Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

1.6 dev attestations #348

Merged
merged 25 commits into from
Jan 14, 2024
Merged

1.6 dev attestations #348

merged 25 commits into from
Jan 14, 2024

Conversation

jkowalleck
Copy link
Member

@jkowalleck jkowalleck commented Nov 28, 2023
edited
Loading

fixes #192

task list for spec enhacement

  • schema: JSON
  • schema: XML
  • schema: protobuff
  • examples/test cases

stevespringett and others added 14 commits July 11, 2023 14:23
@stevespringett
Initial checkin of 1.6 attestation support
de4193c 
Signed-off-by: Steve Springett <steve@springett.us>
Updates at the end of todays call
2a62ac3
@stevespringett
Moved standards out from declarations into definitions.
4a64108 
Signed-off-by: Steve Springett <steve@springett.us>
@stevespringett
Merge remote-tracking branch 'origin/1.6-dev-attestations' into 1.6-d…
d7d1890 
…ev-attestations
@stevespringett
Removing invalid types
53ff77d 
Signed-off-by: Steve Springett <steve@springett.us>
@stevespringett
adding missing type
f73a14a 
Signed-off-by: Steve Springett <steve@springett.us>
@stevespringett
Added missing type
e70a6e3 
Signed-off-by: Steve Springett <steve@springett.us>
@stevespringett
Added missing type
8f86882 
Signed-off-by: Steve Springett <steve@springett.us>
@stevespringett
Correcting object type
52506bb 
Signed-off-by: Steve Springett <steve@springett.us>
@stevespringett
Added descriptions that were developed by the working group. Minor ch…
8f0557e 
…anges to schema to include some changes and omissions.

Signed-off-by: Steve Springett <steve@springett.us>
Updates as of todays working group
1fde9ff 
Signed-off-by: steve.springett <steve.springett@servicenow.com>
@stevespringett
Added properties and description array as a result of todays meeting
d854c03 
Signed-off-by: Steve Springett <steve@springett.us>
@stevespringett
Merge remote-tracking branch 'origin/1.6-dev-attestations' into 1.6-d…
41fc736 
…ev-attestations
@stevespringett
Updated CRE support based on conversation with CRE project.
f3d54da 
Signed-off-by: Steve Springett <steve@springett.us>
@jkowalleck jkowalleck added this to the 1.6 milestone Nov 28, 2023
@jkowalleck
Copy link
Member Author

created this PR to make an early review easier.

@jkowalleck
Copy link
Member Author

same topic, but not part of this: https://github.com/CycloneDX/specification/compare/v1.5-dev-attestations?expand=1

jkowalleck
jkowalleck commented Nov 28, 2023
View reviewed changes
Copy link
Member Author

@jkowalleck jkowalleck left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

did a quick review.
see my thoughts below

schema/bom-1.6.schema.json Outdated Show resolved Hide resolved
jkowalleck and others added 8 commits December 15, 2023 19:36
@jkowalleck
Merge branch '1.6-dev' into 1.6-dev-attestations
0a54c3d
@stevespringett
Added attestation support to XSD and added JSON and XML test cases.
29a9a7d 
Signed-off-by: Steve Springett <steve@springett.us>
@stevespringett
Merge remote-tracking branch 'origin/1.6-dev-attestations' into 1.6-d…
7b6c563 
…ev-attestations
@stevespringett
Added valid standard JSON and XML test cases and minor corrections to…
5be18a1 
… schemas.

Signed-off-by: Steve Springett <steve@springett.us>
@stevespringett
Added valid standard JSON and XML test cases and minor corrections to…
89c0088 
… schemas.

Signed-off-by: Steve Springett <steve@springett.us>
@stevespringett
corrected parent
c537c58 
Signed-off-by: Steve Springett <steve@springett.us>
@stevespringett
Corrected level ref
1bac4d6 
Signed-off-by: Steve Springett <steve@springett.us>
@stevespringett
Added protobuf support and test cases
423fefe 
Signed-off-by: Steve Springett <steve@springett.us>
@stevespringett stevespringett marked this pull request as ready for review December 27, 2023 02:16
@stevespringett stevespringett requested a review from a team as a code owner December 27, 2023 02:16
@stevespringett
Copy link
Member

@CycloneDX/core-team can I get a review of this prior to promotion to TC54 meeting on January 11th please?

