Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

intro to explicitly linked elements #236

Merged
merged 11 commits into from
Jun 17, 2023
Merged

intro to explicitly linked elements #236

Show file tree
Hide file tree
Changes from 8 commits
Commits
Show all changes
11 commits
Select commit Hold shift + click to select a range
633b4cc
intro to explicitely linked elements
jkowalleck Jun 4, 2023
eb82334
docs
jkowalleck Jun 4, 2023
242730c
bomLinks based on `anyURI`
jkowalleck Jun 5, 2023
626dbbc
json types
jkowalleck Jun 5, 2023
e762bca
typo
jkowalleck Jun 5, 2023
4442724
json schema
jkowalleck Jun 5, 2023
f71582d
tests
jkowalleck Jun 5, 2023
145d4ad
make `bom.version` a positive integer, was integer
jkowalleck Jun 5, 2023
4965ffc
streamlined `bomLink` regex
jkowalleck Jun 5, 2023
cdcd201
Merge branch 'v1.5-dev' into v1.5-explicit-bomlink
jkowalleck Jun 10, 2023
b3719fd
Merge branch 'v1.5-dev' into v1.5-explicit-bomlink
jkowalleck Jun 14, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
77 changes: 61 additions & 16 deletions schema/bom-1.5.schema.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -42,6 +42,7 @@
"type": "integer",
"title": "BOM Version",
"description": "Whenever an existing BOM is modified, either manually or through automated processes, the version of the BOM SHOULD be incremented by 1. When a system is presented with multiple BOMs with identical serial numbers, the system SHOULD use the most recent version of the BOM. The default version is '1'.",
"minimum": 1,
jkowalleck marked this conversation as resolved.
Show resolved Hide resolved
"default": 1,
"examples": [1]
},
Expand Down Expand Up @@ -114,20 +115,28 @@
},
"definitions": {
"refType": {
"$comment": "Identifier-DataType for interlinked elements.",
"type": "string"
"description": "Identifier for referable and therefore interlink-able elements.",
"type": "string",
"minLength": 1,
"$comment": "value SHOULD not start with the BOM-Link intro 'urn:cdx:'"
},
"refLinkType": {
"description": "Descriptor for an element identified by the attribute 'bom-ref' in the same BOM document.\nIn contrast to `bomLinkElementType`.",
"allOf": [{"$ref": "#/definitions/refType"}]
},
"bomLinkDocumentType": {
"title": "BOM-Link document",
"description": "Descriptor for another BOM document. See https://cyclonedx.org/capabilities/bomlink/",
"type": "string",
"format": "iri-reference",
"pattern": "^urn:cdx:[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}/[1-9][0-9]*$",
"$comment": "part of the pattern is based on `bom.serialNumber`'s pattern"
},
"bomLinkElementType": {
"title": "BOM-Link element",
"description": "Descriptor for an element in another BOM document. See https://cyclonedx.org/capabilities/bomlink/",
"type": "string",
"format": "iri-reference",
"pattern": "^urn:cdx:[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}/[1-9][0-9]*#.+$",
"$comment": "part of the pattern is based on `bom.serialNumber`'s pattern"
},
Expand Down Expand Up @@ -1109,10 +1118,17 @@
"additionalProperties": false,
"properties": {
"url": {
"type": "string",
"anyOf": [
{
"type": "string",
"format": "iri-reference"
},
{
"$ref": "#/definitions/bomLink"
}
],
"title": "URL",
"description": "The URI (URL or URN) to the external reference. External references are URIs and therefore can accept any URL scheme including https ([RFC-7230](https://www.ietf.org/rfc/rfc7230.txt)), mailto ([RFC-2368](https://www.ietf.org/rfc/rfc2368.txt)), tel ([RFC-3966](https://www.ietf.org/rfc/rfc3966.txt)), and dns ([RFC-4501](https://www.ietf.org/rfc/rfc4501.txt)). External references may also include formally registered URNs such as [CycloneDX BOM-Link](https://cyclonedx.org/capabilities/bomlink/) to reference CycloneDX BOMs or any object within a BOM. BOM-Link transforms applicable external references into relationships that can be expressed in a BOM or across BOMs.",
"format": "iri-reference"
