From 55b59c27dd03a83eab264354b8ee6b3a5ad61bba Mon Sep 17 00:00:00 2001 From: Jan Kowalleck Date: Mon, 18 Nov 2024 09:13:11 +0100 Subject: [PATCH 1/2] feat: schema1.6.1 Signed-off-by: Jan Kowalleck --- cyclonedx/schema/_res/README.md | 2 +- .../schema/_res/bom-1.6.SNAPSHOT.schema.json | 154 +++++---- cyclonedx/schema/_res/bom-1.6.SNAPSHOT.xsd | 324 +++++++++++++----- tools/schema-downloader.py | 2 +- 4 files changed, 325 insertions(+), 157 deletions(-) diff --git a/cyclonedx/schema/_res/README.md b/cyclonedx/schema/_res/README.md index 33dab7bf8..9e68f8156 100644 --- a/cyclonedx/schema/_res/README.md +++ b/cyclonedx/schema/_res/README.md @@ -4,7 +4,7 @@ some schema for offline use as download via [script](../../../tools/schema-downl original sources: Currently using version -[5f3ee8066491d31ec6a6d02968243d9688d7e49c](https://github.com/CycloneDX/specification/commit/5f3ee8066491d31ec6a6d02968243d9688d7e49c) +[8a27bfd1be5be0dcb2c208a34d2f4fa0b6d75bd7](https://github.com/CycloneDX/specification/commit/8a27bfd1be5be0dcb2c208a34d2f4fa0b6d75bd7) | file | note | |------|------| diff --git a/cyclonedx/schema/_res/bom-1.6.SNAPSHOT.schema.json b/cyclonedx/schema/_res/bom-1.6.SNAPSHOT.schema.json index 3e6c92c96..bc61ce449 100644 --- a/cyclonedx/schema/_res/bom-1.6.SNAPSHOT.schema.json +++ b/cyclonedx/schema/_res/bom-1.6.SNAPSHOT.schema.json @@ -16,7 +16,7 @@ "bomFormat": { "type": "string", "title": "BOM Format", - "description": "Specifies the format of the BOM. This helps to identify the file as CycloneDX since BOMs do not have a filename convention, nor does JSON schema support namespaces. This value MUST be \"CycloneDX\".", + "description": "Specifies the format of the BOM. This helps to identify the file as CycloneDX since BOMs do not have a filename convention, nor does JSON schema support namespaces. This value must be \"CycloneDX\".", "enum": [ "CycloneDX" ] @@ -25,12 +25,12 @@ "type": "string", "title": "CycloneDX Specification Version", "description": "The version of the CycloneDX specification the BOM conforms to.", - "examples": ["1.6"] + "examples": ["1.6.1"] }, "serialNumber": { "type": "string", "title": "BOM Serial Number", - "description": "Every BOM generated SHOULD have a unique serial number, even if the contents of the BOM have not changed over time. If specified, the serial number MUST conform to RFC-4122. Use of serial numbers is RECOMMENDED.", + "description": "Every BOM generated SHOULD have a unique serial number, even if the contents of the BOM have not changed over time. If specified, the serial number must conform to [RFC 4122](https://www.ietf.org/rfc/rfc4122.html). Use of serial numbers is recommended.", "examples": ["urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79"], "pattern": "^urn:uuid:[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$" }, @@ -121,7 +121,7 @@ "bom-ref": { "$ref": "#/definitions/refType", "title": "BOM Reference", - "description": "An optional identifier which can be used to reference the object elsewhere in the BOM. Every bom-ref MUST be unique within the BOM." + "description": "An optional identifier which can be used to reference the object elsewhere in the BOM. Every bom-ref must be unique within the BOM." }, "thirdParty": { "type": "boolean", @@ -250,7 +250,7 @@ "bom-ref": { "$ref": "#/definitions/refType", "title": "BOM Reference", - "description": "An optional identifier which can be used to reference the object elsewhere in the BOM. Every bom-ref MUST be unique within the BOM." + "description": "An optional identifier which can be used to reference the object elsewhere in the BOM. Every bom-ref must be unique within the BOM." }, "target": { "$ref": "#/definitions/refLinkType", @@ -311,7 +311,7 @@ "bom-ref": { "$ref": "#/definitions/refType", "title": "BOM Reference", - "description": "An optional identifier which can be used to reference the object elsewhere in the BOM. Every bom-ref MUST be unique within the BOM." + "description": "An optional identifier which can be used to reference the object elsewhere in the BOM. Every bom-ref must be unique within the BOM." }, "propertyName": { "type": "string", @@ -433,6 +433,7 @@ "affirmation": { "type": "object", "title": "Affirmation", + "description": "A concise statement affirmed by an individual regarding all declarations, often used for third-party auditor acceptance or recipient acknowledgment. It includes a list of authorized signatories who assert the validity of the document on behalf of the organization.", "additionalProperties": false, "properties": { "statement": { @@ -519,7 +520,7 @@ "properties": { "type": "array", "title": "Properties", - "description": "Provides the ability to document properties in a name-value store. This provides flexibility to include data not officially supported in the standard without having to use additional namespaces or create extensions. Unlike key-value stores, properties support duplicate names, each potentially having different values. Property names of interest to the general public are encouraged to be registered in the [CycloneDX Property Taxonomy](https://github.com/CycloneDX/cyclonedx-property-taxonomy). Formal registration is OPTIONAL.", + "description": "Provides the ability to document properties in a name-value store. This provides flexibility to include data not officially supported in the standard without having to use additional namespaces or create extensions. Unlike key-value stores, properties support duplicate names, each potentially having different values. Property names of interest to the general public are encouraged to be registered in the [CycloneDX Property Taxonomy](https://github.com/CycloneDX/cyclonedx-property-taxonomy). Formal registration is optional.", "items": { "$ref": "#/definitions/property" } @@ -709,7 +710,7 @@ "properties": { "type": "array", "title": "Properties", - "description": "Provides the ability to document properties in a name-value store. This provides flexibility to include data not officially supported in the standard without having to use additional namespaces or create extensions. Unlike key-value stores, properties support duplicate names, each potentially having different values. Property names of interest to the general public are encouraged to be registered in the [CycloneDX Property Taxonomy](https://github.com/CycloneDX/cyclonedx-property-taxonomy). Formal registration is OPTIONAL.", + "description": "Provides the ability to document properties in a name-value store. This provides flexibility to include data not officially supported in the standard without having to use additional namespaces or create extensions. Unlike key-value stores, properties support duplicate names, each potentially having different values. Property names of interest to the general public are encouraged to be registered in the [CycloneDX Property Taxonomy](https://github.com/CycloneDX/cyclonedx-property-taxonomy). Formal registration is optional.", "items": {"$ref": "#/definitions/property"} } } @@ -752,13 +753,12 @@ "organizationalEntity": { "type": "object", "title": "Organizational Entity", - "description": "", "additionalProperties": false, "properties": { "bom-ref": { "$ref": "#/definitions/refType", "title": "BOM Reference", - "description": "An optional identifier which can be used to reference the object elsewhere in the BOM. Every bom-ref MUST be unique within the BOM.\nValue SHOULD not start with the BOM-Link intro 'urn:cdx:' to avoid conflicts with BOM-Links." + "description": "An optional identifier which can be used to reference the object elsewhere in the BOM. Every bom-ref must be unique within the BOM.\nValue SHOULD not start with the BOM-Link intro 'urn:cdx:' to avoid conflicts with BOM-Links." }, "name": { "type": "string", @@ -794,13 +794,12 @@ "organizationalContact": { "type": "object", "title": "Organizational Contact", - "description": "", "additionalProperties": false, "properties": { "bom-ref": { "$ref": "#/definitions/refType", "title": "BOM Reference", - "description": "An optional identifier which can be used to reference the object elsewhere in the BOM. Every bom-ref MUST be unique within the BOM.\nValue SHOULD not start with the BOM-Link intro 'urn:cdx:' to avoid conflicts with BOM-Links." + "description": "An optional identifier which can be used to reference the object elsewhere in the BOM. Every bom-ref must be unique within the BOM.\nValue SHOULD not start with the BOM-Link intro 'urn:cdx:' to avoid conflicts with BOM-Links." }, "name": { "type": "string", @@ -852,7 +851,7 @@ "meta:enum": { "application": "A software application. Refer to [https://en.wikipedia.org/wiki/Application_software](https://en.wikipedia.org/wiki/Application_software) for information about applications.", "framework": "A software framework. Refer to [https://en.wikipedia.org/wiki/Software_framework](https://en.wikipedia.org/wiki/Software_framework) for information on how frameworks vary slightly from libraries.", - "library": "A software library. Refer to [https://en.wikipedia.org/wiki/Library_(computing)](https://en.wikipedia.org/wiki/Library_(computing)) for information about libraries. All third-party and open source reusable components will likely be a library. If the library also has key features of a framework, then it should be classified as a framework. If not, or is unknown, then specifying library is RECOMMENDED.", + "library": "A software library. Refer to [https://en.wikipedia.org/wiki/Library_(computing)](https://en.wikipedia.org/wiki/Library_(computing)) for information about libraries. All third-party and open source reusable components will likely be a library. If the library also has key features of a framework, then it should be classified as a framework. If not, or is unknown, then specifying library is recommended.", "container": "A packaging and/or runtime format, not specific to any particular technology, which isolates software inside the container from software outside of a container through virtualization technology. Refer to [https://en.wikipedia.org/wiki/OS-level_virtualization](https://en.wikipedia.org/wiki/OS-level_virtualization).", "platform": "A runtime environment which interprets or executes software. This may include runtimes such as those that execute bytecode or low-code/no-code application platforms.", "operating-system": "A software operating system without regard to deployment model (i.e. installed on physical hardware, virtual machine, image, etc) Refer to [https://en.wikipedia.org/wiki/Operating_system](https://en.wikipedia.org/wiki/Operating_system).", @@ -878,7 +877,7 @@ "bom-ref": { "$ref": "#/definitions/refType", "title": "BOM Reference", - "description": "An optional identifier which can be used to reference the component elsewhere in the BOM. Every bom-ref MUST be unique within the BOM.\nValue SHOULD not start with the BOM-Link intro 'urn:cdx:' to avoid conflicts with BOM-Links." + "description": "An optional identifier which can be used to reference the component elsewhere in the BOM. Every bom-ref must be unique within the BOM.\nValue SHOULD not start with the BOM-Link intro 'urn:cdx:' to avoid conflicts with BOM-Links." }, "supplier": { "title": "Component Supplier", @@ -972,13 +971,13 @@ "purl": { "type": "string", "title": "Package URL (purl)", - "description": "Asserts the identity of the component using package-url (purl). The purl, if specified, MUST be valid and conform to the specification defined at: [https://github.com/package-url/purl-spec](https://github.com/package-url/purl-spec). Refer to `@.evidence.identity` to optionally provide evidence that substantiates the assertion of the component's identity.", + "description": "Asserts the identity of the component using package-url (purl). The purl, if specified, must be valid and conform to the specification defined at: [https://github.com/package-url/purl-spec](https://github.com/package-url/purl-spec). Refer to `@.evidence.identity` to optionally provide evidence that substantiates the assertion of the component's identity.", "examples": ["pkg:maven/com.acme/tomcat-catalina@9.0.14?packaging=jar"] }, "omniborId": { "type": "array", "title": "OmniBOR Artifact Identifier (gitoid)", - "description": "Asserts the identity of the component using the OmniBOR Artifact ID. The OmniBOR, if specified, MUST be valid and conform to the specification defined at: [https://www.iana.org/assignments/uri-schemes/prov/gitoid](https://www.iana.org/assignments/uri-schemes/prov/gitoid). Refer to `@.evidence.identity` to optionally provide evidence that substantiates the assertion of the component's identity.", + "description": "Asserts the identity of the component using the OmniBOR Artifact ID. The OmniBOR, if specified, must be valid and conform to the specification defined at: [https://www.iana.org/assignments/uri-schemes/prov/gitoid](https://www.iana.org/assignments/uri-schemes/prov/gitoid). Refer to `@.evidence.identity` to optionally provide evidence that substantiates the assertion of the component's identity.", "items": { "type": "string" }, "examples": [ "gitoid:blob:sha1:a94a8fe5ccb19ba61c4c0873d391e987982fbbd3", @@ -987,8 +986,8 @@ }, "swhid": { "type": "array", - "title": "SoftWare Heritage Identifier", - "description": "Asserts the identity of the component using the Software Heritage persistent identifier (SWHID). The SWHID, if specified, MUST be valid and conform to the specification defined at: [https://docs.softwareheritage.org/devel/swh-model/persistent-identifiers.html](https://docs.softwareheritage.org/devel/swh-model/persistent-identifiers.html). Refer to `@.evidence.identity` to optionally provide evidence that substantiates the assertion of the component's identity.", + "title": "Software Heritage Identifier", + "description": "Asserts the identity of the component using the Software Heritage persistent identifier (SWHID). The SWHID, if specified, must be valid and conform to the specification defined at: [https://docs.softwareheritage.org/devel/swh-model/persistent-identifiers.html](https://docs.softwareheritage.org/devel/swh-model/persistent-identifiers.html). Refer to `@.evidence.identity` to optionally provide evidence that substantiates the assertion of the component's identity.", "items": { "type": "string" }, "examples": ["swh:1:cnt:94a9ed024d3859793618152ea559a168bbcbb5e2"] }, @@ -1076,7 +1075,7 @@ "type": "array", "items": {"$ref": "#/definitions/componentData"}, "title": "Data", - "description": "This object SHOULD be specified for any component of type `data` and MUST NOT be specified for other component types." + "description": "This object SHOULD be specified for any component of type `data` and must not be specified for other component types." }, "cryptoProperties": { "$ref": "#/definitions/cryptoProperties", @@ -1085,7 +1084,7 @@ "properties": { "type": "array", "title": "Properties", - "description": "Provides the ability to document properties in a name-value store. This provides flexibility to include data not officially supported in the standard without having to use additional namespaces or create extensions. Unlike key-value stores, properties support duplicate names, each potentially having different values. Property names of interest to the general public are encouraged to be registered in the [CycloneDX Property Taxonomy](https://github.com/CycloneDX/cyclonedx-property-taxonomy). Formal registration is OPTIONAL.", + "description": "Provides the ability to document properties in a name-value store. This provides flexibility to include data not officially supported in the standard without having to use additional namespaces or create extensions. Unlike key-value stores, properties support duplicate names, each potentially having different values. Property names of interest to the general public are encouraged to be registered in the [CycloneDX Property Taxonomy](https://github.com/CycloneDX/cyclonedx-property-taxonomy). Formal registration is optional.", "items": {"$ref": "#/definitions/property"} }, "tags": { @@ -1162,8 +1161,13 @@ "contentType": { "type": "string", "title": "Content-Type", - "description": "Specifies the content type of the text. Defaults to text/plain if not specified.", - "default": "text/plain" + "description": "Specifies the format and nature of the data being attached, helping systems correctly interpret and process the content. Common content type examples include `application/json` for JSON data and `text/plain` for plan text documents.\n [RFC 2045 section 5.1](https://www.ietf.org/rfc/rfc2045.html#section-5.1) outlines the structure and use of content types. For a comprehensive list of registered content types, refer to the [IANA media types registry](https://www.iana.org/assignments/media-types/media-types.xhtml).", + "default": "text/plain", + "examples": [ + "text/plain", + "application/json", + "image/png" + ] }, "encoding": { "type": "string", @@ -1229,6 +1233,7 @@ "license": { "type": "object", "title": "License", + "description": "Specifies the details and attributes related to a software license. It can either include a valid SPDX license identifier or a named license, along with additional properties such as license acknowledgment, comprehensive commercial licensing information, and the full text of the license.", "oneOf": [ { "required": ["id"] @@ -1242,18 +1247,18 @@ "bom-ref": { "$ref": "#/definitions/refType", "title": "BOM Reference", - "description": "An optional identifier which can be used to reference the license elsewhere in the BOM. Every bom-ref MUST be unique within the BOM.\nValue SHOULD not start with the BOM-Link intro 'urn:cdx:' to avoid conflicts with BOM-Links." + "description": "An optional identifier which can be used to reference the license elsewhere in the BOM. Every bom-ref must be unique within the BOM.\nValue SHOULD not start with the BOM-Link intro 'urn:cdx:' to avoid conflicts with BOM-Links." }, "id": { "$ref": "spdx.SNAPSHOT.schema.json", "title": "License ID (SPDX)", - "description": "A valid SPDX license ID", + "description": "A valid SPDX license identifier. If specified, this value must be one of the enumeration of valid SPDX license identifiers defined in the spdx.SNAPSHOT.schema.json (or spdx.xml) subschema which is synchronized with the official SPDX license list.", "examples": ["Apache-2.0"] }, "name": { "type": "string", "title": "License Name", - "description": "If SPDX does not define the license used, this field may be used to provide the license name", + "description": "The name of the license. This may include the name of a commercial or proprietary license or an open source license that may not be defined by SPDX.", "examples": ["Acme Software License"] }, "acknowledgement": { @@ -1429,7 +1434,7 @@ "properties": { "type": "array", "title": "Properties", - "description": "Provides the ability to document properties in a name-value store. This provides flexibility to include data not officially supported in the standard without having to use additional namespaces or create extensions. Unlike key-value stores, properties support duplicate names, each potentially having different values. Property names of interest to the general public are encouraged to be registered in the [CycloneDX Property Taxonomy](https://github.com/CycloneDX/cyclonedx-property-taxonomy). Formal registration is OPTIONAL.", + "description": "Provides the ability to document properties in a name-value store. This provides flexibility to include data not officially supported in the standard without having to use additional namespaces or create extensions. Unlike key-value stores, properties support duplicate names, each potentially having different values. Property names of interest to the general public are encouraged to be registered in the [CycloneDX Property Taxonomy](https://github.com/CycloneDX/cyclonedx-property-taxonomy). Formal registration is optional.", "items": {"$ref": "#/definitions/property"} } } @@ -1493,7 +1498,7 @@ "bom-ref": { "$ref": "#/definitions/refType", "title": "BOM Reference", - "description": "An optional identifier which can be used to reference the license elsewhere in the BOM. Every bom-ref MUST be unique within the BOM.