{
  "bomFormat": "CycloneDX",
  "specVersion": "1.5",
  "version": 1,
  "metadata": {
    "timestamp": "2026-04-27T00:00:00Z",
    "component": {
      "type": "container",
      "name": "sample-app",
      "version": "1.0.0"
    }
  },
  "components": [
    {
      "type": "library",
      "name": "log4j-core",
      "version": "2.14.0",
      "purl": "pkg:maven/org.apache.logging.log4j/log4j-core@2.14.0"
    },
    {
      "type": "library",
      "name": "openssl-libs",
      "version": "3.0.7-27.el9",
      "purl": "pkg:rpm/redhat/openssl-libs@3.0.7-27.el9"
    },
    {
      "type": "library",
      "name": "p11-kit",
      "version": "0.24.1-2.el9",
      "purl": "pkg:rpm/redhat/p11-kit@0.24.1-2.el9"
    },
    {
      "type": "library",
      "name": "glibc",
      "version": "2.34-83.el9",
      "purl": "pkg:rpm/redhat/glibc@2.34-83.el9"
    }
  ],
  "vulnerabilities": [
    {"id": "CVE-2021-44228"},
    {"id": "CVE-2024-0727"},
    {"id": "CVE-2026-2100"},
    {"id": "CVE-2024-2961"}
  ]
}