diff --git a/schema/bom-1.7.proto b/schema/bom-1.7.proto
index 999dccba..7f00a470 100644
--- a/schema/bom-1.7.proto
+++ b/schema/bom-1.7.proto
@@ -320,6 +320,8 @@ enum ExternalReferenceType {
EXTERNAL_REFERENCE_TYPE_RFC_9116 = 41;
// Reference to release notes
EXTERNAL_REFERENCE_TYPE_RELEASE_NOTES = 42;
+ // A document specifying the lifecycle phase of the component and its support status. The document might be machine-readable (Common Lifecycle Enumeration, OpenEOX) or human-readable.
+ EXTERNAL_REFERENCE_TYPE_SUPPORT_POLICY = 43;
}
enum HashAlg {
diff --git a/schema/bom-1.7.schema.json b/schema/bom-1.7.schema.json
index 60459495..78449bd3 100644
--- a/schema/bom-1.7.schema.json
+++ b/schema/bom-1.7.schema.json
@@ -1805,6 +1805,7 @@
"electronic-signature",
"digital-signature",
"rfc-9116",
+ "support-policy",
"other"
],
"meta:enum": {
@@ -1850,6 +1851,7 @@
"electronic-signature": "An e-signature is commonly a scanned representation of a written signature or a stylized script of the person's name.",
"digital-signature": "A signature that leverages cryptography, typically public/private key pairs, which provides strong authenticity verification.",
"rfc-9116": "Document that complies with [RFC 9116](https://www.ietf.org/rfc/rfc9116.html) (A File Format to Aid in Security Vulnerability Disclosure)",
+ "support-policy": "A document specifying the lifecycle phase of the component and its support policy. The document might be machine-readable (Common Lifecycle Enumeration, OpenEOX) or human-readable.",
"other": "Use this if no other types accurately describe the purpose of the external reference."
}
},
diff --git a/schema/bom-1.7.xsd b/schema/bom-1.7.xsd
index dfc9eaa5..8bd7b2f1 100644
--- a/schema/bom-1.7.xsd
+++ b/schema/bom-1.7.xsd
@@ -1578,6 +1578,11 @@ limitations under the License.
Document that complies with RFC-9116 (A File Format to Aid in Security Vulnerability Disclosure)
+
+
+ A document specifying the lifecycle phase of the component and its support status. The document might be machine-readable (Common Lifecycle Enumeration, OpenEOX) or human-readable.
+
+
Use this if no other types accurately describe the purpose of the external reference
diff --git a/tools/src/test/resources/1.7/valid-external-reference-1.7.json b/tools/src/test/resources/1.7/valid-external-reference-1.7.json
index 6b9895a3..dcf4ac82 100644
--- a/tools/src/test/resources/1.7/valid-external-reference-1.7.json
+++ b/tools/src/test/resources/1.7/valid-external-reference-1.7.json
@@ -208,6 +208,10 @@
"type": "rfc-9116",
"url": "http://example.com/extref/rfc-9116"
},
+ {
+ "type": "support-policy",
+ "url": "https://example.com/extref/cle.json"
+ },
{
"type": "other",
"url": "http://example.com/extref/other"
diff --git a/tools/src/test/resources/1.7/valid-external-reference-1.7.textproto b/tools/src/test/resources/1.7/valid-external-reference-1.7.textproto
index 06117b3a..bbeaebae 100644
--- a/tools/src/test/resources/1.7/valid-external-reference-1.7.textproto
+++ b/tools/src/test/resources/1.7/valid-external-reference-1.7.textproto
@@ -202,6 +202,10 @@ components {
type: EXTERNAL_REFERENCE_TYPE_RFC_9116
url: "http://example.com/extref/rfc-9116"
}
+ external_references {
+ type: EXTERNAL_REFERENCE_TYPE_SUPPORT_POLICY
+ url: "https://example.com/extref/cle.json"
+ }
external_references {
type: EXTERNAL_REFERENCE_TYPE_OTHER
url: "http://example.com/extref/other"
diff --git a/tools/src/test/resources/1.7/valid-external-reference-1.7.xml b/tools/src/test/resources/1.7/valid-external-reference-1.7.xml
index f46368b1..887bf8c8 100644
--- a/tools/src/test/resources/1.7/valid-external-reference-1.7.xml
+++ b/tools/src/test/resources/1.7/valid-external-reference-1.7.xml
@@ -70,6 +70,7 @@
http://example.com/extref/electronic-signature
http://example.com/extref/digital-signature
http://example.com/extref/rfc-9116
+ https://example.com/extref/cle.json
http://example.com/extref/other