diff --git a/schema/bom-1.6.proto b/schema/bom-1.6.proto
index 26fcc3d0..228bb262 100644
--- a/schema/bom-1.6.proto
+++ b/schema/bom-1.6.proto
@@ -4,7 +4,7 @@ import "google/protobuf/timestamp.proto";
// Specifies attributes of the text
message AttachedText {
- // Specifies the content type of the text. Defaults to 'text/plain' if not specified.
+ // Specifies the format and nature of the data being attached, helping systems correctly interpret and process the content. Common content type examples include `application/json` for JSON data and `text/plain` for plan text documents. [RFC 2045 section 5.1](https://www.ietf.org/rfc/rfc2045.html#section-5.1) outlines the structure and use of content types. For a comprehensive list of registered content types, refer to the [IANA media types registry](https://www.iana.org/assignments/media-types/media-types.xhtml).
optional string content_type = 1;
// Specifies the optional encoding the text is represented in
optional string encoding = 2;
diff --git a/schema/bom-1.6.schema.json b/schema/bom-1.6.schema.json
index c8d3d5e8..1524d18b 100644
--- a/schema/bom-1.6.schema.json
+++ b/schema/bom-1.6.schema.json
@@ -16,7 +16,7 @@
"bomFormat": {
"type": "string",
"title": "BOM Format",
- "description": "Specifies the format of the BOM. This helps to identify the file as CycloneDX since BOMs do not have a filename convention, nor does JSON schema support namespaces. This value MUST be \"CycloneDX\".",
+ "description": "Specifies the format of the BOM. This helps to identify the file as CycloneDX since BOMs do not have a filename convention, nor does JSON schema support namespaces. This value must be \"CycloneDX\".",
"enum": [
"CycloneDX"
]
@@ -30,7 +30,7 @@
"serialNumber": {
"type": "string",
"title": "BOM Serial Number",
- "description": "Every BOM generated SHOULD have a unique serial number, even if the contents of the BOM have not changed over time. If specified, the serial number MUST conform to RFC-4122. Use of serial numbers is RECOMMENDED.",
+ "description": "Every BOM generated SHOULD have a unique serial number, even if the contents of the BOM have not changed over time. If specified, the serial number must conform to [RFC 4122](https://www.ietf.org/rfc/rfc4122.html). Use of serial numbers is recommended.",
"examples": ["urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79"],
"pattern": "^urn:uuid:[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$"
},
@@ -121,7 +121,7 @@
"bom-ref": {
"$ref": "#/definitions/refType",
"title": "BOM Reference",
- "description": "An optional identifier which can be used to reference the object elsewhere in the BOM. Every bom-ref MUST be unique within the BOM."
+ "description": "An optional identifier which can be used to reference the object elsewhere in the BOM. Every bom-ref must be unique within the BOM."
},
"thirdParty": {
"type": "boolean",
@@ -250,7 +250,7 @@
"bom-ref": {
"$ref": "#/definitions/refType",
"title": "BOM Reference",
- "description": "An optional identifier which can be used to reference the object elsewhere in the BOM. Every bom-ref MUST be unique within the BOM."
+ "description": "An optional identifier which can be used to reference the object elsewhere in the BOM. Every bom-ref must be unique within the BOM."
},
"target": {
"$ref": "#/definitions/refLinkType",
@@ -311,7 +311,7 @@
"bom-ref": {
"$ref": "#/definitions/refType",
"title": "BOM Reference",
- "description": "An optional identifier which can be used to reference the object elsewhere in the BOM. Every bom-ref MUST be unique within the BOM."
+ "description": "An optional identifier which can be used to reference the object elsewhere in the BOM. Every bom-ref must be unique within the BOM."
},
"propertyName": {
"type": "string",
@@ -433,6 +433,7 @@
"affirmation": {
"type": "object",
"title": "Affirmation",
+ "description": "A concise statement affirmed by an individual regarding all declarations, often used for third-party auditor acceptance or recipient acknowledgment. It includes a list of authorized signatories who assert the validity of the document on behalf of the organization.",
"additionalProperties": false,
"properties": {
"statement": {
@@ -519,7 +520,7 @@
"properties": {
"type": "array",
"title": "Properties",
- "description": "Provides the ability to document properties in a name-value store. This provides flexibility to include data not officially supported in the standard without having to use additional namespaces or create extensions. Unlike key-value stores, properties support duplicate names, each potentially having different values. Property names of interest to the general public are encouraged to be registered in the [CycloneDX Property Taxonomy](https://github.com/CycloneDX/cyclonedx-property-taxonomy). Formal registration is OPTIONAL.",
+ "description": "Provides the ability to document properties in a name-value store. This provides flexibility to include data not officially supported in the standard without having to use additional namespaces or create extensions. Unlike key-value stores, properties support duplicate names, each potentially having different values. Property names of interest to the general public are encouraged to be registered in the [CycloneDX Property Taxonomy](https://github.com/CycloneDX/cyclonedx-property-taxonomy). Formal registration is optional.",
"items": {
"$ref": "#/definitions/property"
}
@@ -709,7 +710,7 @@
"properties": {
"type": "array",
"title": "Properties",
- "description": "Provides the ability to document properties in a name-value store. This provides flexibility to include data not officially supported in the standard without having to use additional namespaces or create extensions. Unlike key-value stores, properties support duplicate names, each potentially having different values. Property names of interest to the general public are encouraged to be registered in the [CycloneDX Property Taxonomy](https://github.com/CycloneDX/cyclonedx-property-taxonomy). Formal registration is OPTIONAL.",
+ "description": "Provides the ability to document properties in a name-value store. This provides flexibility to include data not officially supported in the standard without having to use additional namespaces or create extensions. Unlike key-value stores, properties support duplicate names, each potentially having different values. Property names of interest to the general public are encouraged to be registered in the [CycloneDX Property Taxonomy](https://github.com/CycloneDX/cyclonedx-property-taxonomy). Formal registration is optional.",
"items": {"$ref": "#/definitions/property"}
}
}
@@ -752,13 +753,12 @@
"organizationalEntity": {
"type": "object",
"title": "Organizational Entity",
- "description": "",
"additionalProperties": false,
"properties": {
"bom-ref": {
"$ref": "#/definitions/refType",
"title": "BOM Reference",
- "description": "An optional identifier which can be used to reference the object elsewhere in the BOM. Every bom-ref MUST be unique within the BOM.\nValue SHOULD not start with the BOM-Link intro 'urn:cdx:' to avoid conflicts with BOM-Links."
+ "description": "An optional identifier which can be used to reference the object elsewhere in the BOM. Every bom-ref must be unique within the BOM.\nValue SHOULD not start with the BOM-Link intro 'urn:cdx:' to avoid conflicts with BOM-Links."
