specification
specification copied to clipboard
CycloneDX
OWASP CycloneDX is a full-stack Bill of Materials (BOM) standard that provides advanced supply chain capabilities for cyber risk reduction. SBOM, SaaSBOM, HBOM, AI/ML-BOM, CBOM, OBOM, MBOM, VDR, and V...
pulled JSON docs over to XML and PB
## Describe the defect There is an inconsistency in the CycloneDX 1.6 spec implementation. The spec talks about `cryptoRefArray` being part of `protocolProperties`. https://github.com/CycloneDX/specification/blob/62a669075f1897193a14060e0784e6a7576b693d/schema/bom-1.6.schema.json#L5572-L5576 The 1.6.xsd schema definition does not...
## Describe the defect In the CycloneDX Spec the _Component:Version_ element documentation states: ["The component version. The version should ideally comply with semantic versioning but is not enforced."_](https://github.com/CycloneDX/specification/blob/e12ac5181bf3e0416660252e6da5ae80df673ce1/schema/bom-1.6.xsd#L554) The type...
Bumps org.apache.commons:commons-lang3 from 3.6 to 3.16.0. [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a...
![dependabot[bot] avatar](https://avatars.githubusercontent.com/in/29110?v=4 "dependabot[bot] avatar"){kind=avatar}
The CycloneDX specification must have grammar and style checks. Ideally, checks would be performed: - On demand via GitHub Action - On PRs - fail if grammar or style violations...
## Describe the feature I want to be able to describe not just security vulnerabilities in my software but also functional vulnerabilities ie defects and have this information available for...
Bumps [org.apache.maven.plugins:maven-surefire-plugin](https://github.com/apache/maven-surefire) from 3.4.0 to 3.5.1. Release notes Sourced from org.apache.maven.plugins:maven-surefire-plugin's releases. 3.5.1 🚀 New features and improvements [SUREFIRE-2270] - Use JUnit5 in surefire-shadefire (#783) @slawekjaranowski [SUREFIRE-2266] - Execute ITs...
## Describe the feature & ## Possible solutions We are using scratch as the base image for our application images. When generating the SBOM, there is currently no ideal component...
### Discussed in https://github.com/CycloneDX/specification/discussions/520 Originally posted by **andreas-hilti** September 11, 2024 ModelCard https://cyclonedx.org/docs/1.6/json/#components_items_modelCard has the following restriction: ``` This object SHOULD be specified for any component of type machine-learning-model and...
fixes #485
