Proto commits in CycloneDX/specification

These commits are when the Protocol Buffers files have changed: (only the last 100 relevant commits are shown)

2025-05-02

Updated comments Signed-off-by: Steve Springett <steve@springett.us>

Ported to protobuf and added test case Signed-off-by: Steve Springett <steve@springett.us>

2025-05-01

Added external ref for citation Signed-off-by: Steve Springett <steve@springett.us>

corrected pointer repeating Signed-off-by: Steve Springett <steve@springett.us>

Added citation support and test cases. Signed-off-by: Steve Springett <steve@springett.us>

2025-04-14

feat: license acknowledge should beunique Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com>

2025-04-03

feat: support for external components with version-ranges (#586) As discussed in ticket #321, this PR adds the following abilities: - mark components as **external** > Determine whether this component is external. > An external component is one that is not part of an assembly, but is expected to be provided by the environment, regardless of the component's `@scope`. This setting can be useful for distinguishing which components are bundled with the product and which can be relied upon to be present in the deployment environment. > This may be set to `true` for runtime components only. For `/metadata/component`, it must be set to `false`. - external components may have **version-ranges** instead of a specific version > For an external component, this specifies the accepted version range. > The value must adhere to the Package URL Version Range syntax (vers), as defined at <https://github.com/package-url/purl-spec/blob/master/VERSION-RANGE-SPEC.rst>. > May only be used if `.isExternal` is set to `true`. > Must be used exclusively, either 'version' or 'versionRange', but not both. fixes #321 ---- > [!NOTE] > this one supersedes #326 <-- read there for more background and previous discussions implementing with `components`, because the objects referenced/required are actually used at runtime and therefore are considered a "component". Sketch/proposal for #321 - [x] sketch JSON schema - properties and assert - test cases - [x] sketch XML schema - elements & attributes. no asserts - this would require XSD1.1 which is not broadly implemented, yet. - test cases - [x] sketch ProtoBuff schema - fields - test cases ---- > [!NOTE] > ALL FEEDBACK IS WELCOME! Yes, everything. > but some might not be resolved in this very PR, but in the authoritative guides. See https://github.com/CycloneDX/specification/pull/586#issuecomment-2639335084

2025-02-27

feat: license expression licensing and properties Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com>

feat: license url Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com>

docs Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com>

docs Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com>

licenseexpression details bom-ref Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com>

refactor: rename and docs Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com>

2025-02-26

style Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com>

docs Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com>

docs: SPDX expression examplefor `LicenseRef-` Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com>

2025-02-25

docs Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com>

docs Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com>

struct proto Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com>

docs: proto Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com>

2025-02-24

ework license expression lext attachments and add shema Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com>

rework license expression lext attachments and add shema Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com>

2025-02-08

component's version and versionRange exclusively Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com>

rename `isExtranous `-> `isExternal` + wording Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com>

spec: isExtraneous only for runtime-components Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com>

2025-02-06

Merge branch '1.7-dev' into add-streebog-hashalg

Merge branch '1.7-dev' into feat/licenses-multi-mix-all

wip Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com>

wip Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com>

wip Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com>

2025-02-03

forward-port #581 Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com>

Merge remote-tracking branch 'origin/master' into 1.7-dev

2025-01-22

feat: licenses allow mix of multiple SPDX expressions AND/OR multiple named/spdx licenses Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com>

2025-01-20

fix: version range spec url Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com>

The documentation is generated from this commit.

2024-11-07

carry over from master: XML,JSON,PB Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com>

Merge branch 'master' into 1.7-dev

chore: prep v1.6.1 (#535) final change of milestone 1.6.1 -- see https://github.com/CycloneDX/specification/milestone/11 --------- Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com>

docs: transfer specdocs to ProtoBuf 1.6 (#539) fixes #538 texts were taken from the human-readable Spec CycloneDX 1.6.0 --------- Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com>

fix(ProtoBuf): add `LicenseExpression.bom_ref` (#529) fixes #515 Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com>

fix(ProtoBuf): `Component.evidence` optional (#534) fixes #422 by reverting the unreleased https://github.com/CycloneDX/specification/commit/19a153072690dfb2e8475ea3fa2e09a657d0cef6 & https://github.com/CycloneDX/specification/commit/acc5f3a003f26a6f165d83e5f4f7706546ccc055 as discussed here: https://github.com/CycloneDX/specification/issues/422#issuecomment-2454961082 Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com>

fix(ProtoBuf,XML): component data repeatable (#530) fixes <https://github.com/CycloneDX/specification/issues/518> --------- Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> Signed-off-by: Jan Kowalleck <jan.kowalleck@owasp.org> Co-authored-by: andreas-hilti <69210561+andreas-hilti@users.noreply.github.com>

fix(ProtoBuf): add ExternalReterence Type `EXTERNAL_REFERENCE_TYPE_RELEASE_NOTES` (#531) fixes #266 --------- Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com>