"description": "The URI (URL or URN) to the external reference. External references are URIs and therefore can accept any URL scheme including https ([RFC-7230](https://www.ietf.org/rfc/rfc7230.txt)), mailto ([RFC-2368](https://www.ietf.org/rfc/rfc2368.txt)), tel ([RFC-3966](https://www.ietf.org/rfc/rfc3966.txt)), and dns ([RFC-4501](https://www.ietf.org/rfc/rfc4501.txt)). External references may also include formally registered URNs such as [CycloneDX BOM-Link](https://cyclonedx.org/capabilities/bomlink/) to reference CycloneDX BOMs or any object within a BOM. BOM-Link transforms applicable external references into relationships that can be expressed in a BOM or across BOMs."
},
"comment": {
"type": "string",
Expand Down Expand Up @@ -1178,15 +1194,15 @@
"additionalProperties": false,
"properties": {
"ref": {
"$ref": "#/definitions/refType",
"$ref": "#/definitions/refLinkType",
"title": "Reference",
"description": "References a component by the components bom-ref attribute"
},
"dependsOn": {
"type": "array",
"uniqueItems": true,
"items": {
"$ref": "#/definitions/refType"
"$ref": "#/definitions/refLinkType"
},
"title": "Depends On",
"description": "The bom-ref identifiers of the components that are dependencies of this dependency object."
Expand Down Expand Up @@ -1341,17 +1357,31 @@
"source": {
"type": "array",
"items": {
"type": "string",
"format": "iri-reference"
"anyOf": [
{
"type": "string",
"format": "iri-reference"
},
{
"$ref": "#/definitions/bomLinkElementType"
}
]
},
"title": "Source",
"description": "The URI, URL, or BOM-Link of the components or services the data came in from"
},
"destination": {
"type": "array",
"items": {
"type": "string",
"format": "iri-reference"
"anyOf": [
{
"type": "string",
"format": "iri-reference"
},
{
"$ref": "#/definitions/bomLinkElementType"
}
]
},
"title": "Destination",
"description": "The URI, URL, or BOM-Link of the components or services the data is sent to"
Expand Down Expand Up @@ -1459,7 +1489,10 @@
"type": "array",
"uniqueItems": true,
"items": {
"$ref": "#/definitions/refType"
"anyOf": [
{"$ref": "#/definitions/refLinkType"},
{"$ref": "#/definitions/bomLinkElementType"}
]
},
"title": "BOM References",
"description": "The object in the BOM identified by its bom-ref. This is often a component or service, but may be any object type supporting bom-refs. Tools used for analysis should already be defined in the BOM, either in the metadata/tools, components, or formulation."
Expand Down Expand Up @@ -1579,7 +1612,10 @@
"type": "array",
"uniqueItems": true,
"items": {
"$ref": "#/definitions/refType"
"anyOf": [
{"$ref": "#/definitions/refLinkType"},
{"$ref": "#/definitions/bomLinkElementType"}
]
},
"title": "BOM references",
"description": "The bom-ref identifiers of the components or services being described. Assemblies refer to nested relationships whereby a constituent part may include other constituent parts. References do not cascade to child parts. References are explicit for the specified constituent part only."
Expand Down Expand Up @@ -2159,7 +2195,10 @@
"additionalProperties": false,
"properties": {
"ref": {
"$ref": "#/definitions/refType",
"anyOf": [
{"$ref": "#/definitions/refLinkType"},
{"$ref": "#/definitions/bomLinkElementType"}
],
"title": "Reference",
"description": "References a component or service by the objects bom-ref"
},
Expand Down Expand Up @@ -2252,7 +2291,10 @@
"type": "array",
"uniqueItems": true,
"items": {
"$ref": "#/definitions/refType"
"anyOf": [
{"$ref": "#/definitions/refLinkType"},
{"$ref": "#/definitions/bomLinkElementType"}
]
},
"title": "BOM References",
"description": "The object in the BOM identified by its bom-ref. This is often a component or service, but may be any object type supporting bom-refs."
Expand Down Expand Up @@ -2390,7 +2432,10 @@
"additionalProperties": false,
"properties": {
"ref": {
"$ref": "#/definitions/refType",
"anyOf": [
{"$ref": "#/definitions/refLinkType"},
{"$ref": "#/definitions/bomLinkElementType"}
],
"title": "Reference",
"description": "References a data component by the components bom-ref attribute"
}
Expand Down
60 changes: 46 additions & 14 deletions schema/bom-1.5.xsd
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -37,9 +37,21 @@ limitations under the License.

