v1.7 #511
Open
v1.7 #511
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Signed-off-by: Jan Kowalleck <[email protected]>
Signed-off-by: Jan Kowalleck <[email protected]>
) Signed-off-by: Dmitry Volk <[email protected]>
Signed-off-by: Dmitry Volk <[email protected]>
…but a name. Signed-off-by: Dmitry Volk <[email protected]>
Signed-off-by: Jan Kowalleck <[email protected]>
Signed-off-by: Jan Kowalleck <[email protected]>
Signed-off-by: Jan Kowalleck <[email protected]>
Signed-off-by: Jan Kowalleck <[email protected]>
Signed-off-by: Jan Kowalleck <[email protected]>
Signed-off-by: Jan Kowalleck <[email protected]>
Signed-off-by: Jan Kowalleck <[email protected]>
1. enabled test runner for schema 1.7 1. copied all test cases from 1.6 to 1.7 1. renamed the files from `*.1.6.*` to `*.1.7.*` 1. migrated the test cases from schema 1.6 to schema 1.7 see the diff/delta of each individual commit for details java tests are expected to fail, as long as #256 is not done
… named/spdx licenses Signed-off-by: Jan Kowalleck <[email protected]>
Signed-off-by: Jan Kowalleck <[email protected]>
Signed-off-by: Jan Kowalleck <[email protected]>
## Changed - Formulations may be used to describe how any referencable object within the BOM came together, including components, services, metadata, declarations, or the BOM itself. Before, it was restricted to components and services. ## Added - Citations - describe how certain information in the BOM came together, or were sourced from, or are asserted. ----- TODO/DONE - [x] JSON schema modified - [x] XML schema modified - [x] ProtoBuf schema modified - [x] JSON examples/test data crafted - [x] XML examples/test data crafted - [x] ProtoBuf examples/test data crafted
…ition of one. Each JOSE component (tokens, algorithms, etc) can be represented as individual components within the CBOM. Signed-off-by: Steve Springett <[email protected]>
…ition of one. Each JOSE component (tokens, algorithms, etc) can be represented as individual components within the CBOM. Signed-off-by: Steve Springett <[email protected]>
Signed-off-by: Steve Springett <[email protected]>
Signed-off-by: Basil Hess <[email protected]>
Signed-off-by: Jan Kowalleck <[email protected]>
Signed-off-by: Jan Kowalleck <[email protected]>
Signed-off-by: Jan Kowalleck <[email protected]>
Signed-off-by: Jan Kowalleck <[email protected]>
Signed-off-by: Jan Kowalleck <[email protected]>
Co-authored-by: Jan Kowalleck <[email protected]> Signed-off-by: Steve Springett <[email protected]>
Co-authored-by: Jan Kowalleck <[email protected]> Signed-off-by: Steve Springett <[email protected]>
Co-authored-by: Jan Kowalleck <[email protected]> Signed-off-by: Steve Springett <[email protected]>
Refactored `metadata.distribution` to be more verbose in its name, and made it more versatile by converting it to an "object" with "TLP" as a property. caused by #603 (comment)
removed the word "optional" whenever possible, as the schemas clearly tell when something is optional or required. as agreed in #616 (comment) and #649 (comment) - fixes #616 - fixes #649
Iteration over the crypto definitions, extending the list with more algorithms. No changes to the schema. <!-- Thank you for taking the time to develop and contribute a core enhancement or fix for a defect! We kindly request that you create pull requests only for things that have been discussed in a ticket first; exceptions may be made for spelling or grammar fixes. Read more about the process here: https://cyclonedx.org/participate/standardization-process/#working-model Please have the related ticket/issue ID ready. If there is none, feel free to create a new ticket: https://github.com/CycloneDX/specification/issues/new/choose --> <!-- Please provide a brief description of what this pull request intends to do and which ticket it fixes/closes. Example: > As discussed in ticket #485, this PR adds Streebog to the hash algorithm enum. > > fixes #485 In case this is for a spelling or grammar improvement, please provide a brief description. Example: > Fixe typo: color(AE) -> colour(BE) -->