\nValue SHOULD not start with the BOM-Link intro 'urn:cdx:' to avoid conflicts with BOM-Links." + "description": "An optional identifier which can be used to reference the license elsewhere in the BOM. Every bom-ref must be unique within the BOM.\nValue SHOULD not start with the BOM-Link intro 'urn:cdx:' to avoid conflicts with BOM-Links." } } }] @@ -1810,10 +1815,10 @@ "certification-report": "Industry, regulatory, or other certification from an accredited (if applicable) certification body.", "codified-infrastructure": "Code or configuration that defines and provisions virtualized infrastructure, commonly referred to as Infrastructure as Code (IaC).", "quality-metrics": "Report or system in which quality metrics can be obtained.", - "poam": "Plans of Action and Milestones (POAM) complement an \"attestation\" external reference. POAM is defined by NIST as a \"document that identifies tasks needing to be accomplished. It details resources required to accomplish the elements of the plan, any milestones in meeting the tasks and scheduled completion dates for the milestones\".", + "poam": "Plans of Action and Milestones (POA&M) complement an \"attestation\" external reference. POA&M is defined by NIST as a \"document that identifies tasks needing to be accomplished. It details resources required to accomplish the elements of the plan, any milestones in meeting the tasks and scheduled completion dates for the milestones\".", "electronic-signature": "An e-signature is commonly a scanned representation of a written signature or a stylized script of the person's name.", "digital-signature": "A signature that leverages cryptography, typically public/private key pairs, which provides strong authenticity verification.", - "rfc-9116": "Document that complies with RFC-9116 (A File Format to Aid in Security Vulnerability Disclosure)", + "rfc-9116": "Document that complies with [RFC 9116](https://www.ietf.org/rfc/rfc9116.html) (A File Format to Aid in Security Vulnerability Disclosure)", "other": "Use this if no other types accurately describe the purpose of the external reference." } }, @@ -1828,7 +1833,7 @@ "dependency": { "type": "object", "title": "Dependency", - "description": "Defines the direct dependencies of a component, service, or the components provided/implemented by a given component. Components or services that do not have their own dependencies MUST be declared as empty elements within the graph. Components or services that are not represented in the dependency graph MAY have unknown dependencies. It is RECOMMENDED that implementations assume this to be opaque and not an indicator of an object being dependency-free. It is RECOMMENDED to leverage compositions to indicate unknown dependency graphs.", + "description": "Defines the direct dependencies of a component, service, or the components provided/implemented by a given component. Components or services that do not have their own dependencies must be declared as empty elements within the graph. Components or services that are not represented in the dependency graph may have unknown dependencies. It is recommended that implementations assume this to be opaque and not an indicator of an object being dependency-free. It is recommended to leverage compositions to indicate unknown dependency graphs.", "required": [ "ref" ], @@ -1870,7 +1875,7 @@ "bom-ref": { "$ref": "#/definitions/refType", "title": "BOM Reference", - "description": "An optional identifier which can be used to reference the service elsewhere in the BOM. Every bom-ref MUST be unique within the BOM.\nValue SHOULD not start with the BOM-Link intro 'urn:cdx:' to avoid conflicts with BOM-Links." + "description": "An optional identifier which can be used to reference the service elsewhere in the BOM. Every bom-ref must be unique within the BOM.\nValue SHOULD not start with the BOM-Link intro 'urn:cdx:' to avoid conflicts with BOM-Links." }, "provider": { "title": "Provider", @@ -1932,7 +1937,7 @@ }, "licenses": { "$ref": "#/definitions/licenseChoice", - "title": "Component License(s)" + "title": "Service License(s)" }, "externalReferences": { "type": "array", @@ -1955,7 +1960,7 @@ "properties": { "type": "array", "title": "Properties", - "description": "Provides the ability to document properties in a name-value store. This provides flexibility to include data not officially supported in the standard without having to use additional namespaces or create extensions. Unlike key-value stores, properties support duplicate names, each potentially having different values. Property names of interest to the general public are encouraged to be registered in the [CycloneDX Property Taxonomy](https://github.com/CycloneDX/cyclonedx-property-taxonomy). Formal registration is OPTIONAL.", + "description": "Provides the ability to document properties in a name-value store. This provides flexibility to include data not officially supported in the standard without having to use additional namespaces or create extensions. Unlike key-value stores, properties support duplicate names, each potentially having different values. Property names of interest to the general public are encouraged to be registered in the [CycloneDX Property Taxonomy](https://github.com/CycloneDX/cyclonedx-property-taxonomy). Formal registration is optional.", "items": {"$ref": "#/definitions/property"} }, "tags": { @@ -2064,6 +2069,7 @@ "copyright": { "type": "object", "title": "Copyright", + "description": "A copyright notice informing users of the underlying claims to copyright ownership in a published work.", "required": [ "text" ], @@ -2071,7 +2077,8 @@ "properties": { "text": { "type": "string", - "title": "Copyright Text" + "title": "Copyright Text", + "description": "The textual content of the copyright." } } }, @@ -2083,7 +2090,7 @@ "properties": { "identity": { "title": "Identity Evidence", - "description": "Evidence that substantiates the identity of a component. The identify may be an object or an array of identity objects. Support for specifying identify as a single object was introduced in CycloneDX v1.5. Arrays were introduced in v1.6. It is RECOMMENDED that all implementations use arrays, even if only one identity object is specified.", + "description": "Evidence that substantiates the identity of a component. The identity may be an object or an array of identity objects. Support for specifying identity as a single object was introduced in CycloneDX v1.5. Arrays were introduced in v1.6. It is recommended that all implementations use arrays, even if only one identity object is specified.", "oneOf" : [ { "type": "array", @@ -2110,7 +2117,7 @@ "bom-ref": { "$ref": "#/definitions/refType", "title": "BOM Reference", - "description": "An optional identifier which can be used to reference the occurrence elsewhere in the BOM. Every bom-ref MUST be unique within the BOM.\nValue SHOULD not start with the BOM-Link intro 'urn:cdx:' to avoid conflicts with BOM-Links." + "description": "An optional identifier which can be used to reference the occurrence elsewhere in the BOM. Every bom-ref must be unique within the BOM.\nValue SHOULD not start with the BOM-Link intro 'urn:cdx:' to avoid conflicts with BOM-Links." }, "location": { "type": "string", @@ -2225,7 +2232,7 @@ "bom-ref": { "$ref": "#/definitions/refType", "title": "BOM Reference", - "description": "An optional identifier which can be used to reference the composition elsewhere in the BOM. Every bom-ref MUST be unique within the BOM.\nValue SHOULD not start with the BOM-Link intro 'urn:cdx:' to avoid conflicts with BOM-Links." + "description": "An optional identifier which can be used to reference the composition elsewhere in the BOM. Every bom-ref must be unique within the BOM.\nValue SHOULD not start with the BOM-Link intro 'urn:cdx:' to avoid conflicts with BOM-Links." }, "aggregate": { "$ref": "#/definitions/aggregateType", @@ -2306,7 +2313,7 @@ "property": { "type": "object", "title": "Lightweight name-value pair", - "description": "Provides the ability to document properties in a name-value store. This provides flexibility to include data not officially supported in the standard without having to use additional namespaces or create extensions. Unlike key-value stores, properties support duplicate names, each potentially having different values. Property names of interest to the general public are encouraged to be registered in the [CycloneDX Property Taxonomy](https://github.com/CycloneDX/cyclonedx-property-taxonomy). Formal registration is OPTIONAL.", + "description": "Provides the ability to document properties in a name-value store. This provides flexibility to include data not officially supported in the standard without having to use additional namespaces or create extensions. Unlike key-value stores, properties support duplicate names, each potentially having different values. Property names of interest to the general public are encouraged to be registered in the [CycloneDX Property Taxonomy](https://github.com/CycloneDX/cyclonedx-property-taxonomy). Formal registration is optional.", "required": [ "name" ], @@ -2328,7 +2335,7 @@ "type": "string", "pattern": "^([a-z]{2})(-[A-Z]{2})?$", "title": "Locale", - "description": "Defines a syntax for representing two character language code (ISO-639) followed by an optional two character country code. The language code MUST be lower case. If the country code is specified, the country code MUST be upper case. The language code and country code MUST be separated by a minus sign. Examples: en, en-US, fr, fr-CA" + "description": "Defines a syntax for representing two character language code (ISO-639) followed by an optional two character country code. The language code must be lower case. If the country code is specified, the country code must be upper case. The language code and country code must be separated by a minus sign. Examples: en, en-US, fr, fr-CA" }, "releaseType": { "type": "string", @@ -2339,7 +2346,7 @@ "pre-release", "internal" ], - "description": "The software versioning type. It is RECOMMENDED that the release type use one of 'major', 'minor', 'patch', 'pre-release', or 'internal'. Representing all possible software release types is not practical, so standardizing on the recommended values, whenever possible, is strongly encouraged.\n\n* __major__ = A major release may contain significant changes or may introduce breaking changes.\n* __minor__ = A minor release, also known as an update, may contain a smaller number of changes than major releases.\n* __patch__ = Patch releases are typically unplanned and may resolve defects or important security issues.\n* __pre-release__ = A pre-release may include alpha, beta, or release candidates and typically have limited support. They provide the ability to preview a release prior to its general availability.\n* __internal__ = Internal releases are not for public consumption and are intended to be used exclusively by the project or manufacturer that produced it." + "description": "The software versioning type. It is recommended that the release type use one of 'major', 'minor', 'patch', 'pre-release', or 'internal'. Representing all possible software release types is not practical, so standardizing on the recommended values, whenever possible, is strongly encouraged.\n\n* __major__ = A major release may contain significant changes or may introduce breaking changes.\n* __minor__ = A minor release, also known as an update, may contain a smaller number of changes than major releases.\n* __patch__ = Patch releases are typically unplanned and may resolve defects or important security issues.\n* __pre-release__ = A pre-release may include alpha, beta, or release candidates and typically have limited support. They provide the ability to preview a release prior to its general availability.\n* __internal__ = Internal releases are not for public consumption and are intended to be used exclusively by the project or manufacturer that produced it." }, "note": { "type": "object", @@ -2430,7 +2437,7 @@ "properties": { "type": "array", "title": "Properties", - "description": "Provides the ability to document properties in a name-value store. This provides flexibility to include data not officially supported in the standard without having to use additional namespaces or create extensions. Unlike key-value stores, properties support duplicate names, each potentially having different values. Property names of interest to the general public are encouraged to be registered in the [CycloneDX Property Taxonomy](https://github.com/CycloneDX/cyclonedx-property-taxonomy). Formal registration is OPTIONAL.", + "description": "Provides the ability to document properties in a name-value store. This provides flexibility to include data not officially supported in the standard without having to use additional namespaces or create extensions. Unlike key-value stores, properties support duplicate names, each potentially having different values. Property names of interest to the general public are encouraged to be registered in the [CycloneDX Property Taxonomy](https://github.com/CycloneDX/cyclonedx-property-taxonomy). Formal registration is optional.", "items": {"$ref": "#/definitions/property"} } } @@ -2626,7 +2633,7 @@ "bom-ref": { "$ref": "#/definitions/refType", "title": "BOM Reference", - "description": "An optional identifier which can be used to reference the vulnerability elsewhere in the BOM. Every bom-ref MUST be unique within the BOM.\nValue SHOULD not start with the BOM-Link intro 'urn:cdx:' to avoid conflicts with BOM-Links." + "description": "An optional identifier which can be used to reference the vulnerability elsewhere in the BOM. Every bom-ref must be unique within the BOM.\nValue SHOULD not start with the BOM-Link intro 'urn:cdx:' to avoid conflicts with BOM-Links." }, "id": { "type": "string", @@ -2941,7 +2948,7 @@ "properties": { "type": "array", "title": "Properties", - "description": "Provides the ability to document properties in a name-value store. This provides flexibility to include data not officially supported in the standard without having to use additional namespaces or create extensions. Unlike key-value stores, properties support duplicate names, each potentially having different values. Property names of interest to the general public are encouraged to be registered in the [CycloneDX Property Taxonomy](https://github.com/CycloneDX/cyclonedx-property-taxonomy). Formal registration is OPTIONAL.", + "description": "Provides the ability to document properties in a name-value store. This provides flexibility to include data not officially supported in the standard without having to use additional namespaces or create extensions. Unlike key-value stores, properties support duplicate names, each potentially having different values. Property names of interest to the general public are encouraged to be registered in the [CycloneDX Property Taxonomy](https://github.com/CycloneDX/cyclonedx-property-taxonomy). Formal registration is optional.", "items": { "$ref": "#/definitions/property" } @@ -3008,7 +3015,7 @@ "bom-ref": { "$ref": "#/definitions/refType", "title": "BOM Reference", - "description": "An optional identifier which can be used to reference the annotation elsewhere in the BOM. Every bom-ref MUST be unique within the BOM.\nValue SHOULD not start with the BOM-Link intro 'urn:cdx:' to avoid conflicts with BOM-Links." + "description": "An optional identifier which can be used to reference the annotation elsewhere in the BOM. Every bom-ref must be unique within the BOM.\nValue SHOULD not start with the BOM-Link intro 'urn:cdx:' to avoid conflicts with BOM-Links." }, "subjects": { "type": "array", @@ -3096,13 +3103,13 @@ "$comment": "Model card support in CycloneDX is derived from TensorFlow Model Card Toolkit released under the Apache 2.0 license and available from https://github.com/tensorflow/model-card-toolkit/blob/main/model_card_toolkit/schema/v0.0.2/model_card.schema.json. In addition, CycloneDX model card support includes portions of VerifyML, also released under the Apache 2.0 license and available from https://github.com/cylynx/verifyml/blob/main/verifyml/model_card_toolkit/schema/v0.0.4/model_card.schema.json.", "type": "object", "title": "Model Card", - "description": "A model card describes the intended uses of a machine learning model and potential limitations, including biases and ethical considerations. Model cards typically contain the training parameters, which datasets were used to train the model, performance metrics, and other relevant data useful for ML transparency. This object SHOULD be specified for any component of type `machine-learning-model` and MUST NOT be specified for other component types.", + "description": "A model card describes the intended uses of a machine learning model and potential limitations, including biases and ethical considerations. Model cards typically contain the training parameters, which datasets were used to train the model, performance metrics, and other relevant data useful for ML transparency. This object SHOULD be specified for any component of type `machine-learning-model` and must not be specified for other component types.", "additionalProperties": false, "properties": { "bom-ref": { "$ref": "#/definitions/refType", "title": "BOM Reference", - "description": "An optional identifier which can be used to reference the model card elsewhere in the BOM. Every bom-ref MUST be unique within the BOM.\nValue SHOULD not start with the BOM-Link intro 'urn:cdx:' to avoid conflicts with BOM-Links." + "description": "An optional identifier which can be used to reference the model card elsewhere in the BOM. Every bom-ref must be unique within the BOM.\nValue SHOULD not start with the BOM-Link intro 'urn:cdx:' to avoid conflicts with BOM-Links." }, "modelParameters": { "type": "object", @@ -3179,6 +3186,7 @@ } ], "title": "Reference", + "type": "string", "description": "References a data component by the components bom-ref attribute" } } @@ -3277,7 +3285,7 @@ "properties": { "type": "array", "title": "Properties", - "description": "Provides the ability to document properties in a name-value store. This provides flexibility to include data not officially supported in the standard without having to use additional namespaces or create extensions. Unlike key-value stores, properties support duplicate names, each potentially having different values. Property names of interest to the general public are encouraged to be registered in the [CycloneDX Property Taxonomy](https://github.com/CycloneDX/cyclonedx-property-taxonomy). Formal registration is OPTIONAL.", + "description": "Provides the ability to document properties in a name-value store. This provides flexibility to include data not officially supported in the standard without having to use additional namespaces or create extensions. Unlike key-value stores, properties support duplicate names, each potentially having different values. Property names of interest to the general public are encouraged to be registered in the [CycloneDX Property Taxonomy](https://github.com/CycloneDX/cyclonedx-property-taxonomy). Formal registration is optional.", "items": {"$ref": "#/definitions/property"} } } @@ -3305,7 +3313,7 @@ "bom-ref": { "$ref": "#/definitions/refType", "title": "BOM Reference", - "description": "An optional identifier which can be used to reference the dataset elsewhere in the BOM. Every bom-ref MUST be unique within the BOM.