Updated docs

Signed-off-by: Steve Springett <[email protected]>
CycloneDX · Apr 25, 2023 · 332a05f · 332a05f
1 parent f0df2d2
commit 332a05f
Show file tree

Hide file tree

Showing 3 changed files with 8 additions and 7 deletions.
diff --git a/schema/bom-1.5.proto b/schema/bom-1.5.proto
@@ -29,7 +29,7 @@ message Bom {
   repeated ExternalReference external_references = 7;
   // Provides the ability to document dependency relationships.
   repeated Dependency dependencies = 8;
-  // Provides the ability to document aggregate completeness
+  // Compositions describe constituent parts (including components, services, and dependency relationships) and their completeness. Other inventory types such as vulnerabilities may also be described for completeness.
   repeated Composition compositions = 9;
   // Vulnerabilities identified in components or services.
   repeated Vulnerability vulnerabilities = 10;
@@ -568,11 +568,11 @@ enum Aggregate {
 }
 
 message Composition {
-  // Indicates the aggregate completeness
+  // Specifies an aggregate type that describe how complete a relationship is.
   Aggregate aggregate = 1;
-  // The assemblies the aggregate completeness applies to
+  // The bom-ref identifiers of the components or services being described. Assemblies refer to nested relationships whereby a constituent part may include other constituent parts. References do not cascade to child parts. References are explicit for the specified constituent part only. Other inventory types such as vulnerabilities may also be described.
   repeated string assemblies = 2;
-  // The dependencies the aggregate completeness applies to
+  // The bom-ref identifiers of the components or services being described. Dependencies refer to a relationship whereby an independent constituent part requires another independent constituent part. References do not cascade to transitive dependencies. References are explicit for the specified dependency only.
   repeated string dependencies = 3;
   // An optional identifier which can be used to reference the composition elsewhere in the BOM. Every bom-ref MUST be unique within the BOM.
   optional string bom_ref = 4;

diff --git a/schema/bom-1.5.schema.json b/schema/bom-1.5.schema.json
@@ -87,7 +87,7 @@
       "items": {"$ref": "#/definitions/compositions"},
       "uniqueItems": true,
       "title": "Compositions",
-      "description": "Compositions describe constituent parts (including components, services, and dependency relationships) and their completeness."
+      "description": "Compositions describe constituent parts (including components, services, and dependency relationships) and their completeness. Other inventory types such as vulnerabilities may also be described for completeness."
     },
     "vulnerabilities": {
       "type": "array",
@@ -1528,7 +1528,7 @@
             "type": "string"
           },
           "title": "BOM references",
-          "description": "The bom-ref identifiers of the components or services being described. Assemblies refer to nested relationships whereby a constituent part may include other constituent parts. References do not cascade to child parts. References are explicit for the specified constituent part only."
+          "description": "The bom-ref identifiers of the components or services being described. Assemblies refer to nested relationships whereby a constituent part may include other constituent parts. References do not cascade to child parts. References are explicit for the specified constituent part only. Other inventory types such as vulnerabilities may also be described."
         },
         "dependencies": {
           "type": "array",

diff --git a/schema/bom-1.5.xsd b/schema/bom-1.5.xsd
@@ -2104,6 +2104,7 @@ limitations under the License.
                         The bom-ref identifiers of the components or services being described. Assemblies refer to
                         nested relationships whereby a constituent part may include other constituent parts. References
                         do not cascade to child parts. References are explicit for the specified constituent part only.
+                        Other inventory types such as vulnerabilities may also be described.
                     </xs:documentation>
                 </xs:annotation>
                 <xs:complexType>
@@ -3213,7 +3214,7 @@ limitations under the License.
                 </xs:element>
                 <xs:element name="compositions" type="bom:compositionsType" minOccurs="0" maxOccurs="1">
                     <xs:annotation>
-                        <xs:documentation>Compositions describe constituent parts (including components, services, and dependency relationships) and their completeness.</xs:documentation>
+                        <xs:documentation>Compositions describe constituent parts (including components, services, and dependency relationships) and their completeness. Other inventory types such as vulnerabilities may also be described for completeness.</xs:documentation>
                     </xs:annotation>
                 </xs:element>
                 <xs:element name="properties" type="bom:propertiesType" minOccurs="0" maxOccurs="1">