<xs:simpleType name="refType">
<xs:annotation>
<xs:documentation>Identifier-DataType for interlinked elements.</xs:documentation>
<xs:documentation>Identifier for referable and therefore interlink-able elements.</xs:documentation>
</xs:annotation>
<xs:restriction base="xs:string" />
<xs:restriction base="xs:string">
<xs:minLength value="1"/>
<!-- value SHOULD not start with the BOM-Link intro "urn:cdx:" -->
</xs:restriction>
</xs:simpleType>
<xs:simpleType name="refLinkType">
<xs:annotation>
<xs:documentation xml:lang="en">
Descriptor for an element identified by the attribute "bom-ref" in the same BOM document.
In contrast to `bomLinkElementType`.
</xs:documentation>
</xs:annotation>
<xs:restriction base="bom:refType"/>
</xs:simpleType>

<xs:simpleType name="bomLinkDocumentType">
Expand All @@ -49,7 +61,7 @@ limitations under the License.
See https://cyclonedx.org/capabilities/bomlink/
</xs:documentation>
</xs:annotation>
<xs:restriction base="xs:string">
<xs:restriction base="xs:anyURI">
<!-- part of the pattern is based on `bom.serialNumber`'s pattern -->
<xs:pattern value="urn:cdx:([0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12})|(\{[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}\})/[1-9][0-9]*"/>
jkowalleck marked this conversation as resolved.
Show resolved Hide resolved
</xs:restriction>
Expand All @@ -61,7 +73,7 @@ limitations under the License.
See https://cyclonedx.org/capabilities/bomlink/
</xs:documentation>
</xs:annotation>
<xs:restriction base="xs:string">
<xs:restriction base="xs:anyURI">
<!-- part of the pattern is based on `bom.serialNumber`'s pattern -->
<xs:pattern value="urn:cdx:([0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12})|(\{[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}\})/[1-9][0-9]*#.+"/>
</xs:restriction>
Expand Down Expand Up @@ -1339,7 +1351,7 @@ limitations under the License.

<xs:complexType name="externalReference">
<xs:sequence>
<xs:element name="url" type="xs:anyURI" minOccurs="1" maxOccurs="1">
<xs:element name="url" minOccurs="1" maxOccurs="1">
<xs:annotation>
<xs:documentation xml:lang="en">The URI (URL or URN) to the external reference. External references
are URIs and therefore can accept any URL scheme including https, mailto, tel, and dns.
Expand All @@ -1348,6 +1360,9 @@ limitations under the License.
references into relationships that can be expressed in a BOM or across BOMs. Refer to:
https://cyclonedx.org/capabilities/bomlink/</xs:documentation>
</xs:annotation>
<xs:simpleType>
<xs:union memberTypes="xs:anyURI bom:bomLinkType"/>
</xs:simpleType>
</xs:element>
<xs:element name="comment" type="xs:string" minOccurs="0" maxOccurs="1">
<xs:annotation>
Expand Down Expand Up @@ -1728,9 +1743,9 @@ limitations under the License.
<xs:sequence minOccurs="0" maxOccurs="unbounded">
<xs:element name="dependency" type="bom:dependencyType"/>
</xs:sequence>
<xs:attribute name="ref" type="bom:refType" use="required">
<xs:attribute name="ref" type="bom:refLinkType" use="required">
<xs:annotation>
<xs:documentation>References a component or service by the its bom-ref attribute</xs:documentation>
<xs:documentation>References a component or service by its bom-ref attribute</xs:documentation>
</xs:annotation>
</xs:attribute>
<xs:anyAttribute namespace="##other" processContents="lax">
Expand Down Expand Up @@ -1861,7 +1876,11 @@ limitations under the License.
</xs:annotation>
<xs:complexType>
<xs:sequence minOccurs="0" maxOccurs="unbounded">
<xs:element name="url" type="xs:anyURI"/>
<xs:element name="url">
<xs:simpleType>
<xs:union memberTypes="xs:anyURI bom:bomLinkElementType"/>
</xs:simpleType>
</xs:element>
</xs:sequence>
</xs:complexType>
</xs:element>
Expand All @@ -1871,7 +1890,11 @@ limitations under the License.
</xs:annotation>
<xs:complexType>
<xs:sequence minOccurs="0" maxOccurs="unbounded">
<xs:element name="url" type="xs:anyURI"/>
<xs:element name="url">
<xs:simpleType>
<xs:union memberTypes="xs:anyURI bom:bomLinkElementType"/>
</xs:simpleType>
</xs:element>
</xs:sequence>
</xs:complexType>
</xs:element>
Expand Down Expand Up @@ -2606,10 +2629,13 @@ limitations under the License.
</xs:annotation>
<xs:complexType>
<xs:choice minOccurs="0" maxOccurs="unbounded">
<xs:element name="ref" type="bom:refType" minOccurs="0" maxOccurs="1">
<xs:element name="ref" minOccurs="0" maxOccurs="1">
<xs:annotation>
<xs:documentation>References a data component by the components bom-ref attribute</xs:documentation>
</xs:annotation>
<xs:simpleType>
<xs:union memberTypes="bom:refLinkType bom:bomLinkElementType"/>
</xs:simpleType>
</xs:element>
<xs:element name="dataset" type="bom:componentDataType" minOccurs="0" maxOccurs="1" />
</xs:choice>
Expand Down Expand Up @@ -3171,10 +3197,13 @@ limitations under the License.
</xs:simpleType>