},
"name": {
"type": "string",
@@ -794,13 +794,12 @@
"organizationalContact": {
"type": "object",
"title": "Organizational Contact",
- "description": "",
"additionalProperties": false,
"properties": {
"bom-ref": {
"$ref": "#/definitions/refType",
"title": "BOM Reference",
- "description": "An optional identifier which can be used to reference the object elsewhere in the BOM. Every bom-ref MUST be unique within the BOM.\nValue SHOULD not start with the BOM-Link intro 'urn:cdx:' to avoid conflicts with BOM-Links."
+ "description": "An optional identifier which can be used to reference the object elsewhere in the BOM. Every bom-ref must be unique within the BOM.\nValue SHOULD not start with the BOM-Link intro 'urn:cdx:' to avoid conflicts with BOM-Links."
},
"name": {
"type": "string",
@@ -852,7 +851,7 @@
"meta:enum": {
"application": "A software application. Refer to [https://en.wikipedia.org/wiki/Application_software](https://en.wikipedia.org/wiki/Application_software) for information about applications.",
"framework": "A software framework. Refer to [https://en.wikipedia.org/wiki/Software_framework](https://en.wikipedia.org/wiki/Software_framework) for information on how frameworks vary slightly from libraries.",
- "library": "A software library. Refer to [https://en.wikipedia.org/wiki/Library_(computing)](https://en.wikipedia.org/wiki/Library_(computing)) for information about libraries. All third-party and open source reusable components will likely be a library. If the library also has key features of a framework, then it should be classified as a framework. If not, or is unknown, then specifying library is RECOMMENDED.",
+ "library": "A software library. Refer to [https://en.wikipedia.org/wiki/Library_(computing)](https://en.wikipedia.org/wiki/Library_(computing)) for information about libraries. All third-party and open source reusable components will likely be a library. If the library also has key features of a framework, then it should be classified as a framework. If not, or is unknown, then specifying library is recommended.",
"container": "A packaging and/or runtime format, not specific to any particular technology, which isolates software inside the container from software outside of a container through virtualization technology. Refer to [https://en.wikipedia.org/wiki/OS-level_virtualization](https://en.wikipedia.org/wiki/OS-level_virtualization).",
"platform": "A runtime environment which interprets or executes software. This may include runtimes such as those that execute bytecode or low-code/no-code application platforms.",
"operating-system": "A software operating system without regard to deployment model (i.e. installed on physical hardware, virtual machine, image, etc) Refer to [https://en.wikipedia.org/wiki/Operating_system](https://en.wikipedia.org/wiki/Operating_system).",
@@ -878,7 +877,7 @@
"bom-ref": {
"$ref": "#/definitions/refType",
"title": "BOM Reference",
- "description": "An optional identifier which can be used to reference the component elsewhere in the BOM. Every bom-ref MUST be unique within the BOM.\nValue SHOULD not start with the BOM-Link intro 'urn:cdx:' to avoid conflicts with BOM-Links."
+ "description": "An optional identifier which can be used to reference the component elsewhere in the BOM. Every bom-ref must be unique within the BOM.\nValue SHOULD not start with the BOM-Link intro 'urn:cdx:' to avoid conflicts with BOM-Links."
},
"supplier": {
"title": "Component Supplier",
@@ -972,13 +971,13 @@
"purl": {
"type": "string",
"title": "Package URL (purl)",
- "description": "Asserts the identity of the component using package-url (purl). The purl, if specified, MUST be valid and conform to the specification defined at: [https://github.com/package-url/purl-spec](https://github.com/package-url/purl-spec). Refer to `@.evidence.identity` to optionally provide evidence that substantiates the assertion of the component's identity.",
+ "description": "Asserts the identity of the component using package-url (purl). The purl, if specified, must be valid and conform to the specification defined at: [https://github.com/package-url/purl-spec](https://github.com/package-url/purl-spec). Refer to `@.evidence.identity` to optionally provide evidence that substantiates the assertion of the component's identity.",
"examples": ["pkg:maven/com.acme/tomcat-catalina@9.0.14?packaging=jar"]
},
"omniborId": {
"type": "array",
"title": "OmniBOR Artifact Identifier (gitoid)",
- "description": "Asserts the identity of the component using the OmniBOR Artifact ID. The OmniBOR, if specified, MUST be valid and conform to the specification defined at: [https://www.iana.org/assignments/uri-schemes/prov/gitoid](https://www.iana.org/assignments/uri-schemes/prov/gitoid). Refer to `@.evidence.identity` to optionally provide evidence that substantiates the assertion of the component's identity.",
+ "description": "Asserts the identity of the component using the OmniBOR Artifact ID. The OmniBOR, if specified, must be valid and conform to the specification defined at: [https://www.iana.org/assignments/uri-schemes/prov/gitoid](https://www.iana.org/assignments/uri-schemes/prov/gitoid). Refer to `@.evidence.identity` to optionally provide evidence that substantiates the assertion of the component's identity.",
"items": { "type": "string" },
"examples": [
"gitoid:blob:sha1:a94a8fe5ccb19ba61c4c0873d391e987982fbbd3",
@@ -987,8 +986,8 @@
},
"swhid": {
"type": "array",
- "title": "SoftWare Heritage Identifier",
- "description": "Asserts the identity of the component using the Software Heritage persistent identifier (SWHID). The SWHID, if specified, MUST be valid and conform to the specification defined at: [https://docs.softwareheritage.org/devel/swh-model/persistent-identifiers.html](https://docs.softwareheritage.org/devel/swh-model/persistent-identifiers.html). Refer to `@.evidence.identity` to optionally provide evidence that substantiates the assertion of the component's identity.",
+ "title": "Software Heritage Identifier",
+ "description": "Asserts the identity of the component using the Software Heritage persistent identifier (SWHID). The SWHID, if specified, must be valid and conform to the specification defined at: [https://docs.softwareheritage.org/devel/swh-model/persistent-identifiers.html](https://docs.softwareheritage.org/devel/swh-model/persistent-identifiers.html). Refer to `@.evidence.identity` to optionally provide evidence that substantiates the assertion of the component's identity.",
"items": { "type": "string" },
"examples": ["swh:1:cnt:94a9ed024d3859793618152ea559a168bbcbb5e2"]
},
@@ -1076,7 +1075,7 @@
"type": "array",
"items": {"$ref": "#/definitions/componentData"},
"title": "Data",
- "description": "This object SHOULD be specified for any component of type `data` and MUST NOT be specified for other component types."
+ "description": "This object SHOULD be specified for any component of type `data` and must not be specified for other component types."
