Added comment check

Signed-off-by: Steve Springett <[email protected]>

Author: stevespringett

tools/src/main/js/linter/README.md

@@ -38,6 +38,7 @@ node cli.js --list-checks
 | Check | Description |
 |-------|-------------|
 | `schema-id-pattern` | Validates `$id` matches CycloneDX URL pattern |
+| `schema-comment` | Validates `$comment` contains required standard notice |
 | `formatting-indent` | Validates 2-space indentation |
 | `description-full-stop` | Descriptions must end with full stop |
 | `meta-enum-full-stop` | `meta:enum` values must end with full stop |

tools/src/main/js/linter/checks/index.js

@@ -36,6 +36,7 @@ export async function loadAllChecks() {
 
 // Export individual check modules for direct access if needed
 export * from './schema-id-pattern.check.js';
+export * from './schema-comment.check.js';
 export * from './formatting-indent.check.js';
 export * from './description-full-stop.check.js';
 export * from './meta-enum-full-stop.check.js';

tools/src/main/js/linter/checks/schema-comment.check.js

@@ -0,0 +1,66 @@
+/**
+ * CycloneDX Schema Linter - Schema Comment Check
+ * 
+ * Validates that the root $comment property contains the required
+ * OWASP CycloneDX standard notice.
+ * 
+ * @license Apache-2.0
+ */
+
+import { LintCheck, registerCheck, Severity } from '../index.js';
+
+/**
+ * Required $comment text
+ */
+const REQUIRED_COMMENT = 'OWASP CycloneDX is an Ecma International standard (ECMA-424) developed in collaboration between the OWASP Foundation and Ecma Technical Committee 54 (TC54). The standard is published under a royalty-free patent policy. This JSON schema is the reference implementation and is licensed under the Apache License 2.0.';
+
+/**
+ * Check that validates the $comment property
+ */
+class SchemaCommentCheck extends LintCheck {
+  constructor() {
+    super(
+      'schema-comment',
+      'Schema Comment',
+      'Validates that the $comment property contains the required standard notice.',
+      Severity.ERROR
+    );
+  }
+
+  async run(schema, rawContent, config = {}) {
+    const issues = [];
+    
+    const requiredComment = config.requiredComment ?? REQUIRED_COMMENT;
+    
+    // Check if $comment exists at root level
+    if (!('$comment' in schema)) {
+      issues.push(this.createIssue(
+        'Schema is missing required $comment property.',
+        '$.$comment',
+        { expected: requiredComment }
+      ));
+      return issues;
+    }
+    
+    // Check if $comment matches required value
+    if (schema.$comment !== requiredComment) {
+      issues.push(this.createIssue(
+        '$comment does not match the required standard notice.',
+        '$.$comment',
+        {
+          actual: schema.$comment,
+          expected: requiredComment
+        }
+      ));
+    }
+    
+    return issues;
+  }
+}
+
+// Create and register the check
+const check = new SchemaCommentCheck();
+registerCheck(check);
+
+export { SchemaCommentCheck, REQUIRED_COMMENT };
+export default check;