1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
|
<?xml version="1.0"?>
<bom serialNumber="urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79" version="1" xmlns="http://cyclonedx.org/schema/bom/1.5">
<components>
<component type="library">
<group>com.acme</group>
<name>sample-library</name>
<version>1.0.0</version>
<pedigree>
<ancestors>
<component type="library">
<group>org.example</group>
<name>sample-library</name>
<version>1.0.0</version>
</component>
</ancestors>
<patches>
<patch type="unofficial">
<diff>
<text content-type="text/plain" encoding="base64">blah</text>
<url>uri/to/changes.diff</url>
</diff>
<resolves>
<issue type="enhancement">
<id>JIRA-17240</id>
<description>Great new feature that does something</description>
<source>
<name>Acme Org</name>
<url>https://issues.acme.org/17240</url>
</source>
</issue>
</resolves>
</patch>
<patch type="backport">
<diff>
<text content-type="text/plain" encoding="base64">blah</text>
<url>uri/to/changes.diff</url>
</diff>
<resolves>
<issue type="security">
<id>CVE-2019-9997</id>
<name>CVE-2019-9997</name>
<description>blah blah</description>
<source>
<name>NVD</name>
<url>https://nvd.nist.gov/vuln/detail/CVE-2019-9997</url>
</source>
<references>
<url>http://some/other/site-1</url>
<url>http://some/other/site-2</url>
</references>
</issue>
<issue type="defect">
<id>JIRA-874319</id>
<description>Enable to do something</description>
<source>
<name>Example Org</name>
<url>https://issues.example.org/874319</url>
</source>
<references>
<url>http://some/other/site-1</url>
<url>http://some/other/site-2</url>
</references>
</issue>
</resolves>
</patch>
</patches>
</pedigree>
</component>
</components>
</bom>
|
