specification
specification copied to clipboard
CycloneDX
OWASP CycloneDX is a full-stack Bill of Materials (BOM) standard that provides advanced supply chain capabilities for cyber risk reduction. SBOM, SaaSBOM, HBOM, AI/ML-BOM, CBOM, OBOM, MBOM, VDR, and V...
Hello @stevespringett , looks like there is a bug in the strict schema files: the optional `bom.$schema` property was not updated, when the actual schema `$id` revision was bumped. to...
Signed-off-by: Sambhav Kothari The current usage documentation is slightly confusing. Clarify the intended values for ref.
The XML schema does not require an ID for the license property, whereas the JSON schema not only requires it but also enforces that it be one of the SPDX...
gitbom is a minimal specification to generate an artifact tree and a unique identifier for an artifact that is metadata agnostic and only depends on the artifact byte contents. If...
When reviewing and comparing: - https://cyclonedx.org/docs/1.4/xml/#element_bom - https://cyclonedx.org/docs/1.4/json ...the JSON schema is missing `bom.properties` compared to the XML version. FYI @stevespringett
It would be nice if there was room for security signposting within the application, doing so would yield a clear path to contacting a security audience should the need to...
Version 1.4: Around line 141 the schema uses "manufacture" and note "manufacturer". Was this intentional? The description would lead one to believe that it is an error.
### The problem Consider that you have big amount of services (thousands) which are processed in Dependency Track during CI/CD daily. It is not necessary that the list of components...
This is a TODO reminder for after v1.3 is released.