},
"cryptoProperties": {
"$ref": "#/definitions/cryptoProperties",
@@ -1085,7 +1084,7 @@
"properties": {
"type": "array",
"title": "Properties",
- "description": "Provides the ability to document properties in a name-value store. This provides flexibility to include data not officially supported in the standard without having to use additional namespaces or create extensions. Unlike key-value stores, properties support duplicate names, each potentially having different values. Property names of interest to the general public are encouraged to be registered in the [CycloneDX Property Taxonomy](https://github.com/CycloneDX/cyclonedx-property-taxonomy). Formal registration is OPTIONAL.",
+ "description": "Provides the ability to document properties in a name-value store. This provides flexibility to include data not officially supported in the standard without having to use additional namespaces or create extensions. Unlike key-value stores, properties support duplicate names, each potentially having different values. Property names of interest to the general public are encouraged to be registered in the [CycloneDX Property Taxonomy](https://github.com/CycloneDX/cyclonedx-property-taxonomy). Formal registration is optional.",
"items": {"$ref": "#/definitions/property"}
},
"tags": {
@@ -1162,8 +1161,13 @@
"contentType": {
"type": "string",
"title": "Content-Type",
- "description": "Specifies the content type of the text. Defaults to text/plain if not specified.",
- "default": "text/plain"
+ "description": "Specifies the format and nature of the data being attached, helping systems correctly interpret and process the content. Common content type examples include `application/json` for JSON data and `text/plain` for plan text documents. [RFC 2045 section 5.1](https://www.ietf.org/rfc/rfc2045.html#section-5.1) outlines the structure and use of content types. For a comprehensive list of registered content types, refer to the [IANA media types registry](https://www.iana.org/assignments/media-types/media-types.xhtml).",
+ "default": "text/plain",
+ "examples": [
+ "text/plain",
+ "application/json",
+ "image/png"
+ ]
},
"encoding": {
"type": "string",
@@ -1229,6 +1233,7 @@
"license": {
"type": "object",
"title": "License",
+ "description": "Specifies the details and attributes related to a software license. It can either include a valid SPDX license identifier or a named license, along with additional properties such as license acknowledgment, comprehensive commercial licensing information, and the full text of the license.",
"oneOf": [
{
"required": ["id"]
@@ -1242,18 +1247,18 @@
"bom-ref": {
"$ref": "#/definitions/refType",
"title": "BOM Reference",
- "description": "An optional identifier which can be used to reference the license elsewhere in the BOM. Every bom-ref MUST be unique within the BOM.\nValue SHOULD not start with the BOM-Link intro 'urn:cdx:' to avoid conflicts with BOM-Links."
+ "description": "An optional identifier which can be used to reference the license elsewhere in the BOM. Every bom-ref must be unique within the BOM.\nValue SHOULD not start with the BOM-Link intro 'urn:cdx:' to avoid conflicts with BOM-Links."
},
"id": {
"$ref": "spdx.schema.json",
"title": "License ID (SPDX)",
- "description": "A valid SPDX license ID",
+ "description": "A valid SPDX license identifier. If specified, this value must be one of the enumeration of valid SPDX license identifiers defined in the spdx.schema.json (or spdx.xml) subschema which is synchronized with the official SPDX license list.",
"examples": ["Apache-2.0"]
},
"name": {
"type": "string",
"title": "License Name",
- "description": "If SPDX does not define the license used, this field may be used to provide the license name",
+ "description": "The name of the license. This may include the name of a commercial or proprietary license or an open source license that may not be defined by SPDX.",
"examples": ["Acme Software License"]
},
"acknowledgement": {
@@ -1429,7 +1434,7 @@
"properties": {
"type": "array",
"title": "Properties",
- "description": "Provides the ability to document properties in a name-value store. This provides flexibility to include data not officially supported in the standard without having to use additional namespaces or create extensions. Unlike key-value stores, properties support duplicate names, each potentially having different values. Property names of interest to the general public are encouraged to be registered in the [CycloneDX Property Taxonomy](https://github.com/CycloneDX/cyclonedx-property-taxonomy). Formal registration is OPTIONAL.",
+ "description": "Provides the ability to document properties in a name-value store. This provides flexibility to include data not officially supported in the standard without having to use additional namespaces or create extensions. Unlike key-value stores, properties support duplicate names, each potentially having different values. Property names of interest to the general public are encouraged to be registered in the [CycloneDX Property Taxonomy](https://github.com/CycloneDX/cyclonedx-property-taxonomy). Formal registration is optional.",
"items": {"$ref": "#/definitions/property"}
}
}
@@ -1493,7 +1498,7 @@
"bom-ref": {
"$ref": "#/definitions/refType",
"title": "BOM Reference",
- "description": "An optional identifier which can be used to reference the license elsewhere in the BOM. Every bom-ref MUST be unique within the BOM.\nValue SHOULD not start with the BOM-Link intro 'urn:cdx:' to avoid conflicts with BOM-Links."
+ "description": "An optional identifier which can be used to reference the license elsewhere in the BOM. Every bom-ref must be unique within the BOM.\nValue SHOULD not start with the BOM-Link intro 'urn:cdx:' to avoid conflicts with BOM-Links."
}
}
}]
@@ -1810,10 +1815,10 @@
"certification-report": "Industry, regulatory, or other certification from an accredited (if applicable) certification body.",
"codified-infrastructure": "Code or configuration that defines and provisions virtualized infrastructure, commonly referred to as Infrastructure as Code (IaC).",
"quality-metrics": "Report or system in which quality metrics can be obtained.",
- "poam": "Plans of Action and Milestones (POAM) complement an \"attestation\" external reference. POAM is defined by NIST as a \"document that identifies tasks needing to be accomplished. It details resources required to accomplish the elements of the plan, any milestones in meeting the tasks and scheduled completion dates for the milestones\".",
+ "poam": "Plans of Action and Milestones (POA&M) complement an \"attestation\" external reference. POA&M is defined by NIST as a \"document that identifies tasks needing to be accomplished. It details resources required to accomplish the elements of the plan, any milestones in meeting the tasks and scheduled completion dates for the milestones\".",
"electronic-signature": "An e-signature is commonly a scanned representation of a written signature or a stylized script of the person's name.",
"digital-signature": "A signature that leverages cryptography, typically public/private key pairs, which provides strong authenticity verification.",
- "rfc-9116": "Document that complies with RFC-9116 (A File Format to Aid in Security Vulnerability Disclosure)",
+ "rfc-9116": "Document that complies with [RFC 9116](https://www.ietf.org/rfc/rfc9116.html) (A File Format to Aid in Security Vulnerability Disclosure)",
"other": "Use this if no other types accurately describe the purpose of the external reference."
