specification
specification copied to clipboard
CycloneDX
OWASP CycloneDX is a full-stack Bill of Materials (BOM) standard that provides advanced supply chain capabilities for cyber risk reduction. SBOM, SaaSBOM, HBOM, AI/ML-BOM, CBOM, OBOM, MBOM, VDR, and V...
The 1.6 schema of a `workflow`, `task`, `workspace`, and `trigger` require a `bom-ref`, yet each `description` for a `bom-ref` says it is "an optional identifier". Is the `description` incorrect, or...
`bom-ref` is a required attribute, so we need to remove the `optional` word from the description. https://github.com/CycloneDX/specification/blob/d570ffb8956d796585b9574e57598c42ee9de770/schema/bom-1.6.schema.json#L3887 https://github.com/CycloneDX/specification/blob/d570ffb8956d796585b9574e57598c42ee9de770/schema/bom-1.6.schema.json#L3895 https://github.com/CycloneDX/specification/blob/d570ffb8956d796585b9574e57598c42ee9de770/schema/bom-1.6.schema.json#L4207 https://github.com/CycloneDX/specification/blob/d570ffb8956d796585b9574e57598c42ee9de770/schema/bom-1.6.schema.json#L4214 I think in 1.7 we can think of externalizing the...
## Allow listing of "source" type components Creating SBOMs for source collections is valuable, e.g. if you (have to) provide a source code bundle for OSS components you ship in...
## Describe the feature Since the [TEA Collection](https://github.com/CycloneDX/transparency-exchange-api/blob/main/tea-collection/tea-collection.md) provides a **versioned** and mutable set of external references related to a given CycloneDX Component (more precisely a [TEA Component](https://github.com/CycloneDX/transparency-exchange-api/blob/main/tea-component/tea-component.md)), it would...
As discussed in ticket #454, this PR adds the following abilities: - have multiple license expressions - have a mix of license expressions, SPDX license IDs, and named licenses Please...
as discussed in #619 - license acknowledgement should be be unique - license acknowledgement should be be unset when used if evidences ---- this is considered a non-breaking change, as...
TODO/DONE - [x] JSON schema modified - [x] XML schema modified - [x] ProtoBuf schema modified - [x] JSON examples/test data crafted - [x] XML examples/test data crafted - [x]...
Bumps [json-schema-for-humans](https://github.com/coveooss/json-schema-for-humans) from 1.3.4 to 1.4.1. Release notes Sourced from json-schema-for-humans's releases. v1.4.1 1.4.1 (2025-05-09) Bug Fixes Resolve bs4 deprecation warnings (#306) (ccb2a51) v1.4.0 1.4.0 (2025-05-09) Bug Fixes Markdown: Fix...
![dependabot[bot] avatar](https://avatars.githubusercontent.com/in/29110?v=4 "dependabot[bot] avatar"){kind=avatar}
## Describe the feature CycloneDX allows multiple licenses in parallel, per component/evidence/etc. Currently, it is possible to have multiple "declared" licenses. Currently, it is possible to have multiple "concluded" licenses....