-
-
Notifications
You must be signed in to change notification settings - Fork 57
/
valid-compositions-1.5.xml
65 lines (65 loc) · 2.39 KB
/
valid-compositions-1.5.xml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
<?xml version="1.0"?>
<bom serialNumber="urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79" version="1" xmlns="http://cyclonedx.org/schema/bom/1.5">
<metadata>
<component type="application" bom-ref="acme-application-1.0">
<name>Acme Application</name>
<version>1.0</version>
</component>
</metadata>
<components>
<component type="library" bom-ref="pkg:maven/partner/shaded-library@1.0">
<name>Partner Shaded Library</name>
<version>1.0</version>
<purl>pkg:maven/partner/shaded-library@1.0</purl>
<components>
<component type="library" bom-ref="pkg:maven/ossproject/library@2.0">
<name>Some Opensource Library</name>
<version>2.0</version>
<purl>pkg:maven/ossproject/library@2.0</purl>
</component>
</components>
</component>
<component type="library" bom-ref="pkg:maven/acme/library@3.0">
<name>Acme Library</name>
<version>2.0</version>
<purl>pkg:maven/acme/library@3.0</purl>
</component>
</components>
<dependencies>
<dependency ref="acme-application-1.0">
<dependency ref="pkg:maven/partner/shaded-library@1.0"/>
<dependency ref="pkg:maven/acme/library@3.0"/>
</dependency>
</dependencies>
<compositions>
<composition bom-ref="composition-1">
<aggregate>complete</aggregate>
<assemblies>
<assembly ref="pkg:maven/partner/shaded-library@1.0"/>
</assemblies>
<dependencies>
<dependency ref="acme-application-1.0"/>
</dependencies>
</composition>
<composition>
<aggregate>unknown</aggregate>
<assemblies>
<assembly ref="pkg:maven/acme/library@3.0"/>
</assemblies>
</composition>
<composition>
<aggregate>incomplete_first_party_only</aggregate>
<assemblies>
<assembly ref="vulnerability-1"/>
</assemblies>
</composition>
</compositions>
<vulnerabilities>
<vulnerability bom-ref="vulnerability-1">
<id>ACME-12345</id>
<source>
<name>Acme Inc</name>
</source>
</vulnerability>
</vulnerabilities>
</bom>