|
167 | 167 | "comment": { |
168 | 168 | "type": "string", |
169 | 169 | "title": "Comment", |
170 | | - "description": "An optional comment describing the external reference" |
| 170 | + "description": "A comment describing the external reference" |
171 | 171 | }, |
172 | 172 | "type": { |
173 | 173 | "type": "string", |
|
216 | 216 | "electronic-signature", |
217 | 217 | "digital-signature", |
218 | 218 | "rfc-9116", |
| 219 | + "patent", |
| 220 | + "patent-family", |
| 221 | + "patent-assertion", |
| 222 | + "citation", |
219 | 223 | "other" |
220 | 224 | ], |
221 | 225 | "meta:enum": { |
|
241 | 245 | "log": "A record of events that occurred in a computer system or application, such as problems, errors, or information on current operations.", |
242 | 246 | "configuration": "Parameters or settings that may be used by other components or services.", |
243 | 247 | "evidence": "Information used to substantiate a claim.", |
244 | | - "formulation": "Describes how a component or service was manufactured or deployed.", |
| 248 | + "formulation": "Describes the formulation of any referencable object within the BOM, including components, services, metadata, declarations, or the BOM itself.", |
245 | 249 | "attestation": "Human or machine-readable statements containing facts, evidence, or testimony.", |
246 | 250 | "threat-model": "An enumeration of identified weaknesses, threats, and countermeasures, dataflow diagram (DFD), attack tree, and other supporting documentation in human-readable or machine-readable format.", |
247 | 251 | "adversary-model": "The defined assumptions, goals, and capabilities of an adversary.", |
|
261 | 265 | "electronic-signature": "An e-signature is commonly a scanned representation of a written signature or a stylized script of the person's name.", |
262 | 266 | "digital-signature": "A signature that leverages cryptography, typically public/private key pairs, which provides strong authenticity verification.", |
263 | 267 | "rfc-9116": "Document that complies with [RFC 9116](https://www.ietf.org/rfc/rfc9116.html) (A File Format to Aid in Security Vulnerability Disclosure)", |
| 268 | + "patent": "References information about patents which may be defined in human-readable documents or in machine-readable formats such as CycloneDX or ST.96. For detailed patent information or to reference the information provided directly by patent offices, it is recommended to leverage standards from the World Intellectual Property Organization (WIPO) such as [ST.96](https://www.wipo.int/standards/en/st96).", |
| 269 | + "patent-family": "References information about a patent family which may be defined in human-readable documents or in machine-readable formats such as CycloneDX or ST.96. A patent family is a group of related patent applications or granted patents that cover the same or similar invention. For detailed patent family information or to reference the information provided directly by patent offices, it is recommended to leverage standards from the World Intellectual Property Organization (WIPO) such as [ST.96](https://www.wipo.int/standards/en/st96).", |
| 270 | + "patent-assertion" : "References assertions made regarding patents associated with a component or service. Assertions distinguish between ownership, licensing, and other relevant interactions with patents.", |
| 271 | + "citation": "A reference to external citations applicable to the object identified by this BOM entry or the BOM itself. When used with a BOM-Link, this allows offloading citations into a separate CycloneDX BOM.", |
264 | 272 | "other": "Use this if no other types accurately describe the purpose of the external reference." |
265 | 273 | } |
266 | 274 | }, |
|
269 | 277 | "items": {"$ref": "#/$defs/hash"}, |
270 | 278 | "title": "Hashes", |
271 | 279 | "description": "The hashes of the external reference (if applicable)." |
| 280 | + }, |
| 281 | + "properties": { |
| 282 | + "$ref": "#/$defs/properties" |
272 | 283 | } |
273 | 284 | } |
274 | 285 | }, |
|
0 commit comments