{
  "bomFormat": "CycloneDX",
  "specVersion": "1.7",
  "serialNumber": "urn:uuid:00000000-0000-4000-8000-000000000001",
  "version": 1,
  "metadata": {
    "timestamp": "2025-01-01T00:00:00Z",
    "component": {
      "type": "application",
      "name": "demo-app",
      "version": "1.0.0",
      "purl": "pkg:demo/demo-app@1.0.0",
      "hashes": [ { "alg": "SHA-256", "content": "d" } ],
      "evidence": { "properties": [ { "name": "evidence:source", "value": "fixture" } ] }
    },
    "tools": [ { "vendor": "stellaops", "name": "scanner", "version": "0.0.0-fixture" } ]
  },
  "services": [
    {
      "name": "api",
      "properties": [
        { "name": "cbom:ingress", "value": "https" },
        { "name": "cbom:egress", "value": "postgres" }
      ]
    }
  ],
  "components": [
    { "type": "library", "name": "lib-a", "version": "1.2.3", "purl": "pkg:demo/lib-a@1.2.3" },
    { "type": "library", "name": "lib-b", "version": "2.0.0", "purl": "pkg:demo/lib-b@2.0.0" }
  ],
  "vulnerabilities": [
    {
      "id": "CVE-0000-0001",
      "source": { "name": "NVD" },
      "ratings": [
        { "source": { "name": "NVD" }, "method": "CVSSv4", "score": 8.0, "vector": "CVSS:4.0/AV:N/AC:L" },
        { "source": { "name": "NVD" }, "method": "CVSSv3.1", "score": 7.5, "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }
      ]
    }
  ]
}