}
},
@@ -1828,7 +1833,7 @@
"dependency": {
"type": "object",
"title": "Dependency",
- "description": "Defines the direct dependencies of a component, service, or the components provided/implemented by a given component. Components or services that do not have their own dependencies MUST be declared as empty elements within the graph. Components or services that are not represented in the dependency graph MAY have unknown dependencies. It is RECOMMENDED that implementations assume this to be opaque and not an indicator of an object being dependency-free. It is RECOMMENDED to leverage compositions to indicate unknown dependency graphs.",
+ "description": "Defines the direct dependencies of a component, service, or the components provided/implemented by a given component. Components or services that do not have their own dependencies must be declared as empty elements within the graph. Components or services that are not represented in the dependency graph may have unknown dependencies. It is recommended that implementations assume this to be opaque and not an indicator of an object being dependency-free. It is recommended to leverage compositions to indicate unknown dependency graphs.",
"required": [
"ref"
],
@@ -1870,7 +1875,7 @@
"bom-ref": {
"$ref": "#/definitions/refType",
"title": "BOM Reference",
- "description": "An optional identifier which can be used to reference the service elsewhere in the BOM. Every bom-ref MUST be unique within the BOM.\nValue SHOULD not start with the BOM-Link intro 'urn:cdx:' to avoid conflicts with BOM-Links."
+ "description": "An optional identifier which can be used to reference the service elsewhere in the BOM. Every bom-ref must be unique within the BOM.\nValue SHOULD not start with the BOM-Link intro 'urn:cdx:' to avoid conflicts with BOM-Links."
},
"provider": {
"title": "Provider",
@@ -1932,7 +1937,7 @@
},
"licenses": {
"$ref": "#/definitions/licenseChoice",
- "title": "Component License(s)"
+ "title": "Service License(s)"
},
"externalReferences": {
"type": "array",
@@ -1955,7 +1960,7 @@
"properties": {
"type": "array",
"title": "Properties",
- "description": "Provides the ability to document properties in a name-value store. This provides flexibility to include data not officially supported in the standard without having to use additional namespaces or create extensions. Unlike key-value stores, properties support duplicate names, each potentially having different values. Property names of interest to the general public are encouraged to be registered in the [CycloneDX Property Taxonomy](https://github.com/CycloneDX/cyclonedx-property-taxonomy). Formal registration is OPTIONAL.",
+ "description": "Provides the ability to document properties in a name-value store. This provides flexibility to include data not officially supported in the standard without having to use additional namespaces or create extensions. Unlike key-value stores, properties support duplicate names, each potentially having different values. Property names of interest to the general public are encouraged to be registered in the [CycloneDX Property Taxonomy](https://github.com/CycloneDX/cyclonedx-property-taxonomy). Formal registration is optional.",
"items": {"$ref": "#/definitions/property"}
},
"tags": {
@@ -2064,6 +2069,7 @@
"copyright": {
"type": "object",
"title": "Copyright",
+ "description": "A copyright notice informing users of the underlying claims to copyright ownership in a published work.",
"required": [
"text"
],
@@ -2071,7 +2077,8 @@
"properties": {
"text": {
"type": "string",
- "title": "Copyright Text"
+ "title": "Copyright Text",
+ "description": "The textual content of the copyright."
}
}
},
@@ -2083,7 +2090,7 @@
"properties": {
"identity": {
"title": "Identity Evidence",
- "description": "Evidence that substantiates the identity of a component. The identity may be an object or an array of identity objects. Support for specifying identity as a single object was introduced in CycloneDX v1.5. Arrays were introduced in v1.6. It is RECOMMENDED that all implementations use arrays, even if only one identity object is specified.",
+ "description": "Evidence that substantiates the identity of a component. The identity may be an object or an array of identity objects. Support for specifying identity as a single object was introduced in CycloneDX v1.5. Arrays were introduced in v1.6. It is recommended that all implementations use arrays, even if only one identity object is specified.",
"oneOf" : [
{
"type": "array",
@@ -2110,7 +2117,7 @@
"bom-ref": {
"$ref": "#/definitions/refType",
"title": "BOM Reference",
- "description": "An optional identifier which can be used to reference the occurrence elsewhere in the BOM. Every bom-ref MUST be unique within the BOM.\nValue SHOULD not start with the BOM-Link intro 'urn:cdx:' to avoid conflicts with BOM-Links."
+ "description": "An optional identifier which can be used to reference the occurrence elsewhere in the BOM. Every bom-ref must be unique within the BOM.\nValue SHOULD not start with the BOM-Link intro 'urn:cdx:' to avoid conflicts with BOM-Links."
},
"location": {
"type": "string",
@@ -2225,7 +2232,7 @@
"bom-ref": {
"$ref": "#/definitions/refType",
"title": "BOM Reference",
- "description": "An optional identifier which can be used to reference the composition elsewhere in the BOM. Every bom-ref MUST be unique within the BOM.\nValue SHOULD not start with the BOM-Link intro 'urn:cdx:' to avoid conflicts with BOM-Links."
+ "description": "An optional identifier which can be used to reference the composition elsewhere in the BOM. Every bom-ref must be unique within the BOM.\nValue SHOULD not start with the BOM-Link intro 'urn:cdx:' to avoid conflicts with BOM-Links."
},
"aggregate": {
"$ref": "#/definitions/aggregateType",
@@ -2306,7 +2313,7 @@
"property": {
"type": "object",
"title": "Lightweight name-value pair",
- "description": "Provides the ability to document properties in a name-value store. This provides flexibility to include data not officially supported in the standard without having to use additional namespaces or create extensions. Unlike key-value stores, properties support duplicate names, each potentially having different values. Property names of interest to the general public are encouraged to be registered in the [CycloneDX Property Taxonomy](https://github.com/CycloneDX/cyclonedx-property-taxonomy). Formal registration is OPTIONAL.",
+ "description": "Provides the ability to document properties in a name-value store. This provides flexibility to include data not officially supported in the standard without having to use additional namespaces or create extensions. Unlike key-value stores, properties support duplicate names, each potentially having different values. Property names of interest to the general public are encouraged to be registered in the [CycloneDX Property Taxonomy](https://github.com/CycloneDX/cyclonedx-property-taxonomy). Formal registration is optional.",
"required": [
"name"
],
@@ -2328,7 +2335,7 @@
"type": "string",
"pattern": "^([a-z]{2})(-[A-Z]{2})?$",
"title": "Locale",
- "description": "Defines a syntax for representing two character language code (ISO-639) followed by an optional two character country code. The language code MUST be lower case. If the country code is specified, the country code MUST be upper case. The language code and country code MUST be separated by a minus sign. Examples: en, en-US, fr, fr-CA"
+ "description": "Defines a syntax for representing two character language code (ISO-639) followed by an optional two character country code. The language code must be lower case. If the country code is specified, the country code must be upper case. The language code and country code must be separated by a minus sign. Examples: en, en-US, fr, fr-CA"
},
"releaseType": {
"type": "string",
@@ -2339,7 +2346,7 @@
"pre-release",
"internal"
],
- "description": "The software versioning type. It is RECOMMENDED that the release type use one of 'major', 'minor', 'patch', 'pre-release', or 'internal'. Representing all possible software release types is not practical, so standardizing on the recommended values, whenever possible, is strongly encouraged.\n\n* __major__ = A major release may contain significant changes or may introduce breaking changes.\n* __minor__ = A minor release, also known as an update, may contain a smaller number of changes than major releases.\n* __patch__ = Patch releases are typically unplanned and may resolve defects or important security issues.\n* __pre-release__ = A pre-release may include alpha, beta, or release candidates and typically have limited support. They provide the ability to preview a release prior to its general availability.\n* __internal__ = Internal releases are not for public consumption and are intended to be used exclusively by the project or manufacturer that produced it."