<xs:complexType name="bomReferenceType">
<xs:attribute name="ref" type="bom:refType" use="required">
<xs:attribute name="ref" use="required">
<xs:annotation>
<xs:documentation>References a component or service by the its bom-ref attribute</xs:documentation>
<xs:documentation>References a component or service by its bom-ref attribute</xs:documentation>
</xs:annotation>
<xs:simpleType>
<xs:union memberTypes="bom:refLinkType bom:bomLinkType"/>
</xs:simpleType>
</xs:attribute>
<xs:anyAttribute namespace="##other" processContents="lax">
<xs:annotation>
Expand Down Expand Up @@ -3528,10 +3557,13 @@ limitations under the License.
<xs:element name="target">
<xs:complexType>
<xs:sequence minOccurs="0" maxOccurs="1">
<xs:element name="ref" type="bom:refType" minOccurs="1" maxOccurs="1">
<xs:element name="ref" minOccurs="1" maxOccurs="1">
<xs:annotation>
<xs:documentation>References a component or service by the objects bom-ref.</xs:documentation>
</xs:annotation>
<xs:simpleType>
<xs:union memberTypes="bom:refLinkType bom:bomLinkElementType"/>
</xs:simpleType>
</xs:element>
<xs:element name="versions" minOccurs="0" maxOccurs="1">
<xs:annotation>
Expand Down Expand Up @@ -4068,7 +4100,7 @@ limitations under the License.
</xs:annotation>
</xs:any>
</xs:sequence>
<xs:attribute name="version" type="xs:integer" default="1">
<xs:attribute name="version" type="xs:positiveInteger" default="1">
jkowalleck marked this conversation as resolved.
Show resolved Hide resolved
<xs:annotation>
<xs:documentation>Whenever an existing BOM is modified, either manually or through automated
processes, the version of the BOM SHOULD be incremented by 1. When a system is presented with
Expand Down
6 changes: 6 additions & 0 deletions tools/src/test/resources/1.5/invalid-component-ref-1.5.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -15,6 +15,12 @@
"bom-ref": "123",
"name": "acme-library",
"version": "1.0.0"
},
{
"type": "library",
"bom-ref": "",
"name": "acme-library",
"version": "1.0.0"
}
]
}
6 changes: 6 additions & 0 deletions tools/src/test/resources/1.5/invalid-component-ref-1.5.xml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -6,6 +6,12 @@
<version>1.0.0</version>
<components>
<component type="library" bom-ref="123">
<!-- duplicate value in attribute `bom-ref` -->
<name>acme-library</name>
<version>1.0.0</version>
</component>
<component type="library" bom-ref="">
<!-- empty value in attribute `bom-ref` -->
<name>acme-library</name>
<version>1.0.0</version>
</component>
Expand Down
6 changes: 6 additions & 0 deletions tools/src/test/resources/1.5/invalid-dependency-1.5.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -27,6 +27,12 @@
{
"dependsOn": []
},
{
"ref": "",
"dependsOn": [
"library-a"
]
},
{
"ref": "library-b",
"dependsOn": [
Expand Down
12 changes: 10 additions & 2 deletions tools/src/test/resources/1.5/invalid-dependency-1.5.xml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -15,9 +15,17 @@
</component>
</components>
<dependencies>
<dependency />
<dependency>
<!-- invalid: missing attribute `ref` -->
</dependency>
<dependency ref="">
<!-- invalid: attribute `ref` is empty -->
<dependency ref="library-a"/>
</dependency>
<dependency ref="library-b">
<dependency ref="library-c"/>
<dependency ref="library-c">
<!-- valid -->
</dependency>
</dependency>
</dependencies>
</bom>