|
75 | 75 | }, |
76 | 76 | "definitions": { |
77 | 77 | "$ref": "#/$defs/cyclonedx-definition-2.0/$defs/definitions" |
| 78 | + }, |
| 79 | + "citations": { |
| 80 | + "$ref": "#/$defs/cyclonedx-citation-2.0/$defs/citations" |
| 81 | + }, |
| 82 | + "properties": { |
| 83 | + "$ref": "#/$defs/cyclonedx-common-2.0/$defs/properties" |
| 84 | + }, |
| 85 | + "externalReferences": { |
| 86 | + "$ref": "#/$defs/cyclonedx-common-2.0/$defs/externalReferences" |
| 87 | + }, |
| 88 | + "signature": { |
| 89 | + "$ref": "#/$defs/cyclonedx-common-2.0/$defs/signature" |
78 | 90 | } |
79 | 91 | }, |
80 | 92 | "$defs": { |
|
765 | 777 | } |
766 | 778 | } |
767 | 779 | }, |
| 780 | + "cyclonedx-citation-2.0": { |
| 781 | + "type": "null", |
| 782 | + "title": "CycloneDX Citation Model", |
| 783 | + "$defs": { |
| 784 | + "citations": { |
| 785 | + "type": "array", |
| 786 | + "items": { |
| 787 | + "$ref": "#/$defs/cyclonedx-citation-2.0/$defs/citation" |
| 788 | + }, |
| 789 | + "uniqueItems": true, |
| 790 | + "title": "Citations", |
| 791 | + "description": "A collection of attributions indicating which entity supplied information for specific fields within the BOM." |
| 792 | + }, |
| 793 | + "citation": { |
| 794 | + "type": "object", |
| 795 | + "title": "Citation", |
| 796 | + "description": "Details a specific attribution of data within the BOM to a contributing entity or process.", |
| 797 | + "additionalProperties": false, |
| 798 | + "properties": { |
| 799 | + "bom-ref": { |
| 800 | + "$ref": "#/$defs/cyclonedx-common-2.0/$defs/refType", |
| 801 | + "title": "BOM Reference" |
| 802 | + }, |
| 803 | + "pointers": { |
| 804 | + "type": "array", |
| 805 | + "items": { |
| 806 | + "type": "string", |
| 807 | + "title": "Field Reference", |
| 808 | + "description": "A [JSON Pointer](https://datatracker.ietf.org/doc/html/rfc6901) identifying the BOM field to which the attribution applies." |
| 809 | + }, |
| 810 | + "minItems": 1, |
| 811 | + "title": "Field References", |
| 812 | + "description": "One or more [JSON Pointers](https://datatracker.ietf.org/doc/html/rfc6901) identifying the BOM fields to which the attribution applies.\nExactly one of the \"pointers\" or \"expressions\" elements must be present." |
| 813 | + }, |
| 814 | + "expressions": { |
| 815 | + "type": "array", |
| 816 | + "items": { |
| 817 | + "type": "string", |
| 818 | + "title": "Path Expression", |
| 819 | + "description": "Specifies a [JSONPath](https://datatracker.ietf.org/doc/html/rfc9535) expression used to locate a value within a BOM." |
| 820 | + }, |
| 821 | + "minItems": 1, |
| 822 | + "title": "Path Expressions", |
| 823 | + "description": "One or more path expressions used to locate values within a BOM.\nExactly one of the \"pointers\" or \"expressions\" elements must be present." |
| 824 | + }, |
| 825 | + "timestamp": { |
| 826 | + "type": "string", |
| 827 | + "format": "date-time", |
| 828 | + "title": "Timestamp", |
| 829 | + "description": "The date and time when the attribution was made or the information was supplied." |
| 830 | + }, |
| 831 | + "attributedTo": { |
| 832 | + "$ref": "#/$defs/cyclonedx-common-2.0/$defs/refLinkType", |
| 833 | + "title": "Attributed To", |
| 834 | + "description": "The `bom-ref` of an object, such as a component, service, tool, organisational entity, or person that supplied the cited information.\nAt least one of the \"attributedTo\" or \"process\" elements must be present." |
| 835 | + }, |
| 836 | + "process": { |
| 837 | + "$ref": "#/$defs/cyclonedx-common-2.0/$defs/refLinkType", |
| 838 | + "title": "Process Reference", |
| 839 | + "description": "The `bom-ref` to a process (such as a formula, workflow, task, or step) defined in the `formulation` section that executed or generated the attributed data.\nAt least one of the \"attributedTo\" or \"process\" elements must be present." |
| 840 | + }, |
| 841 | + "note": { |
| 842 | + "type": "string", |
| 843 | + "title": "Note", |
| 844 | + "description": "A description or comment about the context or quality of the data attribution." |
| 845 | + }, |
| 846 | + "signature": { |
| 847 | + "$ref": "#/$defs/cyclonedx-common-2.0/$defs/signature", |
| 848 | + "title": "Signature", |
| 849 | + "description": "A digital signature verifying the authenticity or integrity of the attribution." |
| 850 | + } |
| 851 | + }, |
| 852 | + "required": [ |
| 853 | + "timestamp" |
| 854 | + ], |
| 855 | + "anyOf": [ |
| 856 | + { |
| 857 | + "required": [ |
| 858 | + "attributedTo" |
| 859 | + ] |
| 860 | + }, |
| 861 | + { |
| 862 | + "required": [ |
| 863 | + "process" |
| 864 | + ] |
| 865 | + } |
| 866 | + ], |
| 867 | + "oneOf": [ |
| 868 | + { |
| 869 | + "required": [ |
| 870 | + "pointers" |
| 871 | + ] |
| 872 | + }, |
| 873 | + { |
| 874 | + "required": [ |
| 875 | + "expressions" |
| 876 | + ] |
| 877 | + } |
| 878 | + ] |
| 879 | + } |
| 880 | + } |
| 881 | + }, |
768 | 882 | "cyclonedx-common-2.0": { |
769 | 883 | "type": "null", |
770 | 884 | "title": "CycloneDX Common Model", |
|
6679 | 6793 | }, |
6680 | 6794 | "definitions": { |
6681 | 6795 | "$ref": "#/$defs/cyclonedx-definition-2.0/$defs/definitions" |
| 6796 | + }, |
| 6797 | + "citations": { |
| 6798 | + "$ref": "#/$defs/cyclonedx-citation-2.0/$defs/citations" |
| 6799 | + }, |
| 6800 | + "properties": { |
| 6801 | + "$ref": "#/$defs/cyclonedx-common-2.0/$defs/properties" |
| 6802 | + }, |
| 6803 | + "externalReferences": { |
| 6804 | + "$ref": "#/$defs/cyclonedx-common-2.0/$defs/externalReferences" |
| 6805 | + }, |
| 6806 | + "signature": { |
| 6807 | + "$ref": "#/$defs/cyclonedx-common-2.0/$defs/signature" |
6682 | 6808 | } |
6683 | 6809 | } |
6684 | 6810 | } |
|
![github-actions[bot]](https://avatars.githubusercontent.com/in/15368?v=4&size=40){kind=avatar}
0 commit comments