hoppr-cyclonedx-models 0.6.1__py3-none-any.whl → 0.6.2__py3-none-any.whl

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Potentially problematic release.

This version of hoppr-cyclonedx-models might be problematic. Click here for more details.

Files changed (11) hide show
  1. hoppr_cyclonedx_models/__init__.py +1 -1
  2. hoppr_cyclonedx_models/cyclonedx_1_3.py +13 -59
  3. hoppr_cyclonedx_models/cyclonedx_1_4.py +58 -127
  4. hoppr_cyclonedx_models/cyclonedx_1_5.py +362 -1119
  5. hoppr_cyclonedx_models/cyclonedx_1_6.py +942 -2150
  6. hoppr_cyclonedx_models/spdx.py +3 -28
  7. {hoppr_cyclonedx_models-0.6.1.dist-info → hoppr_cyclonedx_models-0.6.2.dist-info}/METADATA +1 -1
  8. hoppr_cyclonedx_models-0.6.2.dist-info/RECORD +12 -0
  9. hoppr_cyclonedx_models-0.6.1.dist-info/RECORD +0 -12
  10. {hoppr_cyclonedx_models-0.6.1.dist-info → hoppr_cyclonedx_models-0.6.2.dist-info}/WHEEL +0 -0
  11. {hoppr_cyclonedx_models-0.6.1.dist-info → hoppr_cyclonedx_models-0.6.2.dist-info}/licenses/LICENSE +0 -0
hoppr_cyclonedx_models/cyclonedx_1_6.py CHANGED
@@ -1,6 +1,6 @@
1
1
  """
2
2
  --------------------------------------------------------------------------------
3
- SPDX-FileCopyrightText: Copyright © 2025 Lockheed Martin <open.source@lmco.com>
3
+ SPDX-FileCopyrightText: Copyright © 2024 Lockheed Martin <open.source@lmco.com>
4
4
  SPDX-FileName: hoppr_cyclonedx_models/cyclonedx_1_6.py
5
5
  SPDX-FileType: SOURCE
6
6
  SPDX-License-Identifier: MIT
@@ -25,15 +25,15 @@ THE SOFTWARE.
25
25
  --------------------------------------------------------------------------------
26
26
  This file was generated by datamodel-codegen:
27
27
  filename: bom-1.6.schema.json
28
- timestamp: 2025-09-17T19:02:47+00:00
29
- version: 0.25.7
28
+ timestamp: 2024-07-15T17:53:40+00:00
29
+ version: 0.21.5
30
30
  """
31
31
 
32
32
  from __future__ import annotations
33
33
 
34
34
  from datetime import datetime
35
35
  from enum import Enum
36
- from typing import List, Optional, Union
36
+ from typing import Any, List, Optional, Union
37
37
 
38
38
  from pydantic import AnyUrl, EmailStr, Extra, Field
39
39
  from typing_extensions import Annotated, Literal
@@ -65,6 +65,18 @@ class Confidence(CycloneDXBaseModel):
65
65
  ] = None
66
66
 
67
67
 
68
+ RefType = Annotated[
69
+ str,
70
+ Field(
71
+ description=(
72
+ "Identifier for referable and therefore interlinkable elements.\nValue SHOULD not start with the BOM-Link"
73
+ " intro 'urn:cdx:' to avoid conflicts with BOM-Links."
74
+ ),
75
+ min_length=1,
76
+ ),
77
+ ]
78
+
79
+
68
80
  RefLinkType = Annotated[
69
81
  str,
70
82
  Field(
@@ -118,22 +130,14 @@ class Phase(Enum):
118
130
  return next((member for member in cls if member.name in {str(value), str(value).upper()}), None)
119
131
 
120
132
 
121
- class Lifecycles(CycloneDXBaseModel):
122
- """
123
- The product lifecycle(s) that this BOM represents.
124
- """
125
-
133
+ class Lifecycle(CycloneDXBaseModel):
126
134
  class Config:
127
135
  extra = Extra.forbid
128
136
 
129
137
  phase: Annotated[Phase, Field(description="A pre-defined phase in the product lifecycle.", title="Phase")]
130
138
 
131
139
 
132
- class Lifecycles1(CycloneDXBaseModel):
133
- """
134
- The product lifecycle(s) that this BOM represents.
135
- """
136
-
140
+ class Lifecycle1(CycloneDXBaseModel):
137
141
  class Config:
138
142
  extra = Extra.forbid
139
143
 
@@ -153,7 +157,7 @@ class OrganizationalContact(CycloneDXBaseModel):
153
157
  alias="bom-ref",
154
158
  description=(
155
159
  "An optional identifier which can be used to reference the object elsewhere in the BOM. Every bom-ref"
156
- " must be unique within the BOM.\nValue SHOULD not start with the BOM-Link intro 'urn:cdx:' to avoid"
160
+ " MUST be unique within the BOM.\nValue SHOULD not start with the BOM-Link intro 'urn:cdx:' to avoid"
157
161
  " conflicts with BOM-Links."
158
162
  ),
159
163
  min_length=1,
@@ -231,15 +235,7 @@ class Attachment(CycloneDXBaseModel):
231
235
  contentType: Annotated[
232
236
  Optional[str],
233
237
  Field(
234
- description=(
235
- "Specifies the format and nature of the data being attached, helping systems correctly interpret and"
236
- " process the content. Common content type examples include `application/json` for JSON data and"
237
- " `text/plain` for plan text documents.\n [RFC 2045 section"
238
- " 5.1](https://www.ietf.org/rfc/rfc2045.html#section-5.1) outlines the structure and use of content"
239
- " types. For a comprehensive list of registered content types, refer to the [IANA media types"
240
- " registry](https://www.iana.org/assignments/media-types/media-types.xhtml)."
241
- ),
242
- examples=["text/plain", "application/json", "image/png"],
238
+ description="Specifies the content type of the text. Defaults to text/plain if not specified.",
243
239
  title="Content-Type",
244
240
  ),
245
241
  ] = "text/plain"
@@ -311,54 +307,71 @@ class LicenseType(Enum):
311
307
  return next((member for member in cls if member.name in {str(value), str(value).upper()}), None)
312
308
 
313
309
 
314
- class LicenseAcknowledgementEnumeration(Enum):
310
+ class Licensing(CycloneDXBaseModel):
315
311
  """
316
- Declared licenses and concluded licenses represent two different stages in the licensing process within software development. Declared licenses refer to the initial intention of the software authors regarding the licensing terms under which their code is released. On the other hand, concluded licenses are the result of a comprehensive analysis of the project's codebase to identify and confirm the actual licenses of the components used, which may differ from the initially declared licenses. While declared licenses provide an upfront indication of the licensing intentions, concluded licenses offer a more thorough understanding of the actual licensing within a project, facilitating proper compliance and risk management. Observed licenses are defined in `@.evidence.licenses`. Observed licenses form the evidence necessary to substantiate a concluded license.
312
+ Licensing details describing the licensor/licensee, license type, renewal and expiration dates, and other important metadata
317
313
  """
318
314
 
319
- DECLARED = declared = "declared"
320
- CONCLUDED = concluded = "concluded"
321
-
322
- def __str__(self) -> str:
323
- return str(self.value)
324
-
325
- @classmethod
326
- def _missing_(cls, value: object):
327
- return next((member for member in cls if member.name in {str(value), str(value).upper()}), None)
328
-
329
-
330
- class LicenseChoice21(CycloneDXBaseModel):
331
315
  class Config:
332
316
  extra = Extra.forbid
333
317
 
334
- expression: Annotated[
335
- str,
318
+ altIds: Annotated[
319
+ Optional[List[str]],
320
+ Field(
321
+ description="License identifiers that may be used to manage licenses and their lifecycle",
322
+ title="Alternate License Identifiers",
323
+ ),
324
+ ] = None
325
+ purchaseOrder: Annotated[
326
+ Optional[str],
336
327
  Field(
337
328
  description=(
338
- "A valid SPDX license expression.\nRefer to https://spdx.org/specifications for syntax requirements"
329
+ "The purchase order identifier the purchaser sent to a supplier or vendor to authorize a purchase"
339
330
  ),
340
- examples=["Apache-2.0 AND (MIT OR GPL-2.0-only)", "GPL-3.0-only WITH Classpath-exception-2.0"],
341
- title="SPDX License Expression",
331
+ title="Purchase Order",
342
332
  ),
343
- ]
344
- acknowledgement: Optional[LicenseAcknowledgementEnumeration] = None
345
- bom_ref: Annotated[
346
- Optional[str],
333
+ ] = None
334
+ licenseTypes: Annotated[
335
+ Optional[List[LicenseType]],
336
+ Field(description="The type of license(s) that was granted to the licensee.", title="License Type"),
337
+ ] = None
338
+ lastRenewal: Annotated[
339
+ Optional[datetime],
347
340
  Field(
348
- alias="bom-ref",
349
341
  description=(
350
- "An optional identifier which can be used to reference the license elsewhere in the BOM. Every bom-ref"
351
- " must be unique within the BOM.\nValue SHOULD not start with the BOM-Link intro 'urn:cdx:' to avoid"
352
- " conflicts with BOM-Links."
342
+ "The timestamp indicating when the license was last renewed. For new purchases, this is often the"
343
+ " purchase or acquisition date. For non-perpetual licenses or subscriptions, this is the timestamp of"
344
+ " when the license was last renewed."
353
345
  ),
354
- min_length=1,
355
- title="BOM Reference",
346
+ title="Last Renewal",
347
+ ),
348
+ ] = None
349
+ expiration: Annotated[
350
+ Optional[datetime],
351
+ Field(
352
+ description="The timestamp indicating when the current license expires (if applicable).", title="Expiration"
356
353
  ),
357
354
  ] = None
358
355
 
359
356
 
357
+ class LicenseAcknowledgementEnumeration(Enum):
358
+ """
359
+ Declared licenses and concluded licenses represent two different stages in the licensing process within software development. Declared licenses refer to the initial intention of the software authors regarding the licensing terms under which their code is released. On the other hand, concluded licenses are the result of a comprehensive analysis of the project's codebase to identify and confirm the actual licenses of the components used, which may differ from the initially declared licenses. While declared licenses provide an upfront indication of the licensing intentions, concluded licenses offer a more thorough understanding of the actual licensing within a project, facilitating proper compliance and risk management. Observed licenses are defined in `@.evidence.licenses`. Observed licenses form the evidence necessary to substantiate a concluded license.
360
+ """
361
+
362
+ DECLARED = declared = "declared"
363
+ CONCLUDED = concluded = "concluded"
364
+
365
+ def __str__(self) -> str:
366
+ return str(self.value)
367
+
368
+ @classmethod
369
+ def _missing_(cls, value: object):
370
+ return next((member for member in cls if member.name in {str(value), str(value).upper()}), None)
371
+
372
+
360
373
  LicenseChoice2 = Annotated[
361
- List[LicenseChoice21],
374
+ List[Any],
362
375
  Field(
363
376
  description="A tuple of exactly one SPDX License Expression.",
364
377
  max_items=1,
@@ -547,7 +560,7 @@ class Type3(Enum):
547
560
 
548
561
  class Dependency(CycloneDXBaseModel):
549
562
  """
550
- Defines the direct dependencies of a component, service, or the components provided/implemented by a given component. Components or services that do not have their own dependencies must be declared as empty elements within the graph. Components or services that are not represented in the dependency graph may have unknown dependencies. It is recommended that implementations assume this to be opaque and not an indicator of an object being dependency-free. It is recommended to leverage compositions to indicate unknown dependency graphs.
563
+ Defines the direct dependencies of a component, service, or the components provided/implemented by a given component. Components or services that do not have their own dependencies MUST be declared as empty elements within the graph. Components or services that are not represented in the dependency graph MAY have unknown dependencies. It is RECOMMENDED that implementations assume this to be opaque and not an indicator of an object being dependency-free. It is RECOMMENDED to leverage compositions to indicate unknown dependency graphs.
551
564
  """
552
565
 
553
566
  class Config:
@@ -560,17 +573,16 @@ class Dependency(CycloneDXBaseModel):
560
573
  ),
561
574
  ]
562
575
  dependsOn: Annotated[
563
- Optional[List[str]],
576
+ Optional[List[RefLinkType]],
564
577
  Field(
565
578
  description=(
566
579
  "The bom-ref identifiers of the components or services that are dependencies of this dependency object."
567
580
  ),
568
- min_length=1,
569
581
  title="Depends On",
570
582
  ),
571
583
  ] = None
572
584
  provides: Annotated[
573
- Optional[List[str]],
585
+ Optional[List[RefLinkType]],
574
586
  Field(
575
587
  description=(
576
588
  "The bom-ref identifiers of the components or services that define a given specification or standard,"
@@ -578,7 +590,6 @@ class Dependency(CycloneDXBaseModel):
578
590
  " which implements a cryptographic algorithm. A component which implements another component does not"
579
591
  " imply that the implementation is in use."
580
592
  ),
581
- min_length=1,
582
593
  title="Provides",
583
594
  ),
584
595
  ] = None
@@ -603,14 +614,10 @@ class DataFlowDirection(Enum):
603
614
 
604
615
 
605
616
  class Copyright(CycloneDXBaseModel):
606
- """
607
- A copyright notice informing users of the underlying claims to copyright ownership in a published work.
608
- """
609
-
610
617
  class Config:
611
618
  extra = Extra.forbid
612
619
 
613
- text: Annotated[str, Field(description="The textual content of the copyright.", title="Copyright Text")]
620
+ text: Annotated[str, Field(title="Copyright Text")]
614
621
 
615
622
 
616
623
  class Occurrence(CycloneDXBaseModel):
@@ -623,7 +630,7 @@ class Occurrence(CycloneDXBaseModel):
623
630
  alias="bom-ref",
624
631
  description=(
625
632
  "An optional identifier which can be used to reference the occurrence elsewhere in the BOM. Every"
626
- " bom-ref must be unique within the BOM.\nValue SHOULD not start with the BOM-Link intro 'urn:cdx:' to"
633
+ " bom-ref MUST be unique within the BOM.\nValue SHOULD not start with the BOM-Link intro 'urn:cdx:' to"
627
634
  " avoid conflicts with BOM-Links."
628
635
  ),
629
636
  min_length=1,
@@ -738,7 +745,7 @@ class AggregateType(Enum):
738
745
 
