@@ -22,7 +22,7 @@ limitations under the License.
2222 targetNamespace =" http://cyclonedx.org/schema/bom/1.6"
2323 vc : minVersion =" 1.0"
2424 vc : maxVersion =" 1.1"
25- version =" 1.6.0 "
25+ version =" 1.6.1 "
2626
2727 <xs : import namespace =" http://cyclonedx.org/schema/spdx" schemaLocation =" spdx.SNAPSHOT.xsd"
2828
@@ -572,6 +572,9 @@ limitations under the License.
572572 </xs : annotation >
573573 </xs : element >
574574 <xs : element name =" hashes" minOccurs =" 0" maxOccurs =" 1"
575+ <xs : annotation >
576+ <xs : documentation >The hashes of the component.</xs : documentation >
577+ </xs : annotation >
575578 <xs : complexType >
576579 <xs : sequence minOccurs =" 0" maxOccurs =" unbounded"
577580 <xs : element name =" hash" type =" bom:hashType"
@@ -698,7 +701,7 @@ limitations under the License.
698701 type `machine-learning-model` and must not be specified for other component types.</xs : documentation >
699702 </xs : annotation >
700703 </xs : element >
701- <xs : element name =" data" type =" bom:componentDataType" minOccurs =" 0" maxOccurs =" 1 "
704+ <xs : element name =" data" type =" bom:componentDataType" minOccurs =" 0" maxOccurs =" unbounded "
702705 <xs : annotation >
703706 <xs : documentation >This object SHOULD be specified for any component of type `data` and must not be
704707 specified for other component types.</xs : documentation >
@@ -1842,6 +1845,12 @@ limitations under the License.
18421845 </xs : complexType >
18431846 </xs : element >
18441847 <xs : element name =" references" minOccurs =" 0" maxOccurs =" 1"
1848+ <xs : annotation >
1849+ <xs : documentation xml : lang =" en"
1850+ A collection of URL's for reference. Multiple URLs are allowed.
1851+ Example: "https://example.com"
1852+ </xs : documentation >
1853+ </xs : annotation >
18451854 <xs : complexType >
18461855 <xs : sequence minOccurs =" 0" maxOccurs =" unbounded"
18471856 <xs : element name =" url" type =" xs:anyURI"
@@ -2058,6 +2067,12 @@ limitations under the License.
20582067 </xs : annotation >
20592068 </xs : element >
20602069 <xs : element name =" endpoints" minOccurs =" 0" maxOccurs =" 1"
2070+ <xs : annotation >
2071+ <xs : documentation >
2072+ The endpoint URIs of the service. Multiple endpoints are allowed.
2073+ Example: "https://example.com/api/v1/ticker"
2074+ </xs : documentation >
2075+ </xs : annotation >
20612076 <xs : complexType >
20622077 <xs : sequence minOccurs =" 0" maxOccurs =" unbounded"
20632078 <xs : element name =" endpoint" type =" xs:anyURI" minOccurs =" 1"
@@ -2088,6 +2103,9 @@ limitations under the License.
20882103 </xs : annotation >
20892104 </xs : element >
20902105 <xs : element name =" data" minOccurs =" 0" maxOccurs =" 1"
2106+ <xs : annotation >
2107+ <xs : documentation >Specifies information about the data including the directional flow of data and the data classification.</xs : documentation >
2108+ </xs : annotation >
20912109 <xs : complexType >
20922110 <xs : choice >
20932111 <xs : sequence minOccurs =" 0" maxOccurs =" unbounded"
@@ -2253,10 +2271,28 @@ limitations under the License.
22532271 states that the direction is not known.</xs : documentation >
22542272 </xs : annotation >
22552273 <xs : restriction base =" xs:string"
2256- <xs : enumeration value =" inbound"
2257- <xs : enumeration value =" outbound"
2258- <xs : enumeration value =" bi-directional"
2259- <xs : enumeration value =" unknown"
2274+ <xs : enumeration value =" inbound"
2275+ <xs : annotation >
2276+ <xs : documentation >
2277+ Data that enters a service.
2278+ </xs : documentation >
2279+ </xs : annotation >
2280+ </xs : enumeration >
2281+ <xs : enumeration value =" outbound"
2282+ <xs : annotation >
2283+ <xs : documentation >Data that exits a service.</xs : documentation >
2284+ </xs : annotation >
2285+ </xs : enumeration >
2286+ <xs : enumeration value =" bi-directional"
2287+ <xs : annotation >
2288+ <xs : documentation >Data flows in and out of the service.</xs : documentation >
2289+ </xs : annotation >
2290+ </xs : enumeration >
2291+ <xs : enumeration value =" unknown"
2292+ <xs : annotation >
2293+ <xs : documentation >The directional flow of data is not known.</xs : documentation >
2294+ </xs : annotation >
2295+ </xs : enumeration >
22602296 </xs : restriction >
22612297 </xs : simpleType >
22622298
@@ -2562,6 +2598,11 @@ limitations under the License.
