diff --git a/schema/bom-1.6.proto b/schema/bom-1.6.proto
index d1a02573..6509067d 100644
--- a/schema/bom-1.6.proto
+++ b/schema/bom-1.6.proto
@@ -141,6 +141,8 @@ message Component {
optional ComponentData data = 26;
// Cryptographic assets have properties that uniquely define them and that make them actionable for further reasoning. As an example, it makes a difference if one knows the algorithm family (e.g. AES) or the specific variant or instantiation (e.g. AES-128-GCM). This is because the security level and the algorithm primitive (authenticated encryption) is only defined by the definition of the algorithm variant. The presence of a weak cryptographic algorithm like SHA1 vs. HMAC-SHA1 also makes a difference.
optional CryptoProperties cryptoProperties = 27;
+ // Textual strings that aid in discovery, search, and retrieval of the associated object. Tags often serve as a way to group or categorize similar or related objects by various attributes. Examples include "json-parser", "object-persistence", "text-to-image", "translation", and "object-detection".
+ repeated string tags = 28;
}
// Specifies the data flow.
@@ -583,6 +585,8 @@ message Service {
optional ReleaseNotes releaseNotes = 15;
// The name of the trust zone the service resides in.
optional string trustZone = 16;
+ // Textual strings that aid in discovery, search, and retrieval of the associated object. Tags often serve as a way to group or categorize similar or related objects by various attributes. Examples include "json-parser", "object-persistence", "text-to-image", "translation", and "object-detection".
+ repeated string tags = 17;
}
message Swid {
@@ -778,7 +782,7 @@ message ReleaseNotes {
optional google.protobuf.Timestamp timestamp = 6;
// Optional alternate names the release may be referred to. This may include unofficial terms used by development and marketing teams (e.g. code names).
repeated string aliases = 7;
- // Optional tags that may aid in search or retrieval of the release note.
+ // Textual strings that aid in discovery, search, and retrieval of the associated object. Tags often serve as a way to group or categorize similar or related objects by various attributes. Examples include "json-parser", "object-persistence", "text-to-image", "translation", and "object-detection".
repeated string tags = 8;
// A collection of issues that have been resolved.
repeated Issue resolves = 9;
diff --git a/schema/bom-1.6.schema.json b/schema/bom-1.6.schema.json
index f570e4a3..4f0f9c04 100644
--- a/schema/bom-1.6.schema.json
+++ b/schema/bom-1.6.schema.json
@@ -1041,6 +1041,10 @@
"description": "Provides the ability to document properties in a name-value store. This provides flexibility to include data not officially supported in the standard without having to use additional namespaces or create extensions. Unlike key-value stores, properties support duplicate names, each potentially having different values. Property names of interest to the general public are encouraged to be registered in the [CycloneDX Property Taxonomy](https://github.com/CycloneDX/cyclonedx-property-taxonomy). Formal registration is OPTIONAL.",
"items": {"$ref": "#/definitions/property"}
},
+ "tags": {
+ "$ref": "#/definitions/tags",
+ "title": "Tags"
+ },
"signature": {
"$ref": "#/definitions/signature",
"title": "Signature",
@@ -1879,6 +1883,10 @@
"description": "Provides the ability to document properties in a name-value store. This provides flexibility to include data not officially supported in the standard without having to use additional namespaces or create extensions. Unlike key-value stores, properties support duplicate names, each potentially having different values. Property names of interest to the general public are encouraged to be registered in the [CycloneDX Property Taxonomy](https://github.com/CycloneDX/cyclonedx-property-taxonomy). Formal registration is OPTIONAL.",
"items": {"$ref": "#/definitions/property"}
},
+ "tags": {
+ "$ref": "#/definitions/tags",
+ "title": "Tags"
+ },
"signature": {
"$ref": "#/definitions/signature",
"title": "Signature",
@@ -2326,12 +2334,8 @@
"description": "One or more alternate names the release may be referred to. This may include unofficial terms used by development and marketing teams (e.g. code names)."
