From ef4fa899d1d21a464b10d54f22d6733292615437 Mon Sep 17 00:00:00 2001
From: Basil Hess <bhe@zurich.ibm.com>
Date: Tue, 9 Jul 2024 11:36:34 +0200
Subject: [PATCH] Correct CBOM time, add  reference

Signed-off-by: Basil Hess <bhe@zurich.ibm.com>
---
 docs/cbom.json         | 15 ++++++++-------
 scripts/update_cbom.py |  5 +++--
 2 files changed, 11 insertions(+), 9 deletions(-)

diff --git a/docs/cbom.json b/docs/cbom.json
index 197910afc..08edb26b2 100644
--- a/docs/cbom.json
+++ b/docs/cbom.json
@@ -1,23 +1,24 @@
 {
+  "$schema": "https://github.com/raw/CycloneDX/specification/1.6/schema/bom-1.6.schema.json",
   "bomFormat": "CycloneDX",
   "specVersion": "1.6",
-  "serialNumber": "urn:uuid:dab41ba0-4a03-49b2-85ac-b4822fc89ff4",
+  "serialNumber": "urn:uuid:1b8d1eed-25ae-4150-800f-ba795ca0fe4e",
   "version": 1,
   "metadata": {
-    "timestamp": "2024-07-09T09:35:24.712476",
+    "timestamp": "2024-07-09T09:35:30.578130+00:00",
     "component": {
       "type": "library",
-      "bom-ref": "pkg:github/open-quantum-safe/liboqs@d2089c5017fc45f4dce2f6516b3e9ad337946600",
+      "bom-ref": "pkg:github/open-quantum-safe/liboqs@0a87d9e566f2dd2b512d67f4954bba34a6f01899",
       "name": "liboqs",
-      "version": "d2089c5017fc45f4dce2f6516b3e9ad337946600"
+      "version": "0a87d9e566f2dd2b512d67f4954bba34a6f01899"
     }
   },
   "components": [
     {
       "type": "library",
-      "bom-ref": "pkg:github/open-quantum-safe/liboqs@d2089c5017fc45f4dce2f6516b3e9ad337946600",
+      "bom-ref": "pkg:github/open-quantum-safe/liboqs@0a87d9e566f2dd2b512d67f4954bba34a6f01899",
       "name": "liboqs",
-      "version": "d2089c5017fc45f4dce2f6516b3e9ad337946600"
+      "version": "0a87d9e566f2dd2b512d67f4954bba34a6f01899"
     },
     {
       "type": "cryptographic-asset",
@@ -2166,7 +2167,7 @@
   ],
   "dependencies": [
     {
-      "ref": "pkg:github/open-quantum-safe/liboqs@d2089c5017fc45f4dce2f6516b3e9ad337946600",
+      "ref": "pkg:github/open-quantum-safe/liboqs@0a87d9e566f2dd2b512d67f4954bba34a6f01899",
       "provides": [
         "alg:BIKE-L1:x86_64",
         "alg:BIKE-L3:x86_64",
diff --git a/scripts/update_cbom.py b/scripts/update_cbom.py
index 7a022b66c..4500e7b8d 100644
--- a/scripts/update_cbom.py
+++ b/scripts/update_cbom.py
@@ -12,7 +12,7 @@
 import json
 import git
 import uuid
-from datetime import datetime
+import datetime
 import copy
 
 cbom_json_file = "cbom.json"
@@ -156,7 +156,7 @@ def build_cbom(liboqs_root, liboqs_version):
     cbom_components.insert(0, liboqs_component)
 
     metadata = {}
-    metadata['timestamp'] = datetime.now().isoformat()
+    metadata['timestamp'] = datetime.datetime.now(datetime.timezone.utc).isoformat()
     metadata['component'] = liboqs_component
 
     ## Dependencies
@@ -175,6 +175,7 @@ def build_cbom(liboqs_root, liboqs_version):
 
     ## CBOM
     cbom = {}
+    cbom['$schema'] = "https://github.com/raw/CycloneDX/specification/1.6/schema/bom-1.6.schema.json"
     cbom['bomFormat'] = "CycloneDX"
     cbom['specVersion'] = "1.6"
     cbom['serialNumber'] = "urn:uuid:" + str(uuid.uuid4())