specification
specification copied to clipboard
CycloneDX
OWASP CycloneDX is a full-stack Bill of Materials (BOM) standard that provides advanced supply chain capabilities for cyber risk reduction. SBOM, SaaSBOM, HBOM, AI/ML-BOM, CBOM, OBOM, MBOM, VDR, and V...
This issue is to discuss the possibility for eliminating support for XML Currently, XML and JSON Schemas have some inconsistencies. Some of the inconsistencies are described in #146. There are...
Going line-by-line through the v1.5 schema and see the following use of the ``` oneOf ``` constraint (i.e., **“is valid if exactly one of the sub-schemas is valid”**)… ``` "tools":...
Have things attributes, instead of child elements, if they are simple and describe the entity/element and don't need to be contained. from things like this ```xml fsdkfjklsdf my task 2020-07-10T15:00:00Z...
Within the "vulnerabilities" a new v1.5 field "proofOfConcept` object was added with a field "reproductionSteps" which is a single string; it should be an array by implied name; however, it...
https://cyclonedx.org/docs/1.5/json/#compositions_items_aggregate We currently have `incomplete_` prefix on values. This sounds negative and could confuse the consumers that the list is incomplete. For example, the vendor might have provided a complete...
followup of https://github.com/CycloneDX/specification/pull/379 ---- Via CDX 1.6 we deprecated `metadata.manufacture` in favor of `metadata.component.manufacturer`. Therefore, the deprecated field `metadata.manufacture` shall be removed.
followup of https://github.com/CycloneDX/specification/pull/379 ---- Via CDX 1.6 we deprecated `component.author` in favor of `component.authors`. Therefore, the deprecated field `component.author` shall be removed.
The specs (incl 1.4) are unclear about whether it is mandatory or optional to use base64 encoding for license text's "content". The fact the doc for "encoding" states it "must...
Adds vulnerability evidence support. - [x] JSON Schema - [ ] XML Schema - [ ] Protobuf - [ ] Test cases Closes #333