hoppr-cyclonedx-models 0.6.0__py3-none-any.whl → 0.6.1__py3-none-any.whl

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Potentially problematic release.

This version of hoppr-cyclonedx-models might be problematic. Click here for more details.

Files changed (11) hide show
  1. hoppr_cyclonedx_models/__init__.py +1 -1
  2. hoppr_cyclonedx_models/cyclonedx_1_3.py +59 -13
  3. hoppr_cyclonedx_models/cyclonedx_1_4.py +127 -58
  4. hoppr_cyclonedx_models/cyclonedx_1_5.py +1118 -361
  5. hoppr_cyclonedx_models/cyclonedx_1_6.py +1615 -407
  6. hoppr_cyclonedx_models/spdx.py +28 -3
  7. {hoppr_cyclonedx_models-0.6.0.dist-info → hoppr_cyclonedx_models-0.6.1.dist-info}/METADATA +6 -4
  8. hoppr_cyclonedx_models-0.6.1.dist-info/RECORD +12 -0
  9. {hoppr_cyclonedx_models-0.6.0.dist-info → hoppr_cyclonedx_models-0.6.1.dist-info}/WHEEL +1 -1
  10. hoppr_cyclonedx_models-0.6.0.dist-info/RECORD +0 -12
  11. {hoppr_cyclonedx_models-0.6.0.dist-info → hoppr_cyclonedx_models-0.6.1.dist-info/licenses}/LICENSE +0 -0
hoppr_cyclonedx_models/cyclonedx_1_6.py CHANGED
@@ -1,6 +1,6 @@
1
1
  """
2
2
  --------------------------------------------------------------------------------
3
- SPDX-FileCopyrightText: Copyright © 2024 Lockheed Martin <open.source@lmco.com>
3
+ SPDX-FileCopyrightText: Copyright © 2025 Lockheed Martin <open.source@lmco.com>
4
4
  SPDX-FileName: hoppr_cyclonedx_models/cyclonedx_1_6.py
5
5
  SPDX-FileType: SOURCE
6
6
  SPDX-License-Identifier: MIT
@@ -25,15 +25,15 @@ THE SOFTWARE.
25
25
  --------------------------------------------------------------------------------
26
26
  This file was generated by datamodel-codegen:
27
27
  filename: bom-1.6.schema.json
28
- timestamp: 2024-07-15T17:53:40+00:00
29
- version: 0.21.5
28
+ timestamp: 2025-09-17T19:02:47+00:00
29
+ version: 0.25.7
30
30
  """
31
31
 
32
32
  from __future__ import annotations
33
33
 
34
34
  from datetime import datetime
35
35
  from enum import Enum
36
- from typing import Any, List, Optional, Union
36
+ from typing import List, Optional, Union
37
37
 
38
38
  from pydantic import AnyUrl, EmailStr, Extra, Field
39
39
  from typing_extensions import Annotated, Literal
@@ -65,18 +65,6 @@ class Confidence(CycloneDXBaseModel):
65
65
  ] = None
66
66
 
67
67
 
68
- RefType = Annotated[
69
- str,
70
- Field(
71
- description=(
72
- "Identifier for referable and therefore interlinkable elements.\nValue SHOULD not start with the BOM-Link"
73
- " intro 'urn:cdx:' to avoid conflicts with BOM-Links."
74
- ),
75
- min_length=1,
76
- ),
77
- ]
78
-
79
-
80
68
  RefLinkType = Annotated[
81
69
  str,
82
70
  Field(
@@ -130,14 +118,22 @@ class Phase(Enum):
130
118
  return next((member for member in cls if member.name in {str(value), str(value).upper()}), None)
131
119
 
132
120
 
133
- class Lifecycle(CycloneDXBaseModel):
121
+ class Lifecycles(CycloneDXBaseModel):
122
+ """
123
+ The product lifecycle(s) that this BOM represents.
124
+ """
125
+
134
126
  class Config:
135
127
  extra = Extra.forbid
136
128
 
137
129
  phase: Annotated[Phase, Field(description="A pre-defined phase in the product lifecycle.", title="Phase")]
138
130
 
139
131
 
140
- class Lifecycle1(CycloneDXBaseModel):
132
+ class Lifecycles1(CycloneDXBaseModel):
133
+ """
134
+ The product lifecycle(s) that this BOM represents.
135
+ """
136
+
141
137
  class Config:
142
138
  extra = Extra.forbid
143
139
 
@@ -157,7 +153,7 @@ class OrganizationalContact(CycloneDXBaseModel):
157
153
  alias="bom-ref",
158
154
  description=(
159
155
  "An optional identifier which can be used to reference the object elsewhere in the BOM. Every bom-ref"
160
- " MUST be unique within the BOM.\nValue SHOULD not start with the BOM-Link intro 'urn:cdx:' to avoid"
156
+ " must be unique within the BOM.\nValue SHOULD not start with the BOM-Link intro 'urn:cdx:' to avoid"
161
157
  " conflicts with BOM-Links."
162
158
  ),
163
159
  min_length=1,
@@ -235,7 +231,15 @@ class Attachment(CycloneDXBaseModel):
235
231
  contentType: Annotated[
236
232
  Optional[str],
237
233
  Field(
238
- description="Specifies the content type of the text. Defaults to text/plain if not specified.",
234
+ description=(
235
+ "Specifies the format and nature of the data being attached, helping systems correctly interpret and"
236
+ " process the content. Common content type examples include `application/json` for JSON data and"
237
+ " `text/plain` for plan text documents.\n [RFC 2045 section"
238
+ " 5.1](https://www.ietf.org/rfc/rfc2045.html#section-5.1) outlines the structure and use of content"
239
+ " types. For a comprehensive list of registered content types, refer to the [IANA media types"
240
+ " registry](https://www.iana.org/assignments/media-types/media-types.xhtml)."
241
+ ),
242
+ examples=["text/plain", "application/json", "image/png"],
239
243
  title="Content-Type",
240
244
  ),
241
245
  ] = "text/plain"
@@ -307,71 +311,54 @@ class LicenseType(Enum):
307
311
  return next((member for member in cls if member.name in {str(value), str(value).upper()}), None)
308
312
 
309
313
 
310
- class Licensing(CycloneDXBaseModel):
314
+ class LicenseAcknowledgementEnumeration(Enum):
311
315
  """
312
- Licensing details describing the licensor/licensee, license type, renewal and expiration dates, and other important metadata
316
+ Declared licenses and concluded licenses represent two different stages in the licensing process within software development. Declared licenses refer to the initial intention of the software authors regarding the licensing terms under which their code is released. On the other hand, concluded licenses are the result of a comprehensive analysis of the project's codebase to identify and confirm the actual licenses of the components used, which may differ from the initially declared licenses. While declared licenses provide an upfront indication of the licensing intentions, concluded licenses offer a more thorough understanding of the actual licensing within a project, facilitating proper compliance and risk management. Observed licenses are defined in `@.evidence.licenses`. Observed licenses form the evidence necessary to substantiate a concluded license.
313
317
  """
314
318
 
319
+ DECLARED = declared = "declared"
320
+ CONCLUDED = concluded = "concluded"
321
+
322
+ def __str__(self) -> str:
323
+ return str(self.value)
324
+
325
+ @classmethod
326
+ def _missing_(cls, value: object):
327
+ return next((member for member in cls if member.name in {str(value), str(value).upper()}), None)
328
+
329
+
330
+ class LicenseChoice21(CycloneDXBaseModel):
315
331
  class Config:
316
332
  extra = Extra.forbid
317
333
 
318
- altIds: Annotated[
319
- Optional[List[str]],
320
- Field(
321
- description="License identifiers that may be used to manage licenses and their lifecycle",
322
- title="Alternate License Identifiers",
323
- ),
324
- ] = None
325
- purchaseOrder: Annotated[
326
- Optional[str],
334
+ expression: Annotated[
335
+ str,
327
336
  Field(
328
337
  description=(
329
- "The purchase order identifier the purchaser sent to a supplier or vendor to authorize a purchase"
338
+ "A valid SPDX license expression.\nRefer to https://spdx.org/specifications for syntax requirements"
330
339
  ),
331
- title="Purchase Order",
340
+ examples=["Apache-2.0 AND (MIT OR GPL-2.0-only)", "GPL-3.0-only WITH Classpath-exception-2.0"],
341
+ title="SPDX License Expression",
332
342
  ),
333
- ] = None
334
- licenseTypes: Annotated[
335
- Optional[List[LicenseType]],
336
- Field(description="The type of license(s) that was granted to the licensee.", title="License Type"),
337
- ] = None
338
- lastRenewal: Annotated[
339
- Optional[datetime],
343
+ ]
344
+ acknowledgement: Optional[LicenseAcknowledgementEnumeration] = None
345
+ bom_ref: Annotated[
346
+ Optional[str],
340
347
  Field(
348
+ alias="bom-ref",
341
349
  description=(
342
- "The timestamp indicating when the license was last renewed. For new purchases, this is often the"
343
- " purchase or acquisition date. For non-perpetual licenses or subscriptions, this is the timestamp of"
344
- " when the license was last renewed."
350
+ "An optional identifier which can be used to reference the license elsewhere in the BOM. Every bom-ref"
351
+ " must be unique within the BOM.\nValue SHOULD not start with the BOM-Link intro 'urn:cdx:' to avoid"
352
+ " conflicts with BOM-Links."
345
353
  ),
346
- title="Last Renewal",
347
- ),
348
- ] = None
349
- expiration: Annotated[
350
- Optional[datetime],
351
- Field(
352
- description="The timestamp indicating when the current license expires (if applicable).", title="Expiration"
354
+ min_length=1,
355
+ title="BOM Reference",
353
356
  ),
354
357
  ] = None
355
358
 
356
359
 
357
- class LicenseAcknowledgementEnumeration(Enum):
358
- """
359
- Declared licenses and concluded licenses represent two different stages in the licensing process within software development. Declared licenses refer to the initial intention of the software authors regarding the licensing terms under which their code is released. On the other hand, concluded licenses are the result of a comprehensive analysis of the project's codebase to identify and confirm the actual licenses of the components used, which may differ from the initially declared licenses. While declared licenses provide an upfront indication of the licensing intentions, concluded licenses offer a more thorough understanding of the actual licensing within a project, facilitating proper compliance and risk management. Observed licenses are defined in `@.evidence.licenses`. Observed licenses form the evidence necessary to substantiate a concluded license.
360
- """
361
-
362
- DECLARED = declared = "declared"
363
- CONCLUDED = concluded = "concluded"
364
-
365
- def __str__(self) -> str:
366
- return str(self.value)
367
-
368
- @classmethod
369
- def _missing_(cls, value: object):
370
- return next((member for member in cls if member.name in {str(value), str(value).upper()}), None)
371
-
372
-
373
360
  LicenseChoice2 = Annotated[
374
- List[Any],
361
+ List[LicenseChoice21],
375
362
  Field(
376
363
  description="A tuple of exactly one SPDX License Expression.",
377
364
  max_items=1,
@@ -560,7 +547,7 @@ class Type3(Enum):
560
547
 
561
548
  class Dependency(CycloneDXBaseModel):
562
549
  """
563
- Defines the direct dependencies of a component, service, or the components provided/implemented by a given component. Components or services that do not have their own dependencies MUST be declared as empty elements within the graph. Components or services that are not represented in the dependency graph MAY have unknown dependencies. It is RECOMMENDED that implementations assume this to be opaque and not an indicator of an object being dependency-free. It is RECOMMENDED to leverage compositions to indicate unknown dependency graphs.
550
+ Defines the direct dependencies of a component, service, or the components provided/implemented by a given component. Components or services that do not have their own dependencies must be declared as empty elements within the graph. Components or services that are not represented in the dependency graph may have unknown dependencies. It is recommended that implementations assume this to be opaque and not an indicator of an object being dependency-free. It is recommended to leverage compositions to indicate unknown dependency graphs.
564
551
  """
565
552
 
566
553
  class Config:
@@ -573,16 +560,17 @@ class Dependency(CycloneDXBaseModel):
573
560
  ),
574
561
  ]
575
562
  dependsOn: Annotated[
576
- Optional[List[RefLinkType]],
563
+ Optional[List[str]],
577
564
  Field(
578
565
  description=(
579
566
  "The bom-ref identifiers of the components or services that are dependencies of this dependency object."
580
567
  ),
568
+ min_length=1,
581
569
  title="Depends On",
582
570
  ),
583
571
  ] = None
584
572
  provides: Annotated[
585
- Optional[List[RefLinkType]],
573
+ Optional[List[str]],
586
574
  Field(
587
575
  description=(
588
576
  "The bom-ref identifiers of the components or services that define a given specification or standard,"
@@ -590,6 +578,7 @@ class Dependency(CycloneDXBaseModel):
590
578
  " which implements a cryptographic algorithm. A component which implements another component does not"
591
579
  " imply that the implementation is in use."
592
580
  ),
581
+ min_length=1,
593
582
  title="Provides",
594
583
  ),
595
584
  ] = None
@@ -614,10 +603,14 @@ class DataFlowDirection(Enum):
614
603
 
615
604
 
616
605
  class Copyright(CycloneDXBaseModel):
606
+ """
607
+ A copyright notice informing users of the underlying claims to copyright ownership in a published work.
608
+ """
609
+
617
610
  class Config:
618
611
  extra = Extra.forbid
619
612
 
620
- text: Annotated[str, Field(title="Copyright Text")]
613
+ text: Annotated[str, Field(description="The textual content of the copyright.", title="Copyright Text")]
621
614
 
622
615
 
623
616
  class Occurrence(CycloneDXBaseModel):
@@ -630,7 +623,7 @@ class Occurrence(CycloneDXBaseModel):
630
623
  alias="bom-ref",
631
624
  description=(
632
625
  "An optional identifier which can be used to reference the occurrence elsewhere in the BOM. Every"
633
- " bom-ref MUST be unique within the BOM.\nValue SHOULD not start with the BOM-Link intro 'urn:cdx:' to"
626
+ " bom-ref must be unique within the BOM.\nValue SHOULD not start with the BOM-Link intro 'urn:cdx:' to"
634
627
  " avoid conflicts with BOM-Links."
635
628
  ),
636
629
  min_length=1,
@@ -745,7 +738,7 @@ class AggregateType(Enum):
745
738
 
746
739
  class Property(CycloneDXBaseModel):
747
740
  """
748
- Provides the ability to document properties in a name-value store. This provides flexibility to include data not officially supported in the standard without having to use additional namespaces or create extensions. Unlike key-value stores, properties support duplicate names, each potentially having different values. Property names of interest to the general public are encouraged to be registered in the [CycloneDX Property Taxonomy](https://github.com/CycloneDX/cyclonedx-property-taxonomy). Formal registration is OPTIONAL.
741
+ Provides the ability to document properties in a name-value store. This provides flexibility to include data not officially supported in the standard without having to use additional namespaces or create extensions. Unlike key-value stores, properties support duplicate names, each potentially having different values. Property names of interest to the general public are encouraged to be registered in the [CycloneDX Property Taxonomy](https://github.com/CycloneDX/cyclonedx-property-taxonomy). Formal registration is optional.
749
742
  """
750
743
 
751
744
  class Config:
@@ -799,19 +792,6 @@ class Advisory(CycloneDXBaseModel):
799
792
  url: Annotated[str, Field(description="Location where the advisory can be obtained.", title="URL")]
800
793
 
801
794
 
802
- Cwe = Annotated[
803
- int,
804
- Field(
805
- description=(
806
- "Integer representation of a Common Weaknesses Enumerations (CWE). For example 399 (of"
807
- " https://cwe.mitre.org/data/definitions/399.html)"
808
- ),
809
- ge=1,
810
- title="CWE",
811
- ),
812
- ]
813
-
814
-
815
795
  class Severity(Enum):
816
796
  """
817
797
  Textual representation of the severity of the vulnerability adopted by the analysis method. If the analysis method uses values other than what is provided, the user is expected to translate appropriately.
@@ -1019,19 +999,6 @@ class Analysis(CycloneDXBaseModel):
1019
999
  ] = None
1020
1000
 
1021
1001
 
1022
- class Affect(CycloneDXBaseModel):
1023
- class Config:
1024
- extra = Extra.forbid
1025
-
1026
- ref: Annotated[
1027
- Union[RefLinkType, BomLinkElementType],
1028
- Field(description="References a component or service by the objects bom-ref", title="Reference"),
1029
- ]
1030
- versions: Annotated[
1031
- Optional[List], Field(description="Zero or more individual versions or range of versions.", title="Versions")
1032
- ] = None
1033
-
1034
-
1035
1002
  class AffectedStatus(Enum):
1036
1003
  """
1037
1004
  The vulnerability status of a given version or range of versions of a product. The statuses 'affected' and 'unaffected' indicate that the version is affected or unaffected by the vulnerability. The status 'unknown' indicates that it is unknown or unspecified whether the given version is affected. There can be many reasons for an 'unknown' status, including that an investigation has not been undertaken or that a vendor has not disclosed the status.
@@ -1102,7 +1069,7 @@ class Approach(CycloneDXBaseModel):
1102
1069
  ] = None
1103
1070
 
1104
1071
 
1105
- class Dataset(CycloneDXBaseModel):
1072
+ class Datasets(CycloneDXBaseModel):
1106
1073
  class Config:
1107
1074
  extra = Extra.forbid
1108
1075
 