Signed-off-by: Jan Kowalleck <[email protected]>
Signed-off-by: Jan Kowalleck <[email protected]>
… for ProtoBuf (#677) removed breaking changes in Protocol Buffer schema regarding CBOM changes caused by #657 (comment)
Signed-off-by: Jan Kowalleck <[email protected]>
The cryptography working group has received feedback from real-world usage and have made enhancements to the CBOM specificaiton: - enum `CryptoProperties.AlgorithmProperties.CryptoPrimitive` got a new case "key-wrap". - added field `CryptoProperties.AlgorithmProperties.algorithmFamily` - added field `CryptoProperties.AlgorithmProperties.ellipticCurve` - deprecated field `CryptoProperties.AlgorithmProperties.curve` - added field `CryptoProperties.CertificateProperties.serialNumber` - added field `CryptoProperties.CertificateProperties.certificateFileExtension` - deprecated field `CryptoProperties.CertificateProperties.certificateExtension` - deprecated field `CryptoProperties.CertificateProperties.signatureAlgorithmRef` - deprecated field `CryptoProperties.CertificateProperties.subjectPublicKeyRef` - added field `CryptoProperties.CertificateProperties.fingerprint` - added field `CryptoProperties.CertificateProperties.certificateState` - added field `CryptoProperties.CertificateProperties.creationDate` - added field `CryptoProperties.CertificateProperties.activationDate` - added field `CryptoProperties.CertificateProperties.deactivationDate` - added field `CryptoProperties.CertificateProperties.revocationDate` - added field `CryptoProperties.CertificateProperties.destructionDate` - added field `CryptoProperties.CertificateProperties.certificateExtensions` - added field `CryptoProperties.CertificateProperties.relatedCryptographicAssets` - deprecated field `CryptoProperties.RelatedCryptoMaterialProperties.algorithmRef` - added field `CryptoProperties.RelatedCryptoMaterialProperties.fingerprint` - added field `CryptoProperties.RelatedCryptoMaterialProperties.relatedCryptographicAssets` - enum `CryptoProperties.ProtocolProperties.CryptoProtocolType` got new cases: `DTLS`, `QUIC`, `AKA`, `AKA_PRIME`, `PRINS` , `5G_AKA` - added field `CryptoProperties.ProtocolProperties.CryptoProtocolCipherSuite.tlsGroups` - added field `CryptoProperties.ProtocolProperties.CryptoProtocolCipherSuite.tlsSignatureSchemes` - deprecated ikev2Trans information as strings (BOM-links) - added capabilities to capture ikev2Trans information in detailed form - added field `CryptoProperties.CertificateProperties.relatedCryptographicAssets` ---- Closes #569 ----- RFC notice sent 2025-07-26 This RFC will be open for 4 weeks. At the end of the RFC period the CycloneDX community will vote, by lazy consensus, to accept or reject the proposal. RFC period end: 2025-08-23 ---- TODO/DONE - [x] add examples for XML - [x] add examples for JSON - [x] add examples for ProtoBuf - [x] implement for XML - [x] implement for JSON - [x] implement for ProtoBuf
Signed-off-by: Jan Kowalleck <[email protected]>
Signed-off-by: Jan Kowalleck <[email protected]>
Signed-off-by: Jan Kowalleck <[email protected]>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Fixed
ComponentDatasub-elements (#600 via #601)Deprecated
Use the newly added structures and fields for detailing the information instead.
Changed
From now on, formulations may be used to describe how any referencable object within the BOM came together, including components, services, metadata, declarations, or the BOM itself.
Before, it was restricted to components and services.
Added
Documentation
Test data
ComponentType"runtime" #233bom-refrequired or optional? #649