739
746
  class Property(CycloneDXBaseModel):
740
747
  """
741
- Provides the ability to document properties in a name-value store. This provides flexibility to include data not officially supported in the standard without having to use additional namespaces or create extensions. Unlike key-value stores, properties support duplicate names, each potentially having different values. Property names of interest to the general public are encouraged to be registered in the [CycloneDX Property Taxonomy](https://github.com/CycloneDX/cyclonedx-property-taxonomy). Formal registration is optional.
748
+ Provides the ability to document properties in a name-value store. This provides flexibility to include data not officially supported in the standard without having to use additional namespaces or create extensions. Unlike key-value stores, properties support duplicate names, each potentially having different values. Property names of interest to the general public are encouraged to be registered in the [CycloneDX Property Taxonomy](https://github.com/CycloneDX/cyclonedx-property-taxonomy). Formal registration is OPTIONAL.
742
749
  """
743
750
 
744
751
  class Config:
@@ -792,6 +799,19 @@ class Advisory(CycloneDXBaseModel):
792
799
  url: Annotated[str, Field(description="Location where the advisory can be obtained.", title="URL")]
793
800
 
794
801
 
802
+ Cwe = Annotated[
803
+ int,
804
+ Field(
805
+ description=(
806
+ "Integer representation of a Common Weaknesses Enumerations (CWE). For example 399 (of"
807
+ " https://cwe.mitre.org/data/definitions/399.html)"
808
+ ),
809
+ ge=1,
810
+ title="CWE",
811
+ ),
812
+ ]
813
+
814
+
795
815
  class Severity(Enum):
796
816
  """
797
817
  Textual representation of the severity of the vulnerability adopted by the analysis method. If the analysis method uses values other than what is provided, the user is expected to translate appropriately.
@@ -999,6 +1019,19 @@ class Analysis(CycloneDXBaseModel):
999
1019
  ] = None
1000
1020
 
1001
1021
 
1022
+ class Affect(CycloneDXBaseModel):
1023
+ class Config:
1024
+ extra = Extra.forbid
1025
+
1026
+ ref: Annotated[
1027
+ Union[RefLinkType, BomLinkElementType],
1028
+ Field(description="References a component or service by the objects bom-ref", title="Reference"),
1029
+ ]
1030
+ versions: Annotated[
1031
+ Optional[List], Field(description="Zero or more individual versions or range of versions.", title="Versions")
1032
+ ] = None
1033
+
1034
+
1002
1035
  class AffectedStatus(Enum):
1003
1036
  """
1004
1037
  The vulnerability status of a given version or range of versions of a product. The statuses 'affected' and 'unaffected' indicate that the version is affected or unaffected by the vulnerability. The status 'unknown' indicates that it is unknown or unspecified whether the given version is affected. There can be many reasons for an 'unknown' status, including that an investigation has not been undertaken or that a vendor has not disclosed the status.
@@ -1069,7 +1102,7 @@ class Approach(CycloneDXBaseModel):
1069
1102
  ] = None
1070
1103
 
1071
1104
 
1072
- class Datasets(CycloneDXBaseModel):
1105
+ class Dataset(CycloneDXBaseModel):
1073
1106
  class Config:
1074
1107
  extra = Extra.forbid
1075
1108
 
@@ -1144,7 +1177,7 @@ class Graphic(CycloneDXBaseModel):
1144
1177
  image: Annotated[
1145
1178
  Optional[Attachment],
1146
1179
  Field(
1147
- description="The graphic (vector or raster). Base64 encoding must be specified for binary images.",
1180
+ description="The graphic (vector or raster). Base64 encoding MUST be specified for binary images.",
1148
1181
  title="Graphic Image",
1149
1182
  ),
1150
1183
  ] = None
@@ -1313,7 +1346,7 @@ class PostalAddress(CycloneDXBaseModel):
1313
1346
  alias="bom-ref",
1314
1347
  description=(
1315
1348
  "An optional identifier which can be used to reference the address elsewhere in the BOM. Every bom-ref"
1316
- " must be unique within the BOM.\nValue SHOULD not start with the BOM-Link intro 'urn:cdx:' to avoid"
1349
+ " MUST be unique within the BOM.\nValue SHOULD not start with the BOM-Link intro 'urn:cdx:' to avoid"
1317
1350
  " conflicts with BOM-Links."
1318
1351
  ),
1319
1352
  min_length=1,
@@ -1349,20 +1382,7 @@ class Command(CycloneDXBaseModel):
1349
1382
  executed: Annotated[
1350
1383
  Optional[str], Field(description="A text representation of the executed command.", title="Executed")
1351
1384
  ] = None
1352
- properties: Annotated[
1353
- Optional[List[Property]],
1354
- Field(
1355
- description=(
1356
- "Provides the ability to document properties in a name-value store. This provides flexibility to"
1357
- " include data not officially supported in the standard without having to use additional namespaces or"
1358
- " create extensions. Unlike key-value stores, properties support duplicate names, each potentially"
1359
- " having different values. Property names of interest to the general public are encouraged to be"
1360
- " registered in the [CycloneDX Property"
1361
- " Taxonomy](https://github.com/CycloneDX/cyclonedx-property-taxonomy). Formal registration is optional."
1362
- ),
1363
- title="Properties",
1364
- ),
1365
- ] = None
1385
+ properties: Annotated[Optional[List[Property]], Field(title="Properties")] = None
1366
1386
 
1367
1387
 
1368
1388
  class AccessMode(Enum):
@@ -1444,20 +1464,7 @@ class Volume(CycloneDXBaseModel):
1444
1464
  Optional[bool],
1445
1465
  Field(description="Indicates if the volume is remotely (i.e., network) attached.", title="Remote"),
1446
1466
  ] = None
1447
- properties: Annotated[
1448
- Optional[List[Property]],
1449
- Field(
1450
- description=(
1451
- "Provides the ability to document properties in a name-value store. This provides flexibility to"
1452
- " include data not officially supported in the standard without having to use additional namespaces or"
1453
- " create extensions. Unlike key-value stores, properties support duplicate names, each potentially"
1454
- " having different values. Property names of interest to the general public are encouraged to be"
1455
- " registered in the [CycloneDX Property"
1456
- " Taxonomy](https://github.com/CycloneDX/cyclonedx-property-taxonomy). Formal registration is optional."
1457
- ),
1458
- title="Properties",
1459
- ),
1460
- ] = None
1467
+ properties: Annotated[Optional[List[Property]], Field(title="Properties")] = None
1461
1468
 
1462
1469
 
1463
1470
  class Type6(Enum):
@@ -1517,20 +1524,7 @@ class Condition(CycloneDXBaseModel):
1517
1524
  title="Expression",
1518
1525
  ),
1519
1526
  ] = None
1520
- properties: Annotated[
1521
- Optional[List[Property]],
1522
- Field(
1523
- description=(
1524
- "Provides the ability to document properties in a name-value store. This provides flexibility to"
1525
- " include data not officially supported in the standard without having to use additional namespaces or"
1526
- " create extensions. Unlike key-value stores, properties support duplicate names, each potentially"
1527
- " having different values. Property names of interest to the general public are encouraged to be"
1528
- " registered in the [CycloneDX Property"
1529
- " Taxonomy](https://github.com/CycloneDX/cyclonedx-property-taxonomy). Formal registration is optional."
1530
- ),
1531
- title="Properties",
1532
- ),
1533
- ] = None
1527
+ properties: Annotated[Optional[List[Property]], Field(title="Properties")] = None
1534
1528
 
1535
1529
 
1536
1530
  class TaskType(Enum):
@@ -1685,6 +1679,9 @@ class ComponentIdentityEvidence(CycloneDXBaseModel):
1685
1679
  ] = None
1686
1680
 
1687
1681
 
1682
+ OpenCre = Annotated[str, Field(examples=["CRE:764-507"], regex="^CRE:[0-9]+-[0-9]+$")]
1683
+
1684
+
1688
1685
  class Level(CycloneDXBaseModel):
1689
1686
  class Config:
1690
1687
  extra = Extra.forbid
@@ -1695,7 +1692,7 @@ class Level(CycloneDXBaseModel):
1695
1692
  alias="bom-ref",
1696
1693
  description=(
1697
1694
  "An optional identifier which can be used to reference the object elsewhere in the BOM. Every bom-ref"
1698
- " must be unique within the BOM."
1695
+ " MUST be unique within the BOM."
1699
1696
  ),
1700
1697
  min_length=1,
1701
1698
  title="BOM Reference",
@@ -1710,16 +1707,12 @@ class Level(CycloneDXBaseModel):
1710
1707
  Optional[str], Field(description="The description of the level.", title="Description")
1711
1708
  ] = None
1712
1709
  requirements: Annotated[
1713
- Optional[List[str]],
1714
- Field(
1715
- description="The list of requirement `bom-ref`s that comprise the level.",
1716
- min_length=1,
1717
- title="Requirements",
1718
- ),
1710
+ Optional[List[RefLinkType]],
1711
+ Field(description="The list of requirement `bom-ref`s that comprise the level.", title="Requirements"),
1719
1712
  ] = None
1720
1713
 
1721
1714
 
1722
- class Algorithm(Enum):
1715
+ class AlgorithmEnum(Enum):
1723
1716
  """
1724
1717
  Signature algorithm. The currently recognized JWA [RFC7518] and RFC8037 [RFC8037] asymmetric key algorithms. Note: Unlike RFC8037 [RFC8037] JSF requires explicit Ed* algorithm names instead of "EdDSA".
1725
1718
  """
@@ -2039,7 +2032,7 @@ class AlgorithmProperties(CycloneDXBaseModel):
2039
2032
  "The target platform for which the algorithm is implemented. The implementation can be 'generic',"
2040
2033
  " running on any platform or for a specific platform."
2041
2034
  ),
2042
- title="Implementation platform",
2035
+ title="implementation platform",
2043
2036
  ),
2044
2037
  ] = None
2045
2038
  certificationLevel: Annotated[
@@ -2154,7 +2147,7 @@ class CertificateProperties(CycloneDXBaseModel):
2154
2147
  ] = None
2155
2148
 
2156
2149
 
2157
- class Type10(Enum):
2150
+ class Type8(Enum):
2158
2151
  """
2159
2152
  The type for the related cryptographic material
2160
2153
  """
@@ -2207,7 +2200,7 @@ class State(Enum):
2207
2200
  return next((member for member in cls if member.name in {str(value), str(value).upper()}), None)
2208
2201
 
2209
2202
 
2210
- class Type11(Enum):
2203
+ class Type9(Enum):
2211
2204
  """
2212
2205
  The concrete protocol type.
2213
2206
  """
@@ -2246,10 +2239,8 @@ class CipherSuite(CycloneDXBaseModel):
2246
2239
  ),
2247
2240
  ] = None
2248
2241
  algorithms: Annotated[
2249
- Optional[List[str]],
2250
- Field(
2251
- description="A list of algorithms related to the cipher suite.", min_length=1, title="Related Algorithms"
2252
- ),
2242
+ Optional[List[RefType]],
2243
+ Field(description="A list of algorithms related to the cipher suite.", title="Related Algorithms"),
2253
2244
  ] = None
2254
2245
  identifiers: Annotated[
2255
2246
  Optional[List[str]],
@@ -2299,10 +2290,9 @@ class Conformance(CycloneDXBaseModel):
2299
2290
  Optional[str], Field(description="The rationale for the conformance score.", title="Rationale")
2300
2291
  ] = None
2301
2292
  mitigationStrategies: Annotated[
2302
- Optional[List[str]],
2293
+ Optional[List[RefLinkType]],
2303
2294
  Field(
2304
2295
  description="The list of `bom-ref` to the evidence provided describing the mitigation strategies.",
2305
- min_length=1,
2306
2296
  title="Mitigation Strategies",
2307
2297
  ),
2308
2298
  ] = None
@@ -2317,16 +2307,12 @@ class Map(CycloneDXBaseModel):
2317
2307
  Field(description="The `bom-ref` to the requirement being attested to.", min_length=1, title="Requirement"),
2318
2308
  ] = None
2319
2309
  claims: Annotated[
2320
- Optional[List[str]],
2321
- Field(description="The list of `bom-ref` to the claims being attested to.", min_length=1, title="Claims"),
2310
+ Optional[List[RefLinkType]],
2311
+ Field(description="The list of `bom-ref` to the claims being attested to.", title="Claims"),
2322
2312
  ] = None
2323
2313
  counterClaims: Annotated[
2324
- Optional[List[str]],
2325
- Field(
2326
- description="The list of `bom-ref` to the counter claims being attested to.",
2327
- min_length=1,
2328
- title="Counter Claims",
2329
- ),
2314
+ Optional[List[RefLinkType]],
2315
+ Field(description="The list of `bom-ref` to the counter claims being attested to.", title="Counter Claims"),
2330
2316
  ] = None
2331
2317
  conformance: Annotated[
2332
2318
  Optional[Conformance],
@@ -2365,7 +2351,7 @@ class OrganizationalEntity(CycloneDXBaseModel):
2365
2351
  alias="bom-ref",
2366
2352
  description=(
2367
2353
  "An optional identifier which can be used to reference the object elsewhere in the BOM. Every bom-ref"
2368
- " must be unique within the BOM.\nValue SHOULD not start with the BOM-Link intro 'urn:cdx:' to avoid"
2354
+ " MUST be unique within the BOM.\nValue SHOULD not start with the BOM-Link intro 'urn:cdx:' to avoid"
2369
2355
  " conflicts with BOM-Links."
2370
2356
  ),
2371
2357
  min_length=1,
@@ -2438,262 +2424,306 @@ class Hash(CycloneDXBaseModel):
2438
2424
  ]
2439
2425
 
2440
2426
 
2441
- class Licensor(CycloneDXBaseModel):
2442
- """
2443
- The individual or organization that grants a license to another individual or organization
2444
- """
2445
-
2427
+ class License(CycloneDXBaseModel):
2446
2428
  class Config:
2447
2429
  extra = Extra.forbid
2448
2430
 
