From 4be259acac1b375ed5986ae1ffa3b531be0aa44a Mon Sep 17 00:00:00 2001
From: Laurent Goderre <laurent.goderre@docker.com>
Date: Tue, 26 Sep 2023 09:27:40 -0400
Subject: [PATCH] fixup

---
 3.10/alpine/Dockerfile     | 18 ++++++++---
 3.11/alpine/Dockerfile     | 18 ++++++++---
 3.12/alpine/Dockerfile     | 18 ++++++++---
 3.13-rc/alpine/Dockerfile  | 18 ++++++++---
 3.9/alpine/Dockerfile      | 18 ++++++++---
 Dockerfile-alpine.template | 66 +++++++++++++++++++++++++-------------
 6 files changed, 109 insertions(+), 47 deletions(-)

diff --git a/3.10/alpine/Dockerfile b/3.10/alpine/Dockerfile
index cd2cab55..e8c0894f 100644
--- a/3.10/alpine/Dockerfile
+++ b/3.10/alpine/Dockerfile
@@ -196,14 +196,18 @@ FROM alpine:3.18
 # OPENSSL/ERLANG_INSTALL_PATH_PREFIX are defined in a different stage, so define them again
 ENV ERLANG_INSTALL_PATH_PREFIX /opt/erlang
 ENV OPENSSL_INSTALL_PATH_PREFIX /opt/openssl
+
 COPY --from=erlang-builder $ERLANG_INSTALL_PATH_PREFIX $ERLANG_INSTALL_PATH_PREFIX
+COPY <<OPENSSL_SPDX /opt/openssl/openssl.spdx.json
+{"spdxVersion":"SPDX-2.3","SPDXID":"SPDXRef-DOCUMENT","name":"openssl-sbom","packages":[{"name":"openssl","versionInfo":"3.1.3","SPDXID":"SPDXRef-Package--openssl","externalRefs":[{"referenceCategory":"PACKAGE-MANAGER","referenceType":"purl","referenceLocator":"pkg:apk/alpine/openssl@3.1.3?os_name=alpine&os_version=3.18"}]}]}
+OPENSSL_SPDX
+
 COPY --from=openssl-builder $OPENSSL_INSTALL_PATH_PREFIX $OPENSSL_INSTALL_PATH_PREFIX
-ENV PATH $ERLANG_INSTALL_PATH_PREFIX/bin:$OPENSSL_INSTALL_PATH_PREFIX/bin:$PATH
+COPY <<ERLANG_SPDX /opt/erlang/erlang.spdx.json
+{"spdxVersion":"SPDX-2.3","SPDXID":"SPDXRef-DOCUMENT","name":"erlang-sbom","packages":[{"name":"erlang","versionInfo":"25.3.2.6","SPDXID":"SPDXRef-Package--erlang","externalRefs":[{"referenceCategory":"PACKAGE-MANAGER","referenceType":"purl","referenceLocator":"pkg:apk/alpine/erlang@25.3.2.6?os_name=alpine&os_version=3.18"}]}]}
+ERLANG_SPDX
 
