The following table shows how Model Scanner fields are mapped to the CycloneDX 1.6 standard.
| Model Scanner v3 Output |
CycloneDX 1.6 Output |
| version |
metadata.tools.components.version |
| inventory.model_name |
metadata.component.name |
| inventory.model_version |
metadata.component.version |
| inventory.requested_scan_location |
metadata.component.properties.name |
| inventory.requested_scan_location |
metadata.component.properties.value |
| status |
metadata.properties.name |
| status |
metadata.properties.value |
| start_time |
metadata.properties.name |
| start_time |
metadata.properties.value |
| end_time |
metadata.properties.name |
| end_time |
mmetadata.properties.value |
| Model Scanner v3 Output |
CycloneDX 1.6 Output |
| file_results.file_location |
omponents.name |
| file_results.file_location |
components.bom-ref |
| file_results.details.sha256 |
components.hashes.alg |
| file_results.details.sha256 |
components.hashes.content |
| file_results.details.md5 |
components.hashes.alg |
| file_results.details.md5 |
components.hashes.content |
| file_results.details.file_type |
components.properties.name |
| file_results.details.file_type |
components.properties.value |
| file_results.status |
components.properties.name |
| file_results.status |
components.properties.value |
| file_results.details.tlsh |
components.properties.name |
| file_results.details.tlsh |
components.properties.value |
| Model Scanner v3 Output |
CycloneDX 1.6 Output |
| file_results.detections.rule_id |
vulnerabilities.id |
| file_results.detections.detection_id |
vulnerabilities.bom-ref |
| file_results.detections.category |
vulnerabilities.description |
| file_results.detections.description |
vulnerabilities.detail |
| file_results.detections.severity |
vulnerabilities.ratings.severity |
| file_results.detections.technical_blog_hrefs |
vulnerabilities.advisories.url |
| file_results.detections.cve |
vulnerabilities.references.id |
| file_results.detections.cve |
vulnerabilities.references.source |
| file_results.detections.cve |
vulnerabilities.references.source.name |
| file_results.detections.cve |
vulnerabilities.references.source.url |
| file_results.detections.owasp |
vulnerabilities.references.id |
| file_results.detections.owasp |
vulnerabilities.references.source |
| file_results.detections.owasp |
vulnerabilities.references.source.name |
| file_results.detections.owasp |
vulnerabilities.references.source.url |
| file_results.detections.mitre_atlas |
vulnerabilities.references.id |
| file_results.detections.mitre_atlas |
vulnerabilities.references.source |
| file_results.detections.mitre_atlas |
vulnerabilities.references.source.name |
| file_results.detections.mitre_atlas |
vulnerabilities.references.source.url |
| file_results.file_location |
vulnerabilities.affects.ref |