Skip to content

Commit 9304d90

Browse files
stevespringettstevespringett
committed
Updated examples - only including one - for v1.1
1 parent d48c756 commit 9304d90

5 files changed

Lines changed: 176 additions & 300 deletions

File tree

examples/1.1-draft/bom.xml

Lines changed: 0 additions & 105 deletions
This file was deleted.

examples/application-bom/bom.xml

Lines changed: 0 additions & 69 deletions
This file was deleted.

examples/bom.xml

Lines changed: 176 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,176 @@
1+
<?xml version="1.0"?>
2+
<bom serialNumber="urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79" version="1" xmlns="http://cyclonedx.org/schema/bom/1.1">
3+
<components>
4+
<component type="library">
5+
<publisher>Acme Inc</publisher>
6+
<group>com.acme</group>
7+
<name>tomcat-catalina</name>
8+
<version>9.0.14</version>
9+
<hashes>
10+
<hash alg="MD5">3942447fac867ae5cdb3229b658f4d48</hash>
11+
<hash alg="SHA-1">e6b1000b94e835ffd37f4c6dcbdad43f4b48a02a</hash>
12+
<hash alg="SHA-256">f498a8ff2dd007e29c2074f5e4b01a9a01775c3ff3aeaf6906ea503bc5791b7b</hash>
13+
<hash alg="SHA-512">e8f33e424f3f4ed6db76a482fde1a5298970e442c531729119e37991884bdffab4f9426b7ee11fccd074eeda0634d71697d6f88a460dce0ac8d627a29f7d1282</hash>
14+
</hashes>
15+
<licenses>
16+
<license>
17+
<id>Apache-2.0</id>
18+
</license>
19+
</licenses>
20+
<purl>pkg:maven/com.acme/tomcat-catalina@9.0.14?packaging=jar</purl>
21+
<pedigree>
22+
<ancestors>
23+
<component type="library">
24+
<publisher>Apache</publisher>
25+
<group>org.apache.tomcat</group>
26+
<name>tomcat-catalina</name>
27+
<version>9.0.14</version>
28+
<licenses>
29+
<license>
30+
<id>Apache-2.0</id>
31+
</license>
32+
</licenses>
33+
<purl>pkg:maven/org.apache.tomcat/tomcat-catalina@9.0.14?packaging=jar</purl>
34+
</component>
35+
</ancestors>
36+
<commits>
37+
<commit>
38+
<uid>7638417db6d59f3c431d3e1f261cc637155684cd</uid>
39+
<url>https://location/to/7638417db6d59f3c431d3e1f261cc637155684cd</url>
40+
<author>
41+
<timestamp>2018-11-07T22:01:45Z</timestamp>
42+
<name>John Doe</name>
43+
<email>jdoe@example.com</email>
44+
</author>
45+
<committer>
46+
<timestamp>2018-11-07T22:01:45Z</timestamp>
47+
<name>John Doe</name>
48+
<email>jdoe@example.com</email>
49+
</committer>
50+
<message>Initial commit</message>
51+
</commit>
52+
</commits>
53+
</pedigree>
54+
</component>
55+
<component type="library">
56+
<group>org.example</group>
57+