-RUN mkdir -p /usr/local/share/sbom/ && \
-<<EOT cat > /usr/local/share/sbom/openssl-erlang.spdx.json
-{"spdxVersion":"SPDX-2.3","SPDXID":"SPDXRef-DOCUMENT","name":"openssl-erlang-sbom","documentNamespace":"https://docker.com/docker-scout/fs/sbom-61b3df18-3e41-47b8-a954-e4224f48b2f7","dataLicense":"CC0-1.0","packages":[{"name":"openssl","versionInfo":"3.1.3","SPDXID":"SPDXRef-Package--openssl","externalRefs":[{"referenceCategory":"PACKAGE-MANAGER","referenceType":"purl","referenceLocator":"pkg:apk/alpine/openssl@3.1.3?os_name=alpine&os_version=3.18"}]},{"name":"erlang","versionInfo":"25.3.2.6","SPDXID":"SPDXRef-Package--erlang","externalRefs":[{"referenceCategory":"PACKAGE-MANAGER","referenceType":"purl","referenceLocator":"pkg:apk/alpine/erlang@25.3.2.6?os_name=alpine&os_version=3.18"}]},{"name":"rabbitmq","versionInfo":"3.10.25","SPDXID":"SPDXRef-Package--rabbitmq","externalRefs":[{"referenceCategory":"PACKAGE-MANAGER","referenceType":"purl","referenceLocator":"pkg:github/rabbitmq/rabbitmq-server@3.10.25"}]}]}
-EOT
+ENV PATH $ERLANG_INSTALL_PATH_PREFIX/bin:$OPENSSL_INSTALL_PATH_PREFIX/bin:$PATH
 
 ENV RABBITMQ_DATA_DIR /var/lib/rabbitmq
 
@@ -302,6 +306,10 @@ RUN set -eux; \
 # no stale cookies
 	rm "$RABBITMQ_DATA_DIR/.erlang.cookie"
 
+COPY <<RABBITMQ_SPDX /opt/rabbitmq/rabbitmq.spdx.json
+{"spdxVersion":"SPDX-2.3","SPDXID":"SPDXRef-DOCUMENT","name":"rabbitmq-sbom","packages":[{"name":"rabbitmq","versionInfo":"3.10.25","SPDXID":"SPDXRef-Package--rabbitmq","externalRefs":[{"referenceCategory":"PACKAGE-MANAGER","referenceType":"purl","referenceLocator":"pkg:generic/rabbitmq@3.10.25?os_name=alpine&os_version=3.18"}]}]}
+RABBITMQ_SPDX
+
 # Enable Prometheus-style metrics by default (https://github.com/docker-library/rabbitmq/issues/419)
 RUN su-exec rabbitmq rabbitmq-plugins enable --offline rabbitmq_prometheus
 
diff --git a/3.11/alpine/Dockerfile b/3.11/alpine/Dockerfile
index c4ec07a8..de773162 100644
--- a/3.11/alpine/Dockerfile
+++ b/3.11/alpine/Dockerfile
@@ -196,14 +196,18 @@ FROM alpine:3.18
 # OPENSSL/ERLANG_INSTALL_PATH_PREFIX are defined in a different stage, so define them again
 ENV ERLANG_INSTALL_PATH_PREFIX /opt/erlang
 ENV OPENSSL_INSTALL_PATH_PREFIX /opt/openssl
+
 COPY --from=erlang-builder $ERLANG_INSTALL_PATH_PREFIX $ERLANG_INSTALL_PATH_PREFIX
+COPY <<OPENSSL_SPDX /opt/openssl/openssl.spdx.json
+{"spdxVersion":"SPDX-2.3","SPDXID":"SPDXRef-DOCUMENT","name":"openssl-sbom","packages":[{"name":"openssl","versionInfo":"3.1.3","SPDXID":"SPDXRef-Package--openssl","externalRefs":[{"referenceCategory":"PACKAGE-MANAGER","referenceType":"purl","referenceLocator":"pkg:apk/alpine/openssl@3.1.3?os_name=alpine&os_version=3.18"}]}]}
+OPENSSL_SPDX
+
 COPY --from=openssl-builder $OPENSSL_INSTALL_PATH_PREFIX $OPENSSL_INSTALL_PATH_PREFIX
-ENV PATH $ERLANG_INSTALL_PATH_PREFIX/bin:$OPENSSL_INSTALL_PATH_PREFIX/bin:$PATH
+COPY <<ERLANG_SPDX /opt/erlang/erlang.spdx.json
+{"spdxVersion":"SPDX-2.3","SPDXID":"SPDXRef-DOCUMENT","name":"erlang-sbom","packages":[{"name":"erlang","versionInfo":"25.3.2.6","SPDXID":"SPDXRef-Package--erlang","externalRefs":[{"referenceCategory":"PACKAGE-MANAGER","referenceType":"purl","referenceLocator":"pkg:apk/alpine/erlang@25.3.2.6?os_name=alpine&os_version=3.18"}]}]}
+ERLANG_SPDX
 
