diff --git a/cyclonedx/schema/_res/README.md b/cyclonedx/schema/_res/README.md index 33dab7bf..9e68f815 100644 --- a/cyclonedx/schema/_res/README.md +++ b/cyclonedx/schema/_res/README.md @@ -4,7 +4,7 @@ some schema for offline use as download via [script](../../../tools/schema-downl original sources: Currently using version -[5f3ee8066491d31ec6a6d02968243d9688d7e49c](https://github.com/CycloneDX/specification/commit/5f3ee8066491d31ec6a6d02968243d9688d7e49c) +[8a27bfd1be5be0dcb2c208a34d2f4fa0b6d75bd7](https://github.com/CycloneDX/specification/commit/8a27bfd1be5be0dcb2c208a34d2f4fa0b6d75bd7) | file | note | |------|------| diff --git a/cyclonedx/schema/_res/bom-1.6.SNAPSHOT.schema.json b/cyclonedx/schema/_res/bom-1.6.SNAPSHOT.schema.json index 3e6c92c9..bc61ce44 100644 --- a/cyclonedx/schema/_res/bom-1.6.SNAPSHOT.schema.json +++ b/cyclonedx/schema/_res/bom-1.6.SNAPSHOT.schema.json @@ -16,7 +16,7 @@ "bomFormat": { "type": "string", "title": "BOM Format", - "description": "Specifies the format of the BOM. This helps to identify the file as CycloneDX since BOMs do not have a filename convention, nor does JSON schema support namespaces. This value MUST be \"CycloneDX\".", + "description": "Specifies the format of the BOM. This helps to identify the file as CycloneDX since BOMs do not have a filename convention, nor does JSON schema support namespaces. This value must be \"CycloneDX\".", "enum": [ "CycloneDX" ] @@ -25,12 +25,12 @@ "type": "string", "title": "CycloneDX Specification Version", "description": "The version of the CycloneDX specification the BOM conforms to.", - "examples": ["1.6"] + "examples": ["1.6.1"] }, "serialNumber": { "type": "string", "title": "BOM Serial Number", - "description": "Every BOM generated SHOULD have a unique serial number, even if the contents of the BOM have not changed over time. If specified, the serial number MUST conform to RFC-4122. Use of serial numbers is RECOMMENDED.", + "description": "Every BOM generated SHOULD have a unique serial number, even if the contents of the BOM have not changed over time. If specified, the serial number must conform to [RFC 4122](https://www.ietf.org/rfc/rfc4122.html). Use of serial numbers is recommended.", "examples": ["urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79"], "pattern": "^urn:uuid:[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$" }, @@ -121,7 +121,7 @@ "bom-ref": { "$ref": "#/definitions/refType", "title": "BOM Reference", - "description": "An optional identifier which can be used to reference the object elsewhere in the BOM. Every bom-ref MUST be unique within the BOM." + "description": "An optional identifier which can be used to reference the object elsewhere in the BOM. Every bom-ref must be unique within the BOM." }, "thirdParty": { "type": "boolean", @@ -250,7 +250,7 @@ "bom-ref": { "$ref": "#/definitions/refType", "title": "BOM Reference", - "description": "An optional identifier which can be used to reference the object elsewhere in the BOM. Every bom-ref MUST be unique within the BOM." + "description": "An optional identifier which can be used to reference the object elsewhere in the BOM. Every bom-ref must be unique within the BOM." }, "target": { "$ref": "#/definitions/refLinkType", @@ -311,7 +311,7 @@ "bom-ref": { "$ref": "#/definitions/refType", "title": "BOM Reference", - "description": "An optional identifier which can be used to reference the object elsewhere in the BOM. Every bom-ref MUST be unique within the BOM." + "description": "An optional identifier which can be used to reference the object elsewhere in the BOM. Every bom-ref must be unique within the BOM." }, "propertyName": { "type": "string", @@ -433,6 +433,7 @@ "affirmation": { "type": "object", "title": "Affirmation", + "description": "A concise statement affirmed by an individual regarding all declarations, often used for third-party auditor acceptance or recipient acknowledgment. It includes a list of authorized signatories who assert the validity of the document on behalf of the organization.", "additionalProperties": false, "properties": { "statement": { @@ -519,7 +520,7 @@ "properties": { "type": "array", "title": "Properties", - "description": "Provides the ability to document properties in a name-value store. This provides flexibility to include data not officially supported in the standard without having to use additional namespaces or create extensions. Unlike key-value stores, properties support duplicate names, each potentially having different values. Property names of interest to the general public are encouraged to be registered in the [CycloneDX Property Taxonomy](https://github.com/CycloneDX/cyclonedx-property-taxonomy). Formal registration is OPTIONAL.", + "description": "Provides the ability to document properties in a name-value store. This provides flexibility to include data not officially supported in the standard without having to use additional namespaces or create extensions. Unlike key-value stores, properties support duplicate names, each potentially having different values. Property names of interest to the general public are encouraged to be registered in the [CycloneDX Property Taxonomy](https://github.com/CycloneDX/cyclonedx-property-taxonomy). Formal registration is optional.", "items": { "$ref": "#/definitions/property" } @@ -709,7 +710,7 @@ "properties": { "type": "array", "title": "Properties", - "description": "Provides the ability to document properties in a name-value store. This provides flexibility to include data not officially supported in the standard without having to use additional namespaces or create extensions. Unlike key-value stores, properties support duplicate names, each potentially having different values. Property names of interest to the general public are encouraged to be registered in the [CycloneDX Property Taxonomy](https://github.com/CycloneDX/cyclonedx-property-taxonomy). Formal registration is OPTIONAL.", + "description": "Provides the ability to document properties in a name-value store. This provides flexibility to include data not officially supported in the standard without having to use additional namespaces or create extensions. Unlike key-value stores, properties support duplicate names, each potentially having different values. Property names of interest to the general public are encouraged to be registered in the [CycloneDX Property Taxonomy](https://github.com/CycloneDX/cyclonedx-property-taxonomy). Formal registration is optional.", "items": {"$ref": "#/definitions/property"} } } @@ -752,13 +753,12 @@ "organizationalEntity": { "type": "object", "title": "Organizational Entity", - "description": "", "additionalProperties": false, "properties": { "bom-ref": { "$ref": "#/definitions/refType", "title": "BOM Reference", - "description": "An optional identifier which can be used to reference the object elsewhere in the BOM. Every bom-ref MUST be unique within the BOM.\nValue SHOULD not start with the BOM-Link intro 'urn:cdx:' to avoid conflicts with BOM-Links." + "description": "An optional identifier which can be used to reference the object elsewhere in the BOM. Every bom-ref must be unique within the BOM.\nValue SHOULD not start with the BOM-Link intro 'urn:cdx:' to avoid conflicts with BOM-Links." }, "name": { "type": "string", @@ -794,13 +794,12 @@ "organizationalContact": { "type": "object", "title": "Organizational Contact", - "description": "", "additionalProperties": false, "properties": { "bom-ref": { "$ref": "#/definitions/refType", "title": "BOM Reference", - "description": "An optional identifier which can be used to reference the object elsewhere in the BOM. Every bom-ref MUST be unique within the BOM.\nValue SHOULD not start with the BOM-Link intro 'urn:cdx:' to avoid conflicts with BOM-Links." + "description": "An optional identifier which can be used to reference the object elsewhere in the BOM. Every bom-ref must be unique within the BOM.\nValue SHOULD not start with the BOM-Link intro 'urn:cdx:' to avoid conflicts with BOM-Links." }, "name": { "type": "string", @@ -852,7 +851,7 @@ "meta:enum": { "application": "A software application. Refer to [https://en.wikipedia.org/wiki/Application_software](https://en.wikipedia.org/wiki/Application_software) for information about applications.", "framework": "A software framework. Refer to [https://en.wikipedia.org/wiki/Software_framework](https://en.wikipedia.org/wiki/Software_framework) for information on how frameworks vary slightly from libraries.", - "library": "A software library. Refer to [https://en.wikipedia.org/wiki/Library_(computing)](https://en.wikipedia.org/wiki/Library_(computing)) for information about libraries. All third-party and open source reusable components will likely be a library. If the library also has key features of a framework, then it should be classified as a framework. If not, or is unknown, then specifying library is RECOMMENDED.", + "library": "A software library. Refer to [https://en.wikipedia.org/wiki/Library_(computing)](https://en.wikipedia.org/wiki/Library_(computing)) for information about libraries. All third-party and open source reusable components will likely be a library. If the library also has key features of a framework, then it should be classified as a framework. If not, or is unknown, then specifying library is recommended.", "container": "A packaging and/or runtime format, not specific to any particular technology, which isolates software inside the container from software outside of a container through virtualization technology. Refer to [https://en.wikipedia.org/wiki/OS-level_virtualization](https://en.wikipedia.org/wiki/OS-level_virtualization).", "platform": "A runtime environment which interprets or executes software. This may include runtimes such as those that execute bytecode or low-code/no-code application platforms.", "operating-system": "A software operating system without regard to deployment model (i.e. installed on physical hardware, virtual machine, image, etc) Refer to [https://en.wikipedia.org/wiki/Operating_system](https://en.wikipedia.org/wiki/Operating_system).", @@ -878,7 +877,7 @@ "bom-ref": { "$ref": "#/definitions/refType", "title": "BOM Reference", - "description": "An optional identifier which can be used to reference the component elsewhere in the BOM. Every bom-ref MUST be unique within the BOM.\nValue SHOULD not start with the BOM-Link intro 'urn:cdx:' to avoid conflicts with BOM-Links." + "description": "An optional identifier which can be used to reference the component elsewhere in the BOM. Every bom-ref must be unique within the BOM.\nValue SHOULD not start with the BOM-Link intro 'urn:cdx:' to avoid conflicts with BOM-Links." }, "supplier": { "title": "Component Supplier", @@ -972,13 +971,13 @@ "purl": { "type": "string", "title": "Package URL (purl)", - "description": "Asserts the identity of the component using package-url (purl). The purl, if specified, MUST be valid and conform to the specification defined at: [https://github.com/package-url/purl-spec](https://github.com/package-url/purl-spec). Refer to `@.evidence.identity` to optionally provide evidence that substantiates the assertion of the component's identity.", + "description": "Asserts the identity of the component using package-url (purl). The purl, if specified, must be valid and conform to the specification defined at: [https://github.com/package-url/purl-spec](https://github.com/package-url/purl-spec). Refer to `@.evidence.identity` to optionally provide evidence that substantiates the assertion of the component's identity.", "examples": ["pkg:maven/com.acme/tomcat-catalina@9.0.14?packaging=jar"] }, "omniborId": { "type": "array", "title": "OmniBOR Artifact Identifier (gitoid)", - "description": "Asserts the identity of the component using the OmniBOR Artifact ID. The OmniBOR, if specified, MUST be valid and conform to the specification defined at: [https://www.iana.org/assignments/uri-schemes/prov/gitoid](https://www.iana.org/assignments/uri-schemes/prov/gitoid). Refer to `@.evidence.identity` to optionally provide evidence that substantiates the assertion of the component's identity.", + "description": "Asserts the identity of the component using the OmniBOR Artifact ID. The OmniBOR, if specified, must be valid and conform to the specification defined at: [https://www.iana.org/assignments/uri-schemes/prov/gitoid](https://www.iana.org/assignments/uri-schemes/prov/gitoid). Refer to `@.evidence.identity` to optionally provide evidence that substantiates the assertion of the component's identity.", "items": { "type": "string" }, "examples": [ "gitoid:blob:sha1:a94a8fe5ccb19ba61c4c0873d391e987982fbbd3", @@ -987,8 +986,8 @@ }, "swhid": { "type": "array", - "title": "SoftWare Heritage Identifier", - "description": "Asserts the identity of the component using the Software Heritage persistent identifier (SWHID). The SWHID, if specified, MUST be valid and conform to the specification defined at: [https://docs.softwareheritage.org/devel/swh-model/persistent-identifiers.html](https://docs.softwareheritage.org/devel/swh-model/persistent-identifiers.html). Refer to `@.evidence.identity` to optionally provide evidence that substantiates the assertion of the component's identity.", + "title": "Software Heritage Identifier", + "description": "Asserts the identity of the component using the Software Heritage persistent identifier (SWHID). The SWHID, if specified, must be valid and conform to the specification defined at: [https://docs.softwareheritage.org/devel/swh-model/persistent-identifiers.html](https://docs.softwareheritage.org/devel/swh-model/persistent-identifiers.html). Refer to `@.evidence.identity` to optionally provide evidence that substantiates the assertion of the component's identity.", "items": { "type": "string" }, "examples": ["swh:1:cnt:94a9ed024d3859793618152ea559a168bbcbb5e2"] }, @@ -1076,7 +1075,7 @@ "type": "array", "items": {"$ref": "#/definitions/componentData"}, "title": "Data", - "description": "This object SHOULD be specified for any component of type `data` and MUST NOT be specified for other component types." + "description": "This object SHOULD be specified for any component of type `data` and must not be specified for other component types." }, "cryptoProperties": { "$ref": "#/definitions/cryptoProperties", @@ -1085,7 +1084,7 @@ "properties": { "type": "array", "title": "Properties", - "description": "Provides the ability to document properties in a name-value store. This provides flexibility to include data not officially supported in the standard without having to use additional namespaces or create extensions. Unlike key-value stores, properties support duplicate names, each potentially having different values. Property names of interest to the general public are encouraged to be registered in the [CycloneDX Property Taxonomy](https://github.com/CycloneDX/cyclonedx-property-taxonomy). Formal registration is OPTIONAL.", + "description": "Provides the ability to document properties in a name-value store. This provides flexibility to include data not officially supported in the standard without having to use additional namespaces or create extensions. Unlike key-value stores, properties support duplicate names, each potentially having different values. Property names of interest to the general public are encouraged to be registered in the [CycloneDX Property Taxonomy](https://github.com/CycloneDX/cyclonedx-property-taxonomy). Formal registration is optional.", "items": {"$ref": "#/definitions/property"} }, "tags": { @@ -1162,8 +1161,13 @@ "contentType": { "type": "string", "title": "Content-Type", - "description": "Specifies the content type of the text. Defaults to text/plain if not specified.", - "default": "text/plain" + "description": "Specifies the format and nature of the data being attached, helping systems correctly interpret and process the content. Common content type examples include `application/json` for JSON data and `text/plain` for plan text documents.\n [RFC 2045 section 5.1](https://www.ietf.org/rfc/rfc2045.html#section-5.1) outlines the structure and use of content types. For a comprehensive list of registered content types, refer to the [IANA media types registry](https://www.iana.org/assignments/media-types/media-types.xhtml).", + "default": "text/plain", + "examples": [ + "text/plain", + "application/json", + "image/png" + ] }, "encoding": { "type": "string", @@ -1229,6 +1233,7 @@ "license": { "type": "object", "title": "License", + "description": "Specifies the details and attributes related to a software license. It can either include a valid SPDX license identifier or a named license, along with additional properties such as license acknowledgment, comprehensive commercial licensing information, and the full text of the license.", "oneOf": [ { "required": ["id"] @@ -1242,18 +1247,18 @@ "bom-ref": { "$ref": "#/definitions/refType", "title": "BOM Reference", - "description": "An optional identifier which can be used to reference the license elsewhere in the BOM. Every bom-ref MUST be unique within the BOM.\nValue SHOULD not start with the BOM-Link intro 'urn:cdx:' to avoid conflicts with BOM-Links." + "description": "An optional identifier which can be used to reference the license elsewhere in the BOM. Every bom-ref must be unique within the BOM.\nValue SHOULD not start with the BOM-Link intro 'urn:cdx:' to avoid conflicts with BOM-Links." }, "id": { "$ref": "spdx.SNAPSHOT.schema.json", "title": "License ID (SPDX)", - "description": "A valid SPDX license ID", + "description": "A valid SPDX license identifier. If specified, this value must be one of the enumeration of valid SPDX license identifiers defined in the spdx.SNAPSHOT.schema.json (or spdx.xml) subschema which is synchronized with the official SPDX license list.", "examples": ["Apache-2.0"] }, "name": { "type": "string", "title": "License Name", - "description": "If SPDX does not define the license used, this field may be used to provide the license name", + "description": "The name of the license. This may include the name of a commercial or proprietary license or an open source license that may not be defined by SPDX.", "examples": ["Acme Software License"] }, "acknowledgement": { @@ -1429,7 +1434,7 @@ "properties": { "type": "array", "title": "Properties", - "description": "Provides the ability to document properties in a name-value store. This provides flexibility to include data not officially supported in the standard without having to use additional namespaces or create extensions. Unlike key-value stores, properties support duplicate names, each potentially having different values. Property names of interest to the general public are encouraged to be registered in the [CycloneDX Property Taxonomy](https://github.com/CycloneDX/cyclonedx-property-taxonomy). Formal registration is OPTIONAL.", + "description": "Provides the ability to document properties in a name-value store. This provides flexibility to include data not officially supported in the standard without having to use additional namespaces or create extensions. Unlike key-value stores, properties support duplicate names, each potentially having different values. Property names of interest to the general public are encouraged to be registered in the [CycloneDX Property Taxonomy](https://github.com/CycloneDX/cyclonedx-property-taxonomy). Formal registration is optional.", "items": {"$ref": "#/definitions/property"} } } @@ -1493,7 +1498,7 @@ "bom-ref": { "$ref": "#/definitions/refType", "title": "BOM Reference", - "description": "An optional identifier which can be used to reference the license elsewhere in the BOM. Every bom-ref MUST be unique within the BOM.