Skip to content

Commit

Permalink
Added support for tags along with unit tests.
Browse files Browse the repository at this point in the history
Signed-off-by: Steve Springett <[email protected]>
  • Loading branch information
stevespringett committed Feb 22, 2024
1 parent 472d4c2 commit 0a983f3
Show file tree
Hide file tree
Showing 6 changed files with 112 additions and 18 deletions.
6 changes: 5 additions & 1 deletion schema/bom-1.6.proto
Original file line number Diff line number Diff line change
Expand Up @@ -141,6 +141,8 @@ message Component {
optional ComponentData data = 26;
// Cryptographic assets have properties that uniquely define them and that make them actionable for further reasoning. As an example, it makes a difference if one knows the algorithm family (e.g. AES) or the specific variant or instantiation (e.g. AES-128-GCM). This is because the security level and the algorithm primitive (authenticated encryption) is only defined by the definition of the algorithm variant. The presence of a weak cryptographic algorithm like SHA1 vs. HMAC-SHA1 also makes a difference.
optional CryptoProperties cryptoProperties = 27;
// Textual strings that aid in discovery, search, and retrieval of the associated object. Tags often serve as a way to group or categorize similar or related objects by various attributes. Examples include "json-parser", "object-persistence", "text-to-image", "translation", and "object-detection".
repeated string tags = 28;
}

// Specifies the data flow.
Expand Down Expand Up @@ -583,6 +585,8 @@ message Service {
optional ReleaseNotes releaseNotes = 15;
// The name of the trust zone the service resides in.
optional string trustZone = 16;
// Textual strings that aid in discovery, search, and retrieval of the associated object. Tags often serve as a way to group or categorize similar or related objects by various attributes. Examples include "json-parser", "object-persistence", "text-to-image", "translation", and "object-detection".
repeated string tags = 17;
}

message Swid {
Expand Down Expand Up @@ -778,7 +782,7 @@ message ReleaseNotes {
optional google.protobuf.Timestamp timestamp = 6;
// Optional alternate names the release may be referred to. This may include unofficial terms used by development and marketing teams (e.g. code names).
repeated string aliases = 7;
// Optional tags that may aid in search or retrieval of the release note.
// Textual strings that aid in discovery, search, and retrieval of the associated object. Tags often serve as a way to group or categorize similar or related objects by various attributes. Examples include "json-parser", "object-persistence", "text-to-image", "translation", and "object-detection".
repeated string tags = 8;
// A collection of issues that have been resolved.
repeated Issue resolves = 9;
Expand Down
31 changes: 25 additions & 6 deletions schema/bom-1.6.schema.json
Original file line number Diff line number Diff line change
Expand Up @@ -1041,6 +1041,10 @@
"description": "Provides the ability to document properties in a name-value store. This provides flexibility to include data not officially supported in the standard without having to use additional namespaces or create extensions. Unlike key-value stores, properties support duplicate names, each potentially having different values. Property names of interest to the general public are encouraged to be registered in the [CycloneDX Property Taxonomy](https://github.com/CycloneDX/cyclonedx-property-taxonomy). Formal registration is OPTIONAL.",
"items": {"$ref": "#/definitions/property"}
},
"tags": {
"$ref": "#/definitions/tags",
"title": "Tags"
},
"signature": {
"$ref": "#/definitions/signature",
"title": "Signature",
Expand Down Expand Up @@ -1879,6 +1883,10 @@
"description": "Provides the ability to document properties in a name-value store. This provides flexibility to include data not officially supported in the standard without having to use additional namespaces or create extensions. Unlike key-value stores, properties support duplicate names, each potentially having different values. Property names of interest to the general public are encouraged to be registered in the [CycloneDX Property Taxonomy](https://github.com/CycloneDX/cyclonedx-property-taxonomy). Formal registration is OPTIONAL.",
"items": {"$ref": "#/definitions/property"}
},
"tags": {
"$ref": "#/definitions/tags",
"title": "Tags"
},
"signature": {
"$ref": "#/definitions/signature",
"title": "Signature",
Expand Down Expand Up @@ -2326,12 +2334,8 @@
"description": "One or more alternate names the release may be referred to. This may include unofficial terms used by development and marketing teams (e.g. code names)."
},
"tags": {
"type": "array",
"items": {
"type": "string"
},
"title": "Tags",
"description": "One or more tags that may aid in search or retrieval of the release note."
"$ref": "#/definitions/tags",
"title": "Tags"
},
"resolves": {
"type": "array",
Expand Down Expand Up @@ -5254,6 +5258,21 @@
"description": "The bom-ref to the algorithm."
}
}
},
"tags": {
"type": "array",
"items": {
"type": "string"
},
"title": "Tags",
"description": "Textual strings that aid in discovery, search, and retrieval of the associated object. Tags often serve as a way to group or categorize similar or related objects by various attributes.",
"examples": [
"json-parser",
"object-persistence",
"text-to-image",
"translation",
"object-detection"
]
}
}
}
30 changes: 19 additions & 11 deletions schema/bom-1.6.xsd
Original file line number Diff line number Diff line change
Expand Up @@ -653,6 +653,7 @@ limitations under the License.
</xs:documentation>
</xs:annotation>
</xs:element>
<xs:element name="tags" type="bom:tagsType" minOccurs="0" maxOccurs="1" />
<xs:any namespace="##other" processContents="lax" minOccurs="0" maxOccurs="unbounded">
<xs:annotation>
<xs:documentation>
Expand Down Expand Up @@ -2103,6 +2104,7 @@ limitations under the License.
<xs:documentation>Specifies optional release notes.</xs:documentation>
</xs:annotation>
</xs:element>
<xs:element name="tags" type="bom:tagsType" minOccurs="0" maxOccurs="1" />
<xs:any namespace="##other" processContents="lax" minOccurs="0" maxOccurs="unbounded">
<xs:annotation>
<xs:documentation>
Expand Down Expand Up @@ -2722,17 +2724,7 @@ limitations under the License.
</xs:sequence>
</xs:complexType>
</xs:element>
<xs:element name="tags" minOccurs="0" maxOccurs="1">
<xs:complexType>
<xs:sequence minOccurs="0" maxOccurs="unbounded">
<xs:element name="tag" type="xs:normalizedString">
<xs:annotation>
<xs:documentation>One or more tags that may aid in search or retrieval of the release note.</xs:documentation>
</xs:annotation>
</xs:element>
</xs:sequence>
</xs:complexType>
</xs:element>
<xs:element name="tags" type="bom:tagsType" minOccurs="0" maxOccurs="1" />
<xs:element name="resolves" minOccurs="0" maxOccurs="1">
<xs:annotation>
<xs:documentation>A collection of issues that have been resolved.</xs:documentation>
Expand Down Expand Up @@ -7576,6 +7568,22 @@ limitations under the License.
</xs:anyAttribute>
</xs:complexType>