@@ -1177,7 +1144,7 @@ class Graphic(CycloneDXBaseModel):
1177
1144
  image: Annotated[
1178
1145
  Optional[Attachment],
1179
1146
  Field(
1180
- description="The graphic (vector or raster). Base64 encoding MUST be specified for binary images.",
1147
+ description="The graphic (vector or raster). Base64 encoding must be specified for binary images.",
1181
1148
  title="Graphic Image",
1182
1149
  ),
1183
1150
  ] = None
@@ -1346,7 +1313,7 @@ class PostalAddress(CycloneDXBaseModel):
1346
1313
  alias="bom-ref",
1347
1314
  description=(
1348
1315
  "An optional identifier which can be used to reference the address elsewhere in the BOM. Every bom-ref"
1349
- " MUST be unique within the BOM.\nValue SHOULD not start with the BOM-Link intro 'urn:cdx:' to avoid"
1316
+ " must be unique within the BOM.\nValue SHOULD not start with the BOM-Link intro 'urn:cdx:' to avoid"
1350
1317
  " conflicts with BOM-Links."
1351
1318
  ),
1352
1319
  min_length=1,
@@ -1382,7 +1349,20 @@ class Command(CycloneDXBaseModel):
1382
1349
  executed: Annotated[
1383
1350
  Optional[str], Field(description="A text representation of the executed command.", title="Executed")
1384
1351
  ] = None
1385
- properties: Annotated[Optional[List[Property]], Field(title="Properties")] = None
1352
+ properties: Annotated[
1353
+ Optional[List[Property]],
1354
+ Field(
1355
+ description=(
1356
+ "Provides the ability to document properties in a name-value store. This provides flexibility to"
1357
+ " include data not officially supported in the standard without having to use additional namespaces or"
1358
+ " create extensions. Unlike key-value stores, properties support duplicate names, each potentially"
1359
+ " having different values. Property names of interest to the general public are encouraged to be"
1360
+ " registered in the [CycloneDX Property"
1361
+ " Taxonomy](https://github.com/CycloneDX/cyclonedx-property-taxonomy). Formal registration is optional."
1362
+ ),
1363
+ title="Properties",
1364
+ ),
1365
+ ] = None
1386
1366
 
1387
1367
 
1388
1368
  class AccessMode(Enum):
@@ -1464,7 +1444,20 @@ class Volume(CycloneDXBaseModel):
1464
1444
  Optional[bool],
1465
1445
  Field(description="Indicates if the volume is remotely (i.e., network) attached.", title="Remote"),
1466
1446
  ] = None
1467
- properties: Annotated[Optional[List[Property]], Field(title="Properties")] = None
1447
+ properties: Annotated[
1448
+ Optional[List[Property]],
1449
+ Field(
1450
+ description=(
1451
+ "Provides the ability to document properties in a name-value store. This provides flexibility to"
1452
+ " include data not officially supported in the standard without having to use additional namespaces or"
1453
+ " create extensions. Unlike key-value stores, properties support duplicate names, each potentially"
1454
+ " having different values. Property names of interest to the general public are encouraged to be"
1455
+ " registered in the [CycloneDX Property"
1456
+ " Taxonomy](https://github.com/CycloneDX/cyclonedx-property-taxonomy). Formal registration is optional."
1457
+ ),
1458
+ title="Properties",
1459
+ ),
1460
+ ] = None
1468
1461
 
1469
1462
 
1470
1463
  class Type6(Enum):
@@ -1524,7 +1517,20 @@ class Condition(CycloneDXBaseModel):
1524
1517
  title="Expression",
1525
1518
  ),
1526
1519
  ] = None
1527
- properties: Annotated[Optional[List[Property]], Field(title="Properties")] = None
1520
+ properties: Annotated[
1521
+ Optional[List[Property]],
1522
+ Field(
1523
+ description=(
1524
+ "Provides the ability to document properties in a name-value store. This provides flexibility to"
1525
+ " include data not officially supported in the standard without having to use additional namespaces or"
1526
+ " create extensions. Unlike key-value stores, properties support duplicate names, each potentially"
1527
+ " having different values. Property names of interest to the general public are encouraged to be"
1528
+ " registered in the [CycloneDX Property"
1529
+ " Taxonomy](https://github.com/CycloneDX/cyclonedx-property-taxonomy). Formal registration is optional."
1530
+ ),
1531
+ title="Properties",
1532
+ ),
1533
+ ] = None
1528
1534
 
1529
1535
 
1530
1536
  class TaskType(Enum):
@@ -1679,9 +1685,6 @@ class ComponentIdentityEvidence(CycloneDXBaseModel):
1679
1685
  ] = None
1680
1686
 
1681
1687
 
1682
- OpenCre = Annotated[str, Field(examples=["CRE:764-507"], regex="^CRE:[0-9]+-[0-9]+$")]
1683
-
1684
-
1685
1688
  class Level(CycloneDXBaseModel):
1686
1689
  class Config:
1687
1690
  extra = Extra.forbid
@@ -1692,7 +1695,7 @@ class Level(CycloneDXBaseModel):
1692
1695
  alias="bom-ref",
1693
1696
  description=(
1694
1697
  "An optional identifier which can be used to reference the object elsewhere in the BOM. Every bom-ref"
1695
- " MUST be unique within the BOM."
1698
+ " must be unique within the BOM."
1696
1699
  ),
1697
1700
  min_length=1,
1698
1701
  title="BOM Reference",
@@ -1707,12 +1710,16 @@ class Level(CycloneDXBaseModel):
1707
1710
  Optional[str], Field(description="The description of the level.", title="Description")
1708
1711
  ] = None
1709
1712
  requirements: Annotated[
1710
- Optional[List[RefLinkType]],
1711
- Field(description="The list of requirement `bom-ref`s that comprise the level.", title="Requirements"),
1713
+ Optional[List[str]],
1714
+ Field(
1715
+ description="The list of requirement `bom-ref`s that comprise the level.",
1716
+ min_length=1,
1717
+ title="Requirements",
1718
+ ),
1712
1719
  ] = None
1713
1720
 
1714
1721
 
1715
- class AlgorithmEnum(Enum):
1722
+ class Algorithm(Enum):
1716
1723
  """
1717
1724
  Signature algorithm. The currently recognized JWA [RFC7518] and RFC8037 [RFC8037] asymmetric key algorithms. Note: Unlike RFC8037 [RFC8037] JSF requires explicit Ed* algorithm names instead of "EdDSA".
1718
1725
  """
@@ -2032,7 +2039,7 @@ class AlgorithmProperties(CycloneDXBaseModel):
2032
2039
  "The target platform for which the algorithm is implemented. The implementation can be 'generic',"
2033
2040
  " running on any platform or for a specific platform."
2034
2041
  ),
2035
- title="implementation platform",
2042
+ title="Implementation platform",
2036
2043
  ),
2037
2044
  ] = None
2038
2045
  certificationLevel: Annotated[
@@ -2147,7 +2154,7 @@ class CertificateProperties(CycloneDXBaseModel):
2147
2154
  ] = None
2148
2155
 
2149
2156
 
2150
- class Type8(Enum):
2157
+ class Type10(Enum):
2151
2158
  """
2152
2159
  The type for the related cryptographic material
2153
2160
  """
@@ -2200,7 +2207,7 @@ class State(Enum):
2200
2207
  return next((member for member in cls if member.name in {str(value), str(value).upper()}), None)
2201
2208
 
2202
2209
 
2203
- class Type9(Enum):
2210
+ class Type11(Enum):
2204
2211
  """
2205
2212
  The concrete protocol type.
2206
2213
  """
@@ -2239,8 +2246,10 @@ class CipherSuite(CycloneDXBaseModel):
2239
2246
  ),
2240
2247
  ] = None
2241
2248
  algorithms: Annotated[
2242
- Optional[List[RefType]],
2243
- Field(description="A list of algorithms related to the cipher suite.", title="Related Algorithms"),
2249
+ Optional[List[str]],
2250
+ Field(
2251
+ description="A list of algorithms related to the cipher suite.", min_length=1, title="Related Algorithms"
2252
+ ),
2244
2253
  ] = None
2245
2254
  identifiers: Annotated[
2246
2255
  Optional[List[str]],
@@ -2290,9 +2299,10 @@ class Conformance(CycloneDXBaseModel):
2290
2299
  Optional[str], Field(description="The rationale for the conformance score.", title="Rationale")
2291
2300
  ] = None
2292
2301
  mitigationStrategies: Annotated[
2293
- Optional[List[RefLinkType]],
2302
+ Optional[List[str]],
2294
2303
  Field(
2295
2304
  description="The list of `bom-ref` to the evidence provided describing the mitigation strategies.",
2305
+ min_length=1,
2296
2306
  title="Mitigation Strategies",
2297
2307
  ),
2298
2308
  ] = None
@@ -2307,12 +2317,16 @@ class Map(CycloneDXBaseModel):
2307
2317
  Field(description="The `bom-ref` to the requirement being attested to.", min_length=1, title="Requirement"),
2308
2318
  ] = None
2309
2319
  claims: Annotated[
2310
- Optional[List[RefLinkType]],
2311
- Field(description="The list of `bom-ref` to the claims being attested to.", title="Claims"),
2320
+ Optional[List[str]],
2321
+ Field(description="The list of `bom-ref` to the claims being attested to.", min_length=1, title="Claims"),
2312
2322
  ] = None
2313
2323
  counterClaims: Annotated[
2314
- Optional[List[RefLinkType]],
2315
- Field(description="The list of `bom-ref` to the counter claims being attested to.", title="Counter Claims"),
2324
+ Optional[List[str]],
2325
+ Field(
2326
+ description="The list of `bom-ref` to the counter claims being attested to.",
2327
+ min_length=1,
2328
+ title="Counter Claims",
2329
+ ),
2316
2330
  ] = None
2317
2331
  conformance: Annotated[
2318
2332
  Optional[Conformance],
@@ -2351,7 +2365,7 @@ class OrganizationalEntity(CycloneDXBaseModel):
2351
2365
  alias="bom-ref",
2352
2366
  description=(
2353
2367
  "An optional identifier which can be used to reference the object elsewhere in the BOM. Every bom-ref"
2354
- " MUST be unique within the BOM.\nValue SHOULD not start with the BOM-Link intro 'urn:cdx:' to avoid"
2368
+ " must be unique within the BOM.\nValue SHOULD not start with the BOM-Link intro 'urn:cdx:' to avoid"
2355
2369
  " conflicts with BOM-Links."
2356
2370
  ),
2357
2371
  min_length=1,
@@ -2424,96 +2438,493 @@ class Hash(CycloneDXBaseModel):
2424
2438
  ]
2425
2439
 
2426
2440
 
2427
- class License(CycloneDXBaseModel):
2441
+ class Licensor(CycloneDXBaseModel):
2442
+ """
2443
+ The individual or organization that grants a license to another individual or organization
2444
+ """
2445
+
2428
2446
  class Config:
2429
2447
  extra = Extra.forbid
2430
2448
 
2431
- bom_ref: Annotated[
2432
- Optional[str],
2433
- Field(
2434
- alias="bom-ref",
2435
- description=(
2436
- "An optional identifier which can be used to reference the license elsewhere in the BOM. Every bom-ref"
2437
- " MUST be unique within the BOM.\nValue SHOULD not start with the BOM-Link intro 'urn:cdx:' to avoid"
2438
- " conflicts with BOM-Links."
2439
- ),
2440
- min_length=1,
2441
- title="BOM Reference",
2442
- ),
2443
- ] = None
2444
- id: Annotated[
2445
- Optional[spdx.LicenseID],
2446
- Field(description="A valid SPDX license ID", examples=["Apache-2.0"], title="License ID (SPDX)"),
2447
- ] = None
2448
- name: Annotated[
2449
- Optional[str],
2450
- Field(
2451
- description="If SPDX does not define the license used, this field may be used to provide the license name",
2452
- examples=["Acme Software License"],
2453
- title="License Name",
2454
- ),
2455
- ] = None
2456
- acknowledgement: Optional[LicenseAcknowledgementEnumeration] = None
2457
- text: Annotated[
2458
- Optional[Attachment],
2459
- Field(description="An optional way to include the textual content of a license.", title="License text"),
2460
- ] = None
2461
- url: Annotated[
2462
- Optional[str],
2449
+ organization: Annotated[
2450
+ OrganizationalEntity,
2451
+ Field(description="The organization that granted the license", title="Licensor (Organization)"),
2452
+ ]
2453
+ individual: Annotated[
2454
+ Optional[OrganizationalContact],
2463
2455
  Field(
2464
- description=(
2465
- "The URL to the license file. If specified, a 'license' externalReference should also be specified for"
2466
- " completeness"
2467
- ),
2468
- examples=["https://www.apache.org/licenses/LICENSE-2.0.txt"],
2469
- title="License URL",
2456
+ description="The individual, not associated with an organization, that granted the license",
2457
+ title="Licensor (Individual)",
2470
2458
  ),
2471
2459
  ] = None
2472
- licensing: Annotated[
2473
- Optional[Licensing],
2474
- Field(
2475
- description=(
2476
- "Licensing details describing the licensor/licensee, license type, renewal and expiration dates, and"
2477
- " other important metadata"
2478
- ),
2479
- title="Licensing information",
2480
- ),
2460
+
2461
+
2462
+ class Licensor1(CycloneDXBaseModel):
2463
+ """
2464
+ The individual or organization that grants a license to another individual or organization
2465
+ """
2466
+
2467
+ class Config:
2468
+ extra = Extra.forbid
2469
+
2470
+ organization: Annotated[
2471
+ Optional[OrganizationalEntity],
2472
+ Field(description="The organization that granted the license", title="Licensor (Organization)"),
2481
2473
  ] = None
2482
- properties: Annotated[
2483
- Optional[List[Property]],
2474
+ individual: Annotated[
2475
+ OrganizationalContact,
2484
2476
  Field(
2485
- description=(
2486
- "Provides the ability to document properties in a name-value store. This provides flexibility to"
2487
- " include data not officially supported in the standard without having to use additional namespaces or"
2488
- " create extensions. Unlike key-value stores, properties support duplicate names, each potentially"
2489
- " having different values. Property names of interest to the general public are encouraged to be"
2490
- " registered in the [CycloneDX Property"
2491
- " Taxonomy](https://github.com/CycloneDX/cyclonedx-property-taxonomy). Formal registration is OPTIONAL."
2492
- ),
2493
- title="Properties",
2477
+ description="The individual, not associated with an organization, that granted the license",
2478
+ title="Licensor (Individual)",
2494
2479
  ),
2495
- ] = None
2480
+ ]
2496
2481
 
2497
2482
 
2498
- class LicenseChoice1(CycloneDXBaseModel):
2483
+ class Licensee(CycloneDXBaseModel):
2484
+ """
2485
+ The individual or organization for which a license was granted to
2486
+ """
2487
+
2499
2488
  class Config:
2500
2489
  extra = Extra.forbid
2501
2490
 
2502
- license: License
2491
+ organization: Annotated[
2492
+ OrganizationalEntity,
2493
+ Field(description="The organization that was granted the license", title="Licensee (Organization)"),
2494
+ ]
2495
+ individual: Annotated[
2496
+ Optional[OrganizationalContact],
2497
+ Field(
2498
+ description="The individual, not associated with an organization, that was granted the license",
2499
+ title="Licensee (Individual)",
2500
+ ),
2501
+ ] = None
2503
2502
 
2504
2503
 
2505
- class Commit(CycloneDXBaseModel):
2504
+ class Licensee1(CycloneDXBaseModel):
2506
2505
  """
2507
- Specifies an individual commit
2506
+ The individual or organization for which a license was granted to
2508
2507
  """
2509
2508
 
