diff --git a/spec/predicates/cyclonedx.md b/spec/predicates/cyclonedx.md index 8c364765..550fd879 100644 --- a/spec/predicates/cyclonedx.md +++ b/spec/predicates/cyclonedx.md @@ -8,13 +8,29 @@ Version: 1.0.0 A Software Bill of Materials type following the [CycloneDX standard]. -This allows representing an "exportable" or "published" software artifacts, +This allows representing "exportable", or "published" software artifacts, services, vulnerability information, and more. For a complete list of -capabilities see [CycloneDX Capabilities]. It can also be used as an entry point -for other types of in-toto attestations when performing policy decisions. +capabilities see [CycloneDX Capabilities]. + +## Prerequisites +The in-toto [attestation] framework. + +## Model +This is a predicate type that fits within the larger [Attestation] framework. ## Schema +The schema of this predicate type is documented in the +[CycloneDX Specification]. + +### Parsing Rules +The parsing rules for this predicate type are documented in the +[CycloneDX Specification]. + +### Fields +The fields that make up this predicate type are documented in the +[CycloneDX Specification]. +## Example ```jsonc { // Standard attestation fields: @@ -39,10 +55,6 @@ for other types of in-toto attestations when performing policy decisions. } } ``` - -_(Note: This is a Predicate type that fits within the larger -[Attestation](../README.md) framework.)_ - The `predicate` contains a JSON-encoded CycloneDX BOM. The CycloneDX format has a mandatory `specVersion` field, so we may choose to omit the version number from the predicateType URI to avoid confusion. @@ -50,5 +62,10 @@ from the predicateType URI to avoid confusion. The `subject` contains whatever software artifacts are to be associated with this CycloneDX BOM document. +## Changelog and Migrations +Not applicable for this initial version. + +[Attestation]: ../README.md [CycloneDX standard]: https://cyclonedx.org/specification/overview [CycloneDX Capabilities]: https://cyclonedx.org/capabilities/ +[CycloneDX Specification]: https://github.com/CycloneDX/specification/tree/1.4/schema