Last active
February 10, 2023 20:26
-
-
Save schnatterer/e0435f6373fed2baca93b8a962a0b955 to your computer and use it in GitHub Desktop.
Example CycloneDX BOM generated with trivy for testing with Sonatype BOMDr
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
{ | |
"bomFormat": "CycloneDX", | |
"specVersion": "1.4", | |
"serialNumber": "urn:uuid:e0fe7df7-1203-4fd9-b7cc-35d9d6f5c2f7", | |
"version": 1, | |
"metadata": { | |
"timestamp": "2023-02-09T07:54:36+00:00", | |
"tools": [ | |
{ | |
"vendor": "aquasecurity", | |
"name": "trivy", | |
"version": "0.37.1" | |
} | |
], | |
"component": { | |
"bom-ref": "pkg:oci/cert-manager-controller@sha256:51027a4cc4d30e197e3506daf3a4fa2d2a0bc2826469f8a87848dfd279e031c0?repository_url=quay.io%2Fjetstack%2Fcert-manager-controller\u0026arch=amd64", | |
"type": "container", | |
"name": "quay.io/jetstack/cert-manager-controller:v1.7.1", | |
"purl": "pkg:oci/cert-manager-controller@sha256:51027a4cc4d30e197e3506daf3a4fa2d2a0bc2826469f8a87848dfd279e031c0?repository_url=quay.io%2Fjetstack%2Fcert-manager-controller\u0026arch=amd64", | |
"properties": [ | |
{ | |
"name": "aquasecurity:trivy:SchemaVersion", | |
"value": "2" | |
}, | |
{ | |
"name": "aquasecurity:trivy:ImageID", | |
"value": "sha256:db7725ef729d74e24d51c93f831fa69b22747e67507f6bc2d7c981d16920ff35" | |
}, | |
{ | |
"name": "aquasecurity:trivy:RepoDigest", | |
"value": "quay.io/jetstack/cert-manager-controller@sha256:51027a4cc4d30e197e3506daf3a4fa2d2a0bc2826469f8a87848dfd279e031c0" | |
}, | |
{ | |
"name": "aquasecurity:trivy:DiffID", | |
"value": "sha256:5b1fa8e3e100361047c8bcd5553ab6329b9c713c1d4eb87a646760329cea5b3a" | |
}, | |
{ | |
"name": "aquasecurity:trivy:DiffID", | |
"value": "sha256:e789a7a75905ff6c380a5d4e7a442d35b9de7e65c2bd844ce96fe7c1a1a63cb5" | |
}, | |
{ | |
"name": "aquasecurity:trivy:DiffID", | |
"value": "sha256:0948492e0a032fc5e83caab2c51722fbba7a3e0efb8194315052d924f2bc4f79" | |
}, | |
{ | |
"name": "aquasecurity:trivy:RepoTag", | |
"value": "quay.io/jetstack/cert-manager-controller:v1.7.1" | |
} | |
] | |
} | |
}, | |
"components": [ | |
{ | |
"bom-ref": "pkg:deb/debian/base-files@11.1+deb11u2?distro=debian-11.2", | |
"type": "library", | |
"name": "base-files", | |
"version": "11.1+deb11u2", | |
"licenses": [ | |
{ | |
"expression": "GPL-3.0" | |
} | |
], | |
"purl": "pkg:deb/debian/base-files@11.1+deb11u2?distro=debian-11.2", | |
"properties": [ | |
{ | |
"name": "aquasecurity:trivy:PkgID", | |
"value": "base-files@11.1+deb11u2" | |
}, | |
{ | |
"name": "aquasecurity:trivy:PkgType", | |
"value": "debian" | |
}, | |
{ | |
"name": "aquasecurity:trivy:SrcName", | |
"value": "base-files" | |
}, | |
{ | |
"name": "aquasecurity:trivy:SrcVersion", | |
"value": "11.1+deb11u2" | |
}, | |
{ | |
"name": "aquasecurity:trivy:LayerDigest", | |
"value": "sha256:2df365faf0e3007f983fadd7a65ba51d41b488eb2ed8fc70f4bf97043cfea560" | |
}, | |
{ | |
"name": "aquasecurity:trivy:LayerDiffID", | |
"value": "sha256:5b1fa8e3e100361047c8bcd5553ab6329b9c713c1d4eb87a646760329cea5b3a" | |
} | |
] | |
}, | |
{ | |
"bom-ref": "pkg:deb/debian/netbase@6.3?distro=debian-11.2", | |
"type": "library", | |
"name": "netbase", | |
"version": "6.3", | |
"licenses": [ | |
{ | |
"expression": "GPL-2.0" | |
} | |
], | |
"purl": "pkg:deb/debian/netbase@6.3?distro=debian-11.2", | |
"properties": [ | |
{ | |
"name": "aquasecurity:trivy:PkgID", | |
"value": "netbase@6.3" | |
}, | |
{ | |
"name": "aquasecurity:trivy:PkgType", | |
"value": "debian" | |
}, | |
{ | |
"name": "aquasecurity:trivy:SrcName", | |
"value": "netbase" | |
}, | |
{ | |
"name": "aquasecurity:trivy:SrcVersion", | |
"value": "6.3" | |
}, | |
{ | |
"name": "aquasecurity:trivy:LayerDigest", | |
"value": "sha256:2df365faf0e3007f983fadd7a65ba51d41b488eb2ed8fc70f4bf97043cfea560" | |
}, | |
{ | |
"name": "aquasecurity:trivy:LayerDiffID", | |
"value": "sha256:5b1fa8e3e100361047c8bcd5553ab6329b9c713c1d4eb87a646760329cea5b3a" | |
} | |
] | |
}, | |
{ | |
"bom-ref": "pkg:deb/debian/tzdata@2021a-1+deb11u2?distro=debian-11.2", | |
"type": "library", | |
"name": "tzdata", | |
"version": "2021a-1+deb11u2", | |
"purl": "pkg:deb/debian/tzdata@2021a-1+deb11u2?distro=debian-11.2", | |
"properties": [ | |
{ | |
"name": "aquasecurity:trivy:PkgID", | |
"value": "tzdata@2021a-1+deb11u2" | |
}, | |
{ | |
"name": "aquasecurity:trivy:PkgType", | |
"value": "debian" | |
}, | |
{ | |
"name": "aquasecurity:trivy:SrcName", | |
"value": "tzdata" | |
}, | |
{ | |
"name": "aquasecurity:trivy:SrcVersion", | |
"value": "2021a-1+deb11u2" | |
}, | |
{ | |
"name": "aquasecurity:trivy:LayerDigest", | |
"value": "sha256:2df365faf0e3007f983fadd7a65ba51d41b488eb2ed8fc70f4bf97043cfea560" | |
}, | |
{ | |
"name": "aquasecurity:trivy:LayerDiffID", | |
"value": "sha256:5b1fa8e3e100361047c8bcd5553ab6329b9c713c1d4eb87a646760329cea5b3a" | |
} | |
] | |
}, | |
{ | |
"bom-ref": "99a9c11c-e789-469c-a4f4-fce70f8ae3ed", | |
"type": "operating-system", | |
"name": "debian", | |
"version": "11.2", | |
"properties": [ | |
{ | |
"name": "aquasecurity:trivy:Type", | |
"value": "debian" | |
}, | |
{ | |
"name": "aquasecurity:trivy:Class", | |
"value": "os-pkgs" | |
} | |
] | |
} | |
], | |
"dependencies": [ | |
{ | |
"ref": "99a9c11c-e789-469c-a4f4-fce70f8ae3ed", | |
"dependsOn": [ | |
"pkg:deb/debian/base-files@11.1+deb11u2?distro=debian-11.2", | |
"pkg:deb/debian/netbase@6.3?distro=debian-11.2", | |
"pkg:deb/debian/tzdata@2021a-1+deb11u2?distro=debian-11.2" | |
] | |
}, | |
{ | |
"ref": "pkg:oci/cert-manager-controller@sha256:51027a4cc4d30e197e3506daf3a4fa2d2a0bc2826469f8a87848dfd279e031c0?repository_url=quay.io%2Fjetstack%2Fcert-manager-controller\u0026arch=amd64", | |
"dependsOn": [ | |
"99a9c11c-e789-469c-a4f4-fce70f8ae3ed" | |
] | |
} | |
], | |
"vulnerabilities": [] | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Created with