<name>mylibrary</name>
58+
<version>1.0.0</version>
59+
<scope>required</scope>
60+
<hashes>
61+
<hash alg="MD5">2342c2eaf1feb9a80195dbaddf2ebaa3</hash>
62+
<hash alg="SHA-1">68b78babe00a053f9e35ec6a2d9080f5b90122b0</hash>
63+
<hash alg="SHA-256">708f1f53b41f11f02d12a11b1a38d2905d47b099afc71a0f1124ef8582ec7313</hash>
64+
<hash alg="SHA-512">387b7ae16b9cae45f830671541539bf544202faae5aac544a93b7b0a04f5f846fa2f4e81ef3f1677e13aed7496408a441f5657ab6d54423e56bf6f38da124aef</hash>
65+
</hashes>
66+
<licenses>
67+
<license>
68+
<id>Apache-2.0</id>
69+
<text content-type="text/xml" encoding="base64">blah</text>
70+
<url>fdaf</url>
71+
</license>
72+
</licenses>
73+
<copyright>Copyright Example Inc. All rights reserved.</copyright>
74+
<cpe>cpe:/a:example:myapplication:1.0.0</cpe>
75+
<purl>pkg:maven/com.example/myapplication@1.0.0?packaging=war</purl>
76+
<modified>false</modified>
77+
</component>
78+
<component type="framework">
79+
<group>com.example</group>
80+
<name>myframework</name>
81+
<version>1.0.0</version>
82+
<description>Example Inc, enterprise framework</description>
83+
<scope>required</scope>
84+
<hashes>
85+
<hash alg="MD5">cfcb0b64aacd2f81c1cd546543de965a</hash>
86+
<hash alg="SHA-1">7fbeef2346c45d565c3341f037bce4e088af8a52</hash>
87+
<hash alg="SHA-256">0384db3cec55d86a6898c489fdb75a8e75fe66b26639634983d2f3c3558493d1</hash>
88+
<hash alg="SHA-512">854909cdb9e3ca183056837144aab6d8069b377bd66445087cc7157bf0c3f620418705dd0b83bdc2f73a508c2bdb316ca1809d75ee6972d02023a3e7dd655c79</hash>
89+
</hashes>
90+
<licenses>
91+
<license>
92+
<id>Apache-2.0</id>
93+
</license>
94+
</licenses>
95+
<purl>pkg:maven/com.example/myframework@1.0.0?packaging=war</purl>
96+
<modified>false</modified>
97+
<externalReferences>
98+
<reference type="website">
99+
<url>http://example.com/myframework</url>
100+
</reference>
101+
<reference type="advisories">
102+
<url>http://example.com/security</url>
103+
</reference>
104+
</externalReferences>
105+
</component>
106+
</components>
107+
<ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
108+
<ds:SignedInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
109+
<ds:CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315" xmlns:ds="http://www.w3.org/2000/09/xmldsig#"/>
110+
<ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256" xmlns:ds="http://www.w3.org/2000/09/xmldsig#"/>
111+
<ds:Reference URI="" xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
