Skip to content

Commit

Permalink
Merge branch 'master' into 1.7-dev
Browse files Browse the repository at this point in the history
  • Loading branch information
@jkowalleck
jkowalleck authored Nov 7, 2024
2 parents efc7163 + 8a27bfd commit d0bd373
Show file tree
Hide file tree
Showing 25 changed files with 901 additions and 76 deletions.
Empty file added config
View file
Empty file.
186 changes: 179 additions & 7 deletions schema/bom-1.6.proto
View file

Large diffs are not rendered by default.

2 changes: 1 addition & 1 deletion schema/bom-1.6.schema.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -25,7 +25,7 @@
"type": "string",
"title": "CycloneDX Specification Version",
"description": "The version of the CycloneDX specification the BOM conforms to.",
"examples": ["1.6"]
"examples": ["1.6.1"]
},
"serialNumber": {
"type": "string",
Expand Down
177 changes: 147 additions & 30 deletions schema/bom-1.6.xsd
View file
Original file line number Diff line number Diff line change
Expand Up @@ -22,7 +22,7 @@ limitations under the License.
targetNamespace="http://cyclonedx.org/schema/bom/1.6"
vc:minVersion="1.0"
vc:maxVersion="1.1"
version="1.6.0">
version="1.6.1">

<xs:import namespace="http://cyclonedx.org/schema/spdx" schemaLocation="http://cyclonedx.org/schema/spdx"/>

Expand Down Expand Up @@ -572,6 +572,9 @@ limitations under the License.
</xs:annotation>
</xs:element>
<xs:element name="hashes" minOccurs="0" maxOccurs="1">
<xs:annotation>
<xs:documentation>The hashes of the component.</xs:documentation>
</xs:annotation>
<xs:complexType>
<xs:sequence minOccurs="0" maxOccurs="unbounded">
<xs:element name="hash" type="bom:hashType"/>
Expand Down Expand Up @@ -698,7 +701,7 @@ limitations under the License.
type `machine-learning-model` and must not be specified for other component types.</xs:documentation>
</xs:annotation>
</xs:element>
<xs:element name="data" type="bom:componentDataType" minOccurs="0" maxOccurs="1">
<xs:element name="data" type="bom:componentDataType" minOccurs="0" maxOccurs="unbounded">
<xs:annotation>
<xs:documentation>This object SHOULD be specified for any component of type `data` and must not be
specified for other component types.</xs:documentation>
Expand Down Expand Up @@ -1842,6 +1845,12 @@ limitations under the License.
</xs:complexType>
</xs:element>
<xs:element name="references" minOccurs="0" maxOccurs="1">
<xs:annotation>
<xs:documentation xml:lang="en">
A collection of URL's for reference. Multiple URLs are allowed.
Example: "https://example.com"
</xs:documentation>
</xs:annotation>
<xs:complexType>
<xs:sequence minOccurs="0" maxOccurs="unbounded">
<xs:element name="url" type="xs:anyURI"/>
Expand Down Expand Up @@ -2058,6 +2067,12 @@ limitations under the License.
</xs:annotation>
</xs:element>
<xs:element name="endpoints" minOccurs="0" maxOccurs="1">
<xs:annotation>
<xs:documentation>
The endpoint URIs of the service. Multiple endpoints are allowed.
Example: "https://example.com/api/v1/ticker"
</xs:documentation>
</xs:annotation>
<xs:complexType>
<xs:sequence minOccurs="0" maxOccurs="unbounded">
<xs:element name="endpoint" type="xs:anyURI" minOccurs="1">
Expand Down Expand Up @@ -2088,6 +2103,9 @@ limitations under the License.
</xs:annotation>
</xs:element>
<xs:element name="data" minOccurs="0" maxOccurs="1">
<xs:annotation>
<xs:documentation>Specifies information about the data including the directional flow of data and the data classification.</xs:documentation>
</xs:annotation>
<xs:complexType>
<xs:choice>
<xs:sequence minOccurs="0" maxOccurs="unbounded">
Expand Down Expand Up @@ -2253,10 +2271,28 @@ limitations under the License.
states that the direction is not known.</xs:documentation>
</xs:annotation>
<xs:restriction base="xs:string">
<xs:enumeration value="inbound"/>
<xs:enumeration value="outbound"/>
<xs:enumeration value="bi-directional"/>
<xs:enumeration value="unknown"/>
<xs:enumeration value="inbound">
<xs:annotation>
<xs:documentation>
Data that enters a service.
</xs:documentation>
</xs:annotation>
</xs:enumeration>
<xs:enumeration value="outbound">
<xs:annotation>
<xs:documentation>Data that exits a service.</xs:documentation>
</xs:annotation>
</xs:enumeration>
<xs:enumeration value="bi-directional">
<xs:annotation>
<xs:documentation>Data flows in and out of the service.</xs:documentation>
</xs:annotation>
</xs:enumeration>
<xs:enumeration value="unknown">
<xs:annotation>
<xs:documentation>The directional flow of data is not known.</xs:documentation>
</xs:annotation>
</xs:enumeration>
</xs:restriction>
</xs:simpleType>