2449
- organization: Annotated[
2450
- OrganizationalEntity,
2451
- Field(description="The organization that granted the license", title="Licensor (Organization)"),
2452
- ]
2453
- individual: Annotated[
2454
- Optional[OrganizationalContact],
2431
+ bom_ref: Annotated[
2432
+ Optional[str],
2455
2433
  Field(
2456
- description="The individual, not associated with an organization, that granted the license",
2457
- title="Licensor (Individual)",
2434
+ alias="bom-ref",
2435
+ description=(
2436
+ "An optional identifier which can be used to reference the license elsewhere in the BOM. Every bom-ref"
2437
+ " MUST be unique within the BOM.\nValue SHOULD not start with the BOM-Link intro 'urn:cdx:' to avoid"
2438
+ " conflicts with BOM-Links."
2439
+ ),
2440
+ min_length=1,
2441
+ title="BOM Reference",
2458
2442
  ),
2459
2443
  ] = None
2460
-
2461
-
2462
- class Licensor1(CycloneDXBaseModel):
2463
- """
2464
- The individual or organization that grants a license to another individual or organization
2465
- """
2466
-
2467
- class Config:
2468
- extra = Extra.forbid
2469
-
2470
- organization: Annotated[
2471
- Optional[OrganizationalEntity],
2472
- Field(description="The organization that granted the license", title="Licensor (Organization)"),
2444
+ id: Annotated[
2445
+ Optional[spdx.LicenseID],
2446
+ Field(description="A valid SPDX license ID", examples=["Apache-2.0"], title="License ID (SPDX)"),
2473
2447
  ] = None
2474
- individual: Annotated[
2475
- OrganizationalContact,
2448
+ name: Annotated[
2449
+ Optional[str],
2476
2450
  Field(
2477
- description="The individual, not associated with an organization, that granted the license",
2478
- title="Licensor (Individual)",
2451
+ description="If SPDX does not define the license used, this field may be used to provide the license name",
2452
+ examples=["Acme Software License"],
2453
+ title="License Name",
2479
2454
  ),
2480
- ]
2481
-
2455
+ ] = None
2456
+ acknowledgement: Optional[LicenseAcknowledgementEnumeration] = None
2457
+ text: Annotated[
2458
+ Optional[Attachment],
2459
+ Field(description="An optional way to include the textual content of a license.", title="License text"),
2460
+ ] = None
2461
+ url: Annotated[
2462
+ Optional[str],
2463
+ Field(
2464
+ description=(
2465
+ "The URL to the license file. If specified, a 'license' externalReference should also be specified for"
2466
+ " completeness"
2467
+ ),
2468
+ examples=["https://www.apache.org/licenses/LICENSE-2.0.txt"],
2469
+ title="License URL",
2470
+ ),
2471
+ ] = None
2472
+ licensing: Annotated[
2473
+ Optional[Licensing],
2474
+ Field(
2475
+ description=(
2476
+ "Licensing details describing the licensor/licensee, license type, renewal and expiration dates, and"
2477
+ " other important metadata"
2478
+ ),
2479
+ title="Licensing information",
2480
+ ),
2481
+ ] = None
2482
+ properties: Annotated[
2483
+ Optional[List[Property]],
2484
+ Field(
2485
+ description=(
2486
+ "Provides the ability to document properties in a name-value store. This provides flexibility to"
2487
+ " include data not officially supported in the standard without having to use additional namespaces or"
2488
+ " create extensions. Unlike key-value stores, properties support duplicate names, each potentially"
2489
+ " having different values. Property names of interest to the general public are encouraged to be"
2490
+ " registered in the [CycloneDX Property"
2491
+ " Taxonomy](https://github.com/CycloneDX/cyclonedx-property-taxonomy). Formal registration is OPTIONAL."
2492
+ ),
2493
+ title="Properties",
2494
+ ),
2495
+ ] = None
2482
2496
 
2483
- class Licensee(CycloneDXBaseModel):
2484
- """
2485
- The individual or organization for which a license was granted to
2486
- """
2487
2497
 
2498
+ class LicenseChoice1(CycloneDXBaseModel):
2488
2499
  class Config:
2489
2500
  extra = Extra.forbid
2490
2501
 
2491
- organization: Annotated[
2492
- OrganizationalEntity,
2493
- Field(description="The organization that was granted the license", title="Licensee (Organization)"),
2494
- ]
2495
- individual: Annotated[
2496
- Optional[OrganizationalContact],
2497
- Field(
2498
- description="The individual, not associated with an organization, that was granted the license",
2499
- title="Licensee (Individual)",
2500
- ),
2501
- ] = None
2502
+ license: License
2502
2503
 
2503
2504
 
2504
- class Licensee1(CycloneDXBaseModel):
2505
+ class Commit(CycloneDXBaseModel):
2505
2506
  """
2506
- The individual or organization for which a license was granted to
2507
+ Specifies an individual commit
2507
2508
  """
2508
2509
 
2509
2510
  class Config:
2510
2511
  extra = Extra.forbid
2511
2512
 
2512
- organization: Annotated[
2513
- Optional[OrganizationalEntity],
2514
- Field(description="The organization that was granted the license", title="Licensee (Organization)"),
2515
- ] = None
2516
- individual: Annotated[
2517
- OrganizationalContact,
2513
+ uid: Annotated[
2514
+ Optional[str],
2518
2515
  Field(
2519
- description="The individual, not associated with an organization, that was granted the license",
2520
- title="Licensee (Individual)",
2521
- ),
2522
- ]
2516
+ description=(
2517
+ "A unique identifier of the commit. This may be version control specific. For example, Subversion uses"
2518
+ " revision numbers whereas git uses commit hashes."
2519
+ ),
2520
+ title="UID",
2521
+ ),
2522
+ ] = None
2523
+ url: Annotated[
2524
+ Optional[str],
2525
+ Field(
2526
+ description="The URL to the commit. This URL will typically point to a commit in a version control system.",
2527
+ title="URL",
2528
+ ),
2529
+ ] = None
2530
+ author: Annotated[
2531
+ Optional[IdentifiableAction],
2532
+ Field(description="The author who created the changes in the commit", title="Author"),
2533
+ ] = None
2534
+ committer: Annotated[
2535
+ Optional[IdentifiableAction],
2536
+ Field(description="The person who committed or pushed the commit", title="Committer"),
2537
+ ] = None
2538
+ message: Annotated[
2539
+ Optional[str], Field(description="The text description of the contents of the commit", title="Message")
2540
+ ] = None
2523
2541
 
2524
2542
 
2525
- class Purchaser(CycloneDXBaseModel):
2543
+ class Patch(CycloneDXBaseModel):
2526
2544
  """
2527
- The individual or organization that purchased the license
2545
+ Specifies an individual patch
2528
2546
  """
2529
2547
 
2530
2548
  class Config:
2531
2549
  extra = Extra.forbid
2532
2550
 
2533
- organization: Annotated[
2534
- OrganizationalEntity,
2535
- Field(description="The organization that purchased the license", title="Purchaser (Organization)"),
2551
+ type: Annotated[
2552
+ Type1,
2553
+ Field(
2554
+ description=(
2555
+ "Specifies the purpose for the patch including the resolution of defects, security issues, or new"
2556
+ " behavior or functionality."
2557
+ ),
2558
+ title="Patch Type",
2559
+ ),
2536
2560
  ]
2537
- individual: Annotated[
2538
- Optional[OrganizationalContact],
2561
+ diff: Annotated[
2562
+ Optional[Diff],
2539
2563
  Field(
2540
- description="The individual, not associated with an organization, that purchased the license",
2541
- title="Purchaser (Individual)",
2564
+ description=(
2565
+ "The patch file (or diff) that shows changes. Refer to"
2566
+ " [https://en.wikipedia.org/wiki/Diff](https://en.wikipedia.org/wiki/Diff)"
2567
+ ),
2568
+ title="Diff",
2542
2569
  ),
2543
2570
  ] = None
2571
+ resolves: Annotated[
2572
+ Optional[List[Issue]], Field(description="A collection of issues the patch resolves", title="Resolves")
2573
+ ] = None
2544
2574
 
2545
2575
 
2546
- class Purchaser1(CycloneDXBaseModel):
2576
+ class ExternalReference(CycloneDXBaseModel):
2547
2577
  """
2548
- The individual or organization that purchased the license
2578
+ External references provide a way to document systems, sites, and information that may be relevant but are not included with the BOM. They may also establish specific relationships within or external to the BOM.
2549
2579
  """
2550
2580
 
2551
2581
  class Config:
2552
2582
  extra = Extra.forbid
2553
2583
 
2554
- organization: Annotated[
2555
- Optional[OrganizationalEntity],
2556
- Field(description="The organization that purchased the license", title="Purchaser (Organization)"),
2557
- ] = None
2558
- individual: Annotated[
2559
- OrganizationalContact,
2584
+ url: Annotated[
2585
+ Union[str, Union[BomLinkDocumentType, BomLinkElementType]],
2560
2586
  Field(
2561
- description="The individual, not associated with an organization, that purchased the license",
2562
- title="Purchaser (Individual)",
2587
+ description=(
2588
+ "The URI (URL or URN) to the external reference. External references are URIs and therefore can accept"
2589
+ " any URL scheme including https ([RFC-7230](https://www.ietf.org/rfc/rfc7230.txt)), mailto"
2590
+ " ([RFC-2368](https://www.ietf.org/rfc/rfc2368.txt)), tel"
2591
+ " ([RFC-3966](https://www.ietf.org/rfc/rfc3966.txt)), and dns"
2592
+ " ([RFC-4501](https://www.ietf.org/rfc/rfc4501.txt)). External references may also include formally"
2593
+ " registered URNs such as [CycloneDX BOM-Link](https://cyclonedx.org/capabilities/bomlink/) to"
2594
+ " reference CycloneDX BOMs or any object within a BOM. BOM-Link transforms applicable external"
2595
+ " references into relationships that can be expressed in a BOM or across BOMs."
2596
+ ),
2597
+ title="URL",
2563
2598
  ),
2564
2599
  ]
2600
+ comment: Annotated[
2601
+ Optional[str], Field(description="An optional comment describing the external reference", title="Comment")
2602
+ ] = None
2603
+ type: Annotated[Type3, Field(description="Specifies the type of external reference.", title="Type")]
2604
+ hashes: Annotated[
2605
+ Optional[List[Hash]], Field(description="The hashes of the external reference (if applicable).", title="Hashes")
2606
+ ] = None
2565
2607
 
2566
2608
 
2567
- class Licensing(CycloneDXBaseModel):
2609
+ class ComponentEvidence(CycloneDXBaseModel):
2568
2610
  """
2569
- Licensing details describing the licensor/licensee, license type, renewal and expiration dates, and other important metadata
2611
+ Provides the ability to document evidence collected through various forms of extraction or analysis.
2570
2612
  """
2571
2613
 
2572
2614
  class Config:
2573
2615
  extra = Extra.forbid
2574
2616
 
2575
- altIds: Annotated[
2576
- Optional[List[str]],
2617
+ identity: Annotated[
2618
+ Optional[Union[List[ComponentIdentityEvidence], ComponentIdentityEvidence]],
2577
2619
  Field(
2578
- description="License identifiers that may be used to manage licenses and their lifecycle",
2579
- title="Alternate License Identifiers",
2620
+ description=(
2621
+ "Evidence that substantiates the identity of a component. The identify may be an object or an array of"
2622
+ " identity objects. Support for specifying identify as a single object was introduced in CycloneDX"
2623
+ " v1.5. Arrays were introduced in v1.6. It is RECOMMENDED that all implementations use arrays, even if"
2624
+ " only one identity object is specified."
2625
+ ),
2626
+ title="Identity Evidence",
2580
2627
  ),
2581
2628
  ] = None
2582
- licensor: Annotated[
2583
- Optional[Union[Licensor, Licensor1]],
2629
+ occurrences: Annotated[
2630
+ Optional[List[Occurrence]],
2584
2631
  Field(
2585
- description="The individual or organization that grants a license to another individual or organization",
2586
- title="Licensor",
2632
+ description="Evidence of individual instances of a component spread across multiple locations.",
2633
+ title="Occurrences",
2587
2634
  ),
2588
2635
  ] = None
2589
- licensee: Annotated[
2590
- Optional[Union[Licensee, Licensee1]],
2591
- Field(description="The individual or organization for which a license was granted to", title="Licensee"),
2592
- ] = None
2593
- purchaser: Annotated[
2594
- Optional[Union[Purchaser, Purchaser1]],
2595
- Field(description="The individual or organization that purchased the license", title="Purchaser"),
2636
+ callstack: Annotated[
2637
+ Optional[Callstack],
2638
+ Field(description="Evidence of the components use through the callstack.", title="Call Stack"),
2596
2639
  ] = None
2597
- purchaseOrder: Annotated[
2598
- Optional[str],
2640
+ licenses: Annotated[
2641
+ Optional[Union[List[LicenseChoice1], LicenseChoice2]],
2599
2642
  Field(
2600
2643
  description=(
2601
- "The purchase order identifier the purchaser sent to a supplier or vendor to authorize a purchase"
2644
+ "EITHER (list of SPDX licenses and/or named licenses) OR (tuple of one SPDX License Expression)"
2602
2645
  ),
2603
- title="Purchase Order",
2646
+ title="License Evidence",
2604
2647
  ),
2605
2648
  ] = None
2606
- licenseTypes: Annotated[
2607
- Optional[List[LicenseType]],
2608
- Field(description="The type of license(s) that was granted to the licensee.", title="License Type"),
2609
- ] = None
2610
- lastRenewal: Annotated[
2611
- Optional[datetime],
2649
+ copyright: Annotated[
2650
+ Optional[List[Copyright]],
2612
2651
  Field(
2613
2652
  description=(
2614
- "The timestamp indicating when the license was last renewed. For new purchases, this is often the"
2615
- " purchase or acquisition date. For non-perpetual licenses or subscriptions, this is the timestamp of"
2616
- " when the license was last renewed."
2653
+ "Copyright evidence captures intellectual property assertions, providing evidence of possible ownership"
2654
+ " and legal protection."
2617
2655
  ),
2618
- title="Last Renewal",
2619
- ),
2620
- ] = None
2621
- expiration: Annotated[
2622
- Optional[datetime],
2623
- Field(
2624
- description="The timestamp indicating when the current license expires (if applicable).", title="Expiration"
2656
+ title="Copyright Evidence",
2625
2657
  ),
2626
2658
  ] = None
2627
2659
 