\nValue SHOULD not start with the BOM-Link intro 'urn:cdx:' to avoid conflicts with BOM-Links." + "description": "An optional identifier which can be used to reference the dataset elsewhere in the BOM. Every bom-ref must be unique within the BOM.\nValue SHOULD not start with the BOM-Link intro 'urn:cdx:' to avoid conflicts with BOM-Links." }, "type": { "type": "string", @@ -3413,10 +3421,12 @@ "properties": { "organization": { "title": "Organization", + "description": "The organization that is responsible for specific data governance role(s).", "$ref": "#/definitions/organizationalEntity" }, "contact": { "title": "Individual", + "description": "The individual that is responsible for specific data governance role(s).", "$ref": "#/definitions/organizationalContact" } }, @@ -3460,7 +3470,7 @@ }, "image": { "title": "Graphic Image", - "description": "The graphic (vector or raster). Base64 encoding MUST be specified for binary images.", + "description": "The graphic (vector or raster). Base64 encoding must be specified for binary images.", "$ref": "#/definitions/attachment" } } @@ -3572,6 +3582,7 @@ "properties": { "type": "array", "title": "Properties", + "description": "Provides the ability to document properties in a name-value store. This provides flexibility to include data not officially supported in the standard without having to use additional namespaces or create extensions. Unlike key-value stores, properties support duplicate names, each potentially having different values. Property names of interest to the general public are encouraged to be registered in the [CycloneDX Property Taxonomy](https://github.com/CycloneDX/cyclonedx-property-taxonomy). Formal registration is optional.", "items": { "$ref": "#/definitions/property" } @@ -3640,6 +3651,7 @@ "properties": { "type": "array", "title": "Properties", + "description": "Provides the ability to document properties in a name-value store. This provides flexibility to include data not officially supported in the standard without having to use additional namespaces or create extensions. Unlike key-value stores, properties support duplicate names, each potentially having different values. Property names of interest to the general public are encouraged to be registered in the [CycloneDX Property Taxonomy](https://github.com/CycloneDX/cyclonedx-property-taxonomy). Formal registration is optional.", "items": { "$ref": "#/definitions/property" } @@ -3711,7 +3723,7 @@ "properties": { "bom-ref": { "title": "BOM Reference", - "description": "An optional identifier which can be used to reference the energy provider elsewhere in the BOM. Every bom-ref MUST be unique within the BOM.\nValue SHOULD not start with the BOM-Link intro 'urn:cdx:' to avoid conflicts with BOM-Links.", + "description": "An optional identifier which can be used to reference the energy provider elsewhere in the BOM. Every bom-ref must be unique within the BOM.\nValue SHOULD not start with the BOM-Link intro 'urn:cdx:' to avoid conflicts with BOM-Links.", "$ref": "#/definitions/refType" }, "description": { @@ -3722,6 +3734,7 @@ "organization": { "type": "object", "title": "Organization", + "description": "The organization that provides energy.", "$ref": "#/definitions/organizationalEntity" }, "energySource": { @@ -3776,7 +3789,7 @@ "properties": { "bom-ref": { "title": "BOM Reference", - "description": "An optional identifier which can be used to reference the address elsewhere in the BOM. Every bom-ref MUST be unique within the BOM.\nValue SHOULD not start with the BOM-Link intro 'urn:cdx:' to avoid conflicts with BOM-Links.", + "description": "An optional identifier which can be used to reference the address elsewhere in the BOM. Every bom-ref must be unique within the BOM.\nValue SHOULD not start with the BOM-Link intro 'urn:cdx:' to avoid conflicts with BOM-Links.", "$ref": "#/definitions/refType" }, "country": { @@ -3824,7 +3837,7 @@ "properties": { "bom-ref": { "title": "BOM Reference", - "description": "An optional identifier which can be used to reference the formula elsewhere in the BOM. Every bom-ref MUST be unique within the BOM.\nValue SHOULD not start with the BOM-Link intro 'urn:cdx:' to avoid conflicts with BOM-Links.", + "description": "An optional identifier which can be used to reference the formula elsewhere in the BOM. Every bom-ref must be unique within the BOM.\nValue SHOULD not start with the BOM-Link intro 'urn:cdx:' to avoid conflicts with BOM-Links.", "$ref": "#/definitions/refType" }, "components": { @@ -3858,6 +3871,7 @@ "properties": { "type": "array", "title": "Properties", + "description": "Provides the ability to document properties in a name-value store. This provides flexibility to include data not officially supported in the standard without having to use additional namespaces or create extensions. Unlike key-value stores, properties support duplicate names, each potentially having different values. Property names of interest to the general public are encouraged to be registered in the [CycloneDX Property Taxonomy](https://github.com/CycloneDX/cyclonedx-property-taxonomy). Formal registration is optional.", "items": { "$ref": "#/definitions/property" } @@ -3878,7 +3892,7 @@ "properties": { "bom-ref": { "title": "BOM Reference", - "description": "An optional identifier which can be used to reference the workflow elsewhere in the BOM. Every bom-ref MUST be unique within the BOM.\nValue SHOULD not start with the BOM-Link intro 'urn:cdx:' to avoid conflicts with BOM-Links.", + "description": "An optional identifier which can be used to reference the workflow elsewhere in the BOM. Every bom-ref must be unique within the BOM.\nValue SHOULD not start with the BOM-Link intro 'urn:cdx:' to avoid conflicts with BOM-Links.", "$ref": "#/definitions/refType" }, "uid": { @@ -4001,6 +4015,7 @@ "properties": { "type": "array", "title": "Properties", + "description": "Provides the ability to document properties in a name-value store. This provides flexibility to include data not officially supported in the standard without having to use additional namespaces or create extensions. Unlike key-value stores, properties support duplicate names, each potentially having different values. Property names of interest to the general public are encouraged to be registered in the [CycloneDX Property Taxonomy](https://github.com/CycloneDX/cyclonedx-property-taxonomy). Formal registration is optional.", "items": { "$ref": "#/definitions/property" } @@ -4021,7 +4036,7 @@ "properties": { "bom-ref": { "title": "BOM Reference", - "description": "An optional identifier which can be used to reference the task elsewhere in the BOM. Every bom-ref MUST be unique within the BOM.\nValue SHOULD not start with the BOM-Link intro 'urn:cdx:' to avoid conflicts with BOM-Links.", + "description": "An optional identifier which can be used to reference the task elsewhere in the BOM. Every bom-ref must be unique within the BOM.\nValue SHOULD not start with the BOM-Link intro 'urn:cdx:' to avoid conflicts with BOM-Links.", "$ref": "#/definitions/refType" }, "uid": { @@ -4125,6 +4140,7 @@ "properties": { "type": "array", "title": "Properties", + "description": "Provides the ability to document properties in a name-value store. This provides flexibility to include data not officially supported in the standard without having to use additional namespaces or create extensions. Unlike key-value stores, properties support duplicate names, each potentially having different values. Property names of interest to the general public are encouraged to be registered in the [CycloneDX Property Taxonomy](https://github.com/CycloneDX/cyclonedx-property-taxonomy). Formal registration is optional.", "items": { "$ref": "#/definitions/property" } @@ -4157,6 +4173,7 @@ "properties": { "type": "array", "title": "Properties", + "description": "Provides the ability to document properties in a name-value store. This provides flexibility to include data not officially supported in the standard without having to use additional namespaces or create extensions. Unlike key-value stores, properties support duplicate names, each potentially having different values. Property names of interest to the general public are encouraged to be registered in the [CycloneDX Property Taxonomy](https://github.com/CycloneDX/cyclonedx-property-taxonomy). Formal registration is optional.", "items": { "$ref": "#/definitions/property" } @@ -4175,6 +4192,7 @@ "properties": { "type": "array", "title": "Properties", + "description": "Provides the ability to document properties in a name-value store. This provides flexibility to include data not officially supported in the standard without having to use additional namespaces or create extensions. Unlike key-value stores, properties support duplicate names, each potentially having different values. Property names of interest to the general public are encouraged to be registered in the [CycloneDX Property Taxonomy](https://github.com/CycloneDX/cyclonedx-property-taxonomy). Formal registration is optional.", "items": { "$ref": "#/definitions/property" } @@ -4193,7 +4211,7 @@ "properties": { "bom-ref": { "title": "BOM Reference", - "description": "An optional identifier which can be used to reference the workspace elsewhere in the BOM. Every bom-ref MUST be unique within the BOM.\nValue SHOULD not start with the BOM-Link intro 'urn:cdx:' to avoid conflicts with BOM-Links.", + "description": "An optional identifier which can be used to reference the workspace elsewhere in the BOM. Every bom-ref must be unique within the BOM.\nValue SHOULD not start with the BOM-Link intro 'urn:cdx:' to avoid conflicts with BOM-Links.", "$ref": "#/definitions/refType" }, "uid": { @@ -4266,6 +4284,7 @@ "properties": { "type": "array", "title": "Properties", + "description": "Provides the ability to document properties in a name-value store. This provides flexibility to include data not officially supported in the standard without having to use additional namespaces or create extensions. Unlike key-value stores, properties support duplicate names, each potentially having different values. Property names of interest to the general public are encouraged to be registered in the [CycloneDX Property Taxonomy](https://github.com/CycloneDX/cyclonedx-property-taxonomy). Formal registration is optional.", "items": { "$ref": "#/definitions/property" } @@ -4321,6 +4340,7 @@ "properties": { "type": "array", "title": "Properties", + "description": "Provides the ability to document properties in a name-value store. This provides flexibility to include data not officially supported in the standard without having to use additional namespaces or create extensions. Unlike key-value stores, properties support duplicate names, each potentially having different values. Property names of interest to the general public are encouraged to be registered in the [CycloneDX Property Taxonomy](https://github.com/CycloneDX/cyclonedx-property-taxonomy). Formal registration is optional.", "items": { "$ref": "#/definitions/property" } @@ -4340,7 +4360,7 @@ "properties": { "bom-ref": { "title": "BOM Reference", - "description": "An optional identifier which can be used to reference the trigger elsewhere in the BOM. Every bom-ref MUST be unique within the BOM.\nValue SHOULD not start with the BOM-Link intro 'urn:cdx:' to avoid conflicts with BOM-Links.", + "description": "An optional identifier which can be used to reference the trigger elsewhere in the BOM. Every bom-ref must be unique within the BOM.\nValue SHOULD not start with the BOM-Link intro 'urn:cdx:' to avoid conflicts with BOM-Links.", "$ref": "#/definitions/refType" }, "uid": { @@ -4386,6 +4406,7 @@ "conditions": { "type": "array", "title": "Conditions", + "description": "A list of conditions used to determine if a trigger should be activated.", "uniqueItems": true, "items": { "$ref": "#/definitions/condition" @@ -4420,6 +4441,7 @@ "properties": { "type": "array", "title": "Properties", + "description": "Provides the ability to document properties in a name-value store. This provides flexibility to include data not officially supported in the standard without having to use additional namespaces or create extensions. Unlike key-value stores, properties support duplicate names, each potentially having different values. Property names of interest to the general public are encouraged to be registered in the [CycloneDX Property Taxonomy](https://github.com/CycloneDX/cyclonedx-property-taxonomy). Formal registration is optional.", "items": { "$ref": "#/definitions/property" } @@ -4466,6 +4488,7 @@ "properties": { "type": "array", "title": "Properties", + "description": "Provides the ability to document properties in a name-value store. This provides flexibility to include data not officially supported in the standard without having to use additional namespaces or create extensions. Unlike key-value stores, properties support duplicate names, each potentially having different values. Property names of interest to the general public are encouraged to be registered in the [CycloneDX Property Taxonomy](https://github.com/CycloneDX/cyclonedx-property-taxonomy). Formal registration is optional.", "items": { "$ref": "#/definitions/property" } @@ -4560,6 +4583,7 @@ "properties": { "type": "array", "title": "Properties", + "description": "Provides the ability to document properties in a name-value store. This provides flexibility to include data not officially supported in the standard without having to use additional namespaces or create extensions. Unlike key-value stores, properties support duplicate names, each potentially having different values. Property names of interest to the general public are encouraged to be registered in the [CycloneDX Property Taxonomy](https://github.com/CycloneDX/cyclonedx-property-taxonomy). Formal registration is optional.", "items": { "$ref": "#/definitions/property" } @@ -4645,6 +4669,7 @@ "properties": { "type": "array", "title": "Properties", + "description": "Provides the ability to document properties in a name-value store. This provides flexibility to include data not officially supported in the standard without having to use additional namespaces or create extensions. Unlike key-value stores, properties support duplicate names, each potentially having different values. Property names of interest to the general public are encouraged to be registered in the [CycloneDX Property Taxonomy](https://github.com/CycloneDX/cyclonedx-property-taxonomy). Formal registration is optional.", "items": { "$ref": "#/definitions/property" } @@ -4710,6 +4735,7 @@ "properties": { "type": "array", "title": "Properties", + "description": "Provides the ability to document properties in a name-value store. This provides flexibility to include data not officially supported in the standard without having to use additional namespaces or create extensions. Unlike key-value stores, properties support duplicate names, each potentially having different values. Property names of interest to the general public are encouraged to be registered in the [CycloneDX Property Taxonomy](https://github.com/CycloneDX/cyclonedx-property-taxonomy). Formal registration is optional.", "items": { "$ref": "#/definitions/property" } @@ -4870,7 +4896,7 @@ "bom-ref": { "$ref": "#/definitions/refType", "title": "BOM Reference", - "description": "An optional identifier which can be used to reference the object elsewhere in the BOM. Every bom-ref MUST be unique within the BOM." + "description": "An optional identifier which can be used to reference the object elsewhere in the BOM. Every bom-ref must be unique within the BOM." }, "name": { "type": "string", @@ -4904,7 +4930,7 @@ "bom-ref": { "$ref": "#/definitions/refType", "title": "BOM Reference", - "description": "An optional identifier which can be used to reference the object elsewhere in the BOM. Every bom-ref MUST be unique within the BOM." + "description": "An optional identifier which can be used to reference the object elsewhere in the BOM. Every bom-ref must be unique within the BOM." }, "identifier": { "type": "string", @@ -4945,7 +4971,7 @@ "properties": { "type": "array", "title": "Properties", - "description": "Provides the ability to document properties in a name-value store. This provides flexibility to include data not officially supported in the standard without having to use additional namespaces or create extensions. Unlike key-value stores, properties support duplicate names, each potentially having different values. Property names of interest to the general public are encouraged to be registered in the [CycloneDX Property Taxonomy](https://github.com/CycloneDX/cyclonedx-property-taxonomy). Formal registration is OPTIONAL.", + "description": "Provides the ability to document properties in a name-value store. This provides flexibility to include data not officially supported in the standard without having to use additional namespaces or create extensions. Unlike key-value stores, properties support duplicate names, each potentially having different values. Property names of interest to the general public are encouraged to be registered in the [CycloneDX Property Taxonomy](https://github.com/CycloneDX/cyclonedx-property-taxonomy). Formal registration is optional.", "items": { "$ref": "#/definitions/property" } @@ -4971,7 +4997,7 @@ "bom-ref": { "$ref": "#/definitions/refType", "title": "BOM Reference", - "description": "An optional identifier which can be used to reference the object elsewhere in the BOM. Every bom-ref MUST be unique within the BOM." + "description": "An optional identifier which can be used to reference the object elsewhere in the BOM. Every bom-ref must be unique within the BOM." }, "identifier": { "type": "string", @@ -5119,7 +5145,7 @@ }, "implementationPlatform": { "type": "string", - "title": "implementation platform", + "title": "Implementation platform", "description": "The target platform for which the algorithm is implemented. The implementation can be 'generic', running on any platform or for a specific platform.", "enum": [ "generic", @@ -5466,7 +5492,7 @@ }, "size": { "type": "integer", - "title":"Size", + "title": "Size", "description": "The size of the cryptographic asset (in bits)." }, "format": { @@ -5534,7 +5560,7 @@ "ikev2TransformTypes": { "type": "object", "title": "IKEv2 Transform Types", - "description": "The IKEv2 transform types supported (types 1-4), defined in RFC7296 section 3.3.2, and additional properties.", + "description": "The IKEv2 transform types supported (types 1-4), defined in [RFC 7296 section 3.3.2](https://www.ietf.org/rfc/rfc7296.html#section-3.3.2), and additional properties.", "additionalProperties": false, "properties": { "encr": { @@ -5555,7 +5581,7 @@ "ke": { "$ref": "#/definitions/cryptoRefArray", "title": "Key Exchange Method (KE)", - "description": "Transform Type 4: Key Exchange Method (KE) per RFC9370, formerly called Diffie-Hellman Group (D-H)" + "description": "Transform Type 4: Key Exchange Method (KE) per [RFC 9370](https://www.ietf.org/rfc/rfc9370.html), formerly called Diffie-Hellman Group (D-H)." }, "esn": { "type": "boolean", diff --git a/cyclonedx/schema/_res/bom-1.6.SNAPSHOT.xsd b/cyclonedx/schema/_res/bom-1.6.SNAPSHOT.xsd index 8791ca599..d6d57e318 100644 --- a/cyclonedx/schema/_res/bom-1.6.SNAPSHOT.xsd +++ b/cyclonedx/schema/_res/bom-1.6.SNAPSHOT.xsd @@ -22,7 +22,7 @@ limitations under the