Merge branch 'master' into fix/issue-528

schema/bom-1.6.xsd

@@ -698,7 +698,7 @@ limitations under the License.
                         type `machine-learning-model` and must not be specified for other component types.</xs:documentation>
                 </xs:annotation>
             </xs:element>
-            <xs:element name="data" type="bom:componentDataType" minOccurs="0" maxOccurs="1">
+            <xs:element name="data" type="bom:componentDataType" minOccurs="0" maxOccurs="unbounded">
                 <xs:annotation>
                     <xs:documentation>This object SHOULD be specified for any component of type `data` and must not be
                         specified for other component types.</xs:documentation>

tools/src/test/proto/buf_lint.yaml

@@ -4,7 +4,7 @@ version: v2
 lint:  # https://buf.build/docs/configuration/v2/buf-yaml#lint
   use:  # see https://buf.build/docs/lint/rules
     - STANDARD  # https://buf.build/docs/lint/rules/#standard
-    # - COMMENTS  # https://buf.build/docs/lint/rules/#comments
+    - COMMENTS  # https://buf.build/docs/lint/rules/#comments
   except:
     # directory/file layout does not match the recommendation/framework of the tool
     - DIRECTORY_SAME_PACKAGE   # https://buf.build/docs/lint/rules#directory_same_package
@@ -14,6 +14,11 @@ lint:  # https://buf.build/docs/configuration/v2/buf-yaml#lint
     # (shall be fixed with v2.0 of this very schema)
     - PACKAGE_VERSION_SUFFIX   # https://buf.build/docs/lint/rules#package_version_suffix
     - FIELD_LOWER_SNAKE_CASE   # https://buf.build/docs/lint/rules#field_lower_snake_case
+    # some comments are not required, as they should be self-explanatory from their respective symbol name or the symbol's applied usage 
+    - COMMENT_MESSAGE
+    - COMMENT_ENUM
+    - COMMENT_ENUM_VALUE
+    - COMMENT_ONEOF
   ignore_only:
     # legacy schema files may NOT stick to the rules -- this is acknowledged.
     STANDARD:

tools/src/test/resources/1.6/valid-component-data-1.6.json

@@ -0,0 +1,30 @@
+{
+  "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json",
+  "bomFormat": "CycloneDX",
+  "specVersion": "1.6",
+  "serialNumber": "urn:uuid:1b1bff0e-fdb9-4088-8b9a-1a9f2d9006da",
+  "version": 1,
+  "components": [
+    {
+      "type": "data",
+      "name": "my-configs",
+      "version": "1337",
+      "data": [
+        {
+          "type": "configuration",
+          "name": "app.ini",
+          "contents": {
+            "url": "https://example.com/cfg/1337/app.ini"
+          }
+        },
+        {
+          "type": "other",
+          "name": ".env",
+          "contents": {
+            "url": "https://example.com/cfg/1337/env"
+          }
+        }
+      ]
+    }
+  ]
+}

tools/src/test/resources/1.6/valid-component-data-1.6.textproto

@@ -0,0 +1,25 @@
+# proto-file: schema/bom-1.6.proto
+# proto-message: Bom
+
+spec_version: "1.6"
+version: 1
+serial_number: "urn:uuid:1b1bff0e-fdb9-4088-8b9a-1a9f2d9006da"
+components {
+    type: CLASSIFICATION_DATA
+    name: "my-configs"
+    version: "1337"
+    data {
+       type: COMPONENT_DATA_TYPE_CONFIGURATION
+        name: "app.data"
+        contents {
+            url: "https://example.com/cfg/1337/app.ini"
+        }
+    }
+    data {
+        type: COMPONENT_DATA_TYPE_OTHER
+        name: ".env"
+        contents {
+            url: "https://example.com/cfg/1337/env"
+        }
+    }
+}

tools/src/test/resources/1.6/valid-component-data-1.6.xml

@@ -0,0 +1,24 @@
+<?xml version="1.0"?>
+<bom serialNumber="urn:uuid:1b1bff0e-fdb9-4088-8b9a-1a9f2d9006da" version="1"
+     xmlns="http://cyclonedx.org/schema/bom/1.6">
+    <components>
+        <component type="data">
+            <name>my-configs</name>
+            <version>1337</version>
+            <data>
+                <type>configuration</type>
+                <name>app.ini</name>
+                <contents>
+                    <url>https://example.com/cfg/1337/app.ini</url>
+                </contents>
+            </data>
+            <data>
+                <type>other</type>
+                <name>.env</name>
+                <contents>
+                    <url>https://example.com/cfg/1337/env</url>
+                </contents>
+            </data>
+        </component>
+    </components>
+</bom>

tools/src/test/resources/1.6/valid-component-types-1.6.json

@@ -44,6 +44,11 @@
       "type": "file",
       "name": "file-a",
       "version": "1.0"
+    },
+    {
+      "type": "data",
+      "name": "data-a",
+      "version": "1.0"
     }
   ]
 }

tools/src/test/resources/1.6/valid-component-types-1.6.textproto

@@ -44,3 +44,8 @@ components {
   name: "file-a"
   version: "1.0"
 }
+components {
+  type: CLASSIFICATION_DATA
+  name: "data-a"
+  version: "1.0"
+}

