Add JSON test files from the v1.6 spec. repo.

Signed-off-by: Matt Rutkowski <[email protected]>
CycloneDX · May 3, 2024 · bbbad88 · bbbad88
1 parent 600cd3d
commit bbbad88
Show file tree

Hide file tree

Showing 16 changed files with 1,474 additions and 0 deletions.
diff --git a/test/cyclonedx/1.6/specification/valid-annotation-1.6.json b/test/cyclonedx/1.6/specification/valid-annotation-1.6.json
@@ -0,0 +1,103 @@
+{
+  "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json",
+  "bomFormat": "CycloneDX",
+  "specVersion": "1.6",
+  "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79",
+  "version": 1,
+  "components": [
+    {
+      "bom-ref": "component-a",
+      "type": "library",
+      "name": "Component A",
+      "version": "1.0.0"
+    }
+  ],
+  "annotations": [
+    {
+      "bom-ref": "annotation-1",
+      "subjects": [
+        "component-a"
+      ],
+      "annotator": {
+        "organization": {
+          "name": "Acme, Inc.",
+          "url": [
+            "https://example.com"
+          ],
+          "contact": [
+            {
+              "name": "Acme Professional Services",
+              "email": "[email protected]"
+            }
+          ]
+        }
+      },
+      "timestamp": "2022-01-01T00:00:00Z",
+      "text": "This is a sample annotation made by an organization"
+    },
+    {
+      "bom-ref": "annotation-2",
+      "subjects": [
+        "component-a"
+      ],
+      "annotator": {
+        "individual": {
+          "name": "Samantha Wright",
+          "email": "[email protected]",
+          "phone": "800-555-1212"
+        }
+      },
+      "timestamp": "2022-01-01T00:00:00Z",
+      "text": "This is a sample annotation made by a person"
+    },
+    {
+      "bom-ref": "annotation-3",
+      "subjects": [
+        "component-a"
+      ],
+      "annotator": {
+        "component": {
+          "type": "application",
+          "name": "Awesome Tool",
+          "version": "9.1.2"
+        }
+      },
+      "timestamp": "2022-01-01T00:00:00Z",
+      "text": "This is a sample annotation made by a component"
+    },
+    {
+      "bom-ref": "annotation-4",
+      "subjects": [
+        "component-a"
+      ],
+      "annotator": {
+        "service": {
+          "bom-ref": "b2a46a4b-8367-4bae-9820-95557cfe03a8",
+          "provider": {
+            "name": "Partner Org",
+            "url": [
+              "https://partner.org"
+            ]
+          },
+          "group": "org.partner",
+          "name": "BOM Annotation Service",
+          "version": "2020-Q2",
+          "endpoints": [
+            "https://partner.org/api/v1/inspect",
+            "https://partner.org/api/v1/annotate"
+          ],
+          "authenticated": true,
+          "x-trust-boundary": true,
+          "data": [
+            {
+              "classification": "public",
+              "flow": "bi-directional"
+            }
+          ]
+        }
+      },
+      "timestamp": "2022-01-01T00:00:00Z",
+      "text": "This is a sample annotation made by a service"
+    }
+  ]
+}
diff --git a/test/cyclonedx/1.6/specification/valid-attestation-1.6.json b/test/cyclonedx/1.6/specification/valid-attestation-1.6.json
@@ -0,0 +1,210 @@
+{
+  "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json",
+  "bomFormat": "CycloneDX",
+  "specVersion": "1.6",
+  "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79",
+  "version": 1,
+  "declarations": {
+    "assessors": [
+      {
+        "bom-ref": "assessor-1",
+        "thirdParty": true,
+        "organization": {
+          "name": "Assessors Inc"
+        }
+      }
+    ],
+    "attestations": [
+      {
+        "summary": "Attestation summary here",
+        "assessor": "assessor-1",
+        "map": [
+          {
+            "requirement": "requirement-1",
+            "claims": [ "claim-1" ],
+            "counterClaims": [ "counterClaim-1" ],
+            "conformance": {
+              "score": 0.8,
+              "rationale": "Conformance rationale here",
+              "mitigationStrategies": [ "mitigationStrategy-1" ]
+            },
+            "confidence": {
+              "score": 1,
+              "rationale": "Confidence rationale here"
+            }
+          }
+        ],
+        "signature": {
+          "algorithm": "ES256",
+          "certificatePath": [ "MIIB...", "MIID..." ],
+          "value": "tqIT..."