Expand Down Expand Up @@ -2562,6 +2598,11 @@ limitations under the License.
<xs:complexType>
<xs:sequence>
<xs:element name="frame" minOccurs="0" maxOccurs="unbounded">
<xs:annotation>
<xs:documentation>
Within a call stack, a frame is a discrete unit that encapsulates an execution context, including local variables, parameters, and the return address. As function calls are made, frames are pushed onto the stack, forming an array-like structure that orchestrates the flow of program execution and manages the sequence of function invocations.
</xs:documentation>
</xs:annotation>
<xs:complexType>
<xs:sequence>
<xs:element name="package" type="xs:string" minOccurs="0" maxOccurs="1">
Expand Down Expand Up @@ -2628,7 +2669,13 @@ limitations under the License.
</xs:complexType>
</xs:element>
<xs:element name="licenses" type="bom:licenseChoiceType" minOccurs="0" maxOccurs="1"/>
<xs:element name="copyright" type="bom:copyrightsType" minOccurs="0" maxOccurs="1"/>
<xs:element name="copyright" type="bom:copyrightsType" minOccurs="0" maxOccurs="1">
<xs:annotation>
<xs:documentation>
opyright evidence captures intellectual property assertions, providing evidence of possible ownership and legal protection.
</xs:documentation>
</xs:annotation>
</xs:element>
<xs:any namespace="##other" processContents="lax" minOccurs="0" maxOccurs="unbounded">
<xs:annotation>
<xs:documentation>
Expand Down Expand Up @@ -2932,13 +2979,13 @@ limitations under the License.
</xs:anyAttribute>
</xs:complexType>

<!--
Model card support in CycloneDX is derived from TensorFlow Model Card Toolkit released under the Apache 2.0 license and
available from https://github.com/tensorflow/model-card-toolkit/blob/main/model_card_toolkit/schema/v0.0.2/model_card.schema.json.
In addition, CycloneDX model card support includes portions of VerifyML, also released under the Apache 2.0 license and
available from https://github.com/cylynx/verifyml/blob/main/verifyml/model_card_toolkit/schema/v0.0.4/model_card.schema.json.
-->
<xs:complexType name="modelCardType">
<!--
Model card support in CycloneDX is derived from TensorFlow Model Card Toolkit released under the Apache 2.0 license and
available from https://github.com/tensorflow/model-card-toolkit/blob/main/model_card_toolkit/schema/v0.0.2/model_card.schema.json.
In addition, CycloneDX model card support includes portions of VerifyML, also released under the Apache 2.0 license and
available from https://github.com/cylynx/verifyml/blob/main/verifyml/model_card_toolkit/schema/v0.0.4/model_card.schema.json.
-->
<xs:annotation>
<xs:documentation>
A model card describes the intended uses of a machine learning model and potential limitations, including
Expand Down Expand Up @@ -3014,7 +3061,11 @@ limitations under the License.
<xs:union memberTypes="bom:refLinkType bom:bomLinkElementType"/>
</xs:simpleType>
</xs:element>
<xs:element name="dataset" type="bom:componentDataType" minOccurs="0" maxOccurs="1" />
<xs:element name="dataset" type="bom:componentDataType" minOccurs="0" maxOccurs="1">
<xs:annotation>
<xs:documentation>Inline Data Information</xs:documentation>
</xs:annotation>
</xs:element>
</xs:choice>
</xs:complexType>
</xs:element>
Expand Down Expand Up @@ -4649,13 +4700,41 @@ limitations under the License.
</xs:documentation>
</xs:annotation>
<xs:restriction base="xs:string">
<xs:enumeration value="critical"/>
<xs:enumeration value="high"/>
<xs:enumeration value="medium"/>
<xs:enumeration value="low"/>
<xs:enumeration value="info"/>
<xs:enumeration value="none"/>
<xs:enumeration value="unknown"/>
<xs:enumeration value="critical">
<xs:annotation>
<xs:documentation>Critical severity</xs:documentation>
</xs:annotation>
</xs:enumeration>
<xs:enumeration value="high">
<xs:annotation>
<xs:documentation>High severity</xs:documentation>
</xs:annotation>
</xs:enumeration>
<xs:enumeration value="medium">
<xs:annotation>
<xs:documentation>Medium severity</xs:documentation>
</xs:annotation>
</xs:enumeration>
<xs:enumeration value="low">
<xs:annotation>
<xs:documentation>Low severity</xs:documentation>
</xs:annotation>
</xs:enumeration>
<xs:enumeration value="info">
<xs:annotation>
<xs:documentation>Informational warning.</xs:documentation>
</xs:annotation>
</xs:enumeration>
<xs:enumeration value="none">
<xs:annotation>
<xs:documentation>None</xs:documentation>
</xs:annotation>
</xs:enumeration>
<xs:enumeration value="unknown">
<xs:annotation>
<xs:documentation>The severity is not known</xs:documentation>
</xs:annotation>
</xs:enumeration>
</xs:restriction>
</xs:simpleType>

