Merge pull request #228 from CycloneDX/v1.5-dev-org-bomrefs

Added bom-refs to organizationalEntity and organizationalContact

Author: stevespringett

schema/bom-1.5.proto

@@ -463,6 +463,8 @@ message OrganizationalContact {
   optional string email = 2;
   // The phone number of the contact.
   optional string phone = 3;
+  // An optional identifier which can be used to reference the object elsewhere in the BOM. Uniqueness is enforced within all elements and children of the root-level bom element.
+  optional string bom_ref = 4;
 }
 
 message OrganizationalEntity {
@@ -472,6 +474,8 @@ message OrganizationalEntity {
   repeated string url = 2;
   // A contact person at the organization. Multiple contacts are allowed.
   repeated OrganizationalContact contact = 3;
+  // An optional identifier which can be used to reference the object elsewhere in the BOM. Uniqueness is enforced within all elements and children of the root-level bom element.
+  optional string bom_ref = 4;
 }
 
 enum PatchClassification {

schema/bom-1.5.schema.json

@@ -303,6 +303,11 @@
       "description": "",
       "additionalProperties": false,
       "properties": {
+        "bom-ref": {
+          "$ref": "#/definitions/refType",
+          "title": "BOM Reference",
+          "description": "An optional identifier which can be used to reference the object elsewhere in the BOM. Every bom-ref MUST be unique within the BOM."
+        },
         "name": {
           "type": "string",
           "title": "Name",
@@ -335,6 +340,11 @@
       "description": "",
       "additionalProperties": false,
       "properties": {
+        "bom-ref": {
+          "$ref": "#/definitions/refType",
+          "title": "BOM Reference",
+          "description": "An optional identifier which can be used to reference the object elsewhere in the BOM. Every bom-ref MUST be unique within the BOM."
+        },
         "name": {
           "type": "string",
           "title": "Name",

schema/bom-1.5.xsd

@@ -295,6 +295,14 @@ limitations under the License.
                 </xs:annotation>
             </xs:any>
         </xs:sequence>
+        <xs:attribute name="bom-ref" type="bom:refType">
+            <xs:annotation>
+                <xs:documentation>
+                    An optional identifier which can be used to reference the object elsewhere in the BOM.
+                    Uniqueness is enforced within all elements and children of the root-level bom element.
+                </xs:documentation>
+            </xs:annotation>
+        </xs:attribute>
         <xs:anyAttribute namespace="##other" processContents="lax">
             <xs:annotation>
                 <xs:documentation>User-defined attributes may be used on this element as long as they
@@ -376,6 +384,14 @@ limitations under the License.
                 </xs:annotation>
             </xs:any>
         </xs:sequence>
+        <xs:attribute name="bom-ref" type="bom:refType">
+            <xs:annotation>
+                <xs:documentation>
+                    An optional identifier which can be used to reference the object elsewhere in the BOM.
+                    Uniqueness is enforced within all elements and children of the root-level bom element.
+                </xs:documentation>
+            </xs:annotation>
+        </xs:attribute>
         <xs:anyAttribute namespace="##other" processContents="lax">
             <xs:annotation>
                 <xs:documentation>User-defined attributes may be used on this element as long as they

tools/src/test/resources/1.5/valid-metadata-manufacture-1.5.json

@@ -5,12 +5,14 @@
   "version": 1,
   "metadata": {
     "manufacture": {
+      "bom-ref": "manufacturer-1",
       "name": "Acme, Inc.",
       "url": [
         "https://example.com"
       ],
       "contact": [
         {
+          "bom-ref": "contact-1",
           "name": "Acme Professional Services",
           "email": "[email protected]"
         }

tools/src/test/resources/1.5/valid-metadata-manufacture-1.5.textproto

@@ -8,6 +8,8 @@ metadata {
     contact {
       name: "Acme Professional Services"
       email: "[email protected]"
+      bom_ref: "contact-1"
     }
+    bom_ref: "manufacturer-1"
   }
 }

tools/src/test/resources/1.5/valid-metadata-manufacture-1.5.xml

@@ -1,10 +1,10 @@
 <?xml version="1.0"?>
 <bom serialNumber="urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79" version="1" xmlns="http://cyclonedx.org/schema/bom/1.5">
     <metadata>
-        <manufacture>
+        <manufacture bom-ref="manufacturer-1">
             <name>Acme, Inc.</name>
             <url>https://example.com</url>
-            <contact>
+            <contact bom-ref="contact-1">
                 <name>Acme Professional Services</name>
                 <email>[email protected]</email>
             </contact>

tools/src/test/resources/1.5/valid-metadata-supplier-1.5.json

@@ -5,12 +5,14 @@
   "version": 1,
   "metadata": {
     "supplier": {
+      "bom-ref": "supplier-1",
       "name": "Acme, Inc.",
       "url": [
         "https://example.com"
       ],
       "contact": [
         {
+          "bom-ref": "contact-1",
           "name": "Acme Distribution",
           "email": "[email protected]"
         }

tools/src/test/resources/1.5/valid-metadata-supplier-1.5.textproto

@@ -8,6 +8,8 @@ metadata {
     contact {
       name: "Acme Distribution"
       email: "[email protected]"
+      bom_ref: "contact-1"
     }
+    bom_ref: "supplier-1"
   }
 }

tools/src/test/resources/1.5/valid-metadata-supplier-1.5.xml

@@ -1,10 +1,10 @@
 <?xml version="1.0"?>
 <bom serialNumber="urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79" version="1" xmlns="http://cyclonedx.org/schema/bom/1.5">
     <metadata>
-        <supplier>
+        <supplier bom-ref="supplier-1">
             <name>Acme, Inc.</name>
             <url>https://example.com</url>
-            <contact>
+            <contact bom-ref="contact-1">
                 <name>Acme Distribution</name>
                 <email>[email protected]</email>
             </contact>