25622598 <xs : complexType >
25632599 <xs : sequence >
25642600 <xs : element name =" frame" minOccurs =" 0" maxOccurs =" unbounded"
2601+ <xs : annotation >
2602+ <xs : documentation >
2603+ Within a call stack, a frame is a discrete unit that encapsulates an execution context, including local variables, parameters, and the return address. As function calls are made, frames are pushed onto the stack, forming an array-like structure that orchestrates the flow of program execution and manages the sequence of function invocations.
2604+ </xs : documentation >
2605+ </xs : annotation >
25652606 <xs : complexType >
25662607 <xs : sequence >
25672608 <xs : element name =" package" type =" xs:string" minOccurs =" 0" maxOccurs =" 1"
@@ -2628,7 +2669,13 @@ limitations under the License.
26282669 </xs : complexType >
26292670 </xs : element >
26302671 <xs : element name =" licenses" type =" bom:licenseChoiceType" minOccurs =" 0" maxOccurs =" 1"
2631- <xs : element name =" copyright" type =" bom:copyrightsType" minOccurs =" 0" maxOccurs =" 1"
2672+ <xs : element name =" copyright" type =" bom:copyrightsType" minOccurs =" 0" maxOccurs =" 1"
2673+ <xs : annotation >
2674+ <xs : documentation >
2675+ opyright evidence captures intellectual property assertions, providing evidence of possible ownership and legal protection.
2676+ </xs : documentation >
2677+ </xs : annotation >
2678+ </xs : element >
26322679 <xs : any namespace =" ##other" processContents =" lax" minOccurs =" 0" maxOccurs =" unbounded"
26332680 <xs : annotation >
26342681 <xs : documentation >
@@ -2932,13 +2979,13 @@ limitations under the License.
29322979 </xs : anyAttribute >
29332980 </xs : complexType >
29342981
2935- <!--
2936- Model card support in CycloneDX is derived from TensorFlow Model Card Toolkit released under the Apache 2.0 license and
2937- available from https://github.com/tensorflow/model-card-toolkit/blob/main/model_card_toolkit/schema/v0.0.2/model_card.schema.json.
2938- In addition, CycloneDX model card support includes portions of VerifyML, also released under the Apache 2.0 license and
2939- available from https://github.com/cylynx/verifyml/blob/main/verifyml/model_card_toolkit/schema/v0.0.4/model_card.schema.json.
2940- -->
29412982 <xs : complexType name =" modelCardType"
2983+ <!--
2984+ Model card support in CycloneDX is derived from TensorFlow Model Card Toolkit released under the Apache 2.0 license and
2985+ available from https://github.com/tensorflow/model-card-toolkit/blob/main/model_card_toolkit/schema/v0.0.2/model_card.schema.json.
2986+ In addition, CycloneDX model card support includes portions of VerifyML, also released under the Apache 2.0 license and
2987+ available from https://github.com/cylynx/verifyml/blob/main/verifyml/model_card_toolkit/schema/v0.0.4/model_card.schema.json.
2988+ -->
29422989 <xs : annotation >
29432990 <xs : documentation >
29442991 A model card describes the intended uses of a machine learning model and potential limitations, including
@@ -3014,7 +3061,11 @@ limitations under the License.
30143061 <xs : union memberTypes =" bom:refLinkType bom:bomLinkElementType"
30153062 </xs : simpleType >
30163063 </xs : element >
3017- <xs : element name =" dataset" type =" bom:componentDataType" minOccurs =" 0" maxOccurs =" 1"
3064+ <xs : element name =" dataset" type =" bom:componentDataType" minOccurs =" 0" maxOccurs =" 1"
3065+ <xs : annotation >
3066+ <xs : documentation >Inline Data Information</xs : documentation >
3067+ </xs : annotation >
3068+ </xs : element >
30183069 </xs : choice >
30193070 </xs : complexType >
30203071 </xs : element >
@@ -4649,13 +4700,41 @@ limitations under the License.
