github.com/CycloneDX/sbom-utility@v0.16.0/test/cyclonedx/cdx-1-4-mature-example-1.json (about) 1 { 2 "bomFormat": "CycloneDX", 3 "specVersion": "1.4", 4 "version": 1, 5 "serialNumber": "urn:uuid:1a2b3c4d-1234-abcd-9876-a3b4c5d6e7f9", 6 "externalReferences": [ 7 { 8 "url": "support@example.com", 9 "comment": "Support for questions about SBOM contents", 10 "type": "support" 11 } 12 ], 13 "metadata": { 14 "timestamp": "2022-10-12T19:07:00Z", 15 "properties": [ 16 { 17 "name": "urn:example.com:classification", 18 "value": "This SBOM is Confidential Information. Do not distribute." 19 }, 20 { 21 "name": "urn:example.com:disclaimer", 22 "value": "This SBOM is current as of the date it was generated and is subject to change." 23 } 24 ], 25 "manufacture": { 26 "name": "Example Co.", 27 "url": [ 28 "https://example.com" 29 ], 30 "contact": [ 31 { 32 "email": "contact@example.com" 33 } 34 ] 35 }, 36 "supplier": { 37 "name": "Example Co. Distribution Dept.", 38 "url": [ 39 "https://example.com/software/" 40 ], 41 "contact": [ 42 { 43 "email": "distribution@example.com" 44 } 45 ] 46 }, 47 "component": { 48 "type": "application", 49 "bom-ref": "pkg:oci/example.com/product/application@10.0.4.0", 50 "purl": "pkg:oci/example.com/product/application@10.0.4.0", 51 "name": "Example Application v10.0.4", 52 "description": "Example's Do-It-All application", 53 "version": "10.0.4.0", 54 "licenses": [ 55 { 56 "license": { 57 "id": "Apache-2.0" 58 } 59 } 60 ], 61 "externalReferences": [ 62 { 63 "type": "website", 64 "url": "https://example.com/application" 65 } 66 ], 67 "properties": [ 68 { 69 "name": "urn:example.com:identifier:product", 70 "value": "71C22290D7DB11EBAA175CFD3E629A2A" 71 }, 72 { 73 "name": "urn:example.com:identifier:distribution", 74 "value": "5737-I23" 75 } 76 ], 77 "hashes": [ 78 { 79 "alg": "SHA-1", 80 "content": "1111aaaa2222cccc3333dddd4444eeee5555ffff" 81 } 82 ], 83 "supplier": { 84 "name": "Example Co. Distribution Dept.", 85 "url": [ 86 "https://example.com" 87 ], 88 "contact": [ 89 { 90 "email": "distribution@example.com" 91 } 92 ] 93 }, 94 "publisher": "Example Inc. EMEA" 95 }, 96 "licenses": [ 97 { 98 "license": { 99 "id": "Apache-1.0" 100 } 101 }, 102 { 103 "license": { 104 "id": "Apache-2.0" 105 } 106 }, 107 { 108 "license": { 109 "id": "GPL-3.0-only" 110 } 111 }, 112 { 113 "license": { 114 "id": "MIT" 115 } 116 } 117 ], 118 "tools": [ 119 { 120 "vendor": "SecurityTools.com", 121 "name": "Security Scanner v1.0", 122 "version": "1.0.0-beta.1+0099", 123 "hashes": [ 124 { 125 "alg": "SHA-1", 126 "content": "96b2709e57c9c4e09a6fd66a8fd979844f69f08a" 127 } 128 ] 129 }, 130 { 131 "vendor": "SBOM.com", 132 "name": "SBOM Generator v2.1", 133 "version": "2.1.12", 134 "hashes": [ 135 { 136 "alg": "SHA-1", 137 "content": "96b2709e57c9c4e09a6fd66a8fd979844f69f08a" 138 } 139 ] 140 } 141 ] 142 }, 143 "components": [ 144 { 145 "type": "library", 146 "bom-ref": "pkg:npm/sample@2.0.0", 147 "purl": "pkg:npm/sample@2.0.0", 148 "name": "sample", 149 "version": "2.0.0", 150 "description": "Node.js Sampler package", 151 "licenses": [ 152 { 153 "license": { 154 "id": "MIT" 155 } 156 } 157 ] 158 }, 159 { 160 "type": "library", 161 "bom-ref": "pkg:npm/body-parser@1.19.0", 162 "purl": "pkg:npm/body-parser@1.19.0", 163 "name": "body-parser", 164 "version": "1.19.0", 165 "description": "Node.js body parsing middleware", 166 "licenses": [ 167 { 168 "license": { 169 "id": "MIT" 170 } 171 } 172 ], 173 "hashes": [ 174 { 175 "alg": "SHA-1", 176 "content": "96b2709e57c9c4e09a6fd66a8fd979844f69f08a" 177 } 178 ] 179 } 180 ] 181 }