Skip to content

Commit

Permalink
make metadata field descibtion more clear.
Browse files Browse the repository at this point in the history 
fix CycloneDX#345 CycloneDX#273

Signed-off-by: Jan Kowalleck <[email protected]>
  • Loading branch information
@jkowalleck
jkowalleck committed Feb 6, 2024
1 parent 46ff114 commit a2b13d1
Show file tree
Hide file tree
Showing 3 changed files with 40 additions and 24 deletions.
12 changes: 6 additions & 6 deletions schema/bom-1.6.proto
View file
Original file line number Diff line number Diff line change
Expand Up @@ -436,19 +436,19 @@ enum LicensingTypeEnum {
}

message Metadata {
// The date and time (timestamp) when the document was created.
// The date and time (timestamp) when the CycloneDX document was created.
optional google.protobuf.Timestamp timestamp = 1;
// The tool(s) used in the creation of the BOM.
// The tool(s) used in the creation of the Cyclonedx document.
optional Tool tools = 2;
// The person(s) who created the BOM. Authors are common in BOMs created through manual processes. BOMs created through automated means may not have authors.
// The person(s) who created the CycloneDX document. Authors are common in documents created through manual processes. Documents created through automated means may not have authors. This may be different from the author(s) of the component that the the CycloneDX document describes.
repeated OrganizationalContact authors = 3;
// The component that the BOM describes.
optional Component component = 4;
// The organization that manufactured the component that the BOM describes.
// The organization that manufactured the CycloneDX document. This may be different from the manufacurer of the component that the the CycloneDX document describes.
optional OrganizationalEntity manufacture = 5;
// The organization that supplied the component that the BOM describes. The supplier may often be the manufacture, but may also be a distributor or repackager.
// The organization that supplied the CycloneDX document. The supplier may often be the manufacture, but may also be a distributor or repackager. This may be different from the supplier of the component that the the CycloneDX document describes.
optional OrganizationalEntity supplier = 6;
// The license information for the BOM document
// The license information for the CycloneDX document. This may be different from the license(s) of the component that the the CycloneDX document describes.
optional LicenseChoice licenses = 7;
// Specifies optional, custom, properties
repeated Property properties = 8;
Expand Down
19 changes: 10 additions & 9 deletions schema/bom-1.6.schema.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -573,7 +573,7 @@
"type": "string",
"format": "date-time",
"title": "Timestamp",
"description": "The date and time (timestamp) when the BOM was created."
"description": "The date and time (timestamp) when the CycloneDX document was created."
},
"lifecycles": {
"type": "array",
Expand Down Expand Up @@ -633,13 +633,13 @@
}
]
}
},
},
"tools": {
"oneOf": [
{
"type": "object",
"title": "Creation Tools",
"description": "The tool(s) used in the creation of the BOM.",
"description": "The tool(s) used in the creation of the CycloneDX document.",
"additionalProperties": false,
"properties": {
"components": {
Expand All @@ -661,34 +661,35 @@
{
"type": "array",
"title": "Creation Tools (legacy)",
"description": "[Deprecated] The tool(s) used in the creation of the BOM.",
"description": "[Deprecated] The tool(s) used in the creation of the CycloneDX document.",
"items": {"$ref": "#/definitions/tool"}
}
]
},
"authors" :{
"type": "array",
"title": "Authors",
"description": "The person(s) who created the BOM. Authors are common in BOMs created through manual processes. BOMs created through automated means may not have authors.",
"description": "The person(s) who created the CycloneDX document.\nAuthors are common in documents created through manual processes. Documents created through automated means may not have authors.\nThis may be different from the author(s) of the component that the the CycloneDX document describes.",
"items": {"$ref": "#/definitions/organizationalContact"}
},
"component": {
"title": "Component",
"description": "The component that the BOM describes.",
"description": "The component that the the CycloneDX document describes.",
"$ref": "#/definitions/component"
},
"manufacture": {
"title": "Manufacture",
"description": "The organization that manufactured the component that the BOM describes.",
"description": "The organization that manufactured the CycloneDX document.\nThis may be different from the manufacturer of the component that the the CycloneDX document describes.",