-RUN mkdir -p /usr/local/share/sbom/ && \
-<<EOT cat > /usr/local/share/sbom/openssl-erlang.spdx.json
-{"spdxVersion":"SPDX-2.3","SPDXID":"SPDXRef-DOCUMENT","name":"openssl-erlang-sbom","documentNamespace":"https://docker.com/docker-scout/fs/sbom-61b3df18-3e41-47b8-a954-e4224f48b2f7","dataLicense":"CC0-1.0","packages":[{"name":"openssl","versionInfo":"3.1.3","SPDXID":"SPDXRef-Package--openssl","externalRefs":[{"referenceCategory":"PACKAGE-MANAGER","referenceType":"purl","referenceLocator":"pkg:apk/alpine/openssl@3.1.3?os_name=alpine&os_version=3.18"}]},{"name":"erlang","versionInfo":"25.3.2.6","SPDXID":"SPDXRef-Package--erlang","externalRefs":[{"referenceCategory":"PACKAGE-MANAGER","referenceType":"purl","referenceLocator":"pkg:apk/alpine/erlang@25.3.2.6?os_name=alpine&os_version=3.18"}]},{"name":"rabbitmq","versionInfo":"3.11.23","SPDXID":"SPDXRef-Package--rabbitmq","externalRefs":[{"referenceCategory":"PACKAGE-MANAGER","referenceType":"purl","referenceLocator":"pkg:github/rabbitmq/rabbitmq-server@3.11.23"}]}]}
-EOT
+ENV PATH $ERLANG_INSTALL_PATH_PREFIX/bin:$OPENSSL_INSTALL_PATH_PREFIX/bin:$PATH
 
 ENV RABBITMQ_DATA_DIR /var/lib/rabbitmq
 
@@ -302,6 +306,10 @@ RUN set -eux; \
 # no stale cookies
 	rm "$RABBITMQ_DATA_DIR/.erlang.cookie"
 
+COPY <<RABBITMQ_SPDX /opt/rabbitmq/rabbitmq.spdx.json
+{"spdxVersion":"SPDX-2.3","SPDXID":"SPDXRef-DOCUMENT","name":"rabbitmq-sbom","packages":[{"name":"rabbitmq","versionInfo":"3.11.23","SPDXID":"SPDXRef-Package--rabbitmq","externalRefs":[{"referenceCategory":"PACKAGE-MANAGER","referenceType":"purl","referenceLocator":"pkg:generic/rabbitmq@3.11.23?os_name=alpine&os_version=3.18"}]}]}
+RABBITMQ_SPDX
+
 # Enable Prometheus-style metrics by default (https://github.com/docker-library/rabbitmq/issues/419)
 RUN su-exec rabbitmq rabbitmq-plugins enable --offline rabbitmq_prometheus
 