2628
2660
 
2629
- class License1(CycloneDXBaseModel):
2630
- """
2631
- Specifies the details and attributes related to a software license. It can either include a valid SPDX license identifier or a named license, along with additional properties such as license acknowledgment, comprehensive commercial licensing information, and the full text of the license.
2632
- """
2633
-
2661
+ class ReleaseNotes(CycloneDXBaseModel):
2634
2662
  class Config:
2635
2663
  extra = Extra.forbid
2636
2664
 
2637
- bom_ref: Annotated[
2665
+ type: Annotated[
2666
+ str,
2667
+ Field(
2668
+ description="The software versioning type the release note describes.",
2669
+ examples=["major", "minor", "patch", "pre-release", "internal"],
2670
+ title="Type",
2671
+ ),
2672
+ ]
2673
+ title: Annotated[Optional[str], Field(description="The title of the release.", title="Title")] = None
2674
+ featuredImage: Annotated[
2638
2675
  Optional[str],
2639
2676
  Field(
2640
- alias="bom-ref",
2641
- description=(
2642
- "An optional identifier which can be used to reference the license elsewhere in the BOM. Every bom-ref"
2643
- " must be unique within the BOM.\nValue SHOULD not start with the BOM-Link intro 'urn:cdx:' to avoid"
2644
- " conflicts with BOM-Links."
2645
- ),
2646
- min_length=1,
2647
- title="BOM Reference",
2677
+ description="The URL to an image that may be prominently displayed with the release note.",
2678
+ title="Featured image",
2648
2679
  ),
2649
2680
  ] = None
2650
- id: Annotated[
2651
- spdx.LicenseID,
2681
+ socialImage: Annotated[
2682
+ Optional[str],
2652
2683
  Field(
2653
- description=(
2654
- "A valid SPDX license identifier. If specified, this value must be one of the enumeration of valid SPDX"
2655
- " license identifiers defined in the spdx.schema.json (or spdx.xml) subschema which is synchronized"
2656
- " with the official SPDX license list."
2657
- ),
2658
- examples=["Apache-2.0"],
2659
- title="License ID (SPDX)",
2684
+ description="The URL to an image that may be used in messaging on social media platforms.",
2685
+ title="Social image",
2660
2686
  ),
2661
- ]
2662
- name: Annotated[
2663
- Optional[str],
2687
+ ] = None
2688
+ description: Annotated[
2689
+ Optional[str], Field(description="A short description of the release.", title="Description")
2690
+ ] = None
2691
+ timestamp: Annotated[
2692
+ Optional[datetime],
2693
+ Field(description="The date and time (timestamp) when the release note was created.", title="Timestamp"),
2694
+ ] = None
2695
+ aliases: Annotated[
2696
+ Optional[List[str]],
2664
2697
  Field(
2665
2698
  description=(
2666
- "The name of the license. This may include the name of a commercial or proprietary license or an open"
2667
- " source license that may not be defined by SPDX."
2699
+ "One or more alternate names the release may be referred to. This may include unofficial terms used by"
2700
+ " development and marketing teams (e.g. code names)."
2668
2701
  ),
2669
- examples=["Acme Software License"],
2670
- title="License Name",
2702
+ title="Aliases",
2671
2703
  ),
2672
2704
  ] = None
2673
- acknowledgement: Optional[LicenseAcknowledgementEnumeration] = None
2674
- text: Annotated[
2675
- Optional[Attachment],
2676
- Field(description="An optional way to include the textual content of a license.", title="License text"),
2677
- ] = None
2678
- url: Annotated[
2679
- Optional[str],
2705
+ tags: Annotated[
2706
+ Optional[List[str]],
2680
2707
  Field(
2681
2708
  description=(
2682
- "The URL to the license file. If specified, a 'license' externalReference should also be specified for"
2683
- " completeness"
2709
+ "Textual strings that aid in discovery, search, and retrieval of the associated object. Tags often"
2710
+ " serve as a way to group or categorize similar or related objects by various attributes."
2684
2711
  ),
2685
- examples=["https://www.apache.org/licenses/LICENSE-2.0.txt"],
2686
- title="License URL",
2712
+ examples=["json-parser", "object-persistence", "text-to-image", "translation", "object-detection"],
2713
+ title="Tags",
2687
2714
  ),
2688
2715
  ] = None
2689
- licensing: Annotated[
2690
- Optional[Licensing],
2716
+ resolves: Annotated[
2717
+ Optional[List[Issue]], Field(description="A collection of issues that have been resolved.", title="Resolves")
2718
+ ] = None
2719
+ notes: Annotated[
2720
+ Optional[List[Note]],
2691
2721
  Field(
2692
2722
  description=(
2693
- "Licensing details describing the licensor/licensee, license type, renewal and expiration dates, and"
2694
- " other important metadata"
2723
+ "Zero or more release notes containing the locale and content. Multiple note objects may be specified"
2724
+ " to support release notes in a wide variety of languages."
2695
2725
  ),
2696
- title="Licensing information",
2726
+ title="Notes",
2697
2727
  ),
2698
2728
  ] = None
2699
2729
  properties: Annotated[
@@ -2705,116 +2735,175 @@ class License1(CycloneDXBaseModel):
2705
2735
  " create extensions. Unlike key-value stores, properties support duplicate names, each potentially"
2706
2736
  " having different values. Property names of interest to the general public are encouraged to be"
2707
2737
  " registered in the [CycloneDX Property"
2708
- " Taxonomy](https://github.com/CycloneDX/cyclonedx-property-taxonomy). Formal registration is optional."
2738
+ " Taxonomy](https://github.com/CycloneDX/cyclonedx-property-taxonomy). Formal registration is OPTIONAL."
2709
2739
  ),
2710
2740
  title="Properties",
2711
2741
  ),
2712
2742
  ] = None
2713
2743
 
2714
2744
 
2715
- class Licensor2(Licensor):
2745
+ class Rating(CycloneDXBaseModel):
2716
2746
  """
2717
- The individual or organization that grants a license to another individual or organization
2747
+ Defines the severity or risk ratings of a vulnerability.
2718
2748
  """
2719
2749
 
2750
+ class Config:
2751
+ extra = Extra.forbid
2720
2752
 
2721
- class Licensor3(Licensor1):
2722
- """
2723
- The individual or organization that grants a license to another individual or organization
2724
- """
2753
+ source: Annotated[
2754
+ Optional[VulnerabilitySource],
2755
+ Field(description="The source that calculated the severity or risk rating of the vulnerability."),
2756
+ ] = None
2757
+ score: Annotated[Optional[float], Field(description="The numerical score of the rating.", title="Score")] = None
2758
+ severity: Annotated[
2759
+ Optional[Severity],
2760
+ Field(
2761
+ description="Textual representation of the severity that corresponds to the numerical score of the rating."
2762
+ ),
2763
+ ] = None
2764
+ method: Optional[ScoreMethod] = None
2765
+ vector: Annotated[
2766
+ Optional[str],
2767
+ Field(
2768
+ description="Textual representation of the metric values used to score the vulnerability", title="Vector"
2769
+ ),
2770
+ ] = None
2771
+ justification: Annotated[
2772
+ Optional[str],
2773
+ Field(description="An optional reason for rating the vulnerability as it was", title="Justification"),
2774
+ ] = None
2725
2775
 
2726
2776
 
2727
- class Licensee2(Licensee):
2777
+ class Credits(CycloneDXBaseModel):
2728
2778
  """
2729
- The individual or organization for which a license was granted to
2779
+ Individuals or organizations credited with the discovery of the vulnerability.
2730
2780
  """
2731
2781
 
2782
+ class Config:
2783
+ extra = Extra.forbid
2732
2784
 
2733
- class Licensee3(Licensee1):
2734
- """
2735
- The individual or organization for which a license was granted to
2736
- """
2785
+ organizations: Annotated[
2786
+ Optional[List[OrganizationalEntity]],
2787
+ Field(description="The organizations credited with vulnerability discovery.", title="Organizations"),
2788
+ ] = None
2789
+ individuals: Annotated[
2790
+ Optional[List[OrganizationalContact]],
2791
+ Field(
2792
+ description=(
2793
+ "The individuals, not associated with organizations, that are credited with vulnerability discovery."
2794
+ ),
2795
+ title="Individuals",
2796
+ ),
2797
+ ] = None
2737
2798
 
2738
2799
 
2739
- class Purchaser2(Purchaser):
2740
- """
2741
- The individual or organization that purchased the license
2742
- """
2800
+ class DataGovernanceResponsibleParty(CycloneDXBaseModel):
2801
+ class Config:
2802
+ extra = Extra.forbid
2743
2803
 
2804
+ organization: Annotated[Optional[OrganizationalEntity], Field(title="Organization")] = None
2805
+ contact: Annotated[Optional[OrganizationalContact], Field(title="Individual")] = None
2744
2806
 
2745
- class Purchaser3(Purchaser1):
2746
- """
2747
- The individual or organization that purchased the license
2748
- """
2749
2807
 
2750
-
2751
- class Licensing1(CycloneDXBaseModel):
2808
+ class GraphicsCollection(CycloneDXBaseModel):
2752
2809
  """
2753
- Licensing details describing the licensor/licensee, license type, renewal and expiration dates, and other important metadata
2810
+ A collection of graphics that represent various measurements.
2754
2811
  """
2755
2812
 
2756
2813
  class Config:
2757
2814
  extra = Extra.forbid
2758
2815
 
2759
- altIds: Annotated[
2760
- Optional[List[str]],
2761
- Field(
2762
- description="License identifiers that may be used to manage licenses and their lifecycle",
2763
- title="Alternate License Identifiers",
2764
- ),
2765
- ] = None
2766
- licensor: Annotated[
2767
- Optional[Union[Licensor2, Licensor3]],
2768
- Field(
2769
- description="The individual or organization that grants a license to another individual or organization",
2770
- title="Licensor",
2771
- ),
2772
- ] = None
2773
- licensee: Annotated[
2774
- Optional[Union[Licensee2, Licensee3]],
2775
- Field(description="The individual or organization for which a license was granted to", title="Licensee"),
2816
+ description: Annotated[
2817
+ Optional[str], Field(description="A description of this collection of graphics.", title="Description")
2776
2818
  ] = None
2777
- purchaser: Annotated[
2778
- Optional[Union[Purchaser2, Purchaser3]],
2779
- Field(description="The individual or organization that purchased the license", title="Purchaser"),
2819
+ collection: Annotated[
2820
+ Optional[List[Graphic]], Field(description="A collection of graphics.", title="Collection")
2780
2821
  ] = None
2781
- purchaseOrder: Annotated[
2822
+
2823
+
2824
+ class EnergyProvider(CycloneDXBaseModel):
2825
+ """
2826
+ Describes the physical provider of energy used for model development or operations.
2827
+ """
2828
+
2829
+ class Config:
2830
+ extra = Extra.forbid
2831
+
2832
+ bom_ref: Annotated[
2782
2833
  Optional[str],
2783
2834
  Field(
2835
+ alias="bom-ref",
2784
2836
  description=(
2785
- "The purchase order identifier the purchaser sent to a supplier or vendor to authorize a purchase"
2837
+ "An optional identifier which can be used to reference the energy provider elsewhere in the BOM. Every"
2838
+ " bom-ref MUST be unique within the BOM.\nValue SHOULD not start with the BOM-Link intro 'urn:cdx:' to"
2839
+ " avoid conflicts with BOM-Links."
2786
2840
  ),
2787
- title="Purchase Order",
2841
+ min_length=1,
2842
+ title="BOM Reference",
2788
2843
  ),
2789
2844
  ] = None
2790
- licenseTypes: Annotated[
2791
- Optional[List[LicenseType]],
2792
- Field(description="The type of license(s) that was granted to the licensee.", title="License Type"),
2845
+ description: Annotated[
2846
+ Optional[str], Field(description="A description of the energy provider.", title="Description")
2793
2847
  ] = None
2794
- lastRenewal: Annotated[
2795
- Optional[datetime],
2848
+ organization: Annotated[OrganizationalEntity, Field(title="Organization")]
2849
+ energySource: Annotated[
2850
+ EnergySource, Field(description="The energy source for the energy provider.", title="Energy Source")
2851
+ ]
2852
+ energyProvided: Annotated[
2853
+ EnergyMeasure,
2854
+ Field(
2855
+ description="The energy provided by the energy source for an associated activity.", title="Energy Provided"
2856
+ ),
2857
+ ]
2858
+ externalReferences: Annotated[
2859
+ Optional[List[ExternalReference]],
2796
2860
  Field(
2797
2861
  description=(
2798
- "The timestamp indicating when the license was last renewed. For new purchases, this is often the"
2799
- " purchase or acquisition date. For non-perpetual licenses or subscriptions, this is the timestamp of"
2800
- " when the license was last renewed."
2862
+ "External references provide a way to document systems, sites, and information that may be relevant but"
2863
+ " are not included with the BOM. They may also establish specific relationships within or external to"
2864
+ " the BOM."
2801
2865
  ),
2802
- title="Last Renewal",
2866
+ title="External References",
2803
2867
  ),
2804
2868
  ] = None
2805
- expiration: Annotated[
2806
- Optional[datetime],
2807
- Field(
2808
- description="The timestamp indicating when the current license expires (if applicable).", title="Expiration"
2809
- ),
2869
+
2870
+
2871
+ class Step(CycloneDXBaseModel):
2872
+ """
2873
+ Executes specific commands or tools in order to accomplish its owning task as part of a sequence.
2874
+ """
2875
+
2876
+ class Config:
2877
+ extra = Extra.forbid
2878
+
2879
+ name: Annotated[Optional[str], Field(description="A name for the step.", title="Name")] = None
2880
+ description: Annotated[Optional[str], Field(description="A description of the step.", title="Description")] = None
2881
+ commands: Annotated[
2882
+ Optional[List[Command]],
2883
+ Field(description="Ordered list of commands or directives for the step", title="Commands"),
2810
2884
  ] = None
2885
+ properties: Annotated[Optional[List[Property]], Field(title="Properties")] = None
2811
2886
 
