Narwhal - Infosec, and Everything

Sterling Archer: Sipping Bill of Materials

Curious what this is about? In honor of the NTIA Software Transparency / Software Bill of Materials (SBOM) project, we have chosen to make these Sipping Bill of Materials available. Please consult your local hacker economist to learn how you can get involved with the NTIA SBOM project.

CycloneDX Format

<?xml version="1.0"?>
<bom serialNumber="url:https://narwhal.be/2019/sbom/sterlingarcher/" version="1" xmlns="http://cyclonedx.org/schema/bom/1.1" xmlns:prep="urn:prep:instructions">
    <components>  
        <component type="library">
            <publisher>Talisker Distillery</publisher>
            <name>Talisker Storm</name>
            <description></description>
            <scope>2 oz</scope>
        </component>  
        <component type="library">
            <publisher>Haribo USA</publisher>
            <name>Goldbears Gummy Bears</name>
            <description></description>
            <scope>6 count</scope>
        </component>  
        <component type="library">
            <publisher>Flamingo Hotel and Casino</publisher>
            <name>Hotel Ice</name>
            <description>Locally manufactured by an ice machine on this very floor.</description>
            <scope>1 amount</scope>
        </component> 
    </components>
    <prep:instructions>Add a tiny bit of ice, then add everything else. Stare deeply into the eyes of whoever ordered this and whisper 'shame.'</prep:instructions>
</bom>

SWID Format

<?xml version="1.0"?>
<SoftwareIdentity
    name="Sterling Archer"
    tagId="urn:sterling-archer"
    tagVersion="1"
    xml:lang="en"	
    xmlns:vTag="http://tagvault.org/xsd/swid-extensions-2015.xsd"
    xmlns="http://standards.iso.org/iso/19770/-2/2015/schema.xsd" 
    xmlns:n8060="http://csrc.nist.gov/schema/swid/2015-extensions/swid-2015-extensions-1.0.xsd">
    <Entity name="Narwhal" role="tagCreator" />
  
    <Link rel="requires" href="urn:talisker-distillery-talisker-storm" />   
    <Link rel="requires" href="urn:haribo-usa-goldbears-gummy-bears" />   
    <Link rel="requires" href="urn:flamingo-hotel-and-casino-hotel-ice" /> 
    <Meta entitlementDataRequired="false" summary="Add a tiny bit of ice, then add everything else. Stare deeply into the eyes of whoever ordered this and whisper 'shame.'" />
</SoftwareIdentity>

 
<SoftwareIdentity
    name="Talisker Storm"
    tagId="urn:talisker-distillery-talisker-storm"
    tagVersion="1"
    xml:lang="en"	
    xmlns:vTag="http://tagvault.org/xsd/swid-extensions-2015.xsd"
    xmlns="http://standards.iso.org/iso/19770/-2/2015/schema.xsd" 
    xmlns:n8060="http://csrc.nist.gov/schema/swid/2015-extensions/swid-2015-extensions-1.0.xsd">
    <Entity name="Narwhal" role="tagCreator" />
    <Entity name="Talisker Distillery" role="softwareCreator" />
    <Meta entitlementDataRequired="false" summary="2 oz" />
</SoftwareIdentity>
 
<SoftwareIdentity
    name="Goldbears Gummy Bears"
    tagId="urn:haribo-usa-goldbears-gummy-bears"
    tagVersion="1"
    xml:lang="en"	
    xmlns:vTag="http://tagvault.org/xsd/swid-extensions-2015.xsd"
    xmlns="http://standards.iso.org/iso/19770/-2/2015/schema.xsd" 
    xmlns:n8060="http://csrc.nist.gov/schema/swid/2015-extensions/swid-2015-extensions-1.0.xsd">
    <Entity name="Narwhal" role="tagCreator" />
    <Entity name="Haribo USA" role="softwareCreator" />
    <Meta entitlementDataRequired="false" summary="6 count" />
</SoftwareIdentity>
 
<SoftwareIdentity
    name="Hotel Ice"
    tagId="urn:flamingo-hotel-and-casino-hotel-ice"
    tagVersion="1"
    xml:lang="en"	
    xmlns:vTag="http://tagvault.org/xsd/swid-extensions-2015.xsd"
    xmlns="http://standards.iso.org/iso/19770/-2/2015/schema.xsd" 
    xmlns:n8060="http://csrc.nist.gov/schema/swid/2015-extensions/swid-2015-extensions-1.0.xsd">
    <Entity name="Narwhal" role="tagCreator" />
    <Entity name="Flamingo Hotel and Casino" role="softwareCreator" />
    <Meta entitlementDataRequired="false" summary="1 amount" />
</SoftwareIdentity>

SPDX Format

DocumentName: Sterling Archer
SPDXID: sterling-archer
DocumentComment: <text>Add a tiny bit of ice, then add everything else. Stare deeply into the eyes of whoever ordered this and whisper 'shame.'</text>
## Creation Information
Creator: Tool: Jekyll
Creator: Organization: Narwhal
 
FileName: Talisker Storm
SPDXID: talisker-storm
FileComment: <text>2 oz</text>
FileContributor: Talisker Distillery
 
FileName: Goldbears Gummy Bears
SPDXID: goldbears-gummy-bears
FileComment: <text>6 count</text>
FileContributor: Haribo USA
 
FileName: Hotel Ice
SPDXID: hotel-ice
FileComment: <text>1 amount</text>
FileContributor: Flamingo Hotel and Casino

JSON Format

{
    "shortname": "sterlingarcher",
    "name": "Sterling Archer",
    "ingredients": [  
        {
            "name": "Talisker Storm",
            "manufacturer": "Talisker Distillery",
            "notes": "",
            "quantity": 2,
            "unit": "oz"
        },  
        {
            "name": "Goldbears Gummy Bears",
            "manufacturer": "Haribo USA",
            "notes": "",
            "quantity": 6,
            "unit": "count"
        },  
        {
            "name": "Hotel Ice",
            "manufacturer": "Flamingo Hotel and Casino",
            "notes": "Locally manufactured by an ice machine on this very floor.",
            "quantity": 1,
            "unit": "amount"
        }, 
    ],
    "instructions": "Add a tiny bit of ice, then add everything else. Stare deeply into the eyes of whoever ordered this and whisper 'shame.'"
}