diff --git a/3.12/alpine/Dockerfile b/3.12/alpine/Dockerfile
index 7f7512d3..5bb377cc 100644
--- a/3.12/alpine/Dockerfile
+++ b/3.12/alpine/Dockerfile
@@ -196,14 +196,18 @@ FROM alpine:3.18
 # OPENSSL/ERLANG_INSTALL_PATH_PREFIX are defined in a different stage, so define them again
 ENV ERLANG_INSTALL_PATH_PREFIX /opt/erlang
 ENV OPENSSL_INSTALL_PATH_PREFIX /opt/openssl
+
 COPY --from=erlang-builder $ERLANG_INSTALL_PATH_PREFIX $ERLANG_INSTALL_PATH_PREFIX
+COPY <<OPENSSL_SPDX /opt/openssl/openssl.spdx.json
+{"spdxVersion":"SPDX-2.3","SPDXID":"SPDXRef-DOCUMENT","name":"openssl-sbom","packages":[{"name":"openssl","versionInfo":"3.1.3","SPDXID":"SPDXRef-Package--openssl","externalRefs":[{"referenceCategory":"PACKAGE-MANAGER","referenceType":"purl","referenceLocator":"pkg:apk/alpine/openssl@3.1.3?os_name=alpine&os_version=3.18"}]}]}
+OPENSSL_SPDX
+
 COPY --from=openssl-builder $OPENSSL_INSTALL_PATH_PREFIX $OPENSSL_INSTALL_PATH_PREFIX
-ENV PATH $ERLANG_INSTALL_PATH_PREFIX/bin:$OPENSSL_INSTALL_PATH_PREFIX/bin:$PATH
+COPY <<ERLANG_SPDX /opt/erlang/erlang.spdx.json
+{"spdxVersion":"SPDX-2.3","SPDXID":"SPDXRef-DOCUMENT","name":"erlang-sbom","packages":[{"name":"erlang","versionInfo":"25.3.2.6","SPDXID":"SPDXRef-Package--erlang","externalRefs":[{"referenceCategory":"PACKAGE-MANAGER","referenceType":"purl","referenceLocator":"pkg:apk/alpine/erlang@25.3.2.6?os_name=alpine&os_version=3.18"}]}]}
+ERLANG_SPDX
 
-RUN mkdir -p /usr/local/share/sbom/ && \
-<<EOT cat > /usr/local/share/sbom/openssl-erlang.spdx.json
-{"spdxVersion":"SPDX-2.3","SPDXID":"SPDXRef-DOCUMENT","name":"openssl-erlang-sbom","documentNamespace":"https://docker.com/docker-scout/fs/sbom-61b3df18-3e41-47b8-a954-e4224f48b2f7","dataLicense":"CC0-1.0","packages":[{"name":"openssl","versionInfo":"3.1.3","SPDXID":"SPDXRef-Package--openssl","externalRefs":[{"referenceCategory":"PACKAGE-MANAGER","referenceType":"purl","referenceLocator":"pkg:apk/alpine/openssl@3.1.3?os_name=alpine&os_version=3.18"}]},{"name":"erlang","versionInfo":"25.3.2.6","SPDXID":"SPDXRef-Package--erlang","externalRefs":[{"referenceCategory":"PACKAGE-MANAGER","referenceType":"purl","referenceLocator":"pkg:apk/alpine/erlang@25.3.2.6?os_name=alpine&os_version=3.18"}]},{"name":"rabbitmq","versionInfo":"3.12.6","SPDXID":"SPDXRef-Package--rabbitmq","externalRefs":[{"referenceCategory":"PACKAGE-MANAGER","referenceType":"purl","referenceLocator":"pkg:github/rabbitmq/rabbitmq-server@3.12.6"}]}]}
-EOT
+ENV PATH $ERLANG_INSTALL_PATH_PREFIX/bin:$OPENSSL_INSTALL_PATH_PREFIX/bin:$PATH
 
 ENV RABBITMQ_DATA_DIR /var/lib/rabbitmq
 
@@ -302,6 +306,10 @@ RUN set -eux; \
 # no stale cookies
 	rm "$RABBITMQ_DATA_DIR/.erlang.cookie"
 
