From e17cff53a1e92668e4f90f3b1921940d9a789c6c Mon Sep 17 00:00:00 2001
From: Mahavir Jain <mahavir@espressif.com>
Date: Tue, 18 Jul 2023 14:34:46 +0530
Subject: [PATCH] Add SBOM files for applicable components

Please see more details at:
https://github.com/espressif/esp-idf-sbom
---
 coap/idf_component.yml   | 3 ++-
 coap/sbom.yml            | 5 +++++
 expat/idf_component.yml  | 3 ++-
 expat/sbom.yml           | 5 +++++
 fmt/idf_component.yml    | 3 ++-
 fmt/sbom.yml             | 5 +++++
 libpng/idf_component.yml | 3 ++-
 libpng/sbom.yml          | 5 +++++
 nghttp/idf_component.yml | 3 ++-
 nghttp/sbom.yml          | 5 +++++
 zlib/idf_component.yml   | 3 ++-
 zlib/sbom.yml            | 5 +++++
 12 files changed, 42 insertions(+), 6 deletions(-)
 create mode 100644 coap/sbom.yml
 create mode 100644 expat/sbom.yml
 create mode 100644 fmt/sbom.yml
 create mode 100644 libpng/sbom.yml
 create mode 100644 nghttp/sbom.yml
 create mode 100644 zlib/sbom.yml

diff --git a/coap/idf_component.yml b/coap/idf_component.yml
index 4f9e6c05b0..a4707bb670 100644
--- a/coap/idf_component.yml
+++ b/coap/idf_component.yml
@@ -1,4 +1,5 @@
-version: "4.3.1~3"
+# Note: Please keep this version consistent with sbom.yml file
+version: "4.3.1~4"
 description: Constrained Application Protocol (CoAP) C Library
 url: https://github.com/espressif/idf-extra-components/tree/master/coap
 dependencies:
diff --git a/coap/sbom.yml b/coap/sbom.yml
new file mode 100644
index 0000000000..4904d3a817
--- /dev/null
+++ b/coap/sbom.yml
@@ -0,0 +1,5 @@
+version: 4.3.1
+cpe: cpe:2.3:a:libcoap:libcoap:{}:*:*:*:*:*:*:*
+supplier: 'Organization: Espressif Systems (Shanghai) CO LTD'
+originator: 'Organization: libcoap <https://libcoap.net/>'
+description: A CoAP (RFC 7252) implementation in C
diff --git a/expat/idf_component.yml b/expat/idf_component.yml
index 9ffae5a77e..27dca68b32 100644
--- a/expat/idf_component.yml
+++ b/expat/idf_component.yml
@@ -1,4 +1,5 @@
-version: "2.5.0"
+# Note: Please keep this version consistent with sbom.yml file
+version: "2.5.0~1"
 description: "Expat - XML Parsing C Library"
 url: https://github.com/espressif/idf-extra-components/tree/master/expat
 dependencies:
diff --git a/expat/sbom.yml b/expat/sbom.yml
new file mode 100644
index 0000000000..c9028aaeda
--- /dev/null
+++ b/expat/sbom.yml
@@ -0,0 +1,5 @@
+version: 2.5.0
+cpe: cpe:2.3:a:libexpat_project:libexpat:{}:*:*:*:*:*:*:*
+supplier: 'Organization: Espressif Systems (Shanghai) CO LTD'
+originator: 'Organization: libexpat_project'
+description: Fast streaming XML parser written in C99
diff --git a/fmt/idf_component.yml b/fmt/idf_component.yml
index 9890bfb0e2..114912f71d 100644
--- a/fmt/idf_component.yml
+++ b/fmt/idf_component.yml
@@ -1,4 +1,5 @@
-version: "9.1.0"
+# Note: Please keep this version consistent with sbom.yml file
+version: "9.1.0~1"
 description: Formatting library providing a fast and safe alternative to C stdio and C++ iostreams.