<xs:complexType name="tagsType">
<xs:sequence minOccurs="0" maxOccurs="unbounded">
<xs:element name="tag" type="xs:normalizedString">
<xs:annotation>
<xs:documentation>Textual strings that aid in discovery, search, and retrieval of the associated
object. Tags often serve as a way to group or categorize similar or related objects by various
attributes.

Examples include:
"json-parser", "object-persistence", "text-to-image", "translation", and "object-detection"
</xs:documentation>
</xs:annotation>
</xs:element>
</xs:sequence>
</xs:complexType>

<xs:element name="bom">
<xs:complexType>
<xs:sequence>
Expand Down
21 changes: 21 additions & 0 deletions tools/src/test/resources/1.6/valid-tags-1.6.json
Original file line number Diff line number Diff line change
@@ -0,0 +1,21 @@
{
"bomFormat": "CycloneDX",
"specVersion": "1.6",
"serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79",
"version": 1,
"components": [
{
"type": "library",
"name": "my-json-parser",
"version": "1.0",
"tags": [ "json-parser", "javascript", "node.js" ]
}
],
"services": [
{
"name": "my service",
"endpoints": [ "https://example.com/myservice" ],
"tags": [ "microservice", "golang", "aws", "us-east-1" ]
}
]
}
14 changes: 14 additions & 0 deletions tools/src/test/resources/1.6/valid-tags-1.6.textproto
Original file line number Diff line number Diff line change
@@ -0,0 +1,14 @@
spec_version: "1.6"
version: 1
serial_number: "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79"
components {
type: CLASSIFICATION_LIBRARY
name: "my-json-parser"
version: "1.0"
tags: [ "json-parser", "javascript", "node.js" ]
}
services {
name: "my service"
endpoints: [ "https://example.com/myservice" ]
tags: [ "microservice", "golang", "aws", "us-east-1" ]
}
28 changes: 28 additions & 0 deletions tools/src/test/resources/1.6/valid-tags-1.6.xml
Original file line number Diff line number Diff line change
@@ -0,0 +1,28 @@
<?xml version="1.0"?>
<bom serialNumber="urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79" version="1" xmlns="http://cyclonedx.org/schema/bom/1.6">
<components>
<component type="library">
<name>my-json-parser</name>
<version>1.0</version>
<tags>
<tag>json-parser</tag>
<tag>javascript</tag>
<tag>node.js</tag>
</tags>
</component>
</components>
<services>
<service>
<name>my service</name>
<endpoints>
<endpoint>https://example.com/myservice</endpoint>
</endpoints>
<tags>
<tag>microservice</tag>
<tag>golang</tag>
<tag>aws</tag>
<tag>us-east-1</tag>
</tags>
</service>
</services>
</bom>

0 comments on commit 0a983f3

Please sign in to comment.