CycloneDX
[FEATURE]: Add external reference type for support policy/lifecycle metadata
Describe the feature
While the work on CLE is progressing it would be useful to add an externalReference type to hold a link to a CLE, OpenEOX or other kind of document that describes the versioning/support policy of the project.
Possible solutions
Naming is certainly the most difficult problem, but the new type might be called support-lifecycle or simply lifecycle.
Currently there is no machine-readable format to describe EOS/EOL data, but the link could point to a human-readable page.
could you open a PR targeting the 1.7-dev branch, and propose the needed changes you have in mind?
could you open a PR targeting the
1.7-devbranch, and propose the needed changes you have in mind?
FYI: the topic is currently in stage "proposal". A working implementation/spec via pull-request would set it to "prototyp". When you are happy with your prototype, you can request to have it moved to "draft" - at this stage the community is asked to vote/comment the feature/implementation - and after 4 weeks the votes are counted and future steps might happen.
See the process description here: https://cyclonedx.org/participate/standardization-process/
similar/related scope and topics:
- https://github.com/CycloneDX/cyclonedx-property-taxonomy/issues/104
- https://github.com/CycloneDX/specification/discussions/598
- https://github.com/CycloneDX/specification/issues/400
could you open a PR targeting the
1.7-devbranch, and propose the needed changes you have in mind?
Sure, I'll send a PR by the end of the week. Can you assign me to the issue, so I don't forget?