+COPY <<RABBITMQ_SPDX /opt/rabbitmq/rabbitmq.spdx.json
+{"spdxVersion":"SPDX-2.3","SPDXID":"SPDXRef-DOCUMENT","name":"rabbitmq-sbom","packages":[{"name":"rabbitmq","versionInfo":"3.12.6","SPDXID":"SPDXRef-Package--rabbitmq","externalRefs":[{"referenceCategory":"PACKAGE-MANAGER","referenceType":"purl","referenceLocator":"pkg:generic/rabbitmq@3.12.6?os_name=alpine&os_version=3.18"}]}]}
+RABBITMQ_SPDX
+
 # Enable Prometheus-style metrics by default (https://github.com/docker-library/rabbitmq/issues/419)
 RUN su-exec rabbitmq rabbitmq-plugins enable --offline rabbitmq_prometheus
 
diff --git a/3.13-rc/alpine/Dockerfile b/3.13-rc/alpine/Dockerfile
index cd1c7de4..818a2d3d 100644
--- a/3.13-rc/alpine/Dockerfile
+++ b/3.13-rc/alpine/Dockerfile
@@ -196,14 +196,18 @@ FROM alpine:3.18
 # OPENSSL/ERLANG_INSTALL_PATH_PREFIX are defined in a different stage, so define them again
 ENV ERLANG_INSTALL_PATH_PREFIX /opt/erlang
 ENV OPENSSL_INSTALL_PATH_PREFIX /opt/openssl
+
 COPY --from=erlang-builder $ERLANG_INSTALL_PATH_PREFIX $ERLANG_INSTALL_PATH_PREFIX
+COPY <<OPENSSL_SPDX /opt/openssl/openssl.spdx.json
+{"spdxVersion":"SPDX-2.3","SPDXID":"SPDXRef-DOCUMENT","name":"openssl-sbom","packages":[{"name":"openssl","versionInfo":"3.1.3","SPDXID":"SPDXRef-Package--openssl","externalRefs":[{"referenceCategory":"PACKAGE-MANAGER","referenceType":"purl","referenceLocator":"pkg:apk/alpine/openssl@3.1.3?os_name=alpine&os_version=3.18"}]}]}
+OPENSSL_SPDX
+
 COPY --from=openssl-builder $OPENSSL_INSTALL_PATH_PREFIX $OPENSSL_INSTALL_PATH_PREFIX
-ENV PATH $ERLANG_INSTALL_PATH_PREFIX/bin:$OPENSSL_INSTALL_PATH_PREFIX/bin:$PATH
+COPY <<ERLANG_SPDX /opt/erlang/erlang.spdx.json
+{"spdxVersion":"SPDX-2.3","SPDXID":"SPDXRef-DOCUMENT","name":"erlang-sbom","packages":[{"name":"erlang","versionInfo":"26.1","SPDXID":"SPDXRef-Package--erlang","externalRefs":[{"referenceCategory":"PACKAGE-MANAGER","referenceType":"purl","referenceLocator":"pkg:apk/alpine/erlang@26.1?os_name=alpine&os_version=3.18"}]}]}
+ERLANG_SPDX
 
-RUN mkdir -p /usr/local/share/sbom/ && \
-<<EOT cat > /usr/local/share/sbom/openssl-erlang.spdx.json
-{"spdxVersion":"SPDX-2.3","SPDXID":"SPDXRef-DOCUMENT","name":"openssl-erlang-sbom","documentNamespace":"https://docker.com/docker-scout/fs/sbom-61b3df18-3e41-47b8-a954-e4224f48b2f7","dataLicense":"CC0-1.0","packages":[{"name":"openssl","versionInfo":"3.1.3","SPDXID":"SPDXRef-Package--openssl","externalRefs":[{"referenceCategory":"PACKAGE-MANAGER","referenceType":"purl","referenceLocator":"pkg:apk/alpine/openssl@3.1.3?os_name=alpine&os_version=3.18"}]},{"name":"erlang","versionInfo":"26.1","SPDXID":"SPDXRef-Package--erlang","externalRefs":[{"referenceCategory":"PACKAGE-MANAGER","referenceType":"purl","referenceLocator":"pkg:apk/alpine/erlang@26.1?os_name=alpine&os_version=3.18"}]},{"name":"rabbitmq","versionInfo":"3.13.0-beta.6","SPDXID":"SPDXRef-Package--rabbitmq","externalRefs":[{"referenceCategory":"PACKAGE-MANAGER","referenceType":"purl","referenceLocator":"pkg:github/rabbitmq/rabbitmq-server@3.13.0-beta.6"}]}]}
-EOT
+ENV PATH $ERLANG_INSTALL_PATH_PREFIX/bin:$OPENSSL_INSTALL_PATH_PREFIX/bin:$PATH
 