2510
2509
  class Config:
2511
2510
  extra = Extra.forbid
2512
2511
 
2513
- uid: Annotated[
2514
- Optional[str],
2512
+ organization: Annotated[
2513
+ Optional[OrganizationalEntity],
2514
+ Field(description="The organization that was granted the license", title="Licensee (Organization)"),
2515
+ ] = None
2516
+ individual: Annotated[
2517
+ OrganizationalContact,
2515
2518
  Field(
2516
- description=(
2519
+ description="The individual, not associated with an organization, that was granted the license",
2520
+ title="Licensee (Individual)",
2521
+ ),
2522
+ ]
2523
+
2524
+
2525
+ class Purchaser(CycloneDXBaseModel):
2526
+ """
2527
+ The individual or organization that purchased the license
2528
+ """
2529
+
2530
+ class Config:
2531
+ extra = Extra.forbid
2532
+
2533
+ organization: Annotated[
2534
+ OrganizationalEntity,
2535
+ Field(description="The organization that purchased the license", title="Purchaser (Organization)"),
2536
+ ]
2537
+ individual: Annotated[
2538
+ Optional[OrganizationalContact],
2539
+ Field(
2540
+ description="The individual, not associated with an organization, that purchased the license",
2541
+ title="Purchaser (Individual)",
2542
+ ),
2543
+ ] = None
2544
+
2545
+
2546
+ class Purchaser1(CycloneDXBaseModel):
2547
+ """
2548
+ The individual or organization that purchased the license
2549
+ """
2550
+
2551
+ class Config:
2552
+ extra = Extra.forbid
2553
+
2554
+ organization: Annotated[
2555
+ Optional[OrganizationalEntity],
2556
+ Field(description="The organization that purchased the license", title="Purchaser (Organization)"),
2557
+ ] = None
2558
+ individual: Annotated[
2559
+ OrganizationalContact,
2560
+ Field(
2561
+ description="The individual, not associated with an organization, that purchased the license",
2562
+ title="Purchaser (Individual)",
2563
+ ),
2564
+ ]
2565
+
2566
+
2567
+ class Licensing(CycloneDXBaseModel):
2568
+ """
2569
+ Licensing details describing the licensor/licensee, license type, renewal and expiration dates, and other important metadata
2570
+ """
2571
+
2572
+ class Config:
2573
+ extra = Extra.forbid
2574
+
2575
+ altIds: Annotated[
2576
+ Optional[List[str]],
2577
+ Field(
2578
+ description="License identifiers that may be used to manage licenses and their lifecycle",
2579
+ title="Alternate License Identifiers",
2580
+ ),
2581
+ ] = None
2582
+ licensor: Annotated[
2583
+ Optional[Union[Licensor, Licensor1]],
2584
+ Field(
2585
+ description="The individual or organization that grants a license to another individual or organization",
2586
+ title="Licensor",
2587
+ ),
2588
+ ] = None
2589
+ licensee: Annotated[
2590
+ Optional[Union[Licensee, Licensee1]],
2591
+ Field(description="The individual or organization for which a license was granted to", title="Licensee"),
2592
+ ] = None
2593
+ purchaser: Annotated[
2594
+ Optional[Union[Purchaser, Purchaser1]],
2595
+ Field(description="The individual or organization that purchased the license", title="Purchaser"),
2596
+ ] = None
2597
+ purchaseOrder: Annotated[
2598
+ Optional[str],
2599
+ Field(
2600
+ description=(
2601
+ "The purchase order identifier the purchaser sent to a supplier or vendor to authorize a purchase"
2602
+ ),
2603
+ title="Purchase Order",
2604
+ ),
2605
+ ] = None
2606
+ licenseTypes: Annotated[
2607
+ Optional[List[LicenseType]],
2608
+ Field(description="The type of license(s) that was granted to the licensee.", title="License Type"),
2609
+ ] = None
2610
+ lastRenewal: Annotated[
2611
+ Optional[datetime],
2612
+ Field(
2613
+ description=(
2614
+ "The timestamp indicating when the license was last renewed. For new purchases, this is often the"
2615
+ " purchase or acquisition date. For non-perpetual licenses or subscriptions, this is the timestamp of"
2616
+ " when the license was last renewed."
2617
+ ),
2618
+ title="Last Renewal",
2619
+ ),
2620
+ ] = None
2621
+ expiration: Annotated[
2622
+ Optional[datetime],
2623
+ Field(
2624
+ description="The timestamp indicating when the current license expires (if applicable).", title="Expiration"
2625
+ ),
2626
+ ] = None
2627
+
2628
+
2629
+ class License1(CycloneDXBaseModel):
2630
+ """
2631
+ Specifies the details and attributes related to a software license. It can either include a valid SPDX license identifier or a named license, along with additional properties such as license acknowledgment, comprehensive commercial licensing information, and the full text of the license.
2632
+ """
2633
+
2634
+ class Config:
2635
+ extra = Extra.forbid
2636
+
2637
+ bom_ref: Annotated[
2638
+ Optional[str],
2639
+ Field(
2640
+ alias="bom-ref",
2641
+ description=(
2642
+ "An optional identifier which can be used to reference the license elsewhere in the BOM. Every bom-ref"
2643
+ " must be unique within the BOM.\nValue SHOULD not start with the BOM-Link intro 'urn:cdx:' to avoid"
2644
+ " conflicts with BOM-Links."
2645
+ ),
2646
+ min_length=1,
2647
+ title="BOM Reference",
2648
+ ),
2649
+ ] = None
2650
+ id: Annotated[
2651
+ spdx.LicenseID,
2652
+ Field(
2653
+ description=(
2654
+ "A valid SPDX license identifier. If specified, this value must be one of the enumeration of valid SPDX"
2655
+ " license identifiers defined in the spdx.schema.json (or spdx.xml) subschema which is synchronized"
2656
+ " with the official SPDX license list."
2657
+ ),
2658
+ examples=["Apache-2.0"],
2659
+ title="License ID (SPDX)",
2660
+ ),
2661
+ ]
2662
+ name: Annotated[
2663
+ Optional[str],
2664
+ Field(
2665
+ description=(
2666
+ "The name of the license. This may include the name of a commercial or proprietary license or an open"
2667
+ " source license that may not be defined by SPDX."
2668
+ ),
2669
+ examples=["Acme Software License"],
2670
+ title="License Name",
2671
+ ),
2672
+ ] = None
2673
+ acknowledgement: Optional[LicenseAcknowledgementEnumeration] = None
2674
+ text: Annotated[
2675
+ Optional[Attachment],
2676
+ Field(description="An optional way to include the textual content of a license.", title="License text"),
2677
+ ] = None
2678
+ url: Annotated[
2679
+ Optional[str],
2680
+ Field(
2681
+ description=(
2682
+ "The URL to the license file. If specified, a 'license' externalReference should also be specified for"
2683
+ " completeness"
2684
+ ),
2685
+ examples=["https://www.apache.org/licenses/LICENSE-2.0.txt"],
2686
+ title="License URL",
2687
+ ),
2688
+ ] = None
2689
+ licensing: Annotated[
2690
+ Optional[Licensing],
2691
+ Field(
2692
+ description=(
2693
+ "Licensing details describing the licensor/licensee, license type, renewal and expiration dates, and"
2694
+ " other important metadata"
2695
+ ),
2696
+ title="Licensing information",
2697
+ ),
2698
+ ] = None
2699
+ properties: Annotated[
2700
+ Optional[List[Property]],
2701
+ Field(
2702
+ description=(
2703
+ "Provides the ability to document properties in a name-value store. This provides flexibility to"
2704
+ " include data not officially supported in the standard without having to use additional namespaces or"
2705
+ " create extensions. Unlike key-value stores, properties support duplicate names, each potentially"
2706
+ " having different values. Property names of interest to the general public are encouraged to be"
2707
+ " registered in the [CycloneDX Property"
2708
+ " Taxonomy](https://github.com/CycloneDX/cyclonedx-property-taxonomy). Formal registration is optional."
2709
+ ),
2710
+ title="Properties",
2711
+ ),
2712
+ ] = None
2713
+
2714
+
2715
+ class Licensor2(Licensor):
2716
+ """
2717
+ The individual or organization that grants a license to another individual or organization
2718
+ """
2719
+
2720
+
2721
+ class Licensor3(Licensor1):
2722
+ """
2723
+ The individual or organization that grants a license to another individual or organization
2724
+ """
2725
+
2726
+
2727
+ class Licensee2(Licensee):
2728
+ """
2729
+ The individual or organization for which a license was granted to
2730
+ """
2731
+
2732
+
2733
+ class Licensee3(Licensee1):
2734
+ """
2735
+ The individual or organization for which a license was granted to
2736
+ """
2737
+
2738
+
2739
+ class Purchaser2(Purchaser):
2740
+ """
2741
+ The individual or organization that purchased the license
2742
+ """
2743
+
2744
+
2745
+ class Purchaser3(Purchaser1):
2746
+ """
2747
+ The individual or organization that purchased the license
2748
+ """
2749
+
2750
+
2751
+ class Licensing1(CycloneDXBaseModel):
2752
+ """
2753
+ Licensing details describing the licensor/licensee, license type, renewal and expiration dates, and other important metadata
2754
+ """
2755
+
2756
+ class Config:
2757
+ extra = Extra.forbid
2758
+
2759
+ altIds: Annotated[
2760
+ Optional[List[str]],
2761
+ Field(
2762
+ description="License identifiers that may be used to manage licenses and their lifecycle",
2763
+ title="Alternate License Identifiers",
2764
+ ),
2765
+ ] = None
2766
+ licensor: Annotated[
2767
+ Optional[Union[Licensor2, Licensor3]],
2768
+ Field(
2769
+ description="The individual or organization that grants a license to another individual or organization",
2770
+ title="Licensor",
2771
+ ),
2772
+ ] = None
2773
+ licensee: Annotated[
2774
+ Optional[Union[Licensee2, Licensee3]],
2775
+ Field(description="The individual or organization for which a license was granted to", title="Licensee"),
2776
+ ] = None
2777
+ purchaser: Annotated[
2778
+ Optional[Union[Purchaser2, Purchaser3]],
2779
+ Field(description="The individual or organization that purchased the license", title="Purchaser"),
2780
+ ] = None
2781
+ purchaseOrder: Annotated[
2782
+ Optional[str],
2783
+ Field(
2784
+ description=(
2785
+ "The purchase order identifier the purchaser sent to a supplier or vendor to authorize a purchase"
2786
+ ),
2787
+ title="Purchase Order",
2788
+ ),
2789
+ ] = None
2790
+ licenseTypes: Annotated[
2791
+ Optional[List[LicenseType]],
2792
+ Field(description="The type of license(s) that was granted to the licensee.", title="License Type"),
2793
+ ] = None
2794
+ lastRenewal: Annotated[
2795
+ Optional[datetime],
2796
+ Field(
2797
+ description=(
2798
+ "The timestamp indicating when the license was last renewed. For new purchases, this is often the"
2799
+ " purchase or acquisition date. For non-perpetual licenses or subscriptions, this is the timestamp of"
2800
+ " when the license was last renewed."
2801
+ ),
2802
+ title="Last Renewal",
2803
+ ),
2804
+ ] = None
2805
+ expiration: Annotated[
2806
+ Optional[datetime],
2807
+ Field(
2808
+ description="The timestamp indicating when the current license expires (if applicable).", title="Expiration"
2809
+ ),
2810
+ ] = None
2811
+
2812
+
2813
+ class License2(CycloneDXBaseModel):
2814
+ """
2815
+ Specifies the details and attributes related to a software license. It can either include a valid SPDX license identifier or a named license, along with additional properties such as license acknowledgment, comprehensive commercial licensing information, and the full text of the license.
2816
+ """
2817
+
2818
+ class Config:
2819
+ extra = Extra.forbid
2820
+
2821
+ bom_ref: Annotated[
2822
+ Optional[str],
2823
+ Field(
2824
+ alias="bom-ref",
2825
+ description=(
2826
+ "An optional identifier which can be used to reference the license elsewhere in the BOM. Every bom-ref"
2827
+ " must be unique within the BOM.\nValue SHOULD not start with the BOM-Link intro 'urn:cdx:' to avoid"
2828
+ " conflicts with BOM-Links."
2829
+ ),
2830
+ min_length=1,
2831
+ title="BOM Reference",
2832
+ ),
2833
+ ] = None
2834
+ id: Annotated[
2835
+ Optional[spdx.LicenseID],
2836
+ Field(
2837
+ description=(
2838
+ "A valid SPDX license identifier. If specified, this value must be one of the enumeration of valid SPDX"
2839
+ " license identifiers defined in the spdx.schema.json (or spdx.xml) subschema which is synchronized"
2840
+ " with the official SPDX license list."
2841
+ ),
2842
+ examples=["Apache-2.0"],
2843
+ title="License ID (SPDX)",
2844
+ ),
2845
+ ] = None
2846
+ name: Annotated[
2847
+ str,
2848
+ Field(
2849
+ description=(
2850
+ "The name of the license. This may include the name of a commercial or proprietary license or an open"
2851
+ " source license that may not be defined by SPDX."
2852
+ ),
2853
+ examples=["Acme Software License"],
2854
+ title="License Name",
2855
+ ),
2856
+ ]
2857
+ acknowledgement: Optional[LicenseAcknowledgementEnumeration] = None
2858
+ text: Annotated[
2859
+ Optional[Attachment],
2860
+ Field(description="An optional way to include the textual content of a license.", title="License text"),
2861
+ ] = None
2862
+ url: Annotated[
2863
+ Optional[str],
2864
+ Field(
2865
+ description=(
2866
+ "The URL to the license file. If specified, a 'license' externalReference should also be specified for"
2867
+ " completeness"
2868
+ ),
2869
+ examples=["https://www.apache.org/licenses/LICENSE-2.0.txt"],
2870
+ title="License URL",
2871
+ ),
2872
+ ] = None
2873
+ licensing: Annotated[
2874
+ Optional[Licensing1],
2875
+ Field(
2876
+ description=(
2877
+ "Licensing details describing the licensor/licensee, license type, renewal and expiration dates, and"
2878
+ " other important metadata"
2879
+ ),
2880
+ title="Licensing information",
2881
+ ),
2882
+ ] = None
2883
+ properties: Annotated[
2884
+ Optional[List[Property]],
2885
+ Field(
2886
+ description=(
2887
+ "Provides the ability to document properties in a name-value store. This provides flexibility to"
2888
+ " include data not officially supported in the standard without having to use additional namespaces or"
2889
+ " create extensions. Unlike key-value stores, properties support duplicate names, each potentially"
2890
+ " having different values. Property names of interest to the general public are encouraged to be"
2891
+ " registered in the [CycloneDX Property"
2892
+ " Taxonomy](https://github.com/CycloneDX/cyclonedx-property-taxonomy). Formal registration is optional."
2893
+ ),
2894
+ title="Properties",
2895
+ ),
2896
+ ] = None
2897
+
2898
+
2899
+ class LicenseChoice1(CycloneDXBaseModel):
2900
+ class Config:
2901
+ extra = Extra.forbid
2902
+
2903
+ license: Annotated[
2904
+ Union[License1, License2],
2905
+ Field(
2906
+ description=(
2907
+ "Specifies the details and attributes related to a software license. It can either include a valid SPDX"
2908
+ " license identifier or a named license, along with additional properties such as license"
2909
+ " acknowledgment, comprehensive commercial licensing information, and the full text of the license."
2910
+ ),
2911
+ title="License",
2912
+ ),
2913
+ ]
2914
+
2915
+
2916
+ class Commit(CycloneDXBaseModel):
2917
+ """
2918
+ Specifies an individual commit
2919
+ """
2920
+
2921
+ class Config:
2922
+ extra = Extra.forbid
2923
+
2924
+ uid: Annotated[
2925
+ Optional[str],
2926
+ Field(
2927
+ description=(
2517
2928
  "A unique identifier of the commit. This may be version control specific. For example, Subversion uses"
2518
2929
  " revision numbers whereas git uses commit hashes."
2519
2930
  ),
@@ -2618,9 +3029,9 @@ class ComponentEvidence(CycloneDXBaseModel):
2618
3029
  Optional[Union[List[ComponentIdentityEvidence], ComponentIdentityEvidence]],
2619
3030
  Field(
2620
3031
  description=(
2621
- "Evidence that substantiates the identity of a component. The identify may be an object or an array of"
2622
- " identity objects. Support for specifying identify as a single object was introduced in CycloneDX"
2623
- " v1.5. Arrays were introduced in v1.6. It is RECOMMENDED that all implementations use arrays, even if"
3032
+ "Evidence that substantiates the identity of a component. The identity may be an object or an array of"
3033
+ " identity objects. Support for specifying identity as a single object was introduced in CycloneDX"
3034
+ " v1.5. Arrays were introduced in v1.6. It is recommended that all implementations use arrays, even if"
2624
3035
  " only one identity object is specified."
2625
3036
  ),
2626
3037
  title="Identity Evidence",
@@ -2735,7 +3146,7 @@ class ReleaseNotes(CycloneDXBaseModel):
2735
3146
  " create extensions. Unlike key-value stores, properties support duplicate names, each potentially"
2736
3147
  " having different values. Property names of interest to the general public are encouraged to be"
2737
3148
  " registered in the [CycloneDX Property"
2738
- " Taxonomy](https://github.com/CycloneDX/cyclonedx-property-taxonomy). Formal registration is OPTIONAL."
3149
+ " Taxonomy](https://github.com/CycloneDX/cyclonedx-property-taxonomy). Formal registration is optional."
2739
3150
  ),
2740
3151
  title="Properties",
2741
3152
  ),
@@ -2797,12 +3208,132 @@ class Credits(CycloneDXBaseModel):
2797
3208
  ] = None
2798
3209
 
2799
3210
 
2800
- class DataGovernanceResponsibleParty(CycloneDXBaseModel):
3211
+ class Versions(CycloneDXBaseModel):
2801
3212
  class Config:
2802
3213
  extra = Extra.forbid
2803
3214
 
2804
- organization: Annotated[Optional[OrganizationalEntity], Field(title="Organization")] = None
2805
- contact: Annotated[Optional[OrganizationalContact], Field(title="Individual")] = None
3215
+ version: Annotated[
3216
+ str,
3217
+ Field(
3218
+ description="A single version of a component or service.",
3219
+ examples=["9.0.14", "v1.33.7", "7.0.0-M1", "2.0pre1", "1.0.0-beta1", "0.8.15"],
3220
+ max_length=1024,
3221
+ title="Version",
3222
+ ),
3223
+ ]
3224
+ range: Annotated[
3225
+ Optional[str],
3226
+ Field(
3227
+ description=(
3228
+ "A version range specified in Package URL Version Range syntax (vers) which is defined at"
3229
+ " https://github.com/package-url/purl-spec/VERSION-RANGE-SPEC.rst"
3230
+ ),
3231
+ examples=[
3232
+ "vers:cargo/9.0.14",
3233
+ "vers:npm/1.2.3|>=2.0.0|<5.0.0",
3234
+ "vers:pypi/0.0.0|0.0.1|0.0.2|0.0.3|1.0|2.0pre1",
3235
+ "vers:tomee/>=1.0.0-beta1|<=1.7.5|>=7.0.0-M1|<=7.0.7|>=7.1.0|<=7.1.2|>=8.0.0-M1|<=8.0.1",
3236
+ "vers:gem/>=2.2.0|!= 2.2.1|<2.3.0",
3237
+ ],
3238
+ max_length=4096,
3239
+ min_length=1,
3240
+ title="Version Range",
3241
+ ),
3242
+ ] = None
3243
+ status: Annotated[
3244
+ Optional[AffectedStatus],
3245
+ Field(description="The vulnerability status for the version or range of versions.", title="Status"),
3246
+ ] = AffectedStatus.affected
3247
+
3248
+
3249
+ class Versions1(CycloneDXBaseModel):
3250
+ class Config:
3251
+ extra = Extra.forbid
3252
+
3253
+ version: Annotated[
3254
+ Optional[str],
3255
+ Field(
3256
+ description="A single version of a component or service.",
3257
+ examples=["9.0.14", "v1.33.7", "7.0.0-M1", "2.0pre1", "1.0.0-beta1", "0.8.15"],
3258
+ max_length=1024,
3259
+ title="Version",
3260
+ ),
3261
+ ] = None
3262
+ range: Annotated[
3263
+ str,
3264
+ Field(
3265
+ description=(
3266
+ "A version range specified in Package URL Version Range syntax (vers) which is defined at"
3267
+ " https://github.com/package-url/purl-spec/VERSION-RANGE-SPEC.rst"
3268
+ ),
3269
+ examples=[
3270
+ "vers:cargo/9.0.14",
3271
+ "vers:npm/1.2.3|>=2.0.0|<5.0.0",
3272
+ "vers:pypi/0.0.0|0.0.1|0.0.2|0.0.3|1.0|2.0pre1",
3273
+ "vers:tomee/>=1.0.0-beta1|<=1.7.5|>=7.0.0-M1|<=7.0.7|>=7.1.0|<=7.1.2|>=8.0.0-M1|<=8.0.1",
3274
+ "vers:gem/>=2.2.0|!= 2.2.1|<2.3.0",
3275
+ ],
3276
+ max_length=4096,
3277
+ min_length=1,
3278
+ title="Version Range",
3279
+ ),
3280
+ ]
3281
+ status: Annotated[
3282
+ Optional[AffectedStatus],
3283
+ Field(description="The vulnerability status for the version or range of versions.", title="Status"),
3284
+ ] = AffectedStatus.affected
3285
+
3286
+
3287
+ class Affect(CycloneDXBaseModel):
3288
+ class Config:
3289
+ extra = Extra.forbid
3290
+
3291
+ ref: Annotated[
3292
+ Union[RefLinkType, BomLinkElementType],
3293
+ Field(description="References a component or service by the objects bom-ref", title="Reference"),
3294
+ ]
3295
+ versions: Annotated[
3296
+ Optional[List[Union[Versions, Versions1]]],
3297
+ Field(description="Zero or more individual versions or range of versions.", title="Versions"),
3298
+ ] = None
3299
+
3300
+
3301
+ class DataGovernanceResponsibleParty1(CycloneDXBaseModel):
3302
+ class Config:
3303
+ extra = Extra.forbid
3304
+
3305
+ organization: Annotated[
3306
+ OrganizationalEntity,
3307
+ Field(
3308
+ description="The organization that is responsible for specific data governance role(s).",
3309
+ title="Organization",
3310
+ ),
3311
+ ]
3312
+ contact: Annotated[
3313
+ Optional[OrganizationalContact],
3314
+ Field(
3315
+ description="The individual that is responsible for specific data governance role(s).", title="Individual"
3316
+ ),
3317
+ ] = None
3318
+
3319
+
3320
+ class DataGovernanceResponsibleParty2(CycloneDXBaseModel):
3321
+ class Config:
3322
+ extra = Extra.forbid
3323
+
3324
+ organization: Annotated[
3325
+ Optional[OrganizationalEntity],
3326
+ Field(
3327
+ description="The organization that is responsible for specific data governance role(s).",
3328
+ title="Organization",
3329
+ ),
3330
+ ] = None
3331
+ contact: Annotated[
3332
+ OrganizationalContact,
3333
+ Field(
3334
+ description="The individual that is responsible for specific data governance role(s).", title="Individual"
3335
+ ),
3336
+ ]
2806
3337
 