+ "description": "The software versioning type. It is recommended that the release type use one of 'major', 'minor', 'patch', 'pre-release', or 'internal'. Representing all possible software release types is not practical, so standardizing on the recommended values, whenever possible, is strongly encouraged.\n\n* __major__ = A major release may contain significant changes or may introduce breaking changes.\n* __minor__ = A minor release, also known as an update, may contain a smaller number of changes than major releases.\n* __patch__ = Patch releases are typically unplanned and may resolve defects or important security issues.\n* __pre-release__ = A pre-release may include alpha, beta, or release candidates and typically have limited support. They provide the ability to preview a release prior to its general availability.\n* __internal__ = Internal releases are not for public consumption and are intended to be used exclusively by the project or manufacturer that produced it."
},
"note": {
"type": "object",
@@ -2430,7 +2437,7 @@
"properties": {
"type": "array",
"title": "Properties",
- "description": "Provides the ability to document properties in a name-value store. This provides flexibility to include data not officially supported in the standard without having to use additional namespaces or create extensions. Unlike key-value stores, properties support duplicate names, each potentially having different values. Property names of interest to the general public are encouraged to be registered in the [CycloneDX Property Taxonomy](https://github.com/CycloneDX/cyclonedx-property-taxonomy). Formal registration is OPTIONAL.",
+ "description": "Provides the ability to document properties in a name-value store. This provides flexibility to include data not officially supported in the standard without having to use additional namespaces or create extensions. Unlike key-value stores, properties support duplicate names, each potentially having different values. Property names of interest to the general public are encouraged to be registered in the [CycloneDX Property Taxonomy](https://github.com/CycloneDX/cyclonedx-property-taxonomy). Formal registration is optional.",
"items": {"$ref": "#/definitions/property"}
}
}
@@ -2626,7 +2633,7 @@
"bom-ref": {
"$ref": "#/definitions/refType",
"title": "BOM Reference",
- "description": "An optional identifier which can be used to reference the vulnerability elsewhere in the BOM. Every bom-ref MUST be unique within the BOM.\nValue SHOULD not start with the BOM-Link intro 'urn:cdx:' to avoid conflicts with BOM-Links."
+ "description": "An optional identifier which can be used to reference the vulnerability elsewhere in the BOM. Every bom-ref must be unique within the BOM.\nValue SHOULD not start with the BOM-Link intro 'urn:cdx:' to avoid conflicts with BOM-Links."
},
"id": {
"type": "string",
@@ -2941,7 +2948,7 @@
"properties": {
"type": "array",
"title": "Properties",
- "description": "Provides the ability to document properties in a name-value store. This provides flexibility to include data not officially supported in the standard without having to use additional namespaces or create extensions. Unlike key-value stores, properties support duplicate names, each potentially having different values. Property names of interest to the general public are encouraged to be registered in the [CycloneDX Property Taxonomy](https://github.com/CycloneDX/cyclonedx-property-taxonomy). Formal registration is OPTIONAL.",
+ "description": "Provides the ability to document properties in a name-value store. This provides flexibility to include data not officially supported in the standard without having to use additional namespaces or create extensions. Unlike key-value stores, properties support duplicate names, each potentially having different values. Property names of interest to the general public are encouraged to be registered in the [CycloneDX Property Taxonomy](https://github.com/CycloneDX/cyclonedx-property-taxonomy). Formal registration is optional.",
"items": {
"$ref": "#/definitions/property"
}
@@ -3008,7 +3015,7 @@
"bom-ref": {
"$ref": "#/definitions/refType",
"title": "BOM Reference",
- "description": "An optional identifier which can be used to reference the annotation elsewhere in the BOM. Every bom-ref MUST be unique within the BOM.\nValue SHOULD not start with the BOM-Link intro 'urn:cdx:' to avoid conflicts with BOM-Links."
+ "description": "An optional identifier which can be used to reference the annotation elsewhere in the BOM. Every bom-ref must be unique within the BOM.\nValue SHOULD not start with the BOM-Link intro 'urn:cdx:' to avoid conflicts with BOM-Links."
},
"subjects": {
"type": "array",
@@ -3096,13 +3103,13 @@
"$comment": "Model card support in CycloneDX is derived from TensorFlow Model Card Toolkit released under the Apache 2.0 license and available from https://github.com/tensorflow/model-card-toolkit/blob/main/model_card_toolkit/schema/v0.0.2/model_card.schema.json. In addition, CycloneDX model card support includes portions of VerifyML, also released under the Apache 2.0 license and available from https://github.com/cylynx/verifyml/blob/main/verifyml/model_card_toolkit/schema/v0.0.4/model_card.schema.json.",
"type": "object",
"title": "Model Card",
- "description": "A model card describes the intended uses of a machine learning model and potential limitations, including biases and ethical considerations. Model cards typically contain the training parameters, which datasets were used to train the model, performance metrics, and other relevant data useful for ML transparency. This object SHOULD be specified for any component of type `machine-learning-model` and MUST NOT be specified for other component types.",
+ "description": "A model card describes the intended uses of a machine learning model and potential limitations, including biases and ethical considerations. Model cards typically contain the training parameters, which datasets were used to train the model, performance metrics, and other relevant data useful for ML transparency. This object SHOULD be specified for any component of type `machine-learning-model` and must not be specified for other component types.",
"additionalProperties": false,
"properties": {
"bom-ref": {
"$ref": "#/definitions/refType",
"title": "BOM Reference",
- "description": "An optional identifier which can be used to reference the model card elsewhere in the BOM. Every bom-ref MUST be unique within the BOM.\nValue SHOULD not start with the BOM-Link intro 'urn:cdx:' to avoid conflicts with BOM-Links."
+ "description": "An optional identifier which can be used to reference the model card elsewhere in the BOM. Every bom-ref must be unique within the BOM.\nValue SHOULD not start with the BOM-Link intro 'urn:cdx:' to avoid conflicts with BOM-Links."