License. targetNamespace="http://cyclonedx.org/schema/bom/1.6" vc:minVersion="1.0" vc:maxVersion="1.1" - version="1.6.0"> + version="1.6.1"> @@ -253,7 +253,7 @@ limitations under the License. without having to use additional namespaces or create extensions. Property names of interest to the general public are encouraged to be registered in the CycloneDX Property Taxonomy - https://github.com/CycloneDX/cyclonedx-property-taxonomy. - Formal registration is OPTIONAL. + Formal registration is optional. @@ -355,7 +355,10 @@ limitations under the License. - The URL of the organization. Multiple URLs are allowed. + + The URL of the organization. Multiple URLs are allowed. + Example: https://example.com + @@ -569,6 +572,9 @@ limitations under the License. + + The hashes of the component. + @@ -578,8 +584,7 @@ limitations under the License. - A copyright notice informing users of the underlying claims to - copyright ownership in a published work. + A copyright notice informing users of the underlying claims to copyright ownership in a published work. @@ -592,7 +597,7 @@ limitations under the License. - Specifies the package-url (purl). The purl, if specified, MUST be valid and conform + Specifies the package-url (purl). The purl, if specified, must be valid and conform to the specification defined at: https://github.com/package-url/purl-spec @@ -600,7 +605,7 @@ limitations under the License. - Specifies the OmniBOR Artifact ID. The OmniBOR, if specified, MUST be valid and conform + Specifies the OmniBOR Artifact ID. The OmniBOR, if specified, must be valid and conform to the specification defined at: https://www.iana.org/assignments/uri-schemes/prov/gitoid @@ -608,7 +613,7 @@ limitations under the License. - Specifies the Software Heritage persistent identifier (SWHID). The SWHID, if specified, MUST + Specifies the Software Heritage persistent identifier (SWHID). The SWHID, if specified, must be valid and conform to the specification defined at: https://docs.softwareheritage.org/devel/swh-model/persistent-identifiers.html @@ -653,7 +658,7 @@ limitations under the License. without having to use additional namespaces or create extensions. Property names of interest to the general public are encouraged to be registered in the CycloneDX Property Taxonomy - https://github.com/CycloneDX/cyclonedx-property-taxonomy. - Formal registration is OPTIONAL. + Formal registration is optional. @@ -693,12 +698,12 @@ limitations under the License. limitations, including biases and ethical considerations. Model cards typically contain the training parameters, which datasets were used to train the model, performance metrics, and other relevant data useful for ML transparency. This object SHOULD be specified for any component of - type `machine-learning-model` and MUST NOT be specified for other component types. + type `machine-learning-model` and must not be specified for other component types. - + - This object SHOULD be specified for any component of type `data` and MUST NOT be + This object SHOULD be specified for any component of type `data` and must not be specified for other component types. @@ -734,7 +739,7 @@ limitations under the License. - The OPTIONAL mime-type of the component. When used on file components, the mime-type + The optional mime-type of the component. When used on file components, the mime-type can provide additional context about the kind of file being represented such as an image, font, or executable. Some library or framework components may also have an associated mime-type. @@ -757,16 +762,22 @@ limitations under the License. + + Specifies the details and attributes related to a software license. + It can either include a valid SPDX license identifier or a named license, along with additional + properties such as license acknowledgment, comprehensive commercial licensing information, and + the full text of the license. + - A valid SPDX license ID + A valid SPDX license identifier. If specified, this value must be one of the enumeration of valid SPDX license identifiers defined in the spdx.schema.json (or spdx.xml) subschema which is synchronized with the official SPDX license list. - If SPDX does not define the license used, this field may be used to provide the license name + The name of the license. This may include the name of a commercial or proprietary license or an open source license that may not be defined by SPDX. @@ -913,7 +924,7 @@ limitations under the License. without having to use additional namespaces or create extensions. Property names of interest to the general public are encouraged to be registered in the CycloneDX Property Taxonomy - https://github.com/CycloneDX/cyclonedx-property-taxonomy. - Formal registration is OPTIONAL. + Formal registration is optional. @@ -959,8 +970,14 @@ limitations under the License. - Specifies the content type of the text. Defaults to text/plain - if not specified. + + Specifies the format and nature of the data being attached, helping systems correctly + interpret and process the content. Common content type examples include `application/json` + for JSON data and `text/plain` for plan text documents. + RFC 2045 section 5.1 outlines the structure and use of content types. For a comprehensive + list of registered content types, refer to the IANA media types registry at + https://www.iana.org/assignments/media-types/media-types.xhtml. + @@ -1379,8 +1396,11 @@ limitations under the License. - The URL to the license file. If a license URL has been defined in the license - node, it should also be defined as an external reference for completeness + + The URL to the license file. If a license URL has been defined in the license + node, it should also be defined as an external reference for completeness. + Example: https://www.apache.org/licenses/LICENSE-2.0.txt + @@ -1507,7 +1527,7 @@ limitations under the License. - Plans of Action and Milestones (POAM) complement an "attestation" external reference. POAM is defined by NIST as a "document that identifies tasks needing to be accomplished. It details resources required to accomplish the elements of the plan, any milestones in meeting the tasks and scheduled completion dates for the milestones". + Plans of Action and Milestones (POA&M) complement an "attestation" external reference. POA&M is defined by NIST as a "document that identifies tasks needing to be accomplished. It details resources required to accomplish the elements of the plan, any milestones in meeting the tasks and scheduled completion dates for the milestones". @@ -1825,6 +1845,12 @@ limitations under the License. + + + A collection of URL's for reference. Multiple URLs are allowed. + Example: "https://example.com" + + @@ -1981,10 +2007,10 @@ limitations under the License. Defines the direct dependencies of a component or service. Components or services - that do not have their own dependencies MUST be declared as empty elements within the graph. - Components or services that are not represented in the dependency graph MAY have unknown - dependencies. It is RECOMMENDED that implementations assume this to be opaque and not an - indicator of a object being dependency-free. It is RECOMMENDED to leverage compositions to + that do not have their own dependencies must be declared as empty elements within the graph. + Components or services that are not represented in the dependency graph may have unknown + dependencies. It is recommended that implementations assume this to be opaque and not an + indicator of a object being dependency-free. It is recommended to leverage compositions to indicate unknown dependency graphs. @@ -2041,6 +2067,12 @@ limitations under the License. + + + The endpoint URIs of the service. Multiple endpoints are allowed. + Example: "https://example.com/api/v1/ticker" + + @@ -2071,6 +2103,9 @@ limitations under the License. + + Specifies information about the data including the directional flow of data and the data classification. + @@ -2159,7 +2194,7 @@ limitations under the License. without having to use additional namespaces or create extensions. Property names of interest to the general public are encouraged to be registered in the CycloneDX Property Taxonomy - https://github.com/CycloneDX/cyclonedx-property-taxonomy. - Formal registration is OPTIONAL. + Formal registration is optional. @@ -2236,10 +2271,28 @@ limitations under the License. states that the direction is not known. - - - - + + + + Data that enters a service. + + + + + + Data that exits a service. + + + + + Data flows in and out of the service. + + + + + The directional flow of data is not known. + + @@ -2418,8 +2471,8 @@ limitations under the License. Evidence that substantiates the identity of a component. The identify may be an - object or an array of identity objects. Support for specifying identify as a single object was - introduced in CycloneDX v1.5. "unbounded" was introduced in v1.6. It is RECOMMENDED that all + object or an array of identity objects. Support for specifying identity as a single object was + introduced in CycloneDX v1.5. "unbounded" was introduced in v1.6. It is recommended that all implementations are aware of "unbounded". @@ -2526,7 +2579,7 @@ limitations under the License. An optional identifier which can be used to reference the occurrence elsewhere - in the BOM. Every bom-ref MUST be unique within the BOM. + in the BOM. Every bom-ref must be unique within the BOM. @@ -2545,6 +2598,11 @@ limitations under the License. + + + Within a call stack, a frame is a discrete unit that encapsulates an execution context, including local variables, parameters, and the return address. As function calls are made, frames are pushed onto the stack, forming an array-like structure that orchestrates the flow of program execution and manages the sequence of function invocations. + + @@ -2611,7 +2669,13 @@ limitations under the License. - + + + + opyright evidence captures intellectual property assertions, providing evidence of possible ownership and legal protection. + + + @@ -2786,8 +2850,8 @@ limitations under the License. Defines a syntax for representing two character language code (ISO-639) followed by an optional two - character country code. The language code MUST be lower case. If the country code is specified, the - country code MUST be upper case. The language code and country code MUST be separated by a minus sign. + character country code. The language code must be lower case. If the country code is specified, the + country code must be upper case. The language code and country code must be separated by a minus sign. Examples: en, en-US, fr, fr-CA @@ -2800,7 +2864,7 @@ limitations under the License. - The software versioning type. It is RECOMMENDED that the release type use one + The software versioning type. It is recommended that the release type use one of 'major', 'minor', 'patch', 'pre-release', or 'internal'. Representing all possible software release types is not practical, so standardizing on the recommended values, whenever possible, is strongly encouraged. @@ -2896,7 +2960,7 @@ limitations under the License. without having to use additional namespaces or create extensions. Property names of interest to the general public are encouraged to be registered in the CycloneDX Property Taxonomy - https://github.com/CycloneDX/cyclonedx-property-taxonomy. - Formal registration is OPTIONAL. + Formal registration is optional. @@ -2915,19 +2979,19 @@ limitations under the License. - + A model card describes the intended uses of a machine learning model and potential limitations, including biases and ethical considerations. Model cards typically contain the training parameters, which datasets were used to train the model, performance metrics, and other relevant data useful for ML transparency. - This object SHOULD be specified for any component of type `machine-learning-model` and MUST NOT be specified + This object SHOULD be specified for any component of type `machine-learning-model` and must not be specified for other component types. @@ -2997,7 +3061,11 @@ limitations under the License. - + + + Inline Data Information + + @@ -3155,7 +3223,7 @@ limitations under the License. - The graphic (vector or raster). Base64 encoding MUST be specified for binary images. + The graphic (vector or raster). Base64 encoding must be specified for binary images. @@ -3323,7 +3391,7 @@ limitations under the License. An optional identifier which can be used to reference the model card elsewhere in the BOM. - Every bom-ref MUST be unique within the BOM. + Every bom-ref must be unique within the BOM. @@ -3350,7 +3418,7 @@ limitations under the License. without having to use additional namespaces or create extensions. Property names of interest to the general public are encouraged to be registered in the CycloneDX Property Taxonomy - https://github.com/CycloneDX/cyclonedx-property-taxonomy. - Formal registration is OPTIONAL. + Formal registration is optional. @@ -3492,7 +3560,7 @@ limitations under the License. without having to use additional namespaces or create extensions. Property names of interest to the general public are encouraged to be registered in the CycloneDX Property Taxonomy - https://github.com/CycloneDX/cyclonedx-property-taxonomy. - Formal registration is OPTIONAL. + Formal registration is optional. @@ -3889,7 +3957,7 @@ limitations under the License. An optional identifier which can be used to reference the dataset elsewhere in the BOM. - Every bom-ref MUST be unique within the BOM. + Every bom-ref must be unique within the BOM. @@ -3978,7 +4046,7 @@ limitations under the License. - The graphic (vector or raster). Base64 encoding MUST be specified for binary images. + The graphic (vector or raster). Base64 encoding must be specified for binary images. @@ -4437,7 +4505,7 @@ limitations under the License. without having to use additional namespaces or create extensions. Property names of interest to the general public are encouraged to be registered in the CycloneDX Property Taxonomy - https://github.com/CycloneDX/cyclonedx-property-taxonomy. - Formal registration is OPTIONAL. + Formal registration is optional. @@ -4632,13 +4700,41 @@ limitations under the License. - - - - - - - + + + Critical severity + + + + + High severity + + + + + Medium severity + + + + + Low severity + + + + + Informational warning. + + + + + None + + + + + The severity is not known + + @@ -4835,11 +4931,31 @@ limitations under the License. - - - - - + + + Can not fix + + + + + Will not fix + + + + + Update to a different revision or release + + + + + Revert to a previous revision or release + + + + + There is a workaround available + + @@ -4854,9 +4970,21 @@ limitations under the License. - - - + + + The version is affected by the vulnerability. + + + + + The version is not affected by the vulnerability. + + + + + It is unknown (or unspecified) whether the given version is affected. + + @@ -4919,7 +5047,7 @@ limitations under the License. without having to use additional namespaces or create extensions. Property names of interest to the general public are encouraged to be registered in the CycloneDX Property Taxonomy - https://github.com/CycloneDX/cyclonedx-property-taxonomy. - Formal registration is OPTIONAL. + Formal registration is optional. @@ -5080,7 +5208,7 @@ limitations under the License. without having to use additional namespaces or create extensions. Property names of interest to the general public are encouraged to be registered in the CycloneDX Property Taxonomy - https://github.com/CycloneDX/cyclonedx-property-taxonomy. - Formal registration is OPTIONAL. + Formal registration is optional. @@ -5302,7 +5430,7 @@ limitations under the License. without having to use additional namespaces or create extensions. Property names of interest to the general public are encouraged to be registered in the CycloneDX Property Taxonomy - https://github.com/CycloneDX/cyclonedx-property-taxonomy. - Formal registration is OPTIONAL. + Formal registration is optional. @@ -5505,7 +5633,7 @@ limitations under the License. without having to use additional namespaces or create extensions. Property names of interest to the general public are encouraged to be registered in the CycloneDX Property Taxonomy - https://github.com/CycloneDX/cyclonedx-property-taxonomy. - Formal registration is OPTIONAL. + Formal registration is optional. @@ -5606,7 +5734,7 @@ limitations under the License. without having to use additional namespaces or create extensions. Property names of interest to the general public are encouraged to be registered in the CycloneDX Property Taxonomy - https://github.com/CycloneDX/cyclonedx-property-taxonomy. - Formal registration is OPTIONAL. + Formal registration is optional. @@ -5665,7 +5793,7 @@ limitations under the License. without having to use additional namespaces or create extensions. Property names of interest to the general public are encouraged to be registered in the CycloneDX Property Taxonomy - https://github.com/CycloneDX/cyclonedx-property-taxonomy. - Formal registration is OPTIONAL. + Formal registration is optional. @@ -5681,7 +5809,7 @@ limitations under the License. without having to use additional namespaces or create extensions. Property names of interest to the general public are encouraged to be registered in the CycloneDX Property Taxonomy - https://github.com/CycloneDX/cyclonedx-property-taxonomy. - Formal registration is OPTIONAL. + Formal registration is optional. @@ -5745,6 +5873,9 @@ limitations under the License. + + A list of conditions used to determine if a trigger should be activated. + @@ -5776,7 +5907,7 @@ limitations under the License. without having to use additional namespaces or create extensions. Property names of interest to the general public are encouraged to be registered in the CycloneDX Property Taxonomy - https://github.com/CycloneDX/cyclonedx-property-taxonomy. - Formal registration is OPTIONAL. + Formal registration is optional. @@ -5823,7 +5954,7 @@ limitations under the License. without having to use additional namespaces or create extensions. Property names of interest to the general public are encouraged to be registered in the CycloneDX Property Taxonomy - https://github.com/CycloneDX/cyclonedx-property-taxonomy. - Formal registration is OPTIONAL. + Formal registration is optional. @@ -5910,7 +6041,7 @@ limitations under the License. without having to use additional namespaces or create extensions. Property names of interest to the general public are encouraged to be registered in the CycloneDX Property Taxonomy - https://github.com/CycloneDX/cyclonedx-property-taxonomy. - Formal registration is OPTIONAL. + Formal registration is optional. @@ -5998,7 +6129,7 @@ limitations under the License. without having to use additional namespaces or create extensions. Property names of interest to the general public are encouraged to be registered in the CycloneDX Property Taxonomy - https://github.com/CycloneDX/cyclonedx-property-taxonomy. - Formal registration is OPTIONAL. + Formal registration is optional. @@ -6085,7 +6216,7 @@ limitations under the License. without having to use additional namespaces or create extensions. Property names of interest to the general public are encouraged to be registered in the CycloneDX Property Taxonomy - https://github.com/CycloneDX/cyclonedx-property-taxonomy. - Formal registration is OPTIONAL. + Formal registration is optional. @@ -7298,6 +7429,11 @@ limitations under the License. + + + A protocol-related cryptographic assets + + @@ -7348,7 +7484,7 @@ limitations under the License. An optional identifier which can be used to reference the object elsewhere in the BOM. - Every bom-ref MUST be unique within the BOM. + Every bom-ref must be unique within the BOM. @@ -7615,7 +7751,7 @@ limitations