Skip to content

Instantly share code, notes, and snippets.

@schnatterer

schnatterer/cyclone.json

Last active February 10, 2023 20:26
Show Gist options
  • Save schnatterer/e0435f6373fed2baca93b8a962a0b955 to your computer and use it in GitHub Desktop.
Save schnatterer/e0435f6373fed2baca93b8a962a0b955 to your computer and use it in GitHub Desktop.
Download ZIP
Example CycloneDX BOM generated with trivy for testing with Sonatype BOMDr
Raw
cyclone.json
{
"bomFormat": "CycloneDX",
"specVersion": "1.4",
"serialNumber": "urn:uuid:e0fe7df7-1203-4fd9-b7cc-35d9d6f5c2f7",
"version": 1,
"metadata": {
"timestamp": "2023-02-09T07:54:36+00:00",
"tools": [
{
"vendor": "aquasecurity",
"name": "trivy",
"version": "0.37.1"
}
],
"component": {
"bom-ref": "pkg:oci/cert-manager-controller@sha256:51027a4cc4d30e197e3506daf3a4fa2d2a0bc2826469f8a87848dfd279e031c0?repository_url=quay.io%2Fjetstack%2Fcert-manager-controller\u0026arch=amd64",
"type": "container",
"name": "quay.io/jetstack/cert-manager-controller:v1.7.1",
"purl": "pkg:oci/cert-manager-controller@sha256:51027a4cc4d30e197e3506daf3a4fa2d2a0bc2826469f8a87848dfd279e031c0?repository_url=quay.io%2Fjetstack%2Fcert-manager-controller\u0026arch=amd64",
"properties": [
{
"name": "aquasecurity:trivy:SchemaVersion",
"value": "2"
},
{
"name": "aquasecurity:trivy:ImageID",
"value": "sha256:db7725ef729d74e24d51c93f831fa69b22747e67507f6bc2d7c981d16920ff35"
},
{
"name": "aquasecurity:trivy:RepoDigest",
"value": "quay.io/jetstack/cert-manager-controller@sha256:51027a4cc4d30e197e3506daf3a4fa2d2a0bc2826469f8a87848dfd279e031c0"
},
{
"name": "aquasecurity:trivy:DiffID",
"value": "sha256:5b1fa8e3e100361047c8bcd5553ab6329b9c713c1d4eb87a646760329cea5b3a"
},
{
"name": "aquasecurity:trivy:DiffID",
"value": "sha256:e789a7a75905ff6c380a5d4e7a442d35b9de7e65c2bd844ce96fe7c1a1a63cb5"
},
{
"name": "aquasecurity:trivy:DiffID",
"value": "sha256:0948492e0a032fc5e83caab2c51722fbba7a3e0efb8194315052d924f2bc4f79"
},
{
"name": "aquasecurity:trivy:RepoTag",
"value": "quay.io/jetstack/cert-manager-controller:v1.7.1"
}
]
}
},
"components": [
{
"bom-ref": "pkg:deb/debian/base-files@11.1+deb11u2?distro=debian-11.2",
"type": "library",
"name": "base-files",
"version": "11.1+deb11u2",
"licenses": [
{
"expression": "GPL-3.0"
}
],
"purl": "pkg:deb/debian/base-files@11.1+deb11u2?distro=debian-11.2",
"properties": [
{
"name": "aquasecurity:trivy:PkgID",
"value": "base-files@11.1+deb11u2"
},
{
"name": "aquasecurity:trivy:PkgType",
"value": "debian"
},
{
"name": "aquasecurity:trivy:SrcName",
"value": "base-files"
},
{
"name": "aquasecurity:trivy:SrcVersion",
"value": "11.1+deb11u2"
},
{
"name": "aquasecurity:trivy:LayerDigest",
"value": "sha256:2df365faf0e3007f983fadd7a65ba51d41b488eb2ed8fc70f4bf97043cfea560"
