RFC: Add per component and per BOM key/value pairs #42
Comments
|
I really like this addition. It supports use cases like internal (semi-)automated workflows. I propose this is also included at the BOM level. (Just re-read that and realised you have it for both) |
|
I really like this. This is exactly what we need. When can we expect this? |
|
@wrgoff This is still being designed. Once complete, if the RFC is approved, then it will be incorporated into the next version of the CycloneDX specification (v1.3). Historically, there has been a new release of CycloneDX in Q1/Q2 every year for the past three years. |
|
I'm +1 to this addition as well. |
…, and an individual component and service.
|
Reopening. For XML, I think it makes sense to implement the value as a child element rather than an attribute. The original proposal specified: <properties>
<property name="myprop" value="myvalue"/>
</properties>However, I think it might be better to support it like this: <properties>
<property name="myprop">myvalue</property>
</properties>By doing it this way, adopters could specify CDATA in value to minimize escaping. Thoughts? Does it matter? The way its implemented in JSON would remain the same. |
|
I think the second option is better. There's also inconsistency between the JSON and XML schema. |
|
I don't have a strong opinion, at all, but I prefer |
|
Actually, I much prefer name. When I hear key value I think the key would be unique. That isn’t the case here. |
|
You bring up a good point @coderpatros. While implementing support for this I originally started with a hashmap, then realized it would not work since duplicates are allowed in the spec. I'll change it to name/value for both and ensure the value in XML is an element rather than an attribute. |
|
Ok, the changes have been made. The following syntax is now used: XML<properties>
<property name="Foo">Bar</property>
<property name="Foo">You</property>
<property name="Foo">Two</property>
<property name="Bar">Foo</property>
</properties>JSON"properties": [
{
"name": "Foo",
"value": "Bar"
},
{
"name": "Foo",
"value": "You"
},
{
"name": "Foo",
"value": "Two"
},
{
"name": "Bar",
"value": "Foo"
}
] |
There are times when adopters and implementors of CycloneDX need to specify data that falls outside of what the spec provides. Vendor specific schema extensions are one way to accomplish that, however, it also leads to vendor lock-in.
Therefore, it is desirable to support per component and per bom key/value stores.
For example:
This allows a certain degree of customization without having to use vendor-specific extensions. Support for properties inside of other objects (e.g. supplier and license) may also be desirable.
The text was updated successfully, but these errors were encountered: