github.com/CycloneDX/sbom-utility@v0.16.0/examples/cyclonedx/usecases/cdx-use-case-vulnerability-remediation.json (about) 1 { 2 "bomFormat": "CycloneDX", 3 "specVersion": "1.4", 4 "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", 5 "version": 1, 6 "components": [ 7 { 8 "type": "library", 9 "group": "com.acme", 10 "name": "sample-library", 11 "version": "1.0.0", 12 "pedigree": { 13 "ancestors": [ 14 { 15 "type": "library", 16 "group": "org.example", 17 "name": "sample-library", 18 "version": "1.0.0" 19 } 20 ], 21 "commits": [ 22 { 23 "uid": "7638417db6d59f3c431d3e1f261cc637155684cd", 24 "url": "https://location/to/7638417db6d59f3c431d3e1f261cc637155684cd", 25 "author": { 26 "timestamp": "2018-11-13T20:20:39+00:00", 27 "name": "John Doe", 28 "email": "john.doe@example.com" 29 }, 30 "committer": { 31 "timestamp": "2018-11-13T20:20:39+00:00", 32 "name": "Jane Doe", 33 "email": "jane.doe@example.com" 34 }, 35 "message": "Initial commit" 36 } 37 ], 38 "patches": [ 39 { 40 "type": "backport", 41 "diff": { 42 "text": { 43 "contentType": "text/plain", 44 "encoding": "base64", 45 "content": "ZXhhbXBsZSBkaWZmIGhlcmU=" 46 }, 47 "url": "uri/to/changes.diff" 48 }, 49 "resolves": [ 50 { 51 "type": "security", 52 "id": "CVE-2019-9997", 53 "name": "CVE-2019-9997", 54 "description": "Issue description here", 55 "source": { 56 "name": "NVD", 57 "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-9997" 58 }, 59 "references": [ 60 "http://some/other/site-1", 61 "http://some/other/site-2" 62 ] 63 } 64 ] 65 } 66 ] 67 } 68 } 69 ] 70 }