diff --git a/cbom.json b/cbom.json index bfe8f30d5..1a4bea299 100644 --- a/cbom.json +++ b/cbom.json @@ -1,21 +1,67 @@ { - "bomFormat" : "CycloneDX", - "specVersion" : "1.6", - "serialNumber" : "urn:uuid:aff72c3b-cc0c-4475-9d14-50c6c27445a0", - "version" : 1, - "metadata" : { - "timestamp" : "2024-08-15T08:00:10Z", - "tools" : { - "services" : [ + "bomFormat": "CycloneDX", + "specVersion": "1.6", + "serialNumber": "urn:uuid:e070c598-5874-406f-a7a7-3d6ef5838b7e", + "version": 1, + "metadata": { + "timestamp": "2024-09-20T08:12:07Z", + "tools": { + "services": [ { - "provider" : { - "name" : "IBM" + "provider": { + "name": "IBM" }, - "name" : "Sonar Cryptography Plugin", - "version" : "1.2.0" + "name": "Sonar Cryptography Plugin", + "version": "1.3.0" } ] - } + }, + "properties": [ + { + "name": "git-url", + "value": "https://github.com/IBM/cbomkit" + }, + { + "name": "git-branch", + "value": "main" + }, + { + "name": "commit", + "value": "4243a05538e996073df292e4c9f096e94ed5d9f7" + }, + { + "name": "purl", + "value": "pkg:github/IBM/cbomkit" + } + ] }, - "dependencies" : [ ] + "components": [ + { + "type": "cryptographic-asset", + "bom-ref": "f2f120b1-6f94-4a02-81d1-d490fa538393", + "name": "SHA256", + "evidence": { + "occurrences": [ + { + "line": 80, + "offset": 31, + "additionalContext": "java.security.MessageDigest#getInstance(Ljava/lang/String;)Ljava/security/MessageDigest;", + "location": "src/main/java/com/ibm/git/GitService.java" + } + ] + }, + "cryptoProperties": { + "assetType": "algorithm", + "algorithmProperties": { + "primitive": "hash", + "parameterSetIdentifier": "256", + "cryptoFunctions": [ + "digest" + ] + }, + "oid": "2.16.840.1.101.3.4.2.1" + } + } + ], + "dependencies": [] } \ No newline at end of file