+        }
+      }
+    ],
+    "claims": [
+      {
+        "bom-ref": "claim-1",
+        "target": "acme-inc",
+        "predicate": "Predicate here",
+        "mitigationStrategies": [ "mitigationStrategy-1" ],
+        "reasoning": "Reasoning here",
+        "evidence": [ "evidence-1" ],
+        "counterEvidence": [ "counterEvidence-1" ],
+        "externalReferences": [
+          {
+            "type": "issue-tracker",
+            "url": "https://alm.example.com"
+          }
+        ],
+        "signature": {
+          "algorithm": "ES256",
+          "certificatePath": [ "MIIB...", "MIID..." ],
+          "value": "tqIT..."
+        }
+      }
+    ],
+    "evidence": [
+      {
+        "bom-ref": "evidence-1",
+        "propertyName": "internal.com.acme.someProperty",
+        "description": "Description here",
+        "data": [
+          {
+            "name": "Name of the data",
+            "contents": {
+              "attachment": {
+                "content": "Evidence here",
+                "contentType": "text/plain"
+              }
+            },
+            "classification": "PII",
+            "sensitiveData": [ "Describe sensitive data here" ]
+          }
+        ],
+        "created": "2023-04-25T00:00:00+00:00",
+        "expires": "2023-05-25T00:00:00+00:00",
+        "author": {
+          "name": "Mary"
+        },
+        "reviewer": {
+          "name": "Jane"
+        },
+        "signature": {
+          "algorithm": "ES256",
+          "certificatePath": [ "MIIB...", "MIID..." ],
+          "value": "tqIT..."
+        }
+      },
+      {
+        "bom-ref": "counterEvidence-1",
+        "propertyName": "internal.com.acme.someProperty",
+        "description": "Description here",
+        "data": [
+          {
+            "name": "Name of the data",
+            "contents": {
+              "attachment": {
+                "content": "Counter evidence here",
+                "contentType": "text/plain"
+              }
+            },
+            "classification": "Public",
+            "sensitiveData": [ "Describe sensitive data here" ]
+          }
+        ],
+        "created": "2023-04-25T00:00:00+00:00",
+        "expires": "2023-05-25T00:00:00+00:00",
+        "author": {
+          "name": "Mary"
+        },
+        "reviewer": {
+          "name": "Jane"
+        },
+        "signature": {
+          "algorithm": "ES256",
+          "certificatePath": [ "MIIB...", "MIID..." ],
+          "value": "tqIT..."
+        }
+      },
+      {
+        "bom-ref": "mitigationStrategy-1",
+        "propertyName": "internal.com.acme.someProperty",
+        "description": "Description here",
+        "data": [
+          {
+            "name": "Name of the data",
+            "contents": {
+              "attachment": {
+                "content": "Mitigation strategy here",
+                "contentType": "text/plain"
+              }
+            },
+            "classification": "Company Confidential",
+            "sensitiveData": [ "Describe sensitive data here" ]
+          }
+        ],
+        "created": "2023-04-25T00:00:00+00:00",
+        "expires": "2023-05-25T00:00:00+00:00",
+        "author": {
+          "name": "Mary"
+        },
+        "reviewer": {
+          "name": "Jane"
+        },
+        "signature": {
+          "algorithm": "ES256",
+          "certificatePath": [ "MIIB...", "MIID..." ],
+          "value": "tqIT..."
+        }
+      }
+    ],
+    "targets": {
+      "organizations": [
+        {
+          "bom-ref": "acme-inc",
+          "name": "Acme Inc"
+        }
+      ]
+    },
+    "affirmation": {
+      "statement": "I certify, to the best of my knowledge, that all information is correct...",
+      "signatories": [
+        {
+          "name": "Tom",
+          "role": "CEO",
+          "signature": {
+            "algorithm": "ES256",
+            "certificatePath": [ "MIIB...", "MIID..." ],
+            "value": "tqIT..."
+          }
+        },
+        {
+          "name": "Jerry",
+          "role": "COO",
+          "organization": {
+            "name": "Acme Inc"
+          },
+          "externalReference": {
+            "type": "electronic-signature",
+            "url": "https://example.com/coo-sig.png"
+          }
+        }
+      ],
+      "signature": {
+        "algorithm": "ES256",
+        "certificatePath": [ "MIIB...", "MIID..." ],
+        "value": "tqIT..."
+      }
+    },
+    "signature": {
+      "algorithm": "ES256",
+      "certificatePath": [ "MIIB...", "MIID..." ],
+      "value": "tqIT..."
+    }
+  },
+  "signature": {
+    "algorithm": "ES256",
+    "certificatePath": [ "MIIB...", "MIID..." ],
+    "value": "tqIT..."
+  }
+}
diff --git a/test/cyclonedx/1.6/specification/valid-component-hashes-1.6.json b/test/cyclonedx/1.6/specification/valid-component-hashes-1.6.json
@@ -0,0 +1,64 @@
+{
+  "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json",
+  "bomFormat": "CycloneDX",
+  "specVersion": "1.6",
+  "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79",
+  "version": 1,
+  "components": [
+    {
+      "type": "library",
+      "name": "acme-example",
+      "version": "1.0.0",
+      "hashes": [
+        {
+          "alg": "MD5",
+          "content": "641b6e166f8b33c5e959e2adcc18b1c7"
+        },
+        {
+          "alg": "SHA-1",
+          "content": "9188560f22e0b73070d2efce670c74af2bdf30af"
+        },
+        {
+          "alg": "SHA-256",
+          "content": "d88bc4e70bfb34d18b5542136639acbb26a8ae2429aa1e47489332fb389cc964"
+        },
+        {
+          "alg": "SHA-384",
+          "content": "d4835048a0f57c74b8fb617d5366ab81376fc92bebe9a93bf24ba7f9da6c9aeeb6179f5d1361f6533211b15f3224cbad"
+        },
+        {
+          "alg": "SHA-512",
+          "content": "74a51ff45e4c11df9ba1f0094282c80489649cb157a75fa337992d2d4592a5a1b8cb4525de8db0ae25233553924d76c36e093ea7fa9df4e5b8b07fd2e074efd6"
+        },
+        {
+          "alg": "SHA3-256",
+          "content": "7478c7cf41c883a04ee89f1813f687886d53fa86f791fff90690c6221e3853aa"
+        },
+        {
+          "alg": "SHA3-384",
+          "content": "a1eea7229716487ad2ebe96b2f997a8408f32f14047994fbcc99b49012cf86c96dbd518e5d57a61b0e57dd37dd0b48f5"
+        },
+        {
+          "alg": "SHA3-512",
+          "content": "7d584825bc1767dfabe7e82b45ccb7a1119b145fa17e76b885e71429c706cef0a3171bc6575b968eec5da56a7966c02fec5402fcee55097ac01d40c550de9d20"
+        },
+        {
+          "alg": "BLAKE2b-256",
+          "content": "d8779633380c050bccf4e733b763ab2abd8ad2db60b517d47fd29bbf76433237"
+        },
+        {
+          "alg": "BLAKE2b-384",
+          "content": "e728ba56c2da995a559a178116c594e8bee4894a79ceb4399d8f479e5563cb1942b85936f646d14170717c576b14db7a"
+        },
+        {
+          "alg": "BLAKE2b-512",
+          "content": "f8ce8d612a6c85c96cf7cebc230f6ddef26e6cedcfbc4a41c766033cc08c6ba097d1470948226807fb2d88d2a2b6fc0ff5e5440e93a603086fdd568bafcd1a9d"
+        },
+        {
+          "alg": "BLAKE3",
+          "content": "26cdc7fb3fd65fc3b621a4ef70bc7d2489d5c19e70c76cf7ec20e538df0047cf"
+        }
+      ]
+    }
+  ]
+}