112+
<ds:Transforms xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
113+
<ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" xmlns:ds="http://www.w3.org/2000/09/xmldsig#"/>
114+
</ds:Transforms>
115+
<ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256" xmlns:ds="http://www.w3.org/2000/09/xmldsig#"/>
116+
<ds:DigestValue xmlns:ds="http://www.w3.org/2000/09/xmldsig#">PrB8/rofGs34XwIX5OIdYSjV2aKSe5VaztJKBvsgjIk=</ds:DigestValue>
117+
</ds:Reference>
118+
</ds:SignedInfo>
119+
<ds:SignatureValue xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
120+
ePGNg30Zl9CW7RZdcRn8gFCp1AlWncjudA9pQDXyqZOvyj9RC2YtkI688WdfDOdVRZs6mflJFXr7
121+
IKA9wY6jVrEqZmlef55Qp/8iGwOjOjWbwYsm2AhrdkUi9gaFSWEd8uITYHOpWbiPFSsnimiK9+ft
122+
56dkg/oJMLdXzlaukzq9iGkRcafRkW433OQcZIXwD2K8lg4cdD0pNNNqBa+PgIvzbxA5H84TyQDB
123+
HBcQiw/j1edRBJgPOwlqzZDUawOJaFhAPUQ+GGKMetIJH2FqqrHXGuV1NIwnbWTCg40RdOcBdCrl
124+
PDtDVjFh34uZ4dYBpJBIlM4daD2N4B6WPB5iHRyuZTczF2q03ObabuTgkpK6EeadFVqFNsEOOPPt
125+
MDDyda+Lwff5KjvUHvRRtUDIOm2rNIQKzaseulwYcA9UWQHAFcupJmWcLLM4zzY7F/uOdZuSurzh
126+
U6h5kdb76Juepof6ee4Q5YpwNOGNL5JfB4C3sc/Dbbv8dZ8OuXFYSZN7reUGZzCNksByqERPEbAe
127+
n1ldJu1HnRXRQpwaon8Asy9CuNmPfFCfDwOs2B4p4tb+tLNIKFHdRlpd19Zr9vCMCbltXeqq0Cpq
128+
OejSyLYGqSWzzzUh449dJrg6KTevrTNEln5GAlLBFSdjM5JA7KV2u/GyDVFwSEW7UKooGN4CtgU=
129+
</ds:SignatureValue>
130+
<ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
131+
<ds:X509Data xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
132+
<ds:X509SubjectName xmlns:ds="http://www.w3.org/2000/09/xmldsig#">CN=bomsigner,OU=development,O=cyclonedx</ds:X509SubjectName>
133+
<ds:X509Certificate xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
134+
MIIE+DCCAuCgAwIBAgIEXGzayTANBgkqhkiG9w0BAQsFADA+MRIwEAYDVQQKDAljeWNsb25lZHgx
135+
FDASBgNVBAsMC2RldmVsb3BtZW50MRIwEAYDVQQDDAlib21zaWduZXIwHhcNMTkwMjIwMDQ0MjQ5
136+
WhcNNDkwMjIwMDQ0MjQ5WjA+MRIwEAYDVQQKDAljeWNsb25lZHgxFDASBgNVBAsMC2RldmVsb3Bt
137+
ZW50MRIwEAYDVQQDDAlib21zaWduZXIwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCo
138+
5JZsM4ZLfWW/dpRlU6CpnItWspddF+bEVDETKVwVj9tGpqR5jURgKS/BOQP2TGUsR3/ZJJBhYRll
139+
ONhrUQrVKV/I6wp3Z40qPEa1RJLE+QlG9iL8qBV52CnXkLmnUSax3dspSzmSct5vDiTnvpHG9jr0
140+
AKFeTjy7U9rv8GJybz0ijwlpBoO9JRdYPX2PrrzoSeJLoxKq+GwuyCZ5LhXRN0p1a+NAirTAmY+c
141+
G1ZTLkMmfeCUy1t6H/bG4RnYOSSPOvk7Rb68lQpUqb+pbbNuB2o/b9cDwtLLCtGVlu+5Wj8mrytY
142+
3FGFQM20j3yVeRInmGqTTDBelQa/CO4JKqBlmaeYEIvNYbFs9+AlqadivwDO51RpdPo9fPSpsBpy
143+
