diff --git a/spec/predicates/cyclonedx.md b/spec/predicates/cyclonedx.md index 550fd879..cf78ab64 100644 --- a/spec/predicates/cyclonedx.md +++ b/spec/predicates/cyclonedx.md @@ -2,7 +2,7 @@ Type URI: (tentative) https://cyclonedx.org/bom -Version: 1.0.0 +Version: 1.4 ## Purpose @@ -13,7 +13,7 @@ services, vulnerability information, and more. For a complete list of capabilities see [CycloneDX Capabilities]. ## Prerequisites -The in-toto [attestation] framework. +The in-toto [attestation] framework and a [CycloneDX BOM generation tool]. ## Model This is a predicate type that fits within the larger [Attestation] framework. @@ -30,6 +30,10 @@ The parsing rules for this predicate type are documented in the The fields that make up this predicate type are documented in the [CycloneDX Specification]. +The `predicate` contains a JSON-encoded CycloneDX BOM. +The `subject` contains whatever software artifacts are to be associated with +this CycloneDX BOM document. + ## Example ```jsonc { @@ -38,7 +42,7 @@ The fields that make up this predicate type are documented in the "subject": [{ ... }], // Predicate: - "predicateType": "https://cyclonedx.org/BOM", + "predicateType": "https://cyclonedx.org/bom/v1.4", "predicate": { "bomFormat": "CycloneDX", "specVersion": "1.4", @@ -55,12 +59,6 @@ The fields that make up this predicate type are documented in the } } ``` -The `predicate` contains a JSON-encoded CycloneDX BOM. The CycloneDX format has -a mandatory `specVersion` field, so we may choose to omit the version number -from the predicateType URI to avoid confusion. - -The `subject` contains whatever software artifacts are to be associated with -this CycloneDX BOM document. ## Changelog and Migrations Not applicable for this initial version. @@ -69,3 +67,4 @@ Not applicable for this initial version. [CycloneDX standard]: https://cyclonedx.org/specification/overview [CycloneDX Capabilities]: https://cyclonedx.org/capabilities/ [CycloneDX Specification]: https://github.com/CycloneDX/specification/tree/1.4/schema +[CycloneDX BOM generation tool]: https://cyclonedx.org/tool-center