Skip to content
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
6 changes: 5 additions & 1 deletion schema/bom-1.6.proto
Original file line number Diff line number Diff line change
Expand Up @@ -141,6 +141,8 @@ message Component {
optional ComponentData data = 26;
// Cryptographic assets have properties that uniquely define them and that make them actionable for further reasoning. As an example, it makes a difference if one knows the algorithm family (e.g. AES) or the specific variant or instantiation (e.g. AES-128-GCM). This is because the security level and the algorithm primitive (authenticated encryption) is only defined by the definition of the algorithm variant. The presence of a weak cryptographic algorithm like SHA1 vs. HMAC-SHA1 also makes a difference.
optional CryptoProperties cryptoProperties = 27;
// Textual strings that aid in discovery, search, and retrieval of the associated object. Tags often serve as a way to group or categorize similar or related objects by various attributes. Examples include "json-parser", "object-persistence", "text-to-image", "translation", and "object-detection".
repeated string tags = 28;
}

// Specifies the data flow.
Expand Down Expand Up @@ -583,6 +585,8 @@ message Service {
optional ReleaseNotes releaseNotes = 15;
// The name of the trust zone the service resides in.
optional string trustZone = 16;
// Textual strings that aid in discovery, search, and retrieval of the associated object. Tags often serve as a way to group or categorize similar or related objects by various attributes. Examples include "json-parser", "object-persistence", "text-to-image", "translation", and "object-detection".
repeated string tags = 17;
}

message Swid {
Expand Down Expand Up @@ -778,7 +782,7 @@ message ReleaseNotes {
optional google.protobuf.Timestamp timestamp = 6;
// Optional alternate names the release may be referred to. This may include unofficial terms used by development and marketing teams (e.g. code names).
repeated string aliases = 7;
// Optional tags that may aid in search or retrieval of the release note.
// Textual strings that aid in discovery, search, and retrieval of the associated object. Tags often serve as a way to group or categorize similar or related objects by various attributes. Examples include "json-parser", "object-persistence", "text-to-image", "translation", and "object-detection".
repeated string tags = 8;
// A collection of issues that have been resolved.
repeated Issue resolves = 9;
Expand Down
31 changes: 25 additions & 6 deletions schema/bom-1.6.schema.json
Original file line number Diff line number Diff line change
Expand Up @@ -1041,6 +1041,10 @@
"description": "Provides the ability to document properties in a name-value store. This provides flexibility to include data not officially supported in the standard without having to use additional namespaces or create extensions. Unlike key-value stores, properties support duplicate names, each potentially having different values. Property names of interest to the general public are encouraged to be registered in the [CycloneDX Property Taxonomy](https://github.com/CycloneDX/cyclonedx-property-taxonomy). Formal registration is OPTIONAL.",
"items": {"$ref": "#/definitions/property"}
},
"tags": {
"$ref": "#/definitions/tags",
"title": "Tags"
},
"signature": {
"$ref": "#/definitions/signature",
"title": "Signature",
Expand Down Expand Up @@ -1879,6 +1883,10 @@
"description": "Provides the ability to document properties in a name-value store. This provides flexibility to include data not officially supported in the standard without having to use additional namespaces or create extensions. Unlike key-value stores, properties support duplicate names, each potentially having different values. Property names of interest to the general public are encouraged to be registered in the [CycloneDX Property Taxonomy](https://github.com/CycloneDX/cyclonedx-property-taxonomy). Formal registration is OPTIONAL.",
"items": {"$ref": "#/definitions/property"}
},
"tags": {
"$ref": "#/definitions/tags",
"title": "Tags"
},
"signature": {
"$ref": "#/definitions/signature",
"title": "Signature",
Expand Down Expand Up @@ -2326,12 +2334,8 @@
"description": "One or more alternate names the release may be referred to. This may include unofficial terms used by development and marketing teams (e.g. code names)."
},
"tags": {
"type": "array",
"items": {
"type": "string"
},
"title": "Tags",
"description": "One or more tags that may aid in search or retrieval of the release note."
"$ref": "#/definitions/tags",
"title": "Tags"
},
"resolves": {
"type": "array",
Expand Down Expand Up @@ -5254,6 +5258,21 @@
"description": "The bom-ref to the algorithm."
}
}
},
"tags": {
"type": "array",
"items": {
"type": "string"
},
"title": "Tags",
"description": "Textual strings that aid in discovery, search, and retrieval of the associated object. Tags often serve as a way to group or categorize similar or related objects by various attributes.",
"examples": [
"json-parser",
"object-persistence",
"text-to-image",
"translation",
"object-detection"
]
}
}
}
30 changes: 19 additions & 11 deletions schema/bom-1.6.xsd
Original file line number Diff line number Diff line change
Expand Up @@ -653,6 +653,7 @@ limitations under the License.
</xs:documentation>
</xs:annotation>
</xs:element>
<xs:element name="tags" type="bom:tagsType" minOccurs="0" maxOccurs="1" />
<xs:any namespace="##other" processContents="lax" minOccurs="0" maxOccurs="unbounded">
<xs:annotation>
<xs:documentation>
Expand Down Expand Up @@ -2103,6 +2104,7 @@ limitations under the License.
<xs:documentation>Specifies optional release notes.</xs:documentation>
</xs:annotation>
</xs:element>
<xs:element name="tags" type="bom:tagsType" minOccurs="0" maxOccurs="1" />
<xs:any namespace="##other" processContents="lax" minOccurs="0" maxOccurs="unbounded">
<xs:annotation>
<xs:documentation>
Expand Down Expand Up @@ -2722,17 +2724,7 @@ limitations under the License.
</xs:sequence>
</xs:complexType>
</xs:element>
<xs:element name="tags" minOccurs="0" maxOccurs="1">
<xs:complexType>
<xs:sequence minOccurs="0" maxOccurs="unbounded">
<xs:element name="tag" type="xs:normalizedString">
<xs:annotation>
<xs:documentation>One or more tags that may aid in search or retrieval of the release note.</xs:documentation>
</xs:annotation>
</xs:element>
</xs:sequence>
</xs:complexType>
</xs:element>
<xs:element name="tags" type="bom:tagsType" minOccurs="0" maxOccurs="1" />
<xs:element name="resolves" minOccurs="0" maxOccurs="1">
<xs:annotation>
<xs:documentation>A collection of issues that have been resolved.</xs:documentation>
Expand Down Expand Up @@ -7576,6 +7568,22 @@ limitations under the License.
</xs:anyAttribute>
</xs:complexType>

