Skip to content

Commit

Permalink
Merge pull request #234 from CycloneDX/v1.5-dev-fix-data-governance
Browse files Browse the repository at this point in the history 
Fixing missing data governance on service data
  • Loading branch information
@stevespringett
stevespringett authored Jun 2, 2023
2 parents 7dae289 + ec4add4 commit e22b417
Show file tree
Hide file tree
Showing 6 changed files with 115 additions and 76 deletions.
26 changes: 14 additions & 12 deletions schema/bom-1.5.proto
View file
Original file line number Diff line number Diff line change
Expand Up @@ -147,6 +147,8 @@ message DataFlow {
repeated string source = 5;
// The URI, URL, or BOM-Link of the components or services the data is sent to
repeated string destination = 6;
// Data Governance
optional DataGovernance governance = 7;
}

// Specifies the flow direction of the data. Valid values are: inbound, outbound, bi-directional, and unknown. Direction is relative to the service. Inbound flow states that data enters the service. Outbound flow states that data leaves the service. Bi-directional states that data flows both ways, and unknown states that the direction is not known.
Expand Down Expand Up @@ -1109,20 +1111,20 @@ message ComponentData {
// Provides the ability to document name-value parameters used for configuration.
repeated Property properties = 3;
}
}

message DataGovernance {
// Data custodians are responsible for the safe custody, transport, and storage of data.
repeated DataGovernanceResponsibleParty custodians = 1;
// Data stewards are responsible for data content, context, and associated business rules.
repeated DataGovernanceResponsibleParty stewards = 2;
// Data owners are concerned with risk and appropriate access to data.
repeated DataGovernanceResponsibleParty owners = 3;
message DataGovernance {
// Data custodians are responsible for the safe custody, transport, and storage of data.
repeated DataGovernanceResponsibleParty custodians = 1;
// Data stewards are responsible for data content, context, and associated business rules.
repeated DataGovernanceResponsibleParty stewards = 2;
// Data owners are concerned with risk and appropriate access to data.
repeated DataGovernanceResponsibleParty owners = 3;

message DataGovernanceResponsibleParty {
oneof choice {
OrganizationalEntity organization = 1;
OrganizationalContact contact = 2;
}
message DataGovernanceResponsibleParty {
oneof choice {
OrganizationalEntity organization = 1;
OrganizationalContact contact = 2;
}
}
}
Expand Down
53 changes: 31 additions & 22 deletions schema/bom-1.5.schema.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1313,6 +1313,11 @@
"Credit card information being exchanged in between the web app and the database"
]
},
"governance": {
"type": "object",
"title": "Data Governance",
"$ref": "#/definitions/dataGovernance"
},
"source": {
"type": "array",
"items": {
Expand Down Expand Up @@ -2548,28 +2553,32 @@
"governance": {
"type": "object",
"title": "Data Governance",
"description": "",
"additionalProperties": false,
"properties": {
"custodians": {
"type": "array",
"title": "Data Custodians",
"description": "Data custodians are responsible for the safe custody, transport, and storage of data.",
"items": { "$ref": "#/definitions/dataGovernanceResponsibleParty" }
},
"stewards": {
"type": "array",
"title": "Data Stewards",
"description": "Data stewards are responsible for data content, context, and associated business rules.",
"items": { "$ref": "#/definitions/dataGovernanceResponsibleParty" }
},
"owners": {
"type": "array",
"title": "Data Owners",
"description": "Data owners are concerned with risk and appropriate access to data.",
"items": { "$ref": "#/definitions/dataGovernanceResponsibleParty" }
}
}
"$ref": "#/definitions/dataGovernance"
}
}
},
"dataGovernance": {
"type": "object",
"title": "Data Governance",
"additionalProperties": false,
"properties": {
"custodians": {
"type": "array",
"title": "Data Custodians",
"description": "Data custodians are responsible for the safe custody, transport, and storage of data.",
"items": { "$ref": "#/definitions/dataGovernanceResponsibleParty" }
},
"stewards": {
"type": "array",
"title": "Data Stewards",
"description": "Data stewards are responsible for data content, context, and associated business rules.",
"items": { "$ref": "#/definitions/dataGovernanceResponsibleParty" }
},
"owners": {
"type": "array",
"title": "Data Owners",
"description": "Data owners are concerned with risk and appropriate access to data.",
"items": { "$ref": "#/definitions/dataGovernanceResponsibleParty" }
}
}
},
Expand Down
85 changes: 43 additions & 42 deletions schema/bom-1.5.xsd
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1826,6 +1826,7 @@ limitations under the License.
<xs:documentation>Specifies the data classification.</xs:documentation>
</xs:annotation>
</xs:element>
<xs:element name="governance" type="bom:dataGovernance" minOccurs="0" maxOccurs="1" />
<xs:element name="source" minOccurs="0" maxOccurs="1">
<xs:annotation>
<xs:documentation>The URI, URL, or BOM-Link of the components or services the data came in from.</xs:documentation>
Expand Down Expand Up @@ -3008,48 +3009,7 @@ limitations under the License.
</xs:documentation>
</xs:annotation>
</xs:element>
<xs:element name="governance" minOccurs="0" maxOccurs="1">
<xs:complexType>
<xs:sequence>
<xs:element name="custodians" minOccurs="0" maxOccurs="1">
<xs:annotation>
<xs:documentation>
Data custodians are responsible for the safe custody, transport, and storage of data.
</xs:documentation>
</xs:annotation>
<xs:complexType>
<xs:sequence>
<xs:element name="custodian" type="bom:organizationOrIndividualType" minOccurs="0" maxOccurs="unbounded"/>
</xs:sequence>
</xs:complexType>
</xs:element>
<xs:element name="stewards" minOccurs="0" maxOccurs="1">
<xs:annotation>
<xs:documentation>
Data stewards are responsible for data content, context, and associated business rules.
</xs:documentation>
</xs:annotation>
<xs:complexType>
<xs:sequence>
<xs:element name="steward" type="bom:organizationOrIndividualType" minOccurs="0" maxOccurs="unbounded"/>
</xs:sequence>
</xs:complexType>
</xs:element>
<xs:element name="owners" minOccurs="0" maxOccurs="1">
<xs:annotation>
<xs:documentation>
Data owners are concerned with risk and appropriate access to data.
</xs:documentation>
</xs:annotation>
<xs:complexType>
<xs:sequence>
<xs:element name="owner" type="bom:organizationOrIndividualType" minOccurs="0" maxOccurs="unbounded"/>
</xs:sequence>
</xs:complexType>
</xs:element>
</xs:sequence>
</xs:complexType>
</xs:element>
<xs:element name="governance" type="bom:dataGovernance" minOccurs="0" maxOccurs="1" />
</xs:sequence>
<xs:attribute name="bom-ref" type="bom:refType">
<xs:annotation>
Expand All @@ -3061,6 +3021,47 @@ limitations under the License.
</xs:attribute>
</xs:complexType>

