github.com/CycloneDX/sbom-utility@v0.16.0/examples/cyclonedx/usecases/cdx-use-case-vulnerability-remediation.json (about)

     1  {
     2        "bomFormat": "CycloneDX",
     3        "specVersion": "1.4",
     4        "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79",
     5        "version": 1,
     6        "components": [
     7            {
     8                "type": "library",
     9                "group": "com.acme",
    10                "name": "sample-library",
    11                "version": "1.0.0",
    12                "pedigree": {
    13                    "ancestors": [
    14                        {
    15                            "type": "library",
    16                            "group": "org.example",
    17                            "name": "sample-library",
    18                            "version": "1.0.0"
    19                        }
    20                    ],
    21                    "commits": [
    22                        {
    23                            "uid": "7638417db6d59f3c431d3e1f261cc637155684cd",
    24                            "url": "https://location/to/7638417db6d59f3c431d3e1f261cc637155684cd",
    25                            "author": {
    26                                "timestamp": "2018-11-13T20:20:39+00:00",
    27                                "name": "John Doe",
    28                                "email": "john.doe@example.com"
    29                            },
    30                            "committer": {
    31                                "timestamp": "2018-11-13T20:20:39+00:00",
    32                                "name": "Jane Doe",
    33                                "email": "jane.doe@example.com"
    34                            },
    35                            "message": "Initial commit"
    36                        }
    37                    ],
    38                    "patches": [
    39                        {
    40                            "type": "backport",
    41                            "diff": {
    42                                "text": {
    43                                    "contentType": "text/plain",
    44                                    "encoding": "base64",
    45                                    "content": "ZXhhbXBsZSBkaWZmIGhlcmU="
    46                                },
    47                                "url": "uri/to/changes.diff"
    48                            },
    49                            "resolves": [
    50                                {
    51                                    "type": "security",
    52                                    "id": "CVE-2019-9997",
    53                                    "name": "CVE-2019-9997",
    54                                    "description": "Issue description here",
    55                                    "source": {
    56                                        "name": "NVD",
    57                                        "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-9997"
    58                                    },
    59                                    "references": [
    60                                        "http://some/other/site-1",
    61                                        "http://some/other/site-2"
    62                                    ]
    63                                }
    64                            ]
    65                        }
    66                    ]
    67                }
    68            }
    69        ]
    70    }