},
{
"name": "aquasecurity:trivy:LayerDiffID",
"value": "sha256:5b1fa8e3e100361047c8bcd5553ab6329b9c713c1d4eb87a646760329cea5b3a"
}
]
},
{
"bom-ref": "pkg:deb/debian/netbase@6.3?distro=debian-11.2",
"type": "library",
"name": "netbase",
"version": "6.3",
"licenses": [
{
"expression": "GPL-2.0"
}
],
"purl": "pkg:deb/debian/netbase@6.3?distro=debian-11.2",
"properties": [
{
"name": "aquasecurity:trivy:PkgID",
"value": "netbase@6.3"
},
{
"name": "aquasecurity:trivy:PkgType",
"value": "debian"
},
{
"name": "aquasecurity:trivy:SrcName",
"value": "netbase"
},
{
"name": "aquasecurity:trivy:SrcVersion",
"value": "6.3"
},
{
"name": "aquasecurity:trivy:LayerDigest",
"value": "sha256:2df365faf0e3007f983fadd7a65ba51d41b488eb2ed8fc70f4bf97043cfea560"
},
{
"name": "aquasecurity:trivy:LayerDiffID",
"value": "sha256:5b1fa8e3e100361047c8bcd5553ab6329b9c713c1d4eb87a646760329cea5b3a"
}
]
},
{
"bom-ref": "pkg:deb/debian/tzdata@2021a-1+deb11u2?distro=debian-11.2",
"type": "library",
"name": "tzdata",
"version": "2021a-1+deb11u2",
"purl": "pkg:deb/debian/tzdata@2021a-1+deb11u2?distro=debian-11.2",
"properties": [
{
"name": "aquasecurity:trivy:PkgID",
"value": "tzdata@2021a-1+deb11u2"
},
{
"name": "aquasecurity:trivy:PkgType",
"value": "debian"
},
{
"name": "aquasecurity:trivy:SrcName",
"value": "tzdata"
},
{
"name": "aquasecurity:trivy:SrcVersion",
"value": "2021a-1+deb11u2"
},
{
"name": "aquasecurity:trivy:LayerDigest",
"value": "sha256:2df365faf0e3007f983fadd7a65ba51d41b488eb2ed8fc70f4bf97043cfea560"
},
{
"name": "aquasecurity:trivy:LayerDiffID",
"value": "sha256:5b1fa8e3e100361047c8bcd5553ab6329b9c713c1d4eb87a646760329cea5b3a"
}
]
},
{
"bom-ref": "99a9c11c-e789-469c-a4f4-fce70f8ae3ed",
"type": "operating-system",
"name": "debian",
"version": "11.2",
"properties": [
{
"name": "aquasecurity:trivy:Type",
"value": "debian"
},
{
"name": "aquasecurity:trivy:Class",
"value": "os-pkgs"
}
]
}
],
"dependencies": [
{
"ref": "99a9c11c-e789-469c-a4f4-fce70f8ae3ed",
"dependsOn": [
"pkg:deb/debian/base-files@11.1+deb11u2?distro=debian-11.2",
"pkg:deb/debian/netbase@6.3?distro=debian-11.2",
"pkg:deb/debian/tzdata@2021a-1+deb11u2?distro=debian-11.2"
]
},
{
"ref": "pkg:oci/cert-manager-controller@sha256:51027a4cc4d30e197e3506daf3a4fa2d2a0bc2826469f8a87848dfd279e031c0?repository_url=quay.io%2Fjetstack%2Fcert-manager-controller\u0026arch=amd64",
"dependsOn": [
"99a9c11c-e789-469c-a4f4-fce70f8ae3ed"
]
}
],
"vulnerabilities": []
}
@schnatterer
Copy link
Author

Created with

 docker run --rm  aquasec/trivy:0.37.1 -q image --format=cyclonedx quay.io/jetstack/cert-manager-controller:v1.7.1

@brianf
Copy link

brianf commented Feb 10, 2023

Thanks.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment