stevespringett · March 3, 2019 05:44
diff --git a/bom.xml b/bom.xml
 <?xml version="1.0" encoding="UTF-8"?>
 <bom xmlns="http://cyclonedx.org/schema/bom/1.1" version="1" serialNumber="urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79">
  <components>
    <component type="library">
      <group>org.example</group>
      <name>mylibrary</name>
      <version>1.0.0</version>
      <scope>required</scope>
      <hashes>
        <hash alg="MD5">2342c2eaf1feb9a80195dbaddf2ebaa3</hash>
        <hash alg="SHA-1">68b78babe00a053f9e35ec6a2d9080f5b90122b0</hash>
        <hash alg="SHA-256">708f1f53b41f11f02d12a11b1a38d2905d47b099afc71a0f1124ef8582ec7313</hash>
        <hash alg="SHA-512">387b7ae16b9cae45f830671541539bf544202faae5aac544a93b7b0a04f5f846fa2f4e81ef3f1677e13aed7496408a441f5657ab6d54423e56bf6f38da124aef</hash>
      </hashes>
      <licenses>
        <license>
          <id>Apache-2.0</id>
        </license>
      </licenses>
      <copyright>Copyright Example Inc. All rights reserved.</copyright>
      <cpe>cpe:/a:example:myapplication:1.0.0</cpe>
      <purl>pkg:maven/com.example/[email protected]?packaging=war</purl>
      <modified>false</modified>
    </component>
    <component type="library">
      <publisher>Acme Inc</publisher>
      <group>com.acme</group>
      <name>tomcat-catalina</name>
      <version>9.0.14</version>
      <hashes>
        <hash alg="MD5">3942447fac867ae5cdb3229b658f4d48</hash>
        <hash alg="SHA-1">e6b1000b94e835ffd37f4c6dcbdad43f4b48a02a</hash>
        <hash alg="SHA-256">f498a8ff2dd007e29c2074f5e4b01a9a01775c3ff3aeaf6906ea503bc5791b7b</hash>
        <hash alg="SHA-512">e8f33e424f3f4ed6db76a482fde1a5298970e442c531729119e37991884bdffab4f9426b7ee11fccd074eeda0634d71697d6f88a460dce0ac8d627a29f7d1282</hash>
      </hashes>
      <licenses>
        <license>
          <id>Apache-2.0</id>
        </license>
      </licenses>
      <purl>pkg:maven/com.acme/[email protected]?packaging=jar</purl>
      <pedigree>
        <ancestors>
          <component type="library">
            <publisher>Apache</publisher>
            <group>org.apache.tomcat</group>
            <name>tomcat-catalina</name>
            <version>9.0.14</version>
            <licenses>
              <license>
                <id>Apache-2.0</id>
              </license>
            </licenses>
            <purl>pkg:maven/org.apache.tomcat/[email protected]?packaging=jar</purl>
          </component>
        </ancestors>
        <commits>
          <commit>
            <uid>7638417db6d59f3c431d3e1f261cc637155684cd</uid>
            <url>https://location/to/7638417db6d59f3c431d3e1f261cc637155684cd</url>
            <author>
              <timestamp>2018-11-07T22:01:45Z</timestamp>
              <name>John Doe</name>
              <email>[email protected]</email>
            </author>
            <committer>
              <timestamp>2018-11-07T22:01:45Z</timestamp>
              <name>John Doe</name>
              <email>[email protected]</email>
            </committer>
            <message>Modified catalina to do something specific to Acme</message>
          </commit>
        </commits>
      </pedigree>
    </component>
  </components>
 </bom>
	<?xml version="1.0" encoding="UTF-8"?>
	<bom xmlns="http://cyclonedx.org/schema/bom/1.1" version="1" serialNumber="urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79">
	<components>
	<component type="library">
	<group>org.example</group>
	<name>mylibrary</name>
	<version>1.0.0</version>
	<scope>required</scope>
	<hashes>
	<hash alg="MD5">2342c2eaf1feb9a80195dbaddf2ebaa3</hash>
	<hash alg="SHA-1">68b78babe00a053f9e35ec6a2d9080f5b90122b0</hash>
	<hash alg="SHA-256">708f1f53b41f11f02d12a11b1a38d2905d47b099afc71a0f1124ef8582ec7313</hash>
	<hash alg="SHA-512">387b7ae16b9cae45f830671541539bf544202faae5aac544a93b7b0a04f5f846fa2f4e81ef3f1677e13aed7496408a441f5657ab6d54423e56bf6f38da124aef</hash>
	</hashes>
	<licenses>
	<license>
	<id>Apache-2.0</id>
	</license>
	</licenses>
	<copyright>Copyright Example Inc. All rights reserved.</copyright>
	<cpe>cpe:/a:example:myapplication:1.0.0</cpe>
	<purl>pkg:maven/com.example/[email protected]?packaging=war</purl>
	<modified>false</modified>
	</component>
	<component type="library">
	<publisher>Acme Inc</publisher>
	<group>com.acme</group>
	<name>tomcat-catalina</name>
	<version>9.0.14</version>
	<hashes>
	<hash alg="MD5">3942447fac867ae5cdb3229b658f4d48</hash>
	<hash alg="SHA-1">e6b1000b94e835ffd37f4c6dcbdad43f4b48a02a</hash>
	<hash alg="SHA-256">f498a8ff2dd007e29c2074f5e4b01a9a01775c3ff3aeaf6906ea503bc5791b7b</hash>
	<hash alg="SHA-512">e8f33e424f3f4ed6db76a482fde1a5298970e442c531729119e37991884bdffab4f9426b7ee11fccd074eeda0634d71697d6f88a460dce0ac8d627a29f7d1282</hash>
	</hashes>
	<licenses>
	<license>
	<id>Apache-2.0</id>
	</license>
	</licenses>
	<purl>pkg:maven/com.acme/[email protected]?packaging=jar</purl>
	<pedigree>
	<ancestors>
	<component type="library">
	<publisher>Apache</publisher>
	<group>org.apache.tomcat</group>
	<name>tomcat-catalina</name>
	<version>9.0.14</version>
	<licenses>
	<license>
	<id>Apache-2.0</id>
	</license>
	</licenses>
	<purl>pkg:maven/org.apache.tomcat/[email protected]?packaging=jar</purl>
	</component>
	</ancestors>
	<commits>
	<commit>
	<uid>7638417db6d59f3c431d3e1f261cc637155684cd</uid>
	<url>https://location/to/7638417db6d59f3c431d3e1f261cc637155684cd</url>
	<author>
	<timestamp>2018-11-07T22:01:45Z</timestamp>
	<name>John Doe</name>
	<email>[email protected]</email>
	</author>
	<committer>
	<timestamp>2018-11-07T22:01:45Z</timestamp>
	<name>John Doe</name>
	<email>[email protected]</email>
	</committer>
	<message>Modified catalina to do something specific to Acme</message>
	</commit>
	</commits>
	</pedigree>
	</component>
	</components>
	</bom>