},
"modelParameters": {
"type": "object",
@@ -3179,6 +3186,7 @@
}
],
"title": "Reference",
+ "type": "string",
"description": "References a data component by the components bom-ref attribute"
}
}
@@ -3277,7 +3285,7 @@
"properties": {
"type": "array",
"title": "Properties",
- "description": "Provides the ability to document properties in a name-value store. This provides flexibility to include data not officially supported in the standard without having to use additional namespaces or create extensions. Unlike key-value stores, properties support duplicate names, each potentially having different values. Property names of interest to the general public are encouraged to be registered in the [CycloneDX Property Taxonomy](https://github.com/CycloneDX/cyclonedx-property-taxonomy). Formal registration is OPTIONAL.",
+ "description": "Provides the ability to document properties in a name-value store. This provides flexibility to include data not officially supported in the standard without having to use additional namespaces or create extensions. Unlike key-value stores, properties support duplicate names, each potentially having different values. Property names of interest to the general public are encouraged to be registered in the [CycloneDX Property Taxonomy](https://github.com/CycloneDX/cyclonedx-property-taxonomy). Formal registration is optional.",
"items": {"$ref": "#/definitions/property"}
}
}
@@ -3305,7 +3313,7 @@
"bom-ref": {
"$ref": "#/definitions/refType",
"title": "BOM Reference",
- "description": "An optional identifier which can be used to reference the dataset elsewhere in the BOM. Every bom-ref MUST be unique within the BOM.\nValue SHOULD not start with the BOM-Link intro 'urn:cdx:' to avoid conflicts with BOM-Links."
+ "description": "An optional identifier which can be used to reference the dataset elsewhere in the BOM. Every bom-ref must be unique within the BOM.\nValue SHOULD not start with the BOM-Link intro 'urn:cdx:' to avoid conflicts with BOM-Links."
},
"type": {
"type": "string",
@@ -3413,10 +3421,12 @@
"properties": {
"organization": {
"title": "Organization",
+ "description": "The organization that is responsible for specific data governance role(s).",
"$ref": "#/definitions/organizationalEntity"
},
"contact": {
"title": "Individual",
+ "description": "The individual that is responsible for specific data governance role(s).",
"$ref": "#/definitions/organizationalContact"
}
},
@@ -3460,7 +3470,7 @@
},
"image": {
"title": "Graphic Image",
- "description": "The graphic (vector or raster). Base64 encoding MUST be specified for binary images.",
+ "description": "The graphic (vector or raster). Base64 encoding must be specified for binary images.",
"$ref": "#/definitions/attachment"
}
}
@@ -3572,6 +3582,7 @@
"properties": {
"type": "array",
"title": "Properties",
+ "description": "Provides the ability to document properties in a name-value store. This provides flexibility to include data not officially supported in the standard without having to use additional namespaces or create extensions. Unlike key-value stores, properties support duplicate names, each potentially having different values. Property names of interest to the general public are encouraged to be registered in the [CycloneDX Property Taxonomy](https://github.com/CycloneDX/cyclonedx-property-taxonomy). Formal registration is optional.",
"items": {
"$ref": "#/definitions/property"
}
@@ -3640,6 +3651,7 @@
"properties": {
"type": "array",
"title": "Properties",
+ "description": "Provides the ability to document properties in a name-value store. This provides flexibility to include data not officially supported in the standard without having to use additional namespaces or create extensions. Unlike key-value stores, properties support duplicate names, each potentially having different values. Property names of interest to the general public are encouraged to be registered in the [CycloneDX Property Taxonomy](https://github.com/CycloneDX/cyclonedx-property-taxonomy). Formal registration is optional.",
"items": {
"$ref": "#/definitions/property"
}
@@ -3711,7 +3723,7 @@
"properties": {
"bom-ref": {
"title": "BOM Reference",
- "description": "An optional identifier which can be used to reference the energy provider elsewhere in the BOM. Every bom-ref MUST be unique within the BOM.\nValue SHOULD not start with the BOM-Link intro 'urn:cdx:' to avoid conflicts with BOM-Links.",
+ "description": "An optional identifier which can be used to reference the energy provider elsewhere in the BOM. Every bom-ref must be unique within the BOM.\nValue SHOULD not start with the BOM-Link intro 'urn:cdx:' to avoid conflicts with BOM-Links.",
"$ref": "#/definitions/refType"
},
"description": {
@@ -3722,6 +3734,7 @@
"organization": {
"type": "object",
"title": "Organization",
+ "description": "The organization that provides energy.",
"$ref": "#/definitions/organizationalEntity"
},
"energySource": {
@@ -3776,7 +3789,7 @@
"properties": {
"bom-ref": {
"title": "BOM Reference",
- "description": "An optional identifier which can be used to reference the address elsewhere in the BOM. Every bom-ref MUST be unique within the BOM.\nValue SHOULD not start with the BOM-Link intro 'urn:cdx:' to avoid conflicts with BOM-Links.",
+ "description": "An optional identifier which can be used to reference the address elsewhere in the BOM. Every bom-ref must be unique within the BOM.\nValue SHOULD not start with the BOM-Link intro 'urn:cdx:' to avoid conflicts with BOM-Links.",
"$ref": "#/definitions/refType"
},
"country": {
@@ -3824,7 +3837,7 @@
"properties": {
"bom-ref": {
"title": "BOM Reference",
- "description": "An optional identifier which can be used to reference the formula elsewhere in the BOM. Every bom-ref MUST be unique within the BOM.\nValue SHOULD not start with the BOM-Link intro 'urn:cdx:' to avoid conflicts with BOM-Links.",
+ "description": "An optional identifier which can be used to reference the formula elsewhere in the BOM. Every bom-ref must be unique within the BOM.\nValue SHOULD not start with the BOM-Link intro 'urn:cdx:' to avoid conflicts with BOM-Links.",
"$ref": "#/definitions/refType"
},
"components": {
@@ -3858,6 +3871,7 @@
"properties": {
"type": "array",
"title": "Properties",
+ "description": "Provides the ability to document properties in a name-value store. This provides flexibility to include data not officially supported in the standard without having to use additional namespaces or create extensions. Unlike key-value stores, properties support duplicate names, each potentially having different values. Property names of interest to the general public are encouraged to be registered in the [CycloneDX Property Taxonomy](https://github.com/CycloneDX/cyclonedx-property-taxonomy). Formal registration is optional.",
"items": {
"$ref": "#/definitions/property"
}
@@ -3878,7 +3892,7 @@
"properties": {
"bom-ref": {
"title": "BOM Reference",
- "description": "An optional identifier which can be used to reference the workflow elsewhere in the BOM. Every bom-ref MUST be unique within the BOM.\nValue SHOULD not start with the BOM-Link intro 'urn:cdx:' to avoid conflicts with BOM-Links.",
+ "description": "An optional identifier which can be used to reference the workflow elsewhere in the BOM. Every bom-ref must be unique within the BOM.\nValue SHOULD not start with the BOM-Link intro 'urn:cdx:' to avoid conflicts with BOM-Links.",