\nValue SHOULD not start with the BOM-Link intro 'urn:cdx:' to avoid conflicts with BOM-Links." + "description": "An optional identifier which can be used to reference the license elsewhere in the BOM. Every bom-ref must be unique within the BOM.\nValue SHOULD not start with the BOM-Link intro 'urn:cdx:' to avoid conflicts with BOM-Links." } } }] @@ -1810,10 +1815,10 @@ "certification-report": "Industry, regulatory, or other certification from an accredited (if applicable) certification body.", "codified-infrastructure": "Code or configuration that defines and provisions virtualized infrastructure, commonly referred to as Infrastructure as Code (IaC).", "quality-metrics": "Report or system in which quality metrics can be obtained.", - "poam": "Plans of Action and Milestones (POAM) complement an \"attestation\" external reference. POAM is defined by NIST as a \"document that identifies tasks needing to be accomplished. It details resources required to accomplish the elements of the plan, any milestones in meeting the tasks and scheduled completion dates for the milestones\".", + "poam": "Plans of Action and Milestones (POA&M) complement an \"attestation\" external reference. POA&M is defined by NIST as a \"document that identifies tasks needing to be accomplished. It details resources required to accomplish the elements of the plan, any milestones in meeting the tasks and scheduled completion dates for the milestones\".", "electronic-signature": "An e-signature is commonly a scanned representation of a written signature or a stylized script of the person's name.", "digital-signature": "A signature that leverages cryptography, typically public/private key pairs, which provides strong authenticity verification.", - "rfc-9116": "Document that complies with RFC-9116 (A File Format to Aid in Security Vulnerability Disclosure)", + "rfc-9116": "Document that complies with [RFC 9116](https://www.ietf.org/rfc/rfc9116.html) (A File Format to Aid in Security Vulnerability Disclosure)", "other": "Use this if no other types accurately describe the purpose of the external reference." } }, @@ -1828,7 +1833,7 @@ "dependency": { "type": "object", "title": "Dependency", - "description": "Defines the direct dependencies of a component, service, or the components provided/implemented by a given component. Components or services that do not have their own dependencies MUST be declared as empty elements within the graph. Components or services that are not represented in the dependency graph MAY have unknown dependencies. It is RECOMMENDED that implementations assume this to be opaque and not an indicator of an object being dependency-free. It is RECOMMENDED to leverage compositions to indicate unknown dependency graphs.", + "description": "Defines the direct dependencies of a component, service, or the components provided/implemented by a given component. Components or services that do not have their own dependencies must be declared as empty elements within the graph. Components or services that are not represented in the dependency graph may have unknown dependencies. It is recommended that implementations assume this to be opaque and not an indicator of an object being dependency-free. It is recommended to leverage compositions to indicate unknown dependency graphs.", "required": [ "ref" ], @@ -1870,7 +1875,7 @@ "bom-ref": { "$ref": "#/definitions/refType", "title": "BOM Reference", - "description": "An optional identifier which can be used to reference the service elsewhere in the BOM. Every bom-ref MUST be unique within the BOM.\nValue SHOULD not start with the BOM-Link intro 'urn:cdx:' to avoid conflicts with BOM-Links." + "description": "An optional identifier which can be used to reference the service elsewhere in the BOM. Every bom-ref must be unique within the BOM.\nValue SHOULD not start with the BOM-Link intro 'urn:cdx:' to avoid conflicts with BOM-Links." }, "provider": { "title": "Provider", @@ -1932,7 +1937,7 @@ }, "licenses": { "$ref": "#/definitions/licenseChoice", - "title": "Component License(s)" + "title": "Service License(s)" }, "externalReferences": { "type": "array", @@ -1955,7 +1960,7 @@ "properties": { "type": "array", "title": "Properties", - "description": "Provides the ability to document properties in a name-value store. This provides flexibility to include data not officially supported in the standard without having to use additional namespaces or create extensions. Unlike key-value stores, properties support duplicate names, each potentially having different values. Property names of interest to the general public are encouraged to be registered in the [CycloneDX Property Taxonomy](https://github.com/CycloneDX/cyclonedx-property-taxonomy). Formal registration is OPTIONAL.", + "description": "Provides the ability to document properties in a name-value store. This provides flexibility to include data not officially supported in the standard without having to use additional namespaces or create extensions. Unlike key-value stores, properties support duplicate names, each potentially having different values. Property names of interest to the general public are encouraged to be registered in the [CycloneDX Property Taxonomy](https://github.com/CycloneDX/cyclonedx-property-taxonomy). Formal registration is optional.", "items": {"$ref": "#/definitions/property"} }, "tags": { @@ -2064,6 +2069,7 @@ "copyright": { "type": "object", "title": "Copyright", + "description": "A copyright notice informing users of the underlying claims to copyright ownership in a published work.", "required": [ "text" ], @@ -2071,7 +2077,8 @@ "properties": { "text": { "type": "string", - "title": "Copyright Text" + "title": "Copyright Text", + "description": "The textual content of the copyright." } } }, @@ -2083,7 +2090,7 @@ "properties": { "identity": { "title": "Identity Evidence", - "description": "Evidence that substantiates the identity of a component. The identify may be an object or an array of identity objects. Support for specifying identify as a single object was introduced in CycloneDX v1.5. Arrays were introduced in v1.6. It is RECOMMENDED that all implementations use arrays, even if only one identity object is specified.", + "description": "Evidence that substantiates the identity of a component. The identity may be an object or an array of identity objects. Support for specifying identity as a single object was introduced in CycloneDX v1.5. Arrays were introduced in v1.6. It is recommended that all implementations use arrays, even if only one identity object is specified.", "oneOf" : [ { "type": "array", @@ -2110,7 +2117,7 @@ "bom-ref": { "$ref": "#/definitions/refType", "title": "BOM Reference", - "description": "An optional identifier which can be used to reference the occurrence elsewhere in the BOM. Every bom-ref MUST be unique within the BOM.\nValue SHOULD not start with the BOM-Link intro 'urn:cdx:' to avoid conflicts with BOM-Links." + "description": "An optional identifier which can be used to reference the occurrence elsewhere in the BOM. Every bom-ref must be unique within the BOM.\nValue SHOULD not start with the BOM-Link intro 'urn:cdx:' to avoid conflicts with BOM-Links." }, "location": { "type": "string", @@ -2225,7 +2232,7 @@ "bom-ref": { "$ref": "#/definitions/refType", "title": "BOM Reference", - "description": "An optional identifier which can be used to reference the composition elsewhere in the BOM. Every bom-ref MUST be unique within the BOM.\nValue SHOULD not start with the BOM-Link intro 'urn:cdx:' to avoid conflicts with BOM-Links." + "description": "An optional identifier which can be used to reference the composition elsewhere in the BOM. Every bom-ref must be unique within the BOM.\nValue SHOULD not start with the BOM-Link intro 'urn:cdx:' to avoid conflicts with BOM-Links." }, "aggregate": { "$ref": "#/definitions/aggregateType", @@ -2306,7 +2313,7 @@ "property": { "type": "object", "title": "Lightweight name-value pair", - "description": "Provides the ability to document properties in a name-value store. This provides flexibility to include data not officially supported in the standard without having to use additional namespaces or create extensions. Unlike key-value stores, properties support duplicate names, each potentially having different values. Property names of interest to the general public are encouraged to be registered in the [CycloneDX Property Taxonomy](https://github.com/CycloneDX/cyclonedx-property-taxonomy). Formal registration is OPTIONAL.", + "description": "Provides the ability to document properties in a name-value store. This provides flexibility to include data not officially supported in the standard without having to use additional namespaces or create extensions. Unlike key-value stores, properties support duplicate names, each potentially having different values. Property names of interest to the general public are encouraged to be registered in the [CycloneDX Property Taxonomy](https://github.com/CycloneDX/cyclonedx-property-taxonomy). Formal registration is optional.", "required": [ "name" ], @@ -2328,7 +2335,7 @@ "type": "string", "pattern": "^([a-z]{2})(-[A-Z]{2})?$", "title": "Locale", - "description": "Defines a syntax for representing two character language code (ISO-639) followed by an optional two character country code. The language code MUST be lower case. If the country code is specified, the country code MUST be upper case. The language code and country code MUST be separated by a minus sign. Examples: en, en-US, fr, fr-CA" + "description": "Defines a syntax for representing two character language code (ISO-639) followed by an optional two character country code. The language code must be lower case. If the country code is specified, the country code must be upper case. The language code and country code must be separated by a minus sign. Examples: en, en-US, fr, fr-CA" }, "releaseType": { "type": "string", @@ -2339,7 +2346,7 @@ "pre-release", "internal" ], - "description": "The software versioning type. It is RECOMMENDED that the release type use one of 'major', 'minor', 'patch', 'pre-release', or 'internal'. Representing all possible software release types is not practical, so standardizing on the recommended values, whenever possible, is strongly encouraged.\n\n* __major__ = A major release may contain significant changes or may introduce breaking changes.\n* __minor__ = A minor release, also known as an update, may contain a smaller number of changes than major releases.\n* __patch__ = Patch releases are typically unplanned and may resolve defects or important security issues.\n* __pre-release__ = A pre-release may include alpha, beta, or release candidates and typically have limited support. They provide the ability to preview a release prior to its general availability.\n* __internal__ = Internal releases are not for public consumption and are intended to be used exclusively by the project or manufacturer that produced it." + "description": "The software versioning type. It is recommended that the release type use one of 'major', 'minor', 'patch', 'pre-release', or 'internal'. Representing all possible software release types is not practical, so standardizing on the recommended values, whenever possible, is strongly encouraged.\n\n* __major__ = A major release may contain significant changes or may introduce breaking changes.\n* __minor__ = A minor release, also known as an update, may contain a smaller number of changes than major releases.\n* __patch__ = Patch releases are typically unplanned and may resolve defects or important security issues.\n* __pre-release__ = A pre-release may include alpha, beta, or release candidates and typically have limited support. They provide the ability to preview a release prior to its general availability.\n* __internal__ = Internal releases are not for public consumption and are intended to be used exclusively by the project or manufacturer that produced it." }, "note": { "type": "object", @@ -2430,7 +2437,7 @@ "properties": { "type": "array", "title": "Properties", - "description": "Provides the ability to document properties in a name-value store. This provides flexibility to include data not officially supported in the standard without having to use additional namespaces or create extensions. Unlike key-value stores, properties support duplicate names, each potentially having different values. Property names of interest to the general public are encouraged to be registered in the [CycloneDX Property Taxonomy](https://github.com/CycloneDX/cyclonedx-property-taxonomy). Formal registration is OPTIONAL.", + "description": "Provides the ability to document properties in a name-value store. This provides flexibility to include data not officially supported in the standard without having to use additional namespaces or create extensions. Unlike key-value stores, properties support duplicate names, each potentially having different values. Property names of interest to the general public are encouraged to be registered in the [CycloneDX Property Taxonomy](https://github.com/CycloneDX/cyclonedx-property-taxonomy). Formal registration is optional.", "items": {"$ref": "#/definitions/property"} } } @@ -2626,7 +2633,7 @@ "bom-ref": { "$ref": "#/definitions/refType", "title": "BOM Reference", - "description": "An optional identifier which can be used to reference the vulnerability elsewhere in the BOM. Every bom-ref MUST be unique within the BOM.\nValue SHOULD not start with the BOM-Link intro 'urn:cdx:' to avoid conflicts with BOM-Links." + "description": "An optional identifier which can be used to reference the vulnerability elsewhere in the BOM. Every bom-ref must be unique within the BOM.\nValue SHOULD not start with the BOM-Link intro 'urn:cdx:' to avoid conflicts with BOM-Links." }, "id": { "type": "string", @@ -2941,7 +2948,7 @@ "properties": { "type": "array", "title": "Properties", - "description": "Provides the ability to document properties in a name-value store. This provides flexibility to include data not officially supported in the standard without having to use additional namespaces or create extensions. Unlike key-value stores, properties support duplicate names, each potentially having different values. Property names of interest to the general public are encouraged to be registered in the [CycloneDX Property Taxonomy](https://github.com/CycloneDX/cyclonedx-property-taxonomy). Formal registration is OPTIONAL.", + "description": "Provides the ability to document properties in a name-value store. This provides flexibility to include data not officially supported in the standard without having to use additional namespaces or create extensions. Unlike key-value stores, properties support duplicate names, each potentially having different values. Property names of interest to the general public are encouraged to be registered in the [CycloneDX Property Taxonomy](https://github.com/CycloneDX/cyclonedx-property-taxonomy). Formal registration is optional.", "items": { "$ref": "#/definitions/property" } @@ -3008,7 +3015,7 @@ "bom-ref": { "$ref": "#/definitions/refType", "title": "BOM Reference", - "description": "An optional identifier which can be used to reference the annotation elsewhere in the BOM. Every bom-ref MUST be unique within the BOM.\nValue SHOULD not start with the BOM-Link intro 'urn:cdx:' to avoid conflicts with BOM-Links." + "description": "An optional identifier which can be used to reference the annotation elsewhere in the BOM. Every bom-ref must be unique within the BOM.\nValue SHOULD not start with the BOM-Link intro 'urn:cdx:' to avoid conflicts with BOM-Links." }, "subjects": { "type": "array", @@ -3096,13 +3103,13 @@ "$comment": "Model card support in CycloneDX is derived from TensorFlow Model Card Toolkit released under the Apache 2.0 license and available from https://github.com/tensorflow/model-card-toolkit/blob/main/model_card_toolkit/schema/v0.0.2/model_card.schema.json. In addition, CycloneDX model card support includes portions of VerifyML, also released under the Apache 2.0 license and available from https://github.com/cylynx/verifyml/blob/main/verifyml/model_card_toolkit/schema/v0.0.4/model_card.schema.json.", "type": "object", "title": "Model Card", - "description": "A model card describes the intended uses of a machine learning model and potential limitations, including biases and ethical considerations. Model cards typically contain the training parameters, which datasets were used to train the model, performance metrics, and other relevant data useful for ML transparency. This object SHOULD be specified for any component of type `machine-learning-model` and MUST NOT be specified for other component types.", + "description": "A model card describes the intended uses of a machine learning model and potential limitations, including biases and ethical considerations. Model cards typically contain the training parameters, which datasets were used to train the model, performance metrics, and other relevant data useful for ML transparency. This object SHOULD be specified for any component of type `machine-learning-model` and must not be specified for other component types.", "additionalProperties": false, "properties": { "bom-ref": { "$ref": "#/definitions/refType", "title": "BOM Reference", - "description": "An optional identifier which can be used to reference the model card elsewhere in the BOM. Every bom-ref MUST be unique within the BOM.\nValue SHOULD not start with the BOM-Link intro 'urn:cdx:' to avoid conflicts with BOM-Links." + "description": "An optional identifier which can be used to reference the model card elsewhere in the BOM. Every bom-ref must be unique within the BOM.