2807
3338
 
2808
3339
  class GraphicsCollection(CycloneDXBaseModel):
@@ -2835,7 +3366,7 @@ class EnergyProvider(CycloneDXBaseModel):
2835
3366
  alias="bom-ref",
2836
3367
  description=(
2837
3368
  "An optional identifier which can be used to reference the energy provider elsewhere in the BOM. Every"
2838
- " bom-ref MUST be unique within the BOM.\nValue SHOULD not start with the BOM-Link intro 'urn:cdx:' to"
3369
+ " bom-ref must be unique within the BOM.\nValue SHOULD not start with the BOM-Link intro 'urn:cdx:' to"
2839
3370
  " avoid conflicts with BOM-Links."
2840
3371
  ),
2841
3372
  min_length=1,
@@ -2845,7 +3376,9 @@ class EnergyProvider(CycloneDXBaseModel):
2845
3376
  description: Annotated[
2846
3377
  Optional[str], Field(description="A description of the energy provider.", title="Description")
2847
3378
  ] = None
2848
- organization: Annotated[OrganizationalEntity, Field(title="Organization")]
3379
+ organization: Annotated[
3380
+ OrganizationalEntity, Field(description="The organization that provides energy.", title="Organization")
3381
+ ]
2849
3382
  energySource: Annotated[
2850
3383
  EnergySource, Field(description="The energy source for the energy provider.", title="Energy Source")
2851
3384
  ]
@@ -2882,10 +3415,23 @@ class Step(CycloneDXBaseModel):
2882
3415
  Optional[List[Command]],
2883
3416
  Field(description="Ordered list of commands or directives for the step", title="Commands"),
2884
3417
  ] = None
2885
- properties: Annotated[Optional[List[Property]], Field(title="Properties")] = None
3418
+ properties: Annotated[
3419
+ Optional[List[Property]],
3420
+ Field(
3421
+ description=(
3422
+ "Provides the ability to document properties in a name-value store. This provides flexibility to"
3423
+ " include data not officially supported in the standard without having to use additional namespaces or"
3424
+ " create extensions. Unlike key-value stores, properties support duplicate names, each potentially"
3425
+ " having different values. Property names of interest to the general public are encouraged to be"
3426
+ " registered in the [CycloneDX Property"
3427
+ " Taxonomy](https://github.com/CycloneDX/cyclonedx-property-taxonomy). Formal registration is optional."
3428
+ ),
3429
+ title="Properties",
3430
+ ),
3431
+ ] = None
2886
3432
 
2887
3433
 
2888
- class ResourceReferenceChoice(CycloneDXBaseModel):
3434
+ class ResourceReferenceChoice1(CycloneDXBaseModel):
2889
3435
  """
2890
3436
  A reference to a locally defined resource (e.g., a bom-ref) or an externally accessible resource.
2891
3437
  """
@@ -2894,15 +3440,33 @@ class ResourceReferenceChoice(CycloneDXBaseModel):
2894
3440
  extra = Extra.forbid
2895
3441
 
2896
3442
  ref: Annotated[
2897
- Optional[Union[RefLinkType, BomLinkElementType]],
3443
+ Union[RefLinkType, BomLinkElementType],
2898
3444
  Field(description="References an object by its bom-ref attribute", title="BOM Reference"),
2899
- ] = None
3445
+ ]
2900
3446
  externalReference: Annotated[
2901
3447
  Optional[ExternalReference],
2902
3448
  Field(description="Reference to an externally accessible resource.", title="External reference"),
2903
3449
  ] = None
2904
3450
 
2905
3451
 
3452
+ class ResourceReferenceChoice2(CycloneDXBaseModel):
3453
+ """
3454
+ A reference to a locally defined resource (e.g., a bom-ref) or an externally accessible resource.
3455
+ """
3456
+
3457
+ class Config:
3458
+ extra = Extra.forbid
3459
+
3460
+ ref: Annotated[
3461
+ Optional[Union[RefLinkType, BomLinkElementType]],
3462
+ Field(description="References an object by its bom-ref attribute", title="BOM Reference"),
3463
+ ] = None
3464
+ externalReference: Annotated[
3465
+ ExternalReference,
3466
+ Field(description="Reference to an externally accessible resource.", title="External reference"),
3467
+ ]
3468
+
3469
+
2906
3470
  class Requirement(CycloneDXBaseModel):
2907
3471
  class Config:
2908
3472
  extra = Extra.forbid
@@ -2913,7 +3477,7 @@ class Requirement(CycloneDXBaseModel):
2913
3477
  alias="bom-ref",
2914
3478
  description=(
2915
3479
  "An optional identifier which can be used to reference the object elsewhere in the BOM. Every bom-ref"
2916
- " MUST be unique within the BOM."
3480
+ " must be unique within the BOM."
2917
3481
  ),
2918
3482
  min_length=1,
2919
3483
  title="BOM Reference",
@@ -2942,7 +3506,7 @@ class Requirement(CycloneDXBaseModel):
2942
3506
  ),
2943
3507
  ] = None
2944
3508
  openCre: Annotated[
2945
- Optional[List[OpenCre]],
3509
+ Optional[List[str]],
2946
3510
  Field(
2947
3511
  description=(
2948
3512
  "The Common Requirements Enumeration (CRE) identifier(s). CRE is a structured and standardized"
@@ -2950,6 +3514,7 @@ class Requirement(CycloneDXBaseModel):
2950
3514
  " shared topic identifier (a Common Requirement). Through this shared topic link, all resources map to"
2951
3515
  " each other. Use of CRE promotes clear and unambiguous communication among stakeholders."
2952
3516
  ),
3517
+ regex="^CRE:[0-9]+-[0-9]+$",
2953
3518
  title="OWASP OpenCRE Identifier(s)",
2954
3519
  ),
2955
3520
  ] = None
@@ -2973,7 +3538,7 @@ class Requirement(CycloneDXBaseModel):
2973
3538
  " create extensions. Unlike key-value stores, properties support duplicate names, each potentially"
2974
3539
  " having different values. Property names of interest to the general public are encouraged to be"
2975
3540
  " registered in the [CycloneDX Property"
2976
- " Taxonomy](https://github.com/CycloneDX/cyclonedx-property-taxonomy). Formal registration is OPTIONAL."
3541
+ " Taxonomy](https://github.com/CycloneDX/cyclonedx-property-taxonomy). Formal registration is optional."
2977
3542
  ),
2978
3543
  title="Properties",
2979
3544
  ),
@@ -2995,7 +3560,7 @@ class Signer(CycloneDXBaseModel):
2995
3560
  class Config:
2996
3561
  extra = Extra.forbid
2997
3562
 
2998
- algorithm: Union[AlgorithmEnum, AnyUrl]
3563
+ algorithm: Union[Algorithm, AnyUrl]
2999
3564
  keyId: Annotated[
3000
3565
  Optional[str],
3001
3566
  Field(description="Optional. Application specific string identifying the signature key.", title="Key ID"),
@@ -3046,7 +3611,7 @@ class RelatedCryptoMaterialProperties(CycloneDXBaseModel):
3046
3611
  extra = Extra.forbid
3047
3612
 
3048
3613
  type: Annotated[
3049
- Optional[Type8],
3614
+ Optional[Type10],
3050
3615
  Field(description="The type for the related cryptographic material", title="relatedCryptoMaterialType"),
3051
3616
  ] = None
3052
3617
  id: Annotated[
@@ -3110,30 +3675,34 @@ class RelatedCryptoMaterialProperties(CycloneDXBaseModel):
3110
3675
 
3111
3676
  class Ikev2TransformTypes(CycloneDXBaseModel):
3112
3677
  """
3113
- The IKEv2 transform types supported (types 1-4), defined in RFC7296 section 3.3.2, and additional properties.
3678
+ The IKEv2 transform types supported (types 1-4), defined in [RFC 7296 section 3.3.2](https://www.ietf.org/rfc/rfc7296.html#section-3.3.2), and additional properties.
3114
3679
  """
3115
3680
 
3116
3681
  class Config:
3117
3682
  extra = Extra.forbid
3118
3683
 
3119
3684
  encr: Annotated[
3120
- Optional[List[RefType]],
3121
- Field(description="Transform Type 1: encryption algorithms", title="Encryption Algorithm (ENCR)"),
3685
+ Optional[List[str]],
3686
+ Field(description="Transform Type 1: encryption algorithms", min_length=1, title="Encryption Algorithm (ENCR)"),
3122
3687
  ] = None
3123
3688
  prf: Annotated[
3124
- Optional[List[RefType]],
3125
- Field(description="Transform Type 2: pseudorandom functions", title="Pseudorandom Function (PRF)"),
3689
+ Optional[List[str]],
3690
+ Field(
3691
+ description="Transform Type 2: pseudorandom functions", min_length=1, title="Pseudorandom Function (PRF)"
3692
+ ),
3126
3693
  ] = None
3127
3694
  integ: Annotated[
3128
- Optional[List[RefType]],
3129
- Field(description="Transform Type 3: integrity algorithms", title="Integrity Algorithm (INTEG)"),
3695
+ Optional[List[str]],
3696
+ Field(description="Transform Type 3: integrity algorithms", min_length=1, title="Integrity Algorithm (INTEG)"),
3130
3697
  ] = None
3131
3698
  ke: Annotated[
3132
- Optional[List[RefType]],
3699
+ Optional[List[str]],
3133
3700
  Field(
3134
3701
  description=(
3135
- "Transform Type 4: Key Exchange Method (KE) per RFC9370, formerly called Diffie-Hellman Group (D-H)"
3702
+ "Transform Type 4: Key Exchange Method (KE) per [RFC 9370](https://www.ietf.org/rfc/rfc9370.html),"
3703
+ " formerly called Diffie-Hellman Group (D-H)."
3136
3704
  ),
3705
+ min_length=1,
3137
3706
  title="Key Exchange Method (KE)",
3138
3707
  ),
3139
3708
  ] = None
@@ -3145,7 +3714,8 @@ class Ikev2TransformTypes(CycloneDXBaseModel):
3145
3714
  ),
3146
3715
  ] = None
3147
3716
  auth: Annotated[
3148
- Optional[List[RefType]], Field(description="IKEv2 Authentication method", title="IKEv2 Authentication method")
3717
+ Optional[List[str]],
3718
+ Field(description="IKEv2 Authentication method", min_length=1, title="IKEv2 Authentication method"),
3149
3719
  ] = None
3150
3720
 
3151
3721
 
@@ -3157,7 +3727,7 @@ class ProtocolProperties(CycloneDXBaseModel):
3157
3727
  class Config:
3158
3728
  extra = Extra.forbid
3159
3729
 
3160
- type: Annotated[Optional[Type9], Field(description="The concrete protocol type.", title="Type")] = None
3730
+ type: Annotated[Optional[Type11], Field(description="The concrete protocol type.", title="Type")] = None
3161
3731
  version: Annotated[
3162
3732
  Optional[str],
3163
3733
  Field(description="The version of the protocol.", examples=["1.0", "1.2", "1.99"], title="Protocol Version"),
@@ -3170,15 +3740,19 @@ class ProtocolProperties(CycloneDXBaseModel):
3170
3740
  Optional[Ikev2TransformTypes],
3171
3741
  Field(
3172
3742
  description=(
3173
- "The IKEv2 transform types supported (types 1-4), defined in RFC7296 section 3.3.2, and additional"
3174
- " properties."
3743
+ "The IKEv2 transform types supported (types 1-4), defined in [RFC 7296 section"
3744
+ " 3.3.2](https://www.ietf.org/rfc/rfc7296.html#section-3.3.2), and additional properties."
3175
3745
  ),
3176
3746
  title="IKEv2 Transform Types",
3177
3747
  ),
3178
3748
  ] = None
3179
3749
  cryptoRefArray: Annotated[
3180
- Optional[List[RefType]],
3181
- Field(description="A list of protocol-related cryptographic assets", title="Cryptographic References"),
3750
+ Optional[List[str]],
3751
+ Field(
3752
+ description="A list of protocol-related cryptographic assets",
3753
+ min_length=1,
3754
+ title="Cryptographic References",
3755
+ ),
3182
3756
  ] = None
3183
3757
 
3184
3758
 
@@ -3245,7 +3819,7 @@ class Assessor(CycloneDXBaseModel):
3245
3819
  alias="bom-ref",
3246
3820
  description=(
3247
3821
  "An optional identifier which can be used to reference the object elsewhere in the BOM. Every bom-ref"
3248
- " MUST be unique within the BOM."
3822
+ " must be unique within the BOM."
3249
3823
  ),
3250
3824
  min_length=1,
3251
3825
  title="BOM Reference",
@@ -3333,21 +3907,21 @@ class DataGovernance(CycloneDXBaseModel):
3333
3907
  extra = Extra.forbid
3334
3908
 
3335
3909
  custodians: Annotated[
3336
- Optional[List[DataGovernanceResponsibleParty]],
3910
+ Optional[List[Union[DataGovernanceResponsibleParty1, DataGovernanceResponsibleParty2]]],
3337
3911
  Field(
3338
3912
  description="Data custodians are responsible for the safe custody, transport, and storage of data.",
3339
3913
  title="Data Custodians",
3340
3914
  ),
3341
3915
  ] = None
3342
3916
  stewards: Annotated[
3343
- Optional[List[DataGovernanceResponsibleParty]],
3917
+ Optional[List[Union[DataGovernanceResponsibleParty1, DataGovernanceResponsibleParty2]]],
3344
3918
  Field(
3345
3919
  description="Data stewards are responsible for data content, context, and associated business rules.",
3346
3920
  title="Data Stewards",
3347
3921
  ),
3348
3922
  ] = None
3349
3923
  owners: Annotated[
3350
- Optional[List[DataGovernanceResponsibleParty]],
3924
+ Optional[List[Union[DataGovernanceResponsibleParty1, DataGovernanceResponsibleParty2]]],
3351
3925
  Field(description="Data owners are concerned with risk and appropriate access to data.", title="Data Owners"),
3352
3926
  ] = None
3353
3927
 
@@ -3393,7 +3967,20 @@ class EnergyConsumption(CycloneDXBaseModel):
3393
3967
  Optional[Co2Measure],
3394
3968
  Field(description="The CO2 offset (credit) for the CO2 equivalent cost.", title="CO2 Cost Offset"),
3395
3969
  ] = None
3396
- properties: Annotated[Optional[List[Property]], Field(title="Properties")] = None
3970
+ properties: Annotated[
3971
+ Optional[List[Property]],
3972
+ Field(
3973
+ description=(
3974
+ "Provides the ability to document properties in a name-value store. This provides flexibility to"
3975
+ " include data not officially supported in the standard without having to use additional namespaces or"
3976
+ " create extensions. Unlike key-value stores, properties support duplicate names, each potentially"
3977
+ " having different values. Property names of interest to the general public are encouraged to be"
3978
+ " registered in the [CycloneDX Property"
3979
+ " Taxonomy](https://github.com/CycloneDX/cyclonedx-property-taxonomy). Formal registration is optional."
3980
+ ),
3981
+ title="Properties",
3982
+ ),
3983
+ ] = None
3397
3984
 
3398
3985
 
3399
3986
  class Workspace(CycloneDXBaseModel):
@@ -3410,7 +3997,7 @@ class Workspace(CycloneDXBaseModel):
3410
3997
  alias="bom-ref",
3411
3998
  description=(
3412
3999
  "An optional identifier which can be used to reference the workspace elsewhere in the BOM. Every"
3413
- " bom-ref MUST be unique within the BOM.\nValue SHOULD not start with the BOM-Link intro 'urn:cdx:' to"
4000
+ " bom-ref must be unique within the BOM.\nValue SHOULD not start with the BOM-Link intro 'urn:cdx:' to"
3414
4001
  " avoid conflicts with BOM-Links."
3415
4002
  ),
3416
4003
  min_length=1,
@@ -3432,93 +4019,341 @@ class Workspace(CycloneDXBaseModel):
3432
4019
  "The names for the workspace as referenced by other workflow tasks. Effectively, a name mapping so"
3433
4020
  " other tasks can use their own local name in their steps."
3434
4021
  ),
3435
- title="Aliases",
4022
+ title="Aliases",
4023
+ ),
4024
+ ] = None
4025
+ description: Annotated[
4026
+ Optional[str], Field(description="A description of the resource instance.", title="Description")
4027
+ ] = None
4028
+ resourceReferences: Annotated[
4029
+ Optional[List[Union[ResourceReferenceChoice1, ResourceReferenceChoice2]]],
4030
+ Field(
4031
+ description="References to component or service resources that are used to realize the resource instance.",
4032
+ title="Resource references",
4033
+ ),
4034
+ ] = None
4035
+ accessMode: Annotated[
4036
+ Optional[AccessMode],
4037
+ Field(
4038
+ description=(
4039
+ "Describes the read-write access control for the workspace relative to the owning resource instance."
4040
+ ),
4041
+ title="Access mode",
4042
+ ),
4043
+ ] = None
4044
+ mountPath: Annotated[
4045
+ Optional[str],
4046
+ Field(
4047
+ description=(
4048
+ "A path to a location on disk where the workspace will be available to the associated task's steps."
4049
+ ),
4050
+ title="Mount path",
4051
+ ),
4052
+ ] = None
4053
+ managedDataType: Annotated[
4054
+ Optional[str],
4055
+ Field(
4056
+ description="The name of a domain-specific data type the workspace represents.",
4057
+ examples=["ConfigMap", "Secret"],
4058
+ title="Managed data type",
4059
+ ),
4060
+ ] = None
4061
+ volumeRequest: Annotated[
4062
+ Optional[str],
4063
+ Field(
4064
+ description="Identifies the reference to the request for a specific volume type and parameters.",
4065
+ examples=["a kubernetes Persistent Volume Claim (PVC) name"],
4066
+ title="Volume request",
4067
+ ),
4068
+ ] = None
4069
+ volume: Annotated[
4070
+ Optional[Volume],
4071
+ Field(
4072
+ description="Information about the actual volume instance allocated to the workspace.",
4073
+ examples=["see https://kubernetes.io/docs/concepts/storage/persistent-volumes/"],
4074
+ title="Volume",
4075
+ ),
4076
+ ] = None
4077
+ properties: Annotated[
4078
+ Optional[List[Property]],
4079
+ Field(
4080
+ description=(
4081
+ "Provides the ability to document properties in a name-value store. This provides flexibility to"
4082
+ " include data not officially supported in the standard without having to use additional namespaces or"
4083
+ " create extensions. Unlike key-value stores, properties support duplicate names, each potentially"
4084
+ " having different values. Property names of interest to the general public are encouraged to be"
4085
+ " registered in the [CycloneDX Property"
4086
+ " Taxonomy](https://github.com/CycloneDX/cyclonedx-property-taxonomy). Formal registration is optional."
4087
+ ),
4088
+ title="Properties",
4089
+ ),
4090
+ ] = None
4091
+
4092
+
4093
+ class Event(CycloneDXBaseModel):
4094
+ """
4095
+ Represents something that happened that may trigger a response.
4096
+ """
4097
+
4098
+ class Config:
4099
+ extra = Extra.forbid
4100
+
4101
+ uid: Annotated[
4102
+ Optional[str], Field(description="The unique identifier of the event.", title="Unique Identifier (UID)")
4103
+ ] = None
4104
+ description: Annotated[Optional[str], Field(description="A description of the event.", title="Description")] = None
4105
+ timeReceived: Annotated[
4106
+ Optional[datetime],
4107
+ Field(description="The date and time (timestamp) when the event was received.", title="Time Received"),
4108
+ ] = None
4109
+ data: Annotated[Optional[Attachment], Field(description="Encoding of the raw event data.", title="Data")] = None
4110
+ source: Annotated[
4111
+ Optional[Union[ResourceReferenceChoice1, ResourceReferenceChoice2]],
4112
+ Field(description="References the component or service that was the source of the event", title="Source"),
4113
+ ] = None
4114
+ target: Annotated[
4115
+ Optional[Union[ResourceReferenceChoice1, ResourceReferenceChoice2]],
4116
+ Field(description="References the component or service that was the target of the event", title="Target"),
4117
+ ] = None
4118
+ properties: Annotated[
4119
+ Optional[List[Property]],
4120
+ Field(
4121
+ description=(
4122
+ "Provides the ability to document properties in a name-value store. This provides flexibility to"
4123
+ " include data not officially supported in the standard without having to use additional namespaces or"
4124
+ " create extensions. Unlike key-value stores, properties support duplicate names, each potentially"
4125
+ " having different values. Property names of interest to the general public are encouraged to be"
4126
+ " registered in the [CycloneDX Property"
4127
+ " Taxonomy](https://github.com/CycloneDX/cyclonedx-property-taxonomy). Formal registration is optional."
4128
+ ),
4129
+ title="Properties",
4130
+ ),
4131
+ ] = None
4132
+
4133
+
4134
+ class InputType1(CycloneDXBaseModel):
4135
+ """
4136
+ Type that represents various input data types and formats.
4137
+ """
4138
+
4139
+ class Config:
4140
+ extra = Extra.forbid
4141
+
4142
+ source: Annotated[
4143
+ Optional[Union[ResourceReferenceChoice1, ResourceReferenceChoice2]],
4144
+ Field(
4145
+ description=(
4146
+ "A reference to the component or service that provided the input to the task (e.g., reference to a"
4147
+ " service with data flow value of `inbound`)"
4148
+ ),
4149
+ examples=["source code repository", "database"],
4150
+ title="Source",
4151
+ ),
4152
+ ] = None
4153
+ target: Annotated[
4154
+ Optional[Union[ResourceReferenceChoice1, ResourceReferenceChoice2]],
4155
+ Field(
4156
+ description=(
4157
+ "A reference to the component or service that received or stored the input if not the task itself"
4158
+ " (e.g., a local, named storage workspace)"
4159
+ ),
4160
+ examples=["workspace", "directory"],
4161
+ title="Target",
4162
+ ),
4163
+ ] = None
4164
+ resource: Annotated[
4165
+ Union[ResourceReferenceChoice1, ResourceReferenceChoice2],
4166
+ Field(
4167
+ description=(
4168
+ "A reference to an independent resource provided as an input to a task by the workflow runtime."
4169
+ ),
4170
+ examples=[
4171
+ "a reference to a configuration file in a repository (i.e., a bom-ref)",
4172
+ "a reference to a scanning service used in a task (i.e., a bom-ref)",
4173
+ ],
4174
+ title="Resource",
4175
+ ),
4176
+ ]
4177
+ parameters: Annotated[
4178
+ Optional[List[Parameter]],
4179
+ Field(
4180
+ description="Inputs that have the form of parameters with names and values.",
4181
+ title="Parameters",
4182
+ ),
4183
+ ] = None
4184
+ environmentVars: Annotated[
4185
+ Optional[List[Union[Property, str]]],
4186
+ Field(
4187
+ description="Inputs that have the form of parameters with names and values.",
4188
+ title="Environment variables",
4189
+ ),
4190
+ ] = None
4191
+ data: Annotated[Optional[Attachment], Field(description="Inputs that have the form of data.", title="Data")] = None
4192
+ properties: Annotated[
4193
+ Optional[List[Property]],
4194
+ Field(
4195
+ description=(
4196
+ "Provides the ability to document properties in a name-value store. This provides flexibility to"
4197
+ " include data not officially supported in the standard without having to use additional namespaces or"
4198
+ " create extensions. Unlike key-value stores, properties support duplicate names, each potentially"
4199
+ " having different values. Property names of interest to the general public are encouraged to be"
4200
+ " registered in the [CycloneDX Property"
4201
+ " Taxonomy](https://github.com/CycloneDX/cyclonedx-property-taxonomy). Formal registration is optional."
4202
+ ),
4203
+ title="Properties",
4204
+ ),
4205
+ ] = None
4206
+
4207
+
4208
+ class InputType2(CycloneDXBaseModel):
4209
+ """
4210
+ Type that represents various input data types and formats.
4211
+ """
4212
+
4213
+ class Config:
4214
+ extra = Extra.forbid
4215
+
4216
+ source: Annotated[
4217
+ Optional[Union[ResourceReferenceChoice1, ResourceReferenceChoice2]],
4218
+ Field(
4219
+ description=(
4220
+ "A reference to the component or service that provided the input to the task (e.g., reference to a"
4221
+ " service with data flow value of `inbound`)"
4222
+ ),
4223
+ examples=["source code repository", "database"],
4224
+ title="Source",
4225
+ ),
4226
+ ] = None
4227
+ target: Annotated[
4228
+ Optional[Union[ResourceReferenceChoice1, ResourceReferenceChoice2]],
4229
+ Field(
4230
+ description=(
4231
+ "A reference to the component or service that received or stored the input if not the task itself"
4232
+ " (e.g., a local, named storage workspace)"
4233
+ ),
4234
+ examples=["workspace", "directory"],
4235
+ title="Target",
4236
+ ),
4237
+ ] = None
4238
+ resource: Annotated[
4239
+ Optional[Union[ResourceReferenceChoice1, ResourceReferenceChoice2]],
4240
+ Field(
4241
+ description=(
4242
+ "A reference to an independent resource provided as an input to a task by the workflow runtime."
4243
+ ),
4244
+ examples=[
4245
+ "a reference to a configuration file in a repository (i.e., a bom-ref)",
4246
+ "a reference to a scanning service used in a task (i.e., a bom-ref)",
4247
+ ],
4248
+ title="Resource",
4249
+ ),
4250
+ ] = None
4251
+ parameters: Annotated[
4252
+ List[Parameter],
4253
+ Field(
4254
+ description="Inputs that have the form of parameters with names and values.",
4255
+ title="Parameters",
4256
+ ),
4257
+ ]
4258
+ environmentVars: Annotated[
4259
+ Optional[List[Union[Property, str]]],
4260
+ Field(
4261
+ description="Inputs that have the form of parameters with names and values.",
4262
+ title="Environment variables",
4263
+ ),
4264
+ ] = None
4265
+ data: Annotated[Optional[Attachment], Field(description="Inputs that have the form of data.", title="Data")] = None
4266
+ properties: Annotated[
4267
+ Optional[List[Property]],
4268
+ Field(
4269
+ description=(
4270
+ "Provides the ability to document properties in a name-value store. This provides flexibility to"
4271
+ " include data not officially supported in the standard without having to use additional namespaces or"
4272
+ " create extensions. Unlike key-value stores, properties support duplicate names, each potentially"
4273
+ " having different values. Property names of interest to the general public are encouraged to be"
4274
+ " registered in the [CycloneDX Property"
4275
+ " Taxonomy](https://github.com/CycloneDX/cyclonedx-property-taxonomy). Formal registration is optional."
4276
+ ),
4277
+ title="Properties",
3436
4278
  ),
3437
4279
  ] = None
3438
- description: Annotated[
3439
- Optional[str], Field(description="A description of the resource instance.", title="Description")
3440
- ] = None
3441
- resourceReferences: Annotated[
3442
- Optional[List[ResourceReferenceChoice]],
4280
+
4281
+
4282
+ class InputType3(CycloneDXBaseModel):
4283
+ """
4284
+ Type that represents various input data types and formats.
4285
+ """
4286
+
4287
+ class Config:
4288
+ extra = Extra.forbid
4289
+
4290
+ source: Annotated[
4291
+ Optional[Union[ResourceReferenceChoice1, ResourceReferenceChoice2]],
3443
4292
  Field(
3444
- description="References to component or service resources that are used to realize the resource instance.",
3445
- title="Resource references",
4293
+ description=(
4294
+ "A reference to the component or service that provided the input to the task (e.g., reference to a"
4295
+ " service with data flow value of `inbound`)"
4296
+ ),
4297
+ examples=["source code repository", "database"],
4298
+ title="Source",
3446
4299
  ),
3447
4300
  ] = None
3448
- accessMode: Annotated[
3449
- Optional[AccessMode],
4301
+ target: Annotated[
4302
+ Optional[Union[ResourceReferenceChoice1, ResourceReferenceChoice2]],
3450
4303
  Field(
3451
4304
  description=(
3452
- "Describes the read-write access control for the workspace relative to the owning resource instance."
4305
+ "A reference to the component or service that received or stored the input if not the task itself"
4306
+ " (e.g., a local, named storage workspace)"
3453
4307
  ),
3454
- title="Access mode",
4308
+ examples=["workspace", "directory"],
4309
+ title="Target",
3455
4310
  ),
3456
4311
  ] = None
3457
- mountPath: Annotated[
3458
- Optional[str],
4312
+ resource: Annotated[
4313
+ Optional[Union[ResourceReferenceChoice1, ResourceReferenceChoice2]],
3459
4314
  Field(
3460
4315
  description=(
3461
- "A path to a location on disk where the workspace will be available to the associated task's steps."
4316
+ "A reference to an independent resource provided as an input to a task by the workflow runtime."
3462
4317
  ),
3463
- title="Mount path",
4318
+ examples=[
4319
+ "a reference to a configuration file in a repository (i.e., a bom-ref)",
4320
+ "a reference to a scanning service used in a task (i.e., a bom-ref)",
4321
+ ],
4322
+ title="Resource",
3464
4323
  ),
3465
4324
  ] = None
3466
- managedDataType: Annotated[
3467
- Optional[str],
4325
+ parameters: Annotated[
4326
+ Optional[List[Parameter]],
3468
4327
  Field(
3469
- description="The name of a domain-specific data type the workspace represents.",
3470
- examples=["ConfigMap", "Secret"],
3471
- title="Managed data type",
4328
+ description="Inputs that have the form of parameters with names and values.",
4329
+ title="Parameters",
3472
4330
  ),
3473
4331
  ] = None
3474
- volumeRequest: Annotated[
3475
- Optional[str],
4332
+ environmentVars: Annotated[
4333
+ List[Union[Property, str]],
3476
4334
  Field(
3477
- description="Identifies the reference to the request for a specific volume type and parameters.",
3478
- examples=["a kubernetes Persistent Volume Claim (PVC) name"],
3479
- title="Volume request",
4335
+ description="Inputs that have the form of parameters with names and values.",
4336
+ title="Environment variables",
3480
4337
  ),
3481
- ] = None
3482
- volume: Annotated[
3483
- Optional[Volume],
4338
+ ]
4339
+ data: Annotated[Optional[Attachment], Field(description="Inputs that have the form of data.", title="Data")] = None
4340
+ properties: Annotated[
4341
+ Optional[List[Property]],
3484
4342
  Field(
3485
- description="Information about the actual volume instance allocated to the workspace.",
3486
- examples=["see https://kubernetes.io/docs/concepts/storage/persistent-volumes/"],
3487
- title="Volume",
4343
+ description=(
4344
+ "Provides the ability to document properties in a name-value store. This provides flexibility to"
4345
+ " include data not officially supported in the standard without having to use additional namespaces or"
4346
+ " create extensions. Unlike key-value stores, properties support duplicate names, each potentially"
4347
+ " having different values. Property names of interest to the general public are encouraged to be"
4348
+ " registered in the [CycloneDX Property"
4349
+ " Taxonomy](https://github.com/CycloneDX/cyclonedx-property-taxonomy). Formal registration is optional."
4350
+ ),
4351
+ title="Properties",
3488
4352
  ),
3489
4353
  ] = None
3490
- properties: Annotated[Optional[List[Property]], Field(title="Properties")] = None
3491
-
3492
-
3493
- class Event(CycloneDXBaseModel):
3494
- """
3495
- Represents something that happened that may trigger a response.
3496
- """
3497
-
3498
- class Config:
3499
- extra = Extra.forbid
3500
-
3501
- uid: Annotated[
3502
- Optional[str], Field(description="The unique identifier of the event.", title="Unique Identifier (UID)")
3503
- ] = None
3504
- description: Annotated[Optional[str], Field(description="A description of the event.", title="Description")] = None
3505
- timeReceived: Annotated[
3506
- Optional[datetime],
3507
- Field(description="The date and time (timestamp) when the event was received.", title="Time Received"),
3508
- ] = None
3509
- data: Annotated[Optional[Attachment], Field(description="Encoding of the raw event data.", title="Data")] = None
3510
- source: Annotated[
3511
- Optional[ResourceReferenceChoice],
3512
- Field(description="References the component or service that was the source of the event", title="Source"),
3513
- ] = None
3514
- target: Annotated[
3515
- Optional[ResourceReferenceChoice],
3516
- Field(description="References the component or service that was the target of the event", title="Target"),
3517
- ] = None
3518
- properties: Annotated[Optional[List[Property]], Field(title="Properties")] = None
3519
4354
 
3520
4355
 
3521
- class InputType(CycloneDXBaseModel):
4356
+ class InputType4(CycloneDXBaseModel):
3522
4357
  """
3523
4358
  Type that represents various input data types and formats.
3524
4359
  """
@@ -3527,7 +4362,7 @@ class InputType(CycloneDXBaseModel):
3527
4362
  extra = Extra.forbid
3528
4363
 