2812
2887
 
2813
- class License2(CycloneDXBaseModel):
2888
+ class ResourceReferenceChoice(CycloneDXBaseModel):
2814
2889
  """
2815
- Specifies the details and attributes related to a software license. It can either include a valid SPDX license identifier or a named license, along with additional properties such as license acknowledgment, comprehensive commercial licensing information, and the full text of the license.
2890
+ A reference to a locally defined resource (e.g., a bom-ref) or an externally accessible resource.
2816
2891
  """
2817
2892
 
2893
+ class Config:
2894
+ extra = Extra.forbid
2895
+
2896
+ ref: Annotated[
2897
+ Optional[Union[RefLinkType, BomLinkElementType]],
2898
+ Field(description="References an object by its bom-ref attribute", title="BOM Reference"),
2899
+ ] = None
2900
+ externalReference: Annotated[
2901
+ Optional[ExternalReference],
2902
+ Field(description="Reference to an externally accessible resource.", title="External reference"),
2903
+ ] = None
2904
+
2905
+
2906
+ class Requirement(CycloneDXBaseModel):
2818
2907
  class Config:
2819
2908
  extra = Extra.forbid
2820
2909
 
@@ -2823,61 +2912,56 @@ class License2(CycloneDXBaseModel):
2823
2912
  Field(
2824
2913
  alias="bom-ref",
2825
2914
  description=(
2826
- "An optional identifier which can be used to reference the license elsewhere in the BOM. Every bom-ref"
2827
- " must be unique within the BOM.\nValue SHOULD not start with the BOM-Link intro 'urn:cdx:' to avoid"
2828
- " conflicts with BOM-Links."
2915
+ "An optional identifier which can be used to reference the object elsewhere in the BOM. Every bom-ref"
2916
+ " MUST be unique within the BOM."
2829
2917
  ),
2830
2918
  min_length=1,
2831
2919
  title="BOM Reference",
2832
2920
  ),
2833
2921
  ] = None
2834
- id: Annotated[
2835
- Optional[spdx.LicenseID],
2922
+ identifier: Annotated[
2923
+ Optional[str],
2836
2924
  Field(
2837
2925
  description=(
2838
- "A valid SPDX license identifier. If specified, this value must be one of the enumeration of valid SPDX"
2839
- " license identifiers defined in the spdx.schema.json (or spdx.xml) subschema which is synchronized"
2840
- " with the official SPDX license list."
2926
+ "The unique identifier used in the standard to identify a specific requirement. This should match what"
2927
+ " is in the standard and should not be the requirements bom-ref."
2841
2928
  ),
2842
- examples=["Apache-2.0"],
2843
- title="License ID (SPDX)",
2929
+ title="Identifier",
2844
2930
  ),
2845
2931
  ] = None
2846
- name: Annotated[
2847
- str,
2932
+ title: Annotated[Optional[str], Field(description="The title of the requirement.", title="Title")] = None
2933
+ text: Annotated[Optional[str], Field(description="The textual content of the requirement.", title="Text")] = None
2934
+ descriptions: Annotated[
2935
+ Optional[List[str]],
2848
2936
  Field(
2849
2937
  description=(
2850
- "The name of the license. This may include the name of a commercial or proprietary license or an open"
2851
- " source license that may not be defined by SPDX."
2938
+ "The supplemental text that provides additional guidance or context to the requirement, but is not"
2939
+ " directly part of the requirement."
2852
2940
  ),
2853
- examples=["Acme Software License"],
2854
- title="License Name",
2941
+ title="Descriptions",
2855
2942
  ),
2856
- ]
2857
- acknowledgement: Optional[LicenseAcknowledgementEnumeration] = None
2858
- text: Annotated[
2859
- Optional[Attachment],
2860
- Field(description="An optional way to include the textual content of a license.", title="License text"),
2861
2943
  ] = None
2862
- url: Annotated[
2863
- Optional[str],
2944
+ openCre: Annotated[
2945
+ Optional[List[OpenCre]],
2864
2946
  Field(
2865
2947
  description=(
2866
- "The URL to the license file. If specified, a 'license' externalReference should also be specified for"
2867
- " completeness"
2948
+ "The Common Requirements Enumeration (CRE) identifier(s). CRE is a structured and standardized"
2949
+ " framework for uniting security standards and guidelines. CRE links each section of a resource to a"
2950
+ " shared topic identifier (a Common Requirement). Through this shared topic link, all resources map to"
2951
+ " each other. Use of CRE promotes clear and unambiguous communication among stakeholders."
2868
2952
  ),
2869
- examples=["https://www.apache.org/licenses/LICENSE-2.0.txt"],
2870
- title="License URL",
2953
+ title="OWASP OpenCRE Identifier(s)",
2871
2954
  ),
2872
2955
  ] = None
2873
- licensing: Annotated[
2874
- Optional[Licensing1],
2956
+ parent: Annotated[
2957
+ Optional[str],
2875
2958
  Field(
2876
2959
  description=(
2877
- "Licensing details describing the licensor/licensee, license type, renewal and expiration dates, and"
2878
- " other important metadata"
2960
+ "The optional `bom-ref` to a parent requirement. This establishes a hierarchy of requirements."
2961
+ " Top-level requirements must not define a parent. Only child requirements should define parents."
2879
2962
  ),
2880
- title="Licensing information",
2963
+ min_length=1,
2964
+ title="Parent BOM Reference",
2881
2965
  ),
2882
2966
  ] = None
2883
2967
  properties: Annotated[
@@ -2889,1471 +2973,552 @@ class License2(CycloneDXBaseModel):
2889
2973
  " create extensions. Unlike key-value stores, properties support duplicate names, each potentially"
2890
2974
  " having different values. Property names of interest to the general public are encouraged to be"
2891
2975
  " registered in the [CycloneDX Property"
2892
- " Taxonomy](https://github.com/CycloneDX/cyclonedx-property-taxonomy). Formal registration is optional."
2976
+ " Taxonomy](https://github.com/CycloneDX/cyclonedx-property-taxonomy). Formal registration is OPTIONAL."
2893
2977
  ),
2894
2978
  title="Properties",
2895
2979
  ),
2896
2980
  ] = None
2897
-
2898
-
2899
- class LicenseChoice1(CycloneDXBaseModel):
2900
- class Config:
2901
- extra = Extra.forbid
2902
-
2903
- license: Annotated[
2904
- Union[License1, License2],
2981
+ externalReferences: Annotated[
2982
+ Optional[List[ExternalReference]],
2905
2983
  Field(
2906
2984
  description=(
2907
- "Specifies the details and attributes related to a software license. It can either include a valid SPDX"
2908
- " license identifier or a named license, along with additional properties such as license"
2909
- " acknowledgment, comprehensive commercial licensing information, and the full text of the license."
2985
+ "External references provide a way to document systems, sites, and information that may be relevant,"
2986
+ " but are not included with the BOM. They may also establish specific relationships within or external"
2987
+ " to the BOM."
2910
2988
  ),
2911
- title="License",
2989
+ title="External References",
2912
2990
  ),
2913
- ]
2914
-
2991
+ ] = None
2915
2992
 
2916
- class Commit(CycloneDXBaseModel):
2917
- """
2918
- Specifies an individual commit
2919
- """
2920
2993
 
2994
+ class Signer(CycloneDXBaseModel):
2921
2995
  class Config:
2922
2996
  extra = Extra.forbid
2923
2997
 
2924
- uid: Annotated[
2998
+ algorithm: Union[AlgorithmEnum, AnyUrl]
2999
+ keyId: Annotated[
2925
3000
  Optional[str],
3001
+ Field(description="Optional. Application specific string identifying the signature key.", title="Key ID"),
3002
+ ] = None
3003
+ publicKey: Annotated[
3004
+ Optional[PublicKey], Field(description="Optional. Public key object.", title="Public key")
3005
+ ] = None
3006
+ certificatePath: Annotated[
3007
+ Optional[List[str]],
2926
3008
  Field(
2927
3009
  description=(
2928
- "A unique identifier of the commit. This may be version control specific. For example, Subversion uses"
2929
- " revision numbers whereas git uses commit hashes."
3010
+ "Optional. Sorted array of X.509 [RFC5280] certificates, where the first element must contain the"
3011
+ " signature certificate. The certificate path must be contiguous but is not required to be complete."
2930
3012
  ),
2931
- title="UID",
2932
- ),
2933
- ] = None
2934
- url: Annotated[
2935
- Optional[str],
2936
- Field(
2937
- description="The URL to the commit. This URL will typically point to a commit in a version control system.",
2938
- title="URL",
3013
+ title="Certificate path",
2939
3014
  ),
2940
3015
  ] = None
2941
- author: Annotated[
2942
- Optional[IdentifiableAction],
2943
- Field(description="The author who created the changes in the commit", title="Author"),
2944
- ] = None
2945
- committer: Annotated[
2946
- Optional[IdentifiableAction],
2947
- Field(description="The person who committed or pushed the commit", title="Committer"),
2948
- ] = None
2949
- message: Annotated[
2950
- Optional[str], Field(description="The text description of the contents of the commit", title="Message")
2951
- ] = None
2952
-
2953
-
2954
- class Patch(CycloneDXBaseModel):
2955
- """
2956
- Specifies an individual patch
2957
- """
2958
-
2959
- class Config:
2960
- extra = Extra.forbid
2961
-
2962
- type: Annotated[
2963
- Type1,
3016
+ excludes: Annotated[
3017
+ Optional[List[str]],
2964
3018
  Field(
2965
3019
  description=(
2966
- "Specifies the purpose for the patch including the resolution of defects, security issues, or new"
2967
- " behavior or functionality."
3020
+ "Optional. Array holding the names of one or more application level properties that must be excluded"
3021
+ ' from the signature process. Note that the "excludes" property itself, must also be excluded from the'
3022
+ ' signature process. Since both the "excludes" property and the associated data it points to are'
3023
+ " unsigned, a conforming JSF implementation must provide options for specifying which properties to"
3024
+ " accept."
2968
3025
  ),
2969
- title="Patch Type",
3026
+ title="Excludes",
2970
3027
  ),
2971
- ]
2972
- diff: Annotated[
2973
- Optional[Diff],
3028
+ ] = None
3029
+ value: Annotated[
3030
+ str,
2974
3031
  Field(
2975
3032
  description=(
2976
- "The patch file (or diff) that shows changes. Refer to"
2977
- " [https://en.wikipedia.org/wiki/Diff](https://en.wikipedia.org/wiki/Diff)"
3033
+ "The signature data. Note that the binary representation must follow the JWA [RFC7518] specifications."
2978
3034
  ),
2979
- title="Diff",
3035
+ title="Signature",
2980
3036
  ),
2981
- ] = None
2982
- resolves: Annotated[
2983
- Optional[List[Issue]], Field(description="A collection of issues the patch resolves", title="Resolves")
2984
- ] = None
3037
+ ]
2985
3038
 
2986
3039
 
2987
- class ExternalReference(CycloneDXBaseModel):
3040
+ class RelatedCryptoMaterialProperties(CycloneDXBaseModel):
2988
3041
  """
2989
- External references provide a way to document systems, sites, and information that may be relevant but are not included with the BOM. They may also establish specific relationships within or external to the BOM.
3042
+ Properties for cryptographic assets of asset type: `related-crypto-material`
2990
3043
  """
2991
3044
 
