github.com/CycloneDX/sbom-utility@v0.16.0/test/cyclonedx/1.6/specification/valid-saasbom-1.6.json (about) 1 { 2 "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", 3 "bomFormat": "CycloneDX", 4 "specVersion": "1.6", 5 "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", 6 "version": 1, 7 "metadata": { 8 "timestamp": "2021-01-10T12:00:00Z", 9 "component": { 10 "bom-ref": "acme-stock-application", 11 "type": "application", 12 "name": "Acme SaaSBOM Example", 13 "version": "2022-1" 14 } 15 }, 16 "services": [ 17 { 18 "bom-ref": "stock-ticker-service", 19 "provider": { 20 "name": "Acme Inc", 21 "url": [ "https://example.com" ] 22 }, 23 "group": "com.example", 24 "name": "Stock Ticker Service", 25 "version": "2022-1", 26 "endpoints": [ 27 "https://example.com/", 28 "https://example.com/app" 29 ], 30 "authenticated": true, 31 "trustZone": "Acme Public Zone", 32 "data": [ 33 { 34 "name": "Consumer to Stock Service", 35 "description": "Traffic to/from consumer to service", 36 "classification": "Customer", 37 "flow": "bi-directional", 38 "source": [ 39 "https://0.0.0.0" 40 ], 41 "destination": [ 42 "https://0.0.0.0" 43 ] 44 }, 45 { 46 "name": "Stock Service to MS-1", 47 "description": "Traffic to/from stock service to microservice-1", 48 "classification": "PII", 49 "flow": "bi-directional", 50 "source": [ 51 "urn:cdx:3e671687-395b-41f5-a30f-a58921a69b79/1#ms-1.example.com" 52 ], 53 "destination": [ 54 "urn:cdx:3e671687-395b-41f5-a30f-a58921a69b79/1#ms-1.example.com" 55 ] 56 }, 57 { 58 "name": "Stock Service to MS-2", 59 "description": "Traffic to/from stock service to microservice-2", 60 "classification": "PIFI", 61 "flow": "bi-directional", 62 "source": [ 63 "urn:cdx:3e671687-395b-41f5-a30f-a58921a69b79/1#ms-2.example.com" 64 ], 65 "destination": [ 66 "urn:cdx:3e671687-395b-41f5-a30f-a58921a69b79/1#ms-2.example.com" 67 ] 68 }, 69 { 70 "name": "Stock Service to MS-3", 71 "description": "Traffic to/from stock service to microservice-3", 72 "classification": "Public", 73 "flow": "bi-directional", 74 "source": [ 75 "urn:cdx:3e671687-395b-41f5-a30f-a58921a69b79/1#ms-3.example.com" 76 ], 77 "destination": [ 78 "urn:cdx:3e671687-395b-41f5-a30f-a58921a69b79/1#ms-3.example.com" 79 ] 80 } 81 ], 82 "externalReferences": [ 83 { 84 "type": "documentation", 85 "url": "https://example.com/app/swagger" 86 } 87 ], 88 "services": [ 89 { 90 "bom-ref": "ms-1.example.com", 91 "provider": { 92 "name": "Acme Inc", 93 "url": [ "https://example.com" ] 94 }, 95 "group": "com.example", 96 "name": "Microservice 1", 97 "version": "2022-1", 98 "description": "Example Microservice", 99 "endpoints": [ 100 "https://ms-1.example.com" 101 ], 102 "authenticated": true, 103 "trustZone": "Acme Private Zone", 104 "data": [ 105 { 106 "name": "Stock Service to MS-1", 107 "description": "Traffic to/from stock service to microservice-1", 108 "classification": "PII", 109 "flow": "bi-directional", 110 "governance": { 111 "owners": [ 112 { 113 "organization": { 114 "name": "Customer Name" 115 } 116 } 117 ] 118 }, 119 "source": [ 120 "urn:cdx:3e671687-395b-41f5-a30f-a58921a69b79/1#stock-ticker-service" 121 ], 122 "destination": [ 123 "urn:cdx:3e671687-395b-41f5-a30f-a58921a69b79/1#stock-ticker-service" 124 ] 125 }, 126 { 127 "name": "MS-1 to Database", 128 "description": "Traffic to/from microservice-1 to database", 129 "classification": "PII", 130 "flow": "bi-directional", 131 "source": [ 132 "urn:cdx:3e671687-395b-41f5-a30f-a58921a69b79/1#ms-1-pgsql.example.com" 133 ], 134 "destination": [ 135 "urn:cdx:3e671687-395b-41f5-a30f-a58921a69b79/1#ms-1-pgsql.example.com" 136 ] 137 } 138 ], 139 "externalReferences": [ 140 { 141 "type": "documentation", 142 "url": "https://ms-1.example.com/swagger" 143 } 144 ] 145 }, 146 { 147 "bom-ref": "ms-2.example.com", 148 "provider": { 149 "name": "Acme Inc", 150 "url": [ "https://example.com" ] 151 }, 152 "group": "com.example", 153 "name": "Microservice 2", 154 "version": "2022-1", 155 "description": "Example Microservice", 156 "endpoints": [ 157 "https://ms-2.example.com" 158 ], 159 "authenticated": true, 160 "trustZone": "Acme Private Zone", 161 "data": [ 162 { 163 "name": "Stock Service to MS-2", 164 "description": "Traffic to/from stock service to microservice-2", 165 "classification": "PIFI", 166 "flow": "bi-directional", 167 "source": [ 168 "urn:cdx:3e671687-395b-41f5-a30f-a58921a69b79/1#stock-ticker-service" 169 ], 170 "destination": [ 171 "urn:cdx:3e671687-395b-41f5-a30f-a58921a69b79/1#stock-ticker-service" 172 ] 173 } 174 ], 175 "externalReferences": [ 176 { 177 "type": "documentation", 178 "url": "https://ms-2.example.com/swagger" 179 } 180 ] 181 }, 182 { 183 "bom-ref": "ms-3.example.com", 184 "provider": { 185 "name": "Acme Inc", 186 "url": [ "https://example.com" ] 187 }, 188 "group": "com.example", 189 "name": "Microservice 3", 190 "version": "2022-1", 191 "description": "Example Microservice", 192 "endpoints": [ 193 "https://ms-3.example.com" 194 ], 195 "authenticated": true, 196 "trustZone": "Acme Private Zone", 197 "data": [ 198 { 199 "name": "Stock Service to MS-3", 200 "description": "Traffic to/from stock service to microservice-3", 201 "classification": "Public", 202 "flow": "bi-directional", 203 "source": [ 204 "urn:cdx:3e671687-395b-41f5-a30f-a58921a69b79/1#stock-ticker-service" 205 ], 206 "destination": [ 207 "urn:cdx:3e671687-395b-41f5-a30f-a58921a69b79/1#stock-ticker-service" 208 ] 209 }, 210 { 211 "name": "MS-3 to S3", 212 "description": "Data pushed from microservice-3 to S3 bucket", 213 "classification": "Public", 214 "flow": "outbound", 215 "destination": [ 216 "urn:cdx:3e671687-395b-41f5-a30f-a58921a69b79/1#s3-example.amazon.com" 217 ] 218 } 219 ], 220 "externalReferences": [ 221 { 222 "type": "documentation", 223 "url": "https://ms-3.example.com/swagger" 224 } 225 ] 226 }, 227 { 228 "bom-ref": "ms-1-pgsql.example.com", 229 "group": "org.postgresql", 230 "name": "Postgres", 231 "version": "14.1", 232 "description": "Postgres database for Microservice #1", 233 "endpoints": [ 234 "https://ms-1-pgsql.example.com:5432" 235 ], 236 "authenticated": true, 237 "trustZone": "Acme Private Zone", 238 "data": [ 239 { 240 "name": "MS-1 to Database", 241 "description": "Traffic to/from microservice-1 to database", 242 "classification": "PII", 243 "flow": "bi-directional", 244 "source": [ 245 "urn:cdx:3e671687-395b-41f5-a30f-a58921a69b79/1#ms-1.example.com" 246 ], 247 "destination": [ 248 "urn:cdx:3e671687-395b-41f5-a30f-a58921a69b79/1#ms-1.example.com" 249 ] 250 } 251 ] 252 }, 253 { 254 "bom-ref": "s3-example.amazon.com", 255 "group": "com.amazon", 256 "name": "S3", 257 "description": "S3 bucket", 258 "endpoints": [ 259 "https://s3-example.amazon.com" 260 ], 261 "authenticated": true, 262 "trustZone": "Public Internet", 263 "data": [ 264 { 265 "name": "MS-3 to S3", 266 "description": "Data pushed from microservice-3 to S3 bucket", 267 "classification": "Public", 268 "flow": "inbound", 269 "source": [ 270 "urn:cdx:3e671687-395b-41f5-a30f-a58921a69b79/1#ms-3.example.com" 271 ] 272 } 273 ] 274 } 275 ] 276 } 277 ], 278 "dependencies": [ 279 { 280 "ref": "acme-stock-application", 281 "dependsOn": [ "stock-ticker-service" ] 282 }, 283 { 284 "ref": "stock-ticker-service", 285 "dependsOn": [ 286 "ms-1.example.com", 287 "ms-2.example.com", 288 "ms-3.example.com" 289 ] 290 }, 291 { 292 "ref": "ms-1.example.com", 293 "dependsOn": [ "ms-1-pgsql.example.com" ] 294 }, 295 { 296 "ref": "ms-2.example.com", 297 "dependsOn": [ ] 298 }, 299 { 300 "ref": "ms-3.example.com", 301 "dependsOn": [ "s3-example.amazon.com" ] 302 } 303 ] 304 }