specification icon indicating copy to clipboard operation
specification copied to clipboard
Published 1 month ago verified publisher icon CycloneDX

[FEATURE]:Support for digital accessibility

Open prabhu opened this issue 1 year ago • 0 comments

Describe the feature

xBOM specification is currently optimized for automation and integration purposes. Despite this goal, xBOM documents are often consumed in the following ad-hoc ways:

  • Consumption via GUI tools like Dependency-Track that can present the information as tables and charts.
  • Manual handling using XML and JSON viewer tools.

To improve digital accessibility & inclusion and ensure consistency among the ecosystem, the xBOM specification could be improved to refer to alternative content (in TEXT/HTML/YAML/JSON/bom-link formats) for various attributes. An externalReference of type accessible-description could be added to aid voiceover and screen reader tools to better present in the information belonging to a particular section of an xBOM.

For instance, consider the below metadata in an SBOM.

{
  "metadata": {
    "timestamp": "2024-10-24T09:21:23Z",
    "tools": {
      "components": [
        {
          "group": "@cyclonedx",
          "name": "cdxgen",
          "version": "10.11.0",
          "purl": "pkg:npm/%40cyclonedx/[email protected]",
          "type": "application",
          "bom-ref": "pkg:npm/@cyclonedx/[email protected]",
          "publisher": "OWASP Foundation",
          "authors": [
            {
              "name": "OWASP Foundation"
            }
          ]
        }
      ]
    },
    "authors": [
      {
        "name": "OWASP Foundation"
      }
    ],
    "lifecycles": [
      {
        "phase": "build"
      }
    ],
    "externalReferences" : [
       {"url": "url:cdx:fbef273d-0bce-4931-a748-0bf547cf7575/1/accessible-metadata.txt", "type": "accessible-description", "comment": ""}
    ]
  }

The accessible alternative content for this metadata section in text format could be:

This Software Bill-of-Materials (SBOM) document was generated at 24th October, 2024 using the tool cdxgen from OWASP Foundation. The document represents the lifecycles: build.

The document has 10 components and 20 services.

xBOM tools such as cdxgen could be improved to auto-generate the accessible description and automatically link the content to reduce the generation effort.

Tools such as Dependency-Track could be enhanced to present the information from this external reference using compatible ARIA tags.

When bom-link is used instead of file urls, the accessible content could be stored under the annotations attribute.

Alternatives

There are currently no alternatives to include ARIA tags in a JSON document.

Additional context

prabhu avatar Nov 09 '24 07:11 prabhu