CycloneDX
Add JSON Schema to Schemastore
Add CycloneDX v1.2 and v1.3 to https://www.schemastore.org/ once v1.3 has been published.
I was going to knock this off @stevespringett
Noticed you started preparing this in a fork. Any reason we aren't opting to just reference the self hosted schemas on cyclonedx.org?
use the self-hosted schemas if you want. I was doing it at a time when lots of other activity was happening in that repo - so I was constantly running into merge conflicts. It was a serious PITA with the whole manual approval for PRs that Github introduced when there's a lot of activity in modifying a single file.
The JSON schemastore is for “assigning” well-known files to a JSON schema. Even though we have recognized-file-patterns for CDX, I think it is a stupid idea to go with the schema store because it does not allow multiple schema for the same file, nor does it have any versioning... We should not add our hosted schemas to the schemastore.
We do actually host our schema under the URL that is used as the schema-ID.
If BOM-generators could simply add the appropriate $schema to the document, all was good.
{
"$schema": "http://cyclonedx.org/schema/bom-1.3.schema.json",
"bomFormat": "CycloneDX",
"specVersion": "1.3",
"serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79",
"version": 1,
"components": [
{
"type": "library",
"name": "acme-library",
"version": "1.0.0"
}
]
}
see also:
- https://github.com/CycloneDX/specification/issues/254
- https://github.com/CycloneDX/cyclonedx.org/issues/70
@CycloneDX/core-team as discussed in today's CoreWorkingGroup meeting, I will close task as "not planned" for the agreed reasons of https://github.com/CycloneDX/specification/issues/60#issuecomment-1630484193