<xs:complexType name="dataGovernance">
<xs:sequence>
<xs:element name="custodians" minOccurs="0" maxOccurs="1">
<xs:annotation>
<xs:documentation>
Data custodians are responsible for the safe custody, transport, and storage of data.
</xs:documentation>
</xs:annotation>
<xs:complexType>
<xs:sequence>
<xs:element name="custodian" type="bom:organizationOrIndividualType" minOccurs="0" maxOccurs="unbounded"/>
</xs:sequence>
</xs:complexType>
</xs:element>
<xs:element name="stewards" minOccurs="0" maxOccurs="1">
<xs:annotation>
<xs:documentation>
Data stewards are responsible for data content, context, and associated business rules.
</xs:documentation>
</xs:annotation>
<xs:complexType>
<xs:sequence>
<xs:element name="steward" type="bom:organizationOrIndividualType" minOccurs="0" maxOccurs="unbounded"/>
</xs:sequence>
</xs:complexType>
</xs:element>
<xs:element name="owners" minOccurs="0" maxOccurs="1">
<xs:annotation>
<xs:documentation>
Data owners are concerned with risk and appropriate access to data.
</xs:documentation>
</xs:annotation>
<xs:complexType>
<xs:sequence>
<xs:element name="owner" type="bom:organizationOrIndividualType" minOccurs="0" maxOccurs="unbounded"/>
</xs:sequence>
</xs:complexType>
</xs:element>
</xs:sequence>
</xs:complexType>

<xs:complexType name="organizationOrIndividualType">
<xs:choice>
<xs:element name="organization" type="bom:organizationalEntity" minOccurs="0" maxOccurs="1" />
Expand Down
9 changes: 9 additions & 0 deletions tools/src/test/resources/1.5/valid-saasbom-1.5.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -106,6 +106,15 @@
"description": "Traffic to/from stock service to microservice-1",
"classification": "PII",
"flow": "bi-directional",
"governance": {
"owners": [
{
"organization": {
"name": "Customer Name"
}
}
]
},
"source": [
"urn:cdx:3e671687-395b-41f5-a30f-a58921a69b79/1#stock-ticker-service"
],
Expand Down
9 changes: 9 additions & 0 deletions tools/src/test/resources/1.5/valid-saasbom-1.5.textproto
View file
Original file line number Diff line number Diff line change
Expand Up @@ -31,6 +31,15 @@ services {
value: "Customer"
name: "Consumer to Stock Service",
description: "Traffic to/from consumer to service"
governance: {
owners: [
{
organization: {
name: "Customer Name"
}
}
]
},
source: "https://0.0.0.0"
destination: "https://0.0.0.0"
}
Expand Down
9 changes: 9 additions & 0 deletions tools/src/test/resources/1.5/valid-saasbom-1.5.xml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -24,6 +24,15 @@
<data>
<dataflow name="Consumer to Stock Service" description="Traffic to/from consumer to service">
<classification flow="bi-directional">Customer</classification>
<governance>
<owners>
<owner>
<organization>
<name>Customer Name</name>
</organization>
</owner>
</owners>
</governance>
<source>
<url>https://0.0.0.0</url>
</source>
Expand Down

0 comments on commit e22b417

Please sign in to comment.