github.com/CycloneDX/sbom-utility@v0.16.0/test/cyclonedx/cdx-1-3-invalid-spdx-license-id.json

{
      "bomFormat": "CycloneDX",
      "specVersion": "1.3",
      "version": 1,
      "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79",
      "metadata": {
            "component": {
                  "type": "application",
                  "bom-ref": "pkg:app/sample@1.0.0",
                  "purl": "pkg:app/sample@1.0.0",
                  "name": "ACME Application",
                  "version": "2.0.0",
                  "description": "ACME sample application"
            }
      },
      "components": [
            {
                  "type": "library",
                  "bom-ref": "pkg:lib/component1@1.0.0",
                  "purl": "pkg:lib/component1@1.0.0",
                  "name": "Component 1",
                  "version": "1.0.0",
                  "description": "Component 1 description",
                  "licenses": [
                        {
                              "license": {
                                    "id": "MIT"
                              }
                        }
                  ]
            },
            {
                  "type": "library",
                  "bom-ref": "pkg:lib/component2@1.0.0",
                  "purl": "pkg:lib/component2@1.0.0",
                  "name": "Component 2",
                  "version": "1.0.0",
                  "description": "Component 2 description",
                  "licenses": [
                        {
                              "license": {
                                    "id": "UNKNOWN"
                              }
                        }
                  ]
            }
      ]
}