"$ref": "#/definitions/refType"
},
"uid": {
@@ -4001,6 +4015,7 @@
"properties": {
"type": "array",
"title": "Properties",
+ "description": "Provides the ability to document properties in a name-value store. This provides flexibility to include data not officially supported in the standard without having to use additional namespaces or create extensions. Unlike key-value stores, properties support duplicate names, each potentially having different values. Property names of interest to the general public are encouraged to be registered in the [CycloneDX Property Taxonomy](https://github.com/CycloneDX/cyclonedx-property-taxonomy). Formal registration is optional.",
"items": {
"$ref": "#/definitions/property"
}
@@ -4021,7 +4036,7 @@
"properties": {
"bom-ref": {
"title": "BOM Reference",
- "description": "An optional identifier which can be used to reference the task elsewhere in the BOM. Every bom-ref MUST be unique within the BOM.\nValue SHOULD not start with the BOM-Link intro 'urn:cdx:' to avoid conflicts with BOM-Links.",
+ "description": "An optional identifier which can be used to reference the task elsewhere in the BOM. Every bom-ref must be unique within the BOM.\nValue SHOULD not start with the BOM-Link intro 'urn:cdx:' to avoid conflicts with BOM-Links.",
"$ref": "#/definitions/refType"
},
"uid": {
@@ -4125,6 +4140,7 @@
"properties": {
"type": "array",
"title": "Properties",
+ "description": "Provides the ability to document properties in a name-value store. This provides flexibility to include data not officially supported in the standard without having to use additional namespaces or create extensions. Unlike key-value stores, properties support duplicate names, each potentially having different values. Property names of interest to the general public are encouraged to be registered in the [CycloneDX Property Taxonomy](https://github.com/CycloneDX/cyclonedx-property-taxonomy). Formal registration is optional.",
"items": {
"$ref": "#/definitions/property"
}
@@ -4157,6 +4173,7 @@
"properties": {
"type": "array",
"title": "Properties",
+ "description": "Provides the ability to document properties in a name-value store. This provides flexibility to include data not officially supported in the standard without having to use additional namespaces or create extensions. Unlike key-value stores, properties support duplicate names, each potentially having different values. Property names of interest to the general public are encouraged to be registered in the [CycloneDX Property Taxonomy](https://github.com/CycloneDX/cyclonedx-property-taxonomy). Formal registration is optional.",
"items": {
"$ref": "#/definitions/property"
}
@@ -4175,6 +4192,7 @@
"properties": {
"type": "array",
"title": "Properties",
+ "description": "Provides the ability to document properties in a name-value store. This provides flexibility to include data not officially supported in the standard without having to use additional namespaces or create extensions. Unlike key-value stores, properties support duplicate names, each potentially having different values. Property names of interest to the general public are encouraged to be registered in the [CycloneDX Property Taxonomy](https://github.com/CycloneDX/cyclonedx-property-taxonomy). Formal registration is optional.",
"items": {
"$ref": "#/definitions/property"
}
@@ -4193,7 +4211,7 @@
"properties": {
"bom-ref": {
"title": "BOM Reference",
- "description": "An optional identifier which can be used to reference the workspace elsewhere in the BOM. Every bom-ref MUST be unique within the BOM.\nValue SHOULD not start with the BOM-Link intro 'urn:cdx:' to avoid conflicts with BOM-Links.",
+ "description": "An optional identifier which can be used to reference the workspace elsewhere in the BOM. Every bom-ref must be unique within the BOM.\nValue SHOULD not start with the BOM-Link intro 'urn:cdx:' to avoid conflicts with BOM-Links.",
"$ref": "#/definitions/refType"
},
"uid": {
@@ -4266,6 +4284,7 @@
"properties": {
"type": "array",
"title": "Properties",
+ "description": "Provides the ability to document properties in a name-value store. This provides flexibility to include data not officially supported in the standard without having to use additional namespaces or create extensions. Unlike key-value stores, properties support duplicate names, each potentially having different values. Property names of interest to the general public are encouraged to be registered in the [CycloneDX Property Taxonomy](https://github.com/CycloneDX/cyclonedx-property-taxonomy). Formal registration is optional.",
"items": {
"$ref": "#/definitions/property"
}
@@ -4321,6 +4340,7 @@
"properties": {
"type": "array",
"title": "Properties",
+ "description": "Provides the ability to document properties in a name-value store. This provides flexibility to include data not officially supported in the standard without having to use additional namespaces or create extensions. Unlike key-value stores, properties support duplicate names, each potentially having different values. Property names of interest to the general public are encouraged to be registered in the [CycloneDX Property Taxonomy](https://github.com/CycloneDX/cyclonedx-property-taxonomy). Formal registration is optional.",
"items": {
"$ref": "#/definitions/property"
}
@@ -4340,7 +4360,7 @@
"properties": {
"bom-ref": {
"title": "BOM Reference",
- "description": "An optional identifier which can be used to reference the trigger elsewhere in the BOM. Every bom-ref MUST be unique within the BOM.\nValue SHOULD not start with the BOM-Link intro 'urn:cdx:' to avoid conflicts with BOM-Links.",
+ "description": "An optional identifier which can be used to reference the trigger elsewhere in the BOM. Every bom-ref must be unique within the BOM.\nValue SHOULD not start with the BOM-Link intro 'urn:cdx:' to avoid conflicts with BOM-Links.",
"$ref": "#/definitions/refType"
},
"uid": {
@@ -4386,6 +4406,7 @@
"conditions": {
"type": "array",
"title": "Conditions",
+ "description": "A list of conditions used to determine if a trigger should be activated.",
"uniqueItems": true,
"items": {
"$ref": "#/definitions/condition"
@@ -4420,6 +4441,7 @@
"properties": {
"type": "array",
"title": "Properties",
+ "description": "Provides the ability to document properties in a name-value store. This provides flexibility to include data not officially supported in the standard without having to use additional namespaces or create extensions. Unlike key-value stores, properties support duplicate names, each potentially having different values. Property names of interest to the general public are encouraged to be registered in the [CycloneDX Property Taxonomy](https://github.com/CycloneDX/cyclonedx-property-taxonomy). Formal registration is optional.",
"items": {
"$ref": "#/definitions/property"
}
@@ -4466,6 +4488,7 @@
"properties": {
"type": "array",
"title": "Properties",
+ "description": "Provides the ability to document properties in a name-value store. This provides flexibility to include data not officially supported in the standard without having to use additional namespaces or create extensions. Unlike key-value stores, properties support duplicate names, each potentially having different values. Property names of interest to the general public are encouraged to be registered in the [CycloneDX Property Taxonomy](https://github.com/CycloneDX/cyclonedx-property-taxonomy). Formal registration is optional.",
