git.stella-ops.org/docs/schemas/cyclonedx-bom-1.7.schema.json

{
  "$schema": "http://json-schema.org/draft-07/schema#",
  "$id": "http://cyclonedx.org/schema/bom-1.7.schema.json",
  "type": "object",
  "title": "CycloneDX Bill of Materials Standard",
  "description": "CycloneDX BOM schema for version 1.7",
  "required": ["bomFormat", "specVersion"],
  "properties": {
    "bomFormat": {
      "type": "string",
      "enum": ["CycloneDX"]
    },
    "specVersion": {
      "type": "string",
      "pattern": "^1\\.[0-9]+$"
    },
    "serialNumber": {
      "type": "string",
      "pattern": "^urn:(uuid:[0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{12}|sha256:[0-9a-fA-F]{64})$"
    },
    "version": {
      "type": "integer",
      "minimum": 1
    },
    "metadata": {
      "type": "object",
      "properties": {
        "timestamp": { "type": "string", "format": "date-time" },
        "tools": { "type": "array" },
        "authors": { "type": "array" },
        "component": { "type": "object" },
        "manufacture": { "type": "object" },
        "supplier": { "type": "object" },
        "licenses": { "type": "array" },
        "properties": { "type": "array" }
      }
    },
    "components": {
      "type": "array",
      "items": {
        "type": "object",
        "required": ["type", "name"],
        "properties": {
          "type": { "type": "string" },
          "mime-type": { "type": "string" },
          "bom-ref": { "type": "string" },
          "supplier": { "type": "object" },
          "author": { "type": "string" },
          "publisher": { "type": "string" },
          "group": { "type": "string" },
          "name": { "type": "string" },
          "version": { "type": "string" },
          "description": { "type": "string" },
          "scope": { "type": "string" },
          "hashes": { "type": "array" },
          "licenses": { "type": "array" },
          "copyright": { "type": "string" },
          "cpe": { "type": "string" },
          "purl": { "type": "string" },
          "swid": { "type": "object" },
          "modified": { "type": "boolean" },
          "pedigree": { "type": "object" },
          "externalReferences": { "type": "array" },
          "properties": { "type": "array" },
          "components": { "type": "array" },
          "evidence": { "type": "object" },
          "releaseNotes": { "type": "object" },
          "modelCard": { "type": "object" },
          "data": { "type": "array" },
          "cryptoProperties": { "type": "object" }
        }
      }
    },
    "services": { "type": "array" },
    "externalReferences": { "type": "array" },
    "dependencies": { "type": "array" },
    "compositions": { "type": "array" },
    "vulnerabilities": { "type": "array" },
    "annotations": { "type": "array" },
    "formulation": { "type": "array" },
    "declarations": { "type": "object" },
    "definitions": { "type": "object" },
    "properties": { "type": "array" },
    "signature": { "type": "object" }
  }
}