Expand Down Expand Up @@ -4852,11 +4931,31 @@ limitations under the License.
</xs:documentation>
</xs:annotation>
<xs:restriction base="xs:string">
<xs:enumeration value="can_not_fix"/>
<xs:enumeration value="will_not_fix"/>
<xs:enumeration value="update"/>
<xs:enumeration value="rollback"/>
<xs:enumeration value="workaround_available"/>
<xs:enumeration value="can_not_fix">
<xs:annotation>
<xs:documentation>Can not fix</xs:documentation>
</xs:annotation>
</xs:enumeration>
<xs:enumeration value="will_not_fix">
<xs:annotation>
<xs:documentation>Will not fix</xs:documentation>
</xs:annotation>
</xs:enumeration>
<xs:enumeration value="update">
<xs:annotation>
<xs:documentation>Update to a different revision or release</xs:documentation>
</xs:annotation>
</xs:enumeration>
<xs:enumeration value="rollback">
<xs:annotation>
<xs:documentation>Revert to a previous revision or release</xs:documentation>
</xs:annotation>
</xs:enumeration>
<xs:enumeration value="workaround_available">
<xs:annotation>
<xs:documentation>There is a workaround available</xs:documentation>
</xs:annotation>
</xs:enumeration>
</xs:restriction>
</xs:simpleType>

Expand All @@ -4871,9 +4970,21 @@ limitations under the License.
</xs:documentation>
</xs:annotation>
<xs:restriction base="xs:string">
<xs:enumeration value="affected"/>
<xs:enumeration value="unaffected"/>
<xs:enumeration value="unknown"/>
<xs:enumeration value="affected">
<xs:annotation>
<xs:documentation>The version is affected by the vulnerability.</xs:documentation>
</xs:annotation>
</xs:enumeration>
<xs:enumeration value="unaffected">
<xs:annotation>
<xs:documentation>The version is not affected by the vulnerability.</xs:documentation>
</xs:annotation>
</xs:enumeration>
<xs:enumeration value="unknown">
<xs:annotation>
<xs:documentation>It is unknown (or unspecified) whether the given version is affected.</xs:documentation>
</xs:annotation>
</xs:enumeration>
</xs:restriction>
</xs:simpleType>