"$ref": "#/definitions/organizationalEntity"
},
"supplier": {
"title": "Supplier",
"description": " The organization that supplied the component that the BOM describes. The supplier may often be the manufacturer, but may also be a distributor or repackager.",
"description": " The organization that supplied the CycloneDX document. The supplier may often be the manufacturer, but may also be a distributor or repackager.\nThis may be different from the supplier of the component that the the CycloneDX document describes.",
"$ref": "#/definitions/organizationalEntity"
},
"licenses": {
"title": "BOM License(s)",
"title": "Document's License(s)",
"description": "The license(s) to apply to the CycloneDX document.\nThis may be different from the license(s) of the component that the the CycloneDX document describes.",
"$ref": "#/definitions/licenseChoice"
},
"properties": {
Expand Down
33 changes: 24 additions & 9 deletions schema/bom-1.6.xsd
View file
Original file line number Diff line number Diff line change
Expand Up @@ -123,7 +123,7 @@ limitations under the License.
<xs:sequence minOccurs="0" maxOccurs="1">
<xs:element name="timestamp" type="xs:dateTime" minOccurs="0">
<xs:annotation>
<xs:documentation>The date and time (timestamp) when the BOM was created.</xs:documentation>
<xs:documentation>The date and time (timestamp) when the CycloneDX document was created.</xs:documentation>
</xs:annotation>
</xs:element>
<xs:element name="lifecycles" minOccurs="0" maxOccurs="1">
Expand Down Expand Up @@ -170,7 +170,7 @@ limitations under the License.
</xs:element>
<xs:element name="tools" minOccurs="0" maxOccurs="1">
<xs:annotation>
<xs:documentation>The tool(s) used in the creation of the BOM.</xs:documentation>
<xs:documentation>The tool(s) used in the creation of the CycloneDX document.</xs:documentation>
</xs:annotation>
<xs:complexType>
<xs:choice>
Expand Down Expand Up @@ -198,8 +198,11 @@ limitations under the License.
</xs:element>
<xs:element name="authors" minOccurs="0" maxOccurs="1">
<xs:annotation>
<xs:documentation>The person(s) who created the BOM. Authors are common in BOMs created through
manual processes. BOMs created through automated means may not have authors.</xs:documentation>
<xs:documentation>
The person(s) who created the CycloneDX document.
Authors are common in documents created through manual processes. Documents created through automated means may not have authors.
This may be different from the author(s) of the component that the the CycloneDX document describes.
</xs:documentation>
</xs:annotation>
<xs:complexType>
<xs:sequence minOccurs="0" maxOccurs="unbounded">
Expand All @@ -209,21 +212,33 @@ limitations under the License.
</xs:element>
<xs:element name="component" type="bom:component" minOccurs="0">
<xs:annotation>
<xs:documentation>The component that the BOM describes.</xs:documentation>
<xs:documentation>The component that the the CycloneDX document describes.</xs:documentation>
</xs:annotation>
</xs:element>
<xs:element name="manufacture" type="bom:organizationalEntity" minOccurs="0" maxOccurs="1">
<xs:annotation>
<xs:documentation>The organization that manufactured the component that the BOM describes.</xs:documentation>
<xs:documentation>
The organization that manufactured the CycloneDX document.
This may be different from the manufacturer of the component that the the CycloneDX document describes.
</xs:documentation>
</xs:annotation>
</xs:element>
<xs:element name="supplier" type="bom:organizationalEntity" minOccurs="0" maxOccurs="1">
<xs:annotation>
<xs:documentation>The organization that supplied the component that the BOM describes. The
supplier may often be the manufacturer, but may also be a distributor or repackager.</xs:documentation>
<xs:documentation>
The organization that supplied the CycloneDX document. The supplier may often be the manufacturer, but may also be a distributor or repackager.
This may be different from the supplier of the component that the the CycloneDX document describes.
</xs:documentation>
</xs:annotation>
</xs:element>
<xs:element name="licenses" type="bom:licenseChoiceType" minOccurs="0" maxOccurs="1">
<xs:annotation>
<xs:documentation>
The license(s) to applies to the CycloneDX document.
This may be different from the license(s) of the component that the the CycloneDX document describes.
</xs:documentation>
</xs:annotation>
</xs:element>
<xs:element name="licenses" type="bom:licenseChoiceType" minOccurs="0" maxOccurs="1"/>
<xs:element name="properties" type="bom:propertiesType" minOccurs="0" maxOccurs="1">
<xs:annotation>
<xs:documentation>Provides the ability to document properties in a name/value store.
Expand Down

0 comments on commit a2b13d1

Please sign in to comment.