header_template
This header_template is copied into the SBOM during generation and the placeholders are filled in.
These namespaces are used:
- meta: Value is filled in from the sbom_metadata object of the metadata file
- product: Value is filled in from the product version-specific metadata (see next chapter)
- gen: Value is determined during the SBOM generation
| Property | Value proposal | Remark |
| bomFormat | ${meta:bomFormat} | Do not change. This is taken from sbom_metadata. |
| specVersion | ${meta:specVersion} | Do not change. This is taken from sbom_metadata. |
| serialNumber | urn:uuid:${gen:guid} | Do not change. The SBOM generator generates a guid. |
| version | ${gen:sbomversion:long} | Do not change. The SBOM generator automatically assigns the version number, incrementing it each time the SBOM is generated. |
| metadata {} | ||
| ..timestamp | ${gen:utc} | Do not change. |
| ..tools {} | ||
| ….components [] | Components is an array, but only one component is specified. | |
| …...type | “application” | Do not change. |
| …...supplier {} | ||
| ….….suppliername | ${meta:toolsuppliername} | Do not change. This is taken from sbom_metadata. |
| ….….url | ${meta:toolsupplierurl} | Do not change. This is taken from sbom_metadata. |
| …...name | ${meta:toolname} | Do not change. This is taken from sbom_metadata. |
| …...version | ${gen:toolversion} | Do not change. The tool version (version of session ttpmc1260m000) is determined during SBOM generation. |
| …...description | ${meta:tooldescription} | Do not change. This is taken from sbom_metadata. |
| ..authors [] | ||
| ….name | ${product:author} | You can change this to a fixed name if all your SBOMs have the same author. Otherwise, leave it as suggested, and it will be taken from the product version-specific metadata. |
| component {} | ||
| ..type | application | Do not change. This is prescribed by CycloneDX. |
| ..supplier {} | ||
| ….name | ${product:suppliername} | You can change this to a fixed name of your company if all products for which you create the SBOMs have the same supplier. Otherwise leave it as suggested, and it will be taken from the product version-specific metadata. |
| ….url | ${product:supplierurl} | You can change this to a fixed URL of your company if all products for which you create the SBOMs have the same supplier. Otherwise leave it as suggested and it will be taken from the product version-specific metadata. |
| ..group | com.infor.ln.4gl | Do not change. It is defined by Infor to mark products built using the Infor LN/ Baan 4GL development environment. |
| ..name | ${product:name} | Do not change. This name must be taken from the product version-specific metadata. |
| ..version | ${gen:topcomponentversion} | Do not change. It is determined by the SBOM generator. |
| ..description | ${product:description} | Do not change. This description must be taken from the product version-specific metadata. |