I am working on a software bill of materials project for an automotive ECU that uses a QNX operating system.

Does QNX publish, or make available upon request, a mapping between its internal package identifiers and the name, 
version, and upstream source for open source software components?

For example, the QNX 7.0 SDP offers an OpenSSL package. The name and QNX version are: QNX® SDP 7.0 Networking - OpenSSL
 / 7.0 BuildID 5426 - September 24, 2019. The one I happen to be looking at has a package ID of com.qnx.sdp.target.net.
openssl/7.0.5426.S201909241315. I can find approximate versions of OpenSSL by digging through the provided release notes
 at https://www.qnx.com/developers/articles/rel_6726_0.html. I might also be able to fish out more specific version 
information by looking at strings in the OpenSSL shared libraries, but this is labor-intensive and error prone.

Is there a way for me to get a simple mapping of QNX package ID --> OSS project name / upstream source / upstream 
version from QNX?

Karl