"items": {
"$ref": "#/definitions/property"
}
@@ -4560,6 +4583,7 @@
"properties": {
"type": "array",
"title": "Properties",
+ "description": "Provides the ability to document properties in a name-value store. This provides flexibility to include data not officially supported in the standard without having to use additional namespaces or create extensions. Unlike key-value stores, properties support duplicate names, each potentially having different values. Property names of interest to the general public are encouraged to be registered in the [CycloneDX Property Taxonomy](https://github.com/CycloneDX/cyclonedx-property-taxonomy). Formal registration is optional.",
"items": {
"$ref": "#/definitions/property"
}
@@ -4645,6 +4669,7 @@
"properties": {
"type": "array",
"title": "Properties",
+ "description": "Provides the ability to document properties in a name-value store. This provides flexibility to include data not officially supported in the standard without having to use additional namespaces or create extensions. Unlike key-value stores, properties support duplicate names, each potentially having different values. Property names of interest to the general public are encouraged to be registered in the [CycloneDX Property Taxonomy](https://github.com/CycloneDX/cyclonedx-property-taxonomy). Formal registration is optional.",
"items": {
"$ref": "#/definitions/property"
}
@@ -4710,6 +4735,7 @@
"properties": {
"type": "array",
"title": "Properties",
+ "description": "Provides the ability to document properties in a name-value store. This provides flexibility to include data not officially supported in the standard without having to use additional namespaces or create extensions. Unlike key-value stores, properties support duplicate names, each potentially having different values. Property names of interest to the general public are encouraged to be registered in the [CycloneDX Property Taxonomy](https://github.com/CycloneDX/cyclonedx-property-taxonomy). Formal registration is optional.",
"items": {
"$ref": "#/definitions/property"
}
@@ -4870,7 +4896,7 @@
"bom-ref": {
"$ref": "#/definitions/refType",
"title": "BOM Reference",
- "description": "An optional identifier which can be used to reference the object elsewhere in the BOM. Every bom-ref MUST be unique within the BOM."
+ "description": "An optional identifier which can be used to reference the object elsewhere in the BOM. Every bom-ref must be unique within the BOM."
},
"name": {
"type": "string",
@@ -4904,7 +4930,7 @@
"bom-ref": {
"$ref": "#/definitions/refType",
"title": "BOM Reference",
- "description": "An optional identifier which can be used to reference the object elsewhere in the BOM. Every bom-ref MUST be unique within the BOM."
+ "description": "An optional identifier which can be used to reference the object elsewhere in the BOM. Every bom-ref must be unique within the BOM."
},
"identifier": {
"type": "string",
@@ -4945,7 +4971,7 @@
"properties": {
"type": "array",
"title": "Properties",
- "description": "Provides the ability to document properties in a name-value store. This provides flexibility to include data not officially supported in the standard without having to use additional namespaces or create extensions. Unlike key-value stores, properties support duplicate names, each potentially having different values. Property names of interest to the general public are encouraged to be registered in the [CycloneDX Property Taxonomy](https://github.com/CycloneDX/cyclonedx-property-taxonomy). Formal registration is OPTIONAL.",
+ "description": "Provides the ability to document properties in a name-value store. This provides flexibility to include data not officially supported in the standard without having to use additional namespaces or create extensions. Unlike key-value stores, properties support duplicate names, each potentially having different values. Property names of interest to the general public are encouraged to be registered in the [CycloneDX Property Taxonomy](https://github.com/CycloneDX/cyclonedx-property-taxonomy). Formal registration is optional.",
"items": {
"$ref": "#/definitions/property"
}
@@ -4971,7 +4997,7 @@
"bom-ref": {
"$ref": "#/definitions/refType",
"title": "BOM Reference",
- "description": "An optional identifier which can be used to reference the object elsewhere in the BOM. Every bom-ref MUST be unique within the BOM."
+ "description": "An optional identifier which can be used to reference the object elsewhere in the BOM. Every bom-ref must be unique within the BOM."
},
"identifier": {
"type": "string",
@@ -5119,7 +5145,7 @@
},
"implementationPlatform": {
"type": "string",
- "title": "implementation platform",
+ "title": "Implementation platform",
"description": "The target platform for which the algorithm is implemented. The implementation can be 'generic', running on any platform or for a specific platform.",
"enum": [
"generic",
@@ -5534,7 +5560,7 @@
"ikev2TransformTypes": {
"type": "object",
"title": "IKEv2 Transform Types",
- "description": "The IKEv2 transform types supported (types 1-4), defined in RFC7296 section 3.3.2, and additional properties.",
+ "description": "The IKEv2 transform types supported (types 1-4), defined in [RFC 7296 section 3.3.2](https://www.ietf.org/rfc/rfc7296.html#section-3.3.2), and additional properties.",
"additionalProperties": false,
"properties": {
"encr": {
@@ -5555,7 +5581,7 @@
"ke": {
"$ref": "#/definitions/cryptoRefArray",
"title": "Key Exchange Method (KE)",
- "description": "Transform Type 4: Key Exchange Method (KE) per RFC9370, formerly called Diffie-Hellman Group (D-H)"
+ "description": "Transform Type 4: Key Exchange Method (KE) per [RFC 9370](https://www.ietf.org/rfc/rfc9370.html), formerly called Diffie-Hellman Group (D-H)."
},
"esn": {
"type": "boolean",
diff --git a/schema/bom-1.6.xsd b/schema/bom-1.6.xsd
index 2ff7949b..7b387d8f 100644
--- a/schema/bom-1.6.xsd
+++ b/schema/bom-1.6.xsd
@@ -355,7 +355,10 @@ limitations under the License.
- The URL of the organization. Multiple URLs are allowed.
+
+ The URL of the organization. Multiple URLs are allowed.
+ Example: https://example.com
+
@@ -959,8 +962,14 @@ limitations under the License.
- Specifies the content type of the text. Defaults to text/plain
- if not specified.
+
+ Specifies the format and nature of the data being attached, helping systems correctly
+ interpret and process the content. Common content type examples include `application/json`
+ for JSON data and `text/plain` for plan text documents.
+
+ RFC 2045 section 5.1 outlines the structure and use of content types. For a comprehensive
+ list of registered content types, refer to the IANA media types registry at
+ https://www.iana.org/assignments/media-types/media-types.xhtml.
@@ -1379,8 +1388,11 @@ limitations under the License.
- The URL to the license file. If a license URL has been defined in the license
- node, it should also be defined as an external reference for completeness
+
+ The URL to the license file. If a license URL has been defined in the license
+ node, it should also be defined as an external reference for completeness.
+ Example: https://www.apache.org/licenses/LICENSE-2.0.txt
+