diff --git a/schema/bom-1.6.proto b/schema/bom-1.6.proto index 89991875..6947085f 100644 --- a/schema/bom-1.6.proto +++ b/schema/bom-1.6.proto @@ -436,19 +436,19 @@ enum LicensingTypeEnum { } message Metadata { - // The date and time (timestamp) when the document was created. + // The date and time (timestamp) when the CycloneDX document was created. optional google.protobuf.Timestamp timestamp = 1; - // The tool(s) used in the creation of the BOM. + // The tool(s) used in the creation of the Cyclonedx document. optional Tool tools = 2; - // The person(s) who created the BOM. Authors are common in BOMs created through manual processes. BOMs created through automated means may not have authors. + // The person(s) who created the CycloneDX document. Authors are common in documents created through manual processes. Documents created through automated means may not have authors. This may be different from the author(s) of the component that the CycloneDX document describes. repeated OrganizationalContact authors = 3; // The component that the BOM describes. optional Component component = 4; - // The organization that manufactured the component that the BOM describes. + // The organization that manufactured the CycloneDX document (the "manufacturer", although the field is misspelled). This may be different from the manufacurer of the component that the CycloneDX document describes. optional OrganizationalEntity manufacture = 5; - // The organization that supplied the component that the BOM describes. The supplier may often be the manufacture, but may also be a distributor or repackager. + // The organization that supplied the CycloneDX document. The supplier may often be the manufacture, but may also be a distributor or repackager. This may be different from the supplier of the component that the CycloneDX document describes. optional OrganizationalEntity supplier = 6; - // The license information for the BOM document + // The license information for the CycloneDX document. This may be different from the license(s) of the component that the CycloneDX document describes. optional LicenseChoice licenses = 7; // Specifies optional, custom, properties repeated Property properties = 8; diff --git a/schema/bom-1.6.schema.json b/schema/bom-1.6.schema.json index 695b1d2d..31db5bb7 100644 --- a/schema/bom-1.6.schema.json +++ b/schema/bom-1.6.schema.json @@ -573,7 +573,7 @@ "type": "string", "format": "date-time", "title": "Timestamp", - "description": "The date and time (timestamp) when the BOM was created." + "description": "The date and time (timestamp) when the CycloneDX document was created." }, "lifecycles": { "type": "array", @@ -633,13 +633,13 @@ } ] } - }, + }, "tools": { "oneOf": [ { "type": "object", "title": "Creation Tools", - "description": "The tool(s) used in the creation of the BOM.", + "description": "The tool(s) used in the creation of the CycloneDX document.", "additionalProperties": false, "properties": { "components": { @@ -661,7 +661,7 @@ { "type": "array", "title": "Creation Tools (legacy)", - "description": "[Deprecated] The tool(s) used in the creation of the BOM.", + "description": "[Deprecated] The tool(s) used in the creation of the CycloneDX document.", "items": {"$ref": "#/definitions/tool"} } ] @@ -669,26 +669,27 @@ "authors" :{ "type": "array", "title": "Authors", - "description": "The person(s) who created the BOM. Authors are common in BOMs created through manual processes. BOMs created through automated means may not have authors.", + "description": "The person(s) who created the CycloneDX document.\nAuthors are common in documents created through manual processes. Documents created through automated means may not have authors.\nThis may be different from the author(s) of the component that the CycloneDX document describes.", "items": {"$ref": "#/definitions/organizationalContact"} }, "component": { "title": "Component", - "description": "The component that the BOM describes.", + "description": "The component that the CycloneDX document describes.", "$ref": "#/definitions/component" }, "manufacture": { - "title": "Manufacture", - "description": "The organization that manufactured the component that the BOM describes.", + "title": "Manufacturer", + "description": "The organization that manufactured the CycloneDX document (the \"manufacturer\", although the property is misspelled).\nThis may be different from the manufacturer of the component that the CycloneDX document describes.", "$ref": "#/definitions/organizationalEntity" }, "supplier": { "title": "Supplier", - "description": " The organization that supplied the component that the BOM describes. The supplier may often be the manufacturer, but may also be a distributor or repackager.", + "description": " The organization that supplied the CycloneDX document. The supplier may often be the manufacturer, but may also be a distributor or repackager.\nThis may be different from the supplier of the component that the CycloneDX document describes.", "$ref": "#/definitions/organizationalEntity" }, "licenses": { - "title": "BOM License(s)", + "title": "Document's License(s)", + "description": "The license(s) to apply to the CycloneDX document.\nThis may be different from the license(s) of the component that the CycloneDX document describes.", "$ref": "#/definitions/licenseChoice" }, "properties": { diff --git a/schema/bom-1.6.xsd b/schema/bom-1.6.xsd index c3c9b230..fea624d8 100644 --- a/schema/bom-1.6.xsd +++ b/schema/bom-1.6.xsd @@ -123,7 +123,7 @@ limitations under the License. - The date and time (timestamp) when the BOM was created. + The date and time (timestamp) when the CycloneDX document was created. @@ -170,7 +170,7 @@ limitations under the License. - The tool(s) used in the creation of the BOM. + The tool(s) used in the creation of the CycloneDX document. @@ -198,8 +198,11 @@ limitations under the License. - The person(s) who created the BOM. Authors are common in BOMs created through - manual processes. BOMs created through automated means may not have authors. + + The person(s) who created the CycloneDX document. + Authors are common in documents created through manual processes. Documents created through automated means may not have authors. + This may be different from the author(s) of the component that the CycloneDX document describes. + @@ -209,21 +212,33 @@ limitations under the License. - The component that the BOM describes. + The component that the CycloneDX document describes. - The organization that manufactured the component that the BOM describes. + + The organization that manufactured the CycloneDX document (the "manufacturer", although the element is misspelled). + This may be different from the manufacturer of the component that the CycloneDX document describes. + - The organization that supplied the component that the BOM describes. The - supplier may often be the manufacturer, but may also be a distributor or repackager. + + The organization that supplied the CycloneDX document. The supplier may often be the manufacturer, but may also be a distributor or repackager. + This may be different from the supplier of the component that the CycloneDX document describes. + + + + + + + The license(s) to applies to the CycloneDX document. + This may be different from the license(s) of the component that the CycloneDX document describes. + - Provides the ability to document properties in a name/value store.