 ENV RABBITMQ_DATA_DIR /var/lib/rabbitmq
 
@@ -302,6 +306,10 @@ RUN set -eux; \
 # no stale cookies
 	rm "$RABBITMQ_DATA_DIR/.erlang.cookie"
 
+COPY <<RABBITMQ_SPDX /opt/rabbitmq/rabbitmq.spdx.json
+{"spdxVersion":"SPDX-2.3","SPDXID":"SPDXRef-DOCUMENT","name":"rabbitmq-sbom","packages":[{"name":"rabbitmq","versionInfo":"3.13.0-beta.6","SPDXID":"SPDXRef-Package--rabbitmq","externalRefs":[{"referenceCategory":"PACKAGE-MANAGER","referenceType":"purl","referenceLocator":"pkg:generic/rabbitmq@3.13.0-beta.6?os_name=alpine&os_version=3.18"}]}]}
+RABBITMQ_SPDX
+
 # Enable Prometheus-style metrics by default (https://github.com/docker-library/rabbitmq/issues/419)
 RUN su-exec rabbitmq rabbitmq-plugins enable --offline rabbitmq_prometheus
 
diff --git a/3.9/alpine/Dockerfile b/3.9/alpine/Dockerfile
index dc9db185..4a14ea96 100644
--- a/3.9/alpine/Dockerfile
+++ b/3.9/alpine/Dockerfile
@@ -196,14 +196,18 @@ FROM alpine:3.18
 # OPENSSL/ERLANG_INSTALL_PATH_PREFIX are defined in a different stage, so define them again
 ENV ERLANG_INSTALL_PATH_PREFIX /opt/erlang
 ENV OPENSSL_INSTALL_PATH_PREFIX /opt/openssl
+
 COPY --from=erlang-builder $ERLANG_INSTALL_PATH_PREFIX $ERLANG_INSTALL_PATH_PREFIX
+COPY <<OPENSSL_SPDX /opt/openssl/openssl.spdx.json
+{"spdxVersion":"SPDX-2.3","SPDXID":"SPDXRef-DOCUMENT","name":"openssl-sbom","packages":[{"name":"openssl","versionInfo":"3.1.3","SPDXID":"SPDXRef-Package--openssl","externalRefs":[{"referenceCategory":"PACKAGE-MANAGER","referenceType":"purl","referenceLocator":"pkg:apk/alpine/openssl@3.1.3?os_name=alpine&os_version=3.18"}]}]}
+OPENSSL_SPDX
+
 COPY --from=openssl-builder $OPENSSL_INSTALL_PATH_PREFIX $OPENSSL_INSTALL_PATH_PREFIX
-ENV PATH $ERLANG_INSTALL_PATH_PREFIX/bin:$OPENSSL_INSTALL_PATH_PREFIX/bin:$PATH
+COPY <<ERLANG_SPDX /opt/erlang/erlang.spdx.json
+{"spdxVersion":"SPDX-2.3","SPDXID":"SPDXRef-DOCUMENT","name":"erlang-sbom","packages":[{"name":"erlang","versionInfo":"25.3.2.6","SPDXID":"SPDXRef-Package--erlang","externalRefs":[{"referenceCategory":"PACKAGE-MANAGER","referenceType":"purl","referenceLocator":"pkg:apk/alpine/erlang@25.3.2.6?os_name=alpine&os_version=3.18"}]}]}
+ERLANG_SPDX
 