Expand Down Expand Up @@ -7834,6 +7945,12 @@ limitations under the License.
</xs:complexType>
</xs:element>
<xs:element name="affirmation" minOccurs="0" maxOccurs="1">
<xs:annotation>
<xs:documentation>
A concise statement affirmed by an individual regarding all declarations, often used for third-party auditor acceptance or recipient acknowledgment.
It includes a list of authorized signatories who assert the validity of the document on behalf of the organization.
</xs:documentation>
</xs:annotation>
<xs:complexType>
<xs:sequence>
<xs:element name="statement" type="xs:string" minOccurs="0" maxOccurs="1">
Expand Down Expand Up @@ -8027,7 +8144,7 @@ limitations under the License.
</xs:annotation>
<xs:complexType>
<xs:sequence>
<xs:element name="description" type="xs:string" minOccurs="0" maxOccurs="1"/>
<xs:element name="description" type="xs:string" minOccurs="0" maxOccurs="unbounded"/>
</xs:sequence>
</xs:complexType>
</xs:element>
Expand Down
2 changes: 1 addition & 1 deletion tools/pom.xml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -52,7 +52,7 @@
<maven.assembly.plugin.version>3.1.0</maven.assembly.plugin.version>
<!-- Library Versions -->
<lib.commons.io.version>2.16.1</lib.commons.io.version>
<lib.commons.lang3.version>3.16.0</lib.commons.lang3.version>
<lib.commons.lang3.version>3.17.0</lib.commons.lang3.version>
<lib.commons.text.version>1.12.0</lib.commons.text.version>
<lib.unirest.version>1.4.9</lib.unirest.version>
<lib.cyclonedx.core.java.version>9.0.5</lib.cyclonedx.core.java.version>
Expand Down
9 changes: 4 additions & 5 deletions tools/src/test/proto/buf_breaking-remote.yaml
View file
Original file line number Diff line number Diff line change
@@ -1,7 +1,6 @@
# This is the config for "Buf" - a ProtocolBuffer linter/checker/more
# see https://buf.build/docs/configuration/v1/buf-yaml
version: v1
breaking: # https://buf.build/docs/configuration/v1/buf-yaml#breaking
# see https://buf.build/docs/configuration/v2/buf-yaml
version: v2
breaking: # https://buf.build/docs/configuration/v2/buf-yaml#breaking
use: # see https://buf.build/docs/breaking/overview#rules-and-categories
- FILE
- WIRE_JSON
- WIRE
12 changes: 4 additions & 8 deletions tools/src/test/proto/buf_breaking-version.yaml
View file
Original file line number Diff line number Diff line change
@@ -1,10 +1,6 @@
# This is the config for "Buf" - a ProtocolBuffer linter/checker/more
# see https://buf.build/docs/configuration/v1/buf-yaml
version: v1
breaking: # https://buf.build/docs/configuration/v1/buf-yaml#breaking
# see https://buf.build/docs/configuration/v2/buf-yaml
version: v2
breaking: # https://buf.build/docs/configuration/v2/buf-yaml#breaking
use: # see https://buf.build/docs/breaking/overview#rules-and-categories
- FILE
- WIRE_JSON
except:
# scope is to detect changes from one version to the other -> so ignore "FILE_SAME_PACKAGE"
- FILE_SAME_PACKAGE
- WIRE
23 changes: 16 additions & 7 deletions tools/src/test/proto/buf_lint.yaml
View file
Original file line number Diff line number Diff line change
@@ -1,9 +1,10 @@
# This is the config for "Buf" - a ProtocolBuffer linter/checker/more
# see https://buf.build/docs/configuration/v1/buf-yaml
version: v1
lint: # https://buf.build/docs/configuration/v1/buf-yaml#lint
# see https://buf.build/docs/configuration/v2/buf-yaml
version: v2
lint: # https://buf.build/docs/configuration/v2/buf-yaml#lint
use: # see https://buf.build/docs/lint/rules
- DEFAULT # https://buf.build/docs/lint/rules#default
- STANDARD # https://buf.build/docs/lint/rules/#standard
- COMMENTS # https://buf.build/docs/lint/rules/#comments
except:
# directory/file layout does not match the recommendation/framework of the tool
- DIRECTORY_SAME_PACKAGE # https://buf.build/docs/lint/rules#directory_same_package
Expand All @@ -13,10 +14,18 @@ lint: # https://buf.build/docs/configuration/v1/buf-yaml#lint
# (shall be fixed with v2.0 of this very schema)
- PACKAGE_VERSION_SUFFIX # https://buf.build/docs/lint/rules#package_version_suffix
- FIELD_LOWER_SNAKE_CASE # https://buf.build/docs/lint/rules#field_lower_snake_case
# some comments are not required, as they should be self-explanatory from their respective symbol name or the symbol's applied usage
- COMMENT_MESSAGE
- COMMENT_ENUM
- COMMENT_ENUM_VALUE
- COMMENT_ONEOF
ignore_only:
DEFAULT: # https://buf.build/docs/lint/rules#default
# legacy schema files may NOT stick to the rules -- this is acknowledged.
# legacy schema files may NOT stick to the rules -- this is acknowledged.
STANDARD:
- "schema/bom-1.5.proto"
- "schema/bom-1.4.proto"
- "schema/bom-1.3.proto"
COMMENTS:
- "schema/bom-1.5.proto"
- "schema/bom-1.4.proto"
- "schema/bom-1.3.proto"
allow_comment_ignores: true # the so-called "baseline" is done by annotating exceptions
Loading

0 comments on commit d0bd373

Please sign in to comment.