├── .gitattributes ├── .github ├── dependabot.yml ├── lock.yml ├── release.yml └── workflows │ ├── codeql-analysis.yml │ ├── docs.yml │ ├── maven.yml │ ├── pr-test-coverage.yml │ ├── publish-snapshot.yml │ └── release.yml ├── .gitignore ├── CHANGELOG.md ├── CODEOWNERS ├── LICENSE ├── NOTICE ├── README.md ├── pom.xml ├── release.sh └── src ├── main ├── java │ └── org │ │ └── cyclonedx │ │ ├── CycloneDxMediaType.java │ │ ├── CycloneDxSchema.java │ │ ├── Format.java │ │ ├── Version.java │ │ ├── exception │ │ ├── BomLinkException.java │ │ ├── GeneratorException.java │ │ └── ParseException.java │ │ ├── generators │ │ ├── AbstractBomGenerator.java │ │ ├── BomGeneratorFactory.java │ │ ├── json │ │ │ └── BomJsonGenerator.java │ │ └── xml │ │ │ └── BomXmlGenerator.java │ │ ├── model │ │ ├── Ancestors.java │ │ ├── Annotation.java │ │ ├── Annotator.java │ │ ├── AttachmentText.java │ │ ├── Attribute.java │ │ ├── Bom.java │ │ ├── BomReference.java │ │ ├── Commit.java │ │ ├── Component.java │ │ ├── ComponentWrapper.java │ │ ├── Composition.java │ │ ├── Copyright.java │ │ ├── Dependency.java │ │ ├── DependencyList.java │ │ ├── Descendants.java │ │ ├── Diff.java │ │ ├── Evidence.java │ │ ├── ExtensibleElement.java │ │ ├── ExtensibleType.java │ │ ├── Extension.java │ │ ├── ExternalReference.java │ │ ├── Hash.java │ │ ├── IdentifiableActionType.java │ │ ├── Issue.java │ │ ├── JsonOnly.java │ │ ├── License.java │ │ ├── LicenseChoice.java │ │ ├── Licensing.java │ │ ├── LifecycleChoice.java │ │ ├── Lifecycles.java │ │ ├── Metadata.java │ │ ├── OrganizationalChoice.java │ │ ├── OrganizationalContact.java │ │ ├── OrganizationalEntity.java │ │ ├── Patch.java │ │ ├── Pedigree.java │ │ ├── Property.java │ │ ├── ReleaseNotes.java │ │ ├── Service.java │ │ ├── ServiceData.java │ │ ├── Signature.java │ │ ├── Source.java │ │ ├── Swid.java │ │ ├── Tool.java │ │ ├── Variants.java │ │ ├── VersionFilter.java │ │ ├── XmlOnly.java │ │ ├── attestation │ │ │ ├── Assessor.java │ │ │ ├── Attestation.java │ │ │ ├── AttestationMap.java │ │ │ ├── Claim.java │ │ │ ├── Confidence.java │ │ │ ├── Conformance.java │ │ │ ├── Declarations.java │ │ │ ├── Targets.java │ │ │ ├── affirmation │ │ │ │ ├── Affirmation.java │ │ │ │ └── Signatory.java │ │ │ └── evidence │ │ │ │ ├── Contents.java │ │ │ │ ├── Data.java │ │ │ │ └── Evidence.java │ │ ├── component │ │ │ ├── ModelCard.java │ │ │ ├── Tags.java │ │ │ ├── crypto │ │ │ │ ├── AlgorithmProperties.java │ │ │ │ ├── CertificateProperties.java │ │ │ │ ├── CipherSuite.java │ │ │ │ ├── CryptoProperties.java │ │ │ │ ├── Ikev2TransformTypes.java │ │ │ │ ├── ProtocolProperties.java │ │ │ │ ├── RelatedCryptoMaterialProperties.java │ │ │ │ ├── SecuredBy.java │ │ │ │ └── enums │ │ │ │ │ ├── AssetType.java │ │ │ │ │ ├── CertificationLevel.java │ │ │ │ │ ├── CryptoFunction.java │ │ │ │ │ ├── ExecutionEnvironment.java │ │ │ │ │ ├── FipsLevel.java │ │ │ │ │ ├── ImplementationPlatform.java │ │ │ │ │ ├── Mechanism.java │ │ │ │ │ ├── MemoryType.java │ │ │ │ │ ├── Mode.java │ │ │ │ │ ├── Padding.java │ │ │ │ │ ├── Primitive.java │ │ │ │ │ ├── ProtocolType.java │ │ │ │ │ ├── RelatedCryptoMaterialType.java │ │ │ │ │ └── State.java │ │ │ ├── data │ │ │ │ ├── ComponentData.java │ │ │ │ ├── Content.java │ │ │ │ ├── DatasetChoice.java │ │ │ │ ├── Governance.java │ │ │ │ └── Graphics.java │ │ │ ├── evidence │ │ │ │ ├── Callstack.java │ │ │ │ ├── Frame.java │ │ │ │ ├── Identity.java │ │ │ │ ├── Method.java │ │ │ │ └── Occurrence.java │ │ │ └── modelCard │ │ │ │ ├── Considerations.java │ │ │ │ ├── InputOutputParameter.java │ │ │ │ ├── ModelParameters.java │ │ │ │ ├── PerformanceMetric.java │ │ │ │ ├── QuantitativeAnalysis.java │ │ │ │ └── consideration │ │ │ │ ├── EnvironmentalConsideration.java │ │ │ │ ├── FairnessAssessment.java │ │ │ │ ├── Risk.java │ │ │ │ └── consumption │ │ │ │ ├── Activity.java │ │ │ │ ├── EnergyConsumption.java │ │ │ │ ├── co2 │ │ │ │ ├── CO2Measure.java │ │ │ │ └── Unit.java │ │ │ │ └── energy │ │ │ │ ├── EnergyMeasure.java │ │ │ │ ├── EnergyProvider.java │ │ │ │ ├── EnergySource.java │ │ │ │ └── Unit.java │ │ ├── definition │ │ │ ├── Definition.java │ │ │ ├── Level.java │ │ │ ├── Requirement.java │ │ │ └── Standard.java │ │ ├── formulation │ │ │ ├── Formula.java │ │ │ ├── FormulationCommon.java │ │ │ ├── Workflow.java │ │ │ ├── common │ │ │ │ ├── AbstractType.java │ │ │ │ ├── BasicDataAbstract.java │ │ │ │ ├── EnvironmentVars.java │ │ │ │ ├── InputType.java │ │ │ │ ├── OutputType.java │ │ │ │ └── ResourceReferenceChoice.java │ │ │ ├── task │ │ │ │ ├── Command.java │ │ │ │ ├── Step.java │ │ │ │ └── Task.java │ │ │ ├── trigger │ │ │ │ ├── Condition.java │ │ │ │ ├── Event.java │ │ │ │ └── Trigger.java │ │ │ └── workspace │ │ │ │ ├── Volume.java │ │ │ │ └── Workspace.java │ │ ├── license │ │ │ ├── Acknowledgement.java │ │ │ └── Expression.java │ │ ├── metadata │ │ │ └── ToolInformation.java │ │ ├── organization │ │ │ └── PostalAddress.java │ │ └── vulnerability │ │ │ ├── ProofOfConcept.java │ │ │ ├── Rating.java │ │ │ ├── Vulnerability.java │ │ │ └── Vulnerability10.java │ │ ├── parsers │ │ ├── BomParserFactory.java │ │ ├── JsonParser.java │ │ ├── Parser.java │ │ └── XmlParser.java │ │ └── util │ │ ├── BomLink.java │ │ ├── BomUtils.java │ │ ├── LicenseResolver.java │ │ ├── ObjectLocator.java │ │ ├── ResourceReferenceChoiceDeserializer.java │ │ ├── TimestampUtils.java │ │ ├── ToolsJsonParser.java │ │ ├── deserializer │ │ ├── AbstractDataTypeDeserializer.java │ │ ├── AffectDeserializer.java │ │ ├── AffectsDeserializer.java │ │ ├── AttachmentTextDeserializer.java │ │ ├── ComponentWrapperDeserializer.java │ │ ├── DatasetsChoiceDeserializer.java │ │ ├── DependencyDeserializer.java │ │ ├── DeserializerUtils.java │ │ ├── EnvironmentVarsDeserializer.java │ │ ├── ExpressionDeserializer.java │ │ ├── ExtensionDeserializer.java │ │ ├── ExternalReferencesDeserializer.java │ │ ├── HashesDeserializer.java │ │ ├── IdentityDeserializer.java │ │ ├── InputTypeDeserializer.java │ │ ├── LicenseDeserializer.java │ │ ├── LicensingTypeDeserializer.java │ │ ├── LifecycleDeserializer.java │ │ ├── MetadataDeserializer.java │ │ ├── NotesDeserializer.java │ │ ├── OrganizationalChoiceDeserializer.java │ │ ├── OrganizationalEntityDeserializer.java │ │ ├── OutputTypeDeserializer.java │ │ ├── PropertiesDeserializer.java │ │ ├── PropertyDeserializer.java │ │ ├── ResolvesDeserializer.java │ │ ├── RiskDeserializer.java │ │ ├── SignatoryDeserializer.java │ │ ├── StringListDeserializer.java │ │ ├── TagsDeserializer.java │ │ ├── ToolDeserializer.java │ │ ├── ToolInformationDeserializer.java │ │ ├── ToolsDeserializer.java │ │ └── VulnerabilityDeserializer.java │ │ ├── introspector │ │ ├── VersionJsonAnnotationIntrospector.java │ │ └── VersionXmlAnnotationIntrospector.java │ │ ├── mixin │ │ └── MixInBomReference.java │ │ └── serializer │ │ ├── CollectionTypeSerializer.java │ │ ├── ComponentWrapperSerializer.java │ │ ├── CustomDateSerializer.java │ │ ├── CustomSerializerModifier.java │ │ ├── DependencySerializer.java │ │ ├── EnvironmentVarsSerializer.java │ │ ├── EvidenceSerializer.java │ │ ├── ExtensibleTypesSerializer.java │ │ ├── ExtensionSerializer.java │ │ ├── ExternalReferenceSerializer.java │ │ ├── HashSerializer.java │ │ ├── InputTypeSerializer.java │ │ ├── LicenseChoiceSerializer.java │ │ ├── LifecycleSerializer.java │ │ ├── MetadataSerializer.java │ │ ├── OutputTypeSerializer.java │ │ ├── PropertiesSerializer.java │ │ ├── SerializerUtils.java │ │ ├── SignatorySerializer.java │ │ └── TrimStringSerializer.java └── resources │ ├── bom-1.0.xsd │ ├── bom-1.1.xsd │ ├── bom-1.2-strict.schema.json │ ├── bom-1.2.schema.json │ ├── bom-1.2.xsd │ ├── bom-1.3-strict.schema.json │ ├── bom-1.3.proto │ ├── bom-1.3.schema.json │ ├── bom-1.3.xsd │ ├── bom-1.4.proto │ ├── bom-1.4.schema.json │ ├── bom-1.4.xsd │ ├── bom-1.5.proto │ ├── bom-1.5.schema.json │ ├── bom-1.5.xsd │ ├── bom-1.6.proto │ ├── bom-1.6.schema.json │ ├── bom-1.6.xsd │ ├── ext │ ├── dependency-graph-1.0.xsd │ └── vulnerability-1.0.xsd │ ├── jsf-0.82.schema.json │ ├── license-mapping.json │ ├── licenses │ ├── 0BSD.txt │ ├── AAL.txt │ ├── ADSL.txt │ ├── AFL-1.1.txt │ ├── AFL-1.2.txt │ ├── AFL-2.0.txt │ ├── AFL-2.1.txt │ ├── AFL-3.0.txt │ ├── AGPL-1.0-only.txt │ ├── AGPL-1.0-or-later.txt │ ├── AGPL-1.0.txt │ ├── AGPL-3.0-only.txt │ ├── AGPL-3.0-or-later.txt │ ├── AGPL-3.0.txt │ ├── AMDPLPA.txt │ ├── AML-glslang.txt │ ├── AML.txt │ ├── AMPAS.txt │ ├── ANTLR-PD-fallback.txt │ ├── ANTLR-PD.txt │ ├── APAFML.txt │ ├── APL-1.0.txt │ ├── APSL-1.0.txt │ ├── APSL-1.1.txt │ ├── APSL-1.2.txt │ ├── APSL-2.0.txt │ ├── ASWF-Digital-Assets-1.0.txt │ ├── ASWF-Digital-Assets-1.1.txt │ ├── Abstyles.txt │ ├── AdaCore-doc.txt │ ├── Adobe-2006.txt │ ├── Adobe-Display-PostScript.txt │ ├── Adobe-Glyph.txt │ ├── Adobe-Utopia.txt │ ├── Afmparse.txt │ ├── Aladdin.txt │ ├── Apache-1.0.txt │ ├── Apache-1.1.txt │ ├── Apache-2.0.txt │ ├── App-s2p.txt │ ├── Arphic-1999.txt │ ├── Artistic-1.0-Perl.txt │ ├── Artistic-1.0-cl8.txt │ ├── Artistic-1.0.txt │ ├── Artistic-2.0.txt │ ├── BSD-1-Clause.txt │ ├── BSD-2-Clause-Darwin.txt │ ├── BSD-2-Clause-FreeBSD.txt │ ├── BSD-2-Clause-NetBSD.txt │ ├── BSD-2-Clause-Patent.txt │ ├── BSD-2-Clause-Views.txt │ ├── BSD-2-Clause.txt │ ├── BSD-3-Clause-Attribution.txt │ ├── BSD-3-Clause-Clear.txt │ ├── BSD-3-Clause-HP.txt │ ├── BSD-3-Clause-LBNL.txt │ ├── BSD-3-Clause-Modification.txt │ ├── BSD-3-Clause-No-Military-License.txt │ ├── BSD-3-Clause-No-Nuclear-License-2014.txt │ ├── BSD-3-Clause-No-Nuclear-License.txt │ ├── BSD-3-Clause-No-Nuclear-Warranty.txt │ ├── BSD-3-Clause-Open-MPI.txt │ ├── BSD-3-Clause-Sun.txt │ ├── BSD-3-Clause-acpica.txt │ ├── BSD-3-Clause-flex.txt │ ├── BSD-3-Clause.txt │ ├── BSD-4-Clause-Shortened.txt │ ├── BSD-4-Clause-UC.txt │ ├── BSD-4-Clause.txt │ ├── BSD-4.3RENO.txt │ ├── BSD-4.3TAHOE.txt │ ├── BSD-Advertising-Acknowledgement.txt │ ├── BSD-Attribution-HPND-disclaimer.txt │ ├── BSD-Inferno-Nettverk.txt │ ├── BSD-Protection.txt │ ├── BSD-Source-Code.txt │ ├── BSD-Source-beginning-file.txt │ ├── BSD-Systemics-W3Works.txt │ ├── BSD-Systemics.txt │ ├── BSL-1.0.txt │ ├── BUSL-1.1.txt │ ├── Baekmuk.txt │ ├── Bahyph.txt │ ├── Barr.txt │ ├── Beerware.txt │ ├── BitTorrent-1.0.txt │ ├── BitTorrent-1.1.txt │ ├── Bitstream-Charter.txt │ ├── Bitstream-Vera.txt │ ├── BlueOak-1.0.0.txt │ ├── Boehm-GC.txt │ ├── Borceux.txt │ ├── Brian-Gladman-2-Clause.txt │ ├── Brian-Gladman-3-Clause.txt │ ├── C-UDA-1.0.txt │ ├── CAL-1.0-Combined-Work-Exception.txt │ ├── CAL-1.0.txt │ ├── CATOSL-1.1.txt │ ├── CC-BY-1.0.txt │ ├── CC-BY-2.0.txt │ ├── CC-BY-2.5-AU.txt │ ├── CC-BY-2.5.txt │ ├── CC-BY-3.0-AT.txt │ ├── CC-BY-3.0-AU.txt │ ├── CC-BY-3.0-DE.txt │ ├── CC-BY-3.0-IGO.txt │ ├── CC-BY-3.0-NL.txt │ ├── CC-BY-3.0-US.txt │ ├── CC-BY-3.0.txt │ ├── CC-BY-4.0.txt │ ├── CC-BY-NC-1.0.txt │ ├── CC-BY-NC-2.0.txt │ ├── CC-BY-NC-2.5.txt │ ├── CC-BY-NC-3.0-DE.txt │ ├── CC-BY-NC-3.0.txt │ ├── CC-BY-NC-4.0.txt │ ├── CC-BY-NC-ND-1.0.txt │ ├── CC-BY-NC-ND-2.0.txt │ ├── CC-BY-NC-ND-2.5.txt │ ├── CC-BY-NC-ND-3.0-DE.txt │ ├── CC-BY-NC-ND-3.0-IGO.txt │ ├── CC-BY-NC-ND-3.0.txt │ ├── CC-BY-NC-ND-4.0.txt │ ├── CC-BY-NC-SA-1.0.txt │ ├── CC-BY-NC-SA-2.0-DE.txt │ ├── CC-BY-NC-SA-2.0-FR.txt │ ├── CC-BY-NC-SA-2.0-UK.txt │ ├── CC-BY-NC-SA-2.0.txt │ ├── CC-BY-NC-SA-2.5.txt │ ├── CC-BY-NC-SA-3.0-DE.txt │ ├── CC-BY-NC-SA-3.0-IGO.txt │ ├── CC-BY-NC-SA-3.0.txt │ ├── CC-BY-NC-SA-4.0.txt │ ├── CC-BY-ND-1.0.txt │ ├── CC-BY-ND-2.0.txt │ ├── CC-BY-ND-2.5.txt │ ├── CC-BY-ND-3.0-DE.txt │ ├── CC-BY-ND-3.0.txt │ ├── CC-BY-ND-4.0.txt │ ├── CC-BY-SA-1.0.txt │ ├── CC-BY-SA-2.0-UK.txt │ ├── CC-BY-SA-2.0.txt │ ├── CC-BY-SA-2.1-JP.txt │ ├── CC-BY-SA-2.5.txt │ ├── CC-BY-SA-3.0-AT.txt │ ├── CC-BY-SA-3.0-DE.txt │ ├── CC-BY-SA-3.0-IGO.txt │ ├── CC-BY-SA-3.0.txt │ ├── CC-BY-SA-4.0.txt │ ├── CC-PDDC.txt │ ├── CC0-1.0.txt │ ├── CDDL-1.0.txt │ ├── CDDL-1.1.txt │ ├── CDL-1.0.txt │ ├── CDLA-Permissive-1.0.txt │ ├── CDLA-Permissive-2.0.txt │ ├── CDLA-Sharing-1.0.txt │ ├── CECILL-1.0.txt │ ├── CECILL-1.1.txt │ ├── CECILL-2.0.txt │ ├── CECILL-2.1.txt │ ├── CECILL-B.txt │ ├── CECILL-C.txt │ ├── CERN-OHL-1.1.txt │ ├── CERN-OHL-1.2.txt │ ├── CERN-OHL-P-2.0.txt │ ├── CERN-OHL-S-2.0.txt │ ├── CERN-OHL-W-2.0.txt │ ├── CFITSIO.txt │ ├── CMU-Mach-nodoc.txt │ ├── CMU-Mach.txt │ ├── CNRI-Jython.txt │ ├── CNRI-Python-GPL-Compatible.txt │ ├── CNRI-Python.txt │ ├── COIL-1.0.txt │ ├── CPAL-1.0.txt │ ├── CPL-1.0.txt │ ├── CPOL-1.02.txt │ ├── CUA-OPL-1.0.txt │ ├── Caldera-no-preamble.txt │ ├── Caldera.txt │ ├── ClArtistic.txt │ ├── Clips.txt │ ├── Community-Spec-1.0.txt │ ├── Condor-1.1.txt │ ├── Cornell-Lossless-JPEG.txt │ ├── Cronyx.txt │ ├── Crossword.txt │ ├── CrystalStacker.txt │ ├── Cube.txt │ ├── D-FSL-1.0.txt │ ├── DEC-3-Clause.txt │ ├── DL-DE-BY-2.0.txt │ ├── DL-DE-ZERO-2.0.txt │ ├── DOC.txt │ ├── DRL-1.0.txt │ ├── DRL-1.1.txt │ ├── DSDP.txt │ ├── Dotseqn.txt │ ├── ECL-1.0.txt │ ├── ECL-2.0.txt │ ├── EFL-1.0.txt │ ├── EFL-2.0.txt │ ├── EPICS.txt │ ├── EPL-1.0.txt │ ├── EPL-2.0.txt │ ├── EUDatagrid.txt │ ├── EUPL-1.0.txt │ ├── EUPL-1.1.txt │ ├── EUPL-1.2.txt │ ├── Elastic-2.0.txt │ ├── Entessa.txt │ ├── ErlPL-1.1.txt │ ├── Eurosym.txt │ ├── FBM.txt │ ├── FDK-AAC.txt │ ├── FSFAP-no-warranty-disclaimer.txt │ ├── FSFAP.txt │ ├── FSFUL.txt │ ├── FSFULLR.txt │ ├── FSFULLRWD.txt │ ├── FTL.txt │ ├── Fair.txt │ ├── Ferguson-Twofish.txt │ ├── Frameworx-1.0.txt │ ├── FreeBSD-DOC.txt │ ├── FreeImage.txt │ ├── Furuseth.txt │ ├── GCR-docs.txt │ ├── GD.txt │ ├── GFDL-1.1-invariants-only.txt │ ├── GFDL-1.1-invariants-or-later.txt │ ├── GFDL-1.1-no-invariants-only.txt │ ├── GFDL-1.1-no-invariants-or-later.txt │ ├── GFDL-1.1-only.txt │ ├── GFDL-1.1-or-later.txt │ ├── GFDL-1.1.txt │ ├── GFDL-1.2-invariants-only.txt │ ├── GFDL-1.2-invariants-or-later.txt │ ├── GFDL-1.2-no-invariants-only.txt │ ├── GFDL-1.2-no-invariants-or-later.txt │ ├── GFDL-1.2-only.txt │ ├── GFDL-1.2-or-later.txt │ ├── GFDL-1.2.txt │ ├── GFDL-1.3-invariants-only.txt │ ├── GFDL-1.3-invariants-or-later.txt │ ├── GFDL-1.3-no-invariants-only.txt │ ├── GFDL-1.3-no-invariants-or-later.txt │ ├── GFDL-1.3-only.txt │ ├── GFDL-1.3-or-later.txt │ ├── GFDL-1.3.txt │ ├── GL2PS.txt │ ├── GLWTPL.txt │ ├── GPL-1.0+.txt │ ├── GPL-1.0-only.txt │ ├── GPL-1.0-or-later.txt │ ├── GPL-1.0.txt │ ├── GPL-2.0+.txt │ ├── GPL-2.0-only.txt │ ├── GPL-2.0-or-later.txt │ ├── GPL-2.0-with-GCC-exception.txt │ ├── GPL-2.0-with-autoconf-exception.txt │ ├── GPL-2.0-with-bison-exception.txt │ ├── GPL-2.0-with-classpath-exception.txt │ ├── GPL-2.0-with-font-exception.txt │ ├── GPL-2.0.txt │ ├── GPL-3.0+.txt │ ├── GPL-3.0-only.txt │ ├── GPL-3.0-or-later.txt │ ├── GPL-3.0-with-GCC-exception.txt │ ├── GPL-3.0-with-autoconf-exception.txt │ ├── GPL-3.0.txt │ ├── Giftware.txt │ ├── Glide.txt │ ├── Glulxe.txt │ ├── Graphics-Gems.txt │ ├── HP-1986.txt │ ├── HP-1989.txt │ ├── HPND-DEC.txt │ ├── HPND-Fenneberg-Livingston.txt │ ├── HPND-INRIA-IMAG.txt │ ├── HPND-Kevlin-Henney.txt │ ├── HPND-MIT-disclaimer.txt │ ├── HPND-Markus-Kuhn.txt │ ├── HPND-Pbmplus.txt │ ├── HPND-UC.txt │ ├── HPND-doc-sell.txt │ ├── HPND-doc.txt │ ├── HPND-export-US-modify.txt │ ├── HPND-export-US.txt │ ├── HPND-sell-MIT-disclaimer-xserver.txt │ ├── HPND-sell-regexpr.txt │ ├── HPND-sell-variant-MIT-disclaimer.txt │ ├── HPND-sell-variant.txt │ ├── HPND.txt │ ├── HTMLTIDY.txt │ ├── HaskellReport.txt │ ├── Hippocratic-2.1.txt │ ├── IBM-pibs.txt │ ├── ICU.txt │ ├── IEC-Code-Components-EULA.txt │ ├── IJG-short.txt │ ├── IJG.txt │ ├── IPA.txt │ ├── IPL-1.0.txt │ ├── ISC-Veillard.txt │ ├── ISC.txt │ ├── ImageMagick.txt │ ├── Imlib2.txt │ ├── Info-ZIP.txt │ ├── Inner-Net-2.0.txt │ ├── Intel-ACPI.txt │ ├── Intel.txt │ ├── Interbase-1.0.txt │ ├── JPL-image.txt │ ├── JPNIC.txt │ ├── JSON.txt │ ├── Jam.txt │ ├── JasPer-2.0.txt │ ├── Kastrup.txt │ ├── Kazlib.txt │ ├── KiCad-libraries-exception.txt │ ├── Knuth-CTAN.txt │ ├── LAL-1.2.txt │ ├── LAL-1.3.txt │ ├── LGPL-2.0+.txt │ ├── LGPL-2.0-only.txt │ ├── LGPL-2.0-or-later.txt │ ├── LGPL-2.0.txt │ ├── LGPL-2.1+.txt │ ├── LGPL-2.1-only.txt │ ├── LGPL-2.1-or-later.txt │ ├── LGPL-2.1.txt │ ├── LGPL-3.0+.txt │ ├── LGPL-3.0-only.txt │ ├── LGPL-3.0-or-later.txt │ ├── LGPL-3.0.txt │ ├── LGPLLR.txt │ ├── LOOP.txt │ ├── LPD-document.txt │ ├── LPL-1.0.txt │ ├── LPL-1.02.txt │ ├── LPPL-1.0.txt │ ├── LPPL-1.1.txt │ ├── LPPL-1.2.txt │ ├── LPPL-1.3a.txt │ ├── LPPL-1.3c.txt │ ├── LZMA-SDK-9.11-to-9.20.txt │ ├── LZMA-SDK-9.22.txt │ ├── Latex2e-translated-notice.txt │ ├── Latex2e.txt │ ├── Leptonica.txt │ ├── LiLiQ-P-1.1.txt │ ├── LiLiQ-R-1.1.txt │ ├── LiLiQ-Rplus-1.1.txt │ ├── Libpng.txt │ ├── Linux-OpenIB.txt │ ├── Linux-man-pages-1-para.txt │ ├── Linux-man-pages-copyleft-2-para.txt │ ├── Linux-man-pages-copyleft-var.txt │ ├── Linux-man-pages-copyleft.txt │ ├── Lucida-Bitmap-Fonts.txt │ ├── MIT-0.txt │ ├── MIT-CMU.txt │ ├── MIT-Festival.txt │ ├── MIT-Modern-Variant.txt │ ├── MIT-Wu.txt │ ├── MIT-advertising.txt │ ├── MIT-enna.txt │ ├── MIT-feh.txt │ ├── MIT-open-group.txt │ ├── MIT-testregex.txt │ ├── MIT.txt │ ├── MITNFA.txt │ ├── MMIXware.txt │ ├── MPEG-SSG.txt │ ├── MPL-1.0.txt │ ├── MPL-1.1.txt │ ├── MPL-2.0-no-copyleft-exception.txt │ ├── MPL-2.0.txt │ ├── MS-LPL.txt │ ├── MS-PL.txt │ ├── MS-RL.txt │ ├── MTLL.txt │ ├── Mackerras-3-Clause-acknowledgment.txt │ ├── Mackerras-3-Clause.txt │ ├── MakeIndex.txt │ ├── Martin-Birgmeier.txt │ ├── McPhee-slideshow.txt │ ├── Minpack.txt │ ├── MirOS.txt │ ├── Motosoto.txt │ ├── MulanPSL-1.0.txt │ ├── MulanPSL-2.0.txt │ ├── Multics.txt │ ├── Mup.txt │ ├── NAIST-2003.txt │ ├── NASA-1.3.txt │ ├── NBPL-1.0.txt │ ├── NCGL-UK-2.0.txt │ ├── NCSA.txt │ ├── NGPL.txt │ ├── NICTA-1.0.txt │ ├── NIST-PD-fallback.txt │ ├── NIST-PD.txt │ ├── NIST-Software.txt │ ├── NLOD-1.0.txt │ ├── NLOD-2.0.txt │ ├── NLPL.txt │ ├── NOSL.txt │ ├── NPL-1.0.txt │ ├── NPL-1.1.txt │ ├── NPOSL-3.0.txt │ ├── NRL.txt │ ├── NTP-0.txt │ ├── NTP.txt │ ├── Naumen.txt │ ├── Net-SNMP.txt │ ├── NetCDF.txt │ ├── Newsletr.txt │ ├── Nokia.txt │ ├── Noweb.txt │ ├── Nunit.txt │ ├── O-UDA-1.0.txt │ ├── OCCT-PL.txt │ ├── OCLC-2.0.txt │ ├── ODC-By-1.0.txt │ ├── ODbL-1.0.txt │ ├── OFFIS.txt │ ├── OFL-1.0-RFN.txt │ ├── OFL-1.0-no-RFN.txt │ ├── OFL-1.0.txt │ ├── OFL-1.1-RFN.txt │ ├── OFL-1.1-no-RFN.txt │ ├── OFL-1.1.txt │ ├── OGC-1.0.txt │ ├── OGDL-Taiwan-1.0.txt │ ├── OGL-Canada-2.0.txt │ ├── OGL-UK-1.0.txt │ ├── OGL-UK-2.0.txt │ ├── OGL-UK-3.0.txt │ ├── OGTSL.txt │ ├── OLDAP-1.1.txt │ ├── OLDAP-1.2.txt │ ├── OLDAP-1.3.txt │ ├── OLDAP-1.4.txt │ ├── OLDAP-2.0.1.txt │ ├── OLDAP-2.0.txt │ ├── OLDAP-2.1.txt │ ├── OLDAP-2.2.1.txt │ ├── OLDAP-2.2.2.txt │ ├── OLDAP-2.2.txt │ ├── OLDAP-2.3.txt │ ├── OLDAP-2.4.txt │ ├── OLDAP-2.5.txt │ ├── OLDAP-2.6.txt │ ├── OLDAP-2.7.txt │ ├── OLDAP-2.8.txt │ ├── OLFL-1.3.txt │ ├── OML.txt │ ├── OPL-1.0.txt │ ├── OPL-UK-3.0.txt │ ├── OPUBL-1.0.txt │ ├── OSET-PL-2.1.txt │ ├── OSL-1.0.txt │ ├── OSL-1.1.txt │ ├── OSL-2.0.txt │ ├── OSL-2.1.txt │ ├── OSL-3.0.txt │ ├── OpenPBS-2.3.txt │ ├── OpenSSL-standalone.txt │ ├── OpenSSL.txt │ ├── OpenVision.txt │ ├── PADL.txt │ ├── PDDL-1.0.txt │ ├── PHP-3.0.txt │ ├── PHP-3.01.txt │ ├── PSF-2.0.txt │ ├── Parity-6.0.0.txt │ ├── Parity-7.0.0.txt │ ├── Pixar.txt │ ├── Plexus.txt │ ├── PolyForm-Noncommercial-1.0.0.txt │ ├── PolyForm-Small-Business-1.0.0.txt │ ├── PostgreSQL.txt │ ├── Python-2.0.1.txt │ ├── Python-2.0.txt │ ├── QPL-1.0-INRIA-2004.txt │ ├── QPL-1.0.txt │ ├── Qhull.txt │ ├── RHeCos-1.1.txt │ ├── RPL-1.1.txt │ ├── RPL-1.5.txt │ ├── RPSL-1.0.txt │ ├── RSA-MD.txt │ ├── RSCPL.txt │ ├── Rdisc.txt │ ├── Ruby.txt │ ├── SAX-PD-2.0.txt │ ├── SAX-PD.txt │ ├── SCEA.txt │ ├── SGI-B-1.0.txt │ ├── SGI-B-1.1.txt │ ├── SGI-B-2.0.txt │ ├── SGI-OpenGL.txt │ ├── SGP4.txt │ ├── SHL-0.5.txt │ ├── SHL-0.51.txt │ ├── SISSL-1.2.txt │ ├── SISSL.txt │ ├── SL.txt │ ├── SMLNJ.txt │ ├── SMPPL.txt │ ├── SNIA.txt │ ├── SPL-1.0.txt │ ├── SSH-OpenSSH.txt │ ├── SSH-short.txt │ ├── SSLeay-standalone.txt │ ├── SSPL-1.0.txt │ ├── SWL.txt │ ├── Saxpath.txt │ ├── SchemeReport.txt │ ├── Sendmail-8.23.txt │ ├── Sendmail.txt │ ├── SimPL-2.0.txt │ ├── Sleepycat.txt │ ├── Soundex.txt │ ├── Spencer-86.txt │ ├── Spencer-94.txt │ ├── Spencer-99.txt │ ├── StandardML-NJ.txt │ ├── SugarCRM-1.1.3.txt │ ├── Sun-PPP.txt │ ├── SunPro.txt │ ├── Symlinks.txt │ ├── TAPR-OHL-1.0.txt │ ├── TCL.txt │ ├── TCP-wrappers.txt │ ├── TGPPL-1.0.txt │ ├── TMate.txt │ ├── TORQUE-1.1.txt │ ├── TOSL.txt │ ├── TPDL.txt │ ├── TPL-1.0.txt │ ├── TTWL.txt │ ├── TTYP0.txt │ ├── TU-Berlin-1.0.txt │ ├── TU-Berlin-2.0.txt │ ├── TermReadKey.txt │ ├── UCAR.txt │ ├── UCL-1.0.txt │ ├── UMich-Merit.txt │ ├── UPL-1.0.txt │ ├── URT-RLE.txt │ ├── Unicode-3.0.txt │ ├── Unicode-DFS-2015.txt │ ├── Unicode-DFS-2016.txt │ ├── Unicode-TOU.txt │ ├── UnixCrypt.txt │ ├── Unlicense.txt │ ├── VOSTROM.txt │ ├── VSL-1.0.txt │ ├── Vim.txt │ ├── W3C-19980720.txt │ ├── W3C-20150513.txt │ ├── W3C.txt │ ├── WTFPL.txt │ ├── Watcom-1.0.txt │ ├── Widget-Workshop.txt │ ├── Wsuipa.txt │ ├── X11-distribute-modifications-variant.txt │ ├── X11.txt │ ├── XFree86-1.1.txt │ ├── XSkat.txt │ ├── Xdebug-1.03.txt │ ├── Xerox.txt │ ├── Xfig.txt │ ├── Xnet.txt │ ├── YPL-1.0.txt │ ├── YPL-1.1.txt │ ├── ZPL-1.1.txt │ ├── ZPL-2.0.txt │ ├── ZPL-2.1.txt │ ├── Zed.txt │ ├── Zeeff.txt │ ├── Zend-2.0.txt │ ├── Zimbra-1.3.txt │ ├── Zimbra-1.4.txt │ ├── Zlib.txt │ ├── bcrypt-Solar-Designer.txt │ ├── blessing.txt │ ├── bzip2-1.0.5.txt │ ├── bzip2-1.0.6.txt │ ├── check-cvs.txt │ ├── checkmk.txt │ ├── copyleft-next-0.3.0.txt │ ├── copyleft-next-0.3.1.txt │ ├── curl.txt │ ├── diffmark.txt │ ├── dtoa.txt │ ├── dvipdfm.txt │ ├── eCos-2.0.txt │ ├── eGenix.txt │ ├── etalab-2.0.txt │ ├── fwlw.txt │ ├── gSOAP-1.3b.txt │ ├── gnuplot.txt │ ├── gtkbook.txt │ ├── hdparm.txt │ ├── iMatix.txt │ ├── libpng-2.0.txt │ ├── libselinux-1.0.txt │ ├── libtiff.txt │ ├── libutil-David-Nugent.txt │ ├── licenses.json │ ├── lsof.txt │ ├── magaz.txt │ ├── mailprio.txt │ ├── metamail.txt │ ├── mpi-permissive.txt │ ├── mpich2.txt │ ├── mplus.txt │ ├── pnmstitch.txt │ ├── psfrag.txt │ ├── psutils.txt │ ├── python-ldap.txt │ ├── radvd.txt │ ├── snprintf.txt │ ├── softSurfer.txt │ ├── ssh-keyscan.txt │ ├── swrule.txt │ ├── ulem.txt │ ├── w3m.txt │ ├── wxWindows.txt │ ├── xinetd.txt │ ├── xkeyboard-config-Zinoviev.txt │ ├── xlock.txt │ ├── xpp.txt │ └── zlib-acknowledgement.txt │ ├── spdx.schema.json │ └── spdx.xsd └── test ├── java └── org │ └── cyclonedx │ ├── BomJsonGeneratorTest.java │ ├── BomParserFactoryTest.java │ ├── BomXmlGeneratorTest.java │ ├── FormatTest.java │ ├── Issue214RegressionTest.java │ ├── VersionTest.java │ ├── parse │ ├── BaseParseTest.java │ ├── JsonParseTest.java │ └── XmlParseTest.java │ ├── parsers │ ├── AbstractParserTest.java │ ├── JsonParserTest.java │ └── XmlParserTest.java │ ├── schema │ ├── BaseSchemaVerificationTest.java │ ├── JsonSchemaVerificationTest.java │ └── XmlSchemaVerificationTest.java │ └── util │ ├── BomLinkTest.java │ ├── BomUtilsTest.java │ ├── LicenseResolverTest.java │ ├── ObjectLocatorTest.java │ └── TimestampUtilsTest.java └── resources ├── 1.0 ├── valid-bom-1.0.xml └── valid-component-hashes-1.0.xml ├── 1.1 ├── invalid-component-ref-1.1.xml ├── invalid-component-type-1.1.xml ├── invalid-empty-component-1.1.xml ├── invalid-hash-alg-1.1.xml ├── invalid-hash-md5-1.1.xml ├── invalid-hash-sha1-1.1.xml ├── invalid-hash-sha256-1.1.xml ├── invalid-hash-sha512-1.1.xml ├── invalid-license-choice-1.1.xml ├── invalid-license-encoding-1.1.xml ├── invalid-license-id-1.1.xml ├── invalid-license-id-count-1.1.xml ├── invalid-license-name-count-1.1.xml ├── invalid-missing-component-type-1.1.xml ├── invalid-namespace-1.1.xml ├── invalid-scope-1.1.xml ├── invalid-serialnumber-1.1.xml ├── valid-bom-1.1.xml ├── valid-component-hashes-1.1.xml ├── valid-component-ref-1.1.xml ├── valid-component-types-1.1.xml ├── valid-empty-components-1.1.xml ├── valid-external-elements-1.1.xml ├── valid-license-expression-1.1.xml ├── valid-license-id-1.1.xml ├── valid-license-name-1.1.xml ├── valid-minimal-viable-1.1.xml ├── valid-random-attributes-1.1.xml └── valid-xml-signature-1.1.xml ├── 1.2 ├── invalid-bomformat-1.2.json ├── invalid-component-ref-1.2.json ├── invalid-component-ref-1.2.xml ├── invalid-component-swid-1.2.json ├── invalid-component-swid-1.2.xml ├── invalid-component-type-1.2.json ├── invalid-component-type-1.2.xml ├── invalid-dependency-1.2.json ├── invalid-dependency-1.2.xml ├── invalid-empty-component-1.2.json ├── invalid-empty-component-1.2.xml ├── invalid-hash-alg-1.2.json ├── invalid-hash-alg-1.2.xml ├── invalid-hash-md5-1.2.json ├── invalid-hash-md5-1.2.xml ├── invalid-hash-sha1-1.2.json ├── invalid-hash-sha1-1.2.xml ├── invalid-hash-sha256-1.2.json ├── invalid-hash-sha256-1.2.xml ├── invalid-hash-sha512-1.2.json ├── invalid-hash-sha512-1.2.xml ├── invalid-issue-type-1.2.json ├── invalid-issue-type-1.2.xml ├── invalid-license-choice-1.2.json ├── invalid-license-choice-1.2.xml ├── invalid-license-encoding-1.2.json ├── invalid-license-encoding-1.2.xml ├── invalid-license-id-1.2.json ├── invalid-license-id-1.2.xml ├── invalid-license-id-count-1.2.xml ├── invalid-license-name-count-1.2.xml ├── invalid-metadata-timestamp-1.2.json ├── invalid-metadata-timestamp-1.2.xml ├── invalid-missing-component-type-1.2.json ├── invalid-missing-component-type-1.2.xml ├── invalid-namespace-1.2.xml ├── invalid-patch-type-1.2.json ├── invalid-patch-type-1.2.xml ├── invalid-scope-1.2.json ├── invalid-scope-1.2.xml ├── invalid-serialnumber-1.2.json ├── invalid-serialnumber-1.2.xml ├── invalid-service-data-1.2.json ├── invalid-service-data-1.2.xml ├── valid-assembly-1.2.json ├── valid-assembly-1.2.xml ├── valid-bom-1.2.json ├── valid-bom-1.2.xml ├── valid-component-hashes-1.2.json ├── valid-component-hashes-1.2.xml ├── valid-component-ref-1.2.json ├── valid-component-ref-1.2.xml ├── valid-component-swid-1.2.json ├── valid-component-swid-1.2.xml ├── valid-component-swid-full-1.2.json ├── valid-component-swid-full-1.2.xml ├── valid-component-types-1.2.json ├── valid-component-types-1.2.xml ├── valid-dependency-1.2.json ├── valid-dependency-1.2.xml ├── valid-empty-components-1.2.json ├── valid-empty-components-1.2.xml ├── valid-external-elements-1.2.xml ├── valid-license-expression-1.2.json ├── valid-license-expression-1.2.xml ├── valid-license-id-1.2.json ├── valid-license-id-1.2.xml ├── valid-license-name-1.2.json ├── valid-license-name-1.2.xml ├── valid-metadata-author-1.2.json ├── valid-metadata-author-1.2.xml ├── valid-metadata-manufacture-1.2.json ├── valid-metadata-manufacture-1.2.xml ├── valid-metadata-supplier-1.2.json ├── valid-metadata-supplier-1.2.xml ├── valid-metadata-timestamp-1.2.json ├── valid-metadata-timestamp-1.2.xml ├── valid-metadata-tool-1.2.json ├── valid-metadata-tool-1.2.xml ├── valid-minimal-viable-1.2.json ├── valid-minimal-viable-1.2.xml ├── valid-patch-1.2.json ├── valid-patch-1.2.xml ├── valid-random-attributes-1.2.xml ├── valid-service-1.2.json ├── valid-service-1.2.xml ├── valid-service-empty-objects-1.2.json ├── valid-service-empty-objects-1.2.xml └── valid-xml-signature-1.2.xml ├── 1.3 ├── invalid-bomformat-1.3.json ├── invalid-component-ref-1.3.json ├── invalid-component-ref-1.3.xml ├── invalid-component-swid-1.3.json ├── invalid-component-swid-1.3.xml ├── invalid-component-type-1.3.json ├── invalid-component-type-1.3.xml ├── invalid-dependency-1.3.json ├── invalid-dependency-1.3.xml ├── invalid-empty-component-1.3.json ├── invalid-empty-component-1.3.xml ├── invalid-hash-alg-1.3.json ├── invalid-hash-alg-1.3.xml ├── invalid-hash-md5-1.3.json ├── invalid-hash-md5-1.3.xml ├── invalid-hash-sha1-1.3.json ├── invalid-hash-sha1-1.3.xml ├── invalid-hash-sha256-1.3.json ├── invalid-hash-sha256-1.3.xml ├── invalid-hash-sha512-1.3.json ├── invalid-hash-sha512-1.3.xml ├── invalid-issue-type-1.3.json ├── invalid-issue-type-1.3.xml ├── invalid-license-choice-1.3.json ├── invalid-license-choice-1.3.xml ├── invalid-license-encoding-1.3.json ├── invalid-license-encoding-1.3.xml ├── invalid-license-id-1.3.json ├── invalid-license-id-1.3.xml ├── invalid-license-id-count-1.3.xml ├── invalid-license-name-count-1.3.xml ├── invalid-metadata-license-1.3.json ├── invalid-metadata-license-1.3.xml ├── invalid-metadata-timestamp-1.3.json ├── invalid-metadata-timestamp-1.3.xml ├── invalid-missing-component-type-1.3.json ├── invalid-missing-component-type-1.3.xml ├── invalid-namespace-1.3.xml ├── invalid-patch-type-1.3.json ├── invalid-patch-type-1.3.xml ├── invalid-scope-1.3.json ├── invalid-scope-1.3.xml ├── invalid-serialnumber-1.3.json ├── invalid-serialnumber-1.3.xml ├── invalid-service-data-1.3.json ├── invalid-service-data-1.3.xml ├── valid-assembly-1.3.json ├── valid-assembly-1.3.textproto ├── valid-assembly-1.3.xml ├── valid-bom-1.3.json ├── valid-bom-1.3.textproto ├── valid-bom-1.3.xml ├── valid-component-hashes-1.3.json ├── valid-component-hashes-1.3.textproto ├── valid-component-hashes-1.3.xml ├── valid-component-ref-1.3.json ├── valid-component-ref-1.3.textproto ├── valid-component-ref-1.3.xml ├── valid-component-swid-1.3.json ├── valid-component-swid-1.3.textproto ├── valid-component-swid-1.3.xml ├── valid-component-swid-full-1.3.json ├── valid-component-swid-full-1.3.textproto ├── valid-component-swid-full-1.3.xml ├── valid-component-types-1.3.json ├── valid-component-types-1.3.textproto ├── valid-component-types-1.3.xml ├── valid-compositions-1.3.json ├── valid-compositions-1.3.textproto ├── valid-compositions-1.3.xml ├── valid-dependency-1.3.json ├── valid-dependency-1.3.textproto ├── valid-dependency-1.3.xml ├── valid-empty-components-1.3.json ├── valid-empty-components-1.3.textproto ├── valid-empty-components-1.3.xml ├── valid-evidence-1.3.json ├── valid-evidence-1.3.textproto ├── valid-evidence-1.3.xml ├── valid-external-elements-1.3.xml ├── valid-external-reference-1.3.json ├── valid-external-reference-1.3.textproto ├── valid-external-reference-1.3.xml ├── valid-license-expression-1.3.json ├── valid-license-expression-1.3.textproto ├── valid-license-expression-1.3.xml ├── valid-license-id-1.3.json ├── valid-license-id-1.3.textproto ├── valid-license-id-1.3.xml ├── valid-license-name-1.3.json ├── valid-license-name-1.3.textproto ├── valid-license-name-1.3.xml ├── valid-metadata-author-1.3.json ├── valid-metadata-author-1.3.textproto ├── valid-metadata-author-1.3.xml ├── valid-metadata-license-1.3.json ├── valid-metadata-license-1.3.textproto ├── valid-metadata-license-1.3.xml ├── valid-metadata-manufacture-1.3.json ├── valid-metadata-manufacture-1.3.textproto ├── valid-metadata-manufacture-1.3.xml ├── valid-metadata-supplier-1.3.json ├── valid-metadata-supplier-1.3.textproto ├── valid-metadata-supplier-1.3.xml ├── valid-metadata-timestamp-1.3.json ├── valid-metadata-timestamp-1.3.textproto ├── valid-metadata-timestamp-1.3.xml ├── valid-metadata-tool-1.3.json ├── valid-metadata-tool-1.3.textproto ├── valid-metadata-tool-1.3.xml ├── valid-minimal-viable-1.3.json ├── valid-minimal-viable-1.3.textproto ├── valid-minimal-viable-1.3.xml ├── valid-patch-1.3.json ├── valid-patch-1.3.textproto ├── valid-patch-1.3.xml ├── valid-properties-1.3.json ├── valid-properties-1.3.textproto ├── valid-properties-1.3.xml ├── valid-random-attributes-1.3.xml ├── valid-service-1.3.json ├── valid-service-1.3.textproto ├── valid-service-1.3.xml ├── valid-service-empty-objects-1.3.json ├── valid-service-empty-objects-1.3.textproto ├── valid-service-empty-objects-1.3.xml └── valid-xml-signature-1.3.xml ├── 1.4 ├── invalid-bomformat-1.4.json ├── invalid-component-ref-1.4.json ├── invalid-component-ref-1.4.xml ├── invalid-component-swid-1.4.json ├── invalid-component-swid-1.4.xml ├── invalid-component-type-1.4.json ├── invalid-component-type-1.4.xml ├── invalid-dependency-1.4.json ├── invalid-dependency-1.4.xml ├── invalid-empty-component-1.4.json ├── invalid-empty-component-1.4.xml ├── invalid-hash-alg-1.4.json ├── invalid-hash-alg-1.4.xml ├── invalid-hash-md5-1.4.json ├── invalid-hash-md5-1.4.xml ├── invalid-hash-sha1-1.4.json ├── invalid-hash-sha1-1.4.xml ├── invalid-hash-sha256-1.4.json ├── invalid-hash-sha256-1.4.xml ├── invalid-hash-sha512-1.4.json ├── invalid-hash-sha512-1.4.xml ├── invalid-issue-type-1.4.json ├── invalid-issue-type-1.4.xml ├── invalid-license-choice-1.4.json ├── invalid-license-choice-1.4.xml ├── invalid-license-encoding-1.4.json ├── invalid-license-encoding-1.4.xml ├── invalid-license-id-1.4.json ├── invalid-license-id-1.4.xml ├── invalid-license-id-count-1.4.xml ├── invalid-license-name-count-1.4.xml ├── invalid-metadata-license-1.4.json ├── invalid-metadata-license-1.4.xml ├── invalid-metadata-timestamp-1.4.json ├── invalid-metadata-timestamp-1.4.xml ├── invalid-missing-component-type-1.4.json ├── invalid-missing-component-type-1.4.xml ├── invalid-namespace-1.4.xml ├── invalid-patch-type-1.4.json ├── invalid-patch-type-1.4.xml ├── invalid-scope-1.4.json ├── invalid-scope-1.4.xml ├── invalid-serialnumber-1.4.json ├── invalid-serialnumber-1.4.xml ├── invalid-service-data-1.4.json ├── invalid-service-data-1.4.xml ├── valid-assembly-1.4.json ├── valid-assembly-1.4.textproto ├── valid-assembly-1.4.xml ├── valid-bom-1.4.json ├── valid-bom-1.4.textproto ├── valid-bom-1.4.xml ├── valid-component-hashes-1.4.json ├── valid-component-hashes-1.4.textproto ├── valid-component-hashes-1.4.xml ├── valid-component-ref-1.4.json ├── valid-component-ref-1.4.textproto ├── valid-component-ref-1.4.xml ├── valid-component-swid-1.4.json ├── valid-component-swid-1.4.textproto ├── valid-component-swid-1.4.xml ├── valid-component-swid-full-1.4.json ├── valid-component-swid-full-1.4.textproto ├── valid-component-swid-full-1.4.xml ├── valid-component-types-1.4.json ├── valid-component-types-1.4.textproto ├── valid-component-types-1.4.xml ├── valid-compositions-1.4.json ├── valid-compositions-1.4.textproto ├── valid-compositions-1.4.xml ├── valid-dependency-1.4.json ├── valid-dependency-1.4.textproto ├── valid-dependency-1.4.xml ├── valid-empty-components-1.4.json ├── valid-empty-components-1.4.textproto ├── valid-empty-components-1.4.xml ├── valid-evidence-1.4.json ├── valid-evidence-1.4.textproto ├── valid-evidence-1.4.xml ├── valid-external-elements-1.4.xml ├── valid-external-reference-1.4.json ├── valid-external-reference-1.4.textproto ├── valid-external-reference-1.4.xml ├── valid-license-expression-1.4.json ├── valid-license-expression-1.4.textproto ├── valid-license-expression-1.4.xml ├── valid-license-id-1.4.json ├── valid-license-id-1.4.textproto ├── valid-license-id-1.4.xml ├── valid-license-name-1.4.json ├── valid-license-name-1.4.textproto ├── valid-license-name-1.4.xml ├── valid-metadata-author-1.4.json ├── valid-metadata-author-1.4.textproto ├── valid-metadata-author-1.4.xml ├── valid-metadata-license-1.4.json ├── valid-metadata-license-1.4.textproto ├── valid-metadata-license-1.4.xml ├── valid-metadata-manufacture-1.4.json ├── valid-metadata-manufacture-1.4.textproto ├── valid-metadata-manufacture-1.4.xml ├── valid-metadata-supplier-1.4.json ├── valid-metadata-supplier-1.4.textproto ├── valid-metadata-supplier-1.4.xml ├── valid-metadata-timestamp-1.4.json ├── valid-metadata-timestamp-1.4.textproto ├── valid-metadata-timestamp-1.4.xml ├── valid-metadata-tool-1.4.json ├── valid-metadata-tool-1.4.textproto ├── valid-metadata-tool-1.4.xml ├── valid-minimal-viable-1.4.json ├── valid-minimal-viable-1.4.textproto ├── valid-minimal-viable-1.4.xml ├── valid-patch-1.4.json ├── valid-patch-1.4.textproto ├── valid-patch-1.4.xml ├── valid-properties-1.4.json ├── valid-properties-1.4.textproto ├── valid-properties-1.4.xml ├── valid-random-attributes-1.4.xml ├── valid-release-notes-1.4.json ├── valid-release-notes-1.4.textproto ├── valid-release-notes-1.4.xml ├── valid-service-1.4.json ├── valid-service-1.4.textproto ├── valid-service-1.4.xml ├── valid-service-empty-objects-1.4.json ├── valid-service-empty-objects-1.4.textproto ├── valid-service-empty-objects-1.4.xml ├── valid-signatures-1.4.json ├── valid-vulnerability-1.4.json ├── valid-vulnerability-1.4.textproto ├── valid-vulnerability-1.4.xml └── valid-xml-signature-1.4.xml ├── 1.5 ├── invalid-bomformat-1.5.json ├── invalid-component-ref-1.5.json ├── invalid-component-ref-1.5.xml ├── invalid-component-swid-1.5.json ├── invalid-component-swid-1.5.xml ├── invalid-component-type-1.5.json ├── invalid-component-type-1.5.xml ├── invalid-dependency-1.5.json ├── invalid-dependency-1.5.xml ├── invalid-empty-component-1.5.json ├── invalid-empty-component-1.5.xml ├── invalid-hash-alg-1.5.json ├── invalid-hash-alg-1.5.xml ├── invalid-hash-md5-1.5.json ├── invalid-hash-md5-1.5.xml ├── invalid-hash-sha1-1.5.json ├── invalid-hash-sha1-1.5.xml ├── invalid-hash-sha256-1.5.json ├── invalid-hash-sha256-1.5.xml ├── invalid-hash-sha512-1.5.json ├── invalid-hash-sha512-1.5.xml ├── invalid-issue-type-1.5.json ├── invalid-issue-type-1.5.xml ├── invalid-license-choice-1.5.json ├── invalid-license-choice-1.5.xml ├── invalid-license-encoding-1.5.json ├── invalid-license-encoding-1.5.xml ├── invalid-license-id-1.5.json ├── invalid-license-id-1.5.xml ├── invalid-license-id-count-1.5.xml ├── invalid-license-name-count-1.5.xml ├── invalid-metadata-license-1.5.json ├── invalid-metadata-license-1.5.xml ├── invalid-metadata-timestamp-1.5.json ├── invalid-metadata-timestamp-1.5.xml ├── invalid-missing-component-type-1.5.json ├── invalid-missing-component-type-1.5.xml ├── invalid-namespace-1.5.xml ├── invalid-patch-type-1.5.json ├── invalid-patch-type-1.5.xml ├── invalid-scope-1.5.json ├── invalid-scope-1.5.xml ├── invalid-serialnumber-1.5.json ├── invalid-serialnumber-1.5.xml ├── invalid-service-data-1.5.json ├── invalid-service-data-1.5.xml ├── valid-annonation-1.5.xml ├── valid-annotation-1.5.json ├── valid-annotation-1.5.textproto ├── valid-annotation-1.5.xml ├── valid-assembly-1.5.json ├── valid-assembly-1.5.textproto ├── valid-assembly-1.5.xml ├── valid-bom-1.5.json ├── valid-bom-1.5.textproto ├── valid-bom-1.5.xml ├── valid-component-hashes-1.5.json ├── valid-component-hashes-1.5.textproto ├── valid-component-hashes-1.5.xml ├── valid-component-ref-1.5.json ├── valid-component-ref-1.5.textproto ├── valid-component-ref-1.5.xml ├── valid-component-swid-1.5.json ├── valid-component-swid-1.5.textproto ├── valid-component-swid-1.5.xml ├── valid-component-swid-full-1.5.json ├── valid-component-swid-full-1.5.textproto ├── valid-component-swid-full-1.5.xml ├── valid-component-types-1.5.json ├── valid-component-types-1.5.textproto ├── valid-component-types-1.5.xml ├── valid-compositions-1.5.json ├── valid-compositions-1.5.textproto ├── valid-compositions-1.5.xml ├── valid-dependency-1.5.json ├── valid-dependency-1.5.textproto ├── valid-dependency-1.5.xml ├── valid-empty-components-1.5.json ├── valid-empty-components-1.5.textproto ├── valid-empty-components-1.5.xml ├── valid-evidence-1.5.json ├── valid-evidence-1.5.textproto ├── valid-evidence-1.5.xml ├── valid-evidence-1.5_2.json ├── valid-evidence-1.5_2.xml ├── valid-external-elements-1.5.xml ├── valid-external-reference-1.5.json ├── valid-external-reference-1.5.textproto ├── valid-external-reference-1.5.xml ├── valid-formulation-1.5.json ├── valid-formulation-1.5.textproto ├── valid-formulation-1.5.xml ├── valid-license-expression-1.5.json ├── valid-license-expression-1.5.textproto ├── valid-license-expression-1.5.xml ├── valid-license-id-1.5.json ├── valid-license-id-1.5.textproto ├── valid-license-id-1.5.xml ├── valid-license-licensing-1.5.json ├── valid-license-licensing-1.5.textproto ├── valid-license-licensing-1.5.xml ├── valid-license-name-1.5.json ├── valid-license-name-1.5.textproto ├── valid-license-name-1.5.xml ├── valid-machine-learning-1.5.json ├── valid-machine-learning-1.5.textproto ├── valid-machine-learning-1.5.xml ├── valid-metadata-author-1.5.json ├── valid-metadata-author-1.5.textproto ├── valid-metadata-author-1.5.xml ├── valid-metadata-license-1.5.json ├── valid-metadata-license-1.5.textproto ├── valid-metadata-license-1.5.xml ├── valid-metadata-lifecycle-1.5.json ├── valid-metadata-lifecycle-1.5.textproto ├── valid-metadata-lifecycle-1.5.xml ├── valid-metadata-manufacture-1.5.json ├── valid-metadata-manufacture-1.5.textproto ├── valid-metadata-manufacture-1.5.xml ├── valid-metadata-supplier-1.5.json ├── valid-metadata-supplier-1.5.textproto ├── valid-metadata-supplier-1.5.xml ├── valid-metadata-timestamp-1.5.json ├── valid-metadata-timestamp-1.5.textproto ├── valid-metadata-timestamp-1.5.xml ├── valid-metadata-tool-1.5.json ├── valid-metadata-tool-1.5.textproto ├── valid-metadata-tool-1.5.xml ├── valid-metadata-tool-deprecated-1.5.json ├── valid-metadata-tool-deprecated-1.5.textproto ├── valid-metadata-tool-deprecated-1.5.xml ├── valid-minimal-viable-1.5.json ├── valid-minimal-viable-1.5.textproto ├── valid-minimal-viable-1.5.xml ├── valid-patch-1.5.json ├── valid-patch-1.5.textproto ├── valid-patch-1.5.xml ├── valid-properties-1.5.json ├── valid-properties-1.5.textproto ├── valid-properties-1.5.xml ├── valid-random-attributes-1.5.xml ├── valid-release-notes-1.5.json ├── valid-release-notes-1.5.textproto ├── valid-release-notes-1.5.xml ├── valid-saasbom-1.5.json ├── valid-saasbom-1.5.textproto ├── valid-saasbom-1.5.xml ├── valid-service-1.5.json ├── valid-service-1.5.textproto ├── valid-service-1.5.xml ├── valid-service-empty-objects-1.5.json ├── valid-service-empty-objects-1.5.textproto ├── valid-service-empty-objects-1.5.xml ├── valid-signatures-1.5.json ├── valid-vulnerability-1.5.json ├── valid-vulnerability-1.5.textproto ├── valid-vulnerability-1.5.xml ├── valid-vulnerability-tool-1.5.json ├── valid-vulnerability-tool-1.5.textproto ├── valid-vulnerability-tool-1.5.xml ├── valid-vulnerability-tool-deprecated-1.5.json ├── valid-vulnerability-tool-deprecated-1.5.textproto ├── valid-vulnerability-tool-deprecated-1.5.xml └── valid-xml-signature-1.5.xml ├── 1.6 ├── invalid-bomformat-1.6.json ├── invalid-component-ref-1.6.json ├── invalid-component-ref-1.6.xml ├── invalid-component-swid-1.6.json ├── invalid-component-swid-1.6.xml ├── invalid-component-type-1.6.json ├── invalid-component-type-1.6.xml ├── invalid-dependency-1.6.json ├── invalid-dependency-1.6.xml ├── invalid-empty-component-1.6.json ├── invalid-empty-component-1.6.xml ├── invalid-hash-alg-1.6.json ├── invalid-hash-alg-1.6.xml ├── invalid-hash-md5-1.6.json ├── invalid-hash-md5-1.6.xml ├── invalid-hash-sha1-1.6.json ├── invalid-hash-sha1-1.6.xml ├── invalid-hash-sha256-1.6.json ├── invalid-hash-sha256-1.6.xml ├── invalid-hash-sha512-1.6.json ├── invalid-hash-sha512-1.6.xml ├── invalid-issue-type-1.6.json ├── invalid-issue-type-1.6.xml ├── invalid-license-choice-1.6.json ├── invalid-license-choice-1.6.xml ├── invalid-license-encoding-1.6.json ├── invalid-license-encoding-1.6.xml ├── invalid-license-id-1.6.json ├── invalid-license-id-1.6.xml ├── invalid-license-id-count-1.6.xml ├── invalid-license-missing-id-and-name-1.6.json ├── invalid-license-missing-id-and-name-1.6.textproto ├── invalid-license-missing-id-and-name-1.6.xml ├── invalid-license-name-count-1.6.xml ├── invalid-metadata-license-1.6.json ├── invalid-metadata-license-1.6.xml ├── invalid-metadata-timestamp-1.6.json ├── invalid-metadata-timestamp-1.6.xml ├── invalid-missing-component-type-1.6.json ├── invalid-missing-component-type-1.6.xml ├── invalid-namespace-1.6.xml ├── invalid-patch-type-1.6.json ├── invalid-patch-type-1.6.xml ├── invalid-properties-1.6.json ├── invalid-properties-1.6.textproto ├── invalid-properties-1.6.xml ├── invalid-scope-1.6.json ├── invalid-scope-1.6.xml ├── invalid-serialnumber-1.6.json ├── invalid-serialnumber-1.6.xml ├── invalid-service-data-1.6.json ├── invalid-service-data-1.6.xml ├── valid-annotation-1.6.json ├── valid-annotation-1.6.textproto ├── valid-annotation-1.6.xml ├── valid-assembly-1.6.json ├── valid-assembly-1.6.textproto ├── valid-assembly-1.6.xml ├── valid-attestation-1.6.json ├── valid-attestation-1.6.textproto ├── valid-attestation-1.6.xml ├── valid-bom-1.6.json ├── valid-bom-1.6.textproto ├── valid-bom-1.6.xml ├── valid-component-data-1.6.json ├── valid-component-data-1.6.textproto ├── valid-component-data-1.6.xml ├── valid-component-hashes-1.6.json ├── valid-component-hashes-1.6.textproto ├── valid-component-hashes-1.6.xml ├── valid-component-identifiers-1.6.json ├── valid-component-identifiers-1.6.textproto ├── valid-component-identifiers-1.6.xml ├── valid-component-ref-1.6.json ├── valid-component-ref-1.6.textproto ├── valid-component-ref-1.6.xml ├── valid-component-swid-1.6.json ├── valid-component-swid-1.6.textproto ├── valid-component-swid-1.6.xml ├── valid-component-swid-full-1.6.json ├── valid-component-swid-full-1.6.textproto ├── valid-component-swid-full-1.6.xml ├── valid-component-types-1.6.json ├── valid-component-types-1.6.textproto ├── valid-component-types-1.6.xml ├── valid-compositions-1.6.json ├── valid-compositions-1.6.textproto ├── valid-compositions-1.6.xml ├── valid-cryptography-full-1.6.json ├── valid-cryptography-full-1.6.textproto ├── valid-cryptography-full-1.6.xml ├── valid-cryptography-implementation-1.6.json ├── valid-cryptography-implementation-1.6.textproto ├── valid-cryptography-implementation-1.6.xml ├── valid-dependency-1.6.json ├── valid-dependency-1.6.textproto ├── valid-dependency-1.6.xml ├── valid-empty-components-1.6.json ├── valid-empty-components-1.6.textproto ├── valid-empty-components-1.6.xml ├── valid-evidence-1.6.json ├── valid-evidence-1.6.textproto ├── valid-evidence-1.6.xml ├── valid-external-elements-1.6.xml ├── valid-external-reference-1.6.json ├── valid-external-reference-1.6.textproto ├── valid-external-reference-1.6.xml ├── valid-formulation-1.6.json ├── valid-formulation-1.6.textproto ├── valid-formulation-1.6.xml ├── valid-license-expression-1.6.json ├── valid-license-expression-1.6.textproto ├── valid-license-expression-1.6.xml ├── valid-license-id-1.6.json ├── valid-license-id-1.6.textproto ├── valid-license-id-1.6.xml ├── valid-license-licensing-1.6.json ├── valid-license-licensing-1.6.textproto ├── valid-license-licensing-1.6.xml ├── valid-license-name-1.6.json ├── valid-license-name-1.6.textproto ├── valid-license-name-1.6.xml ├── valid-machine-learning-1.6.json ├── valid-machine-learning-1.6.textproto ├── valid-machine-learning-1.6.xml ├── valid-machine-learning-considerations-env-1.6.json ├── valid-machine-learning-considerations-env-1.6.textproto ├── valid-machine-learning-considerations-env-1.6.xml ├── valid-metadata-author-1.6.json ├── valid-metadata-author-1.6.textproto ├── valid-metadata-author-1.6.xml ├── valid-metadata-license-1.6.json ├── valid-metadata-license-1.6.textproto ├── valid-metadata-license-1.6.xml ├── valid-metadata-lifecycle-1.6.json ├── valid-metadata-lifecycle-1.6.textproto ├── valid-metadata-lifecycle-1.6.xml ├── valid-metadata-manufacture-1.6.json ├── valid-metadata-manufacture-1.6.textproto ├── valid-metadata-manufacture-1.6.xml ├── valid-metadata-manufacturer-1.6.json ├── valid-metadata-manufacturer-1.6.textproto ├── valid-metadata-manufacturer-1.6.xml ├── valid-metadata-supplier-1.6.json ├── valid-metadata-supplier-1.6.textproto ├── valid-metadata-supplier-1.6.xml ├── valid-metadata-timestamp-1.6.json ├── valid-metadata-timestamp-1.6.textproto ├── valid-metadata-timestamp-1.6.xml ├── valid-metadata-tool-1.6.json ├── valid-metadata-tool-1.6.textproto ├── valid-metadata-tool-1.6.xml ├── valid-metadata-tool-deprecated-1.6.json ├── valid-metadata-tool-deprecated-1.6.textproto ├── valid-metadata-tool-deprecated-1.6.xml ├── valid-minimal-viable-1.6.json ├── valid-minimal-viable-1.6.textproto ├── valid-minimal-viable-1.6.xml ├── valid-patch-1.6.json ├── valid-patch-1.6.textproto ├── valid-patch-1.6.xml ├── valid-properties-1.6.json ├── valid-properties-1.6.textproto ├── valid-properties-1.6.xml ├── valid-random-attributes-1.6.xml ├── valid-release-notes-1.6.json ├── valid-release-notes-1.6.textproto ├── valid-release-notes-1.6.xml ├── valid-saasbom-1.6.json ├── valid-saasbom-1.6.textproto ├── valid-saasbom-1.6.xml ├── valid-service-1.6.json ├── valid-service-1.6.textproto ├── valid-service-1.6.xml ├── valid-service-empty-objects-1.6.json ├── valid-service-empty-objects-1.6.textproto ├── valid-service-empty-objects-1.6.xml ├── valid-signatures-1.6.json ├── valid-standard-1.6.json ├── valid-standard-1.6.textproto ├── valid-standard-1.6.xml ├── valid-tags-1.6.json ├── valid-tags-1.6.textproto ├── valid-tags-1.6.xml ├── valid-vulnerability-1.6.json ├── valid-vulnerability-1.6.textproto ├── valid-vulnerability-1.6.xml ├── valid-vulnerability-tool-1.6.json ├── valid-vulnerability-tool-1.6.textproto ├── valid-vulnerability-tool-1.6.xml ├── valid-vulnerability-tool-deprecated-1.6.json ├── valid-vulnerability-tool-deprecated-1.6.textproto ├── valid-vulnerability-tool-deprecated-1.6.xml └── valid-xml-signature-1.6.xml ├── README.txt ├── bom-1.0.xml ├── bom-1.1-dependency-graph-1.0.xml ├── bom-1.1-vulnerability-1.0.xml ├── bom-1.1.xml ├── bom-1.2-metadata-pedigree.xml ├── bom-1.2-pedigree-example.xml ├── bom-1.2-pedigree.xml ├── bom-1.2.json ├── bom-1.2.xml ├── bom-1.3.json ├── bom-1.3.xml ├── bom-1.4-bomlink.json ├── bom-1.4-bomlink.xml ├── bom-1.4.json ├── bom-1.4.xml ├── bom-1.5.json ├── bom-1.5.xml ├── bom-1.5_ejemplo.xml ├── bom-object-locator.json ├── hashtest.txt ├── regression ├── issue214-expected-output.json ├── issue214-expected-output.xml ├── issue336.json ├── issue336.xml ├── issue338-multiple-tools.json ├── issue338-multiple-tools.xml ├── issue338-single-tool.json ├── issue338-single-tool.xml ├── issue343-empty-hashes.json ├── issue343-empty-hashes.xml ├── issue408-1.5.json ├── issue408-1.5.xml ├── issue408-extensible-type.xml ├── issue408-external-reference.json ├── issue408-external-reference.xml ├── issue408.json ├── issue408.xml ├── issue492.json ├── issue492.xml ├── issue507.json ├── issue562.json ├── issue562.xml ├── issue571.json ├── issue571.xml └── valid-metadata-tool-no-services.xml ├── security └── xxe-protection.xml ├── test-ext ├── dummy.xsd └── dummy2.xsd └── valid-ext-vulnerability-1.4.xml /.gitattributes: -------------------------------------------------------------------------------- 1 | * text=auto 2 | 3 | # This file is used for computing hashes which must not differ by platform 4 | src/test/resources/hashtest.txt text eol=lf 5 | 6 | # Shell scripts must always use LF even on Windows 7 | *.sh text eol=lf 8 | 9 | # These are explicitly Windows files and should use crlf 10 | *.bat text eol=crlf 11 | -------------------------------------------------------------------------------- /.github/dependabot.yml: -------------------------------------------------------------------------------- 1 | version: 2 2 | updates: 3 | - package-ecosystem: "maven" 4 | directory: "/" 5 | schedule: 6 | interval: "daily" 7 | 8 | - package-ecosystem: "github-actions" 9 | directory: "/" 10 | schedule: 11 | interval: "daily" 12 | -------------------------------------------------------------------------------- /.github/lock.yml: -------------------------------------------------------------------------------- 1 | # Configuration for lock-threads - https://github.com/dessant/lock-threads 2 | daysUntilLock: 90 3 | exemptLabels: [] 4 | lockLabel: false 5 | lockComment: > 6 | This thread has been automatically locked since there has not been 7 | any recent activity after it was closed. Please open a new issue for 8 | related bugs. 9 | setLockReason: true 10 | -------------------------------------------------------------------------------- /.github/release.yml: -------------------------------------------------------------------------------- 1 | changelog: 2 | categories: 3 | - title: Breaking Changes 🚨 4 | labels: 5 | - breaking change 6 | - title: Enhancements 🚀 7 | labels: 8 | - enhancement 9 | - title: Bug Fixes 🐛 10 | labels: 11 | - bug 12 | - title: Dependency Updates 🤖 13 | labels: 14 | - dependencies 15 | - title: Documentation 📃 16 | labels: 17 | - documentation 18 | - title: Other Changes 19 | labels: 20 | - "*" -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- 1 | target 2 | *.iml 3 | .idea/ 4 | dependency-reduced-pom.xml 5 | .DS_Store 6 | -------------------------------------------------------------------------------- /CODEOWNERS: -------------------------------------------------------------------------------- 1 | * @CycloneDX/java-maintainers 2 | -------------------------------------------------------------------------------- /NOTICE: -------------------------------------------------------------------------------- 1 | CycloneDX Core Java 2 | Copyright (c) OWASP Foundation 3 | 4 | This product includes software developed by the 5 | CycloneDX community (https://cyclonedx.org/). 6 | -------------------------------------------------------------------------------- /release.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | export JAVA_HOME=`/usr/libexec/java_home -v 1.8` 3 | export PATH=JAVA_HOME/bin:$PATH 4 | 5 | read -p "Really deploy to Maven Central repository (Y/N)? " 6 | if ( [ "$REPLY" == "Y" ] ) then 7 | 8 | mvn clean 9 | mvn release:clean release:prepare release:perform -Prelease -e | tee release.log 10 | 11 | else 12 | echo -e "Exit without deploy" 13 | fi 14 | -------------------------------------------------------------------------------- /src/main/java/org/cyclonedx/model/DependencyList.java: -------------------------------------------------------------------------------- 1 | package org.cyclonedx.model; 2 | 3 | import java.util.ArrayList; 4 | import java.util.List; 5 | 6 | public class DependencyList extends ArrayList { 7 | public DependencyList(List dependencies) { 8 | super(dependencies); 9 | } 10 | } -------------------------------------------------------------------------------- /src/main/java/org/cyclonedx/model/component/crypto/enums/Mechanism.java: -------------------------------------------------------------------------------- 1 | package org.cyclonedx.model.component.crypto.enums; 2 | 3 | import com.fasterxml.jackson.annotation.JsonProperty; 4 | 5 | public enum Mechanism 6 | { 7 | @JsonProperty("HSM") 8 | HSM("HSM"), 9 | @JsonProperty("TPM") 10 | TPM("TPM"), 11 | @JsonProperty("SGX") 12 | SGX("SGX"), 13 | @JsonProperty("Software") 14 | SOFTWARE("Software"), 15 | @JsonProperty("None") 16 | NONE("None"); 17 | 18 | private final String name; 19 | 20 | Mechanism(String name) { 21 | this.name = name; 22 | } 23 | 24 | public String getName() { 25 | return name; 26 | } 27 | } 28 | -------------------------------------------------------------------------------- /src/main/java/org/cyclonedx/model/component/modelCard/consideration/consumption/co2/Unit.java: -------------------------------------------------------------------------------- 1 | package org.cyclonedx.model.component.modelCard.consideration.consumption.co2; 2 | 3 | import com.fasterxml.jackson.annotation.JsonProperty; 4 | 5 | public enum Unit 6 | { 7 | @JsonProperty("tCO2eq") 8 | TCO2EQ("tCO2eq"); 9 | 10 | private final String name; 11 | 12 | Unit(String name) { 13 | this.name = name; 14 | } 15 | 16 | public String getName() { 17 | return name; 18 | } 19 | } 20 | -------------------------------------------------------------------------------- /src/main/java/org/cyclonedx/model/component/modelCard/consideration/consumption/energy/Unit.java: -------------------------------------------------------------------------------- 1 | package org.cyclonedx.model.component.modelCard.consideration.consumption.energy; 2 | 3 | import com.fasterxml.jackson.annotation.JsonProperty; 4 | 5 | public enum Unit 6 | { 7 | @JsonProperty("kWh") 8 | KWH("kWh"); 9 | 10 | private final String name; 11 | 12 | Unit(String name) { 13 | this.name = name; 14 | } 15 | 16 | public String getName() { 17 | return name; 18 | } 19 | } 20 | -------------------------------------------------------------------------------- /src/main/java/org/cyclonedx/util/mixin/MixInBomReference.java: -------------------------------------------------------------------------------- 1 | package org.cyclonedx.util.mixin; 2 | 3 | import com.fasterxml.jackson.annotation.JsonValue; 4 | 5 | public class MixInBomReference 6 | { 7 | @JsonValue 8 | private String ref; 9 | 10 | public String getRef() { 11 | return ref; 12 | } 13 | 14 | public void setRef(final String ref) { 15 | this.ref = ref; 16 | } 17 | } 18 | -------------------------------------------------------------------------------- /src/main/resources/licenses/ADSL.txt: -------------------------------------------------------------------------------- 1 | This software code is made available "AS IS" without warranties of any kind. You may copy, display, modify and redistribute the software code either by itself or as incorporated into your code; provided that you do not remove any proprietary notices. Your use of this software code is at your own risk and you waive any claim against Amazon Digital Services, Inc. or its affiliates with respect to your use of this software code. (c) 2006 Amazon Digital Services, Inc. or its affiliates. 2 | -------------------------------------------------------------------------------- /src/main/resources/licenses/AGPL-1.0.txt: -------------------------------------------------------------------------------- 1 | 404: Not Found -------------------------------------------------------------------------------- /src/main/resources/licenses/AGPL-3.0.txt: -------------------------------------------------------------------------------- 1 | 404: Not Found -------------------------------------------------------------------------------- /src/main/resources/licenses/APAFML.txt: -------------------------------------------------------------------------------- 1 | Copyright (c) 1985, 1987, 1989, 1990, 1991, 1992, 1993, 1997 Adobe Systems Incorporated. All Rights Reserved. 2 | 3 | This file and the 14 PostScript(R) AFM files it accompanies may be used, copied, and distributed for any purpose and without charge, with or without modification, provided that all copyright notices are retained; that the AFM files are not distributed without this file; that all modifications to this file or any of the AFM files are prominently noted in the modified file(s); and that this paragraph is not modified. Adobe Systems has no responsibility or obligation to support the use of the AFM files. 4 | -------------------------------------------------------------------------------- /src/main/resources/licenses/AdaCore-doc.txt: -------------------------------------------------------------------------------- 1 | This document may be copied, in whole or in part, in any form or by any means, as is or with alterations, provided that (1) alterations are clearly marked as alterations and (2) this copyright notice is included unmodified in any copy. 2 | -------------------------------------------------------------------------------- /src/main/resources/licenses/Adobe-Utopia.txt: -------------------------------------------------------------------------------- 1 | Permission to use, reproduce, display and distribute the listed typefaces 2 | is hereby granted, provided that the Adobe Copyright notice appears in all 3 | whole and partial copies of the software and that the following trademark 4 | symbol and attribution appear in all unmodified copies of the software: 5 | 6 | The Adobe typefaces (Type 1 font program, bitmaps and Adobe Font Metric 7 | files) donated are: 8 | 9 | Utopia Regular 10 | Utopia Italic 11 | Utopia Bold 12 | Utopia Bold Italic 13 | -------------------------------------------------------------------------------- /src/main/resources/licenses/App-s2p.txt: -------------------------------------------------------------------------------- 1 | COPYRIGHT and LICENSE 2 | 3 | This program is free and open software. You may use, modify, 4 | distribute, and sell this program (and any modified variants) in any 5 | way you wish, provided you do not restrict others from doing the same. 6 | -------------------------------------------------------------------------------- /src/main/resources/licenses/BSD-2-Clause-FreeBSD.txt: -------------------------------------------------------------------------------- 1 | 404: Not Found -------------------------------------------------------------------------------- /src/main/resources/licenses/BSD-2-Clause-NetBSD.txt: -------------------------------------------------------------------------------- 1 | 404: Not Found -------------------------------------------------------------------------------- /src/main/resources/licenses/BSD-4.3RENO.txt: -------------------------------------------------------------------------------- 1 | Copyright (c) 1987 Regents of the University of California. 2 | All rights reserved. 3 | 4 | Redistribution and use in source and binary forms are permitted 5 | provided that this notice is preserved and that due credit is given 6 | to the University of California at Berkeley. The name of the University 7 | may not be used to endorse or promote products derived from this 8 | software without specific written prior permission. This software 9 | is provided ``as is'' without express or implied warranty. 10 | -------------------------------------------------------------------------------- /src/main/resources/licenses/Baekmuk.txt: -------------------------------------------------------------------------------- 1 | Copyright (c) 1986-2002 Kim Jeong-Hwan All rights reserved. 