},
"tags": {
- "type": "array",
- "items": {
- "type": "string"
- },
- "title": "Tags",
- "description": "One or more tags that may aid in search or retrieval of the release note."
+ "$ref": "#/definitions/tags",
+ "title": "Tags"
},
"resolves": {
"type": "array",
@@ -5254,6 +5258,21 @@
"description": "The bom-ref to the algorithm."
}
}
+ },
+ "tags": {
+ "type": "array",
+ "items": {
+ "type": "string"
+ },
+ "title": "Tags",
+ "description": "Textual strings that aid in discovery, search, and retrieval of the associated object. Tags often serve as a way to group or categorize similar or related objects by various attributes.",
+ "examples": [
+ "json-parser",
+ "object-persistence",
+ "text-to-image",
+ "translation",
+ "object-detection"
+ ]
}
}
}
diff --git a/schema/bom-1.6.xsd b/schema/bom-1.6.xsd
index 1df0505c..9a81e717 100644
--- a/schema/bom-1.6.xsd
+++ b/schema/bom-1.6.xsd
@@ -653,6 +653,7 @@ limitations under the License.
+
@@ -2103,6 +2104,7 @@ limitations under the License.
Specifies optional release notes.
+
@@ -2722,17 +2724,7 @@ limitations under the License.
-
-
-
-
-
- One or more tags that may aid in search or retrieval of the release note.
-
-
-
-
-
+
A collection of issues that have been resolved.
@@ -7576,6 +7568,22 @@ limitations under the License.
+
+
+
+
+ Textual strings that aid in discovery, search, and retrieval of the associated
+ object. Tags often serve as a way to group or categorize similar or related objects by various
+ attributes.
+
+ Examples include:
+ "json-parser", "object-persistence", "text-to-image", "translation", and "object-detection"
+
+
+
+
+
+
diff --git a/tools/src/test/resources/1.6/valid-tags-1.6.json b/tools/src/test/resources/1.6/valid-tags-1.6.json
new file mode 100644
index 00000000..0a4b286c
--- /dev/null
+++ b/tools/src/test/resources/1.6/valid-tags-1.6.json
@@ -0,0 +1,21 @@
+{
+ "bomFormat": "CycloneDX",
+ "specVersion": "1.6",
+ "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79",
+ "version": 1,
+ "components": [
+ {
+ "type": "library",
+ "name": "my-json-parser",
+ "version": "1.0",
+ "tags": [ "json-parser", "javascript", "node.js" ]
+ }
+ ],
+ "services": [
+ {
+ "name": "my service",
+ "endpoints": [ "https://example.com/myservice" ],
+ "tags": [ "microservice", "golang", "aws", "us-east-1" ]
+ }
+ ]
+}
diff --git a/tools/src/test/resources/1.6/valid-tags-1.6.textproto b/tools/src/test/resources/1.6/valid-tags-1.6.textproto
new file mode 100644
index 00000000..0540a111
--- /dev/null
+++ b/tools/src/test/resources/1.6/valid-tags-1.6.textproto
@@ -0,0 +1,14 @@
+spec_version: "1.6"
+version: 1
+serial_number: "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79"
+components {
+ type: CLASSIFICATION_LIBRARY
+ name: "my-json-parser"
+ version: "1.0"
+ tags: [ "json-parser", "javascript", "node.js" ]
+}
+services {
+ name: "my service"
+ endpoints: [ "https://example.com/myservice" ]
+ tags: [ "microservice", "golang", "aws", "us-east-1" ]
+}
diff --git a/tools/src/test/resources/1.6/valid-tags-1.6.xml b/tools/src/test/resources/1.6/valid-tags-1.6.xml
new file mode 100644
index 00000000..49497a1c
--- /dev/null
+++ b/tools/src/test/resources/1.6/valid-tags-1.6.xml
@@ -0,0 +1,28 @@
+
+
+
+
+ my-json-parser
+ 1.0
+
+ json-parser
+ javascript
+ node.js
+
+
+
+
+
+ my service
+
+ https://example.com/myservice
+
+
+ microservice
+ golang
+ aws
+ us-east-1
+
+
+
+