\nValue SHOULD not start with the BOM-Link intro 'urn:cdx:' to avoid conflicts with BOM-Links." }, "modelParameters": { "type": "object", @@ -3179,6 +3186,7 @@ } ], "title": "Reference", + "type": "string", "description": "References a data component by the components bom-ref attribute" } } @@ -3277,7 +3285,7 @@ "properties": { "type": "array", "title": "Properties", - "description": "Provides the ability to document properties in a name-value store. This provides flexibility to include data not officially supported in the standard without having to use additional namespaces or create extensions. Unlike key-value stores, properties support duplicate names, each potentially having different values. Property names of interest to the general public are encouraged to be registered in the [CycloneDX Property Taxonomy](https://github.com/CycloneDX/cyclonedx-property-taxonomy). Formal registration is OPTIONAL.", + "description": "Provides the ability to document properties in a name-value store. This provides flexibility to include data not officially supported in the standard without having to use additional namespaces or create extensions. Unlike key-value stores, properties support duplicate names, each potentially having different values. Property names of interest to the general public are encouraged to be registered in the [CycloneDX Property Taxonomy](https://github.com/CycloneDX/cyclonedx-property-taxonomy). Formal registration is optional.", "items": {"$ref": "#/definitions/property"} } } @@ -3305,7 +3313,7 @@ "bom-ref": { "$ref": "#/definitions/refType", "title": "BOM Reference", - "description": "An optional identifier which can be used to reference the dataset elsewhere in the BOM. Every bom-ref MUST be unique within the BOM.\nValue SHOULD not start with the BOM-Link intro 'urn:cdx:' to avoid conflicts with BOM-Links." + "description": "An optional identifier which can be used to reference the dataset elsewhere in the BOM. Every bom-ref must be unique within the BOM.\nValue SHOULD not start with the BOM-Link intro 'urn:cdx:' to avoid conflicts with BOM-Links." }, "type": { "type": "string", @@ -3413,10 +3421,12 @@ "properties": { "organization": { "title": "Organization", + "description": "The organization that is responsible for specific data governance role(s).", "$ref": "#/definitions/organizationalEntity" }, "contact": { "title": "Individual", + "description": "The individual that is responsible for specific data governance role(s).", "$ref": "#/definitions/organizationalContact" } }, @@ -3460,7 +3470,7 @@ }, "image": { "title": "Graphic Image", - "description": "The graphic (vector or raster). Base64 encoding MUST be specified for binary images.", + "description": "The graphic (vector or raster). Base64 encoding must be specified for binary images.", "$ref": "#/definitions/attachment" } } @@ -3572,6 +3582,7 @@ "properties": { "type": "array", "title": "Properties", + "description": "Provides the ability to document properties in a name-value store. This provides flexibility to include data not officially supported in the standard without having to use additional namespaces or create extensions. Unlike key-value stores, properties support duplicate names, each potentially having different values. Property names of interest to the general public are encouraged to be registered in the [CycloneDX Property Taxonomy](https://github.com/CycloneDX/cyclonedx-property-taxonomy). Formal registration is optional.", "items": { "$ref": "#/definitions/property" } @@ -3640,6 +3651,7 @@ "properties": { "type": "array", "title": "Properties", + "description": "Provides the ability to document properties in a name-value store. This provides flexibility to include data not officially supported in the standard without having to use additional namespaces or create extensions. Unlike key-value stores, properties support duplicate names, each potentially having different values. Property names of interest to the general public are encouraged to be registered in the [CycloneDX Property Taxonomy](https://github.com/CycloneDX/cyclonedx-property-taxonomy). Formal registration is optional.", "items": { "$ref": "#/definitions/property" } @@ -3711,7 +3723,7 @@ "properties": { "bom-ref": { "title": "BOM Reference", - "description": "An optional identifier which can be used to reference the energy provider elsewhere in the BOM. Every bom-ref MUST be unique within the BOM.\nValue SHOULD not start with the BOM-Link intro 'urn:cdx:' to avoid conflicts with BOM-Links.", + "description": "An optional identifier which can be used to reference the energy provider elsewhere in the BOM. Every bom-ref must be unique within the BOM.\nValue SHOULD not start with the BOM-Link intro 'urn:cdx:' to avoid conflicts with BOM-Links.", "$ref": "#/definitions/refType" }, "description": { @@ -3722,6 +3734,7 @@ "organization": { "type": "object", "title": "Organization", + "description": "The organization that provides energy.", "$ref": "#/definitions/organizationalEntity" }, "energySource": { @@ -3776,7 +3789,7 @@ "properties": { "bom-ref": { "title": "BOM Reference", - "description": "An optional identifier which can be used to reference the address elsewhere in the BOM. Every bom-ref MUST be unique within the BOM.\nValue SHOULD not start with the BOM-Link intro 'urn:cdx:' to avoid conflicts with BOM-Links.", + "description": "An optional identifier which can be used to reference the address elsewhere in the BOM. Every bom-ref must be unique within the BOM.\nValue SHOULD not start with the BOM-Link intro 'urn:cdx:' to avoid conflicts with BOM-Links.", "$ref": "#/definitions/refType" }, "country": { @@ -3824,7 +3837,7 @@ "properties": { "bom-ref": { "title": "BOM Reference", - "description": "An optional identifier which can be used to reference the formula elsewhere in the BOM. Every bom-ref MUST be unique within the BOM.\nValue SHOULD not start with the BOM-Link intro 'urn:cdx:' to avoid conflicts with BOM-Links.", + "description": "An optional identifier which can be used to reference the formula elsewhere in the BOM. Every bom-ref must be unique within the BOM.\nValue SHOULD not start with the BOM-Link intro 'urn:cdx:' to avoid conflicts with BOM-Links.", "$ref": "#/definitions/refType" }, "components": { @@ -3858,6 +3871,7 @@ "properties": { "type": "array", "title": "Properties", + "description": "Provides the ability to document properties in a name-value store. This provides flexibility to include data not officially supported in the standard without having to use additional namespaces or create extensions. Unlike key-value stores, properties support duplicate names, each potentially having different values. Property names of interest to the general public are encouraged to be registered in the [CycloneDX Property Taxonomy](https://github.com/CycloneDX/cyclonedx-property-taxonomy). Formal registration is optional.", "items": { "$ref": "#/definitions/property" } @@ -3878,7 +3892,7 @@ "properties": { "bom-ref": { "title": "BOM Reference", - "description": "An optional identifier which can be used to reference the workflow elsewhere in the BOM. Every bom-ref MUST be unique within the BOM.\nValue SHOULD not start with the BOM-Link intro 'urn:cdx:' to avoid conflicts with BOM-Links.", + "description": "An optional identifier which can be used to reference the workflow elsewhere in the BOM. Every bom-ref must be unique within the BOM.\nValue SHOULD not start with the BOM-Link intro 'urn:cdx:' to avoid conflicts with BOM-Links.", "$ref": "#/definitions/refType" }, "uid": { @@ -4001,6 +4015,7 @@ "properties": { "type": "array", "title": "Properties", + "description": "Provides the ability to document properties in a name-value store. This provides flexibility to include data not officially supported in the standard without having to use additional namespaces or create extensions. Unlike key-value stores, properties support duplicate names, each potentially having different values. Property names of interest to the general public are encouraged to be registered in the [CycloneDX Property Taxonomy](https://github.com/CycloneDX/cyclonedx-property-taxonomy). Formal registration is optional.", "items": { "$ref": "#/definitions/property" } @@ -4021,7 +4036,7 @@ "properties": { "bom-ref": { "title": "BOM Reference", - "description": "An optional identifier which can be used to reference the task elsewhere in the BOM. Every bom-ref MUST be unique within the BOM.\nValue SHOULD not start with the BOM-Link intro 'urn:cdx:' to avoid conflicts with BOM-Links.", + "description": "An optional identifier which can be used to reference the task elsewhere in the BOM. Every bom-ref must be unique within the BOM.\nValue SHOULD not start with the BOM-Link intro 'urn:cdx:' to avoid conflicts with BOM-Links.", "$ref": "#/definitions/refType" }, "uid": { @@ -4125,6 +4140,7 @@ "properties": { "type": "array", "title": "Properties", + "description": "Provides the ability to document properties in a name-value store. This provides flexibility to include data not officially supported in the standard without having to use additional namespaces or create extensions. Unlike key-value stores, properties support duplicate names, each potentially having different values. Property names of interest to the general public are encouraged to be registered in the [CycloneDX Property Taxonomy](https://github.com/CycloneDX/cyclonedx-property-taxonomy). Formal registration is optional.", "items": { "$ref": "#/definitions/property" } @@ -4157,6 +4173,7 @@ "properties": { "type": "array", "title": "Properties", + "description": "Provides the ability to document properties in a name-value store. This provides flexibility to include data not officially supported in the standard without having to use additional namespaces or create extensions. Unlike key-value stores, properties support duplicate names, each potentially having different values. Property names of interest to the general public are encouraged to be registered in the [CycloneDX Property Taxonomy](https://github.com/CycloneDX/cyclonedx-property-taxonomy). Formal registration is optional.", "items": { "$ref": "#/definitions/property" } @@ -4175,6 +4192,7 @@ "properties": { "type": "array", "title": "Properties", + "description": "Provides the ability to document properties in a name-value store. This provides flexibility to include data not officially supported in the standard without having to use additional namespaces or create extensions. Unlike key-value stores, properties support duplicate names, each potentially having different values. Property names of interest to the general public are encouraged to be registered in the [CycloneDX Property Taxonomy](https://github.com/CycloneDX/cyclonedx-property-taxonomy). Formal registration is optional.", "items": { "$ref": "#/definitions/property" } @@ -4193,7 +4211,7 @@ "properties": { "bom-ref": { "title": "BOM Reference", - "description": "An optional identifier which can be used to reference the workspace elsewhere in the BOM. Every bom-ref MUST be unique within the BOM.\nValue SHOULD not start with the BOM-Link intro 'urn:cdx:' to avoid conflicts with BOM-Links.", + "description": "An optional identifier which can be used to reference the workspace elsewhere in the BOM. Every bom-ref must be unique within the BOM.\nValue SHOULD not start with the BOM-Link intro 'urn:cdx:' to avoid conflicts with BOM-Links.", "$ref": "#/definitions/refType" }, "uid": { @@ -4266,6 +4284,7 @@ "properties": { "type": "array", "title": "Properties", + "description": "Provides the ability to document properties in a name-value store. This provides flexibility to include data not officially supported in the standard without having to use additional namespaces or create extensions. Unlike key-value stores, properties support duplicate names, each potentially having different values. Property names of interest to the general public are encouraged to be registered in the [CycloneDX Property Taxonomy](https://github.com/CycloneDX/cyclonedx-property-taxonomy). Formal registration is optional.", "items": { "$ref": "#/definitions/property" } @@ -4321,6 +4340,7 @@ "properties": { "type": "array", "title": "Properties", + "description": "Provides the ability to document properties in a name-value store. This provides flexibility to include data not officially supported in the standard without having to use additional namespaces or create extensions. Unlike key-value stores, properties support duplicate names, each potentially having different values. Property names of interest to the general public are encouraged to be registered in the [CycloneDX Property Taxonomy](https://github.com/CycloneDX/cyclonedx-property-taxonomy). Formal registration is optional.", "items": { "$ref": "#/definitions/property" } @@ -4340,7 +4360,7 @@ "properties": { "bom-ref": { "title": "BOM Reference", - "description": "An optional identifier which can be used to reference the trigger elsewhere in the BOM. Every bom-ref MUST be unique within the BOM.\nValue SHOULD not start with the BOM-Link intro 'urn:cdx:' to avoid conflicts with BOM-Links.", + "description": "An optional identifier which can be used to reference the trigger elsewhere in the BOM. Every bom-ref must be unique within the BOM.\nValue SHOULD not start with the BOM-Link intro 'urn:cdx:' to avoid conflicts with BOM-Links.", "$ref": "#/definitions/refType" }, "uid": { @@ -4386,6 +4406,7 @@ "conditions": { "type": "array", "title": "Conditions", + "description": "A list of conditions used to determine if a trigger should be activated.", "uniqueItems": true, "items": { "$ref": "#/definitions/condition" @@ -4420,6 +4441,7 @@ "properties": { "type": "array", "title": "Properties", + "description": "Provides the ability to document properties in a name-value store. This provides flexibility to include data not officially supported in the standard without having to use additional namespaces or create extensions. Unlike key-value stores, properties support duplicate names, each potentially having different values. Property names of interest to the general public are encouraged to be registered in the [CycloneDX Property Taxonomy](https://github.com/CycloneDX/cyclonedx-property-taxonomy). Formal registration is optional.", "items": { "$ref": "#/definitions/property" } @@ -4466,6 +4488,7 @@ "properties": { "type": "array", "title": "Properties", + "description": "Provides the ability to document properties in a name-value store. This provides flexibility to include data not officially supported in the standard without having to use additional namespaces or create extensions. Unlike key-value stores, properties support duplicate names, each potentially having different values. Property names of interest to the general public are encouraged to be registered in the [CycloneDX Property Taxonomy](https://github.com/CycloneDX/cyclonedx-property-taxonomy). Formal registration is optional.", "items": { "$ref": "#/definitions/property" } @@ -4560,6 +4583,7 @@ "properties": { "type": "array", "title": "Properties", + "description": "Provides the ability to document properties in a name-value store. This provides flexibility to include data not officially supported in the standard without having to use additional namespaces or create extensions. Unlike key-value stores, properties support duplicate names, each potentially having different values. Property names of interest to the general public are encouraged to be registered in the [CycloneDX Property Taxonomy](https://github.com/CycloneDX/cyclonedx-property-taxonomy). Formal registration is optional.", "items": { "$ref": "#/definitions/property" } @@ -4645,6 +4669,7 @@ "properties": { "type": "array", "title": "Properties", + "description": "Provides the ability to document properties in a name-value store. This provides flexibility to include data not officially supported in the standard without having to use additional namespaces or create extensions. Unlike key-value stores, properties support duplicate names, each potentially having different values. Property names of interest to the general public are encouraged to be registered in the [CycloneDX Property Taxonomy](https://github.com/CycloneDX/cyclonedx-property-taxonomy). Formal registration is optional.", "items": { "$ref": "#/definitions/property" } @@ -4710,6 +4735,7 @@ "properties": { "type": "array", "title": "Properties", + "description": "Provides the ability to document properties in a name-value store. This provides flexibility to include data not officially supported in the standard without having to use additional namespaces or create extensions. Unlike key-value stores, properties support duplicate names, each potentially having different values. Property names of interest to the general public are encouraged to be registered in the [CycloneDX Property Taxonomy](https://github.com/CycloneDX/cyclonedx-property-taxonomy). Formal registration is optional.", "items": { "$ref": "#/definitions/property" } @@ -4870,7 +4896,7 @@ "bom-ref": { "$ref": "#/definitions/refType", "title": "BOM Reference", - "description": "An optional identifier which can be used to reference the object elsewhere in the BOM. Every bom-ref MUST be unique within the BOM." + "description": "An optional identifier which can be used to reference the object elsewhere in the BOM. Every bom-ref must be unique within the BOM." }, "name": { "type": "string", @@ -4904,7 +4930,7 @@ "bom-ref": { "$ref": "#/definitions/refType", "title": "BOM Reference", - "description": "An optional identifier which can be used to reference the object elsewhere in the BOM. Every bom-ref MUST be unique within the BOM." + "description": "An optional identifier which can be used to reference the object elsewhere in the BOM. Every bom-ref must be unique within the BOM." }, "identifier": { "type": "string", @@ -4945,7 +4971,7 @@ "properties": { "type": "array", "title": "Properties", - "description": "Provides the ability to document properties in a name-value store. This provides flexibility to include data not officially supported in the standard without having to use additional namespaces or create extensions. Unlike key-value stores, properties support duplicate names, each potentially having different values. Property names of interest to the general public are encouraged to be registered in the [CycloneDX Property Taxonomy](https://github.com/CycloneDX/cyclonedx-property-taxonomy). Formal registration is OPTIONAL.", + "description": "Provides the ability to document properties in a name-value store. This provides flexibility to include data not officially supported in the standard without having to use additional namespaces or create extensions. Unlike key-value stores, properties support duplicate names, each potentially having different values. Property names of interest to the general public are encouraged to be registered in the [CycloneDX Property Taxonomy](https://github.com/CycloneDX/cyclonedx-property-taxonomy). Formal registration is optional.", "items": { "$ref": "#/definitions/property" } @@ -4971,7 +4997,7 @@ "bom-ref": { "$ref": "#/definitions/refType", "title": "BOM Reference", - "description": "An optional identifier which can be used to reference the object elsewhere in the BOM. Every bom-ref MUST be unique within the BOM." + "description": "An optional identifier which can be used to reference the object elsewhere in the BOM. Every bom-ref must be unique within the BOM." }, "identifier": { "type": "string", @@ -5119,7 +5145,7 @@ }, "implementationPlatform": { "type": "string", - "title": "implementation platform", + "title": "Implementation platform", "description": "The target platform for which the algorithm is implemented. The