-RUN mkdir -p /usr/local/share/sbom/ && \
-<<EOT cat > /usr/local/share/sbom/openssl-erlang.spdx.json
-{"spdxVersion":"SPDX-2.3","SPDXID":"SPDXRef-DOCUMENT","name":"openssl-erlang-sbom","documentNamespace":"https://docker.com/docker-scout/fs/sbom-61b3df18-3e41-47b8-a954-e4224f48b2f7","dataLicense":"CC0-1.0","packages":[{"name":"openssl","versionInfo":"3.1.3","SPDXID":"SPDXRef-Package--openssl","externalRefs":[{"referenceCategory":"PACKAGE-MANAGER","referenceType":"purl","referenceLocator":"pkg:apk/alpine/openssl@3.1.3?os_name=alpine&os_version=3.18"}]},{"name":"erlang","versionInfo":"25.3.2.6","SPDXID":"SPDXRef-Package--erlang","externalRefs":[{"referenceCategory":"PACKAGE-MANAGER","referenceType":"purl","referenceLocator":"pkg:apk/alpine/erlang@25.3.2.6?os_name=alpine&os_version=3.18"}]},{"name":"rabbitmq","versionInfo":"3.9.29","SPDXID":"SPDXRef-Package--rabbitmq","externalRefs":[{"referenceCategory":"PACKAGE-MANAGER","referenceType":"purl","referenceLocator":"pkg:github/rabbitmq/rabbitmq-server@3.9.29"}]}]}
-EOT
+ENV PATH $ERLANG_INSTALL_PATH_PREFIX/bin:$OPENSSL_INSTALL_PATH_PREFIX/bin:$PATH
 
 ENV RABBITMQ_DATA_DIR /var/lib/rabbitmq
 
@@ -302,6 +306,10 @@ RUN set -eux; \
 # no stale cookies
 	rm "$RABBITMQ_DATA_DIR/.erlang.cookie"
 
+COPY <<RABBITMQ_SPDX /opt/rabbitmq/rabbitmq.spdx.json
+{"spdxVersion":"SPDX-2.3","SPDXID":"SPDXRef-DOCUMENT","name":"rabbitmq-sbom","packages":[{"name":"rabbitmq","versionInfo":"3.9.29","SPDXID":"SPDXRef-Package--rabbitmq","externalRefs":[{"referenceCategory":"PACKAGE-MANAGER","referenceType":"purl","referenceLocator":"pkg:generic/rabbitmq@3.9.29?os_name=alpine&os_version=3.18"}]}]}
+RABBITMQ_SPDX
+
 # Enable Prometheus-style metrics by default (https://github.com/docker-library/rabbitmq/issues/419)
 RUN su-exec rabbitmq rabbitmq-plugins enable --offline rabbitmq_prometheus
 
diff --git a/Dockerfile-alpine.template b/Dockerfile-alpine.template
index 2bd01c9c..13c49786 100644
--- a/Dockerfile-alpine.template
+++ b/Dockerfile-alpine.template
@@ -230,19 +230,14 @@ FROM alpine:{{ .alpine.version }}
 # OPENSSL/ERLANG_INSTALL_PATH_PREFIX are defined in a different stage, so define them again
 ENV ERLANG_INSTALL_PATH_PREFIX /opt/erlang
 ENV OPENSSL_INSTALL_PATH_PREFIX /opt/openssl
-COPY --from=erlang-builder $ERLANG_INSTALL_PATH_PREFIX $ERLANG_INSTALL_PATH_PREFIX
-COPY --from=openssl-builder $OPENSSL_INSTALL_PATH_PREFIX $OPENSSL_INSTALL_PATH_PREFIX
-ENV PATH $ERLANG_INSTALL_PATH_PREFIX/bin:$OPENSSL_INSTALL_PATH_PREFIX/bin:$PATH
 
