Merge pull request #180 from CycloneDX/v1.5-dev-security-contact

stevespringett · web-flow · commit 168e4ac9fc88 · 2023-02-20T16:29:29.000-06:00
Adding support for security contact
diff --git a/schema/bom-1.5.proto b/schema/bom-1.5.proto
@@ -193,6 +193,8 @@ enum ExternalReferenceType {
   EXTERNAL_REFERENCE_TYPE_BUILD_META = 13;
   // URL to an automated build system
   EXTERNAL_REFERENCE_TYPE_BUILD_SYSTEM = 14;
+  // Specifies a way to contact the maintainer, supplier, or provider in the event of a security incident. Common URIs include links to a disclosure procedure, a mailto (RFC-2368) that specifies an email address, a tel (RFC-3966) that specifies a phone number, or dns (RFC-4501]) that specifies the records containing DNS Security TXT.
+  EXTERNAL_REFERENCE_TYPE_SECURITY_CONTACT = 15;
 }
 
 enum HashAlg {
diff --git a/schema/bom-1.5.schema.json b/schema/bom-1.5.schema.json
@@ -1028,7 +1028,7 @@
         "type": {
           "type": "string",
           "title": "Type",
-          "description": "Specifies the type of external reference.\n\n* __vcs__ = Version Control System\n* __issue-tracker__ = Issue or defect tracking system, or an Application Lifecycle Management (ALM) system\n* __website__ = Website\n* __advisories__ = Security advisories\n* __bom__ = Bill of Materials (SBOM, OBOM, HBOM, SaaSBOM, etc)\n* __mailing-list__ = Mailing list or discussion group\n* __social__ = Social media account\n* __chat__ = Real-time chat platform\n* __documentation__ = Documentation, guides, or how-to instructions\n* __support__ = Community or commercial support\n* __distribution__ = Direct or repository download location\n* __license__ = The URL to the license file. If a license URL has been defined in the license node, it should also be defined as an external reference for completeness\n* __build-meta__ = Build-system specific meta file (i.e. pom.xml, package.json, .nuspec, etc)\n* __build-system__ = URL to an automated build system\n* __release-notes__ = URL to release notes\n* __other__ = Use this if no other types accurately describe the purpose of the external reference",
+          "description": "Specifies the type of external reference.\n\n* __vcs__ = Version Control System\n* __issue-tracker__ = Issue or defect tracking system, or an Application Lifecycle Management (ALM) system\n* __website__ = Website\n* __advisories__ = Security advisories\n* __bom__ = Bill of Materials (SBOM, OBOM, HBOM, SaaSBOM, etc)\n* __mailing-list__ = Mailing list or discussion group\n* __social__ = Social media account\n* __chat__ = Real-time chat platform\n* __documentation__ = Documentation, guides, or how-to instructions\n* __support__ = Community or commercial support\n* __distribution__ = Direct or repository download location\n* __license__ = The URL to the license file. If a license URL has been defined in the license node, it should also be defined as an external reference for completeness\n* __build-meta__ = Build-system specific meta file (i.e. pom.xml, package.json, .nuspec, etc)\n* __build-system__ = URL to an automated build system\n* __release-notes__ = URL to release notes\n* __security-contact__ = Specifies a way to contact the maintainer, supplier, or provider in the event of a security incident. Common URIs include links to a disclosure procedure, a mailto (RFC-2368) that specifies an email address, a tel (RFC-3966) that specifies a phone number, or dns (RFC-4501]) that specifies the records containing DNS Security TXT\n* __other__ = Use this if no other types accurately describe the purpose of the external reference",
           "enum": [
             "vcs",
             "issue-tracker",
@@ -1045,6 +1045,7 @@
             "build-meta",
             "build-system",
             "release-notes",
+            "security-contact",
             "other"
           ]
         },
diff --git a/schema/bom-1.5.xsd b/schema/bom-1.5.xsd
@@ -1023,6 +1023,11 @@ limitations under the License.
                     <xs:documentation>URL to release notes</xs:documentation>
                 </xs:annotation>
             </xs:enumeration>
+            <xs:enumeration value="security-contact">
+                <xs:annotation>
+                    <xs:documentation>Specifies a way to contact the maintainer, supplier, or provider in the event of a security incident. Common URIs include links to a disclosure procedure, a mailto (RFC-2368) that specifies an email address, a tel (RFC-3966) that specifies a phone number, or dns (RFC-4501]) that specifies the records containing DNS Security TXT.</xs:documentation>
+                </xs:annotation>
+            </xs:enumeration>
             <xs:enumeration value="other">
                 <xs:annotation>
                     <xs:documentation>Use this if no other types accurately describe the purpose of the external reference</xs:documentation>

Original file line number	Diff line number	Diff line change
`@@ -193,6 +193,8 @@ enum ExternalReferenceType {`
`193`	`193`	`EXTERNAL_REFERENCE_TYPE_BUILD_META = 13;`
`194`	`194`	`// URL to an automated build system`
`195`	`195`	`EXTERNAL_REFERENCE_TYPE_BUILD_SYSTEM = 14;`
	`196`	`+ // Specifies a way to contact the maintainer, supplier, or provider in the event of a security incident. Common URIs include links to a disclosure procedure, a mailto (RFC-2368) that specifies an email address, a tel (RFC-3966) that specifies a phone number, or dns (RFC-4501]) that specifies the records containing DNS Security TXT.`
	`197`	`+ EXTERNAL_REFERENCE_TYPE_SECURITY_CONTACT = 15;`
`196`	`198`	`}`
`197`	`199`
`198`	`200`	`enum HashAlg {`