implementation can be 'generic', running on any platform or for a specific platform.", "enum": [ "generic", @@ -5466,7 +5492,7 @@ }, "size": { "type": "integer", - "title":"Size", + "title": "Size", "description": "The size of the cryptographic asset (in bits)." }, "format": { @@ -5534,7 +5560,7 @@ "ikev2TransformTypes": { "type": "object", "title": "IKEv2 Transform Types", - "description": "The IKEv2 transform types supported (types 1-4), defined in RFC7296 section 3.3.2, and additional properties.", + "description": "The IKEv2 transform types supported (types 1-4), defined in [RFC 7296 section 3.3.2](https://www.ietf.org/rfc/rfc7296.html#section-3.3.2), and additional properties.", "additionalProperties": false, "properties": { "encr": { @@ -5555,7 +5581,7 @@ "ke": { "$ref": "#/definitions/cryptoRefArray", "title": "Key Exchange Method (KE)", - "description": "Transform Type 4: Key Exchange Method (KE) per RFC9370, formerly called Diffie-Hellman Group (D-H)" + "description": "Transform Type 4: Key Exchange Method (KE) per [RFC 9370](https://www.ietf.org/rfc/rfc9370.html), formerly called Diffie-Hellman Group (D-H)." }, "esn": { "type": "boolean", diff --git a/cyclonedx/schema/_res/bom-1.6.SNAPSHOT.xsd b/cyclonedx/schema/_res/bom-1.6.SNAPSHOT.xsd index 8791ca59..d6d57e31 100644 --- a/cyclonedx/schema/_res/bom-1.6.SNAPSHOT.xsd +++ b/cyclonedx/schema/_res/bom-1.6.SNAPSHOT.xsd @@ -22,7 +22,7 @@ limitations under the License. targetNamespace="http://cyclonedx.org/schema/bom/1.6" vc:minVersion="1.0" vc:maxVersion="1.1" - version="1.6.0"> + version="1.6.1"> @@ -253,7 +253,7 @@ limitations under the License. without having to use additional namespaces or create extensions. Property names of interest to the general public are encouraged to be registered in the CycloneDX Property Taxonomy - https://github.com/CycloneDX/cyclonedx-property-taxonomy. - Formal registration is OPTIONAL. + Formal registration is optional. @@ -355,7 +355,10 @@ limitations under the License. - The URL of the organization. Multiple URLs are allowed. + + The URL of the organization. Multiple URLs are allowed. + Example: https://example.com + @@ -569,6 +572,9 @@ limitations under the License. + + The hashes of the component. + @@ -578,8 +584,7 @@ limitations under the License. - A copyright notice informing users of the underlying claims to - copyright ownership in a published work. + A copyright notice informing users of the underlying claims to copyright ownership in a published work. @@ -592,7 +597,7 @@ limitations under the License. - Specifies the package-url (purl). The purl, if specified, MUST be valid and conform + Specifies the package-url (purl). The purl, if specified, must be valid and conform to the specification defined at: https://github.com/package-url/purl-spec @@ -600,7 +605,7 @@ limitations under the License. - Specifies the OmniBOR Artifact ID. The OmniBOR, if specified, MUST be valid and conform + Specifies the OmniBOR Artifact ID. The OmniBOR, if specified, must be valid and conform to the specification defined at: https://www.iana.org/assignments/uri-schemes/prov/gitoid @@ -608,7 +613,7 @@ limitations under the License. - Specifies the Software Heritage persistent identifier (SWHID). The SWHID, if specified, MUST + Specifies the Software Heritage persistent identifier (SWHID). The SWHID, if specified, must be valid and conform to the specification defined at: https://docs.softwareheritage.org/devel/swh-model/persistent-identifiers.html @@ -653,7 +658,7 @@ limitations under the License. without having to use additional namespaces or create extensions. Property names of interest to the general public are encouraged to be registered in the CycloneDX Property Taxonomy - https://github.com/CycloneDX/cyclonedx-property-taxonomy. - Formal registration is OPTIONAL. + Formal registration is optional. @@ -693,12 +698,12 @@ limitations under the License. limitations, including biases and ethical considerations. Model cards typically contain the training parameters, which datasets were used to train the model, performance metrics, and other relevant data useful for ML transparency. This object SHOULD be specified for any component of - type `machine-learning-model` and MUST NOT be specified for other component types. + type `machine-learning-model` and must not be specified for other component types. - + - This object SHOULD be specified for any component of type `data` and MUST NOT be + This object SHOULD be specified for any component of type `data` and must not be specified for other component types. @@ -734,7 +739,7 @@ limitations under the License. - The OPTIONAL mime-type of the component. When used on file components, the mime-type + The optional mime-type of the component. When used on file components, the mime-type can provide additional context about the kind of file being represented such as an image, font, or executable. Some library or framework components may also have an associated mime-type. @@ -757,16 +762,22 @@ limitations under the License. + + Specifies the details and attributes related to a software license. + It can either include a valid SPDX license identifier or a named license, along with additional + properties such as license acknowledgment, comprehensive commercial licensing information, and + the full text of the license. + - A valid SPDX license ID + A valid SPDX license identifier. If specified, this value must be one of the enumeration of valid SPDX license identifiers defined in the spdx.schema.json (or spdx.xml) subschema which is synchronized with the official SPDX license list. - If SPDX does not define the license used, this field may be used to provide the license name + The name of the license. This may include the name of a commercial or proprietary license or an open source license that may not be defined by SPDX. @@ -913,7 +924,7 @@ limitations under the License. without having to use additional namespaces or create extensions. Property names of interest to the general public are encouraged to be registered in the CycloneDX Property Taxonomy - https://github.com/CycloneDX/cyclonedx-property-taxonomy. - Formal registration is OPTIONAL. + Formal registration is optional. @@ -959,8 +970,14 @@ limitations under the License. - Specifies the content type of the text. Defaults to text/plain - if not specified. + + Specifies the format and nature of the data being attached, helping systems correctly + interpret and process the content. Common content type examples include `application/json` + for JSON data and `text/plain` for plan text documents. + RFC 2045 section 5.1 outlines the structure and use of content types. For a comprehensive + list of registered content types, refer to the IANA media types registry at + https://www.iana.org/assignments/media-types/media-types.xhtml. + @@ -1379,8 +1396,11 @@ limitations under the License. - The URL to the license file. If a license URL has been defined in the license - node, it should also be defined as an external reference for completeness + + The URL to the license file. If a license URL has been defined in the license + node, it should also be defined as an external reference for completeness. + Example: https://www.apache.org/licenses/LICENSE-2.0.txt + @@ -1507,7 +1527,7 @@ limitations under the License. - Plans of Action and Milestones (POAM) complement an "attestation" external reference. POAM is defined by NIST as a "document that identifies tasks needing to be accomplished. It details resources required to accomplish the elements of the plan, any milestones in meeting the tasks and scheduled completion dates for the milestones". + Plans of Action and Milestones (POA&M) complement an "attestation" external reference. POA&M is defined by NIST as a "document that identifies tasks needing to be accomplished. It details resources required to accomplish the elements of the plan, any milestones in meeting the tasks and scheduled completion dates for the milestones". @@ -1825,6 +1845,12 @@ limitations under the License. + + + A collection of URL's for reference. Multiple URLs are allowed. + Example: "https://example.com" + + @@ -1981,10 +2007,10 @@ limitations under the License. Defines the direct dependencies of a component or service. Components or services - that do not have their own dependencies MUST be declared as empty elements within the graph. - Components or services that are not represented in the dependency graph MAY have unknown - dependencies. It is RECOMMENDED that implementations assume this to be opaque and not an - indicator of a object being dependency-free. It is RECOMMENDED to leverage compositions to + that do not have their own dependencies must be declared as empty elements within the graph. + Components or services that are not represented in the dependency graph may have unknown + dependencies. It is recommended that implementations assume this to be opaque and not an + indicator of a object being dependency-free. It is recommended to leverage compositions to indicate unknown dependency graphs. @@ -2041,6 +2067,12 @@ limitations under the License. + + + The endpoint URIs of the service. Multiple endpoints are allowed. + Example: "https://example.com/api/v1/ticker" + + @@ -2071,6 +2103,9 @@ limitations under the License. + + Specifies information about the data including the directional flow of data and the data classification. + @@ -2159,7 +2194,7 @@ limitations under the License. without having to use additional namespaces or create extensions. Property names of interest to the general public are encouraged to be registered in the CycloneDX Property Taxonomy - https://github.com/CycloneDX/cyclonedx-property-taxonomy. - Formal registration is OPTIONAL. + Formal registration is optional. @@ -2236,10 +2271,28 @@ limitations under the License. states that the direction is not known. - - - - + + + + Data that enters a service. + + + + + + Data that exits a service. + + + + + Data flows in and out of the service. + + + + + The directional flow of data is not known. + + @@ -2418,8 +2471,8 @@ limitations under the License. Evidence that substantiates the identity of a component. The identify may be an - object or an array of identity objects. Support for specifying identify as a single object was - introduced in CycloneDX v1.5. "unbounded" was introduced in v1.6. It is RECOMMENDED that all + object or an array of identity objects. Support for specifying identity as a single object was + introduced in CycloneDX v1.5. "unbounded" was introduced in v1.6. It is recommended that all implementations are aware of "unbounded". @@ -2526,7 +2579,7 @@ limitations under the License. An optional identifier which can be used to reference the occurrence elsewhere - in the BOM. Every bom-ref MUST be unique within the BOM. + in the BOM. Every bom-ref must be unique within the BOM. @@ -2545,6 +2598,11 @@ limitations under the License. + + + Within a call stack, a frame is a discrete unit that encapsulates an execution context, including local variables, parameters, and the return address. As function calls are made, frames are pushed onto the stack, forming an array-like structure that orchestrates the flow of program execution and manages the sequence of function invocations. + + @@ -2611,7 +2669,13 @@ limitations under the License. - + + + + opyright evidence captures intellectual property assertions, providing evidence of possible ownership and legal protection. + + + @@ -2786,8 +2850,8 @@ limitations under the License. Defines a syntax for representing two character language code (ISO-639) followed by an optional two - character country code. The language code MUST be lower case. If the country code is specified, the - country code MUST be upper case. The language code and country code MUST be separated by a minus sign. + character country code. The language code must be lower case. If the country code is specified, the + country code must be upper case. The language code and country code must be separated by a minus sign. Examples: en, en-US, fr, fr-CA @@ -2800,7 +2864,7 @@ limitations under the License. - The software versioning type. It is RECOMMENDED that the release type use one + The software versioning type. It is recommended that the release type use one of 'major', 'minor', 'patch', 'pre-release', or 'internal'. Representing all possible software release types is not practical, so standardizing on the recommended values, whenever possible, is strongly encouraged. @@ -2896,7 +2960,7 @@ limitations under the License. without having to use additional namespaces or create extensions. Property names of interest to the general public are encouraged to be registered in the CycloneDX Property Taxonomy - https://github.com/CycloneDX/cyclonedx-property-taxonomy. - Formal registration is OPTIONAL. + Formal registration is optional. @@ -2915,19 +2979,19 @@ limitations under the License. - + A model card describes the intended uses of a machine learning model and potential limitations, including biases and ethical considerations. Model cards typically contain the training parameters, which datasets were used to train the model, performance metrics, and other relevant data useful for ML transparency. - This object SHOULD be specified for any component of type `machine-learning-model` and MUST NOT be specified + This object SHOULD be specified for any component of type `machine-learning-model` and must not be specified for other component types. @@ -2997,7 +3061,11 @@ limitations under the License. - + + + Inline Data Information + + @@ -3155,7 +3223,7 @@ limitations under the License. - The graphic (vector or raster). Base64 encoding MUST be specified for binary images. + The graphic (vector or raster). Base64 encoding must be specified for binary images. @@ -3323,7 +3391,7 @@ limitations under the License. An optional identifier which can be used to reference the model card elsewhere in the BOM. - Every bom-ref MUST be unique within the BOM. + Every bom-ref must be unique within the BOM. @@ -3350,7 +3418,7 @@ limitations under the License. without having to use additional namespaces or create extensions. Property names of interest to the general public are encouraged to be registered in the CycloneDX Property Taxonomy - https://github.com/CycloneDX/cyclonedx-property-taxonomy. - Formal registration is OPTIONAL. + Formal registration is optional. @@ -3492,7 +3560,7 @@ limitations under the License. without having to use additional namespaces or create extensions. Property names of interest to the general public are encouraged to be registered in the CycloneDX Property Taxonomy - https://github.com/CycloneDX/cyclonedx-property-taxonomy. - Formal registration is OPTIONAL. + Formal registration is optional. @@ -3889,7 +3957,7 @@ limitations under the License. An optional identifier which can be used to reference the dataset elsewhere in the BOM. - Every bom-ref MUST be unique within the BOM. + Every bom-ref must be unique within the BOM. @@ -3978,7 +4046,7 @@ limitations under the License. - The graphic (vector or raster). Base64 encoding MUST be specified for binary images. + The graphic (vector or raster). Base64 encoding must be specified for binary images. @@ -4437,7 +4505,7 @@ limitations under the License. without having to use additional namespaces or create extensions. Property names of interest to the general public are encouraged to be registered in the CycloneDX Property Taxonomy - https://github.com/CycloneDX/cyclonedx-property-taxonomy. - Formal registration is OPTIONAL. + Formal registration is optional. @@ -4632,13 +4700,41 @@ limitations under the License. - - - - - - - + + + Critical severity + + + + + High severity + + + + + Medium severity + + + + + Low severity + + + + + Informational warning. + + + + + None + + + + + The severity is not known + + @@ -4835,11 +4931,31 @@ limitations under the License. - - - - - + + + Can not fix + + + + + Will not fix + + + + + Update to a different revision or release + + + + + Revert to a previous revision or release + + + + + There is a workaround available + + @@ -4854,9 +4970,21 @@ limitations under the License. - - - + + + The version is affected by the vulnerability. + + + + + The version is not affected by the vulnerability. + + + + + It is unknown (or unspecified) whether the given version is affected. + + @@ -4919,7 +5047,7 @@ limitations under the License. without having to use additional namespaces or create extensions. Property names of interest to the general public are encouraged to be registered in the CycloneDX Property Taxonomy - https://github.com/CycloneDX/cyclonedx-property-taxonomy. - Formal registration is OPTIONAL. + Formal registration is optional. @@ -5080,7 +5208,7 @@ limitations under the License. without having to use additional namespaces or create extensions. Property names of interest to the general public are encouraged to be registered in the CycloneDX Property Taxonomy - https://github.com/CycloneDX/cyclonedx-property-taxonomy. - Formal registration is OPTIONAL. + Formal registration is optional. @@ -5302,7 +5430,7 @@ limitations under the License. without having to use additional namespaces or create extensions. Property names of interest to the general public are encouraged to be registered in the CycloneDX Property Taxonomy - https://github.com/CycloneDX/cyclonedx-property-taxonomy. - Formal registration is OPTIONAL. + Formal registration is optional. @@ -5505,7 +5633,7 @@ limitations under the License. without having to use additional namespaces or create extensions. Property names of interest to the general public are encouraged to be registered in the CycloneDX Property Taxonomy - https://github.com/CycloneDX/cyclonedx-property-taxonomy. - Formal registration is OPTIONAL. + Formal registration is optional. @@ -5606,7 +5734,7 @@ limitations under the License. without having to use additional namespaces or create extensions. Property names of interest to the general public are encouraged to be registered in the CycloneDX Property Taxonomy - https://github.com/CycloneDX/cyclonedx-property-taxonomy. - Formal registration is OPTIONAL. + Formal registration is optional. @@ -5665,7 +5793,7 @@ limitations under the License. without having to use additional namespaces or create extensions. Property names of interest to the general public are encouraged to be registered in the CycloneDX Property Taxonomy - https://github.com/CycloneDX/cyclonedx-property-taxonomy. - Formal registration is OPTIONAL. + Formal registration is optional. @@ -5681,7 +5809,7 @@ limitations under the License. without having to use additional namespaces or create extensions. Property names of interest to the general public are encouraged to be registered in the CycloneDX Property Taxonomy - https://github.com/CycloneDX/cyclonedx-property-taxonomy. - Formal registration is OPTIONAL. + Formal registration is optional. @@ -5745,6 +5873,9 @@ limitations under the License. + + A list of conditions used to determine if a trigger should be activated. + @@ -5776,7 +5907,7 @@ limitations under the License. without having to