Skip to content

Commit

Permalink
squash! squash! Add predicate specification for CycloneDX
Browse files Browse the repository at this point in the history
Address pull request review feedback.

Signed-off-by: Daniel Bevenius <[email protected]>
  • Loading branch information
danbev committed Mar 22, 2023
1 parent e358e30 commit 91382c3
Showing 1 changed file with 8 additions and 9 deletions.
17 changes: 8 additions & 9 deletions spec/predicates/cyclonedx.md
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@

Type URI: (tentative) https://cyclonedx.org/bom

Version: 1.0.0
Version: 1.4

## Purpose

Expand All @@ -13,7 +13,7 @@ services, vulnerability information, and more. For a complete list of
capabilities see [CycloneDX Capabilities].

## Prerequisites
The in-toto [attestation] framework.
The in-toto [attestation] framework and a [CycloneDX BOM generation tool].

## Model
This is a predicate type that fits within the larger [Attestation] framework.
Expand All @@ -30,6 +30,10 @@ The parsing rules for this predicate type are documented in the
The fields that make up this predicate type are documented in the
[CycloneDX Specification].

The `predicate` contains a JSON-encoded CycloneDX BOM.
The `subject` contains whatever software artifacts are to be associated with
this CycloneDX BOM document.

## Example
```jsonc
{
Expand All @@ -38,7 +42,7 @@ The fields that make up this predicate type are documented in the
"subject": [{ ... }],

// Predicate:
"predicateType": "https://cyclonedx.org/BOM",
"predicateType": "https://cyclonedx.org/bom/v1.4",
"predicate": {
"bomFormat": "CycloneDX",
"specVersion": "1.4",
Expand All @@ -55,12 +59,6 @@ The fields that make up this predicate type are documented in the
}
}
```
The `predicate` contains a JSON-encoded CycloneDX BOM. The CycloneDX format has
a mandatory `specVersion` field, so we may choose to omit the version number
from the predicateType URI to avoid confusion.

The `subject` contains whatever software artifacts are to be associated with
this CycloneDX BOM document.

## Changelog and Migrations
Not applicable for this initial version.
Expand All @@ -69,3 +67,4 @@ Not applicable for this initial version.
[CycloneDX standard]: https://cyclonedx.org/specification/overview
[CycloneDX Capabilities]: https://cyclonedx.org/capabilities/
[CycloneDX Specification]: https://github.com/CycloneDX/specification/tree/1.4/schema
[CycloneDX BOM generation tool]: https://cyclonedx.org/tool-center

0 comments on commit 91382c3

Please sign in to comment.