3529
4364
  source: Annotated[
3530
- Optional[ResourceReferenceChoice],
4365
+ Optional[Union[ResourceReferenceChoice1, ResourceReferenceChoice2]],
3531
4366
  Field(
3532
4367
  description=(
3533
4368
  "A reference to the component or service that provided the input to the task (e.g., reference to a"
@@ -3538,7 +4373,7 @@ class InputType(CycloneDXBaseModel):
3538
4373
  ),
3539
4374
  ] = None
3540
4375
  target: Annotated[
3541
- Optional[ResourceReferenceChoice],
4376
+ Optional[Union[ResourceReferenceChoice1, ResourceReferenceChoice2]],
3542
4377
  Field(
3543
4378
  description=(
3544
4379
  "A reference to the component or service that received or stored the input if not the task itself"
@@ -3549,7 +4384,7 @@ class InputType(CycloneDXBaseModel):
3549
4384
  ),
3550
4385
  ] = None
3551
4386
  resource: Annotated[
3552
- Optional[ResourceReferenceChoice],
4387
+ Optional[Union[ResourceReferenceChoice1, ResourceReferenceChoice2]],
3553
4388
  Field(
3554
4389
  description=(
3555
4390
  "A reference to an independent resource provided as an input to a task by the workflow runtime."
@@ -3575,24 +4410,92 @@ class InputType(CycloneDXBaseModel):
3575
4410
  title="Environment variables",
3576
4411
  ),
3577
4412
  ] = None
3578
- data: Annotated[Optional[Attachment], Field(description="Inputs that have the form of data.", title="Data")] = None
3579
- properties: Annotated[Optional[List[Property]], Field(title="Properties")] = None
4413
+ data: Annotated[Attachment, Field(description="Inputs that have the form of data.", title="Data")]
4414
+ properties: Annotated[
4415
+ Optional[List[Property]],
4416
+ Field(
4417
+ description=(
4418
+ "Provides the ability to document properties in a name-value store. This provides flexibility to"
4419
+ " include data not officially supported in the standard without having to use additional namespaces or"
4420
+ " create extensions. Unlike key-value stores, properties support duplicate names, each potentially"
4421
+ " having different values. Property names of interest to the general public are encouraged to be"
4422
+ " registered in the [CycloneDX Property"
4423
+ " Taxonomy](https://github.com/CycloneDX/cyclonedx-property-taxonomy). Formal registration is optional."
4424
+ ),
4425
+ title="Properties",
4426
+ ),
4427
+ ] = None
4428
+
4429
+
4430
+ class OutputType1(CycloneDXBaseModel):
4431
+ class Config:
4432
+ extra = Extra.forbid
4433
+
4434
+ type: Annotated[Optional[Type7], Field(description="Describes the type of data output.", title="Type")] = None
4435
+ source: Annotated[
4436
+ Optional[Union[ResourceReferenceChoice1, ResourceReferenceChoice2]],
4437
+ Field(
4438
+ description="Component or service that generated or provided the output from the task (e.g., a build tool)",
4439
+ title="Source",
4440
+ ),
4441
+ ] = None
4442
+ target: Annotated[
4443
+ Optional[Union[ResourceReferenceChoice1, ResourceReferenceChoice2]],
4444
+ Field(
4445
+ description=(
4446
+ "Component or service that received the output from the task (e.g., reference to an artifactory service"
4447
+ " with data flow value of `outbound`)"
4448
+ ),
4449
+ examples=["a log file described as an `externalReference` within its target domain."],
4450
+ title="Target",
4451
+ ),
4452
+ ] = None
4453
+ resource: Annotated[
4454
+ Union[ResourceReferenceChoice1, ResourceReferenceChoice2],
4455
+ Field(
4456
+ description="A reference to an independent resource generated as output by the task.",
4457
+ examples=["configuration file", "source code", "scanning service"],
4458
+ title="Resource",
4459
+ ),
4460
+ ]
4461
+ data: Annotated[Optional[Attachment], Field(description="Outputs that have the form of data.", title="Data")] = None
4462
+ environmentVars: Annotated[
4463
+ Optional[List[Union[Property, str]]],
4464
+ Field(
4465
+ description="Outputs that have the form of environment variables.",
4466
+ title="Environment variables",
4467
+ ),
4468
+ ] = None
4469
+ properties: Annotated[
4470
+ Optional[List[Property]],
4471
+ Field(
4472
+ description=(
4473
+ "Provides the ability to document properties in a name-value store. This provides flexibility to"
4474
+ " include data not officially supported in the standard without having to use additional namespaces or"
4475
+ " create extensions. Unlike key-value stores, properties support duplicate names, each potentially"
4476
+ " having different values. Property names of interest to the general public are encouraged to be"
4477
+ " registered in the [CycloneDX Property"
4478
+ " Taxonomy](https://github.com/CycloneDX/cyclonedx-property-taxonomy). Formal registration is optional."
4479
+ ),
4480
+ title="Properties",
4481
+ ),
4482
+ ] = None
3580
4483
 
3581
4484
 
3582
- class OutputType(CycloneDXBaseModel):
4485
+ class OutputType2(CycloneDXBaseModel):
3583
4486
  class Config:
3584
4487
  extra = Extra.forbid
3585
4488
 
3586
4489
  type: Annotated[Optional[Type7], Field(description="Describes the type of data output.", title="Type")] = None
3587
4490
  source: Annotated[
3588
- Optional[ResourceReferenceChoice],
4491
+ Optional[Union[ResourceReferenceChoice1, ResourceReferenceChoice2]],
3589
4492
  Field(
3590
4493
  description="Component or service that generated or provided the output from the task (e.g., a build tool)",
3591
4494
  title="Source",
3592
4495
  ),
3593
4496
  ] = None
3594
4497
  target: Annotated[
3595
- Optional[ResourceReferenceChoice],
4498
+ Optional[Union[ResourceReferenceChoice1, ResourceReferenceChoice2]],
3596
4499
  Field(
3597
4500
  description=(
3598
4501
  "Component or service that received the output from the task (e.g., reference to an artifactory service"
@@ -3603,7 +4506,7 @@ class OutputType(CycloneDXBaseModel):
3603
4506
  ),
3604
4507
  ] = None
3605
4508
  resource: Annotated[
3606
- Optional[ResourceReferenceChoice],
4509
+ Optional[Union[ResourceReferenceChoice1, ResourceReferenceChoice2]],
3607
4510
  Field(
3608
4511
  description="A reference to an independent resource generated as output by the task.",
3609
4512
  examples=["configuration file", "source code", "scanning service"],
@@ -3611,6 +4514,61 @@ class OutputType(CycloneDXBaseModel):
3611
4514
  ),
3612
4515
  ] = None
3613
4516
  data: Annotated[Optional[Attachment], Field(description="Outputs that have the form of data.", title="Data")] = None
4517
+ environmentVars: Annotated[
4518
+ List[Union[Property, str]],
4519
+ Field(
4520
+ description="Outputs that have the form of environment variables.",
4521
+ title="Environment variables",
4522
+ ),
4523
+ ]
4524
+ properties: Annotated[
4525
+ Optional[List[Property]],
4526
+ Field(
4527
+ description=(
4528
+ "Provides the ability to document properties in a name-value store. This provides flexibility to"
4529
+ " include data not officially supported in the standard without having to use additional namespaces or"
4530
+ " create extensions. Unlike key-value stores, properties support duplicate names, each potentially"
4531
+ " having different values. Property names of interest to the general public are encouraged to be"
4532
+ " registered in the [CycloneDX Property"
4533
+ " Taxonomy](https://github.com/CycloneDX/cyclonedx-property-taxonomy). Formal registration is optional."
4534
+ ),
4535
+ title="Properties",
4536
+ ),
4537
+ ] = None
4538
+
4539
+
4540
+ class OutputType3(CycloneDXBaseModel):
4541
+ class Config:
4542
+ extra = Extra.forbid
4543
+
4544
+ type: Annotated[Optional[Type7], Field(description="Describes the type of data output.", title="Type")] = None
4545
+ source: Annotated[
4546
+ Optional[Union[ResourceReferenceChoice1, ResourceReferenceChoice2]],
4547
+ Field(
4548
+ description="Component or service that generated or provided the output from the task (e.g., a build tool)",
4549
+ title="Source",
4550
+ ),
4551
+ ] = None
4552
+ target: Annotated[
4553
+ Optional[Union[ResourceReferenceChoice1, ResourceReferenceChoice2]],
4554
+ Field(
4555
+ description=(
4556
+ "Component or service that received the output from the task (e.g., reference to an artifactory service"
4557
+ " with data flow value of `outbound`)"
4558
+ ),
4559
+ examples=["a log file described as an `externalReference` within its target domain."],
4560
+ title="Target",
4561
+ ),
4562
+ ] = None
4563
+ resource: Annotated[
4564
+ Optional[Union[ResourceReferenceChoice1, ResourceReferenceChoice2]],
4565
+ Field(
4566
+ description="A reference to an independent resource generated as output by the task.",
4567
+ examples=["configuration file", "source code", "scanning service"],
4568
+ title="Resource",
4569
+ ),
4570
+ ] = None
4571
+ data: Annotated[Attachment, Field(description="Outputs that have the form of data.", title="Data")]
3614
4572
  environmentVars: Annotated[
3615
4573
  Optional[List[Union[Property, str]]],
3616
4574
  Field(
@@ -3618,7 +4576,20 @@ class OutputType(CycloneDXBaseModel):
3618
4576
  title="Environment variables",
3619
4577
  ),
3620
4578
  ] = None
3621
- properties: Annotated[Optional[List[Property]], Field(title="Properties")] = None
4579
+ properties: Annotated[
4580
+ Optional[List[Property]],
4581
+ Field(
4582
+ description=(
4583
+ "Provides the ability to document properties in a name-value store. This provides flexibility to"
4584
+ " include data not officially supported in the standard without having to use additional namespaces or"
4585
+ " create extensions. Unlike key-value stores, properties support duplicate names, each potentially"
4586
+ " having different values. Property names of interest to the general public are encouraged to be"
4587
+ " registered in the [CycloneDX Property"
4588
+ " Taxonomy](https://github.com/CycloneDX/cyclonedx-property-taxonomy). Formal registration is optional."
4589
+ ),
4590
+ title="Properties",
4591
+ ),
4592
+ ] = None
3622
4593
 
3623
4594
 
3624
4595
  class Signature1(CycloneDXBaseModel):
@@ -3730,7 +4701,7 @@ class ComponentData(CycloneDXBaseModel):
3730
4701
  alias="bom-ref",
3731
4702
  description=(
3732
4703
  "An optional identifier which can be used to reference the dataset elsewhere in the BOM. Every bom-ref"
3733
- " MUST be unique within the BOM.\nValue SHOULD not start with the BOM-Link intro 'urn:cdx:' to avoid"
4704
+ " must be unique within the BOM.\nValue SHOULD not start with the BOM-Link intro 'urn:cdx:' to avoid"
3734
4705
  " conflicts with BOM-Links."
3735
4706
  ),
3736
4707
  min_length=1,
@@ -3793,7 +4764,20 @@ class EnvironmentalConsiderations(CycloneDXBaseModel):
3793
4764
  title="Energy Consumptions",
3794
4765
  ),
3795
4766
  ] = None
3796
- properties: Annotated[Optional[List[Property]], Field(title="Properties")] = None
4767
+ properties: Annotated[
4768
+ Optional[List[Property]],
4769
+ Field(
4770
+ description=(
4771
+ "Provides the ability to document properties in a name-value store. This provides flexibility to"
4772
+ " include data not officially supported in the standard without having to use additional namespaces or"
4773
+ " create extensions. Unlike key-value stores, properties support duplicate names, each potentially"
4774
+ " having different values. Property names of interest to the general public are encouraged to be"
4775
+ " registered in the [CycloneDX Property"
4776
+ " Taxonomy](https://github.com/CycloneDX/cyclonedx-property-taxonomy). Formal registration is optional."
4777
+ ),
4778
+ title="Properties",
4779
+ ),
4780
+ ] = None
3797
4781
 
3798
4782
 
3799
4783
  class Trigger(CycloneDXBaseModel):
@@ -3810,7 +4794,7 @@ class Trigger(CycloneDXBaseModel):
3810
4794
  alias="bom-ref",
3811
4795
  description=(
3812
4796
  "An optional identifier which can be used to reference the trigger elsewhere in the BOM. Every bom-ref"
3813
- " MUST be unique within the BOM.\nValue SHOULD not start with the BOM-Link intro 'urn:cdx:' to avoid"
4797
+ " must be unique within the BOM.\nValue SHOULD not start with the BOM-Link intro 'urn:cdx:' to avoid"
3814
4798
  " conflicts with BOM-Links."
3815
4799
  ),
3816
4800
  min_length=1,
@@ -3829,7 +4813,7 @@ class Trigger(CycloneDXBaseModel):
3829
4813
  Optional[str], Field(description="A description of the resource instance.", title="Description")
3830
4814
  ] = None
3831
4815
  resourceReferences: Annotated[
3832
- Optional[List[ResourceReferenceChoice]],
4816
+ Optional[List[Union[ResourceReferenceChoice1, ResourceReferenceChoice2]]],
3833
4817
  Field(
3834
4818
  description="References to component or service resources that are used to realize the resource instance.",
3835
4819
  title="Resource references",
@@ -3845,6 +4829,7 @@ class Trigger(CycloneDXBaseModel):
3845
4829
  conditions: Annotated[
3846
4830
  Optional[List[Condition]],
3847
4831
  Field(
4832
+ description="A list of conditions used to determine if a trigger should be activated.",
3848
4833
  title="Conditions",
3849
4834
  ),
3850
4835
  ] = None
@@ -3853,7 +4838,7 @@ class Trigger(CycloneDXBaseModel):
3853
4838
  Field(description="The date and time (timestamp) when the trigger was activated.", title="Time activated"),
3854
4839
  ] = None
3855
4840
  inputs: Annotated[
3856
- Optional[List[InputType]],
4841
+ Optional[List[Union[InputType1, InputType2, InputType3, InputType4]]],
3857
4842
  Field(
3858
4843
  description="Represents resources and data brought into a task at runtime by executor or task commands",
3859
4844
  examples=["a `configuration` file which was declared as a local `component` or `externalReference`"],
@@ -3861,14 +4846,27 @@ class Trigger(CycloneDXBaseModel):
3861
4846
  ),
3862
4847
  ] = None
3863
4848
  outputs: Annotated[
3864
- Optional[List[OutputType]],
4849
+ Optional[List[Union[OutputType1, OutputType2, OutputType3]]],
3865
4850
  Field(
3866
4851
  description="Represents resources and data output from a task at runtime by executor or task commands",
3867
4852
  examples=["a log file or metrics data produced by the task"],
3868
4853
  title="Outputs",
3869
4854
  ),
3870
4855
  ] = None
3871
- properties: Annotated[Optional[List[Property]], Field(title="Properties")] = None
4856
+ properties: Annotated[
4857
+ Optional[List[Property]],
4858
+ Field(
4859
+ description=(
4860
+ "Provides the ability to document properties in a name-value store. This provides flexibility to"
4861
+ " include data not officially supported in the standard without having to use additional namespaces or"
4862
+ " create extensions. Unlike key-value stores, properties support duplicate names, each potentially"
4863
+ " having different values. Property names of interest to the general public are encouraged to be"
4864
+ " registered in the [CycloneDX Property"
4865
+ " Taxonomy](https://github.com/CycloneDX/cyclonedx-property-taxonomy). Formal registration is optional."
4866
+ ),
4867
+ title="Properties",
4868
+ ),
4869
+ ] = None
3872
4870
 
3873
4871
 
3874
4872
  class Attestation(CycloneDXBaseModel):
@@ -3914,7 +4912,7 @@ class Claim(CycloneDXBaseModel):
3914
4912
  alias="bom-ref",
3915
4913
  description=(
3916
4914
  "An optional identifier which can be used to reference the object elsewhere in the BOM. Every bom-ref"
3917
- " MUST be unique within the BOM."
4915
+ " must be unique within the BOM."
3918
4916
  ),
3919
4917
  min_length=1,
3920
4918
  title="BOM Reference",
@@ -3935,12 +4933,13 @@ class Claim(CycloneDXBaseModel):
3935
4933
  Optional[str], Field(description="The specific statement or assertion about the target.", title="Predicate")
3936
4934
  ] = None
3937
4935
  mitigationStrategies: Annotated[
3938
- Optional[List[RefLinkType]],
4936
+ Optional[List[str]],
3939
4937
  Field(
3940
4938
  description=(
3941
4939
  "The list of `bom-ref` to the evidence provided describing the mitigation strategies. Each mitigation"
3942
4940
  " strategy should include an explanation of how any weaknesses in the evidence will be mitigated."
3943
4941
  ),
4942
+ min_length=1,
3944
4943
  title="Mitigation Strategies",
3945
4944
  ),
3946
4945
  ] = None
@@ -3952,13 +4951,17 @@ class Claim(CycloneDXBaseModel):
3952
4951
  ),
3953
4952
  ] = None
3954
4953
  evidence: Annotated[
3955
- Optional[List[RefLinkType]],
3956
- Field(description="The list of `bom-ref` to evidence that supports this claim.", title="Evidence"),
4954
+ Optional[List[str]],
4955
+ Field(
4956
+ description="The list of `bom-ref` to evidence that supports this claim.", min_length=1, title="Evidence"
4957
+ ),
3957
4958
  ] = None
3958
4959
  counterEvidence: Annotated[
3959
- Optional[List[RefLinkType]],
4960
+ Optional[List[str]],
3960
4961
  Field(
3961
- description="The list of `bom-ref` to counterEvidence that supports this claim.", title="Counter Evidence"
4962
+ description="The list of `bom-ref` to counterEvidence that supports this claim.",
4963
+ min_length=1,
4964
+ title="Counter Evidence",
3962
4965
  ),
3963
4966
  ] = None
3964
4967
  externalReferences: Annotated[
@@ -3994,7 +4997,7 @@ class Evidence(CycloneDXBaseModel):
3994
4997
  alias="bom-ref",
3995
4998
  description=(
3996
4999
  "An optional identifier which can be used to reference the object elsewhere in the BOM. Every bom-ref"
3997
- " MUST be unique within the BOM."
5000
+ " must be unique within the BOM."
3998
5001
  ),
3999
5002
  min_length=1,
4000
5003
  title="BOM Reference",
@@ -4047,7 +5050,79 @@ class Evidence(CycloneDXBaseModel):
4047
5050
  ] = None
4048
5051
 