2 | 3 | Permission to use, copy, modify and distribute this font 4 | is hereby granted, provided that both the copyright notice 5 | and this permission notice appear in all copies of the 6 | font, derivative works or modified versions, and that the 7 | following acknowledgement appear in supporting documentation: 8 | Baekmuk Batang, Baekmuk Dotum, Baekmuk Gulim, and Baekmuk 9 | Headline are registered trademarks owned by Kim Jeong-Hwan. 10 | -------------------------------------------------------------------------------- /src/main/resources/licenses/Barr.txt: -------------------------------------------------------------------------------- 1 | This is a package of commutative diagram macros built on top of Xy-pic by Michael Barr (email: barr@barrs.org). Its use is unrestricted. It may be freely distributed, unchanged, for non-commercial or commercial use. If changed, it must be renamed. Inclusion in a commercial software package is also permitted, but I would appreciate receiving a free copy for my personal examination and use. There are no guarantees that this package is good for anything. I have tested it with LaTeX 2e, LaTeX 2.09 and Plain TeX. Although I know of no reason it will not work with AMSTeX, I have not tested it. 2 | -------------------------------------------------------------------------------- /src/main/resources/licenses/Beerware.txt: -------------------------------------------------------------------------------- 1 | "THE BEER-WARE LICENSE" (Revision 42): wrote this file. As long as you retain this notice you can do whatever you want with this stuff. If we meet some day, and you think this stuff is worth it, you can buy me a beer in return Poul-Henning Kamp 2 | -------------------------------------------------------------------------------- /src/main/resources/licenses/Bitstream-Charter.txt: -------------------------------------------------------------------------------- 1 | (c) Copyright 1989-1992, Bitstream Inc., Cambridge, MA. 2 | 3 | You are hereby granted permission under all Bitstream propriety rights 4 | to use, copy, modify, sublicense, sell, and redistribute the 4 Bitstream 5 | Charter (r) Type 1 outline fonts and the 4 Courier Type 1 outline fonts for 6 | any purpose and without restriction; provided, that this notice is left 7 | intact on all copies of such fonts and that Bitstream's trademark is acknowledged 8 | as shown below on all unmodified copies of the 4 Charter Type 1 fonts. 9 | BITSTREAM CHARTER is a registered trademark of Bitstream Inc. 10 | -------------------------------------------------------------------------------- /src/main/resources/licenses/Boehm-GC.txt: -------------------------------------------------------------------------------- 1 | Copyright (c) ... 2 | 3 | THIS MATERIAL IS PROVIDED AS IS, WITH ABSOLUTELY NO WARRANTY EXPRESSED 4 | OR IMPLIED. ANY USE IS AT YOUR OWN RISK. 5 | 6 | Permission is hereby granted to use or copy this program 7 | for any purpose, provided the above notices are retained on all copies. 8 | Permission to modify the code and to distribute modified code is granted, 9 | provided the above notices are retained, and a notice that the code was 10 | modified is included with the above copyright notice. 11 | 12 | A few files have other copyright holders. 13 | -------------------------------------------------------------------------------- /src/main/resources/licenses/CMU-Mach-nodoc.txt: -------------------------------------------------------------------------------- 1 | Copyright (C) 2002 Naval Research Laboratory (NRL/CCS) 2 | 3 | Permission to use, copy, modify and distribute this software and 4 | its documentation is hereby granted, provided that both the 5 | copyright notice and this permission notice appear in all copies of 6 | the software, derivative works or modified versions, and any 7 | portions thereof. 8 | 9 | NRL ALLOWS FREE USE OF THIS SOFTWARE IN ITS "AS IS" CONDITION AND 10 | DISCLAIMS ANY LIABILITY OF ANY KIND FOR ANY DAMAGES WHATSOEVER 11 | RESULTING FROM THE USE OF THIS SOFTWARE. 12 | -------------------------------------------------------------------------------- /src/main/resources/licenses/Crossword.txt: -------------------------------------------------------------------------------- 1 | Copyright (C) 1995-2009 Gerd Neugebauer 2 | 3 | cwpuzzle.dtx is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY. No author or distributor accepts responsibility to anyone for the consequences of using it or for whether it serves any particular purpose or works at all, unless he says so in writing. 4 | 5 | Everyone is granted permission to copy, modify and redistribute cwpuzzle.dtx, provided this copyright notice is preserved and any modifications are indicated. 6 | -------------------------------------------------------------------------------- /src/main/resources/licenses/Dotseqn.txt: -------------------------------------------------------------------------------- 1 | Copyright (C) 1995 by Donald Arseneau 2 | 3 | This file may be freely transmitted and reproduced, but it may not be changed unless the name is changed also (except that you may freely change the paper-size option for \documentclass). 4 | 5 | This notice must be left intact. 6 | -------------------------------------------------------------------------------- /src/main/resources/licenses/FBM.txt: -------------------------------------------------------------------------------- 1 | Portions of this code Copyright (C) 1989 by Michael Mauldin. 2 | Permission is granted to use this file in whole or in 3 | part for any purpose, educational, recreational or commercial, 4 | provided that this copyright notice is retained unchanged. 5 | This software is available to all free of charge by anonymous 6 | FTP and in the UUNET archives. 7 | -------------------------------------------------------------------------------- /src/main/resources/licenses/FSFAP-no-warranty-disclaimer.txt: -------------------------------------------------------------------------------- 1 | Copyright (C) 2008 Micah J. Cowan 2 | 3 | Copying and distribution of this file, with or without modification, 4 | are permitted in any medium without royalty provided the copyright 5 | notice and this notice are preserved. 6 | -------------------------------------------------------------------------------- /src/main/resources/licenses/FSFAP.txt: -------------------------------------------------------------------------------- 1 | Copying and distribution of this file, with or without modification, are permitted in any medium without royalty provided the copyright notice and this notice are preserved. This file is offered as-is, without any warranty. 2 | -------------------------------------------------------------------------------- /src/main/resources/licenses/FSFUL.txt: -------------------------------------------------------------------------------- 1 | Copyright (C) 1992-1996, 1998-2012 Free Software Foundation, Inc. 2 | 3 | This configure script is free software; the Free Software Foundation gives unlimited permission to copy, distribute and modify it. 4 | -------------------------------------------------------------------------------- /src/main/resources/licenses/FSFULLR.txt: -------------------------------------------------------------------------------- 1 | Copyright 1996-2006 Free Software Foundation, Inc. 2 | 3 | This file is free software; the Free Software Foundation gives unlimited permission to copy and/or distribute it, with or without modifications, as long as this notice is preserved. 4 | -------------------------------------------------------------------------------- /src/main/resources/licenses/FSFULLRWD.txt: -------------------------------------------------------------------------------- 1 | Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, 2 | 2003, 2004, 2005, 2006, 2007, 2008, 2009 Free Software Foundation, Inc. 3 | 4 | This Makefile.in is free software; the Free Software Foundation 5 | gives unlimited permission to copy and/or distribute it, 6 | with or without modifications, as long as this notice is preserved. 7 | 8 | This program is distributed in the hope that it will be useful, 9 | but WITHOUT ANY WARRANTY, to the extent permitted by law; without 10 | even the implied warranty of MERCHANTABILITY or FITNESS FOR A 11 | PARTICULAR PURPOSE. 12 | -------------------------------------------------------------------------------- /src/main/resources/licenses/Fair.txt: -------------------------------------------------------------------------------- 1 | Fair License 2 | 3 | 4 | 5 | Usage of the works is permitted provided that this instrument is retained with the works, so that any entity that uses the works is notified of this instrument. 6 | 7 | DISCLAIMER: THE WORKS ARE WITHOUT WARRANTY. 8 | -------------------------------------------------------------------------------- /src/main/resources/licenses/GFDL-1.1.txt: -------------------------------------------------------------------------------- 1 | 404: Not Found -------------------------------------------------------------------------------- /src/main/resources/licenses/GFDL-1.2.txt: -------------------------------------------------------------------------------- 1 | 404: Not Found -------------------------------------------------------------------------------- /src/main/resources/licenses/GFDL-1.3.txt: -------------------------------------------------------------------------------- 1 | 404: Not Found -------------------------------------------------------------------------------- /src/main/resources/licenses/GPL-1.0+.txt: -------------------------------------------------------------------------------- 1 | 404: Not Found -------------------------------------------------------------------------------- /src/main/resources/licenses/GPL-1.0.txt: -------------------------------------------------------------------------------- 1 | 404: Not Found -------------------------------------------------------------------------------- /src/main/resources/licenses/GPL-2.0+.txt: -------------------------------------------------------------------------------- 1 | 404: Not Found -------------------------------------------------------------------------------- /src/main/resources/licenses/GPL-2.0-with-GCC-exception.txt: -------------------------------------------------------------------------------- 1 | 404: Not Found -------------------------------------------------------------------------------- /src/main/resources/licenses/GPL-2.0-with-autoconf-exception.txt: -------------------------------------------------------------------------------- 1 | 404: Not Found -------------------------------------------------------------------------------- /src/main/resources/licenses/GPL-2.0-with-bison-exception.txt: -------------------------------------------------------------------------------- 1 | 404: Not Found -------------------------------------------------------------------------------- /src/main/resources/licenses/GPL-2.0-with-classpath-exception.txt: -------------------------------------------------------------------------------- 1 | 404: Not Found -------------------------------------------------------------------------------- /src/main/resources/licenses/GPL-2.0-with-font-exception.txt: -------------------------------------------------------------------------------- 1 | 404: Not Found -------------------------------------------------------------------------------- /src/main/resources/licenses/GPL-2.0.txt: -------------------------------------------------------------------------------- 1 | 404: Not Found -------------------------------------------------------------------------------- /src/main/resources/licenses/GPL-3.0+.txt: -------------------------------------------------------------------------------- 1 | 404: Not Found -------------------------------------------------------------------------------- /src/main/resources/licenses/GPL-3.0-with-GCC-exception.txt: -------------------------------------------------------------------------------- 1 | 404: Not Found -------------------------------------------------------------------------------- /src/main/resources/licenses/GPL-3.0-with-autoconf-exception.txt: -------------------------------------------------------------------------------- 1 | 404: Not Found -------------------------------------------------------------------------------- /src/main/resources/licenses/GPL-3.0.txt: -------------------------------------------------------------------------------- 1 | 404: Not Found -------------------------------------------------------------------------------- /src/main/resources/licenses/Glulxe.txt: -------------------------------------------------------------------------------- 1 | The source code in this package is copyright 1999-2010 by Andrew Plotkin. 2 | 3 | You may copy and distribute it freely, by any means and under any conditions, as long as the code and documentation is not changed. You may also incorporate this code into your own program and distribute that, or modify this code and use and distribute the modified version, as long as you retain a notice in your program or documentation which mentions my name and the URL shown above. 4 | -------------------------------------------------------------------------------- /src/main/resources/licenses/HPND-INRIA-IMAG.txt: -------------------------------------------------------------------------------- 1 | This software is available with usual "research" terms with 2 | the aim of retain credits of the software. Permission to use, 3 | copy, modify and distribute this software for any purpose and 4 | without fee is hereby granted, provided that the above copyright 5 | notice and this permission notice appear in all copies, and 6 | the name of INRIA, IMAG, or any contributor not be used in 7 | advertising or publicity pertaining to this material without 8 | the prior explicit permission. The software is provided "as 9 | is" without any warranties, support or liabilities of any kind. 10 | -------------------------------------------------------------------------------- /src/main/resources/licenses/HPND-Kevlin-Henney.txt: -------------------------------------------------------------------------------- 1 | Copyright Kevlin Henney, 1997, 2003, 2012. All rights reserved. 2 | 3 | Permission to use, copy, modify, and distribute this software and its 4 | documentation for any purpose is hereby granted without fee, provided 5 | that this copyright and permissions notice appear in all copies and 6 | derivatives. 7 | 8 | This software is supplied "as is" without express or implied warranty. 9 | 10 | But that said, if there are any problems please get in touch. 11 | -------------------------------------------------------------------------------- /src/main/resources/licenses/HPND-Markus-Kuhn.txt: -------------------------------------------------------------------------------- 1 | Permission to use, copy, modify, and distribute this software 2 | for any purpose and without fee is hereby granted. The author 3 | disclaims all warranties with regard to this software. 4 | -------------------------------------------------------------------------------- /src/main/resources/licenses/HPND-Pbmplus.txt: -------------------------------------------------------------------------------- 1 | Copyright (C) 1991 by Jef Poskanzer. 2 | 3 | Permission to use, copy, modify, and distribute this software and its 4 | documentation for any purpose and without fee is hereby granted, provided 5 | that the above copyright notice appear in all copies and that both that 6 | copyright notice and this permission notice appear in supporting 7 | documentation. This software is provided "as is" without express or 8 | implied warranty. 9 | -------------------------------------------------------------------------------- /src/main/resources/licenses/HPND-UC.txt: -------------------------------------------------------------------------------- 1 | Copyright 1989 Regents of the University of California 2 | 3 | Permission to use, 4 | copy, modify, and distribute this software and its documentation for any 5 | purpose and without fee is hereby granted, provided that the above 6 | copyright notice appear in all copies. The University of California makes 7 | no representations about the suitability of this software for any purpose. 8 | It is provided "as is" without express or implied warranty. 9 | -------------------------------------------------------------------------------- /src/main/resources/licenses/HPND-doc-sell.txt: -------------------------------------------------------------------------------- 1 | Copyright 2 | 3 | Permission to use, copy, modify, distribute, and sell this 4 | documentation for any purpose is hereby granted without fee, 5 | provided that the above copyright notice and this permission 6 | notice appear in all copies. 7 | makes no representations about the suitability for any purpose 8 | of the information in this document. This documentation 9 | is provided "as is" without express or implied warranty. 10 | -------------------------------------------------------------------------------- /src/main/resources/licenses/HPND-doc.txt: -------------------------------------------------------------------------------- 1 | Copyright 2 | 3 | Permission to use, copy, modify, and distribute this documentation for 4 | any purpose and without fee is hereby granted, provided that the above 5 | copyright notice and this permission notice appear in all copies. 6 | makes no representations about the suitability for 7 | any purpose of the information in this document. This documentation is 8 | provided ``as is'' without express or implied warranty. 9 | -------------------------------------------------------------------------------- /src/main/resources/licenses/HPND-sell-regexpr.txt: -------------------------------------------------------------------------------- 1 | Author: Tatu Ylonen 2 | 3 | Copyright (c) 1991 Tatu Ylonen, Espoo, Finland 4 | 5 | Permission to use, copy, modify, distribute, and sell this software 6 | and its documentation for any purpose is hereby granted without 7 | fee, provided that the above copyright notice appear in all copies. 8 | This software is provided "as is" without express or implied 9 | warranty. 10 | -------------------------------------------------------------------------------- /src/main/resources/licenses/HaskellReport.txt: -------------------------------------------------------------------------------- 1 | Code derived from the document "Report on the Programming Language 2 | Haskell 2010", is distributed under the following license: 3 | 4 | Copyright (c) 2010 Simon Marlow 5 | 6 | The authors intend this Report to belong to the entire Haskell community, and so we grant permission to copy and distribute it for any purpose, provided that it is reproduced in its entirety, including this Notice. Modified versions of this Report may also be copied and distributed for any purpose, provided that the modified version is clearly presented as such, and that it does not claim to be a definition of the Haskell 2010 Language. 7 | -------------------------------------------------------------------------------- /src/main/resources/licenses/ISC-Veillard.txt: -------------------------------------------------------------------------------- 1 | Copyright (C) 2003-2012 Daniel Veillard. 2 | Permission to use, copy, 3 | modify, and distribute this software for any purpose with or 4 | without fee is hereby granted, provided that the above copyright 5 | notice and this permission notice appear in all copies. THIS 6 | SOFTWARE IS PROVIDED "AS IS" AND WITHOUT ANY EXPRESS OR IMPLIED 7 | WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES 8 | OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE AUTHORS 9 | AND CONTRIBUTORS ACCEPT NO RESPONSIBILITY IN ANY CONCEIVABLE MANNER. 10 | -------------------------------------------------------------------------------- /src/main/resources/licenses/Jam.txt: -------------------------------------------------------------------------------- 1 | License is hereby granted to use this software and distribute it freely, 2 | as long as this copyright notice is retained and modifications are 3 | clearly marked. 4 | 5 | ALL WARRANTIES ARE HEREBY DISCLAIMED. 6 | -------------------------------------------------------------------------------- /src/main/resources/licenses/Kastrup.txt: -------------------------------------------------------------------------------- 1 | Copyright(c) 2001 by David Kastrup 2 | Any use of the code is permitted as long as this copyright 3 | notice is preserved in the code. 4 | -------------------------------------------------------------------------------- /src/main/resources/licenses/KiCad-libraries-exception.txt: -------------------------------------------------------------------------------- 1 | To the extent that the creation of electronic designs that use 'Licensed Material' can be considered to be 'Adapted Material', then the copyright holder waives article 3 of the license with respect to these designs and any generated files which use data provided as part of the 'Licensed Material'. 2 | -------------------------------------------------------------------------------- /src/main/resources/licenses/Knuth-CTAN.txt: -------------------------------------------------------------------------------- 1 | This software is copyrighted. Unlimited copying and redistribution 2 | of this package and/or its individual files are permitted 3 | as long as there are no modifications. Modifications, and 4 | redistribution of modifications, are also permitted, but 5 | only if the resulting package and/or files are renamed. 6 | -------------------------------------------------------------------------------- /src/main/resources/licenses/LGPL-2.0+.txt: -------------------------------------------------------------------------------- 1 | 404: Not Found -------------------------------------------------------------------------------- /src/main/resources/licenses/LGPL-2.0.txt: -------------------------------------------------------------------------------- 1 | 404: Not Found -------------------------------------------------------------------------------- /src/main/resources/licenses/LGPL-2.1+.txt: -------------------------------------------------------------------------------- 1 | 404: Not Found -------------------------------------------------------------------------------- /src/main/resources/licenses/LGPL-2.1.txt: -------------------------------------------------------------------------------- 1 | 404: Not Found -------------------------------------------------------------------------------- /src/main/resources/licenses/LGPL-3.0+.txt: -------------------------------------------------------------------------------- 1 | 404: Not Found -------------------------------------------------------------------------------- /src/main/resources/licenses/LGPL-3.0.txt: -------------------------------------------------------------------------------- 1 | 404: Not Found -------------------------------------------------------------------------------- /src/main/resources/licenses/LPD-document.txt: -------------------------------------------------------------------------------- 1 | Copyright (c) 1996 L. Peter Deutsch 2 | 3 | Permission is granted to copy and distribute this 4 | document for any purpose and without charge, including 5 | translations into other languages and incorporation 6 | into compilations, provided that the copyright notice 7 | and this notice are preserved, and that any substantive 8 | changes or deletions from the original are clearly marked. 9 | -------------------------------------------------------------------------------- /src/main/resources/licenses/LZMA-SDK-9.11-to-9.20.txt: -------------------------------------------------------------------------------- 1 | LICENSE 2 | ------- 3 | 4 | LZMA SDK is written and placed in the public domain by Igor Pavlov. 5 | 6 | Some code in LZMA is based on public domain code from another developers: 7 | 1) PPMd var.H (2001): Dmitry Shkarin 8 | 2) SHA-256: Wei Dai (Crypto++ library) 9 | -------------------------------------------------------------------------------- /src/main/resources/licenses/Linux-man-pages-1-para.txt: -------------------------------------------------------------------------------- 1 | Permission is granted to distribute possibly modified 2 | copies of this page provided the header is included 3 | verbatim, and in case of nontrivial modification author 4 | and date of the modification is added to the header. 5 | -------------------------------------------------------------------------------- /src/main/resources/licenses/Linux-man-pages-copyleft-2-para.txt: -------------------------------------------------------------------------------- 1 | Permission is granted to make and distribute verbatim copies of this 2 | manual provided the copyright notice and this permission notice are 3 | preserved on all copies. 4 | 5 | Permission is granted to copy and distribute modified versions of this 6 | manual under the conditions for verbatim copying, provided that the 7 | entire resulting derived work is distributed under the terms of a 8 | permission notice identical to this one. 9 | -------------------------------------------------------------------------------- /src/main/resources/licenses/Martin-Birgmeier.txt: -------------------------------------------------------------------------------- 1 | Copyright (c) 1993 Martin Birgmeier All rights reserved. 2 | 3 | You may redistribute unmodified or modified versions of this source code provided that the above copyright notice and this and the following conditions are retained. 4 | 5 | This software is provided ``as is'', and comes with no warranties of any kind. I shall in no event be liable for anything that happens to anyone/anything when using this software. 6 | -------------------------------------------------------------------------------- /src/main/resources/licenses/McPhee-slideshow.txt: -------------------------------------------------------------------------------- 1 | Copyright 2001, Patrick TJ McPhee 2 | everyone is welcome to use this code for any purpose, to modify it, and 3 | to copy it in whole or in part for use in other macro sets, with the 4 | conditions that this copyright notice be preserved with any significant 5 | portion of the code, and that modifications to this file be clearly 6 | marked. 7 | -------------------------------------------------------------------------------- /src/main/resources/licenses/NLPL.txt: -------------------------------------------------------------------------------- 1 | NO LIMIT PUBLIC LICENSE 2 | Version 0, June 2012 3 | 4 | Gilles LAMIRAL 5 | La Billais 6 | 35580 Baulon 7 | France 8 | 9 | NO LIMIT PUBLIC LICENSE 10 | 11 | Terms and conditions for copying, distribution, modification 12 | or anything else. 13 | 14 | 0. No limit to do anything with this work and this license. 15 | -------------------------------------------------------------------------------- /src/main/resources/licenses/NTP-0.txt: -------------------------------------------------------------------------------- 1 | NTP No Attribution (NTP-0) 2 | 3 | Copyright (4-digit-year) by (CopyrightHoldersName) 4 | 5 | Permission to use, copy, modify, and distribute this software and its documentation for any purpose is hereby granted, provided that the name of (TrademarkedName) not be used in advertising or publicity pertaining to distribution of the software without specific, written prior permission. (TrademarkedName) make no representations about the suitability of this software for any purpose. It is provided "as is" without express or implied warranty. 6 | -------------------------------------------------------------------------------- /src/main/resources/licenses/Newsletr.txt: -------------------------------------------------------------------------------- 1 | Copyright 1989--2004 by Hunter Goatley. 2 | 3 | Permission is granted to anyone to use this software for any purpose on any computer system, and to redistribute it freely, subject to the following restrictions: 4 | 5 | 1. This software is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. 6 | 7 | 2. Altered versions must be plainly marked as such, and must not be misrepresented as being the original software. 8 | -------------------------------------------------------------------------------- /src/main/resources/licenses/Nunit.txt: -------------------------------------------------------------------------------- 1 | 404: Not Found -------------------------------------------------------------------------------- /src/main/resources/licenses/PADL.txt: -------------------------------------------------------------------------------- 1 | Portions (C) Copyright PADL Software Pty Ltd. 1999 2 | 3 | Redistribution and use in source and binary forms, with or without 4 | modification, are permitted provided that this notice is preserved 5 | and that due credit is given to PADL Software Pty Ltd. This software 6 | is provided ``as is'' without express or implied warranty. 7 | -------------------------------------------------------------------------------- /src/main/resources/licenses/SAX-PD-2.0.txt: -------------------------------------------------------------------------------- 1 | SAX2 is Free! 2 | 3 | I hereby abandon any property rights to SAX 2.0 (the Simple API for 4 | XML), and release all of the SAX 2.0 source code, compiled code, and 5 | documentation contained in this distribution into the Public Domain. 6 | SAX comes with NO WARRANTY or guarantee of fitness for any 7 | purpose. 8 | 9 | David Megginson, david@megginson.com 10 | 2000-05-05 11 | -------------------------------------------------------------------------------- /src/main/resources/licenses/SGP4.txt: -------------------------------------------------------------------------------- 1 | There is no license associated with the code and you may use it for any purpose—personal or commercial—as you wish. We ask only that you include citations in your documentation and source code to show the source of the code and provide links to the main page, to facilitate communications regarding any questions on the theory or source code. 2 | -------------------------------------------------------------------------------- /src/main/resources/licenses/SL.txt: -------------------------------------------------------------------------------- 1 | Everyone is permitted to do anything on this program including copying, 2 | modifying, and improving, unless you try to pretend that you wrote it. 3 | i.e., the above copyright notice has to appear in all copies. 4 | THE AUTHOR DISCLAIMS ANY RESPONSIBILITY WITH REGARD TO THIS SOFTWARE. 