Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

docs: annotate protobuf licenses #468

Merged
merged 1 commit into from
May 28, 2024
Merged

docs: annotate protobuf licenses #468

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
6 changes: 5 additions & 1 deletion schema/bom-1.5.proto
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -106,6 +106,7 @@ message Component {
// Specifies the scope of the component. If scope is not specified, SCOPE_REQUIRED scope should be assumed by the consumer of the BOM
optional Scope scope = 11;
repeated Hash hashes = 12;
// EITHER (list of SPDX licenses and/or named licenses) OR (tuple of one SPDX License Expression)
repeated LicenseChoice licenses = 13;
// An optional copyright notice informing users of the underlying claims to copyright ownership in a published work.
optional string copyright = 14;
Expand Down Expand Up @@ -352,7 +353,7 @@ message License {
// Licensing details describing the licensor/licensee, license type, renewal and expiration dates, and other important metadata
optional Licensing licensing = 6;
// Specifies optional, custom, properties
repeated Property properties = 7;
repeated Property properties = 7;
}

message Licensing {
Expand Down Expand Up @@ -431,6 +432,7 @@ message Metadata {
// The organization that supplied the component that the BOM describes. The supplier may often be the manufacture, but may also be a distributor or repackager.
optional OrganizationalEntity supplier = 6;
// The license information for the BOM document
// EITHER (list of SPDX licenses and/or named licenses) OR (tuple of one SPDX License Expression)
optional LicenseChoice licenses = 7;
// Specifies optional, custom, properties
repeated Property properties = 8;
Expand Down Expand Up @@ -554,6 +556,7 @@ message Service {
// A boolean value indicating if use of the service crosses a trust zone or boundary. A value of true indicates that by using the service, a trust boundary is crossed. A value of false indicates that by using the service, a trust boundary is not crossed.
optional bool x_trust_boundary = 9;
repeated DataFlow data = 10;
// EITHER (list of SPDX licenses and/or named licenses) OR (tuple of one SPDX License Expression)
repeated LicenseChoice licenses = 11;
// Provides the ability to document external references related to the service.
repeated ExternalReference external_references = 12;
Expand Down Expand Up @@ -650,6 +653,7 @@ message EvidenceCopyright {
}

message Evidence {
// EITHER (list of SPDX licenses and/or named licenses) OR (tuple of one SPDX License Expression)
repeated LicenseChoice licenses = 1;
repeated EvidenceCopyright copyright = 2;
repeated EvidenceIdentity identity = 3;
Expand Down
4 changes: 4 additions & 0 deletions schema/bom-1.6.proto
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -113,6 +113,7 @@ message Component {
// Specifies the scope of the component. If a scope is not specified, SCOPE_REQUIRED scope should be assumed by the consumer of the BOM
optional Scope scope = 11;
repeated Hash hashes = 12;
// EITHER (list of SPDX licenses and/or named licenses) OR (tuple of one SPDX License Expression)
repeated LicenseChoice licenses = 13;
// An optional copyright notice informing users of the underlying claims to copyright ownership in a published work.
optional string copyright = 14;
Expand Down Expand Up @@ -483,6 +484,7 @@ message Metadata {
// The organization that supplied the component that the BOM describes. The supplier may often be the manufacture, but may also be a distributor or repackager.
optional OrganizationalEntity supplier = 6;
// The license information for the BOM document. This may be different from the license(s) of the component(s) that the BOM describes.
// EITHER (list of SPDX licenses and/or named licenses) OR (tuple of one SPDX License Expression)
repeated LicenseChoice licenses = 7;
// Specifies optional, custom, properties
repeated Property properties = 8;
Expand Down Expand Up @@ -612,6 +614,7 @@ message Service {
// A boolean value indicating if the use of the service crosses a trust zone or boundary. A value of true indicates that by using the service, a trust boundary is crossed. A value of false indicates that by using the service, a trust boundary is not crossed.
optional bool x_trust_boundary = 9;
repeated DataFlow data = 10;
// EITHER (list of SPDX licenses and/or named licenses) OR (tuple of one SPDX License Expression)
repeated LicenseChoice licenses = 11;
// Provides the ability to document external references related to the service.
repeated ExternalReference external_references = 12;
Expand Down Expand Up @@ -711,6 +714,7 @@ message EvidenceCopyright {
}

message Evidence {
// EITHER (list of SPDX licenses and/or named licenses) OR (tuple of one SPDX License Expression)
repeated LicenseChoice licenses = 1;
repeated EvidenceCopyright copyright = 2;
repeated EvidenceIdentity identity = 3;
Expand Down