github.com/CycloneDX/sbom-utility@v0.16.0/test/cyclonedx/cdx-1-3-license-list-no-attachment.json (about) 1 { 2 "bomFormat": "CycloneDX", 3 "specVersion": "1.3", 4 "version": 1, 5 "serialNumber": "urn:uuid:1a2b3c4d-1234-abcd-9876-a3b4c5d6e7e0", 6 "metadata": { 7 "component": { 8 "type": "application", 9 "bom-ref": "pkg:app/sample@1.0.0", 10 "purl": "pkg:app/sample@1.0.0", 11 "name": "ACME Application", 12 "version": "2.0.0", 13 "description": "ACME sample application", 14 "licenses": [ 15 { 16 "license": { 17 "id": "MIT" 18 } 19 }, 20 { 21 "license": { 22 "name": "UFL" 23 } 24 }, 25 { 26 "expression": "Apache-2.0 AND (MIT OR BSD-2-Clause)" 27 }, 28 { 29 "license": { 30 "name": "Apache 2 variant", 31 "text": { 32 "contentType": "text/plain", 33 "encoding": "base64", 34 "content": "CiAgICAgICAgICAgICA..." 35 }, 36 "url": "https://www.apache.org/licenses/LICENSE-2.0-variant.txt" 37 } 38 }, 39 { 40 "license": { 41 "name": "Apache 2 variant 2", 42 "text": { 43 "encoding": "base64", 44 "content": "B0aGUgTGljZW5zZS4=..." 45 }, 46 "url": "https://www.apache.org/licenses/LICENSE-2.0-variant-2.txt" 47 } 48 } 49 ] 50 } 51 } 52 }