github.com/CycloneDX/sbom-utility@v0.16.0/test/cyclonedx/1.6/specification/valid-attestation-1.6.json (about) 1 { 2 "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", 3 "bomFormat": "CycloneDX", 4 "specVersion": "1.6", 5 "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", 6 "version": 1, 7 "declarations": { 8 "assessors": [ 9 { 10 "bom-ref": "assessor-1", 11 "thirdParty": true, 12 "organization": { 13 "name": "Assessors Inc" 14 } 15 } 16 ], 17 "attestations": [ 18 { 19 "summary": "Attestation summary here", 20 "assessor": "assessor-1", 21 "map": [ 22 { 23 "requirement": "requirement-1", 24 "claims": [ "claim-1" ], 25 "counterClaims": [ "counterClaim-1" ], 26 "conformance": { 27 "score": 0.8, 28 "rationale": "Conformance rationale here", 29 "mitigationStrategies": [ "mitigationStrategy-1" ] 30 }, 31 "confidence": { 32 "score": 1, 33 "rationale": "Confidence rationale here" 34 } 35 } 36 ], 37 "signature": { 38 "algorithm": "ES256", 39 "certificatePath": [ "MIIB...", "MIID..." ], 40 "value": "tqIT..." 41 } 42 } 43 ], 44 "claims": [ 45 { 46 "bom-ref": "claim-1", 47 "target": "acme-inc", 48 "predicate": "Predicate here", 49 "mitigationStrategies": [ "mitigationStrategy-1" ], 50 "reasoning": "Reasoning here", 51 "evidence": [ "evidence-1" ], 52 "counterEvidence": [ "counterEvidence-1" ], 53 "externalReferences": [ 54 { 55 "type": "issue-tracker", 56 "url": "https://alm.example.com" 57 } 58 ], 59 "signature": { 60 "algorithm": "ES256", 61 "certificatePath": [ "MIIB...", "MIID..." ], 62 "value": "tqIT..." 63 } 64 } 65 ], 66 "evidence": [ 67 { 68 "bom-ref": "evidence-1", 69 "propertyName": "internal.com.acme.someProperty", 70 "description": "Description here", 71 "data": [ 72 { 73 "name": "Name of the data", 74 "contents": { 75 "attachment": { 76 "content": "Evidence here", 77 "contentType": "text/plain" 78 } 79 }, 80 "classification": "PII", 81 "sensitiveData": [ "Describe sensitive data here" ] 82 } 83 ], 84 "created": "2023-04-25T00:00:00+00:00", 85 "expires": "2023-05-25T00:00:00+00:00", 86 "author": { 87 "name": "Mary" 88 }, 89 "reviewer": { 90 "name": "Jane" 91 }, 92 "signature": { 93 "algorithm": "ES256", 94 "certificatePath": [ "MIIB...", "MIID..." ], 95 "value": "tqIT..." 96 } 97 }, 98 { 99 "bom-ref": "counterEvidence-1", 100 "propertyName": "internal.com.acme.someProperty", 101 "description": "Description here", 102 "data": [ 103 { 104 "name": "Name of the data", 105 "contents": { 106 "attachment": { 107 "content": "Counter evidence here", 108 "contentType": "text/plain" 109 } 110 }, 111 "classification": "Public", 112 "sensitiveData": [ "Describe sensitive data here" ] 113 } 114 ], 115 "created": "2023-04-25T00:00:00+00:00", 116 "expires": "2023-05-25T00:00:00+00:00", 117 "author": { 118 "name": "Mary" 119 }, 120 "reviewer": { 121 "name": "Jane" 122 }, 123 "signature": { 124 "algorithm": "ES256", 125 "certificatePath": [ "MIIB...", "MIID..." ], 126 "value": "tqIT..." 127 } 128 }, 129 { 130 "bom-ref": "mitigationStrategy-1", 131 "propertyName": "internal.com.acme.someProperty", 132 "description": "Description here", 133 "data": [ 134 { 135 "name": "Name of the data", 136 "contents": { 137 "attachment": { 138 "content": "Mitigation strategy here", 139 "contentType": "text/plain" 140 } 141 }, 142 "classification": "Company Confidential", 143 "sensitiveData": [ "Describe sensitive data here" ] 144 } 145 ], 146 "created": "2023-04-25T00:00:00+00:00", 147 "expires": "2023-05-25T00:00:00+00:00", 148 "author": { 149 "name": "Mary" 150 }, 151 "reviewer": { 152 "name": "Jane" 153 }, 154 "signature": { 155 "algorithm": "ES256", 156 "certificatePath": [ "MIIB...", "MIID..." ], 157 "value": "tqIT..." 158 } 159 } 160 ], 161 "targets": { 162 "organizations": [ 163 { 164 "bom-ref": "acme-inc", 165 "name": "Acme Inc" 166 } 167 ] 168 }, 169 "affirmation": { 170 "statement": "I certify, to the best of my knowledge, that all information is correct...", 171 "signatories": [ 172 { 173 "name": "Tom", 174 "role": "CEO", 175 "signature": { 176 "algorithm": "ES256", 177 "certificatePath": [ "MIIB...", "MIID..." ], 178 "value": "tqIT..." 179 } 180 }, 181 { 182 "name": "Jerry", 183 "role": "COO", 184 "organization": { 185 "name": "Acme Inc" 186 }, 187 "externalReference": { 188 "type": "electronic-signature", 189 "url": "https://example.com/coo-sig.png" 190 } 191 } 192 ], 193 "signature": { 194 "algorithm": "ES256", 195 "certificatePath": [ "MIIB...", "MIID..." ], 196 "value": "tqIT..." 197 } 198 }, 199 "signature": { 200 "algorithm": "ES256", 201 "certificatePath": [ "MIIB...", "MIID..." ], 202 "value": "tqIT..." 203 } 204 }, 205 "signature": { 206 "algorithm": "ES256", 207 "certificatePath": [ "MIIB...", "MIID..." ], 208 "value": "tqIT..." 209 } 210 }