ZMv6S2bXNuUML+Rk99WyKJTPM0PTZhRLZ64ZXEhlz3kQWVoSlrcwwim6sj6LRUb5IRqA3lxRFUI6
144+
NXKyiQLamQp+t3/9OGW9L1rLCcw7yFo0s8LhMTPMiv4ol9/hQViT+8ICzDsr0OM9ZiF4/UagFRlt
145+
IClV70cjh1DpsZjzQIRVGaj8uQ/JdtfRz4E43Ki7U0a2Vpho/t6poLVndv46tkX5nYGtMW4WfMoD
146+
ZflQ9pajvvKtr2jB1wob6nsU+VTmAcWZy4BCPH+XyfDw/0SFBdUceJJJtPWIeYFDUY7onptf+wID
147+
AQABMA0GCSqGSIb3DQEBCwUAA4ICAQCOVariNgK+9OF/5T9ZaSvZbkk45RTmzgQNXtFc5xfRvqwP
148+
s+pu/DFXm1R+ltjyS5j3w6NBZUFUI5MqLQr6JEEDrbu8BvfBO57wJNAEATj1JIHEfDfh7BxnBF8f
149+
oYFOwbrh4jOt0wz0FW2obsSVmF4GSvS7tTlWqTcsxjdZVmwP40RWu18B9jzv7M61adrWD3ksDA5O
150+
amSOsZi3Nt0aacDkyGRdCIEFi0fplxQInXMtD1z3RhXu2JSTAIr54Cei49Bh71kAXSWHMCog/f8a
151+
lSrZyqZBty/ACfU9DqlPIM+giHePKm4z2bcdpUdKZk6wcKDn4CvuBOqsMBMg7L05UEyyqTPD/4dk
152+
2GwJ8Nv0E5gsYHCIXF2cZ3OUVsw0mB/ozleEJVDE02uZZN/1wW1Xq028LsMdgN0Wk1WvWyF5MEdh
153+
nPWuhqp6tNaDI/kK6XQF+LjYJUzua3AQFOHfYNLKhO6d+bJ4rr0833v4v3cLW34kbXkKb6U3Yv8X
154+
SK3jBGCACiPgnc0N6awkh1kDlrZQ7GMsl14c+2+vpl9Lf0sL0mRUIyICfSC8MjlsP/BZH3emyfsk
155+
iWivPALomycKqP+PSkt1WaWApGENZWk1wNN99FYSYlt6LViW2p6T97fRx4jPRlHu+wecfD2k9RP4
156+
bt5W2HWfOP0zNAS7SnAVLEl2QZxXKw==
157+
</ds:X509Certificate>
158+
</ds:X509Data>
159+
<ds:KeyValue xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
160+
<ds:RSAKeyValue xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
161+
<ds:Modulus xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
162+
qOSWbDOGS31lv3aUZVOgqZyLVrKXXRfmxFQxEylcFY/bRqakeY1EYCkvwTkD9kxlLEd/2SSQYWEZ
163+
ZTjYa1EK1SlfyOsKd2eNKjxGtUSSxPkJRvYi/KgVedgp15C5p1Emsd3bKUs5knLebw4k576RxvY6
164+
9AChXk48u1Pa7/Bicm89Io8JaQaDvSUXWD19j6686EniS6MSqvhsLsgmeS4V0TdKdWvjQIq0wJmP
165+
nBtWUy5DJn3glMtbeh/2xuEZ2Dkkjzr5O0W+vJUKVKm/qW2zbgdqP2/XA8LSywrRlZbvuVo/Jq8r
166+
WNxRhUDNtI98lXkSJ5hqk0wwXpUGvwjuCSqgZZmnmBCLzWGxbPfgJamnYr8AzudUaXT6PXz0qbAa
167+
cmTL+ktm1zblDC/kZPfVsiiUzzND02YUS2euGVxIZc95EFlaEpa3MMIpurI+i0VG+SEagN5cURVC
168+
OjVysokC2pkKfrd//ThlvS9aywnMO8haNLPC4TEzzIr+KJff4UFYk/vCAsw7K9DjPWYheP1GoBUZ
169+
bSApVe9HI4dQ6bGY80CEVRmo/LkPyXbX0c+BONyou1NGtlaYaP7eqaC1Z3b+OrZF+Z2BrTFuFnzK
170+
A2X5UPaWo77yra9owdcKG+p7FPlU5gHFmcuAQjx/l8nw8P9EhQXVHHiSSbT1iHmBQ1GO6J6bX/s=
171+
</ds:Modulus>
172+
<ds:Exponent xmlns:ds="http://www.w3.org/2000/09/xmldsig#">AQAB</ds:Exponent>
173+
</ds:RSAKeyValue>
174+
</ds:KeyValue>
175+
</ds:KeyInfo>
176+
</ds:Signature></bom>

examples/individual-component/bom.xml

Lines changed: 0 additions & 27 deletions
This file was deleted.

0 commit comments

Comments
 (0)