@stevespringett stevespringett linked an issue Dec 27, 2023 that may be closed by this pull request
Add support for attestations #192
Closed
jkowalleck
jkowalleck commented Dec 27, 2023
View reviewed changes
Copy link
Member Author

@jkowalleck jkowalleck left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

did no entire review yet, will do early next year.

still open:

@stevespringett stevespringett added tc54 reviewed Ecma TC54 has reviewed the feature candidate tc54 accepted Ecma TC54 has accepted the feature candidate labels Jan 11, 2024
@stevespringett stevespringett merged commit b2ae699 into 1.6-dev Jan 14, 2024
7 checks passed
@stevespringett stevespringett deleted the 1.6-dev-attestations branch January 14, 2024 06:13
@stevespringett stevespringett mentioned this pull request Jan 14, 2024
Closed
@jkowalleck jkowalleck mentioned this pull request Jan 14, 2024
Merged
@mr-zepol mr-zepol mentioned this pull request Mar 14, 2024
Merged
stevespringett added a commit that referenced this pull request Apr 9, 2024
@stevespringett
[WIP] v1.6 (#323)
c5032b8 
## Added

* Core enhancement: Attestation
([#192](#192) via
[#348](#348))
* Core enhancement: Cryptography Bill of Materials — CBOM
([#171](#171),
[#291](#291) via
[#347](#347))
* Feature to express the URL to source distribution
([#98](#98) via
[#269](#269))
* Feature to express the URL to RFC 9116 compliant documents
([#380](#380) via
[#381](#381))
* Feature to express tags/keywords for services and components (via
[#383](#383))
* Feature to express details for component authors
([#335](#335) via
[#379](#379))
* Feature to express details for component and BOM manufacturer
([#346](#346) via
[#379](#379))
* Feature to express communicate concluded values from observed
evidences ([#411](#411)
via [#412](#412))
* Features to express license acknowledgement
([#407](#407) via
[#408](#408))
* Feature to express environmental consideration information for model
cards ([#396](#396) via
[#395](#395))
* Feature to express the address of organizational entities (via
[#395](#395))
* Feature to express additional component identifiers: Universal Bill Of
Receipts Identifier and Software Heritage persistent IDs
([#413](#413) via
[#414](#414))

## Fixed

* Allow multiple evidence identities by XML/JSON schema
([#272](#272) via
[#359](#359))
  This was already correct via ProtoBuff schema.
* Prevent empty `license` entities by XML schema
([#288](#288) via
[#292](#292))
  This was already correct in JSON/ProtoBuff schema.
* Prevent empty or malformed `property` entities by JSON schema
([#371](#371) via
[#375](#375))
  This was already correct in XML/ProtoBuff schema.
* Allow multiple `licenses` in `Metadata` by ProtoBuff schema
([#264](#264) via
[#401](#401))
  This was already correct in XML/JSON schema.

## Changed

* Allow arbitrary `$schema` values by JSON schema
([#402](#402) via
[#403](#403))
* Increased max length of `versionRange` (via
[`3e01ce6`](3e01ce6))
* Harmonized length of `version` (via
[#417](#417))

## Deprecated

* Data model "Component"'s field `author` was deprecated. (via
[#379](#379))
  Use field `authors` or field `manufacturer` instead.
* Data model "Metadata"'s field `manufacture` was deprecated.
([#346](#346) via
[#379](#379))
  Use "Metadata"'s field `component`'s field `manufacturer` instead. 
  - for XML: `/bom/metadata/component/manufacturer`
  - for JSON: `$.metadata.component.manufacturer`
  - for ProtoBuf: `Bom:metadata.component.manufacturer`

## Documentation

* Centralize version and version-range (via
[#322](#322))
* Streamlined SPDX expression related descriptions (via
[#327](#327))
* Enhanced descriptions of `bom-ref`/`refType`
([#336](#336) via
[#344](#344))
* Enhanced readability of enum documentation in JSON schema
([#361](#361) via
[#362](#362))
* Fixed typo "compliment" -> "complement" (via
[#369](#369))
* Added documentation for enum "ComponentScope"'s values in JSON schema
([#293](#293) via
[`d92e58e`](d92e58e))
  Texts were a taken from the existing ones in XML/ProtoBuff schema.
* Added documentation for enum "TaskType"'s values
([#245](#245) via
[#377](#377))
* Improve documentation for data model "Metadata"'s field `licenses`
([#273](#273) via
[#378](#378))
* Added documentation for enum "MachineLearningApproachType"'s values
([#351](#351) via
[#416](#416))
* Rephrased some texts here and there.

## Test data

* Added test data for newly added use cases
* Added quality assurance for our ProtoBuf schemas
([#384](#384) via
[#385](#385))
@andreas-hilti andreas-hilti mentioned this pull request Aug 25, 2024
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@stevespringett stevespringett stevespringett left review comments

@coderpatros coderpatros Awaiting requested review from coderpatros

@DarthHater DarthHater Awaiting requested review from DarthHater

Assignees
No one assigned
Labels
tc54 accepted Ecma TC54 has accepted the feature candidate tc54 reviewed Ecma TC54 has reviewed the feature candidate
Projects
None yet
Milestone
1.6
Development

Successfully merging this pull request may close these issues.

Add support for attestations
2 participants
@jkowalleck @stevespringett