specification
specification copied to clipboard
CycloneDX
OWASP CycloneDX is a full-stack Bill of Materials (BOM) standard that provides advanced supply chain capabilities for cyber risk reduction. SBOM, SaaSBOM, HBOM, AI/ML-BOM, CBOM, OBOM, MBOM, VDR, and V...
## current state CycloneDX allows describing components, and the dependency graph. Each component can have exactly one version, no version range. Components can be connected in a dependency graph. ##...
Sketch/proposal for #321 implementing with `components`, because the objects referenced/required are actually used at runtime and therefore are considered a "component". - [x] sketch JSON schema - properties and assert...
Hi, There is already an ecosystem of tools that are starting to break due to "breaking changes"; Take for exmple the Tools section. Syft produces the 1.5-introduced object: "metadata": {...
I find the interaction between the `serialNumber` and `version` of a BOM very unclear. The definition in CycloneDX 1.5 says (highlighting mine): - `serialNumber` > Every BOM generated SHOULD have...
@mrutkows emphasized to revisit the inputs and outputs. ❗ they should be key value pairs, instead of strings. - input and output should be Key-Value-pairs instead. key should be string,...
Component.licenses has this text "EITHER (list of SPDX licenses and/or named licenses) OR (tuple of one SPDX License Expression)" It is not made clear what a list of licenses means....
**Proposal** Add a "model type" field to the model card block that allows uses to input common 'types' of distinguishing models, such as "text-generation", "image-to-text", etc. These are standard on...
documentation for `machineLearningApproachType` is insufficient/missing XML schema: all cases have the documentation text "TODO" https://github.com/CycloneDX/specification/blame/299209abd9531d808e0cc4235e77a7c4b1b53d96/schema/bom-1.5.xsd#L3022-L3050 JSON schema: has no case documentation at all https://github.com/CycloneDX/specification/blob/299209abd9531d808e0cc4235e77a7c4b1b53d96/schema/bom-1.5.schema.json#L2457-L2468
- add `$schema` to json test resources - fix strict `$schema` enum part of #254 blocked by #256 supersedes #138
Current implementation of java tests run against a snapshot of the schema files, shipped with `org.cyclinedx` java package. This is undesired and error-prone, as changes to the schema files in...