVersion PackageSupplier: $SupplierType: $SupplierName Relationship: SPDXRef-$EscPrimaryPackageName CONTAINS SPDXRef-$EscPackageName Relationship: SPDXRef-$EscPackageName CONTAINS NOASSERTION PackageDownloadLocation: $PackageDownloadLocation FilesAnalyzed: $FilesAnalyzed PackageLicenseConcluded: $PackageLicenseConcluded PackageLicenseDeclared: $PackageLicenseDeclared PackageCopyrightText: $PackageCopyrightText

ExternalDocumentRef: DocmentRef-$ExtDocumentName $ExtDocumentNamespace $ExtOptionalSHA256Signature Relationship: SPDXRef-$ExtEscPackageName CONTAINS DocumentRef-$ExtDocumentName:SPDXRef-$ExtEscPackageName

Child SBOM to

SPDX ↓ SWID ↓ CycloneDX ↓ CSAF (VeX) ↓ Graph ↓ ℤ ↓

Product