 url: https://github.com/espressif/idf-extra-components/tree/master/fmt
 dependencies:
diff --git a/fmt/sbom.yml b/fmt/sbom.yml
new file mode 100644
index 0000000000..4009512a52
--- /dev/null
+++ b/fmt/sbom.yml
@@ -0,0 +1,5 @@
+version: 9.1.0
+cpe: cpe:2.3:a:fmt:fmt:{}:*:*:*:*:*:*:*
+supplier: 'Organization: Espressif Systems (Shanghai) CO LTD'
+originator: 'Organization: fmt <https://fmt.dev/latest/index.html>'
+description: A modern formatting library
diff --git a/libpng/idf_component.yml b/libpng/idf_component.yml
index b59acc69f7..4f54e32f41 100644
--- a/libpng/idf_component.yml
+++ b/libpng/idf_component.yml
@@ -1,4 +1,5 @@
-version: "1.6.39"
+# Note: Please keep this version consistent with sbom.yml file
+version: "1.6.39~1"
 description: Portable Network Graphics(png) C library
 url: https://github.com/espressif/idf-extra-components/tree/master/libpng
 repository: "https://github.com/espressif/idf-extra-components.git"
diff --git a/libpng/sbom.yml b/libpng/sbom.yml
new file mode 100644
index 0000000000..1f6f5bfa45
--- /dev/null
+++ b/libpng/sbom.yml
@@ -0,0 +1,5 @@
+version: 1.6.39
+cpe: cpe:2.3:a:libpng:libpng:{}:*:*:*:*:*:*:*
+supplier: 'Organization: Espressif Systems (Shanghai) CO LTD'
+originator: 'Organization: libpng'
+description: Portable Network Graphics support, official PNG reference library
diff --git a/nghttp/idf_component.yml b/nghttp/idf_component.yml
index 6566fb50de..34abf915c2 100644
--- a/nghttp/idf_component.yml
+++ b/nghttp/idf_component.yml
@@ -1,4 +1,5 @@
-version: "1.52.0"
+# Note: Please keep this version consistent with sbom.yml file
+version: "1.52.0~1"
 description: "nghttp2 - HTTP/2 C Library"
 url: https://github.com/espressif/idf-extra-components/tree/master/nghttp
 dependencies:
diff --git a/nghttp/sbom.yml b/nghttp/sbom.yml
new file mode 100644
index 0000000000..caeb1e06f2
--- /dev/null
+++ b/nghttp/sbom.yml
@@ -0,0 +1,5 @@
+version: 1.52.0
+cpe: cpe:2.3:a:nghttp2:nghttp2:{}:*:*:*:*:*:*:*
+supplier: 'Organization: Espressif Systems (Shanghai) CO LTD'
+originator: 'Organization: nghttp2 <https://nghttp2.org/'
+description: nghttp2 - HTTP/2 C Library and tools
diff --git a/zlib/idf_component.yml b/zlib/idf_component.yml
index 67da93d9ae..e3ad085f35 100644
--- a/zlib/idf_component.yml
+++ b/zlib/idf_component.yml
@@ -1,4 +1,5 @@
-version: "1.2.13"
+# Note: Please keep this version consistent with sbom.yml file
+version: "1.2.13~1"
 description: zlib C library
 url: https://github.com/espressif/idf-extra-components/tree/master/zlib
 repository: "https://github.com/espressif/idf-extra-components.git"
diff --git a/zlib/sbom.yml b/zlib/sbom.yml
new file mode 100644
index 0000000000..34fc5bb371
--- /dev/null
+++ b/zlib/sbom.yml
@@ -0,0 +1,5 @@
+version: 1.2.13
+cpe: cpe:2.3:a:zlib:zlib:{}:*:*:*:*:*:*:*
+supplier: 'Organization: Espressif Systems (Shanghai) CO LTD'
+originator: 'Organization: zlib <http://www.zlib.net/>'
+description: A massively spiffy yet delicately unobtrusive compression library