under the License. An optional identifier which can be used to reference the object elsewhere - in the BOM. Every bom-ref MUST be unique within the BOM. + in the BOM. Every bom-ref must be unique within the BOM. @@ -7746,7 +7882,7 @@ limitations under the License. An optional identifier which can be used to reference the object elsewhere - in the BOM. Every bom-ref MUST be unique within the BOM. + in the BOM. Every bom-ref must be unique within the BOM. @@ -7809,6 +7945,12 @@ limitations under the License. + + + A concise statement affirmed by an individual regarding all declarations, often used for third-party auditor acceptance or recipient acknowledgment. + It includes a list of authorized signatories who assert the validity of the document on behalf of the organization. + + @@ -8002,7 +8144,7 @@ limitations under the License. - + @@ -8032,7 +8174,7 @@ limitations under the License. without having to use additional namespaces or create extensions. Property names of interest to the general public are encouraged to be registered in the CycloneDX Property Taxonomy - https://github.com/CycloneDX/cyclonedx-property-taxonomy. - Formal registration is OPTIONAL. + Formal registration is optional. @@ -8046,7 +8188,7 @@ limitations under the License. An optional identifier which can be used to reference the object elsewhere - in the BOM. Every bom-ref MUST be unique within the BOM. + in the BOM. Every bom-ref must be unique within the BOM. @@ -8110,7 +8252,7 @@ limitations under the License. An optional identifier which can be used to reference the object elsewhere - in the BOM. Every bom-ref MUST be unique within the BOM. + in the BOM. Every bom-ref must be unique within the BOM. @@ -8143,7 +8285,7 @@ limitations under the License. An optional identifier which can be used to reference the object elsewhere - in the BOM. Every bom-ref MUST be unique within the BOM. + in the BOM. Every bom-ref must be unique within the BOM. @@ -8212,7 +8354,7 @@ limitations under the License. without having to use additional namespaces or create extensions. Property names of interest to the general public are encouraged to be registered in the CycloneDX Property Taxonomy - https://github.com/CycloneDX/cyclonedx-property-taxonomy. - Formal registration is OPTIONAL. + Formal registration is optional. @@ -8271,8 +8413,8 @@ limitations under the License. Every BOM generated SHOULD have a unique serial number, even if the contents of - the BOM have not changed over time. If specified, the serial number MUST conform to RFC-4122. - Use of serial numbers are RECOMMENDED. + the BOM have not changed over time. If specified, the serial number must conform to RFC-4122. + Use of serial numbers are recommended. diff --git a/tools/schema-downloader.py b/tools/schema-downloader.py index 9292dd9e7..d9e4a31c6 100644 --- a/tools/schema-downloader.py +++ b/tools/schema-downloader.py @@ -19,7 +19,7 @@ from os.path import dirname, join from urllib.request import urlretrieve -SOURCE_ROOT = 'https://raw.githubusercontent.com/CycloneDX/specification/master/schema/' +SOURCE_ROOT = 'https://raw.githubusercontent.com/CycloneDX/specification/refs/tags/1.6.1/schema/' TARGET_ROOT = join(dirname(__file__), '..', 'cyclonedx', 'schema', '_res') BOM_XSD = { From 33b37414c61d3f20ae01ed9c380d079aaafcd2e9 Mon Sep 17 00:00:00 2001 From: Jan Kowalleck Date: Mon, 18 Nov 2024 09:14:39 +0100 Subject: [PATCH 2/2] tests: schema1.6.1 Signed-off-by: Jan Kowalleck --- .../1.6/invalid-bomformat-1.6.json | 1 + .../1.6/invalid-component-ref-1.6.json | 7 +- .../1.6/invalid-component-ref-1.6.xml | 4 + .../1.6/invalid-component-swid-1.6.json | 1 + .../1.6/invalid-component-type-1.6.json | 1 + .../1.6/invalid-dependency-1.6.json | 1 + .../1.6/invalid-empty-component-1.6.json | 1 + .../1.6/invalid-hash-alg-1.6.json | 1 + .../1.6/invalid-hash-md5-1.6.json | 1 + .../1.6/invalid-hash-sha1-1.6.json | 1 + .../1.6/invalid-hash-sha256-1.6.json | 1 + .../1.6/invalid-hash-sha512-1.6.json | 1 + .../1.6/invalid-issue-type-1.6.json | 1 + .../1.6/invalid-license-choice-1.6.json | 1 + .../1.6/invalid-license-encoding-1.6.json | 1 + .../1.6/invalid-license-id-1.6.json | 1 + ...valid-license-missing-id-and-name-1.6.json | 2 + .../1.6/invalid-metadata-license-1.6.json | 1 + .../1.6/invalid-metadata-timestamp-1.6.json | 1 + .../invalid-missing-component-type-1.6.json | 1 + .../1.6/invalid-patch-type-1.6.json | 1 + .../1.6/invalid-properties-1.6.json | 1 + .../schemaTestData/1.6/invalid-scope-1.6.json | 1 + .../1.6/invalid-serialnumber-1.6.json | 1 + .../1.6/invalid-service-data-1.6.json | 1 + .../1.6/valid-annotation-1.6.json | 8 + .../1.6/valid-annotation-1.6.xml | 14 +- .../1.6/valid-assembly-1.6.json | 1 + .../1.6/valid-attestation-1.6.json | 1 + .../1.6/valid-attestation-1.6.xml | 8 +- .../schemaTestData/1.6/valid-bom-1.6.json | 146 +++++++++++--- .../schemaTestData/1.6/valid-bom-1.6.xml | 17 +- .../1.6/valid-component-data-1.6.json | 30 +++ .../1.6/valid-component-data-1.6.xml | 24 +++ .../1.6/valid-component-hashes-1.6.json | 1 + .../1.6/valid-component-identifiers-1.6.json | 1 + .../1.6/valid-component-ref-1.6.json | 13 +- .../1.6/valid-component-swid-1.6.json | 1 + .../1.6/valid-component-swid-full-1.6.json | 1 + .../1.6/valid-component-types-1.6.json | 6 + .../1.6/valid-component-types-1.6.xml | 4 + .../1.6/valid-compositions-1.6.json | 1 + .../1.6/valid-compositions-1.6.xml | 8 +- .../1.6/valid-cryptography-full-1.6.json | 1 + ...valid-cryptography-implementation-1.6.json | 1 + .../valid-cryptography-implementation-1.6.xml | 4 +- .../1.6/valid-dependency-1.6.json | 1 + .../1.6/valid-dependency-1.6.xml | 6 +- .../1.6/valid-empty-components-1.6.json | 1 + .../1.6/valid-evidence-1.6.json | 1 + .../1.6/valid-external-reference-1.6.json | 180 ++++++++++++++++++ .../1.6/valid-external-reference-1.6.xml | 52 ++++- .../1.6/valid-formulation-1.6.json | 5 +- .../1.6/valid-formulation-1.6.xml | 12 +- .../1.6/valid-license-expression-1.6.json | 26 ++- .../1.6/valid-license-expression-1.6.xml | 4 +- .../1.6/valid-license-id-1.6.json | 26 ++- .../1.6/valid-license-licensing-1.6.json | 1 + .../1.6/valid-license-name-1.6.json | 26 ++- .../1.6/valid-machine-learning-1.6.json | 4 +- .../1.6/valid-machine-learning-1.6.xml | 4 +- ...chine-learning-considerations-env-1.6.json | 1 + ...achine-learning-considerations-env-1.6.xml | 2 +- .../1.6/valid-metadata-author-1.6.json | 1 + .../1.6/valid-metadata-license-1.6.json | 1 + .../1.6/valid-metadata-lifecycle-1.6.json | 1 + .../1.6/valid-metadata-manufacture-1.6.json | 1 + .../1.6/valid-metadata-manufacturer-1.6.json | 1 + .../1.6/valid-metadata-supplier-1.6.json | 1 + .../1.6/valid-metadata-timestamp-1.6.json | 1 + .../1.6/valid-metadata-timestamp-1.6.xml | 2 +- .../1.6/valid-metadata-tool-1.6.json | 1 + .../valid-metadata-tool-deprecated-1.6.json | 1 + .../1.6/valid-minimal-viable-1.6.json | 1 + .../schemaTestData/1.6/valid-patch-1.6.json | 1 + .../1.6/valid-properties-1.6.json | 1 + .../1.6/valid-release-notes-1.6.json | 13 +- .../1.6/valid-release-notes-1.6.xml | 9 +- .../schemaTestData/1.6/valid-saasbom-1.6.json | 5 +- .../schemaTestData/1.6/valid-saasbom-1.6.xml | 33 ++-- .../schemaTestData/1.6/valid-service-1.6.json | 3 +- .../schemaTestData/1.6/valid-service-1.6.xml | 5 +- .../1.6/valid-service-empty-objects-1.6.json | 1 + .../1.6/valid-signatures-1.6.json | 1 + .../1.6/valid-standard-1.6.json | 8 +- .../schemaTestData/1.6/valid-standard-1.6.xml | 5 + .../schemaTestData/1.6/valid-tags-1.6.json | 1 + .../1.6/valid-vulnerability-1.6.json | 1 + .../1.6/valid-vulnerability-1.6.xml | 11 +- 89 files changed, 674 insertions(+), 114 deletions(-) create mode 100644 tests/_data/schemaTestData/1.6/valid-component-data-1.6.json create mode 100644 tests/_data/schemaTestData/1.6/valid-component-data-1.6.xml diff --git a/tests/_data/schemaTestData/1.6/invalid-bomformat-1.6.json b/tests/_data/schemaTestData/1.6/invalid-bomformat-1.6.json index ee8df941f..f4874069c 100644 --- a/tests/_data/schemaTestData/1.6/invalid-bomformat-1.6.json +++ b/tests/_data/schemaTestData/1.6/invalid-bomformat-1.6.json @@ -1,4 +1,5 @@ { + "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "AnotherFormat", "specVersion": "1.6", "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", diff --git a/tests/_data/schemaTestData/1.6/invalid-component-ref-1.6.json b/tests/_data/schemaTestData/1.6/invalid-component-ref-1.6.json index 46c971c01..b4856c5d3 100644 --- a/tests/_data/schemaTestData/1.6/invalid-component-ref-1.6.json +++ b/tests/_data/schemaTestData/1.6/invalid-component-ref-1.6.json @@ -1,4 +1,5 @@ { + "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", @@ -10,12 +11,6 @@ "name": "acme-library", "version": "1.0.0" }, - { - "type": "library", - "bom-ref": "123", - "name": "acme-library", - "version": "1.0.0" - }, { "type": "library", "bom-ref": "", diff --git a/tests/_data/schemaTestData/1.6/invalid-component-ref-1.6.xml b/tests/_data/schemaTestData/1.6/invalid-component-ref-1.6.xml index 78467e362..770efd83e 100644 --- a/tests/_data/schemaTestData/1.6/invalid-component-ref-1.6.xml +++ b/tests/_data/schemaTestData/1.6/invalid-component-ref-1.6.xml @@ -10,6 +10,10 @@ acme-library 1.0.0 + + acme-library2 + 1.0.0 + acme-library diff --git a/tests/_data/schemaTestData/1.6/invalid-component-swid-1.6.json b/tests/_data/schemaTestData/1.6/invalid-component-swid-1.6.json index b4aed9474..7acf18d4d 100644 --- a/tests/_data/schemaTestData/1.6/invalid-component-swid-1.6.json +++ b/tests/_data/schemaTestData/1.6/invalid-component-swid-1.6.json @@ -1,4 +1,5 @@ { + "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", diff --git a/tests/_data/schemaTestData/1.6/invalid-component-type-1.6.json b/tests/_data/schemaTestData/1.6/invalid-component-type-1.6.json index 9404400c5..bc5dd16ac 100644 --- a/tests/_data/schemaTestData/1.6/invalid-component-type-1.6.json +++ b/tests/_data/schemaTestData/1.6/invalid-component-type-1.6.json @@ -1,4 +1,5 @@ { + "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", diff --git a/tests/_data/schemaTestData/1.6/invalid-dependency-1.6.json b/tests/_data/schemaTestData/1.6/invalid-dependency-1.6.json index 6d6993acd..e46c5ca20 100644 --- a/tests/_data/schemaTestData/1.6/invalid-dependency-1.6.json +++ b/tests/_data/schemaTestData/1.6/invalid-dependency-1.6.json @@ -1,4 +1,5 @@ { + "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", diff --git a/tests/_data/schemaTestData/1.6/invalid-empty-component-1.6.json b/tests/_data/schemaTestData/1.6/invalid-empty-component-1.6.json index 76d2edd6a..ced677ee5 100644 --- a/tests/_data/schemaTestData/1.6/invalid-empty-component-1.6.json +++ b/tests/_data/schemaTestData/1.6/invalid-empty-component-1.6.json @@ -1,4 +1,5 @@ { + "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", diff --git a/tests/_data/schemaTestData/1.6/invalid-hash-alg-1.6.json b/tests/_data/schemaTestData/1.6/invalid-hash-alg-1.6.json index b21fc9213..a841909f8 100644 --- a/tests/_data/schemaTestData/1.6/invalid-hash-alg-1.6.json +++ b/tests/_data/schemaTestData/1.6/invalid-hash-alg-1.6.json @@ -1,4 +1,5 @@ { + "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", diff --git a/tests/_data/schemaTestData/1.6/invalid-hash-md5-1.6.json b/tests/_data/schemaTestData/1.6/invalid-hash-md5-1.6.json index 5c4938470..37140dfe2 100644 --- a/tests/_data/schemaTestData/1.6/invalid-hash-md5-1.6.json +++ b/tests/_data/schemaTestData/1.6/invalid-hash-md5-1.6.json @@ -1,4 +1,5 @@ { + "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", diff --git a/tests/_data/schemaTestData/1.6/invalid-hash-sha1-1.6.json b/tests/_data/schemaTestData/1.6/invalid-hash-sha1-1.6.json index 441fec3eb..ba3ef962a 100644 --- a/tests/_data/schemaTestData/1.6/invalid-hash-sha1-1.6.json +++ b/tests/_data/schemaTestData/1.6/invalid-hash-sha1-1.6.json @@ -1,4 +1,5 @@ { + "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", diff --git a/tests/_data/schemaTestData/1.6/invalid-hash-sha256-1.6.json b/tests/_data/schemaTestData/1.6/invalid-hash-sha256-1.6.json index b7f8d1dea..1944c51df 100644 --- a/tests/_data/schemaTestData/1.6/invalid-hash-sha256-1.6.json +++ b/tests/_data/schemaTestData/1.6/invalid-hash-sha256-1.6.json @@ -1,4 +1,5 @@ { + "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", diff --git a/tests/_data/schemaTestData/1.6/invalid-hash-sha512-1.6.json b/tests/_data/schemaTestData/1.6/invalid-hash-sha512-1.6.json index 0b56c35a5..3065415cc 100644 --- a/tests/_data/schemaTestData/1.6/invalid-hash-sha512-1.6.json +++ b/tests/_data/schemaTestData/1.6/invalid-hash-sha512-1.6.json @@ -1,4 +1,5 @@ { + "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", diff --git a/tests/_data/schemaTestData/1.6/invalid-issue-type-1.6.json b/tests/_data/schemaTestData/1.6/invalid-issue-type-1.6.json index ef1c08b52..4e05dae08 100644 --- a/tests/_data/schemaTestData/1.6/invalid-issue-type-1.6.json +++ b/tests/_data/schemaTestData/1.6/invalid-issue-type-1.6.json @@ -1,4 +1,5 @@ { + "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", diff --git a/tests/_data/schemaTestData/1.6/invalid-license-choice-1.6.json b/tests/_data/schemaTestData/1.6/invalid-license-choice-1.6.json index 483994737..8977bdad0 100644 --- a/tests/_data/schemaTestData/1.6/invalid-license-choice-1.6.json +++ b/tests/_data/schemaTestData/1.6/invalid-license-choice-1.6.json @@ -1,4 +1,5 @@ { + "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", diff --git a/tests/_data/schemaTestData/1.6/invalid-license-encoding-1.6.json b/tests/_data/schemaTestData/1.6/invalid-license-encoding-1.6.json index 794c566c1..2c6c074f9 100644 --- a/tests/_data/schemaTestData/1.6/invalid-license-encoding-1.6.json +++ b/tests/_data/schemaTestData/1.6/invalid-license-encoding-1.6.json @@ -1,4 +1,5 @@ { + "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", diff --git a/tests/_data/schemaTestData/1.6/invalid-license-id-1.6.json b/tests/_data/schemaTestData/1.6/invalid-license-id-1.6.json index 907d55814..c183abc6a 100644 --- a/tests/_data/schemaTestData/1.6/invalid-license-id-1.6.json +++ b/tests/_data/schemaTestData/1.6/invalid-license-id-1.6.json @@ -1,4 +1,5 @@ { + "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", diff --git a/tests/_data/schemaTestData/1.6/invalid-license-missing-id-and-name-1.6.json b/tests/_data/schemaTestData/1.6/invalid-license-missing-id-and-name-1.6.json index 65b72d310..b70f8f6d9 100644 --- a/tests/_data/schemaTestData/1.6/invalid-license-missing-id-and-name-1.6.json +++ b/tests/_data/schemaTestData/1.6/invalid-license-missing-id-and-name-1.6.json @@ -1,10 +1,12 @@ { + "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", "version": 1, "components": [ { + "type": "library", "name": "license-with-no-id-nor-name", "version": "23", "description": "testcase for issue#288", diff --git a/tests/_data/schemaTestData/1.6/invalid-metadata-license-1.6.json b/tests/_data/schemaTestData/1.6/invalid-metadata-license-1.6.json index a510758b6..9db03c948 100644 --- a/tests/_data/schemaTestData/1.6/invalid-metadata-license-1.6.json +++ b/tests/_data/schemaTestData/1.6/invalid-metadata-license-1.6.json @@ -1,4 +1,5 @@ { + "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", diff --git a/tests/_data/schemaTestData/1.6/invalid-metadata-timestamp-1.6.json b/tests/_data/schemaTestData/1.6/invalid-metadata-timestamp-1.6.json index e3f1884b6..14bbdee56 100644 --- a/tests/_data/schemaTestData/1.6/invalid-metadata-timestamp-1.6.json +++ b/tests/_data/schemaTestData/1.6/invalid-metadata-timestamp-1.6.json @@ -1,4 +1,5 @@ { + "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", diff --git a/tests/_data/schemaTestData/1.6/invalid-missing-component-type-1.6.json b/tests/_data/schemaTestData/1.6/invalid-missing-component-type-1.6.json index ec0b081e6..ea53406f9 100644 --- a/tests/_data/schemaTestData/1.6/invalid-missing-component-type-1.6.json +++ b/tests/_data/schemaTestData/1.6/invalid-missing-component-type-1.6.json @@ -1,4 +1,5 @@ { + "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", diff --git a/tests/_data/schemaTestData/1.6/invalid-patch-type-1.6.json b/tests/_data/schemaTestData/1.6/invalid-patch-type-1.6.json index a71680e39..51de20b1e 100644 --- a/tests/_data/schemaTestData/1.6/invalid-patch-type-1.6.json +++ b/tests/_data/schemaTestData/1.6/invalid-patch-type-1.6.json @@ -1,4 +1,5 @@ { + "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", diff --git a/tests/_data/schemaTestData/1.6/invalid-properties-1.6.json b/tests/_data/schemaTestData/1.6/invalid-properties-1.6.json index 069850353..219544f30 100644 --- a/tests/_data/schemaTestData/1.6/invalid-properties-1.6.json +++ b/tests/_data/schemaTestData/1.6/invalid-properties-1.6.json @@ -1,4 +1,5 @@ { + "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:bcb403ae-91fa-436e-bc93-84d1078cdeed", diff --git a/tests/_data/schemaTestData/1.6/invalid-scope-1.6.json b/tests/_data/schemaTestData/1.6/invalid-scope-1.6.json index cbb68fa26..dcc78ab57 100644 --- a/tests/_data/schemaTestData/1.6/invalid-scope-1.6.json +++ b/tests/_data/schemaTestData/1.6/invalid-scope-1.6.json @@ -1,4 +1,5 @@ { + "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", diff --git a/tests/_data/schemaTestData/1.6/invalid-serialnumber-1.6.json b/tests/_data/schemaTestData/1.6/invalid-serialnumber-1.6.json index fdc34e3d9..9aea4ae49 100644 --- a/tests/_data/schemaTestData/1.6/invalid-serialnumber-1.6.json +++ b/tests/_data/schemaTestData/1.6/invalid-serialnumber-1.6.json @@ -1,4 +1,5 @@ { + "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f", diff --git a/tests/_data/schemaTestData/1.6/invalid-service-data-1.6.json b/tests/_data/schemaTestData/1.6/invalid-service-data-1.6.json index 9f0285943..9fb86ef61 100644 --- a/tests/_data/schemaTestData/1.6/invalid-service-data-1.6.json +++ b/tests/_data/schemaTestData/1.6/invalid-service-data-1.6.json @@ -1,4 +1,5 @@ { + "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", diff --git a/tests/_data/schemaTestData/1.6/valid-annotation-1.6.json b/tests/_data/schemaTestData/1.6/valid-annotation-1.6.json index 790fc2808..108d5ed8d 100644 --- a/tests/_data/schemaTestData/1.6/valid-annotation-1.6.json +++ b/tests/_data/schemaTestData/1.6/valid-annotation-1.6.json @@ -1,4 +1,5 @@ { + "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", @@ -76,6 +77,13 @@ "name": "Partner Org", "url": [ "https://partner.org" + ], + "contact" : [ + { + "name": "Support", + "email": "support@partner.org", + "phone": "800-555-1212" + } ] }, "group": "org.partner", diff --git a/tests/_data/schemaTestData/1.6/valid-annotation-1.6.xml b/tests/_data/schemaTestData/1.6/valid-annotation-1.6.xml index ea3c28728..c329a23c1 100644 --- a/tests/_data/schemaTestData/1.6/valid-annotation-1.6.xml +++ b/tests/_data/schemaTestData/1.6/valid-annotation-1.6.xml @@ -21,7 +21,7 @@ - 2020-04-07T07:01:00Z + 2022-01-01T00:00:00Z This is a sample annotation made by an organization @@ -35,8 +35,8 @@ 800-555-1212 - 2020-04-07T07:01:00Z - This is a sample annotation made by an person + 2022-01-01T00:00:00Z + This is a sample annotation made by a person @@ -48,7 +48,7 @@ 9.1.2 - 2020-04-07T07:01:00Z + 2022-01-01T00:00:00Z This is a sample annotation made by a component @@ -62,7 +62,7 @@ https://partner.org Support - support@partner + support@partner.org 800-555-1212 @@ -76,11 +76,11 @@ true true - pubic + public - 2020-04-07T07:01:00Z + 2022-01-01T00:00:00Z This is a sample annotation made by a service diff --git a/tests/_data/schemaTestData/1.6/valid-assembly-1.6.json b/tests/_data/schemaTestData/1.6/valid-assembly-1.6.json index 681c10e61..864e0e4fa 100644 --- a/tests/_data/schemaTestData/1.6/valid-assembly-1.6.json +++ b/tests/_data/schemaTestData/1.6/valid-assembly-1.6.json @@ -1,4 +1,5 @@ { + "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", diff --git a/tests/_data/schemaTestData/1.6/valid-attestation-1.6.json b/tests/_data/schemaTestData/1.6/valid-attestation-1.6.json index 57a049728..9caa455df 100644 --- a/tests/_data/schemaTestData/1.6/valid-attestation-1.6.json +++ b/tests/_data/schemaTestData/1.6/valid-attestation-1.6.json @@ -1,4 +1,5 @@ { + "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", diff --git a/tests/_data/schemaTestData/1.6/valid-attestation-1.6.xml b/tests/_data/schemaTestData/1.6/valid-attestation-1.6.xml index 1dce0ced8..4f34748a0 100644 --- a/tests/_data/schemaTestData/1.6/valid-attestation-1.6.xml +++ b/tests/_data/schemaTestData/1.6/valid-attestation-1.6.xml @@ -3,9 +3,9 @@ - false + true - Acme Inc + Assessors Inc @@ -25,7 +25,7 @@ 0.8 Conformance rationale here - mitigations-1 + mitigationStrategy-1 @@ -110,7 +110,7 @@ Mitigation strategy here - Public + Company Confidential Describe sensitive data here 2023-04-25T00:00:00+00:00 diff --git a/tests/_data/schemaTestData/1.6/valid-bom-1.6.json b/tests/_data/schemaTestData/1.6/valid-bom-1.6.json index 6244850f5..9ab00e7bb 100644 --- a/tests/_data/schemaTestData/1.6/valid-bom-1.6.json +++ b/tests/_data/schemaTestData/1.6/valid-bom-1.6.json @@ -1,4 +1,5 @@ { + "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", @@ -72,13 +73,15 @@ }, "components": [ { - "bom-ref": "pkg:npm/acme/component@1.0.0", - "type": "library", + "bom-ref": "pkg:maven/com.acme/tomcat-catalina@9.0.14?packaging=jar", + "type": "application", "author": "Joane Doe et al.", "publisher": "Acme Inc", "group": "com.acme", "name": "tomcat-catalina", "version": "9.0.14", + "description": "Modified version of Apache Catalina", + "scope": "required", "hashes": [ { "alg": "MD5", @@ -104,28 +107,31 @@ "text": { "contentType": "text/plain", "encoding": "base64", - "content": "PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0idXRmLTgiID8+CjxTb2Z0d2FyZUlkZW50aXR5IHhtbDpsYW5nPSJFTiIgbmFtZT0iQWNtZSBBcHBsaWNhdGlvbiIgdmVyc2lvbj0iOS4xLjEiIAogdmVyc2lvblNjaGVtZT0ibXVsdGlwYXJ0bnVtZXJpYyIgCiB0YWdJZD0ic3dpZGdlbi1iNTk1MWFjOS00MmMwLWYzODItM2YxZS1iYzdhMmE0NDk3Y2JfOS4xLjEiIAogeG1sbnM9Imh0dHA6Ly9zdGFuZGFyZHMuaXNvLm9yZy9pc28vMTk3NzAvLTIvMjAxNS9zY2hlbWEueHNkIj4gCiB4bWxuczp4c2k9Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvWE1MU2NoZW1hLWluc3RhbmNlIiAKIHhzaTpzY2hlbWFMb2NhdGlvbj0iaHR0cDovL3N0YW5kYXJkcy5pc28ub3JnL2lzby8xOTc3MC8tMi8yMDE1LWN1cnJlbnQvc2NoZW1hLnhzZCBzY2hlbWEueHNkIiA+CiAgPE1ldGEgZ2VuZXJhdG9yPSJTV0lEIFRhZyBPbmxpbmUgR2VuZXJhdG9yIHYwLjEiIC8+IAogIDxFbnRpdHkgbmFtZT0iQWNtZSwgSW5jLiIgcmVnaWQ9ImV4YW1wbGUuY29tIiByb2xlPSJ0YWdDcmVhdG9yIiAvPiAKPC9Tb2Z0d2FyZUlkZW50aXR5Pg==" + "content": "CiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIEFwYWNoZSBMaWNlbnNlCiAgICAgICAgICAgICAgICAgICAgICAgICAgIFZlcnNpb24gMi4wLCBKYW51YXJ5IDIwMDQKICAgICAgICAgICAgICAgICAgICAgICAgaHR0cDovL3d3dy5hcGFjaGUub3JnL2xpY2Vuc2VzLwoKICAgVEVSTVMgQU5EIENPTkRJVElPTlMgRk9SIFVTRSwgUkVQUk9EVUNUSU9OLCBBTkQgRElTVFJJQlVUSU9OCgogICAxLiBEZWZpbml0aW9ucy4KCiAgICAgICJMaWNlbnNlIiBzaGFsbCBtZWFuIHRoZSB0ZXJtcyBhbmQgY29uZGl0aW9ucyBmb3IgdXNlLCByZXByb2R1Y3Rpb24sCiAgICAgIGFuZCBkaXN0cmlidXRpb24gYXMgZGVmaW5lZCBieSBTZWN0aW9ucyAxIHRocm91Z2ggOSBvZiB0aGlzIGRvY3VtZW50LgoKICAgICAgIkxpY2Vuc29yIiBzaGFsbCBtZWFuIHRoZSBjb3B5cmlnaHQgb3duZXIgb3IgZW50aXR5IGF1dGhvcml6ZWQgYnkKICAgICAgdGhlIGNvcHlyaWdodCBvd25lciB0aGF0IGlzIGdyYW50aW5nIHRoZSBMaWNlbnNlLgoKICAgICAgIkxlZ2FsIEVudGl0eSIgc2hhbGwgbWVhbiB0aGUgdW5pb24gb2YgdGhlIGFjdGluZyBlbnRpdHkgYW5kIGFsbAogICAgICBvdGhlciBlbnRpdGllcyB0aGF0IGNvbnRyb2wsIGFyZSBjb250cm9sbGVkIGJ5LCBvciBhcmUgdW5kZXIgY29tbW9uCiAgICAgIGNvbnRyb2wgd2l0aCB0aGF0IGVudGl0eS4gRm9yIHRoZSBwdXJwb3NlcyBvZiB0aGlzIGRlZmluaXRpb24sCiAgICAgICJjb250cm9sIiBtZWFucyAoaSkgdGhlIHBvd2VyLCBkaXJlY3Qgb3IgaW5kaXJlY3QsIHRvIGNhdXNlIHRoZQogICAgICBkaXJlY3Rpb24gb3IgbWFuYWdlbWVudCBvZiBzdWNoIGVudGl0eSwgd2hldGhlciBieSBjb250cmFjdCBvcgogICAgICBvdGhlcndpc2UsIG9yIChpaSkgb3duZXJzaGlwIG9mIGZpZnR5IHBlcmNlbnQgKDUwJSkgb3IgbW9yZSBvZiB0aGUKICAgICAgb3V0c3RhbmRpbmcgc2hhcmVzLCBvciAoaWlpKSBiZW5lZmljaWFsIG93bmVyc2hpcCBvZiBzdWNoIGVudGl0eS4KCiAgICAgICJZb3UiIChvciAiWW91ciIpIHNoYWxsIG1lYW4gYW4gaW5kaXZpZHVhbCBvciBMZWdhbCBFbnRpdHkKICAgICAgZXhlcmNpc2luZyBwZXJtaXNzaW9ucyBncmFudGVkIGJ5IHRoaXMgTGljZW5zZS4KCiAgICAgICJTb3VyY2UiIGZvcm0gc2hhbGwgbWVhbiB0aGUgcHJlZmVycmVkIGZvcm0gZm9yIG1ha2luZyBtb2RpZmljYXRpb25zLAogICAgICBpbmNsdWRpbmcgYnV0IG5vdCBsaW1pdGVkIHRvIHNvZnR3YXJlIHNvdXJjZSBjb2RlLCBkb2N1bWVudGF0aW9uCiAgICAgIHNvdXJjZSwgYW5kIGNvbmZpZ3VyYXRpb24gZmlsZXMuCgogICAgICAiT2JqZWN0IiBmb3JtIHNoYWxsIG1lYW4gYW55IGZvcm0gcmVzdWx0aW5nIGZyb20gbWVjaGFuaWNhbAogICAgICB0cmFuc2Zvcm1hdGlvbiBvciB0cmFuc2xhdGlvbiBvZiBhIFNvdXJjZSBmb3JtLCBpbmNsdWRpbmcgYnV0CiAgICAgIG5vdCBsaW1pdGVkIHRvIGNvbXBpbGVkIG9iamVjdCBjb2RlLCBnZW5lcmF0ZWQgZG9jdW1lbnRhdGlvbiwKICAgICAgYW5kIGNvbnZlcnNpb25zIHRvIG90aGVyIG1lZGlhIHR5cGVzLgoKICAgICAgIldvcmsiIHNoYWxsIG1lYW4gdGhlIHdvcmsgb2YgYXV0aG9yc2hpcCwgd2hldGhlciBpbiBTb3VyY2Ugb3IKICAgICAgT2JqZWN0IGZvcm0sIG1hZGUgYXZhaWxhYmxlIHVuZGVyIHRoZSBMaWNlbnNlLCBhcyBpbmRpY2F0ZWQgYnkgYQogICAgICBjb3B5cmlnaHQgbm90aWNlIHRoYXQgaXMgaW5jbHVkZWQgaW4gb3IgYXR0YWNoZWQgdG8gdGhlIHdvcmsKICAgICAgKGFuIGV4YW1wbGUgaXMgcHJvdmlkZWQgaW4gdGhlIEFwcGVuZGl4IGJlbG93KS4KCiAgICAgICJEZXJpdmF0aXZlIFdvcmtzIiBzaGFsbCBtZWFuIGFueSB3b3JrLCB3aGV0aGVyIGluIFNvdXJjZSBvciBPYmplY3QKICAgICAgZm9ybSwgdGhhdCBpcyBiYXNlZCBvbiAob3IgZGVyaXZlZCBmcm9tKSB0aGUgV29yayBhbmQgZm9yIHdoaWNoIHRoZQogICAgICBlZGl0b3JpYWwgcmV2aXNpb25zLCBhbm5vdGF0aW9ucywgZWxhYm9yYXRpb25zLCBvciBvdGhlciBtb2RpZmljYXRpb25zCiAgICAgIHJlcHJlc2VudCwgYXMgYSB3aG9sZSwgYW4gb3JpZ2luYWwgd29yayBvZiBhdXRob3JzaGlwLiBGb3IgdGhlIHB1cnBvc2VzCiAgICAgIG9mIHRoaXMgTGljZW5zZSwgRGVyaXZhdGl2ZSBXb3JrcyBzaGFsbCBub3QgaW5jbHVkZSB3b3JrcyB0aGF0IHJlbWFpbgogICAgICBzZXBhcmFibGUgZnJvbSwgb3IgbWVyZWx5IGxpbmsgKG9yIGJpbmQgYnkgbmFtZSkgdG8gdGhlIGludGVyZmFjZXMgb2YsCiAgICAgIHRoZSBXb3JrIGFuZCBEZXJpdmF0aXZlIFdvcmtzIHRoZXJlb2YuCgogICAgICAiQ29udHJpYnV0aW9uIiBzaGFsbCBtZWFuIGFueSB3b3JrIG9mIGF1dGhvcnNoaXAsIGluY2x1ZGluZwogICAgICB0aGUgb3JpZ2luYWwgdmVyc2lvbiBvZiB0aGUgV29yayBhbmQgYW55IG1vZGlmaWNhdGlvbnMgb3IgYWRkaXRpb25zCiAgICAgIHRvIHRoYXQgV29yayBvciBEZXJpdmF0aXZlIFdvcmtzIHRoZXJlb2YsIHRoYXQgaXMgaW50ZW50aW9uYWxseQogICAgICBzdWJtaXR0ZWQgdG8gTGljZW5zb3IgZm9yIGluY2x1c2lvbiBpbiB0aGUgV29yayBieSB0aGUgY29weXJpZ2h0IG93bmVyCiAgICAgIG9yIGJ5IGFuIGluZGl2aWR1YWwgb3IgTGVnYWwgRW50aXR5IGF1dGhvcml6ZWQgdG8gc3VibWl0IG9uIGJlaGFsZiBvZgogICAgICB0aGUgY29weXJpZ2h0IG93bmVyLiBGb3IgdGhlIHB1cnBvc2VzIG9mIHRoaXMgZGVmaW5pdGlvbiwgInN1Ym1pdHRlZCIKICAgICAgbWVhbnMgYW55IGZvcm0gb2YgZWxlY3Ryb25pYywgdmVyYmFsLCBvciB3cml0dGVuIGNvbW11bmljYXRpb24gc2VudAogICAgICB0byB0aGUgTGljZW5zb3Igb3IgaXRzIHJlcHJlc2VudGF0aXZlcywgaW5jbHVkaW5nIGJ1dCBub3QgbGltaXRlZCB0bwogICAgICBjb21tdW5pY2F0aW9uIG9uIGVsZWN0cm9uaWMgbWFpbGluZyBsaXN0cywgc291cmNlIGNvZGUgY29udHJvbCBzeXN0ZW1zLAogICAgICBhbmQgaXNzdWUgdHJhY2tpbmcgc3lzdGVtcyB0aGF0IGFyZSBtYW5hZ2VkIGJ5LCBvciBvbiBiZWhhbGYgb2YsIHRoZQogICAgICBMaWNlbnNvciBmb3IgdGhlIHB1cnBvc2Ugb2YgZGlzY3Vzc2luZyBhbmQgaW1wcm92aW5nIHRoZSBXb3JrLCBidXQKICAgICAgZXhjbHVkaW5nIGNvbW11bmljYXRpb24gdGhhdCBpcyBjb25zcGljdW91c2x5IG1hcmtlZCBvciBvdGhlcndpc2UKICAgICAgZGVzaWduYXRlZCBpbiB3cml0aW5nIGJ5IHRoZSBjb3B5cmlnaHQgb3duZXIgYXMgIk5vdCBhIENvbnRyaWJ1dGlvbi4iCgogICAgICAiQ29udHJpYnV0b3IiIHNoYWxsIG1lYW4gTGljZW5zb3IgYW5kIGFueSBpbmRpdmlkdWFsIG9yIExlZ2FsIEVudGl0eQogICAgICBvbiBiZWhhbGYgb2Ygd2hvbSBhIENvbnRyaWJ1dGlvbiBoYXMgYmVlbiByZWNlaXZlZCBieSBMaWNlbnNvciBhbmQKICAgICAgc3Vic2VxdWVudGx5IGluY29ycG9yYXRlZCB3aXRoaW4gdGhlIFdvcmsuCgogICAyLiBHcmFudCBvZiBDb3B5cmlnaHQgTGljZW5zZS4gU3ViamVjdCB0byB0aGUgdGVybXMgYW5kIGNvbmRpdGlvbnMgb2YKICAgICAgdGhpcyBMaWNlbnNlLCBlYWNoIENvbnRyaWJ1dG9yIGhlcmVieSBncmFudHMgdG8gWW91IGEgcGVycGV0dWFsLAogICAgICB3b3JsZHdpZGUsIG5vbi1leGNsdXNpdmUsIG5vLWNoYXJnZSwgcm95YWx0eS1mcmVlLCBpcnJldm9jYWJsZQogICAgICBjb3B5cmlnaHQgbGljZW5zZSB0byByZXByb2R1Y2UsIHByZXBhcmUgRGVyaXZhdGl2ZSBXb3JrcyBvZiwKICAgICAgcHVibGljbHkgZGlzcGxheSwgcHVibGljbHkgcGVyZm9ybSwgc3VibGljZW5zZSwgYW5kIGRpc3RyaWJ1dGUgdGhlCiAgICAgIFdvcmsgYW5kIHN1Y2ggRGVyaXZhdGl2ZSBXb3JrcyBpbiBTb3VyY2Ugb3IgT2JqZWN0IGZvcm0uCgogICAzLiBHcmFudCBvZiBQYXRlbnQgTGljZW5zZS4gU3ViamVjdCB0byB0aGUgdGVybXMgYW5kIGNvbmRpdGlvbnMgb2YKICAgICAgdGhpcyBMaWNlbnNlLCBlYWNoIENvbnRyaWJ1dG9yIGhlcmVieSBncmFudHMgdG8gWW91IGEgcGVycGV0dWFsLAogICAgICB3b3JsZHdpZGUsIG5vbi1leGNsdXNpdmUsIG5vLWNoYXJnZSwgcm95YWx0eS1mcmVlLCBpcnJldm9jYWJsZQogICAgICAoZXhjZXB0IGFzIHN0YXRlZCBpbiB0aGlzIHNlY3Rpb24pIHBhdGVudCBsaWNlbnNlIHRvIG1ha2UsIGhhdmUgbWFkZSwKICAgICAgdXNlLCBvZmZlciB0byBzZWxsLCBzZWxsLCBpbXBvcnQsIGFuZCBvdGhlcndpc2UgdHJhbnNmZXIgdGhlIFdvcmssCiAgICAgIHdoZXJlIHN1Y2ggbGljZW5zZSBhcHBsaWVzIG9ubHkgdG8gdGhvc2UgcGF0ZW50IGNsYWltcyBsaWNlbnNhYmxlCiAgICAgIGJ5IHN1Y2ggQ29udHJpYnV0b3IgdGhhdCBhcmUgbmVjZXNzYXJpbHkgaW5mcmluZ2VkIGJ5IHRoZWlyCiAgICAgIENvbnRyaWJ1dGlvbihzKSBhbG9uZSBvciBieSBjb21iaW5hdGlvbiBvZiB0aGVpciBDb250cmlidXRpb24ocykKICAgICAgd2l0aCB0aGUgV29yayB0byB3aGljaCBzdWNoIENvbnRyaWJ1dGlvbihzKSB3YXMgc3VibWl0dGVkLiBJZiBZb3UKICAgICAgaW5zdGl0dXRlIHBhdGVudCBsaXRpZ2F0aW9uIGFnYWluc3QgYW55IGVudGl0eSAoaW5jbHVkaW5nIGEKICAgICAgY3Jvc3MtY2xhaW0gb3IgY291bnRlcmNsYWltIGluIGEgbGF3c3VpdCkgYWxsZWdpbmcgdGhhdCB0aGUgV29yawogICAgICBvciBhIENvbnRyaWJ1dGlvbiBpbmNvcnBvcmF0ZWQgd2l0aGluIHRoZSBXb3JrIGNvbnN0aXR1dGVzIGRpcmVjdAogICAgICBvciBjb250cmlidXRvcnkgcGF0ZW50IGluZnJpbmdlbWVudCwgdGhlbiBhbnkgcGF0ZW50IGxpY2Vuc2VzCiAgICAgIGdyYW50ZWQgdG8gWW91IHVuZGVyIHRoaXMgTGljZW5zZSBmb3IgdGhhdCBXb3JrIHNoYWxsIHRlcm1pbmF0ZQogICAgICBhcyBvZiB0aGUgZGF0ZSBzdWNoIGxpdGlnYXRpb24gaXMgZmlsZWQuCgogICA0LiBSZWRpc3RyaWJ1dGlvbi4gWW91IG1heSByZXByb2R1Y2UgYW5kIGRpc3RyaWJ1dGUgY29waWVzIG9mIHRoZQogICAgICBXb3JrIG9yIERlcml2YXRpdmUgV29ya3MgdGhlcmVvZiBpbiBhbnkgbWVkaXVtLCB3aXRoIG9yIHdpdGhvdXQKICAgICAgbW9kaWZpY2F0aW9ucywgYW5kIGluIFNvdXJjZSBvciBPYmplY3QgZm9ybSwgcHJvdmlkZWQgdGhhdCBZb3UKICAgICAgbWVldCB0aGUgZm9sbG93aW5nIGNvbmRpdGlvbnM6CgogICAgICAoYSkgWW91IG11c3QgZ2l2ZSBhbnkgb3RoZXIgcmVjaXBpZW50cyBvZiB0aGUgV29yayBvcgogICAgICAgICAgRGVyaXZhdGl2ZSBXb3JrcyBhIGNvcHkgb2YgdGhpcyBMaWNlbnNlOyBhbmQKCiAgICAgIChiKSBZb3UgbXVzdCBjYXVzZSBhbnkgbW9kaWZpZWQgZmlsZXMgdG8gY2FycnkgcHJvbWluZW50IG5vdGljZXMKICAgICAgICAgIHN0YXRpbmcgdGhhdCBZb3UgY2hhbmdlZCB0aGUgZmlsZXM7IGFuZAoKICAgICAgKGMpIFlvdSBtdXN0IHJldGFpbiwgaW4gdGhlIFNvdXJjZSBmb3JtIG9mIGFueSBEZXJpdmF0aXZlIFdvcmtzCiAgICAgICAgICB0aGF0IFlvdSBkaXN0cmlidXRlLCBhbGwgY29weXJpZ2h0LCBwYXRlbnQsIHRyYWRlbWFyaywgYW5kCiAgICAgICAgICBhdHRyaWJ1dGlvbiBub3RpY2VzIGZyb20gdGhlIFNvdXJjZSBmb3JtIG9mIHRoZSBXb3JrLAogICAgICAgICAgZXhjbHVkaW5nIHRob3NlIG5vdGljZXMgdGhhdCBkbyBub3QgcGVydGFpbiB0byBhbnkgcGFydCBvZgogICAgICAgICAgdGhlIERlcml2YXRpdmUgV29ya3M7IGFuZAoKICAgICAgKGQpIElmIHRoZSBXb3JrIGluY2x1ZGVzIGEgIk5PVElDRSIgdGV4dCBmaWxlIGFzIHBhcnQgb2YgaXRzCiAgICAgICAgICBkaXN0cmlidXRpb24sIHRoZW4gYW55IERlcml2YXRpdmUgV29ya3MgdGhhdCBZb3UgZGlzdHJpYnV0ZSBtdXN0CiAgICAgICAgICBpbmNsdWRlIGEgcmVhZGFibGUgY29weSBvZiB0aGUgYXR0cmlidXRpb24gbm90aWNlcyBjb250YWluZWQKICAgICAgICAgIHdpdGhpbiBzdWNoIE5PVElDRSBmaWxlLCBleGNsdWRpbmcgdGhvc2Ugbm90aWNlcyB0aGF0IGRvIG5vdAogICAgICAgICAgcGVydGFpbiB0byBhbnkgcGFydCBvZiB0aGUgRGVyaXZhdGl2ZSBXb3JrcywgaW4gYXQgbGVhc3Qgb25lCiAgICAgICAgICBvZiB0aGUgZm9sbG93aW5nIHBsYWNlczogd2l0aGluIGEgTk9USUNFIHRleHQgZmlsZSBkaXN0cmlidXRlZAogICAgICAgICAgYXMgcGFydCBvZiB0aGUgRGVyaXZhdGl2ZSBXb3Jrczsgd2l0aGluIHRoZSBTb3VyY2UgZm9ybSBvcgogICAgICAgICAgZG9jdW1lbnRhdGlvbiwgaWYgcHJvdmlkZWQgYWxvbmcgd2l0aCB0aGUgRGVyaXZhdGl2ZSBXb3Jrczsgb3IsCiAgICAgICAgICB3aXRoaW4gYSBkaXNwbGF5IGdlbmVyYXRlZCBieSB0aGUgRGVyaXZhdGl2ZSBXb3JrcywgaWYgYW5kCiAgICAgICAgICB3aGVyZXZlciBzdWNoIHRoaXJkLXBhcnR5IG5vdGljZXMgbm9ybWFsbHkgYXBwZWFyLiBUaGUgY29udGVudHMKICAgICAgICAgIG9mIHRoZSBOT1RJQ0UgZmlsZSBhcmUgZm9yIGluZm9ybWF0aW9uYWwgcHVycG9zZXMgb25seSBhbmQKICAgICAgICAgIGRvIG5vdCBtb2RpZnkgdGhlIExpY2Vuc2UuIFlvdSBtYXkgYWRkIFlvdXIgb3duIGF0dHJpYnV0aW9uCiAgICAgICAgICBub3RpY2VzIHdpdGhpbiBEZXJpdmF0aXZlIFdvcmtzIHRoYXQgWW91IGRpc3RyaWJ1dGUsIGFsb25nc2lkZQogICAgICAgICAgb3IgYXMgYW4gYWRkZW5kdW0gdG8gdGhlIE5PVElDRSB0ZXh0IGZyb20gdGhlIFdvcmssIHByb3ZpZGVkCiAgICAgICAgICB0aGF0IHN1Y2ggYWRkaXRpb25hbCBhdHRyaWJ1dGlvbiBub3RpY2VzIGNhbm5vdCBiZSBjb25zdHJ1ZWQKICAgICAgICAgIGFzIG1vZGlmeWluZyB0aGUgTGljZW5zZS4KCiAgICAgIFlvdSBtYXkgYWRkIFlvdXIgb3duIGNvcHlyaWdodCBzdGF0ZW1lbnQgdG8gWW91ciBtb2RpZmljYXRpb25zIGFuZAogICAgICBtYXkgcHJvdmlkZSBhZGRpdGlvbmFsIG9yIGRpZmZlcmVudCBsaWNlbnNlIHRlcm1zIGFuZCBjb25kaXRpb25zCiAgICAgIGZvciB1c2UsIHJlcHJvZHVjdGlvbiwgb3IgZGlzdHJpYnV0aW9uIG9mIFlvdXIgbW9kaWZpY2F0aW9ucywgb3IKICAgICAgZm9yIGFueSBzdWNoIERlcml2YXRpdmUgV29ya3MgYXMgYSB3aG9sZSwgcHJvdmlkZWQgWW91ciB1c2UsCiAgICAgIHJlcHJvZHVjdGlvbiwgYW5kIGRpc3RyaWJ1dGlvbiBvZiB0aGUgV29yayBvdGhlcndpc2UgY29tcGxpZXMgd2l0aAogICAgICB0aGUgY29uZGl0aW9ucyBzdGF0ZWQgaW4gdGhpcyBMaWNlbnNlLgoKICAgNS4gU3VibWlzc2lvbiBvZiBDb250cmlidXRpb25zLiBVbmxlc3MgWW91IGV4cGxpY2l0bHkgc3RhdGUgb3RoZXJ3aXNlLAogICAgICBhbnkgQ29udHJpYnV0aW9uIGludGVudGlvbmFsbHkgc3VibWl0dGVkIGZvciBpbmNsdXNpb24gaW4gdGhlIFdvcmsKICAgICAgYnkgWW91IHRvIHRoZSBMaWNlbnNvciBzaGFsbCBiZSB1bmRlciB0aGUgdGVybXMgYW5kIGNvbmRpdGlvbnMgb2YKICAgICAgdGhpcyBMaWNlbnNlLCB3aXRob3V0IGFueSBhZGRpdGlvbmFsIHRlcm1zIG9yIGNvbmRpdGlvbnMuCiAgICAgIE5vdHdpdGhzdGFuZGluZyB0aGUgYWJvdmUsIG5vdGhpbmcgaGVyZWluIHNoYWxsIHN1cGVyc2VkZSBvciBtb2RpZnkKICAgICAgdGhlIHRlcm1zIG9mIGFueSBzZXBhcmF0ZSBsaWNlbnNlIGFncmVlbWVudCB5b3UgbWF5IGhhdmUgZXhlY3V0ZWQKICAgICAgd2l0aCBMaWNlbnNvciByZWdhcmRpbmcgc3VjaCBDb250cmlidXRpb25zLgoKICAgNi4gVHJhZGVtYXJrcy4gVGhpcyBMaWNlbnNlIGRvZXMgbm90IGdyYW50IHBlcm1pc3Npb24gdG8gdXNlIHRoZSB0cmFkZQogICAgICBuYW1lcywgdHJhZGVtYXJrcywgc2VydmljZSBtYXJrcywgb3IgcHJvZHVjdCBuYW1lcyBvZiB0aGUgTGljZW5zb3IsCiAgICAgIGV4Y2VwdCBhcyByZXF1aXJlZCBmb3IgcmVhc29uYWJsZSBhbmQgY3VzdG9tYXJ5IHVzZSBpbiBkZXNjcmliaW5nIHRoZQogICAgICBvcmlnaW4gb2YgdGhlIFdvcmsgYW5kIHJlcHJvZHVjaW5nIHRoZSBjb250ZW50IG9mIHRoZSBOT1RJQ0UgZmlsZS4KCiAgIDcuIERpc2NsYWltZXIgb2YgV2FycmFudHkuIFVubGVzcyByZXF1aXJlZCBieSBhcHBsaWNhYmxlIGxhdyBvcgogICAgICBhZ3JlZWQgdG8gaW4gd3JpdGluZywgTGljZW5zb3IgcHJvdmlkZXMgdGhlIFdvcmsgKGFuZCBlYWNoCiAgICAgIENvbnRyaWJ1dG9yIHByb3ZpZGVzIGl0cyBDb250cmlidXRpb25zKSBvbiBhbiAiQVMgSVMiIEJBU0lTLAogICAgICBXSVRIT1VUIFdBUlJBTlRJRVMgT1IgQ09ORElUSU9OUyBPRiBBTlkgS0lORCwgZWl0aGVyIGV4cHJlc3Mgb3IKICAgICAgaW1wbGllZCwgaW5jbHVkaW5nLCB3aXRob3V0IGxpbWl0YXRpb24sIGFueSB3YXJyYW50aWVzIG9yIGNvbmRpdGlvbnMKICAgICAgb2YgVElUTEUsIE5PTi1JTkZSSU5HRU1FTlQsIE1FUkNIQU5UQUJJTElUWSwgb3IgRklUTkVTUyBGT1IgQQogICAgICBQQVJUSUNVTEFSIFBVUlBPU0UuIFlvdSBhcmUgc29sZWx5IHJlc3BvbnNpYmxlIGZvciBkZXRlcm1pbmluZyB0aGUKICAgICAgYXBwcm9wcmlhdGVuZXNzIG9mIHVzaW5nIG9yIHJlZGlzdHJpYnV0aW5nIHRoZSBXb3JrIGFuZCBhc3N1bWUgYW55CiAgICAgIHJpc2tzIGFzc29jaWF0ZWQgd2l0aCBZb3VyIGV4ZXJjaXNlIG9mIHBlcm1pc3Npb25zIHVuZGVyIHRoaXMgTGljZW5zZS4KCiAgIDguIExpbWl0YXRpb24gb2YgTGlhYmlsaXR5LiBJbiBubyBldmVudCBhbmQgdW5kZXIgbm8gbGVnYWwgdGhlb3J5LAogICAgICB3aGV0aGVyIGluIHRvcnQgKGluY2x1ZGluZyBuZWdsaWdlbmNlKSwgY29udHJhY3QsIG9yIG90aGVyd2lzZSwKICAgICAgdW5sZXNzIHJlcXVpcmVkIGJ5IGFwcGxpY2FibGUgbGF3IChzdWNoIGFzIGRlbGliZXJhdGUgYW5kIGdyb3NzbHkKICAgICAgbmVnbGlnZW50IGFjdHMpIG9yIGFncmVlZCB0byBpbiB3cml0aW5nLCBzaGFsbCBhbnkgQ29udHJpYnV0b3IgYmUKICAgICAgbGlhYmxlIHRvIFlvdSBmb3IgZGFtYWdlcywgaW5jbHVkaW5nIGFueSBkaXJlY3QsIGluZGlyZWN0LCBzcGVjaWFsLAogICAgICBpbmNpZGVudGFsLCBvciBjb25zZXF1ZW50aWFsIGRhbWFnZXMgb2YgYW55IGNoYXJhY3RlciBhcmlzaW5nIGFzIGEKICAgICAgcmVzdWx0IG9mIHRoaXMgTGljZW5zZSBvciBvdXQgb2YgdGhlIHVzZSBvciBpbmFiaWxpdHkgdG8gdXNlIHRoZQogICAgICBXb3JrIChpbmNsdWRpbmcgYnV0IG5vdCBsaW1pdGVkIHRvIGRhbWFnZXMgZm9yIGxvc3Mgb2YgZ29vZHdpbGwsCiAgICAgIHdvcmsgc3RvcHBhZ2UsIGNvbXB1dGVyIGZhaWx1cmUgb3IgbWFsZnVuY3Rpb24sIG9yIGFueSBhbmQgYWxsCiAgICAgIG90aGVyIGNvbW1lcmNpYWwgZGFtYWdlcyBvciBsb3NzZXMpLCBldmVuIGlmIHN1Y2ggQ29udHJpYnV0b3IKICAgICAgaGFzIGJlZW4gYWR2aXNlZCBvZiB0aGUgcG9zc2liaWxpdHkgb2Ygc3VjaCBkYW1hZ2VzLgoKICAgOS4gQWNjZXB0aW5nIFdhcnJhbnR5IG9yIEFkZGl0aW9uYWwgTGlhYmlsaXR5LiBXaGlsZSByZWRpc3RyaWJ1dGluZwogICAgICB0aGUgV29yayBvciBEZXJpdmF0aXZlIFdvcmtzIHRoZXJlb2YsIFlvdSBtYXkgY2hvb3NlIHRvIG9mZmVyLAogICAgICBhbmQgY2hhcmdlIGEgZmVlIGZvciwgYWNjZXB0YW5jZSBvZiBzdXBwb3J0LCB3YXJyYW50eSwgaW5kZW1uaXR5LAogICAgICBvciBvdGhlciBsaWFiaWxpdHkgb2JsaWdhdGlvbnMgYW5kL29yIHJpZ2h0cyBjb25zaXN0ZW50IHdpdGggdGhpcwogICAgICBMaWNlbnNlLiBIb3dldmVyLCBpbiBhY2NlcHRpbmcgc3VjaCBvYmxpZ2F0aW9ucywgWW91IG1heSBhY3Qgb25seQogICAgICBvbiBZb3VyIG93biBiZWhhbGYgYW5kIG9uIFlvdXIgc29sZSByZXNwb25zaWJpbGl0eSwgbm90IG9uIGJlaGFsZgogICAgICBvZiBhbnkgb3RoZXIgQ29udHJpYnV0b3IsIGFuZCBvbmx5IGlmIFlvdSBhZ3JlZSB0byBpbmRlbW5pZnksCiAgICAgIGRlZmVuZCwgYW5kIGhvbGQgZWFjaCBDb250cmlidXRvciBoYXJtbGVzcyBmb3IgYW55IGxpYWJpbGl0eQogICAgICBpbmN1cnJlZCBieSwgb3IgY2xhaW1zIGFzc2VydGVkIGFnYWluc3QsIHN1Y2ggQ29udHJpYnV0b3IgYnkgcmVhc29uCiAgICAgIG9mIHlvdXIgYWNjZXB0aW5nIGFueSBzdWNoIHdhcnJhbnR5IG9yIGFkZGl0aW9uYWwgbGlhYmlsaXR5LgoKICAgRU5EIE9GIFRFUk1TIEFORCBDT05ESVRJT05TCgogICBBUFBFTkRJWDogSG93IHRvIGFwcGx5IHRoZSBBcGFjaGUgTGljZW5zZSB0byB5b3VyIHdvcmsuCgogICAgICBUbyBhcHBseSB0aGUgQXBhY2hlIExpY2Vuc2UgdG8geW91ciB3b3JrLCBhdHRhY2ggdGhlIGZvbGxvd2luZwogICAgICBib2lsZXJwbGF0ZSBub3RpY2UsIHdpdGggdGhlIGZpZWxkcyBlbmNsb3NlZCBieSBicmFja2V0cyAiW10iCiAgICAgIHJlcGxhY2VkIHdpdGggeW91ciBvd24gaWRlbnRpZnlpbmcgaW5mb3JtYXRpb24uIChEb24ndCBpbmNsdWRlCiAgICAgIHRoZSBicmFja2V0cyEpICBUaGUgdGV4dCBzaG91bGQgYmUgZW5jbG9zZWQgaW4gdGhlIGFwcHJvcHJpYXRlCiAgICAgIGNvbW1lbnQgc3ludGF4IGZvciB0aGUgZmlsZSBmb3JtYXQuIFdlIGFsc28gcmVjb21tZW5kIHRoYXQgYQogICAgICBmaWxlIG9yIGNsYXNzIG5hbWUgYW5kIGRlc2NyaXB0aW9uIG9mIHB1cnBvc2UgYmUgaW5jbHVkZWQgb24gdGhlCiAgICAgIHNhbWUgInByaW50ZWQgcGFnZSIgYXMgdGhlIGNvcHlyaWdodCBub3RpY2UgZm9yIGVhc2llcgogICAgICBpZGVudGlmaWNhdGlvbiB3aXRoaW4gdGhpcmQtcGFydHkgYXJjaGl2ZXMuCgogICBDb3B5cmlnaHQgW3l5eXldIFtuYW1lIG9mIGNvcHlyaWdodCBvd25lcl0KCiAgIExpY2Vuc2VkIHVuZGVyIHRoZSBBcGFjaGUgTGljZW5zZSwgVmVyc2lvbiAyLjAgKHRoZSAiTGljZW5zZSIpOwogICB5b3UgbWF5IG5vdCB1c2UgdGhpcyBmaWxlIGV4Y2VwdCBpbiBjb21wbGlhbmNlIHdpdGggdGhlIExpY2Vuc2UuCiAgIFlvdSBtYXkgb2J0YWluIGEgY29weSBvZiB0aGUgTGljZW5zZSBhdAoKICAgICAgIGh0dHA6Ly93d3cuYXBhY2hlLm9yZy9saWNlbnNlcy9MSUNFTlNFLTIuMAoKICAgVW5sZXNzIHJlcXVpcmVkIGJ5IGFwcGxpY2FibGUgbGF3IG9yIGFncmVlZCB0byBpbiB3cml0aW5nLCBzb2Z0d2FyZQogICBkaXN0cmlidXRlZCB1bmRlciB0aGUgTGljZW5zZSBpcyBkaXN0cmlidXRlZCBvbiBhbiAiQVMgSVMiIEJBU0lTLAogICBXSVRIT1VUIFdBUlJBTlRJRVMgT1IgQ09ORElUSU9OUyBPRiBBTlkgS0lORCwgZWl0aGVyIGV4cHJlc3Mgb3IgaW1wbGllZC4KICAgU2VlIHRoZSBMaWNlbnNlIGZvciB0aGUgc3BlY2lmaWMgbGFuZ3VhZ2UgZ292ZXJuaW5nIHBlcm1pc3Npb25zIGFuZAogICBsaW1pdGF0aW9ucyB1bmRlciB0aGUgTGljZW5zZS4=" }, "url": "https://www.apache.org/licenses/LICENSE-2.0.txt" } } ], - "purl": "pkg:npm/acme/component@1.0.0", + "purl": "pkg:maven/com.acme/tomcat-catalina@9.0.14?packaging=jar", "pedigree": { "ancestors": [ { - "type": "library", - "publisher": "Acme Inc", - "group": "com.acme", - "name": "tomcat-catalina", - "version": "9.0.14" - }, - { - "type": "library", - "publisher": "Acme Inc", - "group": "com.acme", + "type": "application", + "author": "Apache Super Heros", + "publisher": "Apache", + "group": "org.apache.tomcat", "name": "tomcat-catalina", - "version": "9.0.14" + "version": "9.0.14", + "description": "Apache Catalina", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/org.apache.tomcat/tomcat-catalina@9.0.14?packaging=jar" } ], "commits": [ @@ -134,15 +140,23 @@ "url": "https://location/to/7638417db6d59f3c431d3e1f261cc637155684cd", "author": { "timestamp": "2018-11-13T20:20:39+00:00", - "name": "me", - "email": "me@acme.org" - } + "name": "John Doe", + "email": "john.doe@example.com" + }, + "committer": { + "timestamp": "2018-11-07T22:01:45Z", + "name": "Jane Doe", + "email": "jane.doe@example.com" + }, + "message": "Initial commit" } - ] + ], + "notes": "Commentary here" } }, { "type": "library", + "bom-ref": "pkg:maven/com.example/myapplication@1.0.0?packaging=war", "supplier": { "name": "Example, Inc.", "url": [ @@ -151,7 +165,7 @@ ], "contact": [ { - "name": "Example Support AMER Distribution", + "name": "Example Support AMER", "email": "support@example.com", "phone": "800-555-1212" }, @@ -186,15 +200,99 @@ "group": "org.example", "name": "mylibrary", "version": "1.0.0", - "scope": "required" + "scope": "required", + "hashes": [ + { + "alg": "MD5", + "content": "2342c2eaf1feb9a80195dbaddf2ebaa3" + }, + { + "alg": "SHA-1", + "content": "68b78babe00a053f9e35ec6a2d9080f5b90122b0" + }, + { + "alg": "SHA-256", + "content": "708f1f53b41f11f02d12a11b1a38d2905d47b099afc71a0f1124ef8582ec7313" + }, + { + "alg": "SHA-512", + "content": "387b7ae16b9cae45f830671541539bf544202faae5aac544a93b7b0a04f5f846fa2f4e81ef3f1677e13aed7496408a441f5657ab6d54423e56bf6f38da124aef" + } + ], + "licenses": [ + { + "expression": "EPL-2.0 OR GPL-2.0-with-classpath-exception" + } + ], + "copyright": "Copyright Example Inc. All rights reserved.", + "cpe": "cpe:/a:example:myapplication:1.0.0", + "purl": "pkg:maven/com.example/myapplication@1.0.0?packaging=war", + "modified": false, + "externalReferences": [ + { + "url": "http://example.org/docs", + "type": "documentation", + "comment": "All component versions are documented here" + }, + { + "url": "http://example.org/security", + "type": "advisories" + } + ] + }, + { + "type": "framework", + "author": "Example Super Heros", + "group": "com.example", + "name": "myframework", + "version": "1.0.0", + "description": "Example Inc, enterprise framework", + "scope": "required", + "hashes": [ + { + "alg": "MD5", + "content": "cfcb0b64aacd2f81c1cd546543de965a" + }, + { + "alg": "SHA-1", + "content": "7fbeef2346c45d565c3341f037bce4e088af8a52" + }, + { + "alg": "SHA-256", + "content": "0384db3cec55d86a6898c489fdb75a8e75fe66b26639634983d2f3c3558493d1" + }, + { + "alg": "SHA-512", + "content": "854909cdb9e3ca183056837144aab6d8069b377bd66445087cc7157bf0c3f620418705dd0b83bdc2f73a508c2bdb316ca1809d75ee6972d02023a3e7dd655c79" + } + ], + "licenses": [ + { + "license": { + "name": "Some random license" + } + } + ], + "purl": "pkg:maven/com.example/myframework@1.0.0?packaging=war", + "modified": false, + "externalReferences": [ + { + "type": "website", + "url": "http://example.com/myframework" + }, + { + "type": "advisories", + "url": "http://example.com/security" + } + ] } ], "dependencies": [ { - "ref": "pkg:npm/acme/component@1.0.0", + "ref": "pkg:maven/com.acme/tomcat-catalina@9.0.14?packaging=jar", "dependsOn": [ - "pkg:npm/acme/component@1.0.0" + "pkg:maven/com.example/myapplication@1.0.0?packaging=war" ] } ] -} +} \ No newline at end of file diff --git a/tests/_data/schemaTestData/1.6/valid-bom-1.6.xml b/tests/_data/schemaTestData/1.6/valid-bom-1.6.xml index 6760b9da0..5f94ce13b 100644 --- a/tests/_data/schemaTestData/1.6/valid-bom-1.6.xml +++ b/tests/_data/schemaTestData/1.6/valid-bom-1.6.xml @@ -1,7 +1,7 @@ - 2020-04-07T07:01:00Z + 2020-04-13T20:20:39+00:00 Awesome Vendor @@ -46,7 +46,7 @@ - + Joane Doe et al. Acme Inc com.acme @@ -90,7 +90,7 @@ 7638417db6d59f3c431d3e1f261cc637155684cd https://location/to/7638417db6d59f3c431d3e1f261cc637155684cd - 2018-11-07T22:01:45Z + 2018-11-13T20:20:39+00:00 John Doe john.doe@example.com @@ -105,9 +105,9 @@ Commentary here - + - Example Inc. + Example, Inc. https://example.com https://example.net @@ -121,7 +121,7 @@ - Example-2, Inc.Example-2, Inc. + Example-2, Inc. https://example.org support@example.org @@ -195,4 +195,9 @@ + + + + + diff --git a/tests/_data/schemaTestData/1.6/valid-component-data-1.6.json b/tests/_data/schemaTestData/1.6/valid-component-data-1.6.json new file mode 100644 index 000000000..f78163f95 --- /dev/null +++ b/tests/_data/schemaTestData/1.6/valid-component-data-1.6.json @@ -0,0 +1,30 @@ +{ + "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", + "bomFormat": "CycloneDX", + "specVersion": "1.6", + "serialNumber": "urn:uuid:1b1bff0e-fdb9-4088-8b9a-1a9f2d9006da", + "version": 1, + "components": [ + { + "type": "data", + "name": "my-configs", + "version": "1337", + "data": [ + { + "type": "configuration", + "name": "app.ini", + "contents": { + "url": "https://example.com/cfg/1337/app.ini" + } + }, + { + "type": "other", + "name": ".env", + "contents": { + "url": "https://example.com/cfg/1337/env" + } + } + ] + } + ] +} diff --git a/tests/_data/schemaTestData/1.6/valid-component-data-1.6.xml b/tests/_data/schemaTestData/1.6/valid-component-data-1.6.xml new file mode 100644 index 000000000..fe89d8038 --- /dev/null +++ b/tests/_data/schemaTestData/1.6/valid-component-data-1.6.xml @@ -0,0 +1,24 @@ + + + + + my-configs + 1337 + + configuration + app.ini + + https://example.com/cfg/1337/app.ini + + + + other + .env + + https://example.com/cfg/1337/env + + + + + diff --git a/tests/_data/schemaTestData/1.6/valid-component-hashes-1.6.json b/tests/_data/schemaTestData/1.6/valid-component-hashes-1.6.json index fcb58a93e..91d15f58a 100644 --- a/tests/_data/schemaTestData/1.6/valid-component-hashes-1.6.json +++ b/tests/_data/schemaTestData/1.6/valid-component-hashes-1.6.json @@ -1,4 +1,5 @@ { + "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", diff --git a/tests/_data/schemaTestData/1.6/valid-component-identifiers-1.6.json b/tests/_data/schemaTestData/1.6/valid-component-identifiers-1.6.json index 37175a6ef..de0d2a094 100644 --- a/tests/_data/schemaTestData/1.6/valid-component-identifiers-1.6.json +++ b/tests/_data/schemaTestData/1.6/valid-component-identifiers-1.6.json @@ -1,4 +1,5 @@ { + "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", diff --git a/tests/_data/schemaTestData/1.6/valid-component-ref-1.6.json b/tests/_data/schemaTestData/1.6/valid-component-ref-1.6.json index 977fb1ebd..c31d31e5f 100644 --- a/tests/_data/schemaTestData/1.6/valid-component-ref-1.6.json +++ b/tests/_data/schemaTestData/1.6/valid-component-ref-1.6.json @@ -1,4 +1,5 @@ { + "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", @@ -8,11 +9,19 @@ "type": "library", "bom-ref": "123", "name": "acme-library", - "version": "1.0.0" + "version": "1.0.0", + "components" : [ + { + "type": "library", + "bom-ref": "456", + "name": "acme-library", + "version": "1.0.0" + } + ] }, { "type": "library", - "bom-ref": "456", + "bom-ref": "789", "name": "acme-library", "version": "1.0.0" } diff --git a/tests/_data/schemaTestData/1.6/valid-component-swid-1.6.json b/tests/_data/schemaTestData/1.6/valid-component-swid-1.6.json index 9b63b942d..bff17b97c 100644 --- a/tests/_data/schemaTestData/1.6/valid-component-swid-1.6.json +++ b/tests/_data/schemaTestData/1.6/valid-component-swid-1.6.json @@ -1,4 +1,5 @@ { + "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", diff --git a/tests/_data/schemaTestData/1.6/valid-component-swid-full-1.6.json b/tests/_data/schemaTestData/1.6/valid-component-swid-full-1.6.json index 576131ceb..e0e831154 100644 --- a/tests/_data/schemaTestData/1.6/valid-component-swid-full-1.6.json +++ b/tests/_data/schemaTestData/1.6/valid-component-swid-full-1.6.json @@ -1,4 +1,5 @@ { + "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", diff --git a/tests/_data/schemaTestData/1.6/valid-component-types-1.6.json b/tests/_data/schemaTestData/1.6/valid-component-types-1.6.json index 782e701bc..8b1abd7ee 100644 --- a/tests/_data/schemaTestData/1.6/valid-component-types-1.6.json +++ b/tests/_data/schemaTestData/1.6/valid-component-types-1.6.json @@ -1,4 +1,5 @@ { + "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", @@ -43,6 +44,11 @@ "type": "file", "name": "file-a", "version": "1.0" + }, + { + "type": "data", + "name": "data-a", + "version": "1.0" } ] } diff --git a/tests/_data/schemaTestData/1.6/valid-component-types-1.6.xml b/tests/_data/schemaTestData/1.6/valid-component-types-1.6.xml index b66c396ee..d8c70784d 100644 --- a/tests/_data/schemaTestData/1.6/valid-component-types-1.6.xml +++ b/tests/_data/schemaTestData/1.6/valid-component-types-1.6.xml @@ -33,5 +33,9 @@ file-a 1.0 + + data-a + 1.0 + diff --git a/tests/_data/schemaTestData/1.6/valid-compositions-1.6.json b/tests/_data/schemaTestData/1.6/valid-compositions-1.6.json index 9cdbfe987..8b8dcbf37 100644 --- a/tests/_data/schemaTestData/1.6/valid-compositions-1.6.json +++ b/tests/_data/schemaTestData/1.6/valid-compositions-1.6.json @@ -1,4 +1,5 @@ { + "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", diff --git a/tests/_data/schemaTestData/1.6/valid-compositions-1.6.xml b/tests/_data/schemaTestData/1.6/valid-compositions-1.6.xml index 5f8a76d01..f99ed8303 100644 --- a/tests/_data/schemaTestData/1.6/valid-compositions-1.6.xml +++ b/tests/_data/schemaTestData/1.6/valid-compositions-1.6.xml @@ -21,7 +21,7 @@ Acme Library - 2.0 + 3.0 pkg:maven/acme/library@3.0 @@ -49,9 +49,9 @@ incomplete_first_party_only - - - + + + diff --git a/tests/_data/schemaTestData/1.6/valid-cryptography-full-1.6.json b/tests/_data/schemaTestData/1.6/valid-cryptography-full-1.6.json index e25d4dd94..ac1344659 100644 --- a/tests/_data/schemaTestData/1.6/valid-cryptography-full-1.6.json +++ b/tests/_data/schemaTestData/1.6/valid-cryptography-full-1.6.json @@ -1,4 +1,5 @@ { + "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", diff --git a/tests/_data/schemaTestData/1.6/valid-cryptography-implementation-1.6.json b/tests/_data/schemaTestData/1.6/valid-cryptography-implementation-1.6.json index 3bff09452..a143b9b33 100644 --- a/tests/_data/schemaTestData/1.6/valid-cryptography-implementation-1.6.json +++ b/tests/_data/schemaTestData/1.6/valid-cryptography-implementation-1.6.json @@ -1,4 +1,5 @@ { + "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", diff --git a/tests/_data/schemaTestData/1.6/valid-cryptography-implementation-1.6.xml b/tests/_data/schemaTestData/1.6/valid-cryptography-implementation-1.6.xml index d9c97fee5..e86ae5940 100644 --- a/tests/_data/schemaTestData/1.6/valid-cryptography-implementation-1.6.xml +++ b/tests/_data/schemaTestData/1.6/valid-cryptography-implementation-1.6.xml @@ -31,11 +31,11 @@ - Crypto Library + Crypto library 1.0.0 - Some Library + Some library 1.0.0 diff --git a/tests/_data/schemaTestData/1.6/valid-dependency-1.6.json b/tests/_data/schemaTestData/1.6/valid-dependency-1.6.json index 3d2465475..1e87f38ef 100644 --- a/tests/_data/schemaTestData/1.6/valid-dependency-1.6.json +++ b/tests/_data/schemaTestData/1.6/valid-dependency-1.6.json @@ -1,4 +1,5 @@ { + "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", diff --git a/tests/_data/schemaTestData/1.6/valid-dependency-1.6.xml b/tests/_data/schemaTestData/1.6/valid-dependency-1.6.xml index 903670cf0..7fab83476 100644 --- a/tests/_data/schemaTestData/1.6/valid-dependency-1.6.xml +++ b/tests/_data/schemaTestData/1.6/valid-dependency-1.6.xml @@ -2,15 +2,15 @@ - acme-library-a + library-a 1.0.0 - acme-library-b + library-b 1.0.0 - acme-library-b + library-c 1.0.0 diff --git a/tests/_data/schemaTestData/1.6/valid-empty-components-1.6.json b/tests/_data/schemaTestData/1.6/valid-empty-components-1.6.json index 572b398ce..a634de3f6 100644 --- a/tests/_data/schemaTestData/1.6/valid-empty-components-1.6.json +++ b/tests/_data/schemaTestData/1.6/valid-empty-components-1.6.json @@ -1,4 +1,5 @@ { + "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", diff --git a/tests/_data/schemaTestData/1.6/valid-evidence-1.6.json b/tests/_data/schemaTestData/1.6/valid-evidence-1.6.json index b80656bb8..9bb4ebc3a 100644 --- a/tests/_data/schemaTestData/1.6/valid-evidence-1.6.json +++ b/tests/_data/schemaTestData/1.6/valid-evidence-1.6.json @@ -1,4 +1,5 @@ { + "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", diff --git a/tests/_data/schemaTestData/1.6/valid-external-reference-1.6.json b/tests/_data/schemaTestData/1.6/valid-external-reference-1.6.json index e3913d843..f5e245612 100644 --- a/tests/_data/schemaTestData/1.6/valid-external-reference-1.6.json +++ b/tests/_data/schemaTestData/1.6/valid-external-reference-1.6.json @@ -1,4 +1,5 @@ { + "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", @@ -33,6 +34,185 @@ "comment": "Vendor provided documentation for the product" } ] + }, + { + "type": "application", + "name": "dummy", + "description": "this component has all external reference types possible", + "externalReferences": [ + { + "type": "vcs", + "url": "http://example.com/extref/vcs" + }, + { + "type": "issue-tracker", + "url": "http://example.com/extref/issue-tracker" + }, + { + "type": "website", + "url": "http://example.com/extref/website" + }, + { + "type": "advisories", + "url": "http://example.com/extref/advisories" + }, + { + "type": "bom", + "url": "http://example.com/extref/bom" + }, + { + "type": "mailing-list", + "url": "http://example.com/extref/mailing-list" + }, + { + "type": "social", + "url": "http://example.com/extref/social" + }, + { + "type": "chat", + "url": "http://example.com/extref/chat" + }, + { + "type": "documentation", + "url": "http://example.com/extref/documentation" + }, + { + "type": "support", + "url": "http://example.com/extref/support" + }, + { + "type": "source-distribution", + "url": "http://example.com/extref/source-distribution" + }, + { + "type": "distribution", + "url": "http://example.com/extref/distribution" + }, + { + "type": "distribution-intake", + "url": "http://example.com/extref/distribution-intake" + }, + { + "type": "license", + "url": "http://example.com/extref/license" + }, + { + "type": "build-meta", + "url": "http://example.com/extref/build-meta" + }, + { + "type": "build-system", + "url": "http://example.com/extref/build-system" + }, + { + "type": "release-notes", + "url": "http://example.com/extref/release-notes" + }, + { + "type": "security-contact", + "url": "http://example.com/extref/security-contact" + }, + { + "type": "model-card", + "url": "http://example.com/extref/model-card" + }, + { + "type": "log", + "url": "http://example.com/extref/log" + }, + { + "type": "configuration", + "url": "http://example.com/extref/configuration" + }, + { + "type": "evidence", + "url": "http://example.com/extref/evidence" + }, + { + "type": "formulation", + "url": "http://example.com/extref/formulation" + }, + { + "type": "attestation", + "url": "http://example.com/extref/attestation" + }, + { + "type": "threat-model", + "url": "http://example.com/extref/threat-model" + }, + { + "type": "adversary-model", + "url": "http://example.com/extref/adversary-model" + }, + { + "type": "risk-assessment", + "url": "http://example.com/extref/risk-assessment" + }, + { + "type": "vulnerability-assertion", + "url": "http://example.com/extref/vulnerability-assertion" + }, + { + "type": "exploitability-statement", + "url": "http://example.com/extref/exploitability-statement" + }, + { + "type": "pentest-report", + "url": "http://example.com/extref/pentest-report" + }, + { + "type": "static-analysis-report", + "url": "http://example.com/extref/static-analysis-report" + }, + { + "type": "dynamic-analysis-report", + "url": "http://example.com/extref/dynamic-analysis-report" + }, + { + "type": "runtime-analysis-report", + "url": "http://example.com/extref/runtime-analysis-report" + }, + { + "type": "component-analysis-report", + "url": "http://example.com/extref/component-analysis-report" + }, + { + "type": "maturity-report", + "url": "http://example.com/extref/maturity-report" + }, + { + "type": "certification-report", + "url": "http://example.com/extref/certification-report" + }, + { + "type": "quality-metrics", + "url": "http://example.com/extref/quality-metrics" + }, + { + "type": "codified-infrastructure", + "url": "http://example.com/extref/codified-infrastructure" + }, + { + "type": "poam", + "url": "http://example.com/extref/poam" + }, + { + "type": "electronic-signature", + "url": "http://example.com/extref/electronic-signature" + }, + { + "type": "digital-signature", + "url": "http://example.com/extref/digital-signature" + }, + { + "type": "rfc-9116", + "url": "http://example.com/extref/rfc-9116" + }, + { + "type": "other", + "url": "http://example.com/extref/other" + } + ] } ] } diff --git a/tests/_data/schemaTestData/1.6/valid-external-reference-1.6.xml b/tests/_data/schemaTestData/1.6/valid-external-reference-1.6.xml index 21810f3c6..95cffa0d2 100644 --- a/tests/_data/schemaTestData/1.6/valid-external-reference-1.6.xml +++ b/tests/_data/schemaTestData/1.6/valid-external-reference-1.6.xml @@ -2,6 +2,7 @@ + Acme Inc org.example mylibrary 1.0.0 @@ -14,7 +15,7 @@ https://example.org/support/sbom/portal-server/1.0.0 An external SBOM that describes what this component includes - f498a8ff2dd007e29c2074f5e4b01a9a01775c3ff3aeaf6906ea503bc5791b7b + 708f1f53b41f11f02d12a11b1a38d2905d47b099afc71a0f1124ef8582ec7313 @@ -23,5 +24,54 @@ + + dummy + this component has all external reference types possible + + http://example.com/extref/vcs + http://example.com/extref/issue-tracker + http://example.com/extref/website + http://example.com/extref/advisories + http://example.com/extref/bom + http://example.com/extref/mailing-list + http://example.com/extref/social + http://example.com/extref/chat + http://example.com/extref/documentation + http://example.com/extref/support + http://example.com/extref/source-distribution + http://example.com/extref/distribution + http://example.com/extref/distribution-intake + http://example.com/extref/license + http://example.com/extref/build-meta + http://example.com/extref/build-system + http://example.com/extref/release-notes + http://example.com/extref/security-contact + http://example.com/extref/model-card + http://example.com/extref/log + http://example.com/extref/configuration + http://example.com/extref/evidence + http://example.com/extref/formulation + http://example.com/extref/attestation + http://example.com/extref/threat-model + http://example.com/extref/adversary-model + http://example.com/extref/risk-assessment + http://example.com/extref/vulnerability-assertion + http://example.com/extref/exploitability-statement + http://example.com/extref/pentest-report + http://example.com/extref/static-analysis-report + http://example.com/extref/dynamic-analysis-report + http://example.com/extref/runtime-analysis-report + http://example.com/extref/component-analysis-report + http://example.com/extref/maturity-report + http://example.com/extref/certification-report + http://example.com/extref/quality-metrics + http://example.com/extref/codified-infrastructure + http://example.com/extref/poam + http://example.com/extref/electronic-signature + http://example.com/extref/digital-signature + http://example.com/extref/rfc-9116 + http://example.com/extref/other + + diff --git a/tests/_data/schemaTestData/1.6/valid-formulation-1.6.json b/tests/_data/schemaTestData/1.6/valid-formulation-1.6.json index 9169d9ca0..ce49ece6d 100644 --- a/tests/_data/schemaTestData/1.6/valid-formulation-1.6.json +++ b/tests/_data/schemaTestData/1.6/valid-formulation-1.6.json @@ -1,4 +1,5 @@ { + "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", @@ -245,10 +246,10 @@ } ], "timeStart": "2023-01-01T00:00:00+00:00", - "timeEnd": "2023-01-01T00:00:00+10:00", + "timeEnd": "2023-01-01T00:00:10+00:00", "workspaces": [ { - "bom-ref": "workspace-1", + "bom-ref": "workspace-2", "uid": "workspace-1", "name": "My workspace", "aliases": [ "default-workspace" ], diff --git a/tests/_data/schemaTestData/1.6/valid-formulation-1.6.xml b/tests/_data/schemaTestData/1.6/valid-formulation-1.6.xml index 7f500a337..384418253 100644 --- a/tests/_data/schemaTestData/1.6/valid-formulation-1.6.xml +++ b/tests/_data/schemaTestData/1.6/valid-formulation-1.6.xml @@ -72,8 +72,8 @@ - - + + @@ -84,11 +84,11 @@ - clean + clone build - trigger-uid-1 + trigger-uid-2 My trigger Description here @@ -101,7 +101,7 @@ event-1 Description here 2023-01-01T00:00:00+00:00 - FooBar + Foo/Bar component-g @@ -207,7 +207,7 @@ 2023-01-01T00:00:00+00:00 - 2023-01-01T00:00:00+00:00 + 2023-01-01T00:00:10+00:00 workspace-1 diff --git a/tests/_data/schemaTestData/1.6/valid-license-expression-1.6.json b/tests/_data/schemaTestData/1.6/valid-license-expression-1.6.json index 057ad915f..dd4f6b99a 100644 --- a/tests/_data/schemaTestData/1.6/valid-license-expression-1.6.json +++ b/tests/_data/schemaTestData/1.6/valid-license-expression-1.6.json @@ -1,22 +1,44 @@ { + "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", "version": 1, "components": [ { - "type": "library", + "type": "application", "publisher": "Acme Inc", "group": "com.acme", "name": "tomcat-catalina", "version": "9.0.14", + "description": "Modified version of Apache