Profile: NTIA Minimum Elements

The following is an example profile that describes the NTIA Minimum Elements for an SBOM.

{
  "$schema": "https://scvs.owasp.org/bom-maturity-profile-1.0.0.schema.json",
  "profiles": [
    {
      "name": "NTIA Minimum Elements",
      "version": "1.0",
      "description": "The Minimum Elements For a Software Bill of Materials (SBOM), Pursuant to Executive Order 14028 on Improving the Nation’s Cybersecurity",
      "creator": "OWASP Foundation",
      "elements": [
        {
          "structure": [ "urn:owasp:scvs:bom:structure:metadata", "urn:owasp:scvs:bom:structure:inventory" ],
          "identifiers": [
            "urn:owasp:scvs:bom:provenance:role:supplier",
            "urn:owasp:scvs:bom:resource:identifiers:coordinates",
            "urn:owasp:scvs:bom:resource:software:identity",
            "urn:owasp:scvs:bom:resource:relationships:assembly"
          ],
          "weight": 1.0,
          "required": true
        },
        {
          "structure": [ "urn:owasp:scvs:bom:structure:metadata" ],
          "identifiers": [
            "urn:owasp:scvs:bom:provenance:role:author",
            "urn:owasp:scvs:bom:core:timestamp"
          ],
          "weight": 1.0,
          "required": true
        },
        {
          "structure": [ "urn:owasp:scvs:bom:structure:metadata", "urn:owasp:scvs:bom:structure:inventory" ],
          "identifiers": [
            "urn:owasp:scvs:bom:resource:identifiers:cpe",
            "urn:owasp:scvs:bom:resource:identifiers:purl"
          ],
          "weight": 0.7,
          "required": false
        }
      ]
    }
  ]
}