4049
5052
 
5053
+ class Signatories(CycloneDXBaseModel):
5054
+ class Config:
5055
+ extra = Extra.forbid
5056
+
5057
+ name: Annotated[Optional[str], Field(description="The signatory's name.", title="Name")] = None
5058
+ role: Annotated[
5059
+ Optional[str], Field(description="The signatory's role within an organization.", title="Role")
5060
+ ] = None
5061
+ signature: Annotated[
5062
+ Union[Signature1, Signature2, Signer],
5063
+ Field(
5064
+ description=(
5065
+ "Enveloped signature in [JSON Signature Format"
5066
+ " (JSF)](https://cyberphone.github.io/doc/security/jsf.html)."
5067
+ ),
5068
+ title="Signature",
5069
+ ),
5070
+ ]
5071
+ organization: Annotated[
5072
+ Optional[OrganizationalEntity], Field(description="The signatory's organization.", title="Organization")
5073
+ ] = None
5074
+ externalReference: Annotated[
5075
+ Optional[ExternalReference],
5076
+ Field(
5077
+ description=(
5078
+ "External references provide a way to document systems, sites, and information that may be relevant but"
5079
+ " are not included with the BOM. They may also establish specific relationships within or external to"
5080
+ " the BOM."
5081
+ ),
5082
+ title="External Reference",
5083
+ ),
5084
+ ] = None
5085
+
5086
+
5087
+ class Signatories1(CycloneDXBaseModel):
5088
+ class Config:
5089
+ extra = Extra.forbid
5090
+
5091
+ name: Annotated[Optional[str], Field(description="The signatory's name.", title="Name")] = None
5092
+ role: Annotated[
5093
+ Optional[str], Field(description="The signatory's role within an organization.", title="Role")
5094
+ ] = None
5095
+ signature: Annotated[
5096
+ Optional[Union[Signature1, Signature2, Signer]],
5097
+ Field(
5098
+ description=(
5099
+ "Enveloped signature in [JSON Signature Format"
5100
+ " (JSF)](https://cyberphone.github.io/doc/security/jsf.html)."
5101
+ ),
5102
+ title="Signature",
5103
+ ),
5104
+ ] = None
5105
+ organization: Annotated[
5106
+ OrganizationalEntity, Field(description="The signatory's organization.", title="Organization")
5107
+ ]
5108
+ externalReference: Annotated[
5109
+ ExternalReference,
5110
+ Field(
5111
+ description=(
5112
+ "External references provide a way to document systems, sites, and information that may be relevant but"
5113
+ " are not included with the BOM. They may also establish specific relationships within or external to"
5114
+ " the BOM."
5115
+ ),
5116
+ title="External Reference",
5117
+ ),
5118
+ ]
5119
+
5120
+
4050
5121
  class Affirmation(CycloneDXBaseModel):
5122
+ """
5123
+ A concise statement affirmed by an individual regarding all declarations, often used for third-party auditor acceptance or recipient acknowledgment. It includes a list of authorized signatories who assert the validity of the document on behalf of the organization.
5124
+ """
5125
+
4051
5126
  class Config:
4052
5127
  extra = Extra.forbid
4053
5128
 
@@ -4063,7 +5138,7 @@ class Affirmation(CycloneDXBaseModel):
4063
5138
  ),
4064
5139
  ] = None
4065
5140
  signatories: Annotated[
4066
- Optional[List],
5141
+ Optional[List[Union[Signatories, Signatories1]]],
4067
5142
  Field(
4068
5143
  description=(
4069
5144
  "The list of signatories authorized on behalf of an organization to assert validity of this document."
@@ -4093,7 +5168,7 @@ class Service(CycloneDXBaseModel):
4093
5168
  alias="bom-ref",
4094
5169
  description=(
4095
5170
  "An optional identifier which can be used to reference the service elsewhere in the BOM. Every bom-ref"
4096
- " MUST be unique within the BOM.\nValue SHOULD not start with the BOM-Link intro 'urn:cdx:' to avoid"
5171
+ " must be unique within the BOM.\nValue SHOULD not start with the BOM-Link intro 'urn:cdx:' to avoid"
4097
5172
  " conflicts with BOM-Links."
4098
5173
  ),
4099
5174
  min_length=1,
@@ -4186,7 +5261,7 @@ class Service(CycloneDXBaseModel):
4186
5261
  description=(
4187
5262
  "EITHER (list of SPDX licenses and/or named licenses) OR (tuple of one SPDX License Expression)"
4188
5263
  ),
4189
- title="Component License(s)",
5264
+ title="Service License(s)",
4190
5265
  ),
4191
5266
  ] = None
4192
5267
  externalReferences: Annotated[
@@ -4222,7 +5297,7 @@ class Service(CycloneDXBaseModel):
4222
5297
  " create extensions. Unlike key-value stores, properties support duplicate names, each potentially"
4223
5298
  " having different values. Property names of interest to the general public are encouraged to be"
4224
5299
  " registered in the [CycloneDX Property"
4225
- " Taxonomy](https://github.com/CycloneDX/cyclonedx-property-taxonomy). Formal registration is OPTIONAL."
5300
+ " Taxonomy](https://github.com/CycloneDX/cyclonedx-property-taxonomy). Formal registration is optional."
4226
5301
  ),
4227
5302
  title="Properties",
4228
5303
  ),
@@ -4260,7 +5335,7 @@ class Compositions(CycloneDXBaseModel):
4260
5335
  alias="bom-ref",
4261
5336
  description=(
4262
5337
  "An optional identifier which can be used to reference the composition elsewhere in the BOM. Every"
4263
- " bom-ref MUST be unique within the BOM.\nValue SHOULD not start with the BOM-Link intro 'urn:cdx:' to"
5338
+ " bom-ref must be unique within the BOM.\nValue SHOULD not start with the BOM-Link intro 'urn:cdx:' to"
4264
5339
  " avoid conflicts with BOM-Links."
4265
5340
  ),
4266
5341
  min_length=1,
@@ -4315,53 +5390,6 @@ class Compositions(CycloneDXBaseModel):
4315
5390
  ] = None
4316
5391
 
4317
5392
 
4318
- class Annotations(CycloneDXBaseModel):
4319
- """
4320
- A comment, note, explanation, or similar textual content which provides additional context to the object(s) being annotated.
4321
- """
4322
-
4323
- class Config:
4324
- extra = Extra.forbid
4325
-
4326
- bom_ref: Annotated[
4327
- Optional[str],
4328
- Field(
4329
- alias="bom-ref",
4330
- description=(
4331
- "An optional identifier which can be used to reference the annotation elsewhere in the BOM. Every"
4332
- " bom-ref MUST be unique within the BOM.\nValue SHOULD not start with the BOM-Link intro 'urn:cdx:' to"
4333
- " avoid conflicts with BOM-Links."
4334
- ),
4335
- min_length=1,
4336
- title="BOM Reference",
4337
- ),
4338
- ] = None
4339
- subjects: Annotated[
4340
- List[Union[RefLinkType, BomLinkElementType]],
4341
- Field(
4342
- description=(
4343
- "The object in the BOM identified by its bom-ref. This is often a component or service, but may be any"
4344
- " object type supporting bom-refs."
4345
- ),
4346
- title="Subjects",
4347
- ),
4348
- ]
4349
- timestamp: Annotated[
4350
- datetime, Field(description="The date and time (timestamp) when the annotation was created.", title="Timestamp")
4351
- ]
4352
- text: Annotated[str, Field(description="The textual content of the annotation.", title="Text")]
4353
- signature: Annotated[
4354
- Optional[Union[Signature1, Signature2, Signer]],
4355
- Field(
4356
- description=(
4357
- "Enveloped signature in [JSON Signature Format"
4358
- " (JSF)](https://cyberphone.github.io/doc/security/jsf.html)."
4359
- ),
4360
- title="Signature",
4361
- ),
4362
- ] = None
4363
-
4364
-
4365
5393
  class ModelParameters(CycloneDXBaseModel):
4366
5394
  """
4367
5395
  Hyper-parameters for construction of the model.
@@ -4402,7 +5430,7 @@ class ModelParameters(CycloneDXBaseModel):
4402
5430
  ),
4403
5431
  ] = None
4404
5432
  datasets: Annotated[
4405
- Optional[List[Union[ComponentData, Dataset]]],
5433
+ Optional[List[Union[ComponentData, Datasets]]],
4406
5434
  Field(description="The datasets used to train and evaluate the model.", title="Datasets"),
4407
5435
  ] = None
4408
5436
  inputs: Annotated[
@@ -4476,7 +5504,7 @@ class Considerations(CycloneDXBaseModel):
4476
5504
 
4477
5505
  class ModelCard(CycloneDXBaseModel):
4478
5506
  """
4479
- A model card describes the intended uses of a machine learning model and potential limitations, including biases and ethical considerations. Model cards typically contain the training parameters, which datasets were used to train the model, performance metrics, and other relevant data useful for ML transparency. This object SHOULD be specified for any component of type `machine-learning-model` and MUST NOT be specified for other component types.
5507
+ A model card describes the intended uses of a machine learning model and potential limitations, including biases and ethical considerations. Model cards typically contain the training parameters, which datasets were used to train the model, performance metrics, and other relevant data useful for ML transparency. This object SHOULD be specified for any component of type `machine-learning-model` and must not be specified for other component types.
4480
5508
  """
4481
5509
 
4482
5510
  class Config:
@@ -4488,7 +5516,7 @@ class ModelCard(CycloneDXBaseModel):
4488
5516
  alias="bom-ref",
4489
5517
  description=(
4490
5518
  "An optional identifier which can be used to reference the model card elsewhere in the BOM. Every"
4491
- " bom-ref MUST be unique within the BOM.\nValue SHOULD not start with the BOM-Link intro 'urn:cdx:' to"
5519
+ " bom-ref must be unique within the BOM.\nValue SHOULD not start with the BOM-Link intro 'urn:cdx:' to"
4492
5520
  " avoid conflicts with BOM-Links."
4493
5521
  ),
4494
5522
  min_length=1,
@@ -4522,7 +5550,7 @@ class ModelCard(CycloneDXBaseModel):
4522
5550
  " create extensions. Unlike key-value stores, properties support duplicate names, each potentially"
4523
5551
  " having different values. Property names of interest to the general public are encouraged to be"
4524
5552
  " registered in the [CycloneDX Property"
4525
- " Taxonomy](https://github.com/CycloneDX/cyclonedx-property-taxonomy). Formal registration is OPTIONAL."
5553
+ " Taxonomy](https://github.com/CycloneDX/cyclonedx-property-taxonomy). Formal registration is optional."
4526
5554
  ),
4527
5555
  title="Properties",
4528
5556
  ),
@@ -4543,7 +5571,7 @@ class Task(CycloneDXBaseModel):
4543
5571
  alias="bom-ref",
4544
5572
  description=(
4545
5573
  "An optional identifier which can be used to reference the task elsewhere in the BOM. Every bom-ref"
4546
- " MUST be unique within the BOM.\nValue SHOULD not start with the BOM-Link intro 'urn:cdx:' to avoid"
5574
+ " must be unique within the BOM.\nValue SHOULD not start with the BOM-Link intro 'urn:cdx:' to avoid"
4547
5575
  " conflicts with BOM-Links."
4548
5576
  ),
4549
5577
  min_length=1,
@@ -4562,7 +5590,7 @@ class Task(CycloneDXBaseModel):
4562
5590
  Optional[str], Field(description="A description of the resource instance.", title="Description")
4563
5591
  ] = None
4564
5592
  resourceReferences: Annotated[
4565
- Optional[List[ResourceReferenceChoice]],
5593
+ Optional[List[Union[ResourceReferenceChoice1, ResourceReferenceChoice2]]],
4566
5594
  Field(
4567
5595
  description="References to component or service resources that are used to realize the resource instance.",
4568
5596
  title="Resource references",
@@ -4585,7 +5613,7 @@ class Task(CycloneDXBaseModel):
4585
5613
  ),
4586
5614
  ] = None
4587
5615
  inputs: Annotated[
4588
- Optional[List[InputType]],
5616
+ Optional[List[Union[InputType1, InputType2, InputType3, InputType4]]],
4589
5617
  Field(
4590
5618
  description="Represents resources and data brought into a task at runtime by executor or task commands",
4591
5619
  examples=["a `configuration` file which was declared as a local `component` or `externalReference`"],
@@ -4593,7 +5621,7 @@ class Task(CycloneDXBaseModel):
4593
5621
  ),
4594
5622
  ] = None
4595
5623
  outputs: Annotated[
4596
- Optional[List[OutputType]],
5624
+ Optional[List[Union[OutputType1, OutputType2, OutputType3]]],
4597
5625
  Field(
4598
5626
  description="Represents resources and data output from a task at runtime by executor or task commands",
4599
5627
  examples=["a log file or metrics data produced by the task"],
@@ -4621,7 +5649,20 @@ class Task(CycloneDXBaseModel):
4621
5649
  title="Runtime topology",
4622
5650
  ),
4623
5651
  ] = None
4624
- properties: Annotated[Optional[List[Property]], Field(title="Properties")] = None
5652
+ properties: Annotated[
5653
+ Optional[List[Property]],
5654
+ Field(
5655
+ description=(
5656
+ "Provides the ability to document properties in a name-value store. This provides flexibility to"
5657
+ " include data not officially supported in the standard without having to use additional namespaces or"
5658
+ " create extensions. Unlike key-value stores, properties support duplicate names, each potentially"
5659
+ " having different values. Property names of interest to the general public are encouraged to be"
5660
+ " registered in the [CycloneDX Property"
5661
+ " Taxonomy](https://github.com/CycloneDX/cyclonedx-property-taxonomy). Formal registration is optional."
5662
+ ),
5663
+ title="Properties",
5664
+ ),
5665
+ ] = None
4625
5666
 
4626
5667
 
4627
5668
  class Standard(CycloneDXBaseModel):
@@ -4638,7 +5679,7 @@ class Standard(CycloneDXBaseModel):
4638
5679
  alias="bom-ref",
4639
5680
  description=(
4640
5681
  "An optional identifier which can be used to reference the object elsewhere in the BOM. Every bom-ref"
4641
- " MUST be unique within the BOM."
5682
+ " must be unique within the BOM."
4642
5683
  ),
4643
5684
  min_length=1,
4644
5685
  title="BOM Reference",
@@ -4730,7 +5771,7 @@ class Workflow(CycloneDXBaseModel):
4730
5771
  alias="bom-ref",
4731
5772
  description=(
4732
5773
  "An optional identifier which can be used to reference the workflow elsewhere in the BOM. Every bom-ref"
4733
- " MUST be unique within the BOM.\nValue SHOULD not start with the BOM-Link intro 'urn:cdx:' to avoid"
5774
+ " must be unique within the BOM.\nValue SHOULD not start with the BOM-Link intro 'urn:cdx:' to avoid"
4734
5775
  " conflicts with BOM-Links."
4735
5776
  ),
4736
5777
  min_length=1,
@@ -4749,7 +5790,7 @@ class Workflow(CycloneDXBaseModel):
4749
5790
  Optional[str], Field(description="A description of the resource instance.", title="Description")
4750
5791
  ] = None
4751
5792
  resourceReferences: Annotated[
4752
- Optional[List[ResourceReferenceChoice]],
5793
+ Optional[List[Union[ResourceReferenceChoice1, ResourceReferenceChoice2]]],
4753
5794
  Field(
4754
5795
  description="References to component or service resources that are used to realize the resource instance.",
4755
5796
  title="Resource references",
@@ -4786,7 +5827,7 @@ class Workflow(CycloneDXBaseModel):
4786
5827
  ),
4787
5828
  ] = None
4788
5829
  inputs: Annotated[
4789
- Optional[List[InputType]],
5830
+ Optional[List[Union[InputType1, InputType2, InputType3, InputType4]]],
4790
5831
  Field(
4791
5832
  description="Represents resources and data brought into a task at runtime by executor or task commands",
4792
5833
  examples=["a `configuration` file which was declared as a local `component` or `externalReference`"],
@@ -4794,7 +5835,7 @@ class Workflow(CycloneDXBaseModel):
4794
5835
  ),
4795
5836
  ] = None
4796
5837
  outputs: Annotated[
4797
- Optional[List[OutputType]],
5838
+ Optional[List[Union[OutputType1, OutputType2, OutputType3]]],
4798
5839
  Field(
4799
5840
  description="Represents resources and data output from a task at runtime by executor or task commands",
4800
5841
  examples=["a log file or metrics data produced by the task"],
@@ -4822,7 +5863,20 @@ class Workflow(CycloneDXBaseModel):
4822
5863
  title="Runtime topology",
4823
5864
  ),
4824
5865
  ] = None
4825
- properties: Annotated[Optional[List[Property]], Field(title="Properties")] = None
5866
+ properties: Annotated[
5867
+ Optional[List[Property]],
5868
+ Field(
5869
+ description=(
5870
+ "Provides the ability to document properties in a name-value store. This provides flexibility to"
5871
+ " include data not officially supported in the standard without having to use additional namespaces or"
5872
+ " create extensions. Unlike key-value stores, properties support duplicate names, each potentially"
5873
+ " having different values. Property names of interest to the general public are encouraged to be"
5874
+ " registered in the [CycloneDX Property"
5875
+ " Taxonomy](https://github.com/CycloneDX/cyclonedx-property-taxonomy). Formal registration is optional."
5876
+ ),
5877
+ title="Properties",
5878
+ ),
5879
+ ] = None
4826
5880
 
4827
5881
 
4828
5882
  class Targets(CycloneDXBaseModel):
@@ -4877,7 +5931,17 @@ class Declarations(CycloneDXBaseModel):
4877
5931
  targets: Annotated[
4878
5932
  Optional[Targets], Field(description="The list of targets which claims are made against.", title="Targets")
4879
5933
  ] = None
4880
- affirmation: Annotated[Optional[Affirmation], Field(title="Affirmation")] = None
5934
+ affirmation: Annotated[
5935
+ Optional[Affirmation],
5936
+ Field(
5937
+ description=(
5938
+ "A concise statement affirmed by an individual regarding all declarations, often used for third-party"
5939
+ " auditor acceptance or recipient acknowledgment. It includes a list of authorized signatories who"
5940
+ " assert the validity of the document on behalf of the organization."
5941
+ ),
5942
+ title="Affirmation",
5943
+ ),
5944
+ ] = None
4881
5945
  signature: Annotated[
4882
5946
  Optional[Union[Signature1, Signature2, Signer]],
4883
5947
  Field(
@@ -4900,7 +5964,7 @@ class CyclonedxBillOfMaterialsStandard(CycloneDXBaseModel):
4900
5964
  Field(
4901
5965
  description=(
4902
5966
  "Specifies the format of the BOM. This helps to identify the file as CycloneDX since BOMs do not have a"
4903
- ' filename convention, nor does JSON schema support namespaces. This value MUST be "CycloneDX".'
5967
+ ' filename convention, nor does JSON schema support namespaces. This value must be "CycloneDX".'
4904
5968
  ),
4905
5969
  title="BOM Format",
4906
5970
  ),
@@ -4909,7 +5973,7 @@ class CyclonedxBillOfMaterialsStandard(CycloneDXBaseModel):
4909
5973
  str,
4910
5974
  Field(
4911
5975
  description="The version of the CycloneDX specification the BOM conforms to.",
4912
- examples=["1.6"],
5976
+ examples=["1.6.1"],
4913
5977
  title="CycloneDX Specification Version",
4914
5978
  ),
4915
5979
  ]
@@ -4918,8 +5982,8 @@ class CyclonedxBillOfMaterialsStandard(CycloneDXBaseModel):
4918
5982
  Field(
4919
5983
  description=(
4920
5984
  "Every BOM generated SHOULD have a unique serial number, even if the contents of the BOM have not"
4921
- " changed over time. If specified, the serial number MUST conform to RFC-4122. Use of serial numbers is"
4922
- " RECOMMENDED."
5985
+ " changed over time. If specified, the serial number must conform to [RFC"
5986
+ " 4122](https://www.ietf.org/rfc/rfc4122.html). Use of serial numbers is recommended."
4923
5987
  ),
4924
5988
  examples=["urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79"],
4925
5989
  regex="^urn:uuid:[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$",
@@ -5045,7 +6109,7 @@ class CyclonedxBillOfMaterialsStandard(CycloneDXBaseModel):
5045
6109
  " create extensions. Unlike key-value stores, properties support duplicate names, each potentially"
5046
6110
  " having different values. Property names of interest to the general public are encouraged to be"
5047
6111
  " registered in the [CycloneDX Property"
5048
- " Taxonomy](https://github.com/CycloneDX/cyclonedx-property-taxonomy). Formal registration is OPTIONAL."
6112
+ " Taxonomy](https://github.com/CycloneDX/cyclonedx-property-taxonomy). Formal registration is optional."
5049
6113
  ),
5050
6114
  title="Properties",
5051
6115
  ),
@@ -5062,7 +6126,7 @@ class CyclonedxBillOfMaterialsStandard(CycloneDXBaseModel):
5062
6126
  ] = None
5063
6127
 
