github.com/CycloneDX/sbom-utility@v0.16.0/test/cyclonedx/cdx-1-3-invalid-spdx-license-id.json (about) 1 { 2 "bomFormat": "CycloneDX", 3 "specVersion": "1.3", 4 "version": 1, 5 "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", 6 "metadata": { 7 "component": { 8 "type": "application", 9 "bom-ref": "pkg:app/sample@1.0.0", 10 "purl": "pkg:app/sample@1.0.0", 11 "name": "ACME Application", 12 "version": "2.0.0", 13 "description": "ACME sample application" 14 } 15 }, 16 "components": [ 17 { 18 "type": "library", 19 "bom-ref": "pkg:lib/component1@1.0.0", 20 "purl": "pkg:lib/component1@1.0.0", 21 "name": "Component 1", 22 "version": "1.0.0", 23 "description": "Component 1 description", 24 "licenses": [ 25 { 26 "license": { 27 "id": "MIT" 28 } 29 } 30 ] 31 }, 32 { 33 "type": "library", 34 "bom-ref": "pkg:lib/component2@1.0.0", 35 "purl": "pkg:lib/component2@1.0.0", 36 "name": "Component 2", 37 "version": "1.0.0", 38 "description": "Component 2 description", 39 "licenses": [ 40 { 41 "license": { 42 "id": "UNKNOWN" 43 } 44 } 45 ] 46 } 47 ] 48 }