doc: added page to docs to call out which parts of the specification …

…this library supports Signed-off-by: Paul Horton <[email protected]>
CycloneDX · Feb 2, 2022 · 41a4be0 · 41a4be0
1 parent 6c280e7
commit 41a4be0
Show file tree

Hide file tree

Showing 2 changed files with 38 additions and 0 deletions.
diff --git a/docs/architecture.rst b/docs/architecture.rst
@@ -20,6 +20,7 @@ When wishing to generate a BOM, the process is as follows:
    :caption: Contents:
 
    modelling
+   schema-support
    outputting
 
 .. _cyclondex-python: https://pypi.org/project/cyclonedx-bom/
diff --git a/docs/schema-support.rst b/docs/schema-support.rst
@@ -0,0 +1,37 @@
+Schema Support
+==============
+
+This library has partial support for the CycloneDX specification (we continue to grow support).
+
+The following sub-sections aim to explain what support this library provides and any known gaps in support. We do this
+by calling out support for data as defined in the latest CycloneDX standard specification, regardless of whether it is
+supported in prior versions of the CycloneDX schema.
+
++----------------------------+---------------+---------------------------------------------------------------------------------------------------+
+| Data Path                  | Supported?    | Notes                                                                                             |
++============================+===============+===================================================================================================+
+| ``bom[@version]``          | Yes           |                                                                                                   |
++----------------------------+---------------+---------------------------------------------------------------------------------------------------+
+| ``bom[@serialNumber]``     | Yes           |                                                                                                   |
++----------------------------+---------------+---------------------------------------------------------------------------------------------------+
+| ``bom.metadata``           | Yes (partial) | Not supported: ``authors``, ``manufacture``, ``supplier``, ``licenses``, ``properties``.          |
++----------------------------+---------------+---------------------------------------------------------------------------------------------------+
+| ``bom.components``         | Yes           | Not supported: ``modified`` (as it is deprecated), ``signature``.                                 |
++----------------------------+---------------+---------------------------------------------------------------------------------------------------+
+| ``bom.services``           | Yes           | Not supported: ``signature``.                                                                     |
++----------------------------+---------------+---------------------------------------------------------------------------------------------------+
+| ``bom.externalReferences`` | Yes           |                                                                                                   |
++----------------------------+---------------+---------------------------------------------------------------------------------------------------+
+| ``bom.dependencies``       | No            |                                                                                                   |
++----------------------------+---------------+---------------------------------------------------------------------------------------------------+
+| ``bom.compositions``       | No            |                                                                                                   |
++----------------------------+---------------+---------------------------------------------------------------------------------------------------+
+| ``bom.properties``         | No            | See `schema specification bug 130`_                                                               |
++----------------------------+---------------+---------------------------------------------------------------------------------------------------+
+| ``bom.vulnerabilities``    | Yes           | Note: Prior to CycloneDX 1.4, these were present under ``bom.components`` via a schema extension. |
++----------------------------+---------------+---------------------------------------------------------------------------------------------------+
+| ``bom.signature``          | No            |                                                                                                   |
++----------------------------+---------------+---------------------------------------------------------------------------------------------------+
+
+
+.. _schema specification bug 130: https://github.com/CycloneDX/specification/issues/130