2992
3045
  class Config:
2993
3046
  extra = Extra.forbid
2994
3047
 
2995
- url: Annotated[
2996
- Union[str, Union[BomLinkDocumentType, BomLinkElementType]],
3048
+ type: Annotated[
3049
+ Optional[Type8],
3050
+ Field(description="The type for the related cryptographic material", title="relatedCryptoMaterialType"),
3051
+ ] = None
3052
+ id: Annotated[
3053
+ Optional[str],
3054
+ Field(description="The optional unique identifier for the related cryptographic material.", title="ID"),
3055
+ ] = None
3056
+ state: Annotated[
3057
+ Optional[State], Field(description="The key state as defined by NIST SP 800-57.", title="State")
3058
+ ] = None
3059
+ algorithmRef: Annotated[
3060
+ Optional[str],
2997
3061
  Field(
2998
- description=(
2999
- "The URI (URL or URN) to the external reference. External references are URIs and therefore can accept"
3000
- " any URL scheme including https ([RFC-7230](https://www.ietf.org/rfc/rfc7230.txt)), mailto"
3001
- " ([RFC-2368](https://www.ietf.org/rfc/rfc2368.txt)), tel"
3002
- " ([RFC-3966](https://www.ietf.org/rfc/rfc3966.txt)), and dns"
3003
- " ([RFC-4501](https://www.ietf.org/rfc/rfc4501.txt)). External references may also include formally"
3004
- " registered URNs such as [CycloneDX BOM-Link](https://cyclonedx.org/capabilities/bomlink/) to"
3005
- " reference CycloneDX BOMs or any object within a BOM. BOM-Link transforms applicable external"
3006
- " references into relationships that can be expressed in a BOM or across BOMs."
3007
- ),
3008
- title="URL",
3009
- ),
3010
- ]
3011
- comment: Annotated[
3012
- Optional[str], Field(description="An optional comment describing the external reference", title="Comment")
3013
- ] = None
3014
- type: Annotated[Type3, Field(description="Specifies the type of external reference.", title="Type")]
3015
- hashes: Annotated[
3016
- Optional[List[Hash]], Field(description="The hashes of the external reference (if applicable).", title="Hashes")
3017
- ] = None
3018
-
3019
-
3020
- class ComponentEvidence(CycloneDXBaseModel):
3021
- """
3022
- Provides the ability to document evidence collected through various forms of extraction or analysis.
3023
- """
3024
-
3025
- class Config:
3026
- extra = Extra.forbid
3027
-
3028
- identity: Annotated[
3029
- Optional[Union[List[ComponentIdentityEvidence], ComponentIdentityEvidence]],
3030
- Field(
3031
- description=(
3032
- "Evidence that substantiates the identity of a component. The identity may be an object or an array of"
3033
- " identity objects. Support for specifying identity as a single object was introduced in CycloneDX"
3034
- " v1.5. Arrays were introduced in v1.6. It is recommended that all implementations use arrays, even if"
3035
- " only one identity object is specified."
3036
- ),
3037
- title="Identity Evidence",
3038
- ),
3039
- ] = None
3040
- occurrences: Annotated[
3041
- Optional[List[Occurrence]],
3042
- Field(
3043
- description="Evidence of individual instances of a component spread across multiple locations.",
3044
- title="Occurrences",
3045
- ),
3046
- ] = None
3047
- callstack: Annotated[
3048
- Optional[Callstack],
3049
- Field(description="Evidence of the components use through the callstack.", title="Call Stack"),
3050
- ] = None
3051
- licenses: Annotated[
3052
- Optional[Union[List[LicenseChoice1], LicenseChoice2]],
3053
- Field(
3054
- description=(
3055
- "EITHER (list of SPDX licenses and/or named licenses) OR (tuple of one SPDX License Expression)"
3056
- ),
3057
- title="License Evidence",
3058
- ),
3059
- ] = None
3060
- copyright: Annotated[
3061
- Optional[List[Copyright]],
3062
- Field(
3063
- description=(
3064
- "Copyright evidence captures intellectual property assertions, providing evidence of possible ownership"
3065
- " and legal protection."
3066
- ),
3067
- title="Copyright Evidence",
3068
- ),
3069
- ] = None
3070
-
3071
-
3072
- class ReleaseNotes(CycloneDXBaseModel):
3073
- class Config:
3074
- extra = Extra.forbid
3075
-
3076
- type: Annotated[
3077
- str,
3078
- Field(
3079
- description="The software versioning type the release note describes.",
3080
- examples=["major", "minor", "patch", "pre-release", "internal"],
3081
- title="Type",
3082
- ),
3083
- ]
3084
- title: Annotated[Optional[str], Field(description="The title of the release.", title="Title")] = None
3085
- featuredImage: Annotated[
3086
- Optional[str],
3087
- Field(
3088
- description="The URL to an image that may be prominently displayed with the release note.",
3089
- title="Featured image",
3090
- ),
3091
- ] = None
3092
- socialImage: Annotated[
3093
- Optional[str],
3094
- Field(
3095
- description="The URL to an image that may be used in messaging on social media platforms.",
3096
- title="Social image",
3097
- ),
3098
- ] = None
3099
- description: Annotated[
3100
- Optional[str], Field(description="A short description of the release.", title="Description")
3101
- ] = None
3102
- timestamp: Annotated[
3103
- Optional[datetime],
3104
- Field(description="The date and time (timestamp) when the release note was created.", title="Timestamp"),
3105
- ] = None
3106
- aliases: Annotated[
3107
- Optional[List[str]],
3108
- Field(
3109
- description=(
3110
- "One or more alternate names the release may be referred to. This may include unofficial terms used by"
3111
- " development and marketing teams (e.g. code names)."
3112
- ),
3113
- title="Aliases",
3114
- ),
3115
- ] = None
3116
- tags: Annotated[
3117
- Optional[List[str]],
3118
- Field(
3119
- description=(
3120
- "Textual strings that aid in discovery, search, and retrieval of the associated object. Tags often"
3121
- " serve as a way to group or categorize similar or related objects by various attributes."
3122
- ),
3123
- examples=["json-parser", "object-persistence", "text-to-image", "translation", "object-detection"],
3124
- title="Tags",
3125
- ),
3126
- ] = None
3127
- resolves: Annotated[
3128
- Optional[List[Issue]], Field(description="A collection of issues that have been resolved.", title="Resolves")
3129
- ] = None
3130
- notes: Annotated[
3131
- Optional[List[Note]],
3132
- Field(
3133
- description=(
3134
- "Zero or more release notes containing the locale and content. Multiple note objects may be specified"
3135
- " to support release notes in a wide variety of languages."
3136
- ),
3137
- title="Notes",
3138
- ),
3139
- ] = None
3140
- properties: Annotated[
3141
- Optional[List[Property]],
3142
- Field(
3143
- description=(
3144
- "Provides the ability to document properties in a name-value store. This provides flexibility to"
3145
- " include data not officially supported in the standard without having to use additional namespaces or"
3146
- " create extensions. Unlike key-value stores, properties support duplicate names, each potentially"
3147
- " having different values. Property names of interest to the general public are encouraged to be"
3148
- " registered in the [CycloneDX Property"
3149
- " Taxonomy](https://github.com/CycloneDX/cyclonedx-property-taxonomy). Formal registration is optional."
3150
- ),
3151
- title="Properties",
3152
- ),
3153
- ] = None
3154
-
3155
-
3156
- class Rating(CycloneDXBaseModel):
3157
- """
3158
- Defines the severity or risk ratings of a vulnerability.
3159
- """
3160
-
3161
- class Config:
3162
- extra = Extra.forbid
3163
-
3164
- source: Annotated[
3165
- Optional[VulnerabilitySource],
3166
- Field(description="The source that calculated the severity or risk rating of the vulnerability."),
3167
- ] = None
3168
- score: Annotated[Optional[float], Field(description="The numerical score of the rating.", title="Score")] = None
3169
- severity: Annotated[
3170
- Optional[Severity],
3171
- Field(
3172
- description="Textual representation of the severity that corresponds to the numerical score of the rating."
3173
- ),
3174
- ] = None
3175
- method: Optional[ScoreMethod] = None
3176
- vector: Annotated[
3177
- Optional[str],
3178
- Field(
3179
- description="Textual representation of the metric values used to score the vulnerability", title="Vector"
3180
- ),
3181
- ] = None
3182
- justification: Annotated[
3183
- Optional[str],
3184
- Field(description="An optional reason for rating the vulnerability as it was", title="Justification"),
3185
- ] = None
3186
-
3187
-
3188
- class Credits(CycloneDXBaseModel):
3189
- """
3190
- Individuals or organizations credited with the discovery of the vulnerability.
3191
- """
3192
-
3193
- class Config:
3194
- extra = Extra.forbid
3195
-
3196
- organizations: Annotated[
3197
- Optional[List[OrganizationalEntity]],
3198
- Field(description="The organizations credited with vulnerability discovery.", title="Organizations"),
3199
- ] = None
3200
- individuals: Annotated[
3201
- Optional[List[OrganizationalContact]],
3202
- Field(
3203
- description=(
3204
- "The individuals, not associated with organizations, that are credited with vulnerability discovery."
3205
- ),
3206
- title="Individuals",
3207
- ),
3208
- ] = None
3209
-
3210
-
3211
- class Versions(CycloneDXBaseModel):
3212
- class Config:
3213
- extra = Extra.forbid
3214
-
3215
- version: Annotated[
3216
- str,
3217
- Field(
3218
- description="A single version of a component or service.",
3219
- examples=["9.0.14", "v1.33.7", "7.0.0-M1", "2.0pre1", "1.0.0-beta1", "0.8.15"],
3220
- max_length=1024,
3221
- title="Version",
3222
- ),
3223
- ]
3224
- range: Annotated[
3225
- Optional[str],
3226
- Field(
3227
- description=(
3228
- "A version range specified in Package URL Version Range syntax (vers) which is defined at"
3229
- " https://github.com/package-url/purl-spec/VERSION-RANGE-SPEC.rst"
3230
- ),
3231
- examples=[
3232
- "vers:cargo/9.0.14",
3233
- "vers:npm/1.2.3|>=2.0.0|<5.0.0",
3234
- "vers:pypi/0.0.0|0.0.1|0.0.2|0.0.3|1.0|2.0pre1",
3235
- "vers:tomee/>=1.0.0-beta1|<=1.7.5|>=7.0.0-M1|<=7.0.7|>=7.1.0|<=7.1.2|>=8.0.0-M1|<=8.0.1",
3236
- "vers:gem/>=2.2.0|!= 2.2.1|<2.3.0",
3237
- ],
3238
- max_length=4096,
3239
- min_length=1,
3240
- title="Version Range",
3241
- ),
3242
- ] = None
3243
- status: Annotated[
3244
- Optional[AffectedStatus],
3245
- Field(description="The vulnerability status for the version or range of versions.", title="Status"),
3246
- ] = AffectedStatus.affected
3247
-
3248
-
3249
- class Versions1(CycloneDXBaseModel):
3250
- class Config:
3251
- extra = Extra.forbid
3252
-
3253
- version: Annotated[
3254
- Optional[str],
3255
- Field(
3256
- description="A single version of a component or service.",
3257
- examples=["9.0.14", "v1.33.7", "7.0.0-M1", "2.0pre1", "1.0.0-beta1", "0.8.15"],
3258
- max_length=1024,
3259
- title="Version",
3260
- ),
3261
- ] = None
3262
- range: Annotated[
3263
- str,
3264
- Field(
3265
- description=(
3266
- "A version range specified in Package URL Version Range syntax (vers) which is defined at"
3267
- " https://github.com/package-url/purl-spec/VERSION-RANGE-SPEC.rst"
3268
- ),
3269
- examples=[
3270
- "vers:cargo/9.0.14",
3271
- "vers:npm/1.2.3|>=2.0.0|<5.0.0",
3272
- "vers:pypi/0.0.0|0.0.1|0.0.2|0.0.3|1.0|2.0pre1",
3273
- "vers:tomee/>=1.0.0-beta1|<=1.7.5|>=7.0.0-M1|<=7.0.7|>=7.1.0|<=7.1.2|>=8.0.0-M1|<=8.0.1",
3274
- "vers:gem/>=2.2.0|!= 2.2.1|<2.3.0",
3275
- ],
3276
- max_length=4096,
3277
- min_length=1,
3278
- title="Version Range",
3279
- ),
3280
- ]
3281
- status: Annotated[
3282
- Optional[AffectedStatus],
3283
- Field(description="The vulnerability status for the version or range of versions.", title="Status"),
3284
- ] = AffectedStatus.affected
3285
-
3286
-
3287
- class Affect(CycloneDXBaseModel):
3288
- class Config:
3289
- extra = Extra.forbid
3290
-
3291
- ref: Annotated[
3292
- Union[RefLinkType, BomLinkElementType],
3293
- Field(description="References a component or service by the objects bom-ref", title="Reference"),
3294
- ]
3295
- versions: Annotated[
3296
- Optional[List[Union[Versions, Versions1]]],
3297
- Field(description="Zero or more individual versions or range of versions.", title="Versions"),
3298
- ] = None
3299
-
3300
-
3301
- class DataGovernanceResponsibleParty1(CycloneDXBaseModel):
3302
- class Config:
3303
- extra = Extra.forbid
3304
-
3305
- organization: Annotated[
3306
- OrganizationalEntity,
3307
- Field(
3308
- description="The organization that is responsible for specific data governance role(s).",
3309
- title="Organization",
3310
- ),
3311
- ]
3312
- contact: Annotated[
3313
- Optional[OrganizationalContact],
3314
- Field(
3315
- description="The individual that is responsible for specific data governance role(s).", title="Individual"
3316
- ),
3317
- ] = None
3318
-
3319
-
3320
- class DataGovernanceResponsibleParty2(CycloneDXBaseModel):
3321
- class Config:
3322
- extra = Extra.forbid
3323
-
3324
- organization: Annotated[
3325
- Optional[OrganizationalEntity],
3326
- Field(
3327
- description="The organization that is responsible for specific data governance role(s).",
3328
- title="Organization",
3329
- ),
3330
- ] = None
3331
- contact: Annotated[
3332
- OrganizationalContact,
3333
- Field(
3334
- description="The individual that is responsible for specific data governance role(s).", title="Individual"
3335
- ),
3336
- ]
3337
-
3338
-
3339
- class GraphicsCollection(CycloneDXBaseModel):
3340
- """
3341
- A collection of graphics that represent various measurements.
3342
- """
3343
-
3344
- class Config:
3345
- extra = Extra.forbid
3346
-
3347
- description: Annotated[
3348
- Optional[str], Field(description="A description of this collection of graphics.", title="Description")
3349
- ] = None
3350
- collection: Annotated[
3351
- Optional[List[Graphic]], Field(description="A collection of graphics.", title="Collection")
3352
- ] = None
3353
-
3354
-
3355
- class EnergyProvider(CycloneDXBaseModel):
3356
- """
3357
- Describes the physical provider of energy used for model development or operations.
3358
- """
3359
-
3360
- class Config:
3361
- extra = Extra.forbid
3362
-
3363
- bom_ref: Annotated[
3364
- Optional[str],
3365
- Field(
3366
- alias="bom-ref",
3367
- description=(
3368
- "An optional identifier which can be used to reference the energy provider elsewhere in the BOM. Every"
3369
- " bom-ref must be unique within the BOM.\nValue SHOULD not start with the BOM-Link intro 'urn:cdx:' to"
3370
- " avoid conflicts with BOM-Links."
3371
- ),
3372
- min_length=1,
3373
- title="BOM Reference",
3374
- ),
3375
- ] = None
3376
- description: Annotated[
3377
- Optional[str], Field(description="A description of the energy provider.", title="Description")
3378
- ] = None
3379
- organization: Annotated[
3380
- OrganizationalEntity, Field(description="The organization that provides energy.", title="Organization")
3381
- ]
3382
- energySource: Annotated[
3383
- EnergySource, Field(description="The energy source for the energy provider.", title="Energy Source")
3384
- ]
3385
- energyProvided: Annotated[
3386
- EnergyMeasure,
3387
- Field(
3388
- description="The energy provided by the energy source for an associated activity.", title="Energy Provided"
3389
- ),
3390
- ]
3391
- externalReferences: Annotated[
3392
- Optional[List[ExternalReference]],
3393
- Field(
3394
- description=(
3395
- "External references provide a way to document systems, sites, and information that may be relevant but"
3396
- " are not included with the BOM. They may also establish specific relationships within or external to"
3397
- " the BOM."
3398
- ),
3399
- title="External References",
3400
- ),
3401
- ] = None
3402
-
3403
-
3404
- class Step(CycloneDXBaseModel):
3405
- """
3406
- Executes specific commands or tools in order to accomplish its owning task as part of a sequence.
3407
- """
3408
-
3409
- class Config:
3410
- extra = Extra.forbid
3411
-
3412
- name: Annotated[Optional[str], Field(description="A name for the step.", title="Name")] = None
3413
- description: Annotated[Optional[str], Field(description="A description of the step.", title="Description")] = None
3414
- commands: Annotated[
3415
- Optional[List[Command]],
3416
- Field(description="Ordered list of commands or directives for the step", title="Commands"),
3417
- ] = None
3418
- properties: Annotated[
3419
- Optional[List[Property]],
3420
- Field(
3421
- description=(
3422
- "Provides the ability to document properties in a name-value store. This provides flexibility to"
3423
- " include data not officially supported in the standard without having to use additional namespaces or"
3424
- " create extensions. Unlike key-value stores, properties support duplicate names, each potentially"
3425
- " having different values. Property names of interest to the general public are encouraged to be"
3426
- " registered in the [CycloneDX Property"
3427
- " Taxonomy](https://github.com/CycloneDX/cyclonedx-property-taxonomy). Formal registration is optional."
3428
- ),
3429
- title="Properties",
3430
- ),
3431
- ] = None
3432
-
3433
-
3434
- class ResourceReferenceChoice1(CycloneDXBaseModel):
3435
- """
3436
- A reference to a locally defined resource (e.g., a bom-ref) or an externally accessible resource.
3437
- """
3438
-
3439
- class Config:
3440
- extra = Extra.forbid
3441
-
3442
- ref: Annotated[
3443
- Union[RefLinkType, BomLinkElementType],
3444
- Field(description="References an object by its bom-ref attribute", title="BOM Reference"),
3445
- ]
3446
- externalReference: Annotated[
3447
- Optional[ExternalReference],
3448
- Field(description="Reference to an externally accessible resource.", title="External reference"),
3449
- ] = None
3450
-
3451
-
3452
- class ResourceReferenceChoice2(CycloneDXBaseModel):
3453
- """
3454
- A reference to a locally defined resource (e.g., a bom-ref) or an externally accessible resource.
3455
- """
3456
-
3457
- class Config:
3458
- extra = Extra.forbid
3459
-
3460
- ref: Annotated[
3461
- Optional[Union[RefLinkType, BomLinkElementType]],
3462
- Field(description="References an object by its bom-ref attribute", title="BOM Reference"),
3463
- ] = None
3464
- externalReference: Annotated[
3465
