@@ -17,6 +17,8 @@ SPDX-License-Identifier: Apache-2.0
1717Copyright (c) OWASP Foundation. All Rights Reserved.
1818*/
1919
20+ /* eslint-disable max-lines -- ack */
21+
2022import { ComponentType } from '../enums/componentType'
2123import { ExternalReferenceType } from '../enums/externalReferenceType'
2224import { HashAlgorithm } from '../enums/hashAlogorithm'
@@ -434,7 +436,115 @@ export const Spec1dot6: Readonly<_SpecProtocol> = Object.freeze(new _Spec(
434436 true
435437) )
436438
439+
440+ /** Specification v1.7 */
441+ export const Spec1dot7 : Readonly < _SpecProtocol > = Object . freeze ( new _Spec (
442+ Version . v1dot7 ,
443+ [
444+ Format . XML ,
445+ Format . JSON
446+ ] ,
447+ [
448+ ComponentType . Application ,
449+ ComponentType . Framework ,
450+ ComponentType . Library ,
451+ ComponentType . Container ,
452+ ComponentType . Platform ,
453+ ComponentType . OperatingSystem ,
454+ ComponentType . Device ,
455+ ComponentType . DeviceDriver ,
456+ ComponentType . Firmware ,
457+ ComponentType . File ,
458+ ComponentType . MachineLearningModel ,
459+ ComponentType . Data ,
460+ ComponentType . CryptographicAsset
461+ ] ,
462+ [
463+ HashAlgorithm . MD5 ,
464+ HashAlgorithm [ 'SHA-1' ] ,
465+ HashAlgorithm [ 'SHA-256' ] ,
466+ HashAlgorithm [ 'SHA-384' ] ,
467+ HashAlgorithm [ 'SHA-512' ] ,
468+ HashAlgorithm [ 'SHA3-256' ] ,
469+ HashAlgorithm [ 'SHA3-384' ] ,
470+ HashAlgorithm [ 'SHA3-512' ] ,
471+ HashAlgorithm [ 'BLAKE2b-256' ] ,
472+ HashAlgorithm [ 'BLAKE2b-384' ] ,
473+ HashAlgorithm [ 'BLAKE2b-512' ] ,
474+ HashAlgorithm . BLAKE3
475+ ] ,
476+ / ^ ( [ a - f A - F 0 - 9 ] { 32 } ) $ | ^ ( [ a - f A - F 0 - 9 ] { 40 } ) $ | ^ ( [ a - f A - F 0 - 9 ] { 64 } ) $ | ^ ( [ a - f A - F 0 - 9 ] { 96 } ) $ | ^ ( [ a - f A - F 0 - 9 ] { 128 } ) $ / ,
477+ [
478+ ExternalReferenceType . VCS ,
479+ ExternalReferenceType . IssueTracker ,
480+ ExternalReferenceType . Website ,
481+ ExternalReferenceType . Advisories ,
482+ ExternalReferenceType . BOM ,
483+ ExternalReferenceType . MailingList ,
484+ ExternalReferenceType . Social ,
485+ ExternalReferenceType . Chat ,
486+ ExternalReferenceType . Documentation ,
487+ ExternalReferenceType . Support ,
488+ ExternalReferenceType . SourceDistribution ,
489+ ExternalReferenceType . Distribution ,
490+ ExternalReferenceType . DistributionIntake ,
491+ ExternalReferenceType . License ,
492+ ExternalReferenceType . BuildMeta ,
493+ ExternalReferenceType . BuildSystem ,
494+ ExternalReferenceType . ReleaseNotes ,
495+ ExternalReferenceType . SecurityContact ,
496+ ExternalReferenceType . ModelCard ,
497+ ExternalReferenceType . Log ,
498+ ExternalReferenceType . Configuration ,
499+ ExternalReferenceType . Evidence ,
500+ ExternalReferenceType . Formulation ,
501+ ExternalReferenceType . Attestation ,
502+ ExternalReferenceType . ThreatModel ,
503+ ExternalReferenceType . AdversaryModel ,
504+ ExternalReferenceType . RiskAssessment ,
505+ ExternalReferenceType . VulnerabilityAssertion ,
506+ ExternalReferenceType . ExploitabilityStatement ,
507+ ExternalReferenceType . PentestReport ,
508+ ExternalReferenceType . StaticAnalysisReport ,
509+ ExternalReferenceType . DynamicAnalysisReport ,
510+ ExternalReferenceType . RuntimeAnalysisReport ,
511+ ExternalReferenceType . ComponentAnalysisReport ,
512+ ExternalReferenceType . MaturityReport ,
513+ ExternalReferenceType . CertificationReport ,
514+ ExternalReferenceType . CodifiedInfrastructure ,
515+ ExternalReferenceType . QualityMetrics ,
516+ ExternalReferenceType . POAM ,
517+ ExternalReferenceType . ElectronicSignature ,
518+ ExternalReferenceType . DigitalSignature ,
519+ ExternalReferenceType . RFC9116 ,
520+ ExternalReferenceType . Other
521+ ] ,
522+ true ,
523+ true ,
524+ false ,
525+ true ,
526+ true ,
527+ [
528+ VulnerabilityRatingMethod . CVSSv2 ,
529+ VulnerabilityRatingMethod . CVSSv3 ,
530+ VulnerabilityRatingMethod . CVSSv31 ,
531+ VulnerabilityRatingMethod . CVSSv4 ,
532+ VulnerabilityRatingMethod . OWASP ,
533+ VulnerabilityRatingMethod . SSVC ,
534+ VulnerabilityRatingMethod . Other
535+ ] ,
536+ true ,
537+ true ,
538+ true ,
539+ true ,
540+ true ,
541+ true ,
542+ true ,
543+ true
544+ ) )
545+
437546export const SpecVersionDict : Readonly < Partial < Record < Version , Readonly < _SpecProtocol > > > > = Object . freeze ( {
547+ [ Version . v1dot7 ] : Spec1dot7 ,
438548 [ Version . v1dot6 ] : Spec1dot6 ,
439549 [ Version . v1dot5 ] : Spec1dot5 ,
440550 [ Version . v1dot4 ] : Spec1dot4 ,
0 commit comments