use additional namespaces or create extensions. Property names of interest to the general public are encouraged to be registered in the CycloneDX Property Taxonomy - https://github.com/CycloneDX/cyclonedx-property-taxonomy. - Formal registration is OPTIONAL. + Formal registration is optional. @@ -5823,7 +5954,7 @@ limitations under the License. without having to use additional namespaces or create extensions. Property names of interest to the general public are encouraged to be registered in the CycloneDX Property Taxonomy - https://github.com/CycloneDX/cyclonedx-property-taxonomy. - Formal registration is OPTIONAL. + Formal registration is optional. @@ -5910,7 +6041,7 @@ limitations under the License. without having to use additional namespaces or create extensions. Property names of interest to the general public are encouraged to be registered in the CycloneDX Property Taxonomy - https://github.com/CycloneDX/cyclonedx-property-taxonomy. - Formal registration is OPTIONAL. + Formal registration is optional. @@ -5998,7 +6129,7 @@ limitations under the License. without having to use additional namespaces or create extensions. Property names of interest to the general public are encouraged to be registered in the CycloneDX Property Taxonomy - https://github.com/CycloneDX/cyclonedx-property-taxonomy. - Formal registration is OPTIONAL. + Formal registration is optional. @@ -6085,7 +6216,7 @@ limitations under the License. without having to use additional namespaces or create extensions. Property names of interest to the general public are encouraged to be registered in the CycloneDX Property Taxonomy - https://github.com/CycloneDX/cyclonedx-property-taxonomy. - Formal registration is OPTIONAL. + Formal registration is optional. @@ -7298,6 +7429,11 @@ limitations under the License. + + + A protocol-related cryptographic assets + + @@ -7348,7 +7484,7 @@ limitations under the License. An optional identifier which can be used to reference the object elsewhere in the BOM. - Every bom-ref MUST be unique within the BOM. + Every bom-ref must be unique within the BOM. @@ -7615,7 +7751,7 @@ limitations under the License. An optional identifier which can be used to reference the object elsewhere - in the BOM. Every bom-ref MUST be unique within the BOM. + in the BOM. Every bom-ref must be unique within the BOM. @@ -7746,7 +7882,7 @@ limitations under the License. An optional identifier which can be used to reference the object elsewhere - in the BOM. Every bom-ref MUST be unique within the BOM. + in the BOM. Every bom-ref must be unique within the BOM. @@ -7809,6 +7945,12 @@ limitations under the License. + + + A concise statement affirmed by an individual regarding all declarations, often used for third-party auditor acceptance or recipient acknowledgment. + It includes a list of authorized signatories who assert the validity of the document on behalf of the organization. + + @@ -8002,7 +8144,7 @@ limitations under the License. - + @@ -8032,7 +8174,7 @@ limitations under the License. without having to use additional namespaces or create extensions. Property names of interest to the general public are encouraged to be registered in the CycloneDX Property Taxonomy - https://github.com/CycloneDX/cyclonedx-property-taxonomy. - Formal registration is OPTIONAL. + Formal registration is optional. @@ -8046,7 +8188,7 @@ limitations under the License. An optional identifier which can be used to reference the object elsewhere - in the BOM. Every bom-ref MUST be unique within the BOM. + in the BOM. Every bom-ref must be unique within the BOM. @@ -8110,7 +8252,7 @@ limitations under the License. An optional identifier which can be used to reference the object elsewhere - in the BOM. Every bom-ref MUST be unique within the BOM. + in the BOM. Every bom-ref must be unique within the BOM. @@ -8143,7 +8285,7 @@ limitations under the License. An optional identifier which can be used to reference the object elsewhere - in the BOM. Every bom-ref MUST be unique within the BOM. + in the BOM. Every bom-ref must be unique within the BOM. @@ -8212,7 +8354,7 @@ limitations under the License. without having to use additional namespaces or create extensions. Property names of interest to the general public are encouraged to be registered in the CycloneDX Property Taxonomy - https://github.com/CycloneDX/cyclonedx-property-taxonomy. - Formal registration is OPTIONAL. + Formal registration is optional. @@ -8271,8 +8413,8 @@ limitations under the License. Every BOM generated SHOULD have a unique serial number, even if the contents of - the BOM have not changed over time. If specified, the serial number MUST conform to RFC-4122. - Use of serial numbers are RECOMMENDED. + the BOM have not changed over time. If specified, the serial number must conform to RFC-4122. + Use of serial numbers are recommended. diff --git a/tests/_data/schemaTestData/1.6/invalid-bomformat-1.6.json b/tests/_data/schemaTestData/1.6/invalid-bomformat-1.6.json index ee8df941..f4874069 100644 --- a/tests/_data/schemaTestData/1.6/invalid-bomformat-1.6.json +++ b/tests/_data/schemaTestData/1.6/invalid-bomformat-1.6.json @@ -1,4 +1,5 @@ { + "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "AnotherFormat", "specVersion": "1.6", "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", diff --git a/tests/_data/schemaTestData/1.6/invalid-component-ref-1.6.json b/tests/_data/schemaTestData/1.6/invalid-component-ref-1.6.json index 46c971c0..b4856c5d 100644 --- a/tests/_data/schemaTestData/1.6/invalid-component-ref-1.6.json +++ b/tests/_data/schemaTestData/1.6/invalid-component-ref-1.6.json @@ -1,4 +1,5 @@ { + "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", @@ -10,12 +11,6 @@ "name": "acme-library", "version": "1.0.0" }, - { - "type": "library", - "bom-ref": "123", - "name": "acme-library", - "version": "1.0.0" - }, { "type": "library", "bom-ref": "", diff --git a/tests/_data/schemaTestData/1.6/invalid-component-ref-1.6.xml b/tests/_data/schemaTestData/1.6/invalid-component-ref-1.6.xml index 78467e36..770efd83 100644 --- a/tests/_data/schemaTestData/1.6/invalid-component-ref-1.6.xml +++ b/tests/_data/schemaTestData/1.6/invalid-component-ref-1.6.xml @@ -10,6 +10,10 @@ acme-library 1.0.0 + + acme-library2 + 1.0.0 + acme-library diff --git a/tests/_data/schemaTestData/1.6/invalid-component-swid-1.6.json b/tests/_data/schemaTestData/1.6/invalid-component-swid-1.6.json index b4aed947..7acf18d4 100644 --- a/tests/_data/schemaTestData/1.6/invalid-component-swid-1.6.json +++ b/tests/_data/schemaTestData/1.6/invalid-component-swid-1.6.json @@ -1,4 +1,5 @@ { + "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", diff --git a/tests/_data/schemaTestData/1.6/invalid-component-type-1.6.json b/tests/_data/schemaTestData/1.6/invalid-component-type-1.6.json index 9404400c..bc5dd16a 100644 --- a/tests/_data/schemaTestData/1.6/invalid-component-type-1.6.json +++ b/tests/_data/schemaTestData/1.6/invalid-component-type-1.6.json @@ -1,4 +1,5 @@ { + "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", diff --git a/tests/_data/schemaTestData/1.6/invalid-dependency-1.6.json b/tests/_data/schemaTestData/1.6/invalid-dependency-1.6.json index 6d6993ac..e46c5ca2 100644 --- a/tests/_data/schemaTestData/1.6/invalid-dependency-1.6.json +++ b/tests/_data/schemaTestData/1.6/invalid-dependency-1.6.json @@ -1,4 +1,5 @@ { + "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", diff --git a/tests/_data/schemaTestData/1.6/invalid-empty-component-1.6.json b/tests/_data/schemaTestData/1.6/invalid-empty-component-1.6.json index 76d2edd6..ced677ee 100644 --- a/tests/_data/schemaTestData/1.6/invalid-empty-component-1.6.json +++ b/tests/_data/schemaTestData/1.6/invalid-empty-component-1.6.json @@ -1,4 +1,5 @@ { + "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", diff --git a/tests/_data/schemaTestData/1.6/invalid-hash-alg-1.6.json b/tests/_data/schemaTestData/1.6/invalid-hash-alg-1.6.json index b21fc921..a841909f 100644 --- a/tests/_data/schemaTestData/1.6/invalid-hash-alg-1.6.json +++ b/tests/_data/schemaTestData/1.6/invalid-hash-alg-1.6.json @@ -1,4 +1,5 @@ { + "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", diff --git a/tests/_data/schemaTestData/1.6/invalid-hash-md5-1.6.json b/tests/_data/schemaTestData/1.6/invalid-hash-md5-1.6.json index 5c493847..37140dfe 100644 --- a/tests/_data/schemaTestData/1.6/invalid-hash-md5-1.6.json +++ b/tests/_data/schemaTestData/1.6/invalid-hash-md5-1.6.json @@ -1,4 +1,5 @@ { + "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", diff --git a/tests/_data/schemaTestData/1.6/invalid-hash-sha1-1.6.json b/tests/_data/schemaTestData/1.6/invalid-hash-sha1-1.6.json index 441fec3e..ba3ef962 100644 --- a/tests/_data/schemaTestData/1.6/invalid-hash-sha1-1.6.json +++ b/tests/_data/schemaTestData/1.6/invalid-hash-sha1-1.6.json @@ -1,4 +1,5 @@ { + "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", diff --git a/tests/_data/schemaTestData/1.6/invalid-hash-sha256-1.6.json b/tests/_data/schemaTestData/1.6/invalid-hash-sha256-1.6.json index b7f8d1de..1944c51d 100644 --- a/tests/_data/schemaTestData/1.6/invalid-hash-sha256-1.6.json +++ b/tests/_data/schemaTestData/1.6/invalid-hash-sha256-1.6.json @@ -1,4 +1,5 @@ { + "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", diff --git a/tests/_data/schemaTestData/1.6/invalid-hash-sha512-1.6.json b/tests/_data/schemaTestData/1.6/invalid-hash-sha512-1.6.json index 0b56c35a..3065415c 100644 --- a/tests/_data/schemaTestData/1.6/invalid-hash-sha512-1.6.json +++ b/tests/_data/schemaTestData/1.6/invalid-hash-sha512-1.6.json @@ -1,4 +1,5 @@ { + "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", diff --git a/tests/_data/schemaTestData/1.6/invalid-issue-type-1.6.json b/tests/_data/schemaTestData/1.6/invalid-issue-type-1.6.json index ef1c08b5..4e05dae0 100644 --- a/tests/_data/schemaTestData/1.6/invalid-issue-type-1.6.json +++ b/tests/_data/schemaTestData/1.6/invalid-issue-type-1.6.json @@ -1,4 +1,5 @@ { + "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", diff --git a/tests/_data/schemaTestData/1.6/invalid-license-choice-1.6.json b/tests/_data/schemaTestData/1.6/invalid-license-choice-1.6.json index 48399473..8977bdad 100644 --- a/tests/_data/schemaTestData/1.6/invalid-license-choice-1.6.json +++ b/tests/_data/schemaTestData/1.6/invalid-license-choice-1.6.json @@ -1,4 +1,5 @@ { + "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", diff --git a/tests/_data/schemaTestData/1.6/invalid-license-encoding-1.6.json b/tests/_data/schemaTestData/1.6/invalid-license-encoding-1.6.json index 794c566c..2c6c074f 100644 --- a/tests/_data/schemaTestData/1.6/invalid-license-encoding-1.6.json +++ b/tests/_data/schemaTestData/1.6/invalid-license-encoding-1.6.json @@ -1,4 +1,5 @@ { + "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", diff --git a/tests/_data/schemaTestData/1.6/invalid-license-id-1.6.json b/tests/_data/schemaTestData/1.6/invalid-license-id-1.6.json index 907d5581..c183abc6 100644 --- a/tests/_data/schemaTestData/1.6/invalid-license-id-1.6.json +++ b/tests/_data/schemaTestData/1.6/invalid-license-id-1.6.json @@ -1,4 +1,5 @@ { + "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", diff --git a/tests/_data/schemaTestData/1.6/invalid-license-missing-id-and-name-1.6.json b/tests/_data/schemaTestData/1.6/invalid-license-missing-id-and-name-1.6.json index 65b72d31..b70f8f6d 100644 --- a/tests/_data/schemaTestData/1.6/invalid-license-missing-id-and-name-1.6.json +++ b/tests/_data/schemaTestData/1.6/invalid-license-missing-id-and-name-1.6.json @@ -1,10 +1,12 @@ { + "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", "version": 1, "components": [ { + "type": "library", "name": "license-with-no-id-nor-name", "version": "23", "description": "testcase for issue#288", diff --git a/tests/_data/schemaTestData/1.6/invalid-metadata-license-1.6.json b/tests/_data/schemaTestData/1.6/invalid-metadata-license-1.6.json index a510758b..9db03c94 100644 --- a/tests/_data/schemaTestData/1.6/invalid-metadata-license-1.6.json +++ b/tests/_data/schemaTestData/1.6/invalid-metadata-license-1.6.json @@ -1,4 +1,5 @@ { + "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", diff --git a/tests/_data/schemaTestData/1.6/invalid-metadata-timestamp-1.6.json b/tests/_data/schemaTestData/1.6/invalid-metadata-timestamp-1.6.json index e3f1884b..14bbdee5 100644 --- a/tests/_data/schemaTestData/1.6/invalid-metadata-timestamp-1.6.json +++ b/tests/_data/schemaTestData/1.6/invalid-metadata-timestamp-1.6.json @@ -1,4 +1,5 @@ { + "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", diff --git a/tests/_data/schemaTestData/1.6/invalid-missing-component-type-1.6.json b/tests/_data/schemaTestData/1.6/invalid-missing-component-type-1.6.json index ec0b081e..ea53406f 100644 --- a/tests/_data/schemaTestData/1.6/invalid-missing-component-type-1.6.json +++ b/tests/_data/schemaTestData/1.6/invalid-missing-component-type-1.6.json @@ -1,4 +1,5 @@ { + "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", diff --git a/tests/_data/schemaTestData/1.6/invalid-patch-type-1.6.json b/tests/_data/schemaTestData/1.6/invalid-patch-type-1.6.json index a71680e3..51de20b1 100644 --- a/tests/_data/schemaTestData/1.6/invalid-patch-type-1.6.json +++ b/tests/_data/schemaTestData/1.6/invalid-patch-type-1.6.json @@ -1,4 +1,5 @@ { + "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", diff --git a/tests/_data/schemaTestData/1.6/invalid-properties-1.6.json b/tests/_data/schemaTestData/1.6/invalid-properties-1.6.json index 06985035..219544f3 100644 --- a/tests/_data/schemaTestData/1.6/invalid-properties-1.6.json +++ b/tests/_data/schemaTestData/1.6/invalid-properties-1.6.json @@ -1,4 +1,5 @@ { + "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:bcb403ae-91fa-436e-bc93-84d1078cdeed", diff --git a/tests/_data/schemaTestData/1.6/invalid-scope-1.6.json b/tests/_data/schemaTestData/1.6/invalid-scope-1.6.json index cbb68fa2..dcc78ab5 100644 --- a/tests/_data/schemaTestData/1.6/invalid-scope-1.6.json +++ b/tests/_data/schemaTestData/1.6/invalid-scope-1.6.json @@ -1,4 +1,5 @@ { + "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", diff --git a/tests/_data/schemaTestData/1.6/invalid-serialnumber-1.6.json b/tests/_data/schemaTestData/1.6/invalid-serialnumber-1.6.json index fdc34e3d..9aea4ae4 100644 --- a/tests/_data/schemaTestData/1.6/invalid-serialnumber-1.6.json +++ b/tests/_data/schemaTestData/1.6/invalid-serialnumber-1.6.json @@ -1,4 +1,5 @@ { + "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f", diff --git a/tests/_data/schemaTestData/1.6/invalid-service-data-1.6.json b/tests/_data/schemaTestData/1.6/invalid-service-data-1.6.json index 9f028594..9fb86ef6 100644 --- a/tests/_data/schemaTestData/1.6/invalid-service-data-1.6.json +++ b/tests/_data/schemaTestData/1.6/invalid-service-data-1.6.json @@ -1,4 +1,5 @@ { + "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", diff --git a/tests/_data/schemaTestData/1.6/valid-annotation-1.6.json b/tests/_data/schemaTestData/1.6/valid-annotation-1.6.json index 790fc280..108d5ed8 100644 --- a/tests/_data/schemaTestData/1.6/valid-annotation-1.6.json +++ b/tests/_data/schemaTestData/1.6/valid-annotation-1.6.json @@ -1,4 +1,5 @@ { + "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", @@ -76,6 +77,13 @@ "name": "Partner Org", "url": [ "https://partner.org" + ], + "contact" : [ + { + "name": "Support", + "email": "support@partner.org", + "phone": "800-555-1212" + } ] }, "group": "org.partner", diff --git a/tests/_data/schemaTestData/1.6/valid-annotation-1.6.xml b/tests/_data/schemaTestData/1.6/valid-annotation-1.6.xml index ea3c2872..c329a23c 100644 --- a/tests/_data/schemaTestData/1.6/valid-annotation-1.6.xml +++ b/tests/_data/schemaTestData/1.6/valid-annotation-1.6.xml @@ -21,7 +21,7 @@ - 2020-04-07T07:01:00Z + 2022-01-01T00:00:00Z This is a sample annotation made by an organization @@ -35,8 +35,8 @@ 800-555-1212 - 2020-04-07T07:01:00Z - This is a sample annotation made by an person + 2022-01-01T00:00:00Z + This is a sample annotation made by a person @@ -48,7 +48,7 @@ 9.1.2 - 2020-04-07T07:01:00Z + 2022-01-01T00:00:00Z This is a sample annotation made by a component @@ -62,7 +62,7 @@ https://partner.org Support - support@partner + support@partner.org 800-555-1212 @@ -76,11 +76,11 @@ true true - pubic + public - 2020-04-07T07:01:00Z + 2022-01-01T00:00:00Z This is a sample annotation made by a service diff --git a/tests/_data/schemaTestData/1.6/valid-assembly-1.6.json b/tests/_data/schemaTestData/1.6/valid-assembly-1.6.json index 681c10e6..864e0e4f 100644 --- a/tests/_data/schemaTestData/1.6/valid-assembly-1.6.json +++ b/tests/_data/schemaTestData/1.6/valid-assembly-1.6.json @@ -1,4 +1,5 @@ { + "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", diff --git a/tests/_data/schemaTestData/1.6/valid-attestation-1.6.json b/tests/_data/schemaTestData/1.6/valid-attestation-1.6.json index 57a04972..9caa455d 100644 --- a/tests/_data/schemaTestData/1.6/valid-attestation-1.6.json +++ b/tests/_data/schemaTestData/1.6/valid-attestation-1.6.json @@ -1,4 +1,5 @@ { + "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", diff --git a/tests/_data/schemaTestData/1.6/valid-attestation-1.6.xml b/tests/_data/schemaTestData/1.6/valid-attestation-1.6.xml index 1dce0ced..4f34748a 100644 --- a/tests/_data/schemaTestData/1.6/valid-attestation-1.6.xml +++ b/tests/_data/schemaTestData/1.6/valid-attestation-1.6.xml @@ -3,9 +3,9 @@ - false + true - Acme Inc + Assessors Inc @@ -25,7 +25,7 @@ 0.8 Conformance rationale here - mitigations-1 + mitigationStrategy-1 @@ -110,7 +110,7 @@ Mitigation strategy here - Public + Company Confidential Describe sensitive data here 2023-04-25T00:00:00+00:00 diff --git a/tests/_data/schemaTestData/1.6/valid-bom-1.6.json b/tests/_data/schemaTestData/1.6/valid-bom-1.6.json index 6244850f..9ab00e7b 100644 --- a/tests/_data/schemaTestData/1.6/valid-bom-1.6.json +++ b/tests/_data/schemaTestData/1.6/valid-bom-1.6.json @@ -1,4 +1,5 @@ { + "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", @@ -72,13 +73,15 @@ }, "components": [ { - "bom-ref": "pkg:npm/acme/component@1.0.0", - "type": "library", + "bom-ref": "pkg:maven/com.acme/tomcat-catalina@9.0.14?packaging=jar", + "type": "application", "author": "Joane Doe et al.", "publisher": "Acme Inc", "group": "com.acme", "name": "tomcat-catalina", "version": "9.0.14", + "description": "Modified version of Apache Catalina", + "scope": "required", "hashes": [ { "alg": "MD5", @@ -104,28 +107,31 @@ "text": { "contentType": "text/plain", "encoding": "base64", - "content": "PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0idXRmLTgiID8+CjxTb2Z0d2FyZUlkZW50aXR5IHhtbDpsYW5nPSJFTiIgbmFtZT0iQWNtZSBBcHBsaWNhdGlvbiIgdmVyc2lvbj0iOS4xLjEiIAogdmVyc2lvblNjaGVtZT0ibXVsdGlwYXJ0bnVtZXJpYyIgCiB0YWdJZD0ic3dpZGdlbi1iNTk1MWFjOS00MmMwLWYzODItM2YxZS1iYzdhMmE0NDk3Y2JfOS4xLjEiIAogeG1sbnM9Imh0dHA6Ly9zdGFuZGFyZHMuaXNvLm9yZy9pc28vMTk3NzAvLTIvMjAxNS9zY2hlbWEueHNkIj4gCiB4bWxuczp4c2k9Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvWE1MU2NoZW1hLWluc3RhbmNlIiAKIHhzaTpzY2hlbWFMb2NhdGlvbj0iaHR0cDovL3N0YW5kYXJkcy5pc28ub3JnL2lzby8xOTc3MC8tMi8yMDE1LWN1cnJlbnQvc2NoZW1hLnhzZCBzY2hlbWEueHNkIiA+CiAgPE1ldGEgZ2VuZXJhdG9yPSJTV0lEIFRhZyBPbmxpbmUgR2VuZXJhdG9yIHYwLjEiIC8+IAogIDxFbnRpdHkgbmFtZT0iQWNtZSwgSW5jLiIgcmVnaWQ9ImV4YW1wbGUuY29tIiByb2xlPSJ0YWdDcmVhdG9yIiAvPiAKPC9Tb2Z0d2FyZUlkZW50aXR5Pg==" + "content": "CiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIEFwYWNoZSBMaWNlbnNlCiAgICAgICAgICAgICAgICAgICAgICAgICAgIFZlcnNpb24gMi4wLCBKYW51YXJ5IDIwMDQKICAgICAgICAgICAgICAgICAgICAgICAgaHR0cDovL3d3dy5hcGFjaGUub3JnL2xpY2Vuc2VzLwoKICAgVEVSTVMgQU5EIENPTkRJVElPTlMgRk9SIFVTRSwgUkVQUk9EVUNUSU9OLCBBTkQgRElTVFJJQlVUSU9OCgogICAxLiBEZWZpbml0aW9ucy4KCiAgICAgICJMaWNlbnNlIiBzaGFsbCBtZWFuIHRoZSB0ZXJtcyBhbmQgY29uZGl0aW9ucyBmb3IgdXNlLCByZXByb2R1Y3Rpb24sCiAgICAgIGFuZCBkaXN0cmlidXRpb24gYXMgZGVmaW5lZCBieSBTZWN0aW9ucyAxIHRocm91Z2ggOSBvZiB0aGlzIGRvY3VtZW50LgoKICAgICAgIkxpY2Vuc29yIiBzaGFsbCBtZWFuIHRoZSBjb3B5cmlnaHQgb3duZXIgb3IgZW50aXR5IGF1dGhvcml6ZWQgYnkKICAgICAgdGhlIGNvcHlyaWdodCBvd25lciB0aGF0IGlzIGdyYW50aW5nIHRoZSBMaWNlbnNlLgoKICAgICAgIkxlZ2FsIEVudGl0eSIgc2hhbGwgbWVhbiB0aGUgdW5pb24gb2YgdGhlIGFjdGluZyBlbnRpdHkgYW5kIGFsbAogICAgICBvdGhlciBlbnRpdGllcyB0aGF0IGNvbnRyb2wsIGFyZSBjb250cm9sbGVkIGJ5LCBvciBhcmUgdW5kZXIgY29tbW9uCiAgICAgIGNvbnRyb2wgd2l0aCB0aGF0IGVudGl0eS4gRm9yIHRoZSBwdXJwb3NlcyBvZiB0aGlzIGRlZmluaXRpb24sCiAgICAgICJjb250cm9sIiBtZWFucyAoaSkgdGhlIHBvd2VyLCBkaXJlY3Qgb3IgaW5kaXJlY3QsIHRvIGNhdXNlIHRoZQogICAgICBkaXJlY3Rpb24gb3IgbWFuYWdlbWVudCBvZiBzdWNoIGVudGl0eSwgd2hldGhlciBieSBjb250cmFjdCBvcgogICAgICBvdGhlcndpc2UsIG9yIChpaSkgb3duZXJzaGlwIG9mIGZpZnR5IHBlcmNlbnQgKDUwJSkgb3IgbW9yZSBvZiB0aGUKICAgICAgb3V0c3RhbmRpbmcgc2hhcmVzLCBvciAoaWlpKSBiZW5lZmljaWFsIG93bmVyc2hpcCBvZiBzdWNoIGVudGl0eS4KCiAgICAgICJZb3UiIChvciAiWW91ciIpIHNoYWxsIG1lYW4gYW4gaW5kaXZpZHVhbCBvciBMZWdhbCBFbnRpdHkKICAgICAgZXhlcmNpc2luZyBwZXJtaXNzaW9ucyBncmFudGVkIGJ5IHRoaXMgTGljZW5zZS4KCiAgICAgICJTb3VyY2UiIGZvcm0gc2hhbGwgbWVhbiB0aGUgcHJlZmVycmVkIGZvcm0gZm9yIG1ha2luZyBtb2RpZmljYXRpb25zLAogICAgICBpbmNsdWRpbmcgYnV0IG5vdCBsaW1pdGVkIHRvIHNvZnR3YXJlIHNvdXJjZSBjb2RlLCBkb2N1bWVudGF0aW9uCiAgICAgIHNvdXJjZSwgYW5kIGNvbmZpZ3VyYXRpb24gZmlsZXMuCgogICAgICAiT2JqZWN0IiBmb3JtIHNoYWxsIG1lYW4gYW55IGZvcm0gcmVzdWx0aW5nIGZyb20gbWVjaGFuaWNhbAogICAgICB0cmFuc2Zvcm1hdGlvbiBvciB0cmFuc2xhdGlvbiBvZiBhIFNvdXJjZSBmb3JtLCBpbmNsdWRpbmcgYnV0CiAgICAgIG5vdCBsaW1pdGVkIHRvIGNvbXBpbGVkIG9iamVjdCBjb2RlLCBnZW5lcmF0ZWQgZG9jdW1lbnRhdGlvbiwKICAgICAgYW5kIGNvbnZlcnNpb25zIHRvIG90aGVyIG1lZGlhIHR5cGVzLgoKICAgICAgIldvcmsiIHNoYWxsIG1lYW4gdGhlIHdvcmsgb2YgYXV0aG9yc2hpcCwgd2hldGhlciBpbiBTb3VyY2Ugb3IKICAgICAgT2JqZWN0IGZvcm0sIG1hZGUgYXZhaWxhYmxlIHVuZGVyIHRoZSBMaWNlbnNlLCBhcyBpbmRpY2F0ZWQgYnkgYQogICAgICBjb3B5cmlnaHQgbm90aWNlIHRoYXQgaXMgaW5jbHVkZWQgaW4gb3IgYXR0YWNoZWQgdG8gdGhlIHdvcmsKICAgICAgKGFuIGV4YW1wbGUgaXMgcHJvdmlkZWQgaW4gdGhlIEFwcGVuZGl4IGJlbG93KS4KCiAgICAgICJEZXJpdmF0aXZlIFdvcmtzIiBzaGFsbCBtZWFuIGFueSB3b3JrLCB3aGV0aGVyIGluIFNvdXJjZSBvciBPYmplY3QKICAgICAgZm9ybSwgdGhhdCBpcyBiYXNlZCBvbiAob3IgZGVyaXZlZCBmcm9tKSB0aGUgV29yayBhbmQgZm9yIHdoaWNoIHRoZQogICAgICBlZGl0b3JpYWwgcmV2aXNpb25zLCBhbm5vdGF0aW9ucywgZWxhYm9yYXRpb25zLCBvciBvdGhlciBtb2RpZmljYXRpb25zCiAgICAgIHJlcHJlc2VudCwgYXMgYSB3aG9sZSwgYW4gb3JpZ2luYWwgd29yayBvZiBhdXRob3JzaGlwLiBGb3IgdGhlIHB1cnBvc2VzCiAgICAgIG9mIHRoaXMgTGljZW5zZSwgRGVyaXZhdGl2ZSBXb3JrcyBzaGFsbCBub3QgaW5jbHVkZSB3b3JrcyB0aGF0IHJlbWFpbgogICAgICBzZXBhcmFibGUgZnJvbSwgb3IgbWVyZWx5IGxpbmsgKG9yIGJpbmQgYnkgbmFtZSkgdG8gdGhlIGludGVyZmFjZXMgb2YsCiAgICAgIHRoZSBXb3JrIGFuZCBEZXJpdmF0aXZlIFdvcmtzIHRoZXJlb2YuCgogICAgICAiQ29udHJpYnV0aW9uIiBzaGFsbCBtZWFuIGFueSB3b3JrIG9mIGF1dGhvcnNoaXAsIGluY2x1ZGluZwogICAgICB0aGUgb3JpZ2luYWwgdmVyc2lvbiBvZiB0aGUgV29yayBhbmQgYW55IG1vZGlmaWNhdGlvbnMgb3IgYWRkaXRpb25zCiAgICAgIHRvIHRoYXQgV29yayBvciBEZXJpdmF0aXZlIFdvcmtzIHRoZXJlb2YsIHRoYXQgaXMgaW50ZW50aW9uYWxseQogICAgICBzdWJtaXR0ZWQgdG8gTGljZW5zb3IgZm9yIGluY2x1c2lvbiBpbiB0aGUgV29yayBieSB0aGUgY29weXJpZ2h0IG93bmVyCiAgICAgIG9yIGJ5IGFuIGluZGl2aWR1YWwgb3IgTGVnYWwgRW50aXR5IGF1dGhvcml6ZWQgdG8gc3VibWl0IG9uIGJlaGFsZiBvZgogICAgICB0aGUgY29weXJpZ2h0IG93bmVyLiBGb3IgdGhlIHB1cnBvc2VzIG9mIHRoaXMgZGVmaW5pdGlvbiwgInN1Ym1pdHRlZCIKICAgICAgbWVhbnMgYW55IGZvcm0gb2YgZWxlY3Ryb25pYywgdmVyYmFsLCBvciB3cml0dGVuIGNvbW11bmljYXRpb24gc2VudAogICAgICB0byB0aGUgTGljZW5zb3Igb3IgaXRzIHJlcHJlc2VudGF0aXZlcywgaW5jbHVkaW5nIGJ1dCBub3QgbGltaXRlZCB0bwogICAgICBjb21tdW5pY2F0aW9uIG9uIGVsZWN0cm9uaWMgbWFpbGluZyBsaXN0cywgc291cmNlIGNvZGUgY29udHJvbCBzeXN0ZW1zLAogICAgICBhbmQgaXNzdWUgdHJhY2tpbmcgc3lzdGVtcyB0aGF0IGFyZSBtYW5hZ2VkIGJ5LCBvciBvbiBiZWhhbGYgb2YsIHRoZQogICAgICBMaWNlbnNvciBmb3IgdGhlIHB1cnBvc2Ugb2YgZGlzY3Vzc2luZyBhbmQgaW1wcm92aW5nIHRoZSBXb3JrLCBidXQKICAgICAgZXhjbHVkaW5nIGNvbW11bmljYXRpb24gdGhhdCBpcyBjb25zcGljdW91c2x5IG1hcmtlZCBvciBvdGhlcndpc2UKICAgICAgZGVzaWduYXRlZCBpbiB3cml0aW5nIGJ5IHRoZSBjb3B5cmlnaHQgb3duZXIgYXMgIk5vdCBhIENvbnRyaWJ1dGlvbi4iCgogICAgICAiQ29udHJpYnV0b3IiIHNoYWxsIG1lYW4gTGljZW5zb3IgYW5kIGFueSBpbmRpdmlkdWFsIG9yIExlZ2FsIEVudGl0eQogICAgICBvbiBiZWhhbGYgb2Ygd2hvbSBhIENvbnRyaWJ1dGlvbiBoYXMgYmVlbiByZWNlaXZlZCBieSBMaWNlbnNvciBhbmQKICAgICAgc3Vic2VxdWVudGx5IGluY29ycG9yYXRlZCB3aXRoaW4gdGhlIFdvcmsuCgogICAyLiBHcmFudCBvZiBDb3B5cmlnaHQgTGljZW5zZS4gU3ViamVjdCB0byB0aGUgdGVybXMgYW5kIGNvbmRpdGlvbnMgb2YKICAgICAgdGhpcyBMaWNlbnNlLCBlYWNoIENvbnRyaWJ1dG9yIGhlcmVieSBncmFudHMgdG8gWW91IGEgcGVycGV0dWFsLAogICAgICB3b3JsZHdpZGUsIG5vbi1leGNsdXNpdmUsIG5vLWNoYXJnZSwgcm95YWx0eS1mcmVlLCBpcnJldm9jYWJsZQogICAgICBjb3B5cmlnaHQgbGljZW5zZSB0byByZXByb2R1Y2UsIHByZXBhcmUgRGVyaXZhdGl2ZSBXb3JrcyBvZiwKICAgICAgcHVibGljbHkgZGlzcGxheSwgcHVibGljbHkgcGVyZm9ybSwgc3VibGljZW5zZSwgYW5kIGRpc3RyaWJ1dGUgdGhlCiAgICAgIFdvcmsgYW5kIHN1Y2ggRGVyaXZhdGl2ZSBXb3JrcyBpbiBTb3VyY2Ugb3IgT2JqZWN0IGZvcm0uCgogICAzLiBHcmFudCBvZiBQYXRlbnQgTGljZW5zZS4gU3ViamVjdCB0byB0aGUgdGVybXMgYW5kIGNvbmRpdGlvbnMgb2YKICAgICAgdGhpcyBMaWNlbnNlLCBlYWNoIENvbnRyaWJ1dG9yIGhlcmVieSBncmFudHMgdG8gWW91IGEgcGVycGV0dWFsLAogICAgICB3b3JsZHdpZGUsIG5vbi1leGNsdXNpdmUsIG5vLWNoYXJnZSwgcm95YWx0eS1mcmVlLCBpcnJldm9jYWJsZQogICAgICAoZXhjZXB0IGFzIHN0YXRlZCBpbiB0aGlzIHNlY3Rpb24pIHBhdGVudCBsaWNlbnNlIHRvIG1ha2UsIGhhdmUgbWFkZSwKICAgICAgdXNlLCBvZmZlciB0byBzZWxsLCBzZWxsLCBpbXBvcnQsIGFuZCBvdGhlcndpc2UgdHJhbnNmZXIgdGhlIFdvcmssCiAgICAgIHdoZXJlIHN1Y2ggbGljZW5zZSBhcHBsaWVzIG9ubHkgdG8gdGhvc2UgcGF0ZW50IGNsYWltcyBsaWNlbnNhYmxlCiAgICAgIGJ5IHN1Y2ggQ29udHJpYnV0b3IgdGhhdCBhcmUgbmVjZXNzYXJpbHkgaW5mcmluZ2VkIGJ5IHRoZWlyCiAgICAgIENvbnRyaWJ1dGlvbihzKSBhbG9uZSBvciBieSBjb21iaW5hdGlvbiBvZiB0aGVpciBDb250cmlidXRpb24ocykKICAgICAgd2l0aCB0aGUgV29yayB0byB3aGljaCBzdWNoIENvbnRyaWJ1dGlvbihzKSB3YXMgc3VibWl0dGVkLiBJZiBZb3UKICAgICAgaW5zdGl0dXRlIHBhdGVudCBsaXRpZ2F0aW9uIGFnYWluc3QgYW55IGVudGl0eSAoaW5jbHVkaW5nIGEKICAgICAgY3Jvc3MtY2xhaW0gb3IgY291bnRlcmNsYWltIGluIGEgbGF3c3VpdCkgYWxsZWdpbmcgdGhhdCB0aGUgV29yawogICAgICBvciBhIENvbnRyaWJ1dGlvbiBpbmNvcnBvcmF0ZWQgd2l0aGluIHRoZSBXb3JrIGNvbnN0aXR1dGVzIGRpcmVjdAogICAgICBvciBjb250cmlidXRvcnkgcGF0ZW50IGluZnJpbmdlbWVudCwgdGhlbiBhbnkgcGF0ZW50IGxpY2Vuc2VzCiAgICAgIGdyYW50ZWQgdG8gWW91IHVuZGVyIHRoaXMgTGljZW5zZSBmb3IgdGhhdCBXb3JrIHNoYWxsIHRlcm1pbmF0ZQogICAgICBhcyBvZiB0aGUgZGF0ZSBzdWNoIGxpdGlnYXRpb24gaXMgZmlsZWQuCgogICA0LiBSZWRpc3RyaWJ1dGlvbi4gWW91IG1heSByZXByb2R1Y2UgYW5kIGRpc3RyaWJ1dGUgY29waWVzIG9mIHRoZQogICAgICBXb3JrIG9yIERlcml2YXRpdmUgV29ya3MgdGhlcmVvZiBpbiBhbnkgbWVkaXVtLCB3aXRoIG9yIHdpdGhvdXQKICAgICAgbW9kaWZpY2F0aW9ucywgYW5kIGluIFNvdXJjZSBvciBPYmplY3QgZm9ybSwgcHJvdmlkZWQgdGhhdCBZb3UKICAgICAgbWVldCB0aGUgZm9sbG93aW5nIGNvbmRpdGlvbnM6CgogICAgICAoYSkgWW91IG11c3QgZ2l2ZSBhbnkgb3RoZXIgcmVjaXBpZW50cyBvZiB0aGUgV29yayBvcgogICAgICAgICAgRGVyaXZhdGl2ZSBXb3JrcyBhIGNvcHkgb2YgdGhpcyBMaWNlbnNlOyBhbmQKCiAgICAgIChiKSBZb3UgbXVzdCBjYXVzZSBhbnkgbW9kaWZpZWQgZmlsZXMgdG8gY2FycnkgcHJvbWluZW50IG5vdGljZXMKICAgICAgICAgIHN0YXRpbmcgdGhhdCBZb3UgY2hhbmdlZCB0aGUgZmlsZXM7IGFuZAoKICAgICAgKGMpIFlvdSBtdXN0IHJldGFpbiwgaW4gdGhlIFNvdXJjZSBmb3JtIG9mIGFueSBEZXJpdmF0aXZlIFdvcmtzCiAgICAgICAgICB0aGF0IFlvdSBkaXN0cmlidXRlLCBhbGwgY29weXJpZ2h0LCBwYXRlbnQsIHRyYWRlbWFyaywgYW5kCiAgICAgICAgICBhdHRyaWJ1dGlvbiBub3RpY2VzIGZyb20gdGhlIFNvdXJjZSBmb3JtIG9mIHRoZSBXb3JrLAogICAgICAgICAgZXhjbHVkaW5nIHRob3NlIG5vdGljZXMgdGhhdCBkbyBub3QgcGVydGFpbiB0byBhbnkgcGFydCBvZgogICAgICAgICAgdGhlIERlcml2YXRpdmUgV29ya3M7IGFuZAoKICAgICAgKGQpIElmIHRoZSBXb3JrIGluY2x1ZGVzIGEgIk5PVElDRSIgdGV4dCBmaWxlIGFzIHBhcnQgb2YgaXRzCiAgICAgICAgICBkaXN0cmlidXRpb24sIHRoZW4gYW55IERlcml2YXRpdmUgV29ya3MgdGhhdCBZb3UgZGlzdHJpYnV0ZSBtdXN0CiAgICAgICAgICBpbmNsdWRlIGEgcmVhZGFibGUgY29weSBvZiB0aGUgYXR0cmlidXRpb24gbm90aWNlcyBjb250YWluZWQKICAgICAgICAgIHdpdGhpbiBzdWNoIE5PVElDRSBmaWxlLCBleGNsdWRpbmcgdGhvc2Ugbm90aWNlcyB0aGF0IGRvIG5vdAogICAgICAgICAgcGVydGFpbiB0byBhbnkgcGFydCBvZiB0aGUgRGVyaXZhdGl2ZSBXb3JrcywgaW4gYXQgbGVhc3Qgb25lCiAgICAgICAgICBvZiB0aGUgZm9sbG93aW5nIHBsYWNlczogd2l0aGluIGEgTk9USUNFIHRleHQgZmlsZSBkaXN0cmlidXRlZAogICAgICAgICAgYXMgcGFydCBvZiB0aGUgRGVyaXZhdGl2ZSBXb3Jrczsgd2l0aGluIHRoZSBTb3VyY2UgZm9ybSBvcgogICAgICAgICAgZG9jdW1lbnRhdGlvbiwgaWYgcHJvdmlkZWQgYWxvbmcgd2l0aCB0aGUgRGVyaXZhdGl2ZSBXb3Jrczsgb3IsCiAgICAgICAgICB3aXRoaW4gYSBkaXNwbGF5IGdlbmVyYXRlZCBieSB0aGUgRGVyaXZhdGl2ZSBXb3JrcywgaWYgYW5kCiAgICAgICAgICB3aGVyZXZlciBzdWNoIHRoaXJkLXBhcnR5IG5vdGljZXMgbm9ybWFsbHkgYXBwZWFyLiBUaGUgY29udGVudHMKICAgICAgICAgIG9mIHRoZSBOT1RJQ0UgZmlsZSBhcmUgZm9yIGluZm9ybWF0aW9uYWwgcHVycG9zZXMgb25seSBhbmQKICAgICAgICAgIGRvIG5vdCBtb2RpZnkgdGhlIExpY2Vuc2UuIFlvdSBtYXkgYWRkIFlvdXIgb3duIGF0dHJpYnV0aW9uCiAgICAgICAgICBub3RpY2VzIHdpdGhpbiBEZXJpdmF0aXZlIFdvcmtzIHRoYXQgWW91IGRpc3RyaWJ1dGUsIGFsb25nc2lkZQogICAgICAgICAgb3IgYXMgYW4gYWRkZW5kdW0gdG8gdGhlIE5PVElDRSB0ZXh0IGZyb20gdGhlIFdvcmssIHByb3ZpZGVkCiAgICAgICAgICB0aGF0IHN1Y2ggYWRkaXRpb25hbCBhdHRyaWJ1dGlvbiBub3RpY2VzIGNhbm5vdCBiZSBjb25zdHJ1ZWQKICAgICAgICAgIGFzIG1vZGlmeWluZyB0aGUgTGljZW5zZS4KCiAgICAgIFlvdSBtYXkgYWRkIFlvdXIgb3duIGNvcHlyaWdodCBzdGF0ZW1lbnQgdG8gWW91ciBtb2RpZmljYXRpb25zIGFuZAogICAgICBtYXkgcHJvdmlkZSBhZGRpdGlvbmFsIG9yIGRpZmZlcmVudCBsaWNlbnNlIHRlcm1zIGFuZCBjb25kaXRpb25zCiAgICAgIGZvciB1c2UsIHJlcHJvZHVjdGlvbiwgb3IgZGlzdHJpYnV0aW9uIG9mIFlvdXIgbW9kaWZpY2F0aW9ucywgb3IKICAgICAgZm9yIGFueSBzdWNoIERlcml2YXRpdmUgV29ya3MgYXMgYSB3aG9sZSwgcHJvdmlkZWQgWW91ciB1c2UsCiAgICAgIHJlcHJvZHVjdGlvbiwgYW5kIGRpc3RyaWJ1dGlvbiBvZiB0aGUgV29yayBvdGhlcndpc2UgY29tcGxpZXMgd2l0aAogICAgICB0aGUgY29uZGl0aW9ucyBzdGF0ZWQgaW4gdGhpcyBMaWNlbnNlLgoKICAgNS4gU3VibWlzc2lvbiBvZiBDb250cmlidXRpb25zLiBVbmxlc3MgWW91IGV4cGxpY2l0bHkgc3RhdGUgb3RoZXJ3aXNlLAogICAgICBhbnkgQ29udHJpYnV0aW9uIGludGVudGlvbmFsbHkgc3VibWl0dGVkIGZvciBpbmNsdXNpb24gaW4gdGhlIFdvcmsKICAgICAgYnkgWW91IHRvIHRoZSBMaWNlbnNvciBzaGFsbCBiZSB1bmRlciB0aGUgdGVybXMgYW5kIGNvbmRpdGlvbnMgb2YKICAgICAgdGhpcyBMaWNlbnNlLCB3aXRob3V0IGFueSBhZGRpdGlvbmFsIHRlcm1zIG9yIGNvbmRpdGlvbnMuCiAgICAgIE5vdHdpdGhzdGFuZGluZyB0aGUgYWJvdmUsIG5vdGhpbmcgaGVyZWluIHNoYWxsIHN1cGVyc2VkZSBvciBtb2RpZnkKICAgICAgdGhlIHRlcm1zIG9mIGFueSBzZXBhcmF0ZSBsaWNlbnNlIGFncmVlbWVudCB5b3UgbWF5IGhhdmUgZXhlY3V0ZWQKICAgICAgd2l0aCBMaWNlbnNvciByZWdhcmRpbmcgc3VjaCBDb250cmlidXRpb25zLgoKICAgNi4gVHJhZGVtYXJrcy4gVGhpcyBMaWNlbnNlIGRvZXMgbm90IGdyYW50IHBlcm1pc3Npb24gdG8gdXNlIHRoZSB0cmFkZQogICAgICBuYW1lcywgdHJhZGVtYXJrcywgc2VydmljZSBtYXJrcywgb3IgcHJvZHVjdCBuYW1lcyBvZiB0aGUgTGljZW5zb3IsCiAgICAgIGV4Y2VwdCBhcyByZXF1aXJlZCBmb3IgcmVhc29uYWJsZSBhbmQgY3VzdG9tYXJ5IHVzZSBpbiBkZXNjcmliaW5nIHRoZQogICAgICBvcmlnaW4gb2YgdGhlIFdvcmsgYW5kIHJlcHJvZHVjaW5nIHRoZSBjb250ZW50IG9mIHRoZSBOT1RJQ0UgZmlsZS4KCiAgIDcuIERpc2NsYWltZXIgb2YgV2FycmFudHkuIFVubGVzcyByZXF1aXJlZCBieSBhcHBsaWNhYmxlIGxhdyBvcgogICAgICBhZ3JlZWQgdG8gaW4gd3JpdGluZywgTGljZW5zb3IgcHJvdmlkZXMgdGhlIFdvcmsgKGFuZCBlYWNoCiAgICAgIENvbnRyaWJ1dG9yIHByb3ZpZGVzIGl0cyBDb250cmlidXRpb25zKSBvbiBhbiAiQVMgSVMiIEJBU0lTLAogICAgICBXSVRIT1VUIFdBUlJBTlRJRVMgT1IgQ09ORElUSU9OUyBPRiBBTlkgS0lORCwgZWl0aGVyIGV4cHJlc3Mgb3IKICAgICAgaW1wbGllZCwgaW5jbHVkaW5nLCB3aXRob3V0IGxpbWl0YXRpb24sIGFueSB3YXJyYW50aWVzIG9yIGNvbmRpdGlvbnMKICAgICAgb2YgVElUTEUsIE5PTi1JTkZSSU5HRU1FTlQsIE1FUkNIQU5UQUJJTElUWSwgb3IgRklUTkVTUyBGT1IgQQogICAgICBQQVJUSUNVTEFSIFBVUlBPU0UuIFlvdSBhcmUgc29sZWx5IHJlc3BvbnNpYmxlIGZvciBkZXRlcm1pbmluZyB0aGUKICAgICAgYXBwcm9wcmlhdGVuZXNzIG9mIHVzaW5nIG9yIHJlZGlzdHJpYnV0aW5nIHRoZSBXb3JrIGFuZCBhc3N1bWUgYW55CiAgICAgIHJpc2tzIGFzc29jaWF0ZWQgd2l0aCBZb3VyIGV4ZXJjaXNlIG9mIHBlcm1pc3Npb25zIHVuZGVyIHRoaXMgTGljZW5zZS4KCiAgIDguIExpbWl0YXRpb24gb2YgTGlhYmlsaXR5LiBJbiBubyBldmVudCBhbmQgdW5kZXIgbm8gbGVnYWwgdGhlb3J5LAogICAgICB3aGV0aGVyIGluIHRvcnQgKGluY2x1ZGluZyBuZWdsaWdlbmNlKSwgY29udHJhY3QsIG9yIG90aGVyd2lzZSwKICAgICAgdW5sZXNzIHJlcXVpcmVkIGJ5IGFwcGxpY2FibGUgbGF3IChzdWNoIGFzIGRlbGliZXJhdGUgYW5kIGdyb3NzbHkKICAgICAgbmVnbGlnZW50IGFjdHMpIG9yIGFncmVlZCB0byBpbiB3cml0aW5nLCBzaGFsbCBhbnkgQ29udHJpYnV0b3IgYmUKICAgICAgbGlhYmxlIHRvIFlvdSBmb3IgZGFtYWdlcywgaW5jbHVkaW5nIGFueSBkaXJlY3QsIGluZGlyZWN0LCBzcGVjaWFsLAogICAgICBpbmNpZGVudGFsLCBvciBjb25zZXF1ZW50aWFsIGRhbWFnZXMgb2YgYW55IGNoYXJhY3RlciBhcmlzaW5nIGFzIGEKICAgICAgcmVzdWx0IG9mIHRoaXMgTGljZW5zZSBvciBvdXQgb2YgdGhlIHVzZSBvciBpbmFiaWxpdHkgdG8gdXNlIHRoZQogICAgICBXb3JrIChpbmNsdWRpbmcgYnV0IG5vdCBsaW1pdGVkIHRvIGRhbWFnZXMgZm9yIGxvc3Mgb2YgZ29vZHdpbGwsCiAgICAgIHdvcmsgc3RvcHBhZ2UsIGNvbXB1dGVyIGZhaWx1cmUgb3IgbWFsZnVuY3Rpb24sIG9yIGFueSBhbmQgYWxsCiAgICAgIG90aGVyIGNvbW1lcmNpYWwgZGFtYWdlcyBvciBsb3NzZXMpLCBldmVuIGlmIHN1Y2ggQ29udHJpYnV0b3IKICAgICAgaGFzIGJlZW4gYWR2aXNlZCBvZiB0aGUgcG9zc2liaWxpdHkgb2Ygc3VjaCBkYW1hZ2VzLgoKICAgOS4gQWNjZXB0aW5nIFdhcnJhbnR5IG9yIEFkZGl0aW9uYWwgTGlhYmlsaXR5LiBXaGlsZSByZWRpc3RyaWJ1dGluZwogICAgICB0aGUgV29yayBvciBEZXJpdmF0aXZlIFdvcmtzIHRoZXJlb2YsIFlvdSBtYXkgY2hvb3NlIHRvIG9mZmVyLAogICAgICBhbmQgY2hhcmdlIGEgZmVlIGZvciwgYWNjZXB0YW5jZSBvZiBzdXBwb3J0LCB3YXJyYW50eSwgaW5kZW1uaXR5LAogICAgICBvciBvdGhlciBsaWFiaWxpdHkgb2JsaWdhdGlvbnMgYW5kL29yIHJpZ2h0cyBjb25zaXN0ZW50IHdpdGggdGhpcwogICAgICBMaWNlbnNlLiBIb3dldmVyLCBpbiBhY2NlcHRpbmcgc3VjaCBvYmxpZ2F0aW9ucywgWW91IG1heSBhY3Qgb25seQogICAgICBvbiBZb3VyIG93biBiZWhhbGYgYW5kIG9uIFlvdXIgc29sZSByZXNwb25zaWJpbGl0eSwgbm90IG9uIGJlaGFsZgogICAgICBvZiBhbnkgb3RoZXIgQ29udHJpYnV0b3IsIGFuZCBvbmx5IGlmIFlvdSBhZ3JlZSB0byBpbmRlbW5pZnksCiAgICAgIGRlZmVuZCwgYW5kIGhvbGQgZWFjaCBDb250cmlidXRvciBoYXJtbGVzcyBmb3IgYW55IGxpYWJpbGl0eQogICAgICBpbmN1cnJlZCBieSwgb3IgY2xhaW1zIGFzc2VydGVkIGFnYWluc3QsIHN1Y2ggQ29udHJpYnV0b3IgYnkgcmVhc29uCiAgICAgIG9mIHlvdXIgYWNjZXB0aW5nIGFueSBzdWNoIHdhcnJhbnR5IG9yIGFkZGl0aW9uYWwgbGlhYmlsaXR5LgoKICAgRU5EIE9GIFRFUk1TIEFORCBDT05ESVRJT05TCgogICBBUFBFTkRJWDogSG93IHRvIGFwcGx5IHRoZSBBcGFjaGUgTGljZW5zZSB0byB5b3VyIHdvcmsuCgogICAgICBUbyBhcHBseSB0aGUgQXBhY2hlIExpY2Vuc2UgdG8geW91ciB3b3JrLCBhdHRhY2ggdGhlIGZvbGxvd2luZwogICAgICBib2lsZXJwbGF0ZSBub3RpY2UsIHdpdGggdGhlIGZpZWxkcyBlbmNsb3NlZCBieSBicmFja2V0cyAiW10iCiAgICAgIHJlcGxhY2VkIHdpdGggeW91ciBvd24gaWRlbnRpZnlpbmcgaW5mb3JtYXRpb24uIChEb24ndCBpbmNsdWRlCiAgICAgIHRoZSBicmFja2V0cyEpICBUaGUgdGV4dCBzaG91bGQgYmUgZW5jbG9zZWQgaW4gdGhlIGFwcHJvcHJpYXRlCiAgICAgIGNvbW1lbnQgc3ludGF4IGZvciB0aGUgZmlsZSBmb3JtYXQuIFdlIGFsc28gcmVjb21tZW5kIHRoYXQgYQogICAgICBmaWxlIG9yIGNsYXNzIG5hbWUgYW5kIGRlc2NyaXB0aW9uIG9mIHB1cnBvc2UgYmUgaW5jbHVkZWQgb24gdGhlCiAgICAgIHNhbWUgInByaW50ZWQgcGFnZSIgYXMgdGhlIGNvcHlyaWdodCBub3RpY2UgZm9yIGVhc2llcgogICAgICBpZGVudGlmaWNhdGlvbiB3aXRoaW4gdGhpcmQtcGFydHkgYXJjaGl2ZXMuCgogICBDb3B5cmlnaHQgW3l5eXldIFtuYW1lIG9mIGNvcHlyaWdodCBvd25lcl0KCiAgIExpY2Vuc2VkIHVuZGVyIHRoZSBBcGFjaGUgTGljZW5zZSwgVmVyc2lvbiAyLjAgKHRoZSAiTGljZW5zZSIpOwogICB5b3UgbWF5IG5vdCB1c2UgdGhpcyBmaWxlIGV4Y2VwdCBpbiBjb21wbGlhbmNlIHdpdGggdGhlIExpY2Vuc2UuCiAgIFlvdSBtYXkgb2J0YWluIGEgY29weSBvZiB0aGUgTGljZW5zZSBhdAoKICAgICAgIGh0dHA6Ly93d3cuYXBhY2hlLm9yZy9saWNlbnNlcy9MSUNFTlNFLTIuMAoKICAgVW5sZXNzIHJlcXVpcmVkIGJ5IGFwcGxpY2FibGUgbGF3IG9yIGFncmVlZCB0byBpbiB3cml0aW5nLCBzb2Z0d2FyZQogICBkaXN0cmlidXRlZCB1bmRlciB0aGUgTGljZW5zZSBpcyBkaXN0cmlidXRlZCBvbiBhbiAiQVMgSVMiIEJBU0lTLAogICBXSVRIT1VUIFdBUlJBTlRJRVMgT1IgQ09ORElUSU9OUyBPRiBBTlkgS0lORCwgZWl0aGVyIGV4cHJlc3Mgb3IgaW1wbGllZC4KICAgU2VlIHRoZSBMaWNlbnNlIGZvciB0aGUgc3BlY2lmaWMgbGFuZ3VhZ2UgZ292ZXJuaW5nIHBlcm1pc3Npb25zIGFuZAogICBsaW1pdGF0aW9ucyB1bmRlciB0aGUgTGljZW5zZS4=" }, "url": "https://www.apache.org/licenses/LICENSE-2.0.txt" } } ], - "purl": "pkg:npm/acme/component@1.0.0", + "purl": "pkg:maven/com.acme/tomcat-catalina@9.0.14?packaging=jar", "pedigree": { "ancestors": [ { - "type": "library", - "publisher": "Acme Inc", - "group": "com.acme", - "name": "tomcat-catalina", - "version": "9.0.14" - }, - { - "type": "library", - "publisher": "Acme Inc", - "group": "com.acme", + "type": "application", + "author": "Apache Super Heros", + "publisher": "Apache", + "group": "org.apache.tomcat", "name": "tomcat-catalina", - "version": "9.0.14" + "version": "9.0.14", + "description": "Apache Catalina", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/org.apache.tomcat/tomcat-catalina@9.0.14?packaging=jar" } ], "commits": [ @@ -134,15 +140,23 @@ "url": "https://location/to/7638417db6d59f3c431d3e1f261cc637155684cd", "author": { "timestamp": "2018-11-13T20:20:39+00:00", - "name": "me", - "email": "me@acme.org" - } + "name": "John Doe", + "email": "john.doe@example.com" + }, + "committer": { + "timestamp": "2018-11-07T22:01:45Z", + "name": "Jane Doe", + "email": "jane.doe@example.com" + }, + "message": "Initial commit" } - ] + ], + "notes": "Commentary here" } }, { "type": "library", + "bom-ref": "pkg:maven/com.example/myapplication@1.0.0?packaging=war", "supplier": { "name": "Example, Inc.", "url": [ @@ -151,7 +165,7 @@ ], "contact": [ { - "name": "Example Support AMER Distribution", + "name": "Example Support AMER", "email": "support@example.com", "phone": "800-555-1212" }, @@ -186,15 +200,99 @@ "group": "org.example", "name": "mylibrary", "version": "1.0.0", - "scope": "required" + "scope": "required", + "hashes": [ + { + "alg": "MD5", + "content": "2342c2eaf1feb9a80195dbaddf2ebaa3" + }, + { + "alg": "SHA-1", + "content": "68b78babe00a053f9e35ec6a2d9080f5b90122b0" + }, + { + "alg": "SHA-256", + "content": "708f1f53b41f11f02d12a11b1a38d2905d47b099afc71a0f1124ef8582ec7313" + }, + { + "alg": "SHA-512", + "content": "387b7ae16b9cae45f830671541539bf544202faae5aac544a93b7b0a04f5f846fa2f4e81ef3f1677e13aed7496408a441f5657ab6d54423e56bf6f38da124aef" + } + ], + "licenses": [ + { + "expression": "EPL-2.0 OR GPL-2.0-with-classpath-exception" + } + ], + "copyright": "Copyright Example Inc. All rights reserved.", + "cpe": "cpe:/a:example:myapplication:1.0.0", + "purl": "pkg:maven/com.example/myapplication@1.0.0?packaging=war", + "modified": false, + "externalReferences": [ + { + "url": "http://example.org/docs", + "type": "documentation", + "comment": "All component versions are documented here" + }, + { + "url": "http://example.org/security", + "type": "advisories" + } + ] + }, + { + "type": "framework", + "author": "Example Super Heros", + "group": "com.example", + "name": "myframework", + "version": "1.0.0", + "description": "Example Inc, enterprise framework", + "scope": "required", + "hashes": [ + { + "alg": "MD5", + "content": "cfcb0b64aacd2f81c1cd546543de965a" + }, + { + "alg": "SHA-1", + "content": "7fbeef2346c45d565c3341f037bce4e088af8a52" + }, + { + "alg": "SHA-256", + "content": "0384db3cec55d86a6898c489fdb75a8e75fe66b26639634983d2f3c3558493d1" + }, + { + "alg": "SHA-512", + "content": "854909cdb9e3ca183056837144aab6d8069b377bd66445087cc7157bf0c3f620418705dd0b83bdc2f73a508c2bdb316ca1809d75ee6972d02023a3e7dd655c79" + } + ], + "licenses": [ + { + "license": { + "name": "Some random license" + } + } + ], + "purl": "pkg:maven/com.example/myframework@1.0.0?packaging=war", + "modified": false, + "externalReferences": [ + { + "type": "website", + "url": "http://example.com/myframework" + }, + { + "type": "advisories", + "url": "http://example.com/security" + } + ] } ], "dependencies": [ { - "ref": "pkg:npm/acme/component@1.0.0", + "ref": "pkg:maven/com.acme/tomcat-catalina@9.0.14?packaging=jar", "dependsOn": [ - "pkg:npm/acme/component@1.0.0" + "pkg:maven/com.example/myapplication@1.0.0?packaging=war" ] } ] -} +} \ No newline at end of file diff --git a/tests/_data/schemaTestData/1.6/valid-bom-1.6.xml b/tests/_data/schemaTestData/1.6/valid-bom-1.6.xml index 6760b9da..5f94ce13 100644 --- a/tests/_data/schemaTestData/1.6/valid-bom-1.6.xml +++ b/tests/_data/schemaTestData/1.6/valid-bom-1.6.xml @@ -1,7 +1,7 @@ - 2020-04-07T07:01:00Z + 2020-04-13T20:20:39+00:00 Awesome Vendor @@ -46,7 +46,7 @@ - + Joane Doe et al. Acme Inc com.acme @@ -90,7 +90,7 @@ 7638417db6d59f3c431d3e1f261cc637155684cd https://location/to/7638417db6d59f3c431d3e1f261cc637155684cd - 2018-11-07T22:01:45Z + 2018-11-13T20:20:39+00:00 John Doe john.doe@example.com @@ -105,9 +105,9 @@ Commentary here - + - Example Inc. + Example, Inc. https://example.com https://example.net @@ -121,7 +121,7 @@ - Example-2, Inc.Example-2, Inc. + Example-2, Inc. https://example.org support@example.org @@ -195,4 +195,9 @@ + + + + + diff --git a/tests/_data/schemaTestData/1.6/valid-component-data-1.6.json b/tests/_data/schemaTestData/1.6/valid-component-data-1.6.json new file mode 100644 index 00000000..f78163f9 --- /dev/null +++ b/tests/_data/schemaTestData/1.6/valid-component-data-1.6.json @@ -0,0 +1,30 @@ +{ + "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", + "bomFormat": "CycloneDX", + "specVersion": "1.6", + "serialNumber": "urn:uuid:1b1bff0e-fdb9-4088-8b9a-1a9f2d9006da", + "version": 1, + "components": [ + { + "type": "data", + "name": "my-configs", + "version": "1337", + "data": [ + { + "type": "configuration", + "name": "app.ini", + "contents": { + "url": "https://example.com/cfg/1337/app.ini" + } + }, + { + "type": "other", + "name": ".env", + "contents": { + "url": "https://example.com/cfg/1337/env" + } + } + ] + } + ] +} diff --git a/tests/_data/schemaTestData/1.6/valid-component-data-1.6.xml b/tests/_data/schemaTestData/1.6/valid-component-data-1.6.xml new file mode 100644 index 00000000..fe89d803 --- /dev/null +++ b/tests/_data/schemaTestData/1.6/valid-component-data-1.6.xml @@ -0,0 +1,24 @@ + + + + + my-configs + 1337 + + configuration + app.ini + + https://example.com/cfg/1337/app.ini + + + + other + .env + + https://example.com/cfg/1337/env + + + + + diff --git a/tests/_data/schemaTestData/1.6/valid-component-hashes-1.6.json b/tests/_data/schemaTestData/1.6/valid-component-hashes-1.6.json index fcb58a93..91d15f58 100644 --- a/tests/_data/schemaTestData/1.6/valid-component-hashes-1.6.json +++ b/tests/_data/schemaTestData/1.6/valid-component-hashes-1.6.json @@ -1,4 +1,5 @@ { + "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", diff --git a/tests/_data/schemaTestData/1.6/valid-component-identifiers-1.6.json b/tests/_data/schemaTestData/1.6/valid-component-identifiers-1.6.json index 37175a6e..de0d2a09 100644 --- a/tests/_data/schemaTestData/1.6/valid-component-identifiers-1.6.json +++ b/tests/_data/schemaTestData/1.6/valid-component-identifiers-1.6.json @@ -1,4 +1,5 @@ { + "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", diff --git a/tests/_data/schemaTestData/1.6/valid-component-ref-1.6.json b/tests/_data/schemaTestData/1.6/valid-component-ref-1.6.json index 977fb1eb..c31d31e5 100644 --- a/tests/_data/schemaTestData/1.6/valid-component-ref-1.6.json +++ b/tests/_data/schemaTestData/1.6/valid-component-ref-1.6.json @@ -1,4 +1,5 @@ { + "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", @@ -8,11 +9,19 @@ "type": "library", "bom-ref": "123", "name": "acme-library", - "version": "1.0.0" + "version": "1.0.0", + "components" : [ + { + "type": "library", + "bom-ref": "456", + "name": "acme-library", + "version": "1.0.0" + } + ] }, { "type": "library", - "bom-ref": "456", + "bom-ref": "789", "name": "acme-library", "version": "1.0.0" } diff --git a/tests/_data/schemaTestData/1.6/valid-component-swid-1.6.json b/tests/_data/schemaTestData/1.6/valid-component-swid-1.6.json index 9b63b942..bff17b97 100644 --- a/tests/_data/schemaTestData/1.6/valid-component-swid-1.6.json +++ b/tests/_data/schemaTestData/1.6/valid-component-swid-1.6.json @@ -1,4 +1,5 @@ { + "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", diff --git a/tests/_data/schemaTestData/1.6/valid-component-swid-full-1.6.json b/tests/_data/schemaTestData/1.6/valid-component-swid-full-1.6.json index 576131ce..e0e83115 100644 --- a/tests/_data/schemaTestData/1.6/valid-component-swid-full-1.6.json +++ b/tests/_data/schemaTestData/1.6/valid-component-swid-full-1.6.json @@ -1,4 +1,5 @@ { + "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", diff --git a/tests/_data/schemaTestData/1.6/valid-component-types-1.6.json b/tests/_data/schemaTestData/1.6/valid-component-types-1.6.json index 782e701b..8b1abd7e 100644 --- a/tests/_data/schemaTestData/1.6/valid-component-types-1.6.json +++ b/tests/_data/schemaTestData/1.6/valid-component-types-1.6.json @@ -1,4 +1,5 @@ { + "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", @@ -43,6 +44,11 @@ "type": "file", "name": "file-a", "version": "1.0" + }, + { + "type": "data", + "name": "data-a", + "version": "1.0" } ] } diff --git a/tests/_data/schemaTestData/1.6/valid-component-types-1.6.xml b/tests/_data/schemaTestData/1.6/valid-component-types-1.6.xml index b66c396e..d8c70784 100644 --- a/tests/_data/schemaTestData/1.6/valid-component-types-1.6.xml +++ b/tests/_data/schemaTestData/1.6/valid-component-types-1.6.xml @@ -33,5 +33,9 @@ file-a 1.0 + + data-a + 1.0 + diff --git a/tests/_data/schemaTestData/1.6/valid-compositions-1.6.json b/tests/_data/schemaTestData/1.6/valid-compositions-1.6.json index 9cdbfe98..8b8dcbf3 100644 --- a/tests/_data/schemaTestData/1.6/valid-compositions-1.6.json +++ b/tests/_data/schemaTestData/1.6/valid-compositions-1.6.json @@ -1,4 +1,5 @@ { + "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", diff --git a/tests/_data/schemaTestData/1.6/valid-compositions-1.6.xml b/tests/_data/schemaTestData/1.6/valid-compositions-1.6.xml index 5f8a76d0..f99ed830 100644 --- a/tests/_data/schemaTestData/1.6/valid-compositions-1.6.xml +++ b/tests/_data/schemaTestData/1.6/valid-compositions-1.6.xml @@ -21,7 +21,7 @@ Acme Library - 2.0 + 3.0 pkg:maven/acme/library@3.0 @@ -49,9 +49,9 @@ incomplete_first_party_only - - - + + + diff --git a/tests/_data/schemaTestData/1.6/valid-cryptography-full-1.6.json b/tests/_data/schemaTestData/1.6/valid-cryptography-full-1.6.json index e25d4dd9..ac134465 100644 --- a/tests/_data/schemaTestData/1.6/valid-cryptography-full-1.6.json +++ b/tests/_data/schemaTestData/1.6/valid-cryptography-full-1.6.json @@ -1,4 +1,5 @@ { + "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", diff --git a/tests/_data/schemaTestData/1.6/valid-cryptography-implementation-1.6.json b/tests/_data/schemaTestData/1.6/valid-cryptography-implementation-1.6.json index 3bff0945..a143b9b3 100644 --- a/tests/_data/schemaTestData/1.6/valid-cryptography-implementation-1.6.json +++ b/tests/_data/schemaTestData/1.6/valid-cryptography-implementation-1.6.json @@ -1,4 +1,5 @@ { + "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", diff --git a/tests/_data/schemaTestData/1.6/valid-cryptography-implementation-1.6.xml b/tests/_data/schemaTestData/1.6/valid-cryptography-implementation-1.6.xml index d9c97fee..e86ae594 100644 --- a/tests/_data/schemaTestData/1.6/valid-cryptography-implementation-1.6.xml +++ b/tests/_data/schemaTestData/1.6/valid-cryptography-implementation-1.6.xml @@ -31,11 +31,11 @@ - Crypto Library + Crypto library 1.0.0 - Some Library + Some library 1.0.0 diff --git a/tests/_data/schemaTestData/1.6/valid-dependency-1.6.json b/tests/_data/schemaTestData/1.6/valid-dependency-1.6.json index 3d246547..1e87f38e 100644 --- a/tests/_data/schemaTestData/1.6/valid-dependency-1.6.json +++ b/tests/_data/schemaTestData/1.6/valid-dependency-1.6.json @@ -1,4 +1,5 @@ { + "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", diff --git a/tests/_data/schemaTestData/1.6/valid-dependency-1.6.xml b/tests/_data/schemaTestData/1.6/valid-dependency-1.6.xml index 903670cf..7fab8347 100644 --- a/tests/_data/schemaTestData/1.6/valid-dependency-1.6.xml +++ b/tests/_data/schemaTestData/1.6/valid-dependency-1.6.xml @@ -2,15 +2,15 @@ - acme-library-a + library-a 1.0.0 - acme-library-b + library-b 1.0.0 - acme-library-b + library-c 1.0.0 diff --git a/tests/_data/schemaTestData/1.6/valid-empty-components-1.6.json b/tests/_data/schemaTestData/1.6/valid-empty-components-1.6.json index 572b398c..a634de3f 100644 --- a/tests/_data/schemaTestData/1.6/valid-empty-components-1.6.json +++ b/tests/_data/schemaTestData/1.6/valid-empty-components-1.6.json @@ -1,4 +1,5 @@ { + "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", diff --git a/tests/_data/schemaTestData/1.6/valid-evidence-1.6.json b/tests/_data/schemaTestData/1.6/valid-evidence-1.6.json index b80656bb..9bb4ebc3 100644 --- a/tests/_data/schemaTestData/1.6/valid-evidence-1.6.json +++ b/tests/_data/schemaTestData/1.6/valid-evidence-1.6.json @@ -1,4 +1,5 @@ { + "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", diff --git a/tests/_data/schemaTestData/1.6/valid-external-reference-1.6.json b/tests/_data/schemaTestData/1.6/valid-external-reference-1.6.json index e3913d84..f5e24561 100644 --- a/tests/_data/schemaTestData/1.6/valid-external-reference-1.6.json +++ b/tests/_data/schemaTestData/1.6/valid-external-reference-1.6.json @@ -1,4 +1,5 @@ { + "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", @@ -33,6 +34,185 @@ "comment": "Vendor provided documentation for the product" } ] + }, + { + "type": "application", + "name": "dummy", + "description": "this component has all external reference types possible", + "externalReferences": [ + { + "type": "vcs", + "url": "http://example.com/extref/vcs" + }, + { + "type": "issue-tracker", + "url": "http://example.com/extref/issue-tracker" + }, + { + "type": "website", + "url": "http://example.com/extref/website" + }, + { + "type": "advisories", + "url": "http://example.com/extref/advisories" + }, + { + "type": "bom", + "url": "http://example.com/extref/bom" + }, + { + "type": "mailing-list", + "url": "http://example.com/extref/mailing-list" + }, + { + "type": "social", + "url": "http://example.com/extref/social" + }, + { + "type": "chat", + "url": "http://example.com/extref/chat" + }, + { + "type": "documentation", + "url": "http://example.com/extref/documentation" + }, + { + "type": "support", + "url": "http://example.com/extref/support" + }, + { + "type": "source-distribution", + "url": "http://example.com/extref/source-distribution" + }, + { + "type": "distribution", + "url": "http://example.com/extref/distribution" + }, + { + "type": "distribution-intake", + "url": "http://example.com/extref/distribution-intake" + }, + { + "type": "license", + "url": "http://example.com/extref/license" + }, + { + "type": "build-meta", + "url": "http://example.com/extref/build-meta" + }, + { + "type": "build-system", + "url": "http://example.com/extref/build-system" + }, + { + "type": "release-notes", + "url": "http://example.com/extref/release-notes" + }, + { + "type": "security-contact", + "url": "http://example.com/extref/security-contact" + }, + { + "type": "model-card", + "url": "http://example.com/extref/model-card" + }, + { + "type": "log", + "url": "http://example.com/extref/log" + }, + { + "type": "configuration", + "url": "http://example.com/extref/configuration" + }, + { + "type": "evidence", + "url": "http://example.com/extref/evidence" + }, + { + "type": "formulation", + "url": "http://example.com/extref/formulation" + }, + { + "type": "attestation", + "url": "http://example.com/extref/attestation" + }, + { + "type": "threat-model", + "url": "http://example.com/extref/threat-model" + }, + { + "type": "adversary-model", + "url": "http://example.com/extref/adversary-model" + }, + { + "type": "risk-assessment", + "url": "http://example.com/extref/risk-assessment" + }, + { + "type": "vulnerability-assertion", + "url": "http://example.com/extref/vulnerability-assertion" + }, + { + "type": "exploitability-statement", + "url": "http://example.com/extref/exploitability-statement" + }, + { + "type": "pentest-report", + "url": "http://example.com/extref/pentest-report" + }, + { + "type": "static-analysis-report", + "url": "http://example.com/extref/static-analysis-report" + }, + { + "type": "dynamic-analysis-report", + "url": "http://example.com/extref/dynamic-analysis-report" + }, + { + "type": "runtime-analysis-report", + "url": "http://example.com/extref/runtime-analysis-report" + }, + { + "type": "component-analysis-report", + "url": "http://example.com/extref/component-analysis-report" + }, + { + "type": "maturity-report", + "url": "http://example.com/extref/maturity-report" + }, + { + "type": "certification-report", + "url": "http://example.com/extref/certification-report" + }, + { + "type": "quality-metrics", + "url": "http://example.com/extref/quality-metrics" + }, + { + "type": "codified-infrastructure", + "url": "http://example.com/extref/codified-infrastructure" + }, + { + "type": "poam", + "url": "http://example.com/extref/poam" + }, + { + "type": "electronic-signature", + "url": "http://example.com/extref/electronic-signature" + }, + { + "type": "digital-signature", + "url": "http://example.com/extref/digital-signature" + }, + { + "type": "rfc-9116", + "url": "http://example.com/extref/rfc-9116" + }, + { + "type": "other", + "url": "http://example.com/extref/other" + } + ] } ] } diff --git a/tests/_data/schemaTestData/1.6/valid-external-reference-1.6.xml b/tests/_data/schemaTestData/1.6/valid-external-reference-1.6.xml index 21810f3c..95cffa0d 100644 --- a/tests/_data/schemaTestData/1.6/valid-external-reference-1.6.xml +++ b/tests/_data/schemaTestData/1.6/valid-external-reference-1.6.xml @@ -2,6 +2,7 @@ + Acme Inc org.example mylibrary 1.0.0 @@ -14,7 +15,7 @@ https://example.org/support/sbom/portal-server/1.0.0 An external SBOM that describes what this component includes - f498a8ff2dd007e29c2074f5e4b01a9a01775c3ff3aeaf6906ea503bc5791b7b + 708f1f53b41f11f02d12a11b1a38d2905d47b099afc71a0f1124ef8582ec7313 @@ -23,5 +24,54 @@ + + dummy + this component has all external reference types possible + + http://example.com/extref/vcs + http://example.com/extref/issue-tracker + http://example.com/extref/website + http://example.com/extref/advisories + http://example.com/extref/bom + http://example.com/extref/mailing-list + http://example.com/extref/social + http://example.com/extref/chat + http://example.com/extref/documentation + http://example.com/extref/support + http://example.com/extref/source-distribution + http://example.com/extref/distribution + http://example.com/extref/distribution-intake + http://example.com/extref/license + http://example.com/extref/build-meta + http://example.com/extref/build-system + http://example.com/extref/release-notes + http://example.com/extref/security-contact + http://example.com/extref/model-card + http://example.com/extref/log + http://example.com/extref/configuration + http://example.com/extref/evidence + http://example.com/extref/formulation + http://example.com/extref/attestation + http://example.com/extref/threat-model + http://example.com/extref/adversary-model + http://example.com/extref/risk-assessment + http://example.com/extref/vulnerability-assertion + http://example.com/extref/exploitability-statement + http://example.com/extref/pentest-report + http://example.com/extref/static-analysis-report + http://example.com/extref/dynamic-analysis-report + http://example.com/extref/runtime-analysis-report + http://example.com/extref/component-analysis-report + http://example.com/extref/maturity-report + http://example.com/extref/certification-report + http://example.com/extref/quality-metrics + http://example.com/extref/codified-infrastructure + http://example.com/extref/poam + http://example.com/extref/electronic-signature + http://example.com/extref/digital-signature + http://example.com/extref/rfc-9116 + http://example.com/extref/other + + diff --git a/tests/_data/schemaTestData/1.6/valid-formulation-1.6.json b/tests/_data/schemaTestData/1.6/valid-formulation-1.6.json index 9169d9ca..ce49ece6 100644 --- a/tests/_data/schemaTestData/1.6/valid-formulation-1.6.json +++ b/tests/_data/schemaTestData/1.6/valid-formulation-1.6.json @@ -1,4 +1,5 @@ { + "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", @@ -245,10 +246,10 @@ } ], "timeStart": "2023-01-01T00:00:00+00:00", - "timeEnd": "2023-01-01T00:00:00+10:00", + "timeEnd": "2023-01-01T00:00:10+00:00", "workspaces": [ { - "bom-ref": "workspace-1", + "bom-ref": "workspace-2", "uid": "workspace-1", "name": "My workspace", "aliases": [ "default-workspace" ], diff --git a/tests/_data/schemaTestData/1.6/valid-formulation-1.6.xml b/tests/_data/schemaTestData/1.6/valid-formulation-1.6.xml index 7f500a33..38441825 100644 --- a/tests/_data/schemaTestData/1.6/valid-formulation-1.6.xml +++ b/tests/_data/schemaTestData/1.6/valid-formulation-1.6.xml @@ -72,8 +72,8 @@ - - + + @@ -84,11 +84,11 @@ - clean + clone build - trigger-uid-1 + trigger-uid-2 My trigger Description here @@ -101,7 +101,7 @@ event-1 Description here 2023-01-01T00:00:00+00:00 - FooBar + Foo/Bar component-g @@ -207,7 +207,7 @@ 2023-01-01T00:00:00+00:00 - 2023-01-01T00:00:00+00:00 + 2023-01-01T00:00:10+00:00 workspace-1 diff --git a/tests/_data/schemaTestData/1.6/valid-license-expression-1.6.json b/tests/_data/schemaTestData/1.6/valid-license-expression-1.6.json index 057ad915..dd4f6b99 100644 --- a/tests/_data/schemaTestData/1.6/valid-license-expression-1.6.json +++ b/tests/_data/schemaTestData/1.6/valid-license-expression-1.6.json @@ -1,22 +1,44 @@ { + "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", "version": 1, "components": [ { - "type": "library", + "type": "application", "publisher": "Acme Inc", "group": "com.acme", "name": "tomcat-catalina", "version": "9.0.14", + "description": "Modified version of Apache Catalina", + "scope": "required", + "hashes": [ + { + "alg": "MD5", + "content": "3942447fac867ae5cdb3229b658f4d48" + }, + { + "alg": "SHA-1", + "content": "e6b1000b94e835ffd37f4c6dcbdad43f4b48a02a" + }, + { + "alg": "SHA-256", + "content": "f498a8ff2dd007e29c2074f5e4b01a9a01775c3ff3aeaf6906ea503bc5791b7b" + }, + { + "alg": "SHA-512", + "content": "e8f33e424f3f4ed6db76a482fde1a5298970e442c531729119e37991884bdffab4f9426b7ee11fccd074eeda0634d71697d6f88a460dce0ac8d627a29f7d1282" + } + ], "licenses": [ { "expression": "EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0", "acknowledgement": "declared", "bom-ref": "my-license" } - ] + ], + "purl": "pkg:maven/com.acme/tomcat-catalina@9.0.14?packaging=jar" } ] } diff --git a/tests/_data/schemaTestData/1.6/valid-license-expression-1.6.xml b/tests/_data/schemaTestData/1.6/valid-license-expression-1.6.xml index 4eb0a6f7..77035ad7 100644 --- a/tests/_data/schemaTestData/1.6/valid-license-expression-1.6.xml +++ b/tests/_data/schemaTestData/1.6/valid-license-expression-1.6.xml @@ -15,9 +15,7 @@ e8f33e424f3f4ed6db76a482fde1a5298970e442c531729119e37991884bdffab4f9426b7ee11fccd074eeda0634d71697d6f88a460dce0ac8d627a29f7d1282 - - EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0 - + EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0 pkg:maven/com.acme/tomcat-catalina@9.0.14?packaging=jar diff --git a/tests/_data/schemaTestData/1.6/valid-license-id-1.6.json b/tests/_data/schemaTestData/1.6/valid-license-id-1.6.json index 07ec492d..f66e2dfc 100644 --- a/tests/_data/schemaTestData/1.6/valid-license-id-1.6.json +++ b/tests/_data/schemaTestData/1.6/valid-license-id-1.6.json @@ -1,15 +1,36 @@ { + "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", "version": 1, "components": [ { - "type": "library", + "type": "application", "publisher": "Acme Inc", "group": "com.acme", "name": "tomcat-catalina", "version": "9.0.14", + "description": "Modified version of Apache Catalina", + "scope": "required", + "hashes": [ + { + "alg": "MD5", + "content": "3942447fac867ae5cdb3229b658f4d48" + }, + { + "alg": "SHA-1", + "content": "e6b1000b94e835ffd37f4c6dcbdad43f4b48a02a" + }, + { + "alg": "SHA-256", + "content": "f498a8ff2dd007e29c2074f5e4b01a9a01775c3ff3aeaf6906ea503bc5791b7b" + }, + { + "alg": "SHA-512", + "content": "e8f33e424f3f4ed6db76a482fde1a5298970e442c531729119e37991884bdffab4f9426b7ee11fccd074eeda0634d71697d6f88a460dce0ac8d627a29f7d1282" + } + ], "licenses": [ { "license": { @@ -18,7 +39,8 @@ "bom-ref": "my-license" } } - ] + ], + "purl": "pkg:maven/com.acme/tomcat-catalina@9.0.14?packaging=jar" } ] } diff --git a/tests/_data/schemaTestData/1.6/valid-license-licensing-1.6.json b/tests/_data/schemaTestData/1.6/valid-license-licensing-1.6.json index f3a8d3ad..613e38a0 100644 --- a/tests/_data/schemaTestData/1.6/valid-license-licensing-1.6.json +++ b/tests/_data/schemaTestData/1.6/valid-license-licensing-1.6.json @@ -1,4 +1,5 @@ { + "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", diff --git a/tests/_data/schemaTestData/1.6/valid-license-name-1.6.json b/tests/_data/schemaTestData/1.6/valid-license-name-1.6.json index dab01719..1afc8250 100644 --- a/tests/_data/schemaTestData/1.6/valid-license-name-1.6.json +++ b/tests/_data/schemaTestData/1.6/valid-license-name-1.6.json @@ -1,15 +1,36 @@ { + "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", "version": 1, "components": [ { - "type": "library", + "type": "application", "publisher": "Acme Inc", "group": "com.acme", "name": "tomcat-catalina", "version": "9.0.14", + "description": "Modified version of Apache Catalina", + "scope": "required", + "hashes": [ + { + "alg": "MD5", + "content": "3942447fac867ae5cdb3229b658f4d48" + }, + { + "alg": "SHA-1", + "content": "e6b1000b94e835ffd37f4c6dcbdad43f4b48a02a" + }, + { + "alg": "SHA-256", + "content": "f498a8ff2dd007e29c2074f5e4b01a9a01775c3ff3aeaf6906ea503bc5791b7b" + }, + { + "alg": "SHA-512", + "content": "e8f33e424f3f4ed6db76a482fde1a5298970e442c531729119e37991884bdffab4f9426b7ee11fccd074eeda0634d71697d6f88a460dce0ac8d627a29f7d1282" + } + ], "licenses": [ { "license": { @@ -17,7 +38,8 @@ "bom-ref": "my-license" } } - ] + ], + "purl": "pkg:maven/com.acme/tomcat-catalina@9.0.14?packaging=jar" } ] } diff --git a/tests/_data/schemaTestData/1.6/valid-machine-learning-1.6.json b/tests/_data/schemaTestData/1.6/valid-machine-learning-1.6.json index 0aeef9be..dbd0ea7b 100644 --- a/tests/_data/schemaTestData/1.6/valid-machine-learning-1.6.json +++ b/tests/_data/schemaTestData/1.6/valid-machine-learning-1.6.json @@ -1,4 +1,5 @@ { + "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", @@ -7,6 +8,7 @@ { "bom-ref": "component-a", "type": "machine-learning-model", + "publisher": "Acme Inc", "group": "CompVis", "name": "stable-diffusion", "version": "1.4", @@ -89,4 +91,4 @@ } } ] -} \ No newline at end of file +} diff --git a/tests/_data/schemaTestData/1.6/valid-machine-learning-1.6.xml b/tests/_data/schemaTestData/1.6/valid-machine-learning-1.6.xml index aff62682..6013b1c3 100644 --- a/tests/_data/schemaTestData/1.6/valid-machine-learning-1.6.xml +++ b/tests/_data/schemaTestData/1.6/valid-machine-learning-1.6.xml @@ -32,7 +32,7 @@ - string + byte[] @@ -66,7 +66,7 @@ Who are the intended users of the model? - What are the known technical limitations of the model? + What are the known technical limitations of the model? E.g. What kind(s) of data should the model be expected not to perform well on? What are the factors that might degrade model performance? What are the known tradeoffs in accuracy/performance of the model? diff --git a/tests/_data/schemaTestData/1.6/valid-machine-learning-considerations-env-1.6.json b/tests/_data/schemaTestData/1.6/valid-machine-learning-considerations-env-1.6.json index a7a0dbf5..07637f75 100644 --- a/tests/_data/schemaTestData/1.6/valid-machine-learning-considerations-env-1.6.json +++ b/tests/_data/schemaTestData/1.6/valid-machine-learning-considerations-env-1.6.json @@ -1,4 +1,5 @@ { + "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:ed5c5ba0-2be6-4b58-ac29-01a7fd375123", diff --git a/tests/_data/schemaTestData/1.6/valid-machine-learning-considerations-env-1.6.xml b/tests/_data/schemaTestData/1.6/valid-machine-learning-considerations-env-1.6.xml index 2b4938c1..d4c54bc4 100644 --- a/tests/_data/schemaTestData/1.6/valid-machine-learning-considerations-env-1.6.xml +++ b/tests/_data/schemaTestData/1.6/valid-machine-learning-considerations-env-1.6.xml @@ -7,7 +7,7 @@ meta meta-llama - llama-2-7b + Llama-2-7b https://huggingface.co/meta-llama/Llama-2-7b diff --git a/tests/_data/schemaTestData/1.6/valid-metadata-author-1.6.json b/tests/_data/schemaTestData/1.6/valid-metadata-author-1.6.json index c63b7065..196c0eca 100644 --- a/tests/_data/schemaTestData/1.6/valid-metadata-author-1.6.json +++ b/tests/_data/schemaTestData/1.6/valid-metadata-author-1.6.json @@ -1,4 +1,5 @@ { + "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", diff --git a/tests/_data/schemaTestData/1.6/valid-metadata-license-1.6.json b/tests/_data/schemaTestData/1.6/valid-metadata-license-1.6.json index 3ee6eebf..4861f5ab 100644 --- a/tests/_data/schemaTestData/1.6/valid-metadata-license-1.6.json +++ b/tests/_data/schemaTestData/1.6/valid-metadata-license-1.6.json @@ -1,4 +1,5 @@ { + "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", diff --git a/tests/_data/schemaTestData/1.6/valid-metadata-lifecycle-1.6.json b/tests/_data/schemaTestData/1.6/valid-metadata-lifecycle-1.6.json index fb39301a..275ba3da 100644 --- a/tests/_data/schemaTestData/1.6/valid-metadata-lifecycle-1.6.json +++ b/tests/_data/schemaTestData/1.6/valid-metadata-lifecycle-1.6.json @@ -1,4 +1,5 @@ { + "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", diff --git a/tests/_data/schemaTestData/1.6/valid-metadata-manufacture-1.6.json b/tests/_data/schemaTestData/1.6/valid-metadata-manufacture-1.6.json index bee88561..2c9b204a 100644 --- a/tests/_data/schemaTestData/1.6/valid-metadata-manufacture-1.6.json +++ b/tests/_data/schemaTestData/1.6/valid-metadata-manufacture-1.6.json @@ -1,4 +1,5 @@ { + "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", diff --git a/tests/_data/schemaTestData/1.6/valid-metadata-manufacturer-1.6.json b/tests/_data/schemaTestData/1.6/valid-metadata-manufacturer-1.6.json index 7fc82b90..0b373b3b 100644 --- a/tests/_data/schemaTestData/1.6/valid-metadata-manufacturer-1.6.json +++ b/tests/_data/schemaTestData/1.6/valid-metadata-manufacturer-1.6.json @@ -1,4 +1,5 @@ { + "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", diff --git a/tests/_data/schemaTestData/1.6/valid-metadata-supplier-1.6.json b/tests/_data/schemaTestData/1.6/valid-metadata-supplier-1.6.json index 42f98110..e212c7a1 100644 --- a/tests/_data/schemaTestData/1.6/valid-metadata-supplier-1.6.json +++ b/tests/_data/schemaTestData/1.6/valid-metadata-supplier-1.6.json @@ -1,4 +1,5 @@ { + "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", diff --git a/tests/_data/schemaTestData/1.6/valid-metadata-timestamp-1.6.json b/tests/_data/schemaTestData/1.6/valid-metadata-timestamp-1.6.json index 90200211..90c8f4ce 100644 --- a/tests/_data/schemaTestData/1.6/valid-metadata-timestamp-1.6.json +++ b/tests/_data/schemaTestData/1.6/valid-metadata-timestamp-1.6.json @@ -1,4 +1,5 @@ { + "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", diff --git a/tests/_data/schemaTestData/1.6/valid-metadata-timestamp-1.6.xml b/tests/_data/schemaTestData/1.6/valid-metadata-timestamp-1.6.xml index 1136bc46..ed8322eb 100644 --- a/tests/_data/schemaTestData/1.6/valid-metadata-timestamp-1.6.xml +++ b/tests/_data/schemaTestData/1.6/valid-metadata-timestamp-1.6.xml @@ -1,7 +1,7 @@ - 2020-04-07T07:01:00Z + 2020-04-13T20:20:39Z diff --git a/tests/_data/schemaTestData/1.6/valid-metadata-tool-1.6.json b/tests/_data/schemaTestData/1.6/valid-metadata-tool-1.6.json index 42f18480..9c7b8b58 100644 --- a/tests/_data/schemaTestData/1.6/valid-metadata-tool-1.6.json +++ b/tests/_data/schemaTestData/1.6/valid-metadata-tool-1.6.json @@ -1,4 +1,5 @@ { + "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", diff --git a/tests/_data/schemaTestData/1.6/valid-metadata-tool-deprecated-1.6.json b/tests/_data/schemaTestData/1.6/valid-metadata-tool-deprecated-1.6.json index 47c16bd9..485bdd11 100644 --- a/tests/_data/schemaTestData/1.6/valid-metadata-tool-deprecated-1.6.json +++ b/tests/_data/schemaTestData/1.6/valid-metadata-tool-deprecated-1.6.json @@ -1,4 +1,5 @@ { + "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", diff --git a/tests/_data/schemaTestData/1.6/valid-minimal-viable-1.6.json b/tests/_data/schemaTestData/1.6/valid-minimal-viable-1.6.json index 14bdabab..0ee56744 100644 --- a/tests/_data/schemaTestData/1.6/valid-minimal-viable-1.6.json +++ b/tests/_data/schemaTestData/1.6/valid-minimal-viable-1.6.json @@ -1,4 +1,5 @@ { + "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", diff --git a/tests/_data/schemaTestData/1.6/valid-patch-1.6.json b/tests/_data/schemaTestData/1.6/valid-patch-1.6.json index 56f3dec4..2bb68e50 100644 --- a/tests/_data/schemaTestData/1.6/valid-patch-1.6.json +++ b/tests/_data/schemaTestData/1.6/valid-patch-1.6.json @@ -1,4 +1,5 @@ { + "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", diff --git a/tests/_data/schemaTestData/1.6/valid-properties-1.6.json b/tests/_data/schemaTestData/1.6/valid-properties-1.6.json index 68c47f86..ad62c6f9 100644 --- a/tests/_data/schemaTestData/1.6/valid-properties-1.6.json +++ b/tests/_data/schemaTestData/1.6/valid-properties-1.6.json @@ -1,4 +1,5 @@ { + "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", diff --git a/tests/_data/schemaTestData/1.6/valid-release-notes-1.6.json b/tests/_data/schemaTestData/1.6/valid-release-notes-1.6.json index 759a710e..0be9e48a 100644 --- a/tests/_data/schemaTestData/1.6/valid-release-notes-1.6.json +++ b/tests/_data/schemaTestData/1.6/valid-release-notes-1.6.json @@ -1,4 +1,5 @@ { + "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", @@ -8,6 +9,12 @@ "type": "library", "name": "acme-example", "version": "1.0.0", + "externalReferences": [ + { + "type": "release-notes", + "url": "https://example.com/releases/1.0.0" + } + ], "releaseNotes": { "type": "major", "title": "My new release", @@ -37,7 +44,7 @@ "type": "security", "id": "CVE-2019-9997", "name": "CVE-2019-9997", - "description": "Great new feature that does something", + "description": "A security issue was fixed that did something bad", "source": { "name": "NVD", "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-9997" @@ -105,7 +112,7 @@ "flow": "outbound" }, { - "classification": "pubic", + "classification": "public", "flow": "bi-directional" }, { @@ -159,7 +166,7 @@ "type": "security", "id": "CVE-2019-9997", "name": "CVE-2019-9997", - "description": "Great new feature that does something", + "description": "A security issue was fixed that did something bad", "source": { "name": "NVD", "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-9997" diff --git a/tests/_data/schemaTestData/1.6/valid-release-notes-1.6.xml b/tests/_data/schemaTestData/1.6/valid-release-notes-1.6.xml index f7ce16b0..15caa355 100644 --- a/tests/_data/schemaTestData/1.6/valid-release-notes-1.6.xml +++ b/tests/_data/schemaTestData/1.6/valid-release-notes-1.6.xml @@ -4,6 +4,11 @@ acme-example 1.0.0 + + + https://example.com/releases/1.0.0 + + major My new release @@ -62,7 +67,7 @@ https://partner.org Support - support@partner + support@partner.org 800-555-1212 @@ -79,7 +84,7 @@ PII PIFI - pubic + public partner-data diff --git a/tests/_data/schemaTestData/1.6/valid-saasbom-1.6.json b/tests/_data/schemaTestData/1.6/valid-saasbom-1.6.json index 20709de8..0aa16dd0 100644 --- a/tests/_data/schemaTestData/1.6/valid-saasbom-1.6.json +++ b/tests/_data/schemaTestData/1.6/valid-saasbom-1.6.json @@ -1,4 +1,5 @@ { + "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", @@ -263,7 +264,7 @@ { "name": "MS-3 to S3", "description": "Data pushed from microservice-3 to S3 bucket", - "classification": "Public", + "classification": "PII", "flow": "inbound", "source": [ "urn:cdx:3e671687-395b-41f5-a30f-a58921a69b79/1#ms-3.example.com" @@ -300,4 +301,4 @@ "dependsOn": [ "s3-example.amazon.com" ] } ] -} \ No newline at end of file +} diff --git a/tests/_data/schemaTestData/1.6/valid-saasbom-1.6.xml b/tests/_data/schemaTestData/1.6/valid-saasbom-1.6.xml index e18c7b37..433cf3d9 100644 --- a/tests/_data/schemaTestData/1.6/valid-saasbom-1.6.xml +++ b/tests/_data/schemaTestData/1.6/valid-saasbom-1.6.xml @@ -14,7 +14,8 @@ https://example.com com.example - Stock ticker Service + Stock Ticker Service + 2022-1 https://example.com/ https://example.com/app @@ -24,15 +25,6 @@ Customer - - - - - Customer Name - - - - https://0.0.0.0 @@ -81,6 +73,8 @@ com.example Microservice 1 + 2022-1 + Example Microservice https://ms-1.example.com @@ -89,6 +83,15 @@ PII + + + + + Customer Name + + + + urn:cdx:3e671687-395b-41f5-a30f-a58921a69b79/1#stock-ticker-service @@ -119,6 +122,8 @@ com.example Microservice 2 + 2022-1 + Example Microservice https://ms-2.example.com @@ -126,7 +131,7 @@ Acme Private Zone - PII + PIFI urn:cdx:3e671687-395b-41f5-a30f-a58921a69b79/1#stock-ticker-service @@ -148,6 +153,8 @@ com.example Microservice 3 + 2022-1 + Example Microservice https://ms-3.example.com @@ -155,7 +162,7 @@ Acme Private Zone - PII + Public urn:cdx:3e671687-395b-41f5-a30f-a58921a69b79/1#stock-ticker-service @@ -209,7 +216,7 @@ Public Internet - Public + PII urn:cdx:3e671687-395b-41f5-a30f-a58921a69b79/1#ms-3.example.com diff --git a/tests/_data/schemaTestData/1.6/valid-service-1.6.json b/tests/_data/schemaTestData/1.6/valid-service-1.6.json index e48157b7..f5dc557d 100644 --- a/tests/_data/schemaTestData/1.6/valid-service-1.6.json +++ b/tests/_data/schemaTestData/1.6/valid-service-1.6.json @@ -1,4 +1,5 @@ { + "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", @@ -63,7 +64,7 @@ "flow": "outbound" }, { - "classification": "pubic", + "classification": "public", "flow": "bi-directional" }, { diff --git a/tests/_data/schemaTestData/1.6/valid-service-1.6.xml b/tests/_data/schemaTestData/1.6/valid-service-1.6.xml index 26ec8463..643effae 100644 --- a/tests/_data/schemaTestData/1.6/valid-service-1.6.xml +++ b/tests/_data/schemaTestData/1.6/valid-service-1.6.xml @@ -2,6 +2,7 @@ + Acme Inc com.acme stock-java-client 1.0.12 @@ -23,7 +24,7 @@ https://partner.org Support - support@partner + support@partner.org 800-555-1212 @@ -40,7 +41,7 @@ PII PIFI - pubic + public partner-data diff --git a/tests/_data/schemaTestData/1.6/valid-service-empty-objects-1.6.json b/tests/_data/schemaTestData/1.6/valid-service-empty-objects-1.6.json index d77ba2dc..7338836d 100644 --- a/tests/_data/schemaTestData/1.6/valid-service-empty-objects-1.6.json +++ b/tests/_data/schemaTestData/1.6/valid-service-empty-objects-1.6.json @@ -1,4 +1,5 @@ { + "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", diff --git a/tests/_data/schemaTestData/1.6/valid-signatures-1.6.json b/tests/_data/schemaTestData/1.6/valid-signatures-1.6.json index b5630f6d..5542c90e 100644 --- a/tests/_data/schemaTestData/1.6/valid-signatures-1.6.json +++ b/tests/_data/schemaTestData/1.6/valid-signatures-1.6.json @@ -1,4 +1,5 @@ { + "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", diff --git a/tests/_data/schemaTestData/1.6/valid-standard-1.6.json b/tests/_data/schemaTestData/1.6/valid-standard-1.6.json index ad6b4bab..3150227b 100644 --- a/tests/_data/schemaTestData/1.6/valid-standard-1.6.json +++ b/tests/_data/schemaTestData/1.6/valid-standard-1.6.json @@ -1,4 +1,5 @@ { + "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", @@ -21,6 +22,11 @@ "bom-ref": "requirement-1.1", "identifier": "v1.1", "title": "Title here", + "text": "Text here", + "descriptions": [ + "Requirement is described here", + "and here" + ], "parent": "requirement-1" }, { @@ -70,4 +76,4 @@ } ] } -} \ No newline at end of file +} diff --git a/tests/_data/schemaTestData/1.6/valid-standard-1.6.xml b/tests/_data/schemaTestData/1.6/valid-standard-1.6.xml index 7a36430a..cdf5c037 100644 --- a/tests/_data/schemaTestData/1.6/valid-standard-1.6.xml +++ b/tests/_data/schemaTestData/1.6/valid-standard-1.6.xml @@ -15,6 +15,11 @@ v1.1 Title here + Text here + + Requirement is described here + and here + requirement-1 diff --git a/tests/_data/schemaTestData/1.6/valid-tags-1.6.json b/tests/_data/schemaTestData/1.6/valid-tags-1.6.json index 0a4b286c..1052997b 100644 --- a/tests/_data/schemaTestData/1.6/valid-tags-1.6.json +++ b/tests/_data/schemaTestData/1.6/valid-tags-1.6.json @@ -1,4 +1,5 @@ { + "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", diff --git a/tests/_data/schemaTestData/1.6/valid-vulnerability-1.6.json b/tests/_data/schemaTestData/1.6/valid-vulnerability-1.6.json index c0f77d36..52bb70f1 100644 --- a/tests/_data/schemaTestData/1.6/valid-vulnerability-1.6.json +++ b/tests/_data/schemaTestData/1.6/valid-vulnerability-1.6.json @@ -1,4 +1,5 @@ { + "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", diff --git a/tests/_data/schemaTestData/1.6/valid-vulnerability-1.6.xml b/tests/_data/schemaTestData/1.6/valid-vulnerability-1.6.xml index 115b91d5..33a5412f 100644 --- a/tests/_data/schemaTestData/1.6/valid-vulnerability-1.6.xml +++ b/tests/_data/schemaTestData/1.6/valid-vulnerability-1.6.xml @@ -23,13 +23,6 @@ https://nvd.nist.gov/vuln/detail/CVE-2019-9997 - - CVE-2018-7489 - - NVD - https://nvd.nist.gov/vuln/detail/CVE-2019-9997 - - @@ -40,7 +33,7 @@ 9.8 critical CVSSv3 - AN/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H + AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H An optional reason for rating the vulnerability as it was @@ -101,7 +94,7 @@ - Acme Inf + Acme Inc Acme BOM Analyzer diff --git a/tools/schema-downloader.py b/tools/schema-downloader.py index 9292dd9e..d9e4a31c 100644 --- a/tools/schema-downloader.py +++ b/tools/schema-downloader.py @@ -19,7 +19,7 @@ from os.path import dirname, join from urllib.request import urlretrieve -SOURCE_ROOT = 'https://raw.githubusercontent.com/CycloneDX/specification/master/schema/' +SOURCE_ROOT = 'https://raw.githubusercontent.com/CycloneDX/specification/refs/tags/1.6.1/schema/' TARGET_ROOT = join(dirname(__file__), '..', 'cyclonedx', 'schema', '_res') BOM_XSD = {