<xs:complexType name="tagsType">
<xs:sequence minOccurs="0" maxOccurs="unbounded">
<xs:element name="tag" type="xs:normalizedString">
<xs:annotation>
<xs:documentation>Textual strings that aid in discovery, search, and retrieval of the associated
object. Tags often serve as a way to group or categorize similar or related objects by various
attributes.

Examples include:
"json-parser", "object-persistence", "text-to-image", "translation", and "object-detection"
</xs:documentation>
</xs:annotation>
</xs:element>
</xs:sequence>
</xs:complexType>

<xs:element name="bom">
<xs:complexType>
<xs:sequence>
Expand Down
21 changes: 21 additions & 0 deletions tools/src/test/resources/1.6/valid-tags-1.6.json
Original file line number Diff line number Diff line change
@@ -0,0 +1,21 @@
{
"bomFormat": "CycloneDX",
"specVersion": "1.6",
"serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79",
"version": 1,
"components": [
{
"type": "library",
"name": "my-json-parser",
"version": "1.0",
"tags": [ "json-parser", "javascript", "node.js" ]
}
],
"services": [
{
"name": "my service",
"endpoints": [ "https://example.com/myservice" ],
"tags": [ "microservice", "golang", "aws", "us-east-1" ]
}
]
}
14 changes: 14 additions & 0 deletions tools/src/test/resources/1.6/valid-tags-1.6.textproto
Original file line number Diff line number Diff line change
@@ -0,0 +1,14 @@
spec_version: "1.6"
version: 1
serial_number: "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79"
components {
type: CLASSIFICATION_LIBRARY
name: "my-json-parser"
version: "1.0"
tags: [ "json-parser", "javascript", "node.js" ]
}
services {
name: "my service"
endpoints: [ "https://example.com/myservice" ]
tags: [ "microservice", "golang", "aws", "us-east-1" ]
}
28 changes: 28 additions & 0 deletions tools/src/test/resources/1.6/valid-tags-1.6.xml
Original file line number Diff line number Diff line change
@@ -0,0 +1,28 @@
<?xml version="1.0"?>
<bom serialNumber="urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79" version="1" xmlns="http://cyclonedx.org/schema/bom/1.6">
<components>
<component type="library">
<name>my-json-parser</name>
<version>1.0</version>
<tags>
<tag>json-parser</tag>
<tag>javascript</tag>
<tag>node.js</tag>
</tags>
</component>
</components>
<services>
<service>
<name>my service</name>
<endpoints>
<endpoint>https://example.com/myservice</endpoint>
</endpoints>
<tags>
<tag>microservice</tag>
<tag>golang</tag>
<tag>aws</tag>
<tag>us-east-1</tag>
</tags>
</service>
</services>
</bom>