{
  "$schema": "https://json-schema.org/draft/2020-12/schema",
  "$id": "https://raw.githubusercontent.com/api-evangelist/anchore/refs/heads/main/json-schema/anchore-sbom-schema.json",
  "title": "Anchore SBOM",
  "description": "Software Bill of Materials generated by Anchore/Syft in CycloneDX format",
  "type": "object",
  "properties": {
    "bomFormat": {
      "type": "string",
      "const": "CycloneDX"
    },
    "specVersion": {
      "type": "string"
    },
    "serialNumber": {
      "type": "string",
      "format": "uri"
    },
    "version": {
      "type": "integer"
    },
    "components": {
      "type": "array",
      "items": {
        "type": "object",
        "properties": {
          "type": {
            "type": "string",
            "enum": [
              "application",
              "framework",
              "library",
              "container",
              "device",
              "firmware"
            ]
          },
          "name": {
            "type": "string"
          },
          "version": {
            "type": "string"
          },
          "purl": {
            "type": "string"
          },
          "licenses": {
            "type": "array",
            "items": {
              "type": "object"
            }
          }
        },
        "required": [
          "type",
          "name"
        ]
      }
    }
  },
  "required": [
    "bomFormat",
    "components"
  ]
}