Catalina", + "scope": "required", + "hashes": [ + { + "alg": "MD5", + "content": "3942447fac867ae5cdb3229b658f4d48" + }, + { + "alg": "SHA-1", + "content": "e6b1000b94e835ffd37f4c6dcbdad43f4b48a02a" + }, + { + "alg": "SHA-256", + "content": "f498a8ff2dd007e29c2074f5e4b01a9a01775c3ff3aeaf6906ea503bc5791b7b" + }, + { + "alg": "SHA-512", + "content": "e8f33e424f3f4ed6db76a482fde1a5298970e442c531729119e37991884bdffab4f9426b7ee11fccd074eeda0634d71697d6f88a460dce0ac8d627a29f7d1282" + } + ], "licenses": [ { "expression": "EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0", "acknowledgement": "declared", "bom-ref": "my-license" } - ] + ], + "purl": "pkg:maven/com.acme/tomcat-catalina@9.0.14?packaging=jar" } ] } diff --git a/tests/_data/schemaTestData/1.6/valid-license-expression-1.6.xml b/tests/_data/schemaTestData/1.6/valid-license-expression-1.6.xml index 4eb0a6f73..77035ad79 100644 --- a/tests/_data/schemaTestData/1.6/valid-license-expression-1.6.xml +++ b/tests/_data/schemaTestData/1.6/valid-license-expression-1.6.xml @@ -15,9 +15,7 @@ e8f33e424f3f4ed6db76a482fde1a5298970e442c531729119e37991884bdffab4f9426b7ee11fccd074eeda0634d71697d6f88a460dce0ac8d627a29f7d1282 - - EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0 - + EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0 pkg:maven/com.acme/tomcat-catalina@9.0.14?packaging=jar diff --git a/tests/_data/schemaTestData/1.6/valid-license-id-1.6.json b/tests/_data/schemaTestData/1.6/valid-license-id-1.6.json index 07ec492d7..f66e2dfcf 100644 --- a/tests/_data/schemaTestData/1.6/valid-license-id-1.6.json +++ b/tests/_data/schemaTestData/1.6/valid-license-id-1.6.json @@ -1,15 +1,36 @@ { + "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", "version": 1, "components": [ { - "type": "library", + "type": "application", "publisher": "Acme Inc", "group": "com.acme", "name": "tomcat-catalina", "version": "9.0.14", + "description": "Modified version of Apache Catalina", + "scope": "required", + "hashes": [ + { + "alg": "MD5", + "content": "3942447fac867ae5cdb3229b658f4d48" + }, + { + "alg": "SHA-1", + "content": "e6b1000b94e835ffd37f4c6dcbdad43f4b48a02a" + }, + { + "alg": "SHA-256", + "content": "f498a8ff2dd007e29c2074f5e4b01a9a01775c3ff3aeaf6906ea503bc5791b7b" + }, + { + "alg": "SHA-512", + "content": "e8f33e424f3f4ed6db76a482fde1a5298970e442c531729119e37991884bdffab4f9426b7ee11fccd074eeda0634d71697d6f88a460dce0ac8d627a29f7d1282" + } + ], "licenses": [ { "license": { @@ -18,7 +39,8 @@ "bom-ref": "my-license" } } - ] + ], + "purl": "pkg:maven/com.acme/tomcat-catalina@9.0.14?packaging=jar" } ] } diff --git a/tests/_data/schemaTestData/1.6/valid-license-licensing-1.6.json b/tests/_data/schemaTestData/1.6/valid-license-licensing-1.6.json index f3a8d3ade..613e38a02 100644 --- a/tests/_data/schemaTestData/1.6/valid-license-licensing-1.6.json +++ b/tests/_data/schemaTestData/1.6/valid-license-licensing-1.6.json @@ -1,4 +1,5 @@ { + "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", diff --git a/tests/_data/schemaTestData/1.6/valid-license-name-1.6.json b/tests/_data/schemaTestData/1.6/valid-license-name-1.6.json index dab017196..1afc8250b 100644 --- a/tests/_data/schemaTestData/1.6/valid-license-name-1.6.json +++ b/tests/_data/schemaTestData/1.6/valid-license-name-1.6.json @@ -1,15 +1,36 @@ { + "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", "version": 1, "components": [ { - "type": "library", + "type": "application", "publisher": "Acme Inc", "group": "com.acme", "name": "tomcat-catalina", "version": "9.0.14", + "description": "Modified version of Apache Catalina", + "scope": "required", + "hashes": [ + { + "alg": "MD5", + "content": "3942447fac867ae5cdb3229b658f4d48" + }, + { + "alg": "SHA-1", + "content": "e6b1000b94e835ffd37f4c6dcbdad43f4b48a02a" + }, + { + "alg": "SHA-256", + "content": "f498a8ff2dd007e29c2074f5e4b01a9a01775c3ff3aeaf6906ea503bc5791b7b" + }, + { + "alg": "SHA-512", + "content": "e8f33e424f3f4ed6db76a482fde1a5298970e442c531729119e37991884bdffab4f9426b7ee11fccd074eeda0634d71697d6f88a460dce0ac8d627a29f7d1282" + } + ], "licenses": [ { "license": { @@ -17,7 +38,8 @@ "bom-ref": "my-license" } } - ] + ], + "purl": "pkg:maven/com.acme/tomcat-catalina@9.0.14?packaging=jar" } ] } diff --git a/tests/_data/schemaTestData/1.6/valid-machine-learning-1.6.json b/tests/_data/schemaTestData/1.6/valid-machine-learning-1.6.json index 0aeef9be5..dbd0ea7b6 100644 --- a/tests/_data/schemaTestData/1.6/valid-machine-learning-1.6.json +++ b/tests/_data/schemaTestData/1.6/valid-machine-learning-1.6.json @@ -1,4 +1,5 @@ { + "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", @@ -7,6 +8,7 @@ { "bom-ref": "component-a", "type": "machine-learning-model", + "publisher": "Acme Inc", "group": "CompVis", "name": "stable-diffusion", "version": "1.4", @@ -89,4 +91,4 @@ } } ] -} \ No newline at end of file +} diff --git a/tests/_data/schemaTestData/1.6/valid-machine-learning-1.6.xml b/tests/_data/schemaTestData/1.6/valid-machine-learning-1.6.xml index aff626821..6013b1c3d 100644 --- a/tests/_data/schemaTestData/1.6/valid-machine-learning-1.6.xml +++ b/tests/_data/schemaTestData/1.6/valid-machine-learning-1.6.xml @@ -32,7 +32,7 @@ - string + byte[] @@ -66,7 +66,7 @@ Who are the intended users of the model? - What are the known technical limitations of the model? + What are the known technical limitations of the model? E.g. What kind(s) of data should the model be expected not to perform well on? What are the factors that might degrade model performance? What are the known tradeoffs in accuracy/performance of the model? diff --git a/tests/_data/schemaTestData/1.6/valid-machine-learning-considerations-env-1.6.json b/tests/_data/schemaTestData/1.6/valid-machine-learning-considerations-env-1.6.json index a7a0dbf55..07637f754 100644 --- a/tests/_data/schemaTestData/1.6/valid-machine-learning-considerations-env-1.6.json +++ b/tests/_data/schemaTestData/1.6/valid-machine-learning-considerations-env-1.6.json @@ -1,4 +1,5 @@ { + "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:ed5c5ba0-2be6-4b58-ac29-01a7fd375123", diff --git a/tests/_data/schemaTestData/1.6/valid-machine-learning-considerations-env-1.6.xml b/tests/_data/schemaTestData/1.6/valid-machine-learning-considerations-env-1.6.xml index 2b4938c19..d4c54bc45 100644 --- a/tests/_data/schemaTestData/1.6/valid-machine-learning-considerations-env-1.6.xml +++ b/tests/_data/schemaTestData/1.6/valid-machine-learning-considerations-env-1.6.xml @@ -7,7 +7,7 @@ meta meta-llama - llama-2-7b + Llama-2-7b https://huggingface.co/meta-llama/Llama-2-7b diff --git a/tests/_data/schemaTestData/1.6/valid-metadata-author-1.6.json b/tests/_data/schemaTestData/1.6/valid-metadata-author-1.6.json index c63b7065c..196c0eca6 100644 --- a/tests/_data/schemaTestData/1.6/valid-metadata-author-1.6.json +++ b/tests/_data/schemaTestData/1.6/valid-metadata-author-1.6.json @@ -1,4 +1,5 @@ { + "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", diff --git a/tests/_data/schemaTestData/1.6/valid-metadata-license-1.6.json b/tests/_data/schemaTestData/1.6/valid-metadata-license-1.6.json index 3ee6eebfe..4861f5ab9 100644 --- a/tests/_data/schemaTestData/1.6/valid-metadata-license-1.6.json +++ b/tests/_data/schemaTestData/1.6/valid-metadata-license-1.6.json @@ -1,4 +1,5 @@ { + "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", diff --git a/tests/_data/schemaTestData/1.6/valid-metadata-lifecycle-1.6.json b/tests/_data/schemaTestData/1.6/valid-metadata-lifecycle-1.6.json index fb39301ac..275ba3dae 100644 --- a/tests/_data/schemaTestData/1.6/valid-metadata-lifecycle-1.6.json +++ b/tests/_data/schemaTestData/1.6/valid-metadata-lifecycle-1.6.json @@ -1,4 +1,5 @@ { + "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", diff --git a/tests/_data/schemaTestData/1.6/valid-metadata-manufacture-1.6.json b/tests/_data/schemaTestData/1.6/valid-metadata-manufacture-1.6.json index bee885618..2c9b204a9 100644 --- a/tests/_data/schemaTestData/1.6/valid-metadata-manufacture-1.6.json +++ b/tests/_data/schemaTestData/1.6/valid-metadata-manufacture-1.6.json @@ -1,4 +1,5 @@ { + "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", diff --git a/tests/_data/schemaTestData/1.6/valid-metadata-manufacturer-1.6.json b/tests/_data/schemaTestData/1.6/valid-metadata-manufacturer-1.6.json index 7fc82b90e..0b373b3be 100644 --- a/tests/_data/schemaTestData/1.6/valid-metadata-manufacturer-1.6.json +++ b/tests/_data/schemaTestData/1.6/valid-metadata-manufacturer-1.6.json @@ -1,4 +1,5 @@ { + "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", diff --git a/tests/_data/schemaTestData/1.6/valid-metadata-supplier-1.6.json b/tests/_data/schemaTestData/1.6/valid-metadata-supplier-1.6.json index 42f981100..e212c7a12 100644 --- a/tests/_data/schemaTestData/1.6/valid-metadata-supplier-1.6.json +++ b/tests/_data/schemaTestData/1.6/valid-metadata-supplier-1.6.json @@ -1,4 +1,5 @@ { + "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", diff --git a/tests/_data/schemaTestData/1.6/valid-metadata-timestamp-1.6.json b/tests/_data/schemaTestData/1.6/valid-metadata-timestamp-1.6.json index 902002110..90c8f4ced 100644 --- a/tests/_data/schemaTestData/1.6/valid-metadata-timestamp-1.6.json +++ b/tests/_data/schemaTestData/1.6/valid-metadata-timestamp-1.6.json @@ -1,4 +1,5 @@ { + "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", diff --git a/tests/_data/schemaTestData/1.6/valid-metadata-timestamp-1.6.xml b/tests/_data/schemaTestData/1.6/valid-metadata-timestamp-1.6.xml index 1136bc466..ed8322eb0 100644 --- a/tests/_data/schemaTestData/1.6/valid-metadata-timestamp-1.6.xml +++ b/tests/_data/schemaTestData/1.6/valid-metadata-timestamp-1.6.xml @@ -1,7 +1,7 @@ - 2020-04-07T07:01:00Z + 2020-04-13T20:20:39Z diff --git a/tests/_data/schemaTestData/1.6/valid-metadata-tool-1.6.json b/tests/_data/schemaTestData/1.6/valid-metadata-tool-1.6.json index 42f18480c..9c7b8b586 100644 --- a/tests/_data/schemaTestData/1.6/valid-metadata-tool-1.6.json +++ b/tests/_data/schemaTestData/1.6/valid-metadata-tool-1.6.json @@ -1,4 +1,5 @@ { + "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", diff --git a/tests/_data/schemaTestData/1.6/valid-metadata-tool-deprecated-1.6.json b/tests/_data/schemaTestData/1.6/valid-metadata-tool-deprecated-1.6.json index 47c16bd97..485bdd11c 100644 --- a/tests/_data/schemaTestData/1.6/valid-metadata-tool-deprecated-1.6.json +++ b/tests/_data/schemaTestData/1.6/valid-metadata-tool-deprecated-1.6.json @@ -1,4 +1,5 @@ { + "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", diff --git a/tests/_data/schemaTestData/1.6/valid-minimal-viable-1.6.json b/tests/_data/schemaTestData/1.6/valid-minimal-viable-1.6.json index 14bdababb..0ee56744f 100644 --- a/tests/_data/schemaTestData/1.6/valid-minimal-viable-1.6.json +++ b/tests/_data/schemaTestData/1.6/valid-minimal-viable-1.6.json @@ -1,4 +1,5 @@ { + "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", diff --git a/tests/_data/schemaTestData/1.6/valid-patch-1.6.json b/tests/_data/schemaTestData/1.6/valid-patch-1.6.json index 56f3dec46..2bb68e50b 100644 --- a/tests/_data/schemaTestData/1.6/valid-patch-1.6.json +++ b/tests/_data/schemaTestData/1.6/valid-patch-1.6.json @@ -1,4 +1,5 @@ { + "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", diff --git a/tests/_data/schemaTestData/1.6/valid-properties-1.6.json b/tests/_data/schemaTestData/1.6/valid-properties-1.6.json index 68c47f86f..ad62c6f98 100644 --- a/tests/_data/schemaTestData/1.6/valid-properties-1.6.json +++ b/tests/_data/schemaTestData/1.6/valid-properties-1.6.json @@ -1,4 +1,5 @@ { + "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", diff --git a/tests/_data/schemaTestData/1.6/valid-release-notes-1.6.json b/tests/_data/schemaTestData/1.6/valid-release-notes-1.6.json index 759a710e2..0be9e48a5 100644 --- a/tests/_data/schemaTestData/1.6/valid-release-notes-1.6.json +++ b/tests/_data/schemaTestData/1.6/valid-release-notes-1.6.json @@ -1,4 +1,5 @@ { + "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", @@ -8,6 +9,12 @@ "type": "library", "name": "acme-example", "version": "1.0.0", + "externalReferences": [ + { + "type": "release-notes", + "url": "https://example.com/releases/1.0.0" + } + ], "releaseNotes": { "type": "major", "title": "My new release", @@ -37,7 +44,7 @@ "type": "security", "id": "CVE-2019-9997", "name": "CVE-2019-9997", - "description": "Great new feature that does something", + "description": "A security issue was fixed that did something bad", "source": { "name": "NVD", "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-9997" @@ -105,7 +112,7 @@ "flow": "outbound" }, { - "classification": "pubic", + "classification": "public", "flow": "bi-directional" }, { @@ -159,7 +166,7 @@ "type": "security", "id": "CVE-2019-9997", "name": "CVE-2019-9997", - "description": "Great new feature that does something", + "description": "A security issue was fixed that did something bad", "source": { "name": "NVD", "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-9997" diff --git a/tests/_data/schemaTestData/1.6/valid-release-notes-1.6.xml b/tests/_data/schemaTestData/1.6/valid-release-notes-1.6.xml index f7ce16b08..15caa3557 100644 --- a/tests/_data/schemaTestData/1.6/valid-release-notes-1.6.xml +++ b/tests/_data/schemaTestData/1.6/valid-release-notes-1.6.xml @@ -4,6 +4,11 @@ acme-example 1.0.0 + + + https://example.com/releases/1.0.0 + + major My new release @@ -62,7 +67,7 @@ https://partner.org Support - support@partner + support@partner.org 800-555-1212 @@ -79,7 +84,7 @@ PII PIFI - pubic + public partner-data diff --git a/tests/_data/schemaTestData/1.6/valid-saasbom-1.6.json b/tests/_data/schemaTestData/1.6/valid-saasbom-1.6.json index 20709de8d..0aa16dd0d 100644 --- a/tests/_data/schemaTestData/1.6/valid-saasbom-1.6.json +++ b/tests/_data/schemaTestData/1.6/valid-saasbom-1.6.json @@ -1,4 +1,5 @@ { + "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", @@ -263,7 +264,7 @@ { "name": "MS-3 to S3", "description": "Data pushed from microservice-3 to S3 bucket", - "classification": "Public", + "classification": "PII", "flow": "inbound", "source": [ "urn:cdx:3e671687-395b-41f5-a30f-a58921a69b79/1#ms-3.example.com" @@ -300,4 +301,4 @@ "dependsOn": [ "s3-example.amazon.com" ] } ] -} \ No newline at end of file +} diff --git a/tests/_data/schemaTestData/1.6/valid-saasbom-1.6.xml b/tests/_data/schemaTestData/1.6/valid-saasbom-1.6.xml index e18c7b377..433cf3d92 100644 --- a/tests/_data/schemaTestData/1.6/valid-saasbom-1.6.xml +++ b/tests/_data/schemaTestData/1.6/valid-saasbom-1.6.xml @@ -14,7 +14,8 @@ https://example.com com.example - Stock ticker Service + Stock Ticker Service + 2022-1 https://example.com/ https://example.com/app @@ -24,15 +25,6 @@ Customer - - - - - Customer Name - - - - https://0.0.0.0 @@ -81,6 +73,8 @@ com.example Microservice 1 + 2022-1 + Example Microservice https://ms-1.example.com @@ -89,6 +83,15 @@ PII + + + + + Customer Name + + + + urn:cdx:3e671687-395b-41f5-a30f-a58921a69b79/1#stock-ticker-service @@ -119,6 +122,8 @@ com.example Microservice 2 + 2022-1 + Example Microservice https://ms-2.example.com @@ -126,7 +131,7 @@ Acme Private Zone - PII + PIFI urn:cdx:3e671687-395b-41f5-a30f-a58921a69b79/1#stock-ticker-service @@ -148,6 +153,8 @@ com.example Microservice 3 + 2022-1 + Example Microservice https://ms-3.example.com @@ -155,7 +162,7 @@ Acme Private Zone - PII + Public urn:cdx:3e671687-395b-41f5-a30f-a58921a69b79/1#stock-ticker-service @@ -209,7 +216,7 @@ Public Internet - Public + PII urn:cdx:3e671687-395b-41f5-a30f-a58921a69b79/1#ms-3.example.com diff --git a/tests/_data/schemaTestData/1.6/valid-service-1.6.json b/tests/_data/schemaTestData/1.6/valid-service-1.6.json index e48157b70..f5dc557d4 100644 --- a/tests/_data/schemaTestData/1.6/valid-service-1.6.json +++ b/tests/_data/schemaTestData/1.6/valid-service-1.6.json @@ -1,4 +1,5 @@ { + "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", @@ -63,7 +64,7 @@ "flow": "outbound" }, { - "classification": "pubic", + "classification": "public", "flow": "bi-directional" }, { diff --git a/tests/_data/schemaTestData/1.6/valid-service-1.6.xml b/tests/_data/schemaTestData/1.6/valid-service-1.6.xml index 26ec84630..643effaed 100644 --- a/tests/_data/schemaTestData/1.6/valid-service-1.6.xml +++ b/tests/_data/schemaTestData/1.6/valid-service-1.6.xml @@ -2,6 +2,7 @@ + Acme Inc com.acme stock-java-client 1.0.12 @@ -23,7 +24,7 @@ https://partner.org Support - support@partner + support@partner.org 800-555-1212 @@ -40,7 +41,7 @@ PII PIFI - pubic + public partner-data diff --git a/tests/_data/schemaTestData/1.6/valid-service-empty-objects-1.6.json b/tests/_data/schemaTestData/1.6/valid-service-empty-objects-1.6.json index d77ba2dcb..7338836de 100644 --- a/tests/_data/schemaTestData/1.6/valid-service-empty-objects-1.6.json +++ b/tests/_data/schemaTestData/1.6/valid-service-empty-objects-1.6.json @@ -1,4 +1,5 @@ { + "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", diff --git a/tests/_data/schemaTestData/1.6/valid-signatures-1.6.json b/tests/_data/schemaTestData/1.6/valid-signatures-1.6.json index b5630f6da..5542c90ef 100644 --- a/tests/_data/schemaTestData/1.6/valid-signatures-1.6.json +++ b/tests/_data/schemaTestData/1.6/valid-signatures-1.6.json @@ -1,4 +1,5 @@ { + "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", diff --git a/tests/_data/schemaTestData/1.6/valid-standard-1.6.json b/tests/_data/schemaTestData/1.6/valid-standard-1.6.json index ad6b4bab5..3150227b6 100644 --- a/tests/_data/schemaTestData/1.6/valid-standard-1.6.json +++ b/tests/_data/schemaTestData/1.6/valid-standard-1.6.json @@ -1,4 +1,5 @@ { + "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", @@ -21,6 +22,11 @@ "bom-ref": "requirement-1.1", "identifier": "v1.1", "title": "Title here", + "text": "Text here", + "descriptions": [ + "Requirement is described here", + "and here" + ], "parent": "requirement-1" }, { @@ -70,4 +76,4 @@ } ] } -} \ No newline at end of file +} diff --git a/tests/_data/schemaTestData/1.6/valid-standard-1.6.xml b/tests/_data/schemaTestData/1.6/valid-standard-1.6.xml index 7a36430ad..cdf5c037e 100644 --- a/tests/_data/schemaTestData/1.6/valid-standard-1.6.xml +++ b/tests/_data/schemaTestData/1.6/valid-standard-1.6.xml @@ -15,6 +15,11 @@ v1.1 Title here + Text here + + Requirement is described here + and here + requirement-1 diff --git a/tests/_data/schemaTestData/1.6/valid-tags-1.6.json b/tests/_data/schemaTestData/1.6/valid-tags-1.6.json index 0a4b286cb..1052997b9 100644 --- a/tests/_data/schemaTestData/1.6/valid-tags-1.6.json +++ b/tests/_data/schemaTestData/1.6/valid-tags-1.6.json @@ -1,4 +1,5 @@ { + "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", diff --git a/tests/_data/schemaTestData/1.6/valid-vulnerability-1.6.json b/tests/_data/schemaTestData/1.6/valid-vulnerability-1.6.json index c0f77d363..52bb70f13 100644 --- a/tests/_data/schemaTestData/1.6/valid-vulnerability-1.6.json +++ b/tests/_data/schemaTestData/1.6/valid-vulnerability-1.6.json @@ -1,4 +1,5 @@ { + "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", diff --git a/tests/_data/schemaTestData/1.6/valid-vulnerability-1.6.xml b/tests/_data/schemaTestData/1.6/valid-vulnerability-1.6.xml index 115b91d50..33a5412f1 100644 --- a/tests/_data/schemaTestData/1.6/valid-vulnerability-1.6.xml +++ b/tests/_data/schemaTestData/1.6/valid-vulnerability-1.6.xml @@ -23,13 +23,6 @@ https://nvd.nist.gov/vuln/detail/CVE-2019-9997 - - CVE-2018-7489 - - NVD - https://nvd.nist.gov/vuln/detail/CVE-2019-9997 - - @@ -40,7 +33,7 @@ 9.8 critical CVSSv3 - AN/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H + AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H An optional reason for rating the vulnerability as it was @@ -101,7 +94,7 @@ - Acme Inf + Acme Inc Acme BOM Analyzer