5064
6128
 
5065
- class ToolModel(CycloneDXBaseModel):
6129
+ class Tools(CycloneDXBaseModel):
5066
6130
  """
5067
6131
  The tool(s) used in the creation, enrichment, and validation of the BOM.
5068
6132
  """
@@ -5098,7 +6162,7 @@ class Metadata(CycloneDXBaseModel):
5098
6162
  Field(description="The date and time (timestamp) when the BOM was created.", title="Timestamp"),
5099
6163
  ] = None
5100
6164
  lifecycles: Annotated[
5101
- Optional[List[Union[Lifecycle, Lifecycle1]]],
6165
+ Optional[List[Union[Lifecycles, Lifecycles1]]],
5102
6166
  Field(
5103
6167
  description=(
5104
6168
  "Lifecycles communicate the stage(s) in which data in the BOM was captured. Different types of data may"
@@ -5110,7 +6174,7 @@ class Metadata(CycloneDXBaseModel):
5110
6174
  ),
5111
6175
  ] = None
5112
6176
  tools: Annotated[
5113
- Optional[Union[ToolModel, List[Tool]]],
6177
+ Optional[Union[Tools, List[Tool]]],
5114
6178
  Field(description="The tool(s) used in the creation, enrichment, and validation of the BOM.", title="Tools"),
5115
6179
  ] = None
5116
6180
  manufacturer: Annotated[
@@ -5175,7 +6239,7 @@ class Metadata(CycloneDXBaseModel):
5175
6239
  " create extensions. Unlike key-value stores, properties support duplicate names, each potentially"
5176
6240
  " having different values. Property names of interest to the general public are encouraged to be"
5177
6241
  " registered in the [CycloneDX Property"
5178
- " Taxonomy](https://github.com/CycloneDX/cyclonedx-property-taxonomy). Formal registration is OPTIONAL."
6242
+ " Taxonomy](https://github.com/CycloneDX/cyclonedx-property-taxonomy). Formal registration is optional."
5179
6243
  ),
5180
6244
  title="Properties",
5181
6245
  ),
@@ -5289,7 +6353,7 @@ class Component(CycloneDXBaseModel):
5289
6353
  alias="bom-ref",
5290
6354
  description=(
5291
6355
  "An optional identifier which can be used to reference the component elsewhere in the BOM. Every"
5292
- " bom-ref MUST be unique within the BOM.\nValue SHOULD not start with the BOM-Link intro 'urn:cdx:' to"
6356
+ " bom-ref must be unique within the BOM.\nValue SHOULD not start with the BOM-Link intro 'urn:cdx:' to"
5293
6357
  " avoid conflicts with BOM-Links."
5294
6358
  ),
5295
6359
  min_length=1,
@@ -5432,7 +6496,7 @@ class Component(CycloneDXBaseModel):
5432
6496
  Optional[str],
5433
6497
  Field(
5434
6498
  description=(
5435
- "Asserts the identity of the component using package-url (purl). The purl, if specified, MUST be valid"
6499
+ "Asserts the identity of the component using package-url (purl). The purl, if specified, must be valid"
5436
6500
  " and conform to the specification defined at:"
5437
6501
  " [https://github.com/package-url/purl-spec](https://github.com/package-url/purl-spec). Refer to"
5438
6502
  " `@.evidence.identity` to optionally provide evidence that substantiates the assertion of the"
@@ -5446,7 +6510,7 @@ class Component(CycloneDXBaseModel):
5446
6510
  Optional[List[str]],
5447
6511
  Field(
5448
6512
  description=(
5449
- "Asserts the identity of the component using the OmniBOR Artifact ID. The OmniBOR, if specified, MUST"
6513
+ "Asserts the identity of the component using the OmniBOR Artifact ID. The OmniBOR, if specified, must"
5450
6514
  " be valid and conform to the specification defined at:"
5451
6515
  " [https://www.iana.org/assignments/uri-schemes/prov/gitoid](https://www.iana.org/assignments/uri-schemes/prov/gitoid)."
5452
6516
  " Refer to `@.evidence.identity` to optionally provide evidence that substantiates the assertion of the"
@@ -5464,13 +6528,13 @@ class Component(CycloneDXBaseModel):
5464
6528
  Field(
5465
6529
  description=(
5466
6530
  "Asserts the identity of the component using the Software Heritage persistent identifier (SWHID). The"
5467
- " SWHID, if specified, MUST be valid and conform to the specification defined at:"
6531
+ " SWHID, if specified, must be valid and conform to the specification defined at:"
5468
6532
  " [https://docs.softwareheritage.org/devel/swh-model/persistent-identifiers.html](https://docs.softwareheritage.org/devel/swh-model/persistent-identifiers.html)."
5469
6533
  " Refer to `@.evidence.identity` to optionally provide evidence that substantiates the assertion of the"
5470
6534
  " component's identity."
5471
6535
  ),
5472
6536
  examples=["swh:1:cnt:94a9ed024d3859793618152ea559a168bbcbb5e2"],
5473
- title="SoftWare Heritage Identifier",
6537
+ title="Software Heritage Identifier",
5474
6538
  ),
5475
6539
  ] = None
5476
6540
  swid: Annotated[
@@ -5547,7 +6611,7 @@ class Component(CycloneDXBaseModel):
5547
6611
  Optional[List[ComponentData]],
5548
6612
  Field(
5549
6613
  description=(
5550
- "This object SHOULD be specified for any component of type `data` and MUST NOT be specified for other"
6614
+ "This object SHOULD be specified for any component of type `data` and must not be specified for other"
5551
6615
  " component types."
5552
6616
  ),
5553
6617
  title="Data",
@@ -5563,7 +6627,7 @@ class Component(CycloneDXBaseModel):
5563
6627
  " create extensions. Unlike key-value stores, properties support duplicate names, each potentially"
5564
6628
  " having different values. Property names of interest to the general public are encouraged to be"
5565
6629
  " registered in the [CycloneDX Property"
5566
- " Taxonomy](https://github.com/CycloneDX/cyclonedx-property-taxonomy). Formal registration is OPTIONAL."
6630
+ " Taxonomy](https://github.com/CycloneDX/cyclonedx-property-taxonomy). Formal registration is optional."
5567
6631
  ),
5568
6632
  title="Properties",
5569
6633
  ),
@@ -5591,7 +6655,7 @@ class Component(CycloneDXBaseModel):
5591
6655
  ] = None
5592
6656
 
5593
6657
 
5594
- class Tool1(CycloneDXBaseModel):
6658
+ class Tools1(CycloneDXBaseModel):
5595
6659
  """
5596
6660
  The tool(s) used to identify, confirm, or score the vulnerability.
5597
6661
  """
@@ -5632,7 +6696,7 @@ class Vulnerability(CycloneDXBaseModel):
5632
6696
  alias="bom-ref",
5633
6697
  description=(
5634
6698
  "An optional identifier which can be used to reference the vulnerability elsewhere in the BOM. Every"
5635
- " bom-ref MUST be unique within the BOM.\nValue SHOULD not start with the BOM-Link intro 'urn:cdx:' to"
6699
+ " bom-ref must be unique within the BOM.\nValue SHOULD not start with the BOM-Link intro 'urn:cdx:' to"
5636
6700
  " avoid conflicts with BOM-Links."
5637
6701
  ),
5638
6702
  min_length=1,
@@ -5666,10 +6730,11 @@ class Vulnerability(CycloneDXBaseModel):
5666
6730
  Optional[List[Rating]], Field(description="List of vulnerability ratings", title="Ratings")
5667
6731
  ] = None
5668
6732
  cwes: Annotated[
5669
- Optional[List[Cwe]],
6733
+ Optional[List[int]],
5670
6734
  Field(
5671
6735
  description="List of Common Weaknesses Enumerations (CWEs) codes that describes this vulnerability.",
5672
6736
  examples=[399],
6737
+ ge=1,
5673
6738
  title="CWEs",
5674
6739
  ),
5675
6740
  ] = None
@@ -5749,7 +6814,7 @@ class Vulnerability(CycloneDXBaseModel):
5749
6814
  ),
5750
6815
  ] = None
5751
6816
  tools: Annotated[
5752
- Optional[Union[Tool1, List[Tool]]],
6817
+ Optional[Union[Tools1, List[Tool]]],
5753
6818
  Field(description="The tool(s) used to identify, confirm, or score the vulnerability.", title="Tools"),
5754
6819
  ] = None
5755
6820
  analysis: Annotated[
@@ -5774,13 +6839,143 @@ class Vulnerability(CycloneDXBaseModel):
5774
6839
  " create extensions. Unlike key-value stores, properties support duplicate names, each potentially"
5775
6840
  " having different values. Property names of interest to the general public are encouraged to be"
5776
6841
  " registered in the [CycloneDX Property"
5777
- " Taxonomy](https://github.com/CycloneDX/cyclonedx-property-taxonomy). Formal registration is OPTIONAL."
6842
+ " Taxonomy](https://github.com/CycloneDX/cyclonedx-property-taxonomy). Formal registration is optional."
5778
6843
  ),
5779
6844
  title="Properties",
5780
6845
  ),
5781
6846
  ] = None
5782
6847
 
5783
6848
 
6849
+ class Annotator(CycloneDXBaseModel):
6850
+ """
6851
+ The organization, person, component, or service which created the textual content of the annotation.
6852
+ """
6853
+
6854
+ class Config:
6855
+ extra = Extra.forbid
6856
+
6857
+ organization: Annotated[OrganizationalEntity, Field(description="The organization that created the annotation")]
6858
+ individual: Annotated[
6859
+ Optional[OrganizationalContact], Field(description="The person that created the annotation")
6860
+ ] = None
6861
+ component: Annotated[
6862
+ Optional[Component], Field(description="The tool or component that created the annotation")
6863
+ ] = None
6864
+ service: Annotated[Optional[Service], Field(description="The service that created the annotation")] = None
6865
+
6866
+
6867
+ class Annotator1(CycloneDXBaseModel):
6868
+ """
6869
+ The organization, person, component, or service which created the textual content of the annotation.
6870
+ """
6871
+
6872
+ class Config:
6873
+ extra = Extra.forbid
6874
+
6875
+ organization: Annotated[
6876
+ Optional[OrganizationalEntity], Field(description="The organization that created the annotation")
6877
+ ] = None
6878
+ individual: Annotated[OrganizationalContact, Field(description="The person that created the annotation")]
6879
+ component: Annotated[
6880
+ Optional[Component], Field(description="The tool or component that created the annotation")
6881
+ ] = None
6882
+ service: Annotated[Optional[Service], Field(description="The service that created the annotation")] = None
6883
+
6884
+
6885
+ class Annotator2(CycloneDXBaseModel):
6886
+ """
6887
+ The organization, person, component, or service which created the textual content of the annotation.
6888
+ """
6889
+
6890
+ class Config:
6891
+ extra = Extra.forbid
6892
+
6893
+ organization: Annotated[
6894
+ Optional[OrganizationalEntity], Field(description="The organization that created the annotation")
6895
+ ] = None
6896
+ individual: Annotated[
6897
+ Optional[OrganizationalContact], Field(description="The person that created the annotation")
6898
+ ] = None
6899
+ component: Annotated[Component, Field(description="The tool or component that created the annotation")]
6900
+ service: Annotated[Optional[Service], Field(description="The service that created the annotation")] = None
6901
+
6902
+
6903
+ class Annotator3(CycloneDXBaseModel):
6904
+ """
6905
+ The organization, person, component, or service which created the textual content of the annotation.
6906
+ """
6907
+
6908
+ class Config:
6909
+ extra = Extra.forbid
6910
+
6911
+ organization: Annotated[
6912
+ Optional[OrganizationalEntity], Field(description="The organization that created the annotation")
6913
+ ] = None
6914
+ individual: Annotated[
6915
+ Optional[OrganizationalContact], Field(description="The person that created the annotation")
6916
+ ] = None
6917
+ component: Annotated[
6918
+ Optional[Component], Field(description="The tool or component that created the annotation")
6919
+ ] = None
6920
+ service: Annotated[Service, Field(description="The service that created the annotation")]
6921
+
6922
+
6923
+ class Annotations(CycloneDXBaseModel):
6924
+ """
6925
+ A comment, note, explanation, or similar textual content which provides additional context to the object(s) being annotated.
6926
+ """
6927
+
6928
+ class Config:
6929
+ extra = Extra.forbid
6930
+
6931
+ bom_ref: Annotated[
6932
+ Optional[str],
6933
+ Field(
6934
+ alias="bom-ref",
6935
+ description=(
6936
+ "An optional identifier which can be used to reference the annotation elsewhere in the BOM. Every"
6937
+ " bom-ref must be unique within the BOM.\nValue SHOULD not start with the BOM-Link intro 'urn:cdx:' to"
6938
+ " avoid conflicts with BOM-Links."
6939
+ ),
6940
+ min_length=1,
6941
+ title="BOM Reference",
6942
+ ),
6943
+ ] = None
6944
+ subjects: Annotated[
6945
+ List[Union[RefLinkType, BomLinkElementType]],
6946
+ Field(
6947
+ description=(
6948
+ "The object in the BOM identified by its bom-ref. This is often a component or service, but may be any"
6949
+ " object type supporting bom-refs."
6950
+ ),
6951
+ title="Subjects",
6952
+ ),
6953
+ ]
6954
+ annotator: Annotated[
6955
+ Union[Annotator, Annotator1, Annotator2, Annotator3],
6956
+ Field(
6957
+ description=(
6958
+ "The organization, person, component, or service which created the textual content of the annotation."
6959
+ ),
6960
+ title="Annotator",
6961
+ ),
6962
+ ]
6963
+ timestamp: Annotated[
6964
+ datetime, Field(description="The date and time (timestamp) when the annotation was created.", title="Timestamp")
6965
+ ]
6966
+ text: Annotated[str, Field(description="The textual content of the annotation.", title="Text")]
6967
+ signature: Annotated[
6968
+ Optional[Union[Signature1, Signature2, Signer]],
6969
+ Field(
6970
+ description=(
6971
+ "Enveloped signature in [JSON Signature Format"
6972
+ " (JSF)](https://cyberphone.github.io/doc/security/jsf.html)."
6973
+ ),
6974
+ title="Signature",
6975
+ ),
6976
+ ] = None
6977
+
6978
+
5784
6979
  class Formula(CycloneDXBaseModel):
5785
6980
  """
5786
6981
  Describes workflows and resources that captures rules and other aspects of how the associated BOM component or service was formed.
@@ -5795,7 +6990,7 @@ class Formula(CycloneDXBaseModel):
5795
6990
  alias="bom-ref",
5796
6991
  description=(
5797
6992
  "An optional identifier which can be used to reference the formula elsewhere in the BOM. Every bom-ref"
5798
- " MUST be unique within the BOM.\nValue SHOULD not start with the BOM-Link intro 'urn:cdx:' to avoid"
6993
+ " must be unique within the BOM.\nValue SHOULD not start with the BOM-Link intro 'urn:cdx:' to avoid"
5799
6994
  " conflicts with BOM-Links."
5800
6995
  ),
5801
6996
  min_length=1,
@@ -5830,12 +7025,25 @@ class Formula(CycloneDXBaseModel):
5830
7025
  title="Workflows",
5831
7026
  ),
5832
7027
  ] = None
5833
- properties: Annotated[Optional[List[Property]], Field(title="Properties")] = None
7028
+ properties: Annotated[
7029
+ Optional[List[Property]],
7030
+ Field(
7031
+ description=(
7032
+ "Provides the ability to document properties in a name-value store. This provides flexibility to"
7033
+ " include data not officially supported in the standard without having to use additional namespaces or"
7034
+ " create extensions. Unlike key-value stores, properties support duplicate names, each potentially"
7035
+ " having different values. Property names of interest to the general public are encouraged to be"
7036
+ " registered in the [CycloneDX Property"
7037
+ " Taxonomy](https://github.com/CycloneDX/cyclonedx-property-taxonomy). Formal registration is optional."
7038
+ ),
7039
+ title="Properties",
7040
+ ),
7041
+ ] = None
5834
7042
 
5835
7043
 
5836
7044
  Service.update_forward_refs()
5837
7045
  Targets.update_forward_refs()
5838
7046
  CyclonedxBillOfMaterialsStandard.update_forward_refs()
5839
- ToolModel.update_forward_refs()
7047
+ Tools.update_forward_refs()
5840
7048
  Metadata.update_forward_refs()
5841
7049
  Pedigree.update_forward_refs()