github.com/ouraigua/jenkins-library@v0.0.0-20231028010029-fbeaf2f3aa9b/pkg/whitesource/testdata/sbom.golden (about) 1 <?xml version="1.0" encoding="UTF-8"?> 2 <bom xmlns="http://cyclonedx.org/schema/bom/1.4" version="1"> 3 <metadata> 4 <component bom-ref="pkg:maven/com.sap/myproduct@1.3.4" type="library"> 5 <group>com.sap</group> 6 <name>myproduct</name> 7 <version>1.3.4</version> 8 <purl>pkg:maven/com.sap/myproduct@1.3.4</purl> 9 </component> 10 <properties> 11 <property name="internal:ws-product-identifier">productToken-123</property> 12 <property name="internal:ws-project-identifier">projectToken-567</property> 13 </properties> 14 </metadata> 15 <components> 16 <component bom-ref="pkg:maven/apache-commons/commons-lang@2.4.30" type="library"> 17 <author>apache-commons</author> 18 <name>commons-lang</name> 19 <version>2.4.30</version> 20 <hashes> 21 <hash alg="SHA-1"></hash> 22 </hashes> 23 <purl>pkg:maven/apache-commons/commons-lang@2.4.30</purl> 24 </component> 25 <component bom-ref="pkg:maven/apache-commons/commons-lang@3.15" type="library"> 26 <author>apache-commons</author> 27 <name>commons-lang</name> 28 <version>3.15</version> 29 <hashes> 30 <hash alg="SHA-1"></hash> 31 </hashes> 32 <purl>pkg:maven/apache-commons/commons-lang@3.15</purl> 33 </component> 34 <component bom-ref="pkg:maven/apache-logging/log4j@1.14" type="library"> 35 <author>apache-logging</author> 36 <name>log4j</name> 37 <version>1.14</version> 38 <hashes> 39 <hash alg="SHA-1"></hash> 40 </hashes> 41 <purl>pkg:maven/apache-logging/log4j@1.14</purl> 42 </component> 43 <component bom-ref="pkg:maven/apache-logging/log4j@3.25" type="library"> 44 <author>apache-logging</author> 45 <name>log4j</name> 46 <version>3.25</version> 47 <hashes> 48 <hash alg="SHA-1"></hash> 49 </hashes> 50 <purl>pkg:maven/apache-logging/log4j@3.25</purl> 51 </component> 52 </components> 53 <dependencies> 54 <dependency ref="pkg:maven/apache-logging/log4j@1.14"> 55 <dependency ref="pkg:maven/apache-commons/commons-lang@2.4.30"></dependency> 56 </dependency> 57 <dependency ref="pkg:maven/apache-logging/log4j@3.25"> 58 <dependency ref="pkg:maven/apache-commons/commons-lang@3.15"></dependency> 59 </dependency> 60 <dependency ref="pkg:maven/com.sap/myproduct@1.3.4"> 61 <dependency ref="pkg:maven/apache-logging/log4j@1.14"></dependency> 62 <dependency ref="pkg:maven/apache-logging/log4j@3.25"></dependency> 63 </dependency> 64 </dependencies> 65 <vulnerabilities> 66 <vulnerability bom-ref="pkg:maven/apache-logging/log4j@1.14"> 67 <id>CVE-2022-001</id> 68 <source></source> 69 <references></references> 70 <ratings> 71 <rating> 72 <score>7</score> 73 <severity>high</severity> 74 <method>CVSSv3</method> 75 </rating> 76 <rating> 77 <score>6</score> 78 <severity>medium</severity> 79 <method>CVSSv2</method> 80 </rating> 81 </ratings> 82 <advisories></advisories> 83 <published>01.01.2022</published> 84 <tools> 85 <tool> 86 <vendor>Mend</vendor> 87 <name>Mend Unified Agent</name> 88 <version>3.3.3</version> 89 <externalReferences> 90 <reference type="build-meta"> 91 <url>https://www.mend.io/</url> 92 </reference> 93 </externalReferences> 94 </tool> 95 </tools> 96 <affects> 97 <target> 98 <ref>pkg:maven/apache-logging/log4j@1.14</ref> 99 <versions> 100 <version> 101 <version>1.14</version> 102 <status></status> 103 </version> 104 </versions> 105 </target> 106 </affects> 107 </vulnerability> 108 <vulnerability bom-ref="pkg:maven/apache-commons/commons-lang@2.4.30"> 109 <id>CVE-2022-002</id> 110 <source></source> 111 <references></references> 112 <ratings> 113 <rating> 114 <score>8</score> 115 <severity>high</severity> 116 <method>CVSSv3</method> 117 </rating> 118 <rating> 119 <score>0</score> 120 <severity>none</severity> 121 <method>CVSSv2</method> 122 </rating> 123 </ratings> 124 <advisories></advisories> 125 <published>02.01.2022</published> 126 <tools> 127 <tool> 128 <vendor>Mend</vendor> 129 <name>Mend Unified Agent</name> 130 <version>3.3.3</version> 131 <externalReferences> 132 <reference type="build-meta"> 133 <url>https://www.mend.io/</url> 134 </reference> 135 </externalReferences> 136 </tool> 137 </tools> 138 <affects> 139 <target> 140 <ref>pkg:maven/apache-commons/commons-lang@2.4.30</ref> 141 <versions> 142 <version> 143 <version>2.4.30</version> 144 <status></status> 145 </version> 146 </versions> 147 </target> 148 </affects> 149 </vulnerability> 150 <vulnerability bom-ref="pkg:maven/apache-logging/log4j@3.25"> 151 <id>CVE-2022-003</id> 152 <source></source> 153 <references></references> 154 <ratings> 155 <rating> 156 <score>0</score> 157 <severity>none</severity> 158 <method>CVSSv3</method> 159 </rating> 160 <rating> 161 <score>6</score> 162 <severity>medium</severity> 163 <method>CVSSv2</method> 164 </rating> 165 </ratings> 166 <advisories></advisories> 167 <published>03.01.2022</published> 168 <tools> 169 <tool> 170 <vendor>Mend</vendor> 171 <name>Mend Unified Agent</name> 172 <version>3.3.3</version> 173 <externalReferences> 174 <reference type="build-meta"> 175 <url>https://www.mend.io/</url> 176 </reference> 177 </externalReferences> 178 </tool> 179 </tools> 180 <affects> 181 <target> 182 <ref>pkg:maven/apache-logging/log4j@3.25</ref> 183 <versions> 184 <version> 185 <version>3.25</version> 186 <status></status> 187 </version> 188 </versions> 189 </target> 190 </affects> 191 </vulnerability> 192 </vulnerabilities> 193 </bom>