specification icon indicating copy to clipboard operation
specification copied to clipboard
Published 1 month ago verified publisher icon CycloneDX

Should cryptoProperties only be specified for components of type cryptographic-asset?

Open stevespringett opened this issue 1 year ago • 0 comments

Discussed in https://github.com/CycloneDX/specification/discussions/520

Originally posted by andreas-hilti September 11, 2024 ModelCard https://cyclonedx.org/docs/1.6/json/#components_items_modelCard has the following restriction:

This object SHOULD be specified for any component of type machine-learning-model and MUST NOT be specified for other component types.

Similarly, data https://cyclonedx.org/docs/1.6/json/#components_items_data has the restriction:

This object SHOULD be specified for any component of type data and MUST NOT be specified for other component types.

This makes me wonder whether the CryptoProperties: https://cyclonedx.org/docs/1.6/json/#components_items_cryptoProperties should have a similar restriction? Should they be specified only for components of type cryptographic-asset? The description kind of implies it, however, it is not explicitly specified.

stevespringett avatar Sep 11 '24 22:09 stevespringett