2024-09-26

Add "HASH_ALG_" prefix to algorithm name Signed-off-by: Dmitry Volk <volk.dmitry@gmail.com>

Added support for STREEBOG-256 and STREEBOG-512 hashing algorithms (#485) Signed-off-by: Dmitry Volk <volk.dmitry@gmail.com>

2024-09-04

carry over of latest master Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com>

Merge branch 'master' into 1.7-dev

carry over of latest master Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com>

Merge branch 'master' into 1.7-dev

fix(ProtoBuff): component evidence should be optional, istead of repeated (#517) non-breaking fix of #422 in contrast to #425 Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com>

fix: revert PR #425 (#516) This PR reverts previously wrong merge of PR #425 (which introduced unexpected breaking-changes) See https://github.com/CycloneDX/specification/pull/425#issuecomment-2322860569 reopen https://github.com/CycloneDX/specification/issues/422 Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com>

2024-09-02

Merge branch 'master' into 1.7-dev

2024-08-31

1.6 ecma -- docs carry over (#512) carry over the JSON docs from #478 to XML and PR --------- Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com>

creating 1.7 from 1.6. Updating doc generation and templates.

fix: ProtoBuf evidence not repeated, but optional (#425) fixes #422 and yes, fixing this bug is actually considered a breaking change in terms of ProtoBuf

fix: add missing cryptoRef to `cryptoProperties.protocolPropertiesfor` XML/PB (#502) fixes #498

2024-08-13

fix: add missing cryptoRef to `cryptoProperties.protocolPropertiesfor` XML/PB Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com>

2024-06-07

Merge branch 'master' into 1.6-ecma

2024-05-24

TC54 feedback: Clarified content type description Signed-off-by: Steve Springett <steve@springett.us>

TC54 feedback: Clarified content type description Signed-off-by: Steve Springett <steve@springett.us>

docs: annotate protobuf licenses see https://github.com/CycloneDX/specification/issues/465 Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com>

2024-04-10

fix: ProtoBuf evidence not repeated, but optional Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com>

2024-04-06

Correcting optional state for crypto assetType Signed-off-by: Steve Springett <steve@springett.us>

2024-03-29

Add support for OmniBOR and Software Heritage persistent IDs (#414) Closes #413 - [x] modify JSON schema - [x] modify XML schema - [x] modify protobuf schema - [x] add examples & test resources

Changed omnibor to omniborId Signed-off-by: Steve Springett <steve@springett.us>

Changed to array. Updated examples Signed-off-by: Steve Springett <steve@springett.us>

Propose new environmental consideration information for ML models (#395) The fact that datasets used to train AI models are increasingly large and take an enormous amount of energy (and indirectly produce large CO2 emissions) to develop, train and run has come to the forefront. This PR contains proposed additions to the "modelCard" type to account for these considerations when selecting/utilizing a model. - Adds `ModelCardConsiderations.environmentalConsiderations` this fixes https://github.com/CycloneDX/specification/issues/396 - Adds `OrganizationalEntity.address` ---- TODO - [x] modify JSON schema - [x] modify XML schema - [x] modify protobuf schema - [x] add examples & test resources

2024-03-28

Added support for license acknowledgements (#408) Closes #407 - [x] modify JSON schema - [x] modify XML schema - [x] modify protobuf schema - [x] add examples & test resources

Added support for concluded value. Updated test cases. (#412) Closes #411 - [x] modify JSON schema - [x] modify XML schema - [x] modify protobuf schema - [x] add examples & test resources

2024-03-27

Merge remote-tracking branch 'origin/energy_mod2' into energy-fix-examples

fix examples Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com>

2024-03-26

add description back in Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com>

foo Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com>

Add ExternalReferences and Properties where they are needed for extension Signed-off-by: Matt Rutkowski <mrutkows@us.ibm.com>