5 | -------------------------------------------------------------------------------- /src/main/resources/licenses/SSH-short.txt: -------------------------------------------------------------------------------- 1 | As far as I am concerned, the code I have written for this software 2 | can be used freely for any purpose. Any derived versions of this 3 | software must be clearly marked as such, and if the derived work is 4 | incompatible with the protocol description in the RFC file, it must be 5 | called by a name other than "ssh" or "Secure Shell". 6 | -------------------------------------------------------------------------------- /src/main/resources/licenses/SchemeReport.txt: -------------------------------------------------------------------------------- 1 | We intend this report to belong to the entire Scheme community, and so we grant permission 2 | to copy it in whole or in part without fee. In particular, we encourage implementors of Scheme 3 | to use this report as a starting point for manuals and other documentation, modifying it as necessary. 4 | -------------------------------------------------------------------------------- /src/main/resources/licenses/Soundex.txt: -------------------------------------------------------------------------------- 1 | (c) Copyright 1998-2007 by Mark Mielke 2 | 3 | Freedom to use these sources for whatever you want, as long as credit 4 | is given where credit is due, is hereby granted. You may make modifications 5 | where you see fit but leave this copyright somewhere visible. As well, try 6 | to initial any changes you make so that if I like the changes I can 7 | incorporate them into later versions. 8 | 9 | - Mark Mielke 10 | -------------------------------------------------------------------------------- /src/main/resources/licenses/StandardML-NJ.txt: -------------------------------------------------------------------------------- 1 | 404: Not Found -------------------------------------------------------------------------------- /src/main/resources/licenses/SunPro.txt: -------------------------------------------------------------------------------- 1 | Copyright (C) 1993 by Sun Microsystems, Inc. All rights reserved. 2 | 3 | Developed at SunSoft, a Sun Microsystems, Inc. business. 4 | Permission to use, copy, modify, and distribute this 5 | software is freely granted, provided that this notice 6 | is preserved. 7 | -------------------------------------------------------------------------------- /src/main/resources/licenses/Symlinks.txt: -------------------------------------------------------------------------------- 1 | My "symlinks" utility pre-dates the "open source licensing" 2 | fad by a number of years. Just to clarify, this is 100% 3 | freeware, written entirely by myself. The intent is to use 4 | it to detect missing/obsolete symlink targets on an installed 5 | distro, before creating the "gold" (or "final") release discs. 6 | 7 | Use and distribute and modify as you (or anyone 8 | else) sees fit. There have no formal restrictions or 9 | requirements whatsoever regarding distribution of either 10 | binaries or source code, whether modified or original. 11 | -------------------------------------------------------------------------------- /src/main/resources/licenses/TPDL.txt: -------------------------------------------------------------------------------- 1 | Copyright (C) 1996-2010 David Muir Sharnoff. Copyright (C) 2011 Google, Inc. 2 | License hereby granted for anyone to use, modify or redistribute this module at their own risk. Please feed useful changes back to cpan@dave.sharnoff.org. 3 | -------------------------------------------------------------------------------- /src/main/resources/licenses/TTWL.txt: -------------------------------------------------------------------------------- 1 | Copyright (C) 1996-2002,2005,2006 David Muir Sharnoff. 2 | Copyright (C) 2005 Aristotle Pagaltzis 3 | Copyright (C) 2012-2013 Google, Inc. 4 | 5 | This module may be modified, used, copied, and redistributed at your own risk. 6 | Although allowed by the preceding license, please do not publicly 7 | redistribute modified versions of this code with the name "Text::Tabs" 8 | unless it passes the unmodified Text::Tabs test suite. 9 | -------------------------------------------------------------------------------- /src/main/resources/licenses/TermReadKey.txt: -------------------------------------------------------------------------------- 1 | Unlimited distribution and/or modification is allowed as long as this copyright notice remains intact. 2 | -------------------------------------------------------------------------------- /src/main/resources/licenses/UnixCrypt.txt: -------------------------------------------------------------------------------- 1 | Copyright (c) 1996 Aki Yoshida. All rights reserved. 2 | 3 | Permission to use, copy, modify and distribute this software 4 | for non-commercial or commercial purposes and without fee is 5 | hereby granted provided that this copyright notice appears in 6 | all copies. 7 | -------------------------------------------------------------------------------- /src/main/resources/licenses/WTFPL.txt: -------------------------------------------------------------------------------- 1 | DO WHAT THE FUCK YOU WANT TO PUBLIC LICENSE 2 | Version 2, December 2004 3 | 4 | Copyright (C) 2004 Sam Hocevar 5 | 6 | Everyone is permitted to copy and distribute verbatim or modified copies of this license document, and changing it is allowed as long as the name is changed. 7 | 8 | DO WHAT THE FUCK YOU WANT TO PUBLIC LICENSE 9 | TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION 10 | 11 | 0. You just DO WHAT THE FUCK YOU WANT TO. 12 | -------------------------------------------------------------------------------- /src/main/resources/licenses/Wsuipa.txt: -------------------------------------------------------------------------------- 1 | This file was added by Clea F. Rees on 2008/11/30 with the permission of Dean Guenther and pointers to this file were added to all source files. 2 | 3 | Unlimited copying and redistribution of each of the files is permitted as long as the file is not modified. Modifications, and redistribution of modified versions, are also permitted, but only if the resulting file is renamed. 4 | 5 | The copyright holder is Washington State University. The original author of the fonts is Janene Winter. The primary contact (as of 2008) is Dean Guenther. 6 | -------------------------------------------------------------------------------- /src/main/resources/licenses/XSkat.txt: -------------------------------------------------------------------------------- 1 | This program is free software; you can redistribute it freely. 2 | Use it at your own risk; there is NO WARRANTY. 3 | 4 | Redistribution of modified versions is permitted provided that the following conditions are met: 5 | 6 | 1. All copyright & permission notices are preserved. 7 | 8 | 2.a) Only changes required for packaging or porting are made. 9 | or 10 | 2.b) It is clearly stated who last changed the program. The program is renamed or the version number is of the form x.y.z, where x.y is the version of the original program and z is an arbitrary suffix. 11 | -------------------------------------------------------------------------------- /src/main/resources/licenses/Xfig.txt: -------------------------------------------------------------------------------- 1 | Any party obtaining a copy of these files is granted, free of charge, 2 | a full and unrestricted irrevocable, world-wide, paid up, royalty-free, 3 | nonexclusive right and license to deal in this software and documentation 4 | files (the "Software"), including without limitation the rights to use, 5 | copy, modify, merge, publish and/or distribute copies of the Software, 6 | and to permit persons who receive copies from any such party to do so, 7 | with the only requirement being that this copyright notice remain intact. 8 | -------------------------------------------------------------------------------- /src/main/resources/licenses/Zed.txt: -------------------------------------------------------------------------------- 1 | (c) Jim Davies, January 1995 2 | You may copy and distribute this file freely. Any queries and complaints should be forwarded to Jim.Davies@comlab.ox.ac.uk. 3 | If you make any changes to this file, please do not distribute the results under the name `zed-csp.sty'. 4 | -------------------------------------------------------------------------------- /src/main/resources/licenses/Zeeff.txt: -------------------------------------------------------------------------------- 1 | Copyright 1988 Jon Zeeff (zeeff@b-tech.ann-arbor.mi.us) 2 | You can use this code in any manner, as long as you leave my 3 | name on it and don't hold me responsible for any problems with it. 4 | -------------------------------------------------------------------------------- /src/main/resources/licenses/bcrypt-Solar-Designer.txt: -------------------------------------------------------------------------------- 1 | Written by Solar Designer in 1998-2014. 2 | No copyright is claimed, and the software is hereby placed in the public 3 | domain. In case this attempt to disclaim copyright and place the software 4 | in the public domain is deemed null and void, then the software is 5 | Copyright (c) 1998-2014 Solar Designer and it is hereby released to the 6 | general public under the following terms: 7 | 8 | Redistribution and use in source and binary forms, with or without 9 | modification, are permitted. 10 | 11 | There's ABSOLUTELY NO WARRANTY, express or implied. 12 | -------------------------------------------------------------------------------- /src/main/resources/licenses/blessing.txt: -------------------------------------------------------------------------------- 1 | The author disclaims copyright to this source code. In place of a legal notice, here is a blessing: 2 | 3 | May you do good and not evil. 4 | May you find forgiveness for yourself and forgive others. 5 | May you share freely, never taking more than you give. 6 | -------------------------------------------------------------------------------- /src/main/resources/licenses/bzip2-1.0.5.txt: -------------------------------------------------------------------------------- 1 | 404: Not Found -------------------------------------------------------------------------------- /src/main/resources/licenses/check-cvs.txt: -------------------------------------------------------------------------------- 1 | Permission is granted to copy and/or distribute this file, with or 2 | without modifications, provided this notice is preserved. 3 | -------------------------------------------------------------------------------- /src/main/resources/licenses/checkmk.txt: -------------------------------------------------------------------------------- 1 | # Copyright (c) 2006, 2010 Micah Cowan 2 | # 3 | # Redistribution of this program in any form, with or without 4 | # modifications, is permitted, provided that the above copyright is 5 | # retained in distributions of this program in source form. 6 | # 7 | # (This is a free, non-copyleft license compatible with pretty much any 8 | # other free or proprietary license, including the GPL. It's essentially 9 | # a scaled-down version of the "modified" BSD license.) 10 | -------------------------------------------------------------------------------- /src/main/resources/licenses/diffmark.txt: -------------------------------------------------------------------------------- 1 | 1. you can do what you want with it 2 | 2. I refuse any responsibility for the consequences 3 | -------------------------------------------------------------------------------- /src/main/resources/licenses/dvipdfm.txt: -------------------------------------------------------------------------------- 1 | A modified version of this file may be distributed, but it should be distributed with a *different* name. Changed files must be distributed *together with a complete and unchanged* distribution of these files. 2 | -------------------------------------------------------------------------------- /src/main/resources/licenses/eCos-2.0.txt: -------------------------------------------------------------------------------- 1 | 404: Not Found -------------------------------------------------------------------------------- /src/main/resources/licenses/fwlw.txt: -------------------------------------------------------------------------------- 1 | Copyright (C) 1993,1995 by Donald Arseneau 2 | Vancouver, Canada, email asnd@triumf.ca 3 | 4 | This software package may be freely used, transmitted, reproduced, or modified provided that 5 | this notice is left intact. 6 | -------------------------------------------------------------------------------- /src/main/resources/licenses/gtkbook.txt: -------------------------------------------------------------------------------- 1 | Copyright 2005 Syd Logan, All Rights Reserved 2 | 3 | This code is distributed without warranty. You are free to use 4 | this code for any purpose, however, if this code is republished or 5 | redistributed in its original form, as hardcopy or electronically, 6 | then you must include this copyright notice along with the code. 7 | -------------------------------------------------------------------------------- /src/main/resources/licenses/hdparm.txt: -------------------------------------------------------------------------------- 1 | BSD-Style Open Source License: 2 | 3 | You may freely use, modify, and redistribute the hdparm program, 4 | as either binary or source, or both. 5 | 6 | The only condition is that my name and copyright notice 7 | remain in the source code as-is. 8 | 9 | Mark Lord (mlord@pobox.com) 10 | -------------------------------------------------------------------------------- /src/main/resources/licenses/magaz.txt: -------------------------------------------------------------------------------- 1 | Copyright 1999-2011, Donald Arseneau, asnd@triumf.ca, Vancouver, Canada 2 | 3 | This software may be freely used, transmitted, reproduced, or modified provided that 4 | the copyright notice and this permission is retained. 5 | -------------------------------------------------------------------------------- /src/main/resources/licenses/mailprio.txt: -------------------------------------------------------------------------------- 1 | Copyright 1994, 1996, Tony Sanders 2 | 3 | Rights are hereby granted to download, use, modify, sell, copy, and 4 | redistribute this software so long as the original copyright notice 5 | and this list of conditions remain intact and modified versions are 6 | noted as such. 7 | 8 | I would also very much appreciate it if you could send me a copy of 9 | any changes you make so I can possibly integrate them into my version. 10 | -------------------------------------------------------------------------------- /src/main/resources/licenses/mplus.txt: -------------------------------------------------------------------------------- 1 | 2 | These fonts are free softwares. Unlimited permission is 3 | granted to use, copy, and distribute it, with or without 4 | modification, either commercially and noncommercially. 5 | THESE FONTS ARE PROVIDED "AS IS" WITHOUT WARRANTY. 6 | 7 | -------------------------------------------------------------------------------- /src/main/resources/licenses/psfrag.txt: -------------------------------------------------------------------------------- 1 | psfrag.dtx 2 | Copyright (C) 1996 Craig Barratt, Michael C. Grant, and David Carlisle. 3 | All rights are reserved. 4 | 5 | This system is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. Don't come complaining to us if you modify this file and it doesn't work! If this file is modified by anyone but the authors, those changes and their authors must be explicitly stated HERE. 6 | -------------------------------------------------------------------------------- /src/main/resources/licenses/python-ldap.txt: -------------------------------------------------------------------------------- 1 | The python-ldap package is distributed under Python-style license. 2 | 3 | Standard disclaimer: 4 | This software is made available by the author(s) to the public for free 5 | and "as is". All users of this free software are solely and entirely 6 | responsible for their own choice and use of this software for their 7 | own purposes. By using this software, each user agrees that the 8 | author(s) shall not be liable for damages of any kind in relation to 9 | its use or performance. The author(s) do not warrant that this software 10 | is fit for any purpose. 11 | -------------------------------------------------------------------------------- /src/main/resources/licenses/snprintf.txt: -------------------------------------------------------------------------------- 1 | Copyright Patrick Powell 1995 2 | 3 | This code is based on code written by Patrick Powell (papowell@astart.com) It may be used for any purpose as long as this notice remains intact on all source code distributions 4 | -------------------------------------------------------------------------------- /src/main/resources/licenses/softSurfer.txt: -------------------------------------------------------------------------------- 1 | Copyright 2001, softSurfer (www.softsurfer.com) 2 | This code may be freely used and modified for any purpose 3 | providing that this copyright notice is included with it. 4 | SoftSurfer makes no warranty for this code, and cannot be held 5 | liable for any real or imagined damage resulting from its use. 6 | Users of this code must verify correctness for their application. 7 | -------------------------------------------------------------------------------- /src/main/resources/licenses/ssh-keyscan.txt: -------------------------------------------------------------------------------- 1 | * Copyright 1995, 1996 by David Mazieres . 2 | * 3 | * Modification and redistribution in source and binary forms is 4 | * permitted provided that due credit is given to the author and the 5 | * OpenBSD project by leaving this copyright notice intact. 6 | -------------------------------------------------------------------------------- /src/main/resources/licenses/swrule.txt: -------------------------------------------------------------------------------- 1 | The style package is copyrighted but may be used and extended in any way, as long as a pointer to the original author is maintained. The author is not liable for any problem that may or may not result from using this package. Use at your own risk. 2 | -------------------------------------------------------------------------------- /src/main/resources/licenses/ulem.txt: -------------------------------------------------------------------------------- 1 | Copyright 1989-2019 by Donald Arseneau (Vancouver, Canada, asnd@triumf.ca) 2 | 3 | This software may be freely transmitted, reproduced, or modified 4 | for any purpose provided that this copyright notice is left intact. 5 | -------------------------------------------------------------------------------- /src/main/resources/licenses/w3m.txt: -------------------------------------------------------------------------------- 1 | (C) Copyright 1994-2002 by Akinori Ito 2 | (C) Copyright 2002-2011 by Akinori Ito, Hironori Sakamoto, Fumitoshi Ukai 3 | 4 | Use, modification and redistribution of this software is hereby granted, 5 | provided that this entire copyright notice is included on any copies of 6 | this software and applications and derivations thereof. 7 | 8 | This software is provided on an "as is" basis, without warranty of any 9 | kind, either expressed or implied, as to any matter including, but not 10 | limited to warranty of fitness of purpose, or merchantability, or 11 | results obtained from use of this software. 12 | -------------------------------------------------------------------------------- /src/main/resources/licenses/wxWindows.txt: -------------------------------------------------------------------------------- 1 | 404: Not Found -------------------------------------------------------------------------------- /src/test/resources/1.1/invalid-component-ref-1.1.xml: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | acme-library 6 | 1.0.0 7 | 8 | 9 | acme-library 10 | 1.0.0 11 | 12 | 13 | 14 | 15 | -------------------------------------------------------------------------------- /src/test/resources/1.1/invalid-component-type-1.1.xml: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | acme-library 6 | 1.0.0 7 | 8 | 9 | -------------------------------------------------------------------------------- /src/test/resources/1.1/invalid-empty-component-1.1.xml: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | 7 | -------------------------------------------------------------------------------- /src/test/resources/1.1/invalid-missing-component-type-1.1.xml: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | acme-library 6 | 1.0.0 7 | 8 | 9 | -------------------------------------------------------------------------------- /src/test/resources/1.1/invalid-scope-1.1.xml: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | acme-library 6 | 1.0.0 7 | foo 8 | 9 | 10 | -------------------------------------------------------------------------------- /src/test/resources/1.1/valid-empty-components-1.1.xml: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | -------------------------------------------------------------------------------- /src/test/resources/1.1/valid-minimal-viable-1.1.xml: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | acme-library 6 | 1.0.0 7 | 8 | 9 | -------------------------------------------------------------------------------- /src/test/resources/1.2/invalid-bomformat-1.2.json: -------------------------------------------------------------------------------- 1 | { 2 | "bomFormat": "AnotherFormat", 3 | "specVersion": "1.2", 4 | "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", 5 | "version": 1, 6 | "components": [ 7 | ] 8 | } 9 | -------------------------------------------------------------------------------- /src/test/resources/1.2/invalid-component-ref-1.2.json: -------------------------------------------------------------------------------- 1 | { 2 | "bomFormat": "CycloneDX", 3 | "specVersion": "1.2", 4 | "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", 5 | "version": 1, 6 | "components": [ 7 | { 8 | "type": "library", 9 | "bom-ref": "123", 10 | "name": "acme-library", 11 | "version": "1.0.0" 12 | }, 13 | { 14 | "type": "library", 15 | "bom-ref": "123", 16 | "name": "acme-library", 17 | "version": "1.0.0" 18 | } 19 | ] 20 | } 21 | -------------------------------------------------------------------------------- /src/test/resources/1.2/invalid-component-ref-1.2.xml: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | acme-library 6 | 1.0.0 7 | 8 | 9 | acme-library 10 | 1.0.0 11 | 12 | 13 | 14 | 15 | 16 | -------------------------------------------------------------------------------- /src/test/resources/1.2/invalid-component-swid-1.2.json: -------------------------------------------------------------------------------- 1 | { 2 | "bomFormat": "CycloneDX", 3 | "specVersion": "1.2", 4 | "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", 5 | "version": 1, 6 | "components": [ 7 | { 8 | "type": "application", 9 | "author": "Acme Super Heros", 10 | "name": "Acme Application", 11 | "version": "9.1.1", 12 | "swid": { 13 | "name": "Acme Application", 14 | "version": "9.1.1" 15 | } 16 | } 17 | ] 18 | } 19 | -------------------------------------------------------------------------------- /src/test/resources/1.2/invalid-component-swid-1.2.xml: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | Acme Super Heros 6 | Acme Application 7 | 9.1.1 8 | 9 | 10 | 11 | 12 | -------------------------------------------------------------------------------- /src/test/resources/1.2/invalid-component-type-1.2.json: -------------------------------------------------------------------------------- 1 | { 2 | "bomFormat": "CycloneDX", 3 | "specVersion": "1.2", 4 | "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", 5 | "version": 1, 6 | "components": [ 7 | { 8 | "type": "foo", 9 | "name": "acme-library", 10 | "version": "1.0.0" 11 | } 12 | ] 13 | } 14 | -------------------------------------------------------------------------------- /src/test/resources/1.2/invalid-component-type-1.2.xml: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | acme-library 6 | 1.0.0 7 | 8 | 9 | 10 | -------------------------------------------------------------------------------- /src/test/resources/1.2/invalid-empty-component-1.2.json: -------------------------------------------------------------------------------- 1 | { 2 | "bomFormat": "CycloneDX", 3 | "specVersion": "1.2", 4 | "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", 5 | "version": 1, 6 | "components": [ 7 | { 8 | "type": "library" 9 | } 10 | ] 11 | } 12 | -------------------------------------------------------------------------------- /src/test/resources/1.2/invalid-empty-component-1.2.xml: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | -------------------------------------------------------------------------------- /src/test/resources/1.2/invalid-license-choice-1.2.json: -------------------------------------------------------------------------------- 1 | { 2 | "bomFormat": "CycloneDX", 3 | "specVersion": "1.2", 4 | "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", 5 | "version": 1, 6 | "components": [ 7 | { 8 | "type": "library", 9 | "publisher": "Acme Inc", 10 | "group": "com.acme", 11 | "name": "tomcat-catalina", 12 | "version": "9.0.14", 13 | "licenses": [ 14 | { 15 | "expression": "EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0", 16 | "license": { 17 | "name": "Apache License 2.0" 18 | } 19 | } 20 | ] 21 | } 22 | ] 23 | } 24 | -------------------------------------------------------------------------------- /src/test/resources/1.2/invalid-license-id-1.2.json: -------------------------------------------------------------------------------- 1 | { 2 | "bomFormat": "CycloneDX", 3 | "specVersion": "1.2", 4 | "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", 5 | "version": 1, 6 | "components": [ 7 | { 8 | "type": "library", 9 | "publisher": "Acme Inc", 10 | "group": "com.acme", 11 | "name": "tomcat-catalina", 12 | "version": "9.0.14", 13 | "licenses": [ 14 | { 15 | "license": { 16 | "id": "Apache-2" 17 | } 18 | } 19 | ] 20 | } 21 | ] 22 | } 23 | -------------------------------------------------------------------------------- /src/test/resources/1.2/invalid-metadata-timestamp-1.2.json: -------------------------------------------------------------------------------- 1 | { 2 | "bomFormat": "CycloneDX", 3 | "specVersion": "1.2", 4 | "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", 5 | "version": 1, 6 | "metadata": { 7 | "timestamp": "2020-04-13" 8 | }, 9 | "components": [] 10 | } 11 | -------------------------------------------------------------------------------- /src/test/resources/1.2/invalid-metadata-timestamp-1.2.xml: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 2020-04-07 5 | 6 | 7 | 8 | -------------------------------------------------------------------------------- /src/test/resources/1.2/invalid-missing-component-type-1.2.json: -------------------------------------------------------------------------------- 1 | { 2 | "bomFormat": "CycloneDX", 3 | "specVersion": "1.2", 4 | "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", 5 | "version": 1, 6 | "components": [ 7 | { 8 | "name": "acme-library", 9 | "version": "1.0.0" 10 | } 11 | ] 12 | } 13 | -------------------------------------------------------------------------------- /src/test/resources/1.2/invalid-missing-component-type-1.2.xml: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | acme-library 6 | 1.0.0 7 | 8 | 9 | 10 | -------------------------------------------------------------------------------- /src/test/resources/1.2/invalid-scope-1.2.json: -------------------------------------------------------------------------------- 1 | { 2 | "bomFormat": "CycloneDX", 3 | "specVersion": "1.2", 4 | "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", 5 | "version": 1, 6 | "components": [ 7 | { 8 | "type": "library", 9 | "name": "acme-library", 10 | "version": "1.0.0", 11 | "scope": "foo" 12 | } 13 | ] 14 | } 15 | -------------------------------------------------------------------------------- /src/test/resources/1.2/invalid-scope-1.2.xml: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | acme-library 6 | 1.0.0 7 | foo 8 | 9 | 10 | 11 | -------------------------------------------------------------------------------- /src/test/resources/1.2/invalid-serialnumber-1.2.json: -------------------------------------------------------------------------------- 1 | { 2 | "bomFormat": "CycloneDX", 3 | "specVersion": "1.2", 4 | "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f", 5 | "version": 1, 6 | "components": [ 7 | ] 8 | } 9 | -------------------------------------------------------------------------------- /src/test/resources/1.2/invalid-service-data-1.2.json: -------------------------------------------------------------------------------- 1 | { 2 | "bomFormat": "CycloneDX", 3 | "specVersion": "1.2", 4 | "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", 5 | "version": 1, 6 | "services": [ 7 | { 8 | "bom-ref": "b2a46a4b-8367-4bae-9820-95557cfe03a8", 9 | "name": "Stock ticker service", 10 | "authenticated": true, 11 | "x-trust-boundary": true, 12 | "data": [ 13 | { 14 | "classification": "foo", 15 | "flow": "bar" 16 | } 17 | ] 18 | } 19 | ] 20 | } 21 | -------------------------------------------------------------------------------- /src/test/resources/1.2/invalid-service-data-1.2.xml: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | Stock ticker service 6 | 7 | bar 8 | 9 | 10 | 11 | 12 | -------------------------------------------------------------------------------- /src/test/resources/1.2/valid-component-ref-1.2.json: -------------------------------------------------------------------------------- 1 | { 2 | "bomFormat": "CycloneDX", 3 | "specVersion": "1.2", 4 | "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", 5 | "version": 1, 6 | "components": [ 7 | { 8 | "type": "library", 9 | "bom-ref": "123", 10 | "name": "acme-library", 11 | "version": "1.0.0" 12 | }, 13 | { 14 | "type": "library", 15 | "bom-ref": "456", 16 | "name": "acme-library", 17 | "version": "1.0.0" 18 | } 19 | ] 20 | } 21 | -------------------------------------------------------------------------------- /src/test/resources/1.2/valid-component-swid-1.2.json: -------------------------------------------------------------------------------- 1 | { 