tools/src/test/resources/1.6/valid-component-types-1.6.xml

@@ -33,5 +33,9 @@
             <name>file-a</name>
             <version>1.0</version>
         </component>
+        <component type="data">
+            <name>data-a</name>
+            <version>1.0</version>
+        </component>
     </components>
 </bom>

tools/src/test/resources/1.6/valid-external-reference-1.6.json

@@ -34,6 +34,185 @@
           "comment": "Vendor provided documentation for the product"
         }
       ]
+    },
+    {
+      "type": "application",
+      "name": "dummy",
+      "description": "this component has all external reference types possible",
+      "externalReferences": [
+        {
+          "type": "vcs",
+          "url": "http://example.com/extref/vcs"
+        },
+        {
+          "type": "issue-tracker",
+          "url": "http://example.com/extref/issue-tracker"
+        },
+        {
+          "type": "website",
+          "url": "http://example.com/extref/website"
+        },
+        {
+          "type": "advisories",
+          "url": "http://example.com/extref/advisories"
+        },
+        {
+          "type": "bom",
+          "url": "http://example.com/extref/bom"
+        },
+        {
+          "type": "mailing-list",
+          "url": "http://example.com/extref/mailing-list"
+        },
+        {
+          "type": "social",
+          "url": "http://example.com/extref/social"
+        },
+        {
+          "type": "chat",
+          "url": "http://example.com/extref/chat"
+        },
+        {
+          "type": "documentation",
+          "url": "http://example.com/extref/documentation"
+        },
+        {
+          "type": "support",
+          "url": "http://example.com/extref/support"
+        },
+        {
+          "type": "source-distribution",
+          "url": "http://example.com/extref/source-distribution"
+        },
+        {
+          "type": "distribution",
+          "url": "http://example.com/extref/distribution"
+        },
+        {
+          "type": "distribution-intake",
+          "url": "http://example.com/extref/distribution-intake"
+        },
+        {
+          "type": "license",
+          "url": "http://example.com/extref/license"
+        },
+        {
+          "type": "build-meta",
+          "url": "http://example.com/extref/build-meta"
+        },
+        {
+          "type": "build-system",
+          "url": "http://example.com/extref/build-system"
+        },
+        {
+          "type": "release-notes",
+          "url": "http://example.com/extref/release-notes"
+        },
+        {
+          "type": "security-contact",
+          "url": "http://example.com/extref/security-contact"
+        },
+        {
+          "type": "model-card",
+          "url": "http://example.com/extref/model-card"
+        },
+        {
+          "type": "log",
+          "url": "http://example.com/extref/log"
+        },
+        {
+          "type": "configuration",
+          "url": "http://example.com/extref/configuration"
+        },
+        {
+          "type": "evidence",
+          "url": "http://example.com/extref/evidence"
+        },
+        {
+          "type": "formulation",
+          "url": "http://example.com/extref/formulation"
+        },
+        {
+          "type": "attestation",
+          "url": "http://example.com/extref/attestation"
+        },
+        {
+          "type": "threat-model",
+          "url": "http://example.com/extref/threat-model"
+        },
+        {
+          "type": "adversary-model",
+          "url": "http://example.com/extref/adversary-model"
+        },
+        {
+          "type": "risk-assessment",
+          "url": "http://example.com/extref/risk-assessment"
+        },
+        {
+          "type": "vulnerability-assertion",
+          "url": "http://example.com/extref/vulnerability-assertion"
+        },
+        {
+          "type": "exploitability-statement",
+          "url": "http://example.com/extref/exploitability-statement"
+        },
+        {
+          "type": "pentest-report",
+          "url": "http://example.com/extref/pentest-report"
+        },
+        {
+          "type": "static-analysis-report",
+          "url": "http://example.com/extref/static-analysis-report"
+        },
+        {
+          "type": "dynamic-analysis-report",
+          "url": "http://example.com/extref/dynamic-analysis-report"
+        },
+        {
+          "type": "runtime-analysis-report",
+          "url": "http://example.com/extref/runtime-analysis-report"
+        },
+        {
+          "type": "component-analysis-report",
+          "url": "http://example.com/extref/component-analysis-report"
+        },
+        {
+          "type": "maturity-report",
+          "url": "http://example.com/extref/maturity-report"
+        },
+        {
+          "type": "certification-report",
+          "url": "http://example.com/extref/certification-report"
+        },
+        {
+          "type": "quality-metrics",
+          "url": "http://example.com/extref/quality-metrics"
+        },
+        {
+          "type": "codified-infrastructure",
+          "url": "http://example.com/extref/codified-infrastructure"
+        },
+        {
+          "type": "poam",
+          "url": "http://example.com/extref/poam"
+        },
+        {
+          "type": "electronic-signature",
+          "url": "http://example.com/extref/electronic-signature"
+        },
+        {
+          "type": "digital-signature",
+          "url": "http://example.com/extref/digital-signature"
+        },
+        {
+          "type": "rfc-9116",
+          "url": "http://example.com/extref/rfc-9116"
+        },
+        {
+          "type": "other",
+          "url": "http://example.com/extref/other"
+        }
+      ]
     }
   ]
 }