-RUN mkdir -p /usr/local/share/sbom/ && \
-<<EOT cat > /usr/local/share/sbom/openssl-erlang.spdx.json
+COPY --from=erlang-builder $ERLANG_INSTALL_PATH_PREFIX $ERLANG_INSTALL_PATH_PREFIX
+COPY <<OPENSSL_SPDX /opt/openssl/openssl.spdx.json
 {{
 	{
 		spdxVersion: "SPDX-2.3",
 		SPDXID: "SPDXRef-DOCUMENT",
-		name: "openssl-erlang-sbom",
-		documentNamespace: "https://docker.com/docker-scout/fs/sbom-61b3df18-3e41-47b8-a954-e4224f48b2f7",
-		dataLicense: "CC0-1.0",
+		name: "openssl-sbom",
 		packages: [
 			{
 				name: "openssl",
@@ -255,7 +250,20 @@ RUN mkdir -p /usr/local/share/sbom/ && \
 						referenceLocator: ("pkg:apk/alpine/openssl@" + .openssl.version +"?os_name=alpine\u0026os_version=" + .alpine.version)
 					}
 				]
-			},
+			}
+		]
+	} | tostring
+}}
+OPENSSL_SPDX
+
+COPY --from=openssl-builder $OPENSSL_INSTALL_PATH_PREFIX $OPENSSL_INSTALL_PATH_PREFIX
+COPY <<ERLANG_SPDX /opt/erlang/erlang.spdx.json
+{{
+	{
+		spdxVersion: "SPDX-2.3",
+		SPDXID: "SPDXRef-DOCUMENT",
+		name: "erlang-sbom",
+		packages: [
 			{
 				name: "erlang",
 				versionInfo: .otp.version,
@@ -267,23 +275,13 @@ RUN mkdir -p /usr/local/share/sbom/ && \
 						referenceLocator: ("pkg:apk/alpine/erlang@" + .otp.version +"?os_name=alpine\u0026os_version=" + .alpine.version)
 					}
 				]
-			},
-			{
-				name: "rabbitmq",
-				versionInfo: .version,
-				SPDXID: "SPDXRef-Package--rabbitmq",
-				externalRefs: [
-					{
-						referenceCategory: "PACKAGE-MANAGER",
-						referenceType: "purl",
-						referenceLocator: ("pkg:github/rabbitmq/rabbitmq-server@" + .version)
-					}
-				]
 			}
 		]
 	} | tostring
 }}
-EOT
+ERLANG_SPDX
+
+ENV PATH $ERLANG_INSTALL_PATH_PREFIX/bin:$OPENSSL_INSTALL_PATH_PREFIX/bin:$PATH
 
 ENV RABBITMQ_DATA_DIR /var/lib/rabbitmq
 
@@ -382,6 +380,30 @@ RUN set -eux; \
 # no stale cookies
 	rm "$RABBITMQ_DATA_DIR/.erlang.cookie"
 
+COPY <<RABBITMQ_SPDX /opt/rabbitmq/rabbitmq.spdx.json
+{{
+	{
+		spdxVersion: "SPDX-2.3",
+		SPDXID: "SPDXRef-DOCUMENT",
+		name: "rabbitmq-sbom",
+		packages: [
+			{
+				name: "rabbitmq",
+				versionInfo: .version,
+				SPDXID: "SPDXRef-Package--rabbitmq",
+				externalRefs: [
+					{
+						referenceCategory: "PACKAGE-MANAGER",
+						referenceType: "purl",
+						referenceLocator: ("pkg:generic/rabbitmq@" + .version + "?os_name=alpine\u0026os_version=" + .alpine.version)
+					}
+				]
+			}
+		]
+	} | tostring
+}}
+RABBITMQ_SPDX
+
 # Enable Prometheus-style metrics by default (https://github.com/docker-library/rabbitmq/issues/419)
 RUN su-exec rabbitmq rabbitmq-plugins enable --offline rabbitmq_prometheus