46494700 </xs : documentation >
46504701 </xs : annotation >
46514702 <xs : restriction base =" xs:string"
4652- <xs : enumeration value =" critical"
4653- <xs : enumeration value =" high"
4654- <xs : enumeration value =" medium"
4655- <xs : enumeration value =" low"
4656- <xs : enumeration value =" info"
4657- <xs : enumeration value =" none"
4658- <xs : enumeration value =" unknown"
4703+ <xs : enumeration value =" critical"
4704+ <xs : annotation >
4705+ <xs : documentation >Critical severity</xs : documentation >
4706+ </xs : annotation >
4707+ </xs : enumeration >
4708+ <xs : enumeration value =" high"
4709+ <xs : annotation >
4710+ <xs : documentation >High severity</xs : documentation >
4711+ </xs : annotation >
4712+ </xs : enumeration >
4713+ <xs : enumeration value =" medium"
4714+ <xs : annotation >
4715+ <xs : documentation >Medium severity</xs : documentation >
4716+ </xs : annotation >
4717+ </xs : enumeration >
4718+ <xs : enumeration value =" low"
4719+ <xs : annotation >
4720+ <xs : documentation >Low severity</xs : documentation >
4721+ </xs : annotation >
4722+ </xs : enumeration >
4723+ <xs : enumeration value =" info"
4724+ <xs : annotation >
4725+ <xs : documentation >Informational warning.</xs : documentation >
4726+ </xs : annotation >
4727+ </xs : enumeration >
4728+ <xs : enumeration value =" none"
4729+ <xs : annotation >
4730+ <xs : documentation >None</xs : documentation >
4731+ </xs : annotation >
4732+ </xs : enumeration >
4733+ <xs : enumeration value =" unknown"
4734+ <xs : annotation >
4735+ <xs : documentation >The severity is not known</xs : documentation >
4736+ </xs : annotation >
4737+ </xs : enumeration >
46594738 </xs : restriction >
46604739 </xs : simpleType >
46614740
@@ -4852,11 +4931,31 @@ limitations under the License.
48524931 </xs : documentation >
48534932 </xs : annotation >
48544933 <xs : restriction base =" xs:string"
4855- <xs : enumeration value =" can_not_fix"
4856- <xs : enumeration value =" will_not_fix"
4857- <xs : enumeration value =" update"
4858- <xs : enumeration value =" rollback"
4859- <xs : enumeration value =" workaround_available"
4934+ <xs : enumeration value =" can_not_fix"
4935+ <xs : annotation >
4936+ <xs : documentation >Can not fix</xs : documentation >
4937+ </xs : annotation >
4938+ </xs : enumeration >
4939+ <xs : enumeration value =" will_not_fix"
4940+ <xs : annotation >
4941+ <xs : documentation >Will not fix</xs : documentation >
4942+ </xs : annotation >
4943+ </xs : enumeration >
4944+ <xs : enumeration value =" update"
4945+ <xs : annotation >
4946+ <xs : documentation >Update to a different revision or release</xs : documentation >
4947+ </xs : annotation >
4948+ </xs : enumeration >
4949+ <xs : enumeration value =" rollback"
4950+ <xs : annotation >
4951+ <xs : documentation >Revert to a previous revision or release</xs : documentation >
4952+ </xs : annotation >
4953+ </xs : enumeration >
4954+ <xs : enumeration value =" workaround_available"
4955+ <xs : annotation >
4956+ <xs : documentation >There is a workaround available</xs : documentation >
4957+ </xs : annotation >
4958+ </xs : enumeration >
48604959 </xs : restriction >
48614960 </xs : simpleType >
48624961
@@ -4871,9 +4970,21 @@ limitations under the License.
48714970 </xs : documentation >
48724971 </xs : annotation >
48734972 <xs : restriction base =" xs:string"
4874- <xs : enumeration value =" affected"
4875- <xs : enumeration value =" unaffected"
4876- <xs : enumeration value =" unknown"
4973+ <xs : enumeration value =" affected"
4974+ <xs : annotation >
4975+ <xs : documentation >The version is affected by the vulnerability.</xs : documentation >
4976+ </xs : annotation >
4977+ </xs : enumeration >
4978+ <xs : enumeration value =" unaffected"
4979+ <xs : annotation >
4980+ <xs : documentation >The version is not affected by the vulnerability.</xs : documentation >
4981+ </xs : annotation >
4982+ </xs : enumeration >
4983+ <xs : enumeration value =" unknown"
4984+ <xs : annotation >
4985+ <xs : documentation >It is unknown (or unspecified) whether the given version is affected.</xs : documentation >
4986+ </xs : annotation >
4987+ </xs : enumeration >
48774988 </xs : restriction >
48784989 </xs : simpleType >
48794990
@@ -7834,6 +7945,12 @@ limitations under the License.
78347945 </xs : complexType >
78357946 </xs : element >
78367947 <xs : element name =" affirmation" minOccurs =" 0" maxOccurs =" 1"
7948+ <xs : annotation >
7949+ <xs : documentation >
7950+ A concise statement affirmed by an individual regarding all declarations, often used for third-party auditor acceptance or recipient acknowledgment.
7951+ It includes a list of authorized signatories who assert the validity of the document on behalf of the organization.
7952+ </xs : documentation >
7953+ </xs : annotation >
78377954 <xs : complexType >
78387955 <xs : sequence >
78397956 <xs : element name =" statement" type =" xs:string" minOccurs =" 0" maxOccurs =" 1"
@@ -8027,7 +8144,7 @@ limitations under the License.
80278144 </xs : annotation >
80288145 <xs : complexType >
80298146 <xs : sequence >
8030- <xs : element name =" description" type =" xs:string" minOccurs =" 0" maxOccurs =" 1 "
8147+ <xs : element name =" description" type =" xs:string" minOccurs =" 0" maxOccurs =" unbounded "
80318148 </xs : sequence >
80328149 </xs : complexType >
80338150 </xs : element >
0 commit comments