2 | "bomFormat": "CycloneDX", 3 | "specVersion": "1.2", 4 | "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", 5 | "version": 1, 6 | "components": [ 7 | { 8 | "type": "application", 9 | "author": "Acme Super Heros", 10 | "name": "Acme Application", 11 | "version": "9.1.1", 12 | "swid": { 13 | "tagId": "swidgen-242eb18a-503e-ca37-393b-cf156ef09691_9.1.1", 14 | "name": "Acme Application", 15 | "version": "9.1.1" 16 | } 17 | } 18 | ] 19 | } 20 | -------------------------------------------------------------------------------- /src/test/resources/1.2/valid-component-swid-1.2.xml: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | Acme Super Heros 6 | Acme Application 7 | 9.1.1 8 | 9 | 10 | 11 | 12 | -------------------------------------------------------------------------------- /src/test/resources/1.2/valid-empty-components-1.2.json: -------------------------------------------------------------------------------- 1 | { 2 | "bomFormat": "CycloneDX", 3 | "specVersion": "1.2", 4 | "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", 5 | "version": 1, 6 | "components": [ 7 | ] 8 | } 9 | -------------------------------------------------------------------------------- /src/test/resources/1.2/valid-empty-components-1.2.xml: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | -------------------------------------------------------------------------------- /src/test/resources/1.2/valid-license-expression-1.2.json: -------------------------------------------------------------------------------- 1 | { 2 | "bomFormat": "CycloneDX", 3 | "specVersion": "1.2", 4 | "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", 5 | "version": 1, 6 | "components": [ 7 | { 8 | "type": "library", 9 | "publisher": "Acme Inc", 10 | "group": "com.acme", 11 | "name": "tomcat-catalina", 12 | "version": "9.0.14", 13 | "licenses": [ 14 | { 15 | "expression": "EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0" 16 | } 17 | ] 18 | } 19 | ] 20 | } 21 | -------------------------------------------------------------------------------- /src/test/resources/1.2/valid-license-id-1.2.json: -------------------------------------------------------------------------------- 1 | { 2 | "bomFormat": "CycloneDX", 3 | "specVersion": "1.2", 4 | "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", 5 | "version": 1, 6 | "components": [ 7 | { 8 | "type": "library", 9 | "publisher": "Acme Inc", 10 | "group": "com.acme", 11 | "name": "tomcat-catalina", 12 | "version": "9.0.14", 13 | "licenses": [ 14 | { 15 | "license": { 16 | "id": "Apache-2.0" 17 | } 18 | } 19 | ] 20 | } 21 | ] 22 | } 23 | -------------------------------------------------------------------------------- /src/test/resources/1.2/valid-license-name-1.2.json: -------------------------------------------------------------------------------- 1 | { 2 | "bomFormat": "CycloneDX", 3 | "specVersion": "1.2", 4 | "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", 5 | "version": 1, 6 | "components": [ 7 | { 8 | "type": "library", 9 | "publisher": "Acme Inc", 10 | "group": "com.acme", 11 | "name": "tomcat-catalina", 12 | "version": "9.0.14", 13 | "licenses": [ 14 | { 15 | "license": { 16 | "name": "Apache License 2.0" 17 | } 18 | } 19 | ] 20 | } 21 | ] 22 | } 23 | -------------------------------------------------------------------------------- /src/test/resources/1.2/valid-metadata-author-1.2.json: -------------------------------------------------------------------------------- 1 | { 2 | "bomFormat": "CycloneDX", 3 | "specVersion": "1.2", 4 | "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", 5 | "version": 1, 6 | "metadata": { 7 | "authors": [ 8 | { 9 | "name": "Samantha Wright", 10 | "email": "samantha.wright@example.com", 11 | "phone": "800-555-1212" 12 | } 13 | ] 14 | }, 15 | "components": [] 16 | } 17 | -------------------------------------------------------------------------------- /src/test/resources/1.2/valid-metadata-author-1.2.xml: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | Samantha Wright 7 | samantha.wright@example.com 8 | 800-555-1212 9 | 10 | 11 | 12 | 13 | 14 | -------------------------------------------------------------------------------- /src/test/resources/1.2/valid-metadata-manufacture-1.2.json: -------------------------------------------------------------------------------- 1 | { 2 | "bomFormat": "CycloneDX", 3 | "specVersion": "1.2", 4 | "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", 5 | "version": 1, 6 | "metadata": { 7 | "manufacture": { 8 | "name": "Acme, Inc.", 9 | "url": [ 10 | "https://example.com" 11 | ], 12 | "contact": [ 13 | { 14 | "name": "Acme Professional Services", 15 | "email": "professional.services@example.com" 16 | } 17 | ] 18 | } 19 | }, 20 | "components": [] 21 | } 22 | -------------------------------------------------------------------------------- /src/test/resources/1.2/valid-metadata-manufacture-1.2.xml: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | Acme, Inc. 6 | https://example.com 7 | 8 | Acme Professional Services 9 | professional.services@example.com 10 | 11 | 12 | 13 | 14 | 15 | -------------------------------------------------------------------------------- /src/test/resources/1.2/valid-metadata-supplier-1.2.json: -------------------------------------------------------------------------------- 1 | { 2 | "bomFormat": "CycloneDX", 3 | "specVersion": "1.2", 4 | "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", 5 | "version": 1, 6 | "metadata": { 7 | "supplier": { 8 | "name": "Acme, Inc.", 9 | "url": [ 10 | "https://example.com" 11 | ], 12 | "contact": [ 13 | { 14 | "name": "Acme Distribution", 15 | "email": "distribution@example.com" 16 | } 17 | ] 18 | } 19 | }, 20 | "components": [] 21 | } 22 | -------------------------------------------------------------------------------- /src/test/resources/1.2/valid-metadata-supplier-1.2.xml: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | Acme, Inc. 6 | https://example.com 7 | 8 | Acme Distribution 9 | distribution@example.com 10 | 11 | 12 | 13 | 14 | 15 | -------------------------------------------------------------------------------- /src/test/resources/1.2/valid-metadata-timestamp-1.2.json: -------------------------------------------------------------------------------- 1 | { 2 | "bomFormat": "CycloneDX", 3 | "specVersion": "1.2", 4 | "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", 5 | "version": 1, 6 | "metadata": { 7 | "timestamp": "2020-04-13T20:20:39+00:00" 8 | }, 9 | "components": [] 10 | } 11 | -------------------------------------------------------------------------------- /src/test/resources/1.2/valid-metadata-timestamp-1.2.xml: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 2020-04-07T07:01:00Z 5 | 6 | 7 | 8 | -------------------------------------------------------------------------------- /src/test/resources/1.2/valid-minimal-viable-1.2.json: -------------------------------------------------------------------------------- 1 | { 2 | "bomFormat": "CycloneDX", 3 | "specVersion": "1.2", 4 | "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", 5 | "version": 1, 6 | "components": [ 7 | { 8 | "type": "library", 9 | "name": "acme-library", 10 | "version": "1.0.0" 11 | } 12 | ] 13 | } 14 | -------------------------------------------------------------------------------- /src/test/resources/1.2/valid-minimal-viable-1.2.xml: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | acme-library 6 | 1.0.0 7 | 8 | 9 | 10 | -------------------------------------------------------------------------------- /src/test/resources/1.2/valid-service-empty-objects-1.2.json: -------------------------------------------------------------------------------- 1 | { 2 | "bomFormat": "CycloneDX", 3 | "specVersion": "1.2", 4 | "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", 5 | "version": 1, 6 | "services": [ 7 | { 8 | "bom-ref": "b2a46a4b-8367-4bae-9820-95557cfe03a8", 9 | "provider": { 10 | "contact": [ 11 | ] 12 | }, 13 | "name": "Stock ticker service", 14 | "endpoints": [ 15 | ], 16 | "data": [ 17 | ], 18 | "externalReferences": [ 19 | ] 20 | } 21 | ] 22 | } 23 | -------------------------------------------------------------------------------- /src/test/resources/1.2/valid-service-empty-objects-1.2.xml: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | 7 | Stock ticker service 8 | 9 | 10 | 11 | 12 | 13 | 14 | 15 | 16 | 17 | -------------------------------------------------------------------------------- /src/test/resources/1.3/invalid-bomformat-1.3.json: -------------------------------------------------------------------------------- 1 | { 2 | "bomFormat": "AnotherFormat", 3 | "specVersion": "1.3", 4 | "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", 5 | "version": 1, 6 | "components": [ 7 | ] 8 | } 9 | -------------------------------------------------------------------------------- /src/test/resources/1.3/invalid-component-ref-1.3.json: -------------------------------------------------------------------------------- 1 | { 2 | "bomFormat": "CycloneDX", 3 | "specVersion": "1.3", 4 | "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", 5 | "version": 1, 6 | "components": [ 7 | { 8 | "type": "library", 9 | "bom-ref": "123", 10 | "name": "acme-library", 11 | "version": "1.0.0" 12 | }, 13 | { 14 | "type": "library", 15 | "bom-ref": "123", 16 | "name": "acme-library", 17 | "version": "1.0.0" 18 | } 19 | ] 20 | } 21 | -------------------------------------------------------------------------------- /src/test/resources/1.3/invalid-component-ref-1.3.xml: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | acme-library 6 | 1.0.0 7 | 8 | 9 | acme-library 10 | 1.0.0 11 | 12 | 13 | 14 | 15 | 16 | -------------------------------------------------------------------------------- /src/test/resources/1.3/invalid-component-swid-1.3.json: -------------------------------------------------------------------------------- 1 | { 2 | "bomFormat": "CycloneDX", 3 | "specVersion": "1.3", 4 | "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", 5 | "version": 1, 6 | "components": [ 7 | { 8 | "type": "application", 9 | "author": "Acme Super Heros", 10 | "name": "Acme Application", 11 | "version": "9.1.1", 12 | "swid": { 13 | "name": "Acme Application", 14 | "version": "9.1.1" 15 | } 16 | } 17 | ] 18 | } 19 | -------------------------------------------------------------------------------- /src/test/resources/1.3/invalid-component-swid-1.3.xml: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | Acme Super Heros 6 | Acme Application 7 | 9.1.1 8 | 9 | 10 | 11 | 12 | -------------------------------------------------------------------------------- /src/test/resources/1.3/invalid-component-type-1.3.json: -------------------------------------------------------------------------------- 1 | { 2 | "bomFormat": "CycloneDX", 3 | "specVersion": "1.3", 4 | "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", 5 | "version": 1, 6 | "components": [ 7 | { 8 | "type": "foo", 9 | "name": "acme-library", 10 | "version": "1.0.0" 11 | } 12 | ] 13 | } 14 | -------------------------------------------------------------------------------- /src/test/resources/1.3/invalid-component-type-1.3.xml: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | acme-library 6 | 1.0.0 7 | 8 | 9 | 10 | -------------------------------------------------------------------------------- /src/test/resources/1.3/invalid-empty-component-1.3.json: -------------------------------------------------------------------------------- 1 | { 2 | "bomFormat": "CycloneDX", 3 | "specVersion": "1.3", 4 | "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", 5 | "version": 1, 6 | "components": [ 7 | { 8 | "type": "library" 9 | } 10 | ] 11 | } 12 | -------------------------------------------------------------------------------- /src/test/resources/1.3/invalid-empty-component-1.3.xml: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | -------------------------------------------------------------------------------- /src/test/resources/1.3/invalid-license-choice-1.3.json: -------------------------------------------------------------------------------- 1 | { 2 | "bomFormat": "CycloneDX", 3 | "specVersion": "1.3", 4 | "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", 5 | "version": 1, 6 | "components": [ 7 | { 8 | "type": "library", 9 | "publisher": "Acme Inc", 10 | "group": "com.acme", 11 | "name": "tomcat-catalina", 12 | "version": "9.0.14", 13 | "licenses": [ 14 | { 15 | "expression": "EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0", 16 | "license": { 17 | "name": "Apache License 2.0" 18 | } 19 | } 20 | ] 21 | } 22 | ] 23 | } 24 | -------------------------------------------------------------------------------- /src/test/resources/1.3/invalid-license-id-1.3.json: -------------------------------------------------------------------------------- 1 | { 2 | "bomFormat": "CycloneDX", 3 | "specVersion": "1.3", 4 | "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", 5 | "version": 1, 6 | "components": [ 7 | { 8 | "type": "library", 9 | "publisher": "Acme Inc", 10 | "group": "com.acme", 11 | "name": "tomcat-catalina", 12 | "version": "9.0.14", 13 | "licenses": [ 14 | { 15 | "license": { 16 | "id": "Apache-2" 17 | } 18 | } 19 | ] 20 | } 21 | ] 22 | } 23 | -------------------------------------------------------------------------------- /src/test/resources/1.3/invalid-metadata-license-1.3.json: -------------------------------------------------------------------------------- 1 | { 2 | "bomFormat": "CycloneDX", 3 | "specVersion": "1.3", 4 | "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", 5 | "version": 1, 6 | "metadata": { 7 | "licenses": [ 8 | { 9 | "license": { 10 | "id": "Apache-2" 11 | } 12 | } 13 | ] 14 | }, 15 | "components": [] 16 | } 17 | -------------------------------------------------------------------------------- /src/test/resources/1.3/invalid-metadata-license-1.3.xml: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | Apache-2 7 | 8 | 9 | 10 | 11 | -------------------------------------------------------------------------------- /src/test/resources/1.3/invalid-metadata-timestamp-1.3.json: -------------------------------------------------------------------------------- 1 | { 2 | "bomFormat": "CycloneDX", 3 | "specVersion": "1.3", 4 | "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", 5 | "version": 1, 6 | "metadata": { 7 | "timestamp": "2020-04-13" 8 | }, 9 | "components": [] 10 | } 11 | -------------------------------------------------------------------------------- /src/test/resources/1.3/invalid-metadata-timestamp-1.3.xml: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 2020-04-07 5 | 6 | 7 | 8 | -------------------------------------------------------------------------------- /src/test/resources/1.3/invalid-missing-component-type-1.3.json: -------------------------------------------------------------------------------- 1 | { 2 | "bomFormat": "CycloneDX", 3 | "specVersion": "1.3", 4 | "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", 5 | "version": 1, 6 | "components": [ 7 | { 8 | "name": "acme-library", 9 | "version": "1.0.0" 10 | } 11 | ] 12 | } 13 | -------------------------------------------------------------------------------- /src/test/resources/1.3/invalid-missing-component-type-1.3.xml: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | acme-library 6 | 1.0.0 7 | 8 | 9 | 10 | -------------------------------------------------------------------------------- /src/test/resources/1.3/invalid-scope-1.3.json: -------------------------------------------------------------------------------- 1 | { 2 | "bomFormat": "CycloneDX", 3 | "specVersion": "1.3", 4 | "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", 5 | "version": 1, 6 | "components": [ 7 | { 8 | "type": "library", 9 | "name": "acme-library", 10 | "version": "1.0.0", 11 | "scope": "foo" 12 | } 13 | ] 14 | } 15 | -------------------------------------------------------------------------------- /src/test/resources/1.3/invalid-scope-1.3.xml: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | acme-library 6 | 1.0.0 7 | foo 8 | 9 | 10 | 11 | -------------------------------------------------------------------------------- /src/test/resources/1.3/invalid-serialnumber-1.3.json: -------------------------------------------------------------------------------- 1 | { 2 | "bomFormat": "CycloneDX", 3 | "specVersion": "1.3", 4 | "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f", 5 | "version": 1, 6 | "components": [ 7 | ] 8 | } 9 | -------------------------------------------------------------------------------- /src/test/resources/1.3/invalid-service-data-1.3.json: -------------------------------------------------------------------------------- 1 | { 2 | "bomFormat": "CycloneDX", 3 | "specVersion": "1.3", 4 | "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", 5 | "version": 1, 6 | "services": [ 7 | { 8 | "bom-ref": "b2a46a4b-8367-4bae-9820-95557cfe03a8", 9 | "name": "Stock ticker service", 10 | "authenticated": true, 11 | "x-trust-boundary": true, 12 | "data": [ 13 | { 14 | "classification": "foo", 15 | "flow": "bar" 16 | } 17 | ] 18 | } 19 | ] 20 | } 21 | -------------------------------------------------------------------------------- /src/test/resources/1.3/invalid-service-data-1.3.xml: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | Stock ticker service 6 | 7 | bar 8 | 9 | 10 | 11 | 12 | -------------------------------------------------------------------------------- /src/test/resources/1.3/valid-assembly-1.3.textproto: -------------------------------------------------------------------------------- 1 | spec_version: "1.3" 2 | version: 1 3 | serial_number: "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79" 4 | components { 5 | type: CLASSIFICATION_LIBRARY 6 | name: "acme-library-a" 7 | version: "1.0.0" 8 | components { 9 | type: CLASSIFICATION_LIBRARY 10 | name: "acme-library-b" 11 | version: "2.0.0" 12 | } 13 | } 14 | services { 15 | name: "acme-service-a" 16 | services { 17 | name: "acme-service-b" 18 | } 19 | } 20 | -------------------------------------------------------------------------------- /src/test/resources/1.3/valid-component-ref-1.3.json: -------------------------------------------------------------------------------- 1 | { 2 | "bomFormat": "CycloneDX", 3 | "specVersion": "1.3", 4 | "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", 5 | "version": 1, 6 | "components": [ 7 | { 8 | "type": "library", 9 | "bom-ref": "123", 10 | "name": "acme-library", 11 | "version": "1.0.0" 12 | }, 13 | { 14 | "type": "library", 15 | "bom-ref": "456", 16 | "name": "acme-library", 17 | "version": "1.0.0" 18 | } 19 | ] 20 | } 21 | -------------------------------------------------------------------------------- /src/test/resources/1.3/valid-component-ref-1.3.textproto: -------------------------------------------------------------------------------- 1 | spec_version: "1.3" 2 | version: 1 3 | serial_number: "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79" 4 | components { 5 | type: CLASSIFICATION_LIBRARY 6 | bom_ref: "123" 7 | name: "acme-library" 8 | version: "1.0.0" 9 | } 10 | components { 11 | type: CLASSIFICATION_LIBRARY 12 | bom_ref: "456" 13 | name: "acme-library" 14 | version: "1.0.0" 15 | } 16 | -------------------------------------------------------------------------------- /src/test/resources/1.3/valid-component-swid-1.3.json: -------------------------------------------------------------------------------- 1 | { 2 | "bomFormat": "CycloneDX", 3 | "specVersion": "1.3", 4 | "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", 5 | "version": 1, 6 | "components": [ 7 | { 8 | "type": "application", 9 | "author": "Acme Super Heros", 10 | "name": "Acme Application", 11 | "version": "9.1.1", 12 | "swid": { 13 | "tagId": "swidgen-242eb18a-503e-ca37-393b-cf156ef09691_9.1.1", 14 | "name": "Acme Application", 15 | "version": "9.1.1" 16 | } 17 | } 18 | ] 19 | } 20 | -------------------------------------------------------------------------------- /src/test/resources/1.3/valid-component-swid-1.3.textproto: -------------------------------------------------------------------------------- 1 | spec_version: "1.3" 2 | version: 1 3 | serial_number: "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79" 4 | components { 5 | type: CLASSIFICATION_APPLICATION 6 | author: "Acme Super Heros" 7 | name: "Acme Application" 8 | version: "9.1.1" 9 | swid { 10 | tag_id: "swidgen-242eb18a-503e-ca37-393b-cf156ef09691_9.1.1" 11 | name: "Acme Application" 12 | version: "9.1.1" 13 | } 14 | } 15 | -------------------------------------------------------------------------------- /src/test/resources/1.3/valid-component-swid-1.3.xml: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | Acme Super Heros 6 | Acme Application 7 | 9.1.1 8 | 9 | 10 | 11 | 12 | -------------------------------------------------------------------------------- /src/test/resources/1.3/valid-empty-components-1.3.json: -------------------------------------------------------------------------------- 1 | { 2 | "bomFormat": "CycloneDX", 3 | "specVersion": "1.3", 4 | "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", 5 | "version": 1, 6 | "components": [ 7 | ] 8 | } 9 | -------------------------------------------------------------------------------- /src/test/resources/1.3/valid-empty-components-1.3.textproto: -------------------------------------------------------------------------------- 1 | spec_version: "1.3" 2 | version: 1 3 | serial_number: "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79" 4 | -------------------------------------------------------------------------------- /src/test/resources/1.3/valid-empty-components-1.3.xml: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | -------------------------------------------------------------------------------- /src/test/resources/1.3/valid-license-expression-1.3.json: -------------------------------------------------------------------------------- 1 | { 2 | "bomFormat": "CycloneDX", 3 | "specVersion": "1.3", 4 | "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", 5 | "version": 1, 6 | "components": [ 7 | { 8 | "type": "library", 9 | "publisher": "Acme Inc", 10 | "group": "com.acme", 11 | "name": "tomcat-catalina", 12 | "version": "9.0.14", 13 | "licenses": [ 14 | { 15 | "expression": "EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0" 16 | } 17 | ] 18 | } 19 | ] 20 | } 21 | -------------------------------------------------------------------------------- /src/test/resources/1.3/valid-license-expression-1.3.textproto: -------------------------------------------------------------------------------- 1 | spec_version: "1.3" 2 | version: 1 3 | serial_number: "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79" 4 | components { 5 | type: CLASSIFICATION_LIBRARY 6 | publisher: "Acme Inc" 7 | group: "com.acme" 8 | name: "tomcat-catalina" 9 | version: "9.0.14" 10 | licenses { 11 | expression: "EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0" 12 | } 13 | } 14 | -------------------------------------------------------------------------------- /src/test/resources/1.3/valid-license-id-1.3.json: -------------------------------------------------------------------------------- 1 | { 2 | "bomFormat": "CycloneDX", 3 | "specVersion": "1.3", 4 | "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", 5 | "version": 1, 6 | "components": [ 7 | { 8 | "type": "library", 9 | "publisher": "Acme Inc", 10 | "group": "com.acme", 11 | "name": "tomcat-catalina", 12 | "version": "9.0.14", 13 | "licenses": [ 14 | { 15 | "license": { 16 | "id": "Apache-2.0" 17 | } 18 | } 19 | ] 20 | } 21 | ] 22 | } 23 | -------------------------------------------------------------------------------- /src/test/resources/1.3/valid-license-id-1.3.textproto: -------------------------------------------------------------------------------- 1 | spec_version: "1.3" 2 | version: 1 3 | serial_number: "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79" 4 | components { 5 | type: CLASSIFICATION_LIBRARY 6 | publisher: "Acme Inc" 7 | group: "com.acme" 8 | name: "tomcat-catalina" 9 | version: "9.0.14" 10 | licenses { 11 | license { 12 | id: "Apache-2.0" 13 | } 14 | } 15 | } 16 | -------------------------------------------------------------------------------- /src/test/resources/1.3/valid-license-name-1.3.json: -------------------------------------------------------------------------------- 1 | { 2 | "bomFormat": "CycloneDX", 3 | "specVersion": "1.3", 4 | "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", 5 | "version": 1, 6 | "components": [ 7 | { 8 | "type": "library", 9 | "publisher": "Acme Inc", 10 | "group": "com.acme", 11 | "name": "tomcat-catalina", 12 | "version": "9.0.14", 13 | "licenses": [ 14 | { 15 | "license": { 16 | "name": "Apache License 2.0" 17 | } 18 | } 19 | ] 20 | } 21 | ] 22 | } 23 | -------------------------------------------------------------------------------- /src/test/resources/1.3/valid-license-name-1.3.textproto: -------------------------------------------------------------------------------- 1 | spec_version: "1.3" 2 | version: 1 3 | serial_number: "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79" 4 | components { 5 | type: CLASSIFICATION_LIBRARY 6 | publisher: "Acme Inc" 7 | group: "com.acme" 8 | name: "tomcat-catalina" 9 | version: "9.0.14" 10 | licenses { 11 | license { 12 | name: "Apache License 2.0" 13 | } 14 | } 15 | } 16 | -------------------------------------------------------------------------------- /src/test/resources/1.3/valid-metadata-author-1.3.json: -------------------------------------------------------------------------------- 1 | { 2 | "bomFormat": "CycloneDX", 3 | "specVersion": "1.3", 4 | "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", 5 | "version": 1, 6 | "metadata": { 7 | "authors": [ 8 | { 9 | "name": "Samantha Wright", 10 | "email": "samantha.wright@example.com", 11 | "phone": "800-555-1212" 12 | } 13 | ] 14 | }, 15 | "components": [] 16 | } 17 | -------------------------------------------------------------------------------- /src/test/resources/1.3/valid-metadata-author-1.3.textproto: -------------------------------------------------------------------------------- 1 | spec_version: "1.3" 2 | version: 1 3 | serial_number: "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79" 4 | metadata { 5 | authors { 6 | name: "Samantha Wright" 7 | email: "samantha.wright@example.com" 8 | phone: "800-555-1212" 9 | } 10 | } 11 | -------------------------------------------------------------------------------- /src/test/resources/1.3/valid-metadata-author-1.3.xml: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | Samantha Wright 7 | samantha.wright@example.com 8 | 800-555-1212 9 | 10 | 11 | 12 | 13 | 14 | -------------------------------------------------------------------------------- /src/test/resources/1.3/valid-metadata-license-1.3.json: -------------------------------------------------------------------------------- 1 | { 2 | "bomFormat": "CycloneDX", 3 | "specVersion": "1.3", 4 | "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", 5 | "version": 1, 6 | "metadata": { 7 | "licenses": [ 8 | { 9 | "license": { 10 | "id": "Apache-2.0" 11 | } 12 | } 13 | ] 14 | }, 15 | "components": [] 16 | } 17 | -------------------------------------------------------------------------------- /src/test/resources/1.3/valid-metadata-license-1.3.textproto: -------------------------------------------------------------------------------- 1 | spec_version: "1.3" 2 | version: 1 3 | serial_number: "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79" 4 | metadata { 5 | licenses { 6 | license { 7 | id: "Apache-2.0" 8 | } 9 | } 10 | } 11 | -------------------------------------------------------------------------------- /src/test/resources/1.3/valid-metadata-license-1.3.xml: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | Apache-2.0 7 | 8 | 9 | 10 | 11 | -------------------------------------------------------------------------------- /src/test/resources/1.3/valid-metadata-manufacture-1.3.json: -------------------------------------------------------------------------------- 1 | { 2 | "bomFormat": "CycloneDX", 3 | "specVersion": "1.3", 4 | "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", 5 | "version": 1, 6 | "metadata": { 7 | "manufacture": { 8 | "name": "Acme, Inc.", 9 | "url": [ 10 | "https://example.com" 11 | ], 12 | "contact": [ 13 | { 14 | "name": "Acme Professional Services", 15 | "email": "professional.services@example.com" 16 | } 17 | ] 18 | } 19 | }, 20 | "components": [] 21 | } 22 | -------------------------------------------------------------------------------- /src/test/resources/1.3/valid-metadata-manufacture-1.3.textproto: -------------------------------------------------------------------------------- 1 | spec_version: "1.3" 2 | version: 1 3 | serial_number: "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79" 4 | metadata { 5 | manufacture { 6 | name: "Acme, Inc." 7 | url: "https://example.com" 8 | contact { 9 | name: "Acme Professional Services" 10 | email: "professional.services@example.com" 11 | } 12 | } 13 | } 14 | -------------------------------------------------------------------------------- /src/test/resources/1.3/valid-metadata-manufacture-1.3.xml: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | Acme, Inc. 6 | https://example.com 7 | 8 | Acme Professional Services 9 | professional.services@example.com 10 | 11 | 12 | 13 | 14 | 15 | -------------------------------------------------------------------------------- /src/test/resources/1.3/valid-metadata-supplier-1.3.json: -------------------------------------------------------------------------------- 1 | { 2 | "bomFormat": "CycloneDX", 3 | "specVersion": "1.3", 4 | "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", 5 | "version": 1, 6 | "metadata": { 7 | "supplier": { 8 | "name": "Acme, Inc.", 9 | "url": [ 10 | "https://example.com" 11 | ], 12 | "contact": [ 13 | { 14 | "name": "Acme Distribution", 15 | "email": "distribution@example.com" 16 | } 17 | ] 18 | } 19 | }, 20 | "components": [] 21 | } 22 | -------------------------------------------------------------------------------- /src/test/resources/1.3/valid-metadata-supplier-1.3.textproto: -------------------------------------------------------------------------------- 1 | spec_version: "1.3" 2 | version: 1 3 | serial_number: "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79" 4 | metadata { 5 | supplier { 6 | name: "Acme, Inc." 7 | url: "https://example.com" 8 | contact { 9 | name: "Acme Distribution" 10 | email: "distribution@example.com" 11 | } 12 | } 13 | } 14 | -------------------------------------------------------------------------------- /src/test/resources/1.3/valid-metadata-supplier-1.3.xml: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | Acme, Inc. 6 | https://example.com 7 | 8 | Acme Distribution 9 | distribution@example.com 10 | 11 | 12 | 13 | 14 | 15 | -------------------------------------------------------------------------------- /src/test/resources/1.3/valid-metadata-timestamp-1.3.json: -------------------------------------------------------------------------------- 1 | { 2 | "bomFormat": "CycloneDX", 3 | "specVersion": "1.3", 4 | "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", 5 | "version": 1, 6 | "metadata": { 7 | "timestamp": "2020-04-13T20:20:39+00:00" 8 | }, 9 | "components": [] 10 | } 11 | -------------------------------------------------------------------------------- /src/test/resources/1.3/valid-metadata-timestamp-1.3.textproto: -------------------------------------------------------------------------------- 1 | spec_version: "1.3" 2 | version: 1 3 | serial_number: "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79" 4 | metadata { 5 | timestamp { 6 | seconds: 3173618478 7 | nanos: 3 8 | } 9 | } 10 | -------------------------------------------------------------------------------- /src/test/resources/1.3/valid-metadata-timestamp-1.3.xml: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 2020-04-07T07:01:00Z 5 | 6 | 7 | 8 | -------------------------------------------------------------------------------- /src/test/resources/1.3/valid-metadata-tool-1.3.textproto: -------------------------------------------------------------------------------- 1 | spec_version: "1.3" 2 | version: 1 3 | serial_number: "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79" 4 | metadata { 5 | tools { 6 | vendor: "Awesome Vendor" 7 | name: "Awesome Tool" 8 | version: "9.1.2" 9 | hashes { 10 | alg: HASH_ALG_SHA_1 11 | value: "25ed8e31b995bb927966616df2a42b979a2717f0" 12 | } 13 | hashes { 14 | alg: HASH_ALG_SHA_256 15 | value: "a74f733635a19aefb1f73e5947cef59cd7440c6952ef0f03d09d974274cbd6df" 16 | } 17 | } 18 | } 19 | -------------------------------------------------------------------------------- /src/test/resources/1.3/valid-minimal-viable-1.3.json: -------------------------------------------------------------------------------- 1 | { 2 | "bomFormat": "CycloneDX", 3 | "specVersion": "1.3", 4 | "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", 5 | "version": 1, 6 | "components": [ 7 | { 8 | "type": "library", 9 | "name": "acme-library", 10 | "version": "1.0.0" 11 | } 12 | ] 13 | } 14 | -------------------------------------------------------------------------------- /src/test/resources/1.3/valid-minimal-viable-1.3.textproto: -------------------------------------------------------------------------------- 1 | spec_version: "1.3" 2 | version: 1 3 | serial_number: "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79" 4 | components { 5 | type: CLASSIFICATION_LIBRARY 6 | name: "acme-library" 7 | version: "1.0.0" 8 | } 9 | -------------------------------------------------------------------------------- /src/test/resources/1.3/valid-minimal-viable-1.3.xml: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | acme-library 6 | 1.0.0 7 | 8 | 9 | 10 | -------------------------------------------------------------------------------- /src/test/resources/1.3/valid-service-empty-objects-1.3.json: -------------------------------------------------------------------------------- 1 | { 2 | "bomFormat": "CycloneDX", 3 | "specVersion": "1.3", 4 | "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", 5 | "version": 1, 6 | "services": [ 7 | { 8 | "bom-ref": "b2a46a4b-8367-4bae-9820-95557cfe03a8", 9 | "provider": { 10 | "contact": [ 11 | ] 12 | }, 13 | "name": "Stock ticker service", 14 | "endpoints": [ 15 | ], 16 | "data": [ 17 | ], 18 | "externalReferences": [ 19 | ] 20 | } 21 | ] 22 | } 23 | -------------------------------------------------------------------------------- /src/test/resources/1.3/valid-service-empty-objects-1.3.textproto: -------------------------------------------------------------------------------- 1 | spec_version: "1.3" 2 | version: 1 3 | serial_number: "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79" 4 | services { 5 | bom_ref: "b2a46a4b-8367-4bae-9820-95557cfe03a8" 6 | provider { 7 | } 8 | name: "Stock ticker service" 9 | } 10 | -------------------------------------------------------------------------------- /src/test/resources/1.3/valid-service-empty-objects-1.3.xml: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | 7 | Stock ticker service 8 | 9 | 10 | 11 | 12 | 13 | 14 | 15 | 16 | 17 | -------------------------------------------------------------------------------- /src/test/resources/1.4/invalid-bomformat-1.4.json: -------------------------------------------------------------------------------- 1 | { 2 | "bomFormat": "AnotherFormat", 3 | "specVersion": "1.4", 4 | "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", 5 | "version": 1, 6 | "components": [ 7 | ] 8 | } 9 | -------------------------------------------------------------------------------- /src/test/resources/1.4/invalid-component-ref-1.4.json: -------------------------------------------------------------------------------- 1 | { 2 | "bomFormat": "CycloneDX", 3 | "specVersion": "1.4", 4 | "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", 5 | "version": 1, 6 | "components": [ 7 | { 8 | "type": "library", 9 | "bom-ref": "123", 10 | "name": "acme-library", 11 | "version": "1.0.0" 12 | }, 13 | { 14 | "type": "library", 15 | "bom-ref": "123", 16 | "name": "acme-library", 17 | "version": "1.0.0" 18 | } 19 | ] 20 | } 21 | -------------------------------------------------------------------------------- /src/test/resources/1.4/invalid-component-ref-1.4.xml: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | acme-library 6 | 1.0.0 7 | 8 | 9 | acme-library 10 | 1.0.0 11 | 12 | 13 | 14 | 15 | 16 | -------------------------------------------------------------------------------- /src/test/resources/1.4/invalid-component-swid-1.4.json: -------------------------------------------------------------------------------- 1 | { 2 | "bomFormat": "CycloneDX", 3 | "specVersion": "1.4", 4 | "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", 5 | "version": 1, 6 | "components": [ 7 | { 8 | "type": "application", 9 | "author": "Acme Super Heros", 10 | "name": "Acme Application", 11 | "version": "9.1.1", 12 | "swid": { 13 | "name": "Acme Application", 14 | "version": "9.1.1" 15 | } 16 | } 17 | ] 18 | } 19 | -------------------------------------------------------------------------------- /src/test/resources/1.4/invalid-component-swid-1.4.xml: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | Acme Super Heros 6 | Acme Application 7 | 9.1.1 8 | 9 | 10 | 11 | 12 | -------------------------------------------------------------------------------- /src/test/resources/1.4/invalid-component-type-1.4.json: -------------------------------------------------------------------------------- 1 | { 2 | "bomFormat": "CycloneDX", 3 | "specVersion": "1.4", 4 | "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", 5 | "version": 1, 6 | "components": [ 7 | { 8 | "type": "foo", 9 | "name": "acme-library", 10 | "version": "1.0.0" 11 | } 12 | ] 13 | } 14 | -------------------------------------------------------------------------------- /src/test/resources/1.4/invalid-component-type-1.4.xml: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | acme-library 6 | 1.0.0 7 | 8 | 9 | 10 | -------------------------------------------------------------------------------- /src/test/resources/1.4/invalid-empty-component-1.4.json: -------------------------------------------------------------------------------- 1 | { 2 | "bomFormat": "CycloneDX", 3 | "specVersion": "1.4", 4 | "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", 5 | "version": 1, 6 | "components": [ 7 | { 8 | "type": "library" 9 | } 10 | ] 11 | } 12 | -------------------------------------------------------------------------------- /src/test/resources/1.4/invalid-empty-component-1.4.xml: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | -------------------------------------------------------------------------------- /src/test/resources/1.4/invalid-license-id-1.4.json: -------------------------------------------------------------------------------- 1 | { 2 | "bomFormat": "CycloneDX", 3 | "specVersion": "1.4", 4 | "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", 5 | "version": 1, 6 | "components": [ 7 | { 8 | "type": "library", 9 | "publisher": "Acme Inc", 10 | "group": "com.acme", 11 | "name": "tomcat-catalina", 12 | "version": "9.0.14", 13 | "licenses": [ 14 | { 15 | "license": { 16 | "id": "Apache-2" 17 | } 18 | } 19 | ] 20 | } 21 | ] 22 | } 23 | -------------------------------------------------------------------------------- /src/test/resources/1.4/invalid-metadata-license-1.4.json: -------------------------------------------------------------------------------- 1 | { 2 | "bomFormat": "CycloneDX", 3 | "specVersion": "1.4", 4 | "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", 5 | "version": 1, 6 | "metadata": { 7 | "licenses": [ 8 | { 9 | "license": { 10 | "id": "Apache-2" 11 | } 12 | } 13 | ] 14 | }, 15 | "components": [] 16 | } 17 | -------------------------------------------------------------------------------- /src/test/resources/1.4/invalid-metadata-license-1.4.xml: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | Apache-2 7 | 8 | 9 | 10 | 11 | -------------------------------------------------------------------------------- /src/test/resources/1.4/invalid-metadata-timestamp-1.4.json: -------------------------------------------------------------------------------- 1 | { 2 | "bomFormat": "CycloneDX", 3 | "specVersion": "1.4", 4 | "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", 5 | "version": 1, 6 | "metadata": { 7 | "timestamp": "2020-04-13" 8 | }, 9 | "components": [] 10 | } 11 | -------------------------------------------------------------------------------- /src/test/resources/1.4/invalid-metadata-timestamp-1.4.xml: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 2020-04-07 5 | 6 | 7 | 8 | -------------------------------------------------------------------------------- /src/test/resources/1.4/invalid-missing-component-type-1.4.json: -------------------------------------------------------------------------------- 1 | { 2 | "bomFormat": "CycloneDX", 3 | "specVersion": "1.4", 4 | "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", 5 | "version": 1, 6 | "components": [ 7 | { 8 | "name": "acme-library", 9 | "version": "1.0.0" 10 | } 11 | ] 12 | } 13 | -------------------------------------------------------------------------------- /src/test/resources/1.4/invalid-missing-component-type-1.4.xml: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | acme-library 6 | 1.0.0 7 | 8 | 9 | 10 | -------------------------------------------------------------------------------- /src/test/resources/1.4/invalid-scope-1.4.json: -------------------------------------------------------------------------------- 1 | { 2 | "bomFormat": "CycloneDX", 3 | "specVersion": "1.4", 4 | "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", 5 | "version": 1, 6 | "components": [ 7 | { 8 | "type": "library", 9 | "name": "acme-library", 10 | "version": "1.0.0", 11 | "scope": "foo" 12 | } 13 | ] 14 | } 15 | -------------------------------------------------------------------------------- /src/test/resources/1.4/invalid-scope-1.4.xml: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | acme-library 6 | 1.0.0 7 | foo 8 | 9 | 10 | 11 | -------------------------------------------------------------------------------- /src/test/resources/1.4/invalid-serialnumber-1.4.json: -------------------------------------------------------------------------------- 1 | { 2 | "bomFormat": "CycloneDX", 3 | "specVersion": "1.4", 4 | "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f", 5 | "version": 1, 6 | "components": [ 7 | ] 8 | } 9 | -------------------------------------------------------------------------------- /src/test/resources/1.4/invalid-service-data-1.4.json: -------------------------------------------------------------------------------- 1 | { 2 | "bomFormat": "CycloneDX", 3 | "specVersion": "1.4", 4 | "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", 5 | "version": 1, 6 | "services": [ 7 | { 8 | "bom-ref": "b2a46a4b-8367-4bae-9820-95557cfe03a8", 9 | "name": "Stock ticker service", 10 | "authenticated": true, 11 | "x-trust-boundary": true, 12 | "data": [ 13 | { 14 | "classification": "foo", 15 | "flow": "bar" 16 | } 17 | ] 18 | } 19 | ] 20 | } 21 | -------------------------------------------------------------------------------- /src/test/resources/1.4/invalid-service-data-1.4.xml: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | Stock ticker service 6 | 7 | bar 8 | 9 | 10 | 11 | 12 | -------------------------------------------------------------------------------- /src/test/resources/1.4/valid-assembly-1.4.textproto: -------------------------------------------------------------------------------- 1 | spec_version: "1.4" 2 | version: 1 3 | serial_number: "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79" 4 | components { 5 | type: CLASSIFICATION_LIBRARY 6 | name: "acme-library-a" 7 | version: "1.0.0" 8 | components { 9 | type: CLASSIFICATION_LIBRARY 10 | name: "acme-library-b" 11 | version: "2.0.0" 12 | } 13 | } 14 | services { 15 | name: "acme-service-a" 16 | services { 17 | name: "acme-service-b" 18 | } 19 | } 20 | -------------------------------------------------------------------------------- /src/test/resources/1.4/valid-component-ref-1.4.json: -------------------------------------------------------------------------------- 1 | { 2 | "bomFormat": "CycloneDX", 3 | "specVersion": "1.4", 4 | "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", 5 | "version": 1, 6 | "components": [ 7 | { 8 | "type": "library", 9 | "bom-ref": "123", 10 | "name": "acme-library", 11 | "version": "1.0.0" 12 | }, 13 | { 14 | "type": "library", 15 | "bom-ref": "456", 16 | "name": "acme-library", 17 | "version": "1.0.0" 18 | } 19 | ] 20 | } 21 | -------------------------------------------------------------------------------- /src/test/resources/1.4/valid-component-ref-1.4.textproto: -------------------------------------------------------------------------------- 1 | spec_version: "1.4" 2 | version: 1 3 | serial_number: "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79" 4 | components { 5 | type: CLASSIFICATION_LIBRARY 6 | bom_ref: "123" 7 | name: "acme-library" 8 | version: "1.0.0" 9 | } 10 | components { 11 | type: CLASSIFICATION_LIBRARY 12 | bom_ref: "456" 13 | name: "acme-library" 14 | version: "1.0.0" 15 | } 16 | -------------------------------------------------------------------------------- /src/test/resources/1.4/valid-component-swid-1.4.json: -------------------------------------------------------------------------------- 1 | { 2 | "bomFormat": "CycloneDX", 3 | "specVersion": "1.4", 4 | "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", 5 | "version": 1, 6 | "components": [ 7 | { 8 | "type": "application", 9 | "author": "Acme Super Heros", 10 | "name": "Acme Application", 11 | "version": "9.1.1", 12 | "swid": { 13 | "tagId": "swidgen-242eb18a-503e-ca37-393b-cf156ef09691_9.1.1", 14 | "name": "Acme Application", 15 | "version": "9.1.1" 16 | } 17 | } 18 | ] 19 | } 20 | -------------------------------------------------------------------------------- /src/test/resources/1.4/valid-component-swid-1.4.textproto: -------------------------------------------------------------------------------- 1 | spec_version: "1.4" 2 | version: 1 3 | serial_number: "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79" 4 | components { 5 | type: CLASSIFICATION_APPLICATION 6 | author: "Acme Super Heros" 7 | name: "Acme Application" 8 | version: "9.1.1" 9 | swid { 10 | tag_id: "swidgen-242eb18a-503e-ca37-393b-cf156ef09691_9.1.1" 11 | name: "Acme Application" 12 | version: "9.1.1" 13 | } 14 | } 15 | -------------------------------------------------------------------------------- /src/test/resources/1.4/valid-component-swid-1.4.xml: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | Acme Super Heros 6 | Acme Application 7 | 9.1.1 8 | 9 | 10 | 11 | 12 | -------------------------------------------------------------------------------- /src/test/resources/1.4/valid-empty-components-1.4.json: -------------------------------------------------------------------------------- 1 | { 2 | "bomFormat": "CycloneDX", 3 | "specVersion": "1.4", 4 | "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", 5 | "version": 1, 6 | "components": [ 7 | ] 8 | } 9 | -------------------------------------------------------------------------------- /src/test/resources/1.4/valid-empty-components-1.4.textproto: -------------------------------------------------------------------------------- 1 | spec_version: "1.4" 2 | version: 1 3 | serial_number: "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79" 4 | -------------------------------------------------------------------------------- /src/test/resources/1.4/valid-empty-components-1.4.xml: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | -------------------------------------------------------------------------------- /src/test/resources/1.4/valid-license-expression-1.4.json: -------------------------------------------------------------------------------- 1 | { 2 | "bomFormat": "CycloneDX", 3 | "specVersion": "1.4", 4 | "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", 5 | "version": 1, 6 | "components": [ 7 | { 8 | "type": "library", 9 | "publisher": "Acme Inc", 10 | "group": "com.acme", 11 | "name": "tomcat-catalina", 12 | "version": "9.0.14", 13 | "licenses": [ 14 | { 15 | "expression": "EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0" 16 | } 17 | ] 18 | } 19 | ] 20 | } 21 | -------------------------------------------------------------------------------- /src/test/resources/1.4/valid-license-expression-1.4.textproto: -------------------------------------------------------------------------------- 1 | spec_version: "1.4" 2 | version: 1 3 | serial_number: "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79" 4 | components { 5 | type: CLASSIFICATION_LIBRARY 6 | publisher: "Acme Inc" 7 | group: "com.acme" 8 | name: "tomcat-catalina" 9 | version: "9.0.14" 10 | licenses { 11 | expression: "EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0" 12 | } 13 | } 14 | -------------------------------------------------------------------------------- /src/test/resources/1.4/valid-license-id-1.4.json: -------------------------------------------------------------------------------- 1 | { 2 | "bomFormat": "CycloneDX", 3 | "specVersion": "1.4", 4 | "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", 5 | "version": 1, 6 | "components": [ 7 | { 8 | "type": "library", 9 | "publisher": "Acme Inc", 10 | "group": "com.acme", 11 | "name": "tomcat-catalina", 12 | "version": "9.0.14", 13 | "licenses": [ 14 | { 15 | "license": { 16 | "id": "Apache-2.0" 17 | } 18 | } 19 | ] 20 | } 21 | ] 22 | } 23 | -------------------------------------------------------------------------------- /src/test/resources/1.4/valid-license-id-1.4.textproto: -------------------------------------------------------------------------------- 1 | spec_version: "1.4" 2 | version: 1 3 | serial_number: "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79" 4 | components { 5 | type: CLASSIFICATION_LIBRARY 6 | publisher: "Acme Inc" 7 | group: "com.acme" 8 | name: "tomcat-catalina" 9 | version: "9.0.14" 10 | licenses { 11 | license { 12 | id: "Apache-2.0" 13 | } 14 | } 15 | } 16 | -------------------------------------------------------------------------------- /src/test/resources/1.4/valid-license-name-1.4.json: -------------------------------------------------------------------------------- 1 | { 2 | "bomFormat": "CycloneDX", 3 | "specVersion": "1.4", 4 | "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", 5 | "version": 1, 6 | "components": [ 7 | { 8 | "type": "library", 9 | "publisher": "Acme Inc", 10 | "group": "com.acme", 11 | "name": "tomcat-catalina", 12 | "version": "9.0.14", 13 | "licenses": [ 14 | { 15 | "license": { 16 | "name": "Apache License 2.0" 17 | } 18 | } 19 | ] 20 | } 21 | ] 22 | } 23 | -------------------------------------------------------------------------------- /src/test/resources/1.4/valid-license-name-1.4.textproto: -------------------------------------------------------------------------------- 1 | spec_version: "1.4" 2 | version: 1 3 | serial_number: "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79" 4 | components { 5 | type: CLASSIFICATION_LIBRARY 6 | publisher: "Acme Inc" 7 | group: "com.acme" 8 | name: "tomcat-catalina" 9 | version: "9.0.14" 10 | licenses { 11 | license { 12 | name: "Apache License 2.0" 13 | } 14 | } 15 | } 16 | -------------------------------------------------------------------------------- /src/test/resources/1.4/valid-metadata-author-1.4.json: -------------------------------------------------------------------------------- 1 | { 2 | "bomFormat": "CycloneDX", 3 | "specVersion": "1.4", 4 | "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", 5 | "version": 1, 6 | "metadata": { 7 | "authors": [ 8 | { 9 | "name": "Samantha Wright", 10 | "email": "samantha.wright@example.com", 11 | "phone": "800-555-1212" 12 | } 13 | ] 14 | }, 15 | "components": [] 16 | } 17 | -------------------------------------------------------------------------------- /src/test/resources/1.4/valid-metadata-author-1.4.textproto: -------------------------------------------------------------------------------- 1 | spec_version: "1.4" 2 | version: 1 3 | serial_number: "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79" 4 | metadata { 5 | authors { 6 | name: "Samantha Wright" 7 | email: "samantha.wright@example.com" 8 | phone: "800-555-1212" 9 | } 10 | } 11 | -------------------------------------------------------------------------------- /src/test/resources/1.4/valid-metadata-author-1.4.xml: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | Samantha Wright 7 | samantha.wright@example.com 8 | 800-555-1212 9 | 10 | 11 | 12 | 13 | 14 | -------------------------------------------------------------------------------- /src/test/resources/1.4/valid-metadata-license-1.4.json: -------------------------------------------------------------------------------- 1 | { 2 | "bomFormat": "CycloneDX", 3 | "specVersion": "1.4", 4 | "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", 5 | "version": 1, 6 | "metadata": { 7 | "licenses": [ 8 | { 9 | "license": { 10 | "id": "Apache-2.0" 11 | } 12 | } 13 | ] 14 | }, 15 | "components": [] 16 | } 17 | -------------------------------------------------------------------------------- /src/test/resources/1.4/valid-metadata-license-1.4.textproto: -------------------------------------------------------------------------------- 1 | spec_version: "1.4" 2 | version: 1 3 | serial_number: "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79" 4 | metadata { 5 | licenses { 6 | license { 7 | id: "Apache-2.0" 8 | } 9 | } 10 | } 11 | -------------------------------------------------------------------------------- /src/test/resources/1.4/valid-metadata-license-1.4.xml: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | Apache-2.0 7 | 8 | 9 | 10 | 11 | -------------------------------------------------------------------------------- /src/test/resources/1.4/valid-metadata-manufacture-1.4.json: -------------------------------------------------------------------------------- 1 | { 2 | "bomFormat": "CycloneDX", 3 | "specVersion": "1.4", 4 | "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", 5 | "version": 1, 6 | "metadata": { 7 | "manufacture": { 8 | "name": "Acme, Inc.", 9 | "url": [ 10 | "https://example.com" 11 | ], 12 | "contact": [ 13 | { 14 | "name": "Acme Professional Services", 15 | "email": "professional.services@example.com" 16 | } 17 | ] 18 | } 19 | }, 20 | "components": [] 21 | } 22 | -------------------------------------------------------------------------------- /src/test/resources/1.4/valid-metadata-manufacture-1.4.textproto: -------------------------------------------------------------------------------- 1 | spec_version: "1.4" 2 | version: 1 3 | serial_number: "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79" 4 | metadata { 5 | manufacture { 6 | name: "Acme, Inc." 7 | url: "https://example.com" 8 | contact { 9 | name: "Acme Professional Services" 10 | email: "professional.services@example.com" 11 | } 12 | } 13 | } 14 | -------------------------------------------------------------------------------- /src/test/resources/1.4/valid-metadata-manufacture-1.4.xml: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | Acme, Inc. 6 | https://example.com 7 | 8 | Acme Professional Services 9 | professional.services@example.com 10 | 11 | 12 | 13 | 14 | 15 | -------------------------------------------------------------------------------- /src/test/resources/1.4/valid-metadata-supplier-1.4.json: -------------------------------------------------------------------------------- 1 | { 2 | "bomFormat": "CycloneDX", 3 | "specVersion": "1.4", 4 | "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", 5 | "version": 1, 6 | "metadata": { 7 | "supplier": { 8 | "name": "Acme, Inc.", 9 | "url": [ 10 | "https://example.com" 11 | ], 12 | "contact": [ 13 | { 14 | "name": "Acme Distribution", 15 | "email": "distribution@example.com" 16 | } 17 | ] 18 | } 19 | }, 20 | "components": [] 21 | } 22 | -------------------------------------------------------------------------------- /src/test/resources/1.4/valid-metadata-supplier-1.4.textproto: -------------------------------------------------------------------------------- 1 | spec_version: "1.4" 2 | version: 1 3 | serial_number: "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79" 4 | metadata { 5 | supplier { 6 | name: "Acme, Inc." 7 | url: "https://example.com" 8 | contact { 9 | name: "Acme Distribution" 10 | email: "distribution@example.com" 11 | } 12 | } 13 | } 14 | -------------------------------------------------------------------------------- /src/test/resources/1.4/valid-metadata-supplier-1.4.xml: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | Acme, Inc. 6 | https://example.com 7 | 8 | Acme Distribution 9 | distribution@example.com 10 | 11 | 12 | 13 | 14 | 15 | -------------------------------------------------------------------------------- /src/test/resources/1.4/valid-metadata-timestamp-1.4.json: -------------------------------------------------------------------------------- 1 | { 2 | "bomFormat": "CycloneDX", 3 | "specVersion": "1.4", 4 | "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", 5 | "version": 1, 6 | "metadata": { 7 | "timestamp": "2020-04-13T20:20:39+00:00" 8 | }, 9 | "components": [] 10 | } 11 | -------------------------------------------------------------------------------- /src/test/resources/1.4/valid-metadata-timestamp-1.4.textproto: -------------------------------------------------------------------------------- 1 | spec_version: "1.4" 2 | version: 1 3 | serial_number: "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79" 4 | metadata { 5 | timestamp { 6 | seconds: 3173618478 7 | nanos: 3 8 | } 9 | } 10 | -------------------------------------------------------------------------------- /src/test/resources/1.4/valid-metadata-timestamp-1.4.xml: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 2020-04-07T07:01:00Z 5 | 6 | 7 | 8 | -------------------------------------------------------------------------------- /src/test/resources/1.4/valid-metadata-tool-1.4.textproto: -------------------------------------------------------------------------------- 1 | spec_version: "1.4" 2 | version: 1 3 | serial_number: "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79" 4 | metadata { 5 | tools { 6 | vendor: "Awesome Vendor" 7 | name: "Awesome Tool" 8 | version: "9.1.2" 9 | hashes { 10 | alg: HASH_ALG_SHA_1 11 | value: "25ed8e31b995bb927966616df2a42b979a2717f0" 12 | } 13 | hashes { 14 | alg: HASH_ALG_SHA_256 15 | value: "a74f733635a19aefb1f73e5947cef59cd7440c6952ef0f03d09d974274cbd6df" 16 | } 17 | } 18 | } 19 | -------------------------------------------------------------------------------- /src/test/resources/1.4/valid-minimal-viable-1.4.json: -------------------------------------------------------------------------------- 1 | { 2 | "bomFormat": "CycloneDX", 3 | "specVersion": "1.4", 4 | "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", 5 | "version": 1, 6 | "components": [ 7 | { 8 | "type": "library", 9 | "name": "acme-library" 10 | } 11 | ] 12 | } 13 | -------------------------------------------------------------------------------- /src/test/resources/1.4/valid-minimal-viable-1.4.textproto: -------------------------------------------------------------------------------- 1 | spec_version: "1.4" 2 | version: 1 3 | serial_number: "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79" 4 | components { 5 | type: CLASSIFICATION_LIBRARY 6 | name: "acme-library" 7 | } 8 | -------------------------------------------------------------------------------- /src/test/resources/1.4/valid-minimal-viable-1.4.xml: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | acme-library 6 | 7 | 8 | 9 | -------------------------------------------------------------------------------- /src/test/resources/1.4/valid-service-empty-objects-1.4.json: -------------------------------------------------------------------------------- 1 | { 2 | "bomFormat": "CycloneDX", 3 | "specVersion": "1.4", 4 | "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", 5 | "version": 1, 6 | "services": [ 7 | { 8 | "bom-ref": "b2a46a4b-8367-4bae-9820-95557cfe03a8", 9 | "provider": { 10 | "contact": [ 11 | ] 12 | }, 13 | "name": "Stock ticker service", 14 | "endpoints": [ 15 | ], 16 | "data": [ 17 | ], 18 | "externalReferences": [ 19 | ] 20 | } 21 | ] 22 | } 23 | -------------------------------------------------------------------------------- /src/test/resources/1.4/valid-service-empty-objects-1.4.textproto: -------------------------------------------------------------------------------- 1 | spec_version: "1.4" 2 | version: 1 3 | serial_number: "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79" 4 | services { 5 | bom_ref: "b2a46a4b-8367-4bae-9820-95557cfe03a8" 6 | provider { 7 | } 8 | name: "Stock ticker service" 9 | } 10 | -------------------------------------------------------------------------------- /src/test/resources/1.4/valid-service-empty-objects-1.4.xml: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | 7 | Stock ticker service 8 | 9 | 10 | 11 | 12 | 13 | 14 | 15 | 16 | 17 | -------------------------------------------------------------------------------- /src/test/resources/1.5/invalid-bomformat-1.5.json: -------------------------------------------------------------------------------- 1 | { 2 | "bomFormat": "AnotherFormat", 3 | "specVersion": "1.5", 4 | "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", 5 | "version": 1, 6 | "components": [ 7 | ] 8 | } 9 | -------------------------------------------------------------------------------- /src/test/resources/1.5/invalid-component-ref-1.5.json: -------------------------------------------------------------------------------- 1 | { 2 | "bomFormat": "CycloneDX", 3 | "specVersion": "1.5", 4 | "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", 5 | "version": 1, 6 | "components": [ 7 | { 8 | "type": "library", 9 | "bom-ref": "123", 10 | "name": "acme-library", 11 | "version": "1.0.0" 12 | }, 13 | { 14 | "type": "library", 15 | "bom-ref": "123", 16 | "name": "acme-library", 17 | "version": "1.0.0" 18 | } 19 | ] 20 | } 21 | -------------------------------------------------------------------------------- /src/test/resources/1.5/invalid-component-swid-1.5.json: -------------------------------------------------------------------------------- 1 | { 2 | "bomFormat": "CycloneDX", 3 | "specVersion": "1.5", 4 | "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", 5 | "version": 1, 6 | "components": [ 7 | { 8 | "type": "application", 9 | "author": "Acme Super Heros", 10 | "name": "Acme Application", 11 | "version": "9.1.1", 12 | "swid": { 13 | "name": "Acme Application", 14 | "version": "9.1.1" 15 | } 16 | } 17 | ] 18 | } 19 | -------------------------------------------------------------------------------- /src/test/resources/1.5/invalid-component-swid-1.5.xml: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | Acme Super Heros 6 | Acme Application 7 | 9.1.1 8 | 9 | 10 | 11 | 12 | -------------------------------------------------------------------------------- /src/test/resources/1.5/invalid-component-type-1.5.json: -------------------------------------------------------------------------------- 1 | { 2 | "bomFormat": "CycloneDX", 3 | "specVersion": "1.5", 4 | "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", 5 | "version": 1, 6 | "components": [ 7 | { 8 | "type": "foo", 9 | "name": "acme-library", 10 | "version": "1.0.0" 11 | } 12 | ] 13 | } 14 | -------------------------------------------------------------------------------- /src/test/resources/1.5/invalid-component-type-1.5.xml: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | acme-library 6 | 1.0.0 7 | 8 | 9 | 10 | -------------------------------------------------------------------------------- /src/test/resources/1.5/invalid-empty-component-1.5.json: -------------------------------------------------------------------------------- 1 | { 2 | "bomFormat": "CycloneDX", 3 | "specVersion": "1.5", 4 | "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", 5 | "version": 1, 6 | "components": [ 7 | { 8 | "type": "library" 9 | } 10 | ] 11 | } 12 | -------------------------------------------------------------------------------- /src/test/resources/1.5/invalid-empty-component-1.5.xml: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | -------------------------------------------------------------------------------- /src/test/resources/1.5/invalid-license-id-1.5.json: -------------------------------------------------------------------------------- 1 | { 2 | "bomFormat": "CycloneDX", 3 | "specVersion": "1.5", 4 | "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", 5 | "version": 1, 6 | "components": [ 7 | { 8 | "type": "library", 9 | "publisher": "Acme Inc", 10 | "group": "com.acme", 11 | "name": "tomcat-catalina", 12 | "version": "9.0.14", 13 | "licenses": [ 14 | { 15 | "license": { 16 | "id": "Apache-2" 17 | } 18 | } 19 | ] 20 | } 21 | ] 22 | } 23 | -------------------------------------------------------------------------------- /src/test/resources/1.5/invalid-metadata-license-1.5.json: -------------------------------------------------------------------------------- 1 | { 2 | "bomFormat": "CycloneDX", 3 | "specVersion": "1.5", 4 | "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", 5 | "version": 1, 6 | "metadata": { 7 | "licenses": [ 8 | { 9 | "license": { 10 | "id": "Apache-2" 11 | } 12 | } 13 | ] 14 | }, 15 | "components": [] 16 | } 17 | -------------------------------------------------------------------------------- /src/test/resources/1.5/invalid-metadata-license-1.5.xml: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | Apache-2 7 | 8 | 9 | 10 | 11 | -------------------------------------------------------------------------------- /src/test/resources/1.5/invalid-metadata-timestamp-1.5.json: -------------------------------------------------------------------------------- 1 | { 2 | "bomFormat": "CycloneDX", 3 | "specVersion": "1.5", 4 | "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", 5 | "version": 1, 6 | "metadata": { 7 | "timestamp": "2020-04-13" 8 | }, 9 | "components": [] 10 | } 11 | -------------------------------------------------------------------------------- /src/test/resources/1.5/invalid-metadata-timestamp-1.5.xml: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 2020-04-07 5 | 6 | 7 | 8 | -------------------------------------------------------------------------------- /src/test/resources/1.5/invalid-missing-component-type-1.5.json: -------------------------------------------------------------------------------- 1 | { 2 | "bomFormat": "CycloneDX", 3 | "specVersion": "1.5", 4 | "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", 5 | "version": 1, 6 | "components": [ 7 | { 8 | "name": "acme-library", 9 | "version": "1.0.0" 10 | } 11 | ] 12 | } 13 | -------------------------------------------------------------------------------- /src/test/resources/1.5/invalid-missing-component-type-1.5.xml: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | acme-library 6 | 1.0.0 7 | 8 | 9 | 10 | -------------------------------------------------------------------------------- /src/test/resources/1.5/invalid-scope-1.5.json: -------------------------------------------------------------------------------- 1 | { 2 | "bomFormat": "CycloneDX", 3 | "specVersion": "1.5", 4 | "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", 5 | "version": 1, 6 | "components": [ 7 | { 8 | "type": "library", 9 | "name": "acme-library", 10 | "version": "1.0.0", 11 | "scope": "foo" 12 | } 13 | ] 14 | } 15 | -------------------------------------------------------------------------------- /src/test/resources/1.5/invalid-scope-1.5.xml: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | acme-library 6 | 1.0.0 7 | foo 8 | 9 | 10 | 11 | -------------------------------------------------------------------------------- /src/test/resources/1.5/invalid-serialnumber-1.5.json: -------------------------------------------------------------------------------- 1 | { 2 | "bomFormat": "CycloneDX", 3 | "specVersion": "1.5", 4 | "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f", 5 | "version": 1, 6 | "components": [ 7 | ] 8 | } 9 | -------------------------------------------------------------------------------- /src/test/resources/1.5/invalid-service-data-1.5.json: -------------------------------------------------------------------------------- 1 | { 2 | "bomFormat": "CycloneDX", 3 | "specVersion": "1.5", 4 | "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", 5 | "version": 1, 6 | "services": [ 7 | { 8 | "bom-ref": "b2a46a4b-8367-4bae-9820-95557cfe03a8", 9 | "name": "Stock ticker service", 10 | "authenticated": true, 11 | "x-trust-boundary": true, 12 | "data": [ 13 | { 14 | "classification": "foo", 15 | "flow": "bar" 16 | } 17 | ] 18 | } 19 | ] 20 | } 21 | -------------------------------------------------------------------------------- /src/test/resources/1.5/invalid-service-data-1.5.xml: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | Stock ticker service 6 | 7 | bar 8 | 9 | 10 | 11 | 12 | -------------------------------------------------------------------------------- /src/test/resources/1.5/valid-assembly-1.5.textproto: -------------------------------------------------------------------------------- 1 | spec_version: "1.5" 2 | version: 1 3 | serial_number: "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79" 4 | components { 5 | type: CLASSIFICATION_LIBRARY 6 | name: "acme-library-a" 7 | version: "1.0.0" 8 | components { 9 | type: CLASSIFICATION_LIBRARY 10 | name: "acme-library-b" 11 | version: "2.0.0" 12 | } 13 | } 14 | services { 15 | name: "acme-service-a" 16 | services { 17 | name: "acme-service-b" 18 | } 19 | } 20 | -------------------------------------------------------------------------------- /src/test/resources/1.5/valid-component-ref-1.5.json: -------------------------------------------------------------------------------- 1 | { 2 | "bomFormat": "CycloneDX", 3 | "specVersion": "1.5", 4 | "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", 5 | "version": 1, 6 | "components": [ 7 | { 8 | "type": "library", 9 | "bom-ref": "123", 10 | "name": "acme-library", 11 | "version": "1.0.0" 12 | }, 13 | { 14 | "type": "library", 15 | "bom-ref": "456", 16 | "name": "acme-library", 17 | "version": "1.0.0" 18 | } 19 | ] 20 | } 21 | -------------------------------------------------------------------------------- /src/test/resources/1.5/valid-component-ref-1.5.textproto: -------------------------------------------------------------------------------- 1 | spec_version: "1.5" 2 | version: 1 3 | serial_number: "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79" 4 | components { 5 | type: CLASSIFICATION_LIBRARY 6 | bom_ref: "123" 7 | name: "acme-library" 8 | version: "1.0.0" 9 | } 10 | components { 11 | type: CLASSIFICATION_LIBRARY 12 | bom_ref: "456" 13 | name: "acme-library" 14 | version: "1.0.0" 15 | } 16 | -------------------------------------------------------------------------------- /src/test/resources/1.5/valid-component-swid-1.5.json: -------------------------------------------------------------------------------- 1 | { 2 | "bomFormat": "CycloneDX", 3 | "specVersion": "1.5", 4 | "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", 5 | "version": 1, 6 | "components": [ 7 | { 8 | "type": "application", 9 | "author": "Acme Super Heros", 10 | "name": "Acme Application", 11 | "version": "9.1.1", 12 | "swid": { 13 | "tagId": "swidgen-242eb18a-503e-ca37-393b-cf156ef09691_9.1.1", 14 | "name": "Acme Application", 15 | "version": "9.1.1" 16 | } 17 | } 18 | ] 19 | } 20 | -------------------------------------------------------------------------------- /src/test/resources/1.5/valid-component-swid-1.5.textproto: -------------------------------------------------------------------------------- 1 | spec_version: "1.5" 2 | version: 1 3 | serial_number: "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79" 4 | components { 5 | type: CLASSIFICATION_APPLICATION 6 | author: "Acme Super Heros" 7 | name: "Acme Application" 8 | version: "9.1.1" 9 | swid { 10 | tag_id: "swidgen-242eb18a-503e-ca37-393b-cf156ef09691_9.1.1" 11 | name: "Acme Application" 12 | version: "9.1.1" 13 | } 14 | } 15 | -------------------------------------------------------------------------------- /src/test/resources/1.5/valid-component-swid-1.5.xml: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | Acme Super Heros 6 | Acme Application 7 | 9.1.1 8 | 9 | 10 | 11 | 12 | -------------------------------------------------------------------------------- /src/test/resources/1.5/valid-empty-components-1.5.json: -------------------------------------------------------------------------------- 1 | { 2 | "bomFormat": "CycloneDX", 3 | "specVersion": "1.5", 4 | "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", 5 | "version": 1, 6 | "components": [ 7 | ] 8 | } 9 | -------------------------------------------------------------------------------- /src/test/resources/1.5/valid-empty-components-1.5.textproto: -------------------------------------------------------------------------------- 1 | spec_version: "1.5" 2 | version: 1 3 | serial_number: "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79" 4 | -------------------------------------------------------------------------------- /src/test/resources/1.5/valid-empty-components-1.5.xml: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | -------------------------------------------------------------------------------- /src/test/resources/1.5/valid-license-expression-1.5.json: -------------------------------------------------------------------------------- 1 | { 2 | "bomFormat": "CycloneDX", 3 | "specVersion": "1.5", 4 | "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", 5 | "version": 1, 6 | "components": [ 7 | { 8 | "type": "library", 9 | "publisher": "Acme Inc", 10 | "group": "com.acme", 11 | "name": "tomcat-catalina", 12 | "version": "9.0.14", 13 | "licenses": [ 14 | { 15 | "expression": "EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0" 16 | } 17 | ] 18 | } 19 | ] 20 | } 21 | -------------------------------------------------------------------------------- /src/test/resources/1.5/valid-license-expression-1.5.textproto: -------------------------------------------------------------------------------- 1 | spec_version: "1.5" 2 | version: 1 3 | serial_number: "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79" 4 | components { 5 | type: CLASSIFICATION_LIBRARY 6 | publisher: "Acme Inc" 7 | group: "com.acme" 8 | name: "tomcat-catalina" 9 | version: "9.0.14" 10 | licenses { 11 | expression: "EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0" 12 | } 13 | } 14 | -------------------------------------------------------------------------------- /src/test/resources/1.5/valid-license-id-1.5.json: -------------------------------------------------------------------------------- 1 | { 2 | "bomFormat": "CycloneDX", 3 | "specVersion": "1.5", 4 | "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", 5 | "version": 1, 6 | "components": [ 7 | { 8 | "type": "library", 9 | "publisher": "Acme Inc", 10 | "group": "com.acme", 11 | "name": "tomcat-catalina", 12 | "version": "9.0.14", 13 | "licenses": [ 14 | { 15 | "license": { 16 | "id": "Apache-2.0" 17 | } 18 | } 19 | ] 20 | } 21 | ] 22 | } 23 | -------------------------------------------------------------------------------- /src/test/resources/1.5/valid-license-id-1.5.textproto: -------------------------------------------------------------------------------- 1 | spec_version: "1.5" 2 | version: 1 3 | serial_number: "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79" 4 | components { 5 | type: CLASSIFICATION_LIBRARY 6 | publisher: "Acme Inc" 7 | group: "com.acme" 8 | name: "tomcat-catalina" 9 | version: "9.0.14" 10 | licenses { 11 | license { 12 | id: "Apache-2.0" 13 | } 14 | } 15 | } 16 | -------------------------------------------------------------------------------- /src/test/resources/1.5/valid-license-name-1.5.json: -------------------------------------------------------------------------------- 1 | { 2 | "bomFormat": "CycloneDX", 3 | "specVersion": "1.5", 4 | "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", 5 | "version": 1, 6 | "components": [ 7 | { 8 | "type": "library", 9 | "publisher": "Acme Inc", 10 | "group": "com.acme", 11 | "name": "tomcat-catalina", 12 | "version": "9.0.14", 13 | "licenses": [ 14 | { 15 | "license": { 16 | "name": "Apache License 2.0" 17 | } 18 | } 19 | ] 20 | } 21 | ] 22 | } 23 | -------------------------------------------------------------------------------- /src/test/resources/1.5/valid-license-name-1.5.textproto: -------------------------------------------------------------------------------- 1 | spec_version: "1.5" 2 | version: 1 3 | serial_number: "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79" 4 | components { 5 | type: CLASSIFICATION_LIBRARY 6 | publisher: "Acme Inc" 7 | group: "com.acme" 8 | name: "tomcat-catalina" 9 | version: "9.0.14" 10 | licenses { 11 | license { 12 | name: "Apache License 2.0" 13 | } 14 | } 15 | } 16 | -------------------------------------------------------------------------------- /src/test/resources/1.5/valid-metadata-author-1.5.json: -------------------------------------------------------------------------------- 1 | { 2 | "bomFormat": "CycloneDX", 3 | "specVersion": "1.5", 4 | "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", 5 | "version": 1, 6 | "metadata": { 7 | "authors": [ 8 | { 9 | "name": "Samantha Wright", 10 | "email": "samantha.wright@example.com", 11 | "phone": "800-555-1212" 12 | } 13 | ] 14 | }, 15 | "components": [] 16 | } 17 | -------------------------------------------------------------------------------- /src/test/resources/1.5/valid-metadata-author-1.5.textproto: -------------------------------------------------------------------------------- 1 | spec_version: "1.5" 2 | version: 1 3 | serial_number: "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79" 4 | metadata { 5 | authors { 6 | name: "Samantha Wright" 7 | email: "samantha.wright@example.com" 8 | phone: "800-555-1212" 9 | } 10 | } 11 | -------------------------------------------------------------------------------- /src/test/resources/1.5/valid-metadata-author-1.5.xml: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | Samantha Wright 7 | samantha.wright@example.com 8 | 800-555-1212 9 | 10 | 11 | 12 | 13 | 14 | -------------------------------------------------------------------------------- /src/test/resources/1.5/valid-metadata-license-1.5.json: -------------------------------------------------------------------------------- 1 | { 2 | "bomFormat": "CycloneDX", 3 | "specVersion": "1.5", 4 | "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", 5 | "version": 1, 6 | "metadata": { 7 | "licenses": [ 8 | { 9 | "license": { 10 | "id": "Apache-2.0" 11 | } 12 | } 13 | ] 14 | }, 15 | "components": [] 16 | } 17 | -------------------------------------------------------------------------------- /src/test/resources/1.5/valid-metadata-license-1.5.textproto: -------------------------------------------------------------------------------- 1 | spec_version: "1.5" 2 | version: 1 3 | serial_number: "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79" 4 | metadata { 5 | licenses { 6 | license { 7 | id: "Apache-2.0" 8 | } 9 | } 10 | } 11 | -------------------------------------------------------------------------------- /src/test/resources/1.5/valid-metadata-license-1.5.xml: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | Apache-2.0 7 | 8 | 9 | 10 | 11 | -------------------------------------------------------------------------------- /src/test/resources/1.5/valid-metadata-lifecycle-1.5.json: -------------------------------------------------------------------------------- 1 | { 2 | "bomFormat": "CycloneDX", 3 | "specVersion": "1.5", 4 | "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", 5 | "version": 1, 6 | "metadata": { 7 | "lifecycles": [ 8 | { 9 | "phase": "build" 10 | }, 11 | { 12 | "phase": "post-build" 13 | }, 14 | { 15 | "name": "platform-integration-testing", 16 | "description": "Integration testing specific to the runtime platform" 17 | } 18 | ] 19 | }, 20 | "components": [] 21 | } 22 | -------------------------------------------------------------------------------- /src/test/resources/1.5/valid-metadata-lifecycle-1.5.textproto: -------------------------------------------------------------------------------- 1 | spec_version: "1.5" 2 | version: 1 3 | serial_number: "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79" 4 | metadata { 5 | lifecycles [ 6 | { 7 | phase: LIFECYCLE_PHASE_BUILD 8 | }, 9 | { 10 | phase: LIFECYCLE_PHASE_POST_BUILD 11 | }, 12 | { 13 | name: "platform-integration-testing" 14 | description: "Integration testing specific to the runtime platform" 15 | } 16 | ] 17 | } 18 | -------------------------------------------------------------------------------- /src/test/resources/1.5/valid-metadata-manufacture-1.5.json: -------------------------------------------------------------------------------- 1 | { 2 | "bomFormat": "CycloneDX", 3 | "specVersion": "1.5", 4 | "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", 5 | "version": 1, 6 | "metadata": { 7 | "manufacture": { 8 | "name": "Acme, Inc.", 9 | "url": [ 10 | "https://example.com" 11 | ], 12 | "contact": [ 13 | { 14 | "name": "Acme Professional Services", 15 | "email": "professional.services@example.com" 16 | } 17 | ] 18 | } 19 | }, 20 | "components": [] 21 | } 22 | -------------------------------------------------------------------------------- /src/test/resources/1.5/valid-metadata-manufacture-1.5.textproto: -------------------------------------------------------------------------------- 1 | spec_version: "1.5" 2 | version: 1 3 | serial_number: "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79" 4 | metadata { 5 | manufacture { 6 | name: "Acme, Inc." 7 | url: "https://example.com" 8 | contact { 9 | name: "Acme Professional Services" 10 | email: "professional.services@example.com" 11 | } 12 | } 13 | } 14 | -------------------------------------------------------------------------------- /src/test/resources/1.5/valid-metadata-manufacture-1.5.xml: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | Acme, Inc. 6 | https://example.com 7 | 8 | Acme Professional Services 9 | professional.services@example.com 10 | 11 | 12 | 13 | 14 | 15 | -------------------------------------------------------------------------------- /src/test/resources/1.5/valid-metadata-supplier-1.5.json: -------------------------------------------------------------------------------- 1 | { 2 | "bomFormat": "CycloneDX", 3 | "specVersion": "1.5", 4 | "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", 5 | "version": 1, 6 | "metadata": { 7 | "supplier": { 8 | "name": "Acme, Inc.", 9 | "url": [ 10 | "https://example.com" 11 | ], 12 | "contact": [ 13 | { 14 | "name": "Acme Distribution", 15 | "email": "distribution@example.com" 16 | } 17 | ] 18 | } 19 | }, 20 | "components": [] 21 | } 22 | -------------------------------------------------------------------------------- /src/test/resources/1.5/valid-metadata-supplier-1.5.textproto: -------------------------------------------------------------------------------- 1 | spec_version: "1.5" 2 | version: 1 3 | serial_number: "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79" 4 | metadata { 5 | supplier { 6 | name: "Acme, Inc." 7 | url: "https://example.com" 8 | contact { 9 | name: "Acme Distribution" 10 | email: "distribution@example.com" 11 | } 12 | } 13 | } 14 | -------------------------------------------------------------------------------- /src/test/resources/1.5/valid-metadata-supplier-1.5.xml: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | Acme, Inc. 6 | https://example.com 7 | 8 | Acme Distribution 9 | distribution@example.com 10 | 11 | 12 | 13 | 14 | 15 | -------------------------------------------------------------------------------- /src/test/resources/1.5/valid-metadata-timestamp-1.5.json: -------------------------------------------------------------------------------- 1 | { 2 | "bomFormat": "CycloneDX", 3 | "specVersion": "1.5", 4 | "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", 5 | "version": 1, 6 | "metadata": { 7 | "timestamp": "2020-04-13T20:20:39+00:00" 8 | }, 9 | "components": [] 10 | } 11 | -------------------------------------------------------------------------------- /src/test/resources/1.5/valid-metadata-timestamp-1.5.textproto: -------------------------------------------------------------------------------- 1 | spec_version: "1.5" 2 | version: 1 3 | serial_number: "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79" 4 | metadata { 5 | timestamp { 6 | seconds: 3173618478 7 | nanos: 3 8 | } 9 | } 10 | -------------------------------------------------------------------------------- /src/test/resources/1.5/valid-metadata-timestamp-1.5.xml: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 2020-04-07T07:01:00Z 5 | 6 | 7 | 8 | -------------------------------------------------------------------------------- /src/test/resources/1.5/valid-metadata-tool-1.5.textproto: -------------------------------------------------------------------------------- 1 | spec_version: "1.5" 2 | version: 1 3 | serial_number: "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79" 4 | metadata { 5 | tools { 6 | vendor: "Awesome Vendor" 7 | name: "Awesome Tool" 8 | version: "9.1.2" 9 | hashes { 10 | alg: HASH_ALG_SHA_1 11 | value: "25ed8e31b995bb927966616df2a42b979a2717f0" 12 | } 13 | hashes { 14 | alg: HASH_ALG_SHA_256 15 | value: "a74f733635a19aefb1f73e5947cef59cd7440c6952ef0f03d09d974274cbd6df" 16 | } 17 | } 18 | } 19 | -------------------------------------------------------------------------------- /src/test/resources/1.5/valid-metadata-tool-deprecated-1.5.textproto: -------------------------------------------------------------------------------- 1 | spec_version: "1.5" 2 | version: 1 3 | serial_number: "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79" 4 | metadata { 5 | tools { 6 | vendor: "Awesome Vendor" 7 | name: "Awesome Tool" 8 | version: "9.1.2" 9 | hashes { 10 | alg: HASH_ALG_SHA_1 11 | value: "25ed8e31b995bb927966616df2a42b979a2717f0" 12 | } 13 | hashes { 14 | alg: HASH_ALG_SHA_256 15 | value: "a74f733635a19aefb1f73e5947cef59cd7440c6952ef0f03d09d974274cbd6df" 16 | } 17 | } 18 | } 19 | -------------------------------------------------------------------------------- /src/test/resources/1.5/valid-minimal-viable-1.5.json: -------------------------------------------------------------------------------- 1 | { 2 | "bomFormat": "CycloneDX", 3 | "specVersion": "1.5", 4 | "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", 5 | "version": 1, 6 | "components": [ 7 | { 8 | "type": "library", 9 | "name": "acme-library" 10 | } 11 | ] 12 | } 13 | -------------------------------------------------------------------------------- /src/test/resources/1.5/valid-minimal-viable-1.5.textproto: -------------------------------------------------------------------------------- 1 | spec_version: "1.5" 2 | version: 1 3 | serial_number: "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79" 4 | components { 5 | type: CLASSIFICATION_LIBRARY 6 | name: "acme-library" 7 | } 8 | -------------------------------------------------------------------------------- /src/test/resources/1.5/valid-minimal-viable-1.5.xml: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | acme-library 6 | 7 | 8 | 9 | -------------------------------------------------------------------------------- /src/test/resources/1.5/valid-service-empty-objects-1.5.json: -------------------------------------------------------------------------------- 1 | { 2 | "bomFormat": "CycloneDX", 3 | "specVersion": "1.5", 4 | "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", 5 | "version": 1, 6 | "services": [ 7 | { 8 | "bom-ref": "b2a46a4b-8367-4bae-9820-95557cfe03a8", 9 | "provider": { 10 | "contact": [ 11 | ] 12 | }, 13 | "name": "Stock ticker service", 14 | "endpoints": [ 15 | ], 16 | "data": [ 17 | ], 18 | "externalReferences": [ 19 | ] 20 | } 21 | ] 22 | } 23 | -------------------------------------------------------------------------------- /src/test/resources/1.5/valid-service-empty-objects-1.5.textproto: -------------------------------------------------------------------------------- 1 | spec_version: "1.5" 2 | version: 1 3 | serial_number: "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79" 4 | services { 5 | bom_ref: "b2a46a4b-8367-4bae-9820-95557cfe03a8" 6 | provider { 7 | } 8 | name: "Stock ticker service" 9 | } 10 | -------------------------------------------------------------------------------- /src/test/resources/1.5/valid-service-empty-objects-1.5.xml: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | 7 | Stock ticker service 8 | 9 | 10 | 11 | 12 | 13 | 14 | 15 | 16 | 17 | -------------------------------------------------------------------------------- /src/test/resources/1.6/invalid-bomformat-1.6.json: -------------------------------------------------------------------------------- 1 | { 2 | "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", 3 | "bomFormat": "AnotherFormat", 4 | "specVersion": "1.6", 5 | "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", 6 | "version": 1, 7 | "components": [ 8 | ] 9 | } 10 | -------------------------------------------------------------------------------- /src/test/resources/1.6/invalid-component-ref-1.6.json: -------------------------------------------------------------------------------- 1 | { 2 | "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", 3 | "bomFormat": "CycloneDX", 4 | "specVersion": "1.6", 5 | "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", 6 | "version": 1, 7 | "components": [ 8 | { 9 | "type": "library", 10 | "bom-ref": "123", 11 | "name": "acme-library", 12 | "version": "1.0.0" 13 | }, 14 | { 15 | "type": "library", 16 | "bom-ref": "", 17 | "name": "acme-library", 18 | "version": "1.0.0" 19 | } 20 | ] 21 | } 22 | -------------------------------------------------------------------------------- /src/test/resources/1.6/invalid-component-swid-1.6.json: -------------------------------------------------------------------------------- 1 | { 2 | "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", 3 | "bomFormat": "CycloneDX", 4 | "specVersion": "1.6", 5 | "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", 6 | "version": 1, 7 | "components": [ 8 | { 9 | "type": "application", 10 | "author": "Acme Super Heros", 11 | "name": "Acme Application", 12 | "version": "9.1.1", 13 | "swid": { 14 | "name": "Acme Application", 15 | "version": "9.1.1" 16 | } 17 | } 18 | ] 19 | } 20 | -------------------------------------------------------------------------------- /src/test/resources/1.6/invalid-component-swid-1.6.xml: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | Acme Super Heros 6 | Acme Application 7 | 9.1.1 8 | 9 | 10 | 11 | 12 | -------------------------------------------------------------------------------- /src/test/resources/1.6/invalid-component-type-1.6.json: -------------------------------------------------------------------------------- 1 | { 2 | "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", 3 | "bomFormat": "CycloneDX", 4 | "specVersion": "1.6", 5 | "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", 6 | "version": 1, 7 | "components": [ 8 | { 9 | "type": "foo", 10 | "name": "acme-library", 11 | "version": "1.0.0" 12 | } 13 | ] 14 | } 15 | -------------------------------------------------------------------------------- /src/test/resources/1.6/invalid-component-type-1.6.xml: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | acme-library 6 | 1.0.0 7 | 8 | 9 | 10 | -------------------------------------------------------------------------------- /src/test/resources/1.6/invalid-empty-component-1.6.json: -------------------------------------------------------------------------------- 1 | { 2 | "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", 3 | "bomFormat": "CycloneDX", 4 | "specVersion": "1.6", 5 | "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", 6 | "version": 1, 7 | "components": [ 8 | { 9 | "type": "library" 10 | } 11 | ] 12 | } 13 | -------------------------------------------------------------------------------- /src/test/resources/1.6/invalid-empty-component-1.6.xml: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | -------------------------------------------------------------------------------- /src/test/resources/1.6/invalid-license-id-1.6.json: -------------------------------------------------------------------------------- 1 | { 2 | "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", 3 | "bomFormat": "CycloneDX", 4 | "specVersion": "1.6", 5 | "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", 6 | "version": 1, 7 | "components": [ 8 | { 9 | "type": "library", 10 | "publisher": "Acme Inc", 11 | "group": "com.acme", 12 | "name": "tomcat-catalina", 13 | "version": "9.0.14", 14 | "licenses": [ 15 | { 16 | "license": { 17 | "id": "Apache-2" 18 | } 19 | } 20 | ] 21 | } 22 | ] 23 | } 24 | -------------------------------------------------------------------------------- /src/test/resources/1.6/invalid-license-missing-id-and-name-1.6.json: -------------------------------------------------------------------------------- 1 | { 2 | "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", 3 | "bomFormat": "CycloneDX", 4 | "specVersion": "1.6", 5 | "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", 6 | "version": 1, 7 | "components": [ 8 | { 9 | "type": "library", 10 | "name": "license-with-no-id-nor-name", 11 | "version": "23", 12 | "description": "testcase for issue#288", 13 | "licenses": [ 14 | { 15 | "license": {} 16 | } 17 | ] 18 | } 19 | ] 20 | } 21 | -------------------------------------------------------------------------------- /src/test/resources/1.6/invalid-license-missing-id-and-name-1.6.textproto: -------------------------------------------------------------------------------- 1 | # proto-file: schema/bom-1.6.proto 2 | # proto-message: Bom 3 | 4 | spec_version: "1.6" 5 | version: 1 6 | serial_number: "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79" 7 | components { 8 | type: CLASSIFICATION_LIBRARY 9 | name: "license-with-no-id-nor-name" 10 | version: "23" 11 | description: "testcase for issue#288" 12 | licenses { 13 | license {} 14 | } 15 | } -------------------------------------------------------------------------------- /src/test/resources/1.6/invalid-license-missing-id-and-name-1.6.xml: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | license-with-no-id-nor-name 6 | 23 7 | testcase for issue#288 8 | 9 | 10 | 11 | 12 | 13 | -------------------------------------------------------------------------------- /src/test/resources/1.6/invalid-metadata-license-1.6.json: -------------------------------------------------------------------------------- 1 | { 2 | "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", 3 | "bomFormat": "CycloneDX", 4 | "specVersion": "1.6", 5 | "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", 6 | "version": 1, 7 | "metadata": { 8 | "licenses": [ 9 | { 10 | "license": { 11 | "id": "Apache-2" 12 | } 13 | } 14 | ] 15 | }, 16 | "components": [] 17 | } 18 | -------------------------------------------------------------------------------- /src/test/resources/1.6/invalid-metadata-license-1.6.xml: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | Apache-2 7 | 8 | 9 | 10 | 11 | -------------------------------------------------------------------------------- /src/test/resources/1.6/invalid-metadata-timestamp-1.6.json: -------------------------------------------------------------------------------- 1 | { 2 | "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", 3 | "bomFormat": "CycloneDX", 4 | "specVersion": "1.6", 5 | "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", 6 | "version": 1, 7 | "metadata": { 8 | "timestamp": "2020-04-13" 9 | }, 10 | "components": [] 11 | } 12 | -------------------------------------------------------------------------------- /src/test/resources/1.6/invalid-metadata-timestamp-1.6.xml: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 2020-04-07 5 | 6 | 7 | 8 | -------------------------------------------------------------------------------- /src/test/resources/1.6/invalid-missing-component-type-1.6.json: -------------------------------------------------------------------------------- 1 | { 2 | "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", 3 | "bomFormat": "CycloneDX", 4 | "specVersion": "1.6", 5 | "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", 6 | "version": 1, 7 | "components": [ 8 | { 9 | "name": "acme-library", 10 | "version": "1.0.0" 11 | } 12 | ] 13 | } 14 | -------------------------------------------------------------------------------- /src/test/resources/1.6/invalid-missing-component-type-1.6.xml: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | acme-library 6 | 1.0.0 7 | 8 | 9 | 10 | -------------------------------------------------------------------------------- /src/test/resources/1.6/invalid-scope-1.6.json: -------------------------------------------------------------------------------- 1 | { 2 | "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", 3 | "bomFormat": "CycloneDX", 4 | "specVersion": "1.6", 5 | "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", 6 | "version": 1, 7 | "components": [ 8 | { 9 | "type": "library", 10 | "name": "acme-library", 11 | "version": "1.0.0", 12 | "scope": "foo" 13 | } 14 | ] 15 | } 16 | -------------------------------------------------------------------------------- /src/test/resources/1.6/invalid-scope-1.6.xml: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | acme-library 6 | 1.0.0 7 | foo 8 | 9 | 10 | 11 | -------------------------------------------------------------------------------- /src/test/resources/1.6/invalid-serialnumber-1.6.json: -------------------------------------------------------------------------------- 1 | { 2 | "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", 3 | "bomFormat": "CycloneDX", 4 | "specVersion": "1.6", 5 | "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f", 6 | "version": 1, 7 | "components": [ 8 | ] 9 | } 10 | -------------------------------------------------------------------------------- /src/test/resources/1.6/invalid-service-data-1.6.json: -------------------------------------------------------------------------------- 1 | { 2 | "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", 3 | "bomFormat": "CycloneDX", 4 | "specVersion": "1.6", 5 | "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", 6 | "version": 1, 7 | "services": [ 8 | { 9 | "bom-ref": "b2a46a4b-8367-4bae-9820-95557cfe03a8", 10 | "name": "Stock ticker service", 11 | "authenticated": true, 12 | "x-trust-boundary": true, 13 | "data": [ 14 | { 15 | "classification": "foo", 16 | "flow": "bar" 17 | } 18 | ] 19 | } 20 | ] 21 | } 22 | -------------------------------------------------------------------------------- /src/test/resources/1.6/invalid-service-data-1.6.xml: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | Stock ticker service 6 | 7 | bar 8 | 9 | 10 | 11 | 12 | -------------------------------------------------------------------------------- /src/test/resources/1.6/valid-assembly-1.6.textproto: -------------------------------------------------------------------------------- 1 | # proto-file: schema/bom-1.6.proto 2 | # proto-message: Bom 3 | 4 | spec_version: "1.6" 5 | version: 1 6 | serial_number: "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79" 7 | components { 8 | type: CLASSIFICATION_LIBRARY 9 | name: "acme-library-a" 10 | version: "1.0.0" 11 | components { 12 | type: CLASSIFICATION_LIBRARY 13 | name: "acme-library-b" 14 | version: "2.0.0" 15 | } 16 | } 17 | services { 18 | name: "acme-service-a" 19 | services { 20 | name: "acme-service-b" 21 | } 22 | } 23 | -------------------------------------------------------------------------------- /src/test/resources/1.6/valid-component-ref-1.6.textproto: -------------------------------------------------------------------------------- 1 | # proto-file: schema/bom-1.6.proto 2 | # proto-message: Bom 3 | 4 | spec_version: "1.6" 5 | version: 1 6 | serial_number: "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79" 7 | components { 8 | type: CLASSIFICATION_LIBRARY 9 | bom_ref: "123" 10 | name: "acme-library" 11 | version: "1.0.0" 12 | components { 13 | type: CLASSIFICATION_LIBRARY 14 | bom_ref: "456" 15 | name: "acme-library" 16 | version: "1.0.0" 17 | } 18 | } 19 | components { 20 | type: CLASSIFICATION_LIBRARY 21 | bom_ref: "789" 22 | name: "acme-library" 23 | version: "1.0.0" 24 | } 25 | -------------------------------------------------------------------------------- /src/test/resources/1.6/valid-component-swid-1.6.json: -------------------------------------------------------------------------------- 1 | { 2 | "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", 3 | "bomFormat": "CycloneDX", 4 | "specVersion": "1.6", 5 | "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", 6 | "version": 1, 7 | "components": [ 8 | { 9 | "type": "application", 10 | "author": "Acme Super Heros", 11 | "name": "Acme Application", 12 | "version": "9.1.1", 13 | "swid": { 14 | "tagId": "swidgen-242eb18a-503e-ca37-393b-cf156ef09691_9.1.1", 15 | "name": "Acme Application", 16 | "version": "9.1.1" 17 | } 18 | } 19 | ] 20 | } 21 | -------------------------------------------------------------------------------- /src/test/resources/1.6/valid-component-swid-1.6.textproto: -------------------------------------------------------------------------------- 1 | # proto-file: schema/bom-1.6.proto 2 | # proto-message: Bom 3 | 4 | spec_version: "1.6" 5 | version: 1 6 | serial_number: "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79" 7 | components { 8 | type: CLASSIFICATION_APPLICATION 9 | author: "Acme Super Heros" 10 | name: "Acme Application" 11 | version: "9.1.1" 12 | swid { 13 | tag_id: "swidgen-242eb18a-503e-ca37-393b-cf156ef09691_9.1.1" 14 | name: "Acme Application" 15 | version: "9.1.1" 16 | } 17 | } 18 | -------------------------------------------------------------------------------- /src/test/resources/1.6/valid-component-swid-1.6.xml: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | Acme Super Heros 6 | Acme Application 7 | 9.1.1 8 | 9 | 10 | 11 | 12 | -------------------------------------------------------------------------------- /src/test/resources/1.6/valid-empty-components-1.6.json: -------------------------------------------------------------------------------- 1 | { 2 | "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", 3 | "bomFormat": "CycloneDX", 4 | "specVersion": "1.6", 5 | "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", 6 | "version": 1, 7 | "components": [ 8 | ] 9 | } 10 | -------------------------------------------------------------------------------- /src/test/resources/1.6/valid-empty-components-1.6.textproto: -------------------------------------------------------------------------------- 1 | # proto-file: schema/bom-1.6.proto 2 | # proto-message: Bom 3 | 4 | spec_version: "1.6" 5 | version: 1 6 | serial_number: "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79" 7 | -------------------------------------------------------------------------------- /src/test/resources/1.6/valid-empty-components-1.6.xml: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | -------------------------------------------------------------------------------- /src/test/resources/1.6/valid-metadata-author-1.6.json: -------------------------------------------------------------------------------- 1 | { 2 | "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", 3 | "bomFormat": "CycloneDX", 4 | "specVersion": "1.6", 5 | "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", 6 | "version": 1, 7 | "metadata": { 8 | "authors": [ 9 | { 10 | "name": "Samantha Wright", 11 | "email": "samantha.wright@example.com", 12 | "phone": "800-555-1212" 13 | } 14 | ] 15 | }, 16 | "components": [] 17 | } 18 | -------------------------------------------------------------------------------- /src/test/resources/1.6/valid-metadata-author-1.6.textproto: -------------------------------------------------------------------------------- 1 | # proto-file: schema/bom-1.6.proto 2 | # proto-message: Bom 3 | 4 | spec_version: "1.6" 5 | version: 1 6 | serial_number: "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79" 7 | metadata { 8 | authors { 9 | name: "Samantha Wright" 10 | email: "samantha.wright@example.com" 11 | phone: "800-555-1212" 12 | } 13 | } 14 | -------------------------------------------------------------------------------- /src/test/resources/1.6/valid-metadata-author-1.6.xml: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | Samantha Wright 7 | samantha.wright@example.com 8 | 800-555-1212 9 | 10 | 11 | 12 | 13 | 14 | -------------------------------------------------------------------------------- /src/test/resources/1.6/valid-metadata-license-1.6.json: -------------------------------------------------------------------------------- 1 | { 2 | "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", 3 | "bomFormat": "CycloneDX", 4 | "specVersion": "1.6", 5 | "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", 6 | "version": 1, 7 | "metadata": { 8 | "licenses": [ 9 | { 10 | "license": { 11 | "id": "Apache-2.0" 12 | } 13 | }, 14 | { 15 | "license": { 16 | "name": "My License", 17 | "text": { 18 | "content": "My License Text" 19 | } 20 | } 21 | } 22 | ] 23 | }, 24 | "components": [] 25 | } 26 | -------------------------------------------------------------------------------- /src/test/resources/1.6/valid-metadata-license-1.6.textproto: -------------------------------------------------------------------------------- 1 | # proto-file: schema/bom-1.6.proto 2 | # proto-message: Bom 3 | 4 | spec_version: "1.6" 5 | version: 1 6 | serial_number: "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79" 7 | metadata { 8 | licenses { 9 | license { 10 | id: "Apache-2.0" 11 | } 12 | } 13 | licenses { 14 | license { 15 | name: "My License" 16 | text { 17 | value: "My License Text" 18 | } 19 | } 20 | } 21 | } 22 | -------------------------------------------------------------------------------- /src/test/resources/1.6/valid-metadata-license-1.6.xml: -------------------------------------------------------------------------------- 1 | 2 | 5 | 6 | 7 | 8 | Apache-2.0 9 | 10 | 11 | My License 12 | My License Text 13 | 14 | 15 | 16 | 17 | -------------------------------------------------------------------------------- /src/test/resources/1.6/valid-metadata-lifecycle-1.6.json: -------------------------------------------------------------------------------- 1 | { 2 | "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", 3 | "bomFormat": "CycloneDX", 4 | "specVersion": "1.6", 5 | "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", 6 | "version": 1, 7 | "metadata": { 8 | "lifecycles": [ 9 | { 10 | "phase": "build" 11 | }, 12 | { 13 | "phase": "post-build" 14 | }, 15 | { 16 | "name": "platform-integration-testing", 17 | "description": "Integration testing specific to the runtime platform" 18 | } 19 | ] 20 | }, 21 | "components": [] 22 | } 23 | -------------------------------------------------------------------------------- /src/test/resources/1.6/valid-metadata-lifecycle-1.6.textproto: -------------------------------------------------------------------------------- 1 | # proto-file: schema/bom-1.6.proto 2 | # proto-message: Bom 3 | 4 | spec_version: "1.6" 5 | version: 1 6 | serial_number: "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79" 7 | metadata { 8 | lifecycles [ 9 | { 10 | phase: LIFECYCLE_PHASE_BUILD 11 | }, 12 | { 13 | phase: LIFECYCLE_PHASE_POST_BUILD 14 | }, 15 | { 16 | name: "platform-integration-testing" 17 | description: "Integration testing specific to the runtime platform" 18 | } 19 | ] 20 | } 21 | -------------------------------------------------------------------------------- /src/test/resources/1.6/valid-metadata-manufacture-1.6.textproto: -------------------------------------------------------------------------------- 1 | # proto-file: schema/bom-1.6.proto 2 | # proto-message: Bom 3 | 4 | spec_version: "1.6" 5 | version: 1 6 | serial_number: "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79" 7 | metadata { 8 | manufacture { 9 | name: "Acme, Inc. // deprecated" 10 | url: "https://example.com" 11 | contact { 12 | name: "Acme Professional Services" 13 | email: "professional.services@example.com" 14 | bom_ref: "contact-1" 15 | } 16 | bom_ref: "manufacturer-1" 17 | } 18 | } 19 | -------------------------------------------------------------------------------- /src/test/resources/1.6/valid-metadata-manufacture-1.6.xml: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | Acme, Inc. // deprecated 6 | https://example.com 7 | 8 | Acme Professional Services 9 | professional.services@example.com 10 | 11 | 12 | 13 | 14 | 15 | -------------------------------------------------------------------------------- /src/test/resources/1.6/valid-metadata-manufacturer-1.6.textproto: -------------------------------------------------------------------------------- 1 | # proto-file: schema/bom-1.6.proto 2 | # proto-message: Bom 3 | 4 | spec_version: "1.6" 5 | version: 1 6 | serial_number: "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79" 7 | metadata { 8 | manufacturer { 9 | name: "Acme, Inc." 10 | url: "https://example.com" 11 | contact { 12 | name: "Acme Professional Services" 13 | email: "professional.services@example.com" 14 | bom_ref: "contact-1" 15 | } 16 | bom_ref: "manufacturer-1" 17 | } 18 | } 19 | -------------------------------------------------------------------------------- /src/test/resources/1.6/valid-metadata-manufacturer-1.6.xml: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | Acme, Inc. 6 | https://example.com 7 | 8 | Acme Professional Services 9 | professional.services@example.com 10 | 11 | 12 | 13 | 14 | 15 | -------------------------------------------------------------------------------- /src/test/resources/1.6/valid-metadata-supplier-1.6.textproto: -------------------------------------------------------------------------------- 1 | # proto-file: schema/bom-1.6.proto 2 | # proto-message: Bom 3 | 4 | spec_version: "1.6" 5 | version: 1 6 | serial_number: "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79" 7 | metadata { 8 | supplier { 9 | name: "Acme, Inc." 10 | url: "https://example.com" 11 | contact { 12 | name: "Acme Distribution" 13 | email: "distribution@example.com" 14 | bom_ref: "contact-1" 15 | } 16 | bom_ref: "supplier-1" 17 | } 18 | } 19 | -------------------------------------------------------------------------------- /src/test/resources/1.6/valid-metadata-supplier-1.6.xml: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | Acme, Inc. 6 | https://example.com 7 | 8 | Acme Distribution 9 | distribution@example.com 10 | 11 | 12 | 13 | 14 | 15 | -------------------------------------------------------------------------------- /src/test/resources/1.6/valid-metadata-timestamp-1.6.json: -------------------------------------------------------------------------------- 1 | { 2 | "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", 3 | "bomFormat": "CycloneDX", 4 | "specVersion": "1.6", 5 | "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", 6 | "version": 1, 7 | "metadata": { 8 | "timestamp": "2020-04-13T20:20:39+00:00" 9 | }, 10 | "components": [] 11 | } 12 | -------------------------------------------------------------------------------- /src/test/resources/1.6/valid-metadata-timestamp-1.6.textproto: -------------------------------------------------------------------------------- 1 | # proto-file: schema/bom-1.6.proto 2 | # proto-message: Bom 3 | 4 | spec_version: "1.6" 5 | version: 1 6 | serial_number: "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79" 7 | metadata { 8 | timestamp { 9 | seconds: 1586809239 10 | nanos: 0 11 | } 12 | } 13 | -------------------------------------------------------------------------------- /src/test/resources/1.6/valid-metadata-timestamp-1.6.xml: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 2020-04-13T20:20:39Z 5 | 6 | 7 | 8 | -------------------------------------------------------------------------------- /src/test/resources/1.6/valid-metadata-tool-deprecated-1.6.textproto: -------------------------------------------------------------------------------- 1 | # proto-file: schema/bom-1.6.proto 2 | # proto-message: Bom 3 | 4 | spec_version: "1.6" 5 | version: 1 6 | serial_number: "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79" 7 | metadata { 8 | tools { 9 | vendor: "Awesome Vendor" 10 | name: "Awesome Tool" 11 | version: "9.1.2" 12 | hashes { 13 | alg: HASH_ALG_SHA_1 14 | value: "25ed8e31b995bb927966616df2a42b979a2717f0" 15 | } 16 | hashes { 17 | alg: HASH_ALG_SHA_256 18 | value: "a74f733635a19aefb1f73e5947cef59cd7440c6952ef0f03d09d974274cbd6df" 19 | } 20 | } 21 | } 22 | -------------------------------------------------------------------------------- /src/test/resources/1.6/valid-minimal-viable-1.6.json: -------------------------------------------------------------------------------- 1 | { 2 | "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", 3 | "bomFormat": "CycloneDX", 4 | "specVersion": "1.6", 5 | "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", 6 | "version": 1, 7 | "components": [ 8 | { 9 | "type": "library", 10 | "name": "acme-library" 11 | } 12 | ] 13 | } 14 | -------------------------------------------------------------------------------- /src/test/resources/1.6/valid-minimal-viable-1.6.textproto: -------------------------------------------------------------------------------- 1 | # proto-file: schema/bom-1.6.proto 2 | # proto-message: Bom 3 | 4 | spec_version: "1.6" 5 | version: 1 6 | serial_number: "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79" 7 | components { 8 | type: CLASSIFICATION_LIBRARY 9 | name: "acme-library" 10 | } 11 | -------------------------------------------------------------------------------- /src/test/resources/1.6/valid-minimal-viable-1.6.xml: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | acme-library 6 | 7 | 8 | 9 | -------------------------------------------------------------------------------- /src/test/resources/1.6/valid-service-empty-objects-1.6.json: -------------------------------------------------------------------------------- 1 | { 2 | "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", 3 | "bomFormat": "CycloneDX", 4 | "specVersion": "1.6", 5 | "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", 6 | "version": 1, 7 | "services": [ 8 | { 9 | "bom-ref": "b2a46a4b-8367-4bae-9820-95557cfe03a8", 10 | "provider": { 11 | "contact": [ 12 | ] 13 | }, 14 | "name": "Stock ticker service", 15 | "endpoints": [ 16 | ], 17 | "data": [ 18 | ], 19 | "externalReferences": [ 20 | ] 21 | } 22 | ] 23 | } 24 | -------------------------------------------------------------------------------- /src/test/resources/1.6/valid-service-empty-objects-1.6.textproto: -------------------------------------------------------------------------------- 1 | # proto-file: schema/bom-1.6.proto 2 | # proto-message: Bom 3 | 4 | spec_version: "1.6" 5 | version: 1 6 | serial_number: "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79" 7 | services { 8 | bom_ref: "b2a46a4b-8367-4bae-9820-95557cfe03a8" 9 | provider { 10 | } 11 | name: "Stock ticker service" 12 | } 13 | -------------------------------------------------------------------------------- /src/test/resources/1.6/valid-service-empty-objects-1.6.xml: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | 7 | Stock ticker service 8 | 9 | 10 | 11 | 12 | 13 | 14 | 15 | 16 | 17 | -------------------------------------------------------------------------------- /src/test/resources/1.6/valid-tags-1.6.textproto: -------------------------------------------------------------------------------- 1 | # proto-file: schema/bom-1.6.proto 2 | # proto-message: Bom 3 | 4 | spec_version: "1.6" 5 | version: 1 6 | serial_number: "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79" 7 | components { 8 | type: CLASSIFICATION_LIBRARY 9 | name: "my-json-parser" 10 | version: "1.0" 11 | tags: [ "json-parser", "javascript", "node.js" ] 12 | } 13 | services { 14 | name: "my service" 15 | endpoints: [ "https://example.com/myservice" ] 16 | tags: [ "microservice", "golang", "aws", "us-east-1" ] 17 | } 18 | -------------------------------------------------------------------------------- /src/test/resources/README.txt: -------------------------------------------------------------------------------- 1 | The versioned resource directories (e.g. 1.0, 1.1, 1.2, etc) originate from https://github.com/CycloneDX/specification. 2 | These files test the schema itself to ensure they are valid. 3 | 4 | CycloneDX Core Java leverages this files for both validity tests and deserialization tests. If files are added to these 5 | versioned directories, they should also likely be added to https://github.com/CycloneDX/specification as well. 6 | -------------------------------------------------------------------------------- /src/test/resources/hashtest.txt: -------------------------------------------------------------------------------- 1 | This is a test file 2 | -------------------------------------------------------------------------------- /src/test/resources/regression/issue336.json: -------------------------------------------------------------------------------- 1 | { 2 | "bomFormat" : "CycloneDX", 3 | "specVersion" : "1.4", 4 | "serialNumber": "urn:uuid:1624fa6f-aebe-4dba-8ead-f2c876c9b832", 5 | "version" : 1, 6 | "metadata": { 7 | "component": { 8 | "name": "acme-app", 9 | "properties": [ 10 | { 11 | "name": "foo", 12 | "value": "bar" 13 | } 14 | ] 15 | } 16 | } 17 | } 18 | -------------------------------------------------------------------------------- /src/test/resources/regression/issue336.xml: -------------------------------------------------------------------------------- 1 | 2 | 5 | 6 | 7 | acme-app 8 | 9 | bar 10 | 11 | 12 | 13 | -------------------------------------------------------------------------------- /src/test/resources/regression/issue338-multiple-tools.json: -------------------------------------------------------------------------------- 1 | { 2 | "bomFormat" : "CycloneDX", 3 | "specVersion" : "1.4", 4 | "serialNumber": "urn:uuid:1624fa6f-aebe-4dba-8ead-f2c876c9b832", 5 | "version" : 1, 6 | "metadata": { 7 | "tools": [ 8 | { 9 | "name": "acme-tool-a" 10 | }, 11 | { 12 | "name": "acme-tool-b" 13 | } 14 | ] 15 | } 16 | } -------------------------------------------------------------------------------- /src/test/resources/regression/issue338-single-tool.json: -------------------------------------------------------------------------------- 1 | { 2 | "bomFormat" : "CycloneDX", 3 | "specVersion" : "1.4", 4 | "serialNumber": "urn:uuid:1624fa6f-aebe-4dba-8ead-f2c876c9b832", 5 | "version" : 1, 6 | "metadata": { 7 | "tools": [ 8 | { 9 | "name": "acme-tool-a" 10 | } 11 | ] 12 | } 13 | } -------------------------------------------------------------------------------- /src/test/resources/regression/issue338-single-tool.xml: -------------------------------------------------------------------------------- 1 | 2 | 5 | 6 | 7 | 8 | acme-tool-a 9 | 1.0.0 10 | 11 | 12 | 13 | -------------------------------------------------------------------------------- /src/test/resources/regression/issue343-empty-hashes.json: -------------------------------------------------------------------------------- 1 | { 2 | "bomFormat" : "CycloneDX", 3 | "specVersion" : "1.4", 4 | "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", 5 | "version" : 1, 6 | "components": [ 7 | { 8 | "type": "application", 9 | "name": "acme-app", 10 | "hashes": [] 11 | } 12 | ] 13 | } -------------------------------------------------------------------------------- /src/test/resources/regression/issue343-empty-hashes.xml: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | acme-app 6 | 7 | 8 | 9 | -------------------------------------------------------------------------------- /src/test/resources/regression/issue492.json: -------------------------------------------------------------------------------- 1 | { 2 | "bomFormat":"CycloneDX", 3 | "specVersion":"1.4", 4 | "serialNumber":"urn:uuid:0c81ff2e-d64e-4897-bfa4-2f0f7d8ab767", 5 | "version" : 1, 6 | "metadata" : { 7 | "timestamp":"2024-12-09T21:56:45Z", 8 | "tools": [ 9 | { 10 | "name": "tool-a" 11 | }, 12 | { 13 | "name": "tool-b" 14 | } 15 | ] 16 | } 17 | } -------------------------------------------------------------------------------- /src/test/resources/regression/issue492.xml: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 2024-12-09T21:56:45Z 5 | 6 | 7 | corp A 8 | tool A 9 | 1-A 10 | 11 | 12 | corp B 13 | tool B 14 | 1-B 15 | 16 | 17 | 18 | 19 | -------------------------------------------------------------------------------- /src/test/resources/regression/issue562.json: -------------------------------------------------------------------------------- 1 | { 2 | "bomFormat":"CycloneDX", 3 | "specVersion":"1.6", 4 | "serialNumber":"urn:uuid:0c81ff2e-d64e-4897-bfa4-2f0f7d8ab767", 5 | "version" : 1, 6 | "metadata" : { 7 | "timestamp":"2024-12-09T21:56:45Z", 8 | "tools" : { 9 | "components" : [ { 10 | "type":"application", 11 | "name":"TOOL 1", 12 | "version":"v1" 13 | }, { 14 | "type":"application", 15 | "name":"TOOL 2", 16 | "version":"v2" 17 | } ] 18 | }, 19 | "authors" : [ { 20 | "name":"Author 1" 21 | }, { 22 | "name":"Author 2" 23 | } ] 24 | } 25 | } -------------------------------------------------------------------------------- /src/test/resources/regression/issue571.json: -------------------------------------------------------------------------------- 1 | { 2 | "bomFormat":"CycloneDX", 3 | "specVersion":"1.6", 4 | "serialNumber":"urn:uuid:0c81ff2e-d64e-4897-bfa4-2f0f7d8ab767", 5 | "version" : 1, 6 | "metadata" : { 7 | "timestamp":"2024-12-09T21:56:45Z", 8 | "tools" : { 9 | "components" : [ { 10 | "type":"application", 11 | "name":"TOOL 1", 12 | "version":"v1" 13 | } ] 14 | }, 15 | "authors" : [ { 16 | "name":"Author 1" 17 | }, { 18 | "name":"Author 2" 19 | } ] 20 | } 21 | } --------------------------------------------------------------------------------