specification
specification copied to clipboard
CycloneDX
OWASP CycloneDX is a full-stack Bill of Materials (BOM) standard that provides advanced supply chain capabilities for cyber risk reduction. SBOM, SaaSBOM, HBOM, AI/ML-BOM, CBOM, OBOM, MBOM, VDR, and V...
Currently, components can only be listed without their correlations to each other. For a lot of scenarios though, it would be better to have a structured relationship and dependency that...
Update XML schema to align with JSON schema for `dependency` type fixes #146
## Added * Core enhancement: Attestation ([#192](https://github.com/CycloneDX/specification/issues/192) via [#348](https://github.com/CycloneDX/specification/pull/348)) * Core enhancement: Cryptography Bill of Materials — CBOM ([#171](https://github.com/CycloneDX/specification/issues/171), [#291](https://github.com/CycloneDX/specification/issues/291) via [#347](https://github.com/CycloneDX/specification/pull/347)) * Enum "ExternalReferenceType" got a value `source-distribution` ([#98](https://github.com/CycloneDX/specification/issues/98)...
per proto3 schema definition, enum values of `0` are, per definition, used as "unspecified" or "fallback" values. see https://protobuf.dev/programming-guides/enum/ > ```proto3 > enum Enum { > A = 0; >...
This applies to all versions of the protobuf spec
Creating this based on Discussion on Slack: > Quick question on SBOM retrieval via API. Is the assumption that a requestor already knows the SBOM URN? Are there plans to...
When generating Python `pydantic` models from the released CycloneDX schemas using `datamodel-code-generator` with the `--use-title-as-name` flag, several model classes are created with names such as `Type` (naming collision with `typing.Type`...
This link describes the changes and use cases for editions. https://protobuf.dev/editions/overview/
The protobuf specification for bom MetaData does not appear match the XML and JSON specifications. It seems that the `licenses` field should be a `repeated`, rather than `optional`, field in...
There are issues creating libraries/tools that implement as you need to do quite a bit of additional reflection to determine which "item" datatype to use. This problem is compound where...
