Please reconsider creating a bom using RH-SSO version numbers. This is a better experience for the users because it avoids customers needing to become familiar with KeyCloak versions and how they map to the RH-SSO versions.

In RHSSO 7.0 and 7.1, there were BOMs using the RH-SSO versioning:
7.1 example: https://github.com/redhat-developer/redhat-sso-boms/tree/7.1.x
However, in RH-SSO 7.2 these were dropped in favor of using KeyCloak verison.

Also, for CD (continuous delivery) would be improved by using distinct continuous delivery version numbers to make it clear they are using non-GA components.