Added descriptions for ML learning types Signed-off-by: Steve Springett <steve@springett.us>

2024-03-25

Correct double type defn. for energyConsumption Signed-off-by: Matt Rutkowski <mrutkows@us.ibm.com>

Adjust energy source types and add enum. definitions for values Signed-off-by: Matt Rutkowski <mrutkows@us.ibm.com>

Adjust energy source types and add enum. definitions for values Signed-off-by: Matt Rutkowski <mrutkows@us.ibm.com>

Adjust energy source types and add enum. definitions for values Signed-off-by: Matt Rutkowski <mrutkows@us.ibm.com>

Use the best practice of using an unspecified value of 0 for enums Signed-off-by: Matt Rutkowski <mrutkows@us.ibm.com>

Use the best practice of using an unspecified value of 0 for enums Signed-off-by: Matt Rutkowski <mrutkows@us.ibm.com>

2024-03-24

Add support for OmniBOR and Software Heritage persistent IDs Signed-off-by: Steve Springett <steve@springett.us>

Added support for concluded value. Updated test cases. Signed-off-by: Steve Springett <steve@springett.us>

2024-03-23

Updated comment Signed-off-by: Steve Springett <steve@springett.us>

2024-03-22

Fixed unit tests Signed-off-by: Steve Springett <steve@springett.us>

Added support for license acknowledgements Signed-off-by: Steve Springett <steve@springett.us>

Fix typo in CO2_MEASURE_UNIT_TYPE_TONNES_CO2_EQUIVALENT enum defn. Signed-off-by: Matt Rutkowski <mrutkows@us.ibm.com>

Fix typo in EnergySourceType Signed-off-by: Matt Rutkowski <mrutkows@us.ibm.com>

Fix zero value enums errors (i.e., should be suffixed with _UNSPECIFIED) Signed-off-by: Matt Rutkowski <mrutkows@us.ibm.com>

Fix zero value enums errors (i.e., should be suffixed with _UNSPECIFIED) Signed-off-by: Matt Rutkowski <mrutkows@us.ibm.com>

Fix zero value enums errors (i.e., should be suffixed with _UNSPECIFIED) Signed-off-by: Matt Rutkowski <mrutkows@us.ibm.com>

Fix syntaax error in EnergyProviderType Signed-off-by: Matt Rutkowski <mrutkows@us.ibm.com>

Add PostalAddressType to protobuf Signed-off-by: Matt Rutkowski <mrutkows@us.ibm.com>

Add EnergyConsumption, EnergyProvider and their ref. subtypes Signed-off-by: Matt Rutkowski <mrutkows@us.ibm.com>

Add EnergyConsumptionType to protobuf sceham Signed-off-by: Matt Rutkowski <mrutkows@us.ibm.com>

Add missing descs. to formulation related types Signed-off-by: Matt Rutkowski <mrutkows@us.ibm.com>

2024-03-18

fix: protobuf `Metadata.licenses` repeated Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com>

2024-03-14

Minor doc updates Signed-off-by: Steve Springett <steve@springett.us>

2024-03-12

Spelling and grammar checks Signed-off-by: Prabhu Subramanian <prabhu@appthreat.com>

2024-03-02

introduce QA pipeline for protobuf schemas (#385) current protobuf schema files are not perfect. this PR aims to prevent mistakes in the future, while acknowledging issues from the past. fixes #384 ---- ## status - [x] introduce protobuf QA tools and configure them to our needs - [x] baseline existing protobuf QA violations - as acknowledgement - [x] introduce the protobuf QA tools in automated pipeline - [x] introduce tools that detect and prevent breaking changes (BCD) in protobuf - [x] introduce the protobuf BCD tools in automated pipeline - [x] have our own protobuf test files checked against the schemas ## followup - [ ] add the appropriate header to `*.textproto` see https://github.com/CycloneDX/specification/issues/384#issuecomment-1959512503 - [ ] create ticket for BC: fix the proto3 schema enum value `0` -- they are intended to be fallbacks, not actual values. --------- Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com>

2024-03-01

docs: `metadata.licenses` rephrase Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com>