Example of metadata.json
You can copy the below example to <SBOM root folder>/metadata/metadata.json, but you must fill in some values specific to your situation. While you can modify the template parts of this file, it is recommended to keep them as they are.
{
"sbom_metadata": {
"bomFormat": "CycloneDX",
"specVersion": "1.5",
"toolsuppliername": "Infor LLC",
"toolsupplierurl": "https://infor.com",
"toolname": "ln-4gl-sbom-generator",
"tooldescription": "LN 4GL SBOM Generator",
"toolauthor": "Infor LLC",
"author": "Infor LLC",
"suppliername": "Infor LLC",
"supplierurl": "https://infor.com"
},
"header_template": {
"bomFormat": "${meta:bomFormat}",
"specVersion": "${meta:specVersion}",
"serialNumber": "urn:uuid:${gen:guid}",
"version": "${gen:sbomversion:long}",
"metadata": {
"timestamp": "${gen:utc}",
"tools": {
"components": [
{
"type": "application",
"supplier": {
"name": "${meta:toolsuppliername}",
"url": "${meta:toolsupplierurl}"
},
"name": "${meta:toolname}",
"version": "${gen:toolversion}",
"description": "${meta:tooldescription}"
}
]
},
"authors": [
{
"name": "${product:author}"
}
],
"component": {
"type": "application",
"supplier": {
"name": "${product:suppliername}",
"url": "${product:supplierurl}"
},
"group": "com.infor.ln.4gl",
"name": "${product:name}",
"version": "${gen:topcomponentversion}",
"description": "${product:description}"
}
}
},
"component_level1_template": {
"type": "application",
"name": "${gen:level1_componentname}",
"version": "${gen:level1_componentversion}",
"description": "${gen:level1_componentdescription}"
},
"component_level2_template": {
"type": "${gen:componenttype}",
"name": "${gen:level2_componentname}",
"version": "${gen:level2_componentversion}",
"description": "${gen:level2_componentdescription}",
"properties": [
{
"name": "release_date",
"value": "${gen:releasedate}"
}
]
}
}