- ExternalReference,
3466
- Field(description="Reference to an externally accessible resource.", title="External reference"),
3467
- ]
3468
-
3469
-
3470
- class Requirement(CycloneDXBaseModel):
3471
- class Config:
3472
- extra = Extra.forbid
3473
-
3474
- bom_ref: Annotated[
3475
- Optional[str],
3476
- Field(
3477
- alias="bom-ref",
3478
- description=(
3479
- "An optional identifier which can be used to reference the object elsewhere in the BOM. Every bom-ref"
3480
- " must be unique within the BOM."
3481
- ),
3482
- min_length=1,
3483
- title="BOM Reference",
3484
- ),
3485
- ] = None
3486
- identifier: Annotated[
3487
- Optional[str],
3488
- Field(
3489
- description=(
3490
- "The unique identifier used in the standard to identify a specific requirement. This should match what"
3491
- " is in the standard and should not be the requirements bom-ref."
3492
- ),
3493
- title="Identifier",
3494
- ),
3495
- ] = None
3496
- title: Annotated[Optional[str], Field(description="The title of the requirement.", title="Title")] = None
3497
- text: Annotated[Optional[str], Field(description="The textual content of the requirement.", title="Text")] = None
3498
- descriptions: Annotated[
3499
- Optional[List[str]],
3500
- Field(
3501
- description=(
3502
- "The supplemental text that provides additional guidance or context to the requirement, but is not"
3503
- " directly part of the requirement."
3504
- ),
3505
- title="Descriptions",
3506
- ),
3507
- ] = None
3508
- openCre: Annotated[
3509
- Optional[List[str]],
3510
- Field(
3511
- description=(
3512
- "The Common Requirements Enumeration (CRE) identifier(s). CRE is a structured and standardized"
3513
- " framework for uniting security standards and guidelines. CRE links each section of a resource to a"
3514
- " shared topic identifier (a Common Requirement). Through this shared topic link, all resources map to"
3515
- " each other. Use of CRE promotes clear and unambiguous communication among stakeholders."
3516
- ),
3517
- regex="^CRE:[0-9]+-[0-9]+$",
3518
- title="OWASP OpenCRE Identifier(s)",
3519
- ),
3520
- ] = None
3521
- parent: Annotated[
3522
- Optional[str],
3523
- Field(
3524
- description=(
3525
- "The optional `bom-ref` to a parent requirement. This establishes a hierarchy of requirements."
3526
- " Top-level requirements must not define a parent. Only child requirements should define parents."
3527
- ),
3528
- min_length=1,
3529
- title="Parent BOM Reference",
3530
- ),
3531
- ] = None
3532
- properties: Annotated[
3533
- Optional[List[Property]],
3534
- Field(
3535
- description=(
3536
- "Provides the ability to document properties in a name-value store. This provides flexibility to"
3537
- " include data not officially supported in the standard without having to use additional namespaces or"
3538
- " create extensions. Unlike key-value stores, properties support duplicate names, each potentially"
3539
- " having different values. Property names of interest to the general public are encouraged to be"
3540
- " registered in the [CycloneDX Property"
3541
- " Taxonomy](https://github.com/CycloneDX/cyclonedx-property-taxonomy). Formal registration is optional."
3542
- ),
3543
- title="Properties",
3544
- ),
3545
- ] = None
3546
- externalReferences: Annotated[
3547
- Optional[List[ExternalReference]],
3548
- Field(
3549
- description=(
3550
- "External references provide a way to document systems, sites, and information that may be relevant,"
3551
- " but are not included with the BOM. They may also establish specific relationships within or external"
3552
- " to the BOM."
3553
- ),
3554
- title="External References",
3555
- ),
3556
- ] = None
3557
-
3558
-
3559
- class Signer(CycloneDXBaseModel):
3560
- class Config:
3561
- extra = Extra.forbid
3562
-
3563
- algorithm: Union[Algorithm, AnyUrl]
3564
- keyId: Annotated[
3565
- Optional[str],
3566
- Field(description="Optional. Application specific string identifying the signature key.", title="Key ID"),
3567
- ] = None
3568
- publicKey: Annotated[
3569
- Optional[PublicKey], Field(description="Optional. Public key object.", title="Public key")
3570
- ] = None
3571
- certificatePath: Annotated[
3572
- Optional[List[str]],
3573
- Field(
3574
- description=(
3575
- "Optional. Sorted array of X.509 [RFC5280] certificates, where the first element must contain the"
3576
- " signature certificate. The certificate path must be contiguous but is not required to be complete."
3577
- ),
3578
- title="Certificate path",
3579
- ),
3580
- ] = None
3581
- excludes: Annotated[
3582
- Optional[List[str]],
3583
- Field(
3584
- description=(
3585
- "Optional. Array holding the names of one or more application level properties that must be excluded"
3586
- ' from the signature process. Note that the "excludes" property itself, must also be excluded from the'
3587
- ' signature process. Since both the "excludes" property and the associated data it points to are'
3588
- " unsigned, a conforming JSF implementation must provide options for specifying which properties to"
3589
- " accept."
3590
- ),
3591
- title="Excludes",
3592
- ),
3593
- ] = None
3594
- value: Annotated[
3595
- str,
3596
- Field(
3597
- description=(
3598
- "The signature data. Note that the binary representation must follow the JWA [RFC7518] specifications."
3599
- ),
3600
- title="Signature",
3601
- ),
3602
- ]
3603
-
3604
-
3605
- class RelatedCryptoMaterialProperties(CycloneDXBaseModel):
3606
- """
3607
- Properties for cryptographic assets of asset type: `related-crypto-material`
3608
- """
3609
-
3610
- class Config:
3611
- extra = Extra.forbid
3612
-
3613
- type: Annotated[
3614
- Optional[Type10],
3615
- Field(description="The type for the related cryptographic material", title="relatedCryptoMaterialType"),
3616
- ] = None
3617
- id: Annotated[
3618
- Optional[str],
3619
- Field(description="The optional unique identifier for the related cryptographic material.", title="ID"),
3620
- ] = None
3621
- state: Annotated[
3622
- Optional[State], Field(description="The key state as defined by NIST SP 800-57.", title="State")
3623
- ] = None
3624
- algorithmRef: Annotated[
3625
- Optional[str],
3626
- Field(
3627
- description="The bom-ref to the algorithm used to generate the related cryptographic material.",
3628
- min_length=1,
3629
- title="Algorithm Reference",
3630
- ),
3631
- ] = None
3632
- creationDate: Annotated[
3633
- Optional[datetime],
3634
- Field(
3635
- description="The date and time (timestamp) when the related cryptographic material was created.",
3636
- title="Creation Date",
3637
- ),
3638
- ] = None
3639
- activationDate: Annotated[
3640
- Optional[datetime],
3641
- Field(
3642
- description="The date and time (timestamp) when the related cryptographic material was activated.",
3643
- title="Activation Date",
3644
- ),
3645
- ] = None
3646
- updateDate: Annotated[
3647
- Optional[datetime],
3648
- Field(
3649
- description="The date and time (timestamp) when the related cryptographic material was updated.",
3650
- title="Update Date",
3651
- ),
3652
- ] = None
3653
- expirationDate: Annotated[
3654
- Optional[datetime],
3655
- Field(
3656
- description="The date and time (timestamp) when the related cryptographic material expires.",
3657
- title="Expiration Date",
3658
- ),
3659
- ] = None
3660
- value: Annotated[
3661
- Optional[str], Field(description="The associated value of the cryptographic material.", title="Value")
3662
- ] = None
3663
- size: Annotated[
3664
- Optional[int], Field(description="The size of the cryptographic asset (in bits).", title="Size")
3665
- ] = None
3666
- format: Annotated[
3667
- Optional[str],
3668
- Field(description="The format of the related cryptographic material (e.g. P8, PEM, DER).", title="Format"),
3669
- ] = None
3670
- securedBy: Annotated[
3671
- Optional[SecuredBy],
3672
- Field(description="The mechanism by which the cryptographic asset is secured by.", title="Secured By"),
3673
- ] = None
3674
-
3675
-
3676
- class Ikev2TransformTypes(CycloneDXBaseModel):
3677
- """
3678
- The IKEv2 transform types supported (types 1-4), defined in [RFC 7296 section 3.3.2](https://www.ietf.org/rfc/rfc7296.html#section-3.3.2), and additional properties.
3679
- """
3680
-
3681
- class Config:
3682
- extra = Extra.forbid
3683
-
3684
- encr: Annotated[
3685
- Optional[List[str]],
3686
- Field(description="Transform Type 1: encryption algorithms", min_length=1, title="Encryption Algorithm (ENCR)"),
3687
- ] = None
3688
- prf: Annotated[
3689
- Optional[List[str]],
3690
- Field(
3691
- description="Transform Type 2: pseudorandom functions", min_length=1, title="Pseudorandom Function (PRF)"
3692
- ),
3693
- ] = None
3694
- integ: Annotated[
3695
- Optional[List[str]],
3696
- Field(description="Transform Type 3: integrity algorithms", min_length=1, title="Integrity Algorithm (INTEG)"),
3697
- ] = None
3698
- ke: Annotated[
3699
- Optional[List[str]],
3700
- Field(
3701
- description=(
3702
- "Transform Type 4: Key Exchange Method (KE) per [RFC 9370](https://www.ietf.org/rfc/rfc9370.html),"
3703
- " formerly called Diffie-Hellman Group (D-H)."
3704
- ),
3705
- min_length=1,
3706
- title="Key Exchange Method (KE)",
3707
- ),
3708
- ] = None
3709
- esn: Annotated[
3710
- Optional[bool],
3711
- Field(
3712
- description="Specifies if an Extended Sequence Number (ESN) is used.",
3713
- title="Extended Sequence Numbers (ESN)",
3714
- ),
3715
- ] = None
3716
- auth: Annotated[
3717
- Optional[List[str]],
3718
- Field(description="IKEv2 Authentication method", min_length=1, title="IKEv2 Authentication method"),
3719
- ] = None
3720
-
3721
-
3722
- class ProtocolProperties(CycloneDXBaseModel):
3723
- """
3724
- Properties specific to cryptographic assets of type: `protocol`.
3725
- """
3726
-
3727
- class Config:
3728
- extra = Extra.forbid
3729
-
3730
- type: Annotated[Optional[Type11], Field(description="The concrete protocol type.", title="Type")] = None
3731
- version: Annotated[
3732
- Optional[str],
3733
- Field(description="The version of the protocol.", examples=["1.0", "1.2", "1.99"], title="Protocol Version"),
3734
- ] = None
3735
- cipherSuites: Annotated[
3736
- Optional[List[CipherSuite]],
3737
- Field(description="A list of cipher suites related to the protocol.", title="Cipher Suites"),
3738
- ] = None
3739
- ikev2TransformTypes: Annotated[
3740
- Optional[Ikev2TransformTypes],
3741
- Field(
3742
- description=(
3743
- "The IKEv2 transform types supported (types 1-4), defined in [RFC 7296 section"
3744
- " 3.3.2](https://www.ietf.org/rfc/rfc7296.html#section-3.3.2), and additional properties."
3745
- ),
3746
- title="IKEv2 Transform Types",
3747
- ),
3748
- ] = None
3749
- cryptoRefArray: Annotated[
3750
- Optional[List[str]],
3751
- Field(
3752
- description="A list of protocol-related cryptographic assets",
3753
- min_length=1,
3754
- title="Cryptographic References",
3755
- ),
3756
- ] = None
3757
-
3758
-
3759
- class CryptoProperties(CycloneDXBaseModel):
3760
- """
3761
- Cryptographic assets have properties that uniquely define them and that make them actionable for further reasoning. As an example, it makes a difference if one knows the algorithm family (e.g. AES) or the specific variant or instantiation (e.g. AES-128-GCM). This is because the security level and the algorithm primitive (authenticated encryption) are only defined by the definition of the algorithm variant. The presence of a weak cryptographic algorithm like SHA1 vs. HMAC-SHA1 also makes a difference.
3762
- """
3763
-
3764
- class Config:
3765
- extra = Extra.forbid
3766
-
3767
- assetType: Annotated[
3768
- AssetType,
3769
- Field(
3770
- description=(
3771
- "Cryptographic assets occur in several forms. Algorithms and protocols are most commonly implemented in"
3772
- " specialized cryptographic libraries. They may, however, also be 'hardcoded' in software components."
3773
- " Certificates and related cryptographic material like keys, tokens, secrets or passwords are other"
3774
- " cryptographic assets to be modelled."
3775
- ),
3776
- title="Asset Type",
3777
- ),
3778
- ]
3779
- algorithmProperties: Annotated[
3780
- Optional[AlgorithmProperties],
3781
- Field(description="Additional properties specific to a cryptographic algorithm.", title="Algorithm Properties"),
3782
- ] = None
3783
- certificateProperties: Annotated[
3784
- Optional[CertificateProperties],
3785
- Field(
3786
- description="Properties for cryptographic assets of asset type 'certificate'",
3787
- title="Certificate Properties",
3788
- ),
3789
- ] = None
3790
- relatedCryptoMaterialProperties: Annotated[
3791
- Optional[RelatedCryptoMaterialProperties],
3792
- Field(
3793
- description="Properties for cryptographic assets of asset type: `related-crypto-material`",
3794
- title="Related Cryptographic Material Properties",
3795
- ),
3796
- ] = None
3797
- protocolProperties: Annotated[
3798
- Optional[ProtocolProperties],
3799
- Field(
3800
- description="Properties specific to cryptographic assets of type: `protocol`.", title="Protocol Properties"
3801
- ),
3802
- ] = None
3803
- oid: Annotated[
3804
- Optional[str], Field(description="The object identifier (OID) of the cryptographic asset.", title="OID")
3805
- ] = None
3806
-
3807
-
3808
- class Assessor(CycloneDXBaseModel):
3809
- """
3810
- The assessor who evaluates claims and determines conformance to requirements and confidence in that assessment.
3811
- """
3812
-
3813
- class Config:
3814
- extra = Extra.forbid
3815
-
3816
- bom_ref: Annotated[
3817
- Optional[str],
3818
- Field(
3819
- alias="bom-ref",
3820
- description=(
3821
- "An optional identifier which can be used to reference the object elsewhere in the BOM. Every bom-ref"
3822
- " must be unique within the BOM."
3823
- ),
3062
+ description="The bom-ref to the algorithm used to generate the related cryptographic material.",
3824
3063
  min_length=1,
3825
- title="BOM Reference",
3064
+ title="Algorithm Reference",
3826
3065
  ),
3827
3066
  ] = None
3828
- thirdParty: Annotated[
3829
- Optional[bool],
3067
+ creationDate: Annotated[
3068
+ Optional[datetime],
3830
3069
  Field(
3831
- description=(
3832
- "The boolean indicating if the assessor is outside the organization generating claims. A value of false"
3833
- " indicates a self assessor."
3834
- ),
3835
- title="Third Party",
3070
+ description="The date and time (timestamp) when the related cryptographic material was created.",
3071
+ title="Creation Date",
3836
3072
  ),
3837
3073
  ] = None
3838
- organization: Annotated[
3839
- Optional[OrganizationalEntity], Field(description="The entity issuing the assessment.", title="Organization")
3840
- ] = None
3841
-
3842
-
3843
- class Tool(CycloneDXBaseModel):
3844
- """
3845
- [Deprecated] This will be removed in a future version. Use component or service instead. Information about the automated or manual tool used
3846
- """
3847
-
3848
- class Config:
3849
- extra = Extra.forbid
3850
-
3851
- vendor: Annotated[
3852
- Optional[str], Field(description="The name of the vendor who created the tool", title="Tool Vendor")
3853
- ] = None
3854
- name: Annotated[Optional[str], Field(description="The name of the tool", title="Tool Name")] = None
3855
- version: Annotated[
3856
- Optional[str],
3074
+ activationDate: Annotated[
3075
+ Optional[datetime],
3857
3076
  Field(
3858
- description="The version of the tool",
3859
- examples=["9.0.14", "v1.33.7", "7.0.0-M1", "2.0pre1", "1.0.0-beta1", "0.8.15"],
3860
- max_length=1024,
3861
- title="Tool Version",
3077
+ description="The date and time (timestamp) when the related cryptographic material was activated.",
3078
+ title="Activation Date",
3862
3079
  ),
3863
3080
  ] = None
3864
- hashes: Annotated[
3865
- Optional[List[Hash]], Field(description="The hashes of the tool (if applicable).", title="Hashes")
3866
- ] = None
3867
- externalReferences: Annotated[
3868
- Optional[List[ExternalReference]],
3081
+ updateDate: Annotated[
3082
+ Optional[datetime],
3869
3083
  Field(
3870
- description=(
3871
- "External references provide a way to document systems, sites, and information that may be relevant,"
3872
- " but are not included with the BOM. They may also establish specific relationships within or external"
3873
- " to the BOM."
3874
- ),
3875
- title="External References",
3084
+ description="The date and time (timestamp) when the related cryptographic material was updated.",
3085
+ title="Update Date",
3876
3086
  ),
3877
3087
  ] = None
3878
-
3879
-
3880
- class QuantitativeAnalysis(CycloneDXBaseModel):
3881
- """
3882
- A quantitative analysis of the model
3883
- """
3884
-
3885
- class Config:
3886
- extra = Extra.forbid
3887
-
3888
- performanceMetrics: Annotated[
3889
- Optional[List[PerformanceMetric]],
3088
+ expirationDate: Annotated[
3089
+ Optional[datetime],
3890
3090
  Field(
3891
- description=(
3892
- "The model performance metrics being reported. Examples may include accuracy, F1 score, precision,"
3893
- " top-3 error rates, MSC, etc."
3894
- ),
3895
- title="Performance Metrics",
3091
+ description="The date and time (timestamp) when the related cryptographic material expires.",
3092
+ title="Expiration Date",
3896
3093
  ),
3897
3094
  ] = None
3898
- graphics: Optional[GraphicsCollection] = None
3095
+ value: Annotated[
3096
+ Optional[str], Field(description="The associated value of the cryptographic material.", title="Value")
3097
+ ] = None
3098
+ size: Annotated[
3099
+ Optional[int], Field(description="The size of the cryptographic asset (in bits).", title="Size")
3100
+ ] = None
3101
+ format: Annotated[
3102
+ Optional[str],
3103
+ Field(description="The format of the related cryptographic material (e.g. P8, PEM, DER).", title="Format"),
3104
+ ] = None
3105
+ securedBy: Annotated[
3106
+ Optional[SecuredBy],
3107
+ Field(description="The mechanism by which the cryptographic asset is secured by.", title="Secured By"),
3108
+ ] = None
3899
3109
 
3900
3110
 
3901
- class DataGovernance(CycloneDXBaseModel):
3111
+ class Ikev2TransformTypes(CycloneDXBaseModel):
3902
3112
  """
3903
- Data governance captures information regarding data ownership, stewardship, and custodianship, providing insights into the individuals or entities responsible for managing, overseeing, and safeguarding the data throughout its lifecycle.
3113
+ The IKEv2 transform types supported (types 1-4), defined in RFC7296 section 3.3.2, and additional properties.
3904
3114
  """
3905
3115
 
3906
3116
  class Config:
3907
3117
  extra = Extra.forbid
3908
3118
 
3909
- custodians: Annotated[
3910
- Optional[List[Union[DataGovernanceResponsibleParty1, DataGovernanceResponsibleParty2]]],
3119
+ encr: Annotated[
3120
+ Optional[List[RefType]],
3121
+ Field(description="Transform Type 1: encryption algorithms", title="Encryption Algorithm (ENCR)"),
3122
+ ] = None
3123
+ prf: Annotated[
3124
+ Optional[List[RefType]],
3125
+ Field(description="Transform Type 2: pseudorandom functions", title="Pseudorandom Function (PRF)"),
3126
+ ] = None
3127
+ integ: Annotated[
3128
+ Optional[List[RefType]],
3129
+ Field(description="Transform Type 3: integrity algorithms", title="Integrity Algorithm (INTEG)"),
3130
+ ] = None
3131
+ ke: Annotated[
3132
+ Optional[List[RefType]],
3911
3133
  Field(
3912
- description="Data custodians are responsible for the safe custody, transport, and storage of data.",
3913
- title="Data Custodians",
3134
+ description=(
3135
+ "Transform Type 4: Key Exchange Method (KE) per RFC9370, formerly called Diffie-Hellman Group (D-H)"
3136
+ ),
3137
+ title="Key Exchange Method (KE)",
3914
3138
  ),
3915
3139
  ] = None
3916
- stewards: Annotated[
3917
- Optional[List[Union[DataGovernanceResponsibleParty1, DataGovernanceResponsibleParty2]]],
3140
+ esn: Annotated[
3141
+ Optional[bool],
3918
3142
  Field(
3919
- description="Data stewards are responsible for data content, context, and associated business rules.",
3920
- title="Data Stewards",
3143
+ description="Specifies if an Extended Sequence Number (ESN) is used.",
3144
+ title="Extended Sequence Numbers (ESN)",
3921
3145
  ),
3922
3146
  ] = None
3923
- owners: Annotated[
3924
- Optional[List[Union[DataGovernanceResponsibleParty1, DataGovernanceResponsibleParty2]]],
3925
- Field(description="Data owners are concerned with risk and appropriate access to data.", title="Data Owners"),
3147
+ auth: Annotated[
3148
+ Optional[List[RefType]], Field(description="IKEv2 Authentication method", title="IKEv2 Authentication method")
3926
3149
  ] = None
3927
3150
 
3928
3151
 
3929
- class EnergyConsumption(CycloneDXBaseModel):
3152
+ class ProtocolProperties(CycloneDXBaseModel):
3930
3153
  """
3931
- Describes energy consumption information incurred for the specified lifecycle activity.
3154
+ Properties specific to cryptographic assets of type: `protocol`.
3932
3155
  """
3933
3156
 
3934
3157
  class Config:
3935
3158
  extra = Extra.forbid
3936
3159
 
3937
- activity: Annotated[
3938
- Activity,
3939
- Field(
3940
- description=(
3941
- "The type of activity that is part of a machine learning model development or operational lifecycle."
3942
- ),
3943
- title="Activity",
3944
- ),
3945
- ]
3946
- energyProviders: Annotated[
3947
- List[EnergyProvider],
3948
- Field(
3949
- description=(
3950
- "The provider(s) of the energy consumed by the associated model development lifecycle activity."
3951
- ),
3952
- title="Energy Providers",
3953
- ),
3954
- ]
3955
- activityEnergyCost: Annotated[
3956
- EnergyMeasure,
3957
- Field(
3958
- description="The total energy cost associated with the model lifecycle activity.",
3959
- title="Activity Energy Cost",
3960
- ),
3961
- ]
3962
- co2CostEquivalent: Annotated[
3963
- Optional[Co2Measure],
3964
- Field(description="The CO2 cost (debit) equivalent to the total energy cost.", title="CO2 Equivalent Cost"),
3160
+ type: Annotated[Optional[Type9], Field(description="The concrete protocol type.", title="Type")] = None
3161
+ version: Annotated[
3162
+ Optional[str],
3163
+ Field(description="The version of the protocol.", examples=["1.0", "1.2", "1.99"], title="Protocol Version"),
3965
3164
  ] = None
3966
- co2CostOffset: Annotated[
3967
- Optional[Co2Measure],
3968
- Field(description="The CO2 offset (credit) for the CO2 equivalent cost.", title="CO2 Cost Offset"),
3165
+ cipherSuites: Annotated[
3166
+ Optional[List[CipherSuite]],
3167
+ Field(description="A list of cipher suites related to the protocol.", title="Cipher Suites"),
3969
3168
  ] = None
3970
- properties: Annotated[
3971
- Optional[List[Property]],
3169
+ ikev2TransformTypes: Annotated[
3170
+ Optional[Ikev2TransformTypes],
3972
3171
  Field(
3973
3172
  description=(
3974
- "Provides the ability to document properties in a name-value store. This provides flexibility to"
3975
- " include data not officially supported in the standard without having to use additional namespaces or"
3976
- " create extensions. Unlike key-value stores, properties support duplicate names, each potentially"
3977
- " having different values. Property names of interest to the general public are encouraged to be"
3978
- " registered in the [CycloneDX Property"
3979
- " Taxonomy](https://github.com/CycloneDX/cyclonedx-property-taxonomy). Formal registration is optional."
3173
+ "The IKEv2 transform types supported (types 1-4), defined in RFC7296 section 3.3.2, and additional"
3174
+ " properties."
3980
3175
  ),
3981
- title="Properties",
3176
+ title="IKEv2 Transform Types",
3982
3177
  ),
3983
3178
  ] = None
3179
+ cryptoRefArray: Annotated[
3180
+ Optional[List[RefType]],
3181
+ Field(description="A list of protocol-related cryptographic assets", title="Cryptographic References"),
3182
+ ] = None
3984
3183
 
3985
3184
 
3986
- class Workspace(CycloneDXBaseModel):
3185
+ class CryptoProperties(CycloneDXBaseModel):
3987
3186
  """
3988
- A named filesystem or data resource shareable by workflow tasks.
3187
+ Cryptographic assets have properties that uniquely define them and that make them actionable for further reasoning. As an example, it makes a difference if one knows the algorithm family (e.g. AES) or the specific variant or instantiation (e.g. AES-128-GCM). This is because the security level and the algorithm primitive (authenticated encryption) are only defined by the definition of the algorithm variant. The presence of a weak cryptographic algorithm like SHA1 vs. HMAC-SHA1 also makes a difference.
3989
3188
  """
3990
3189
 
3991
3190
  class Config:
3992
3191
  extra = Extra.forbid
3993
3192
 
3994
- bom_ref: Annotated[
3995
- str,
3193
+ assetType: Annotated[
3194
+ AssetType,
3996
3195
  Field(
3997
- alias="bom-ref",
3998
3196
  description=(
3999
- "An optional identifier which can be used to reference the workspace elsewhere in the BOM. Every"
4000
- " bom-ref must be unique within the BOM.\nValue SHOULD not start with the BOM-Link intro 'urn:cdx:' to"
4001
- " avoid conflicts with BOM-Links."
3197
+ "Cryptographic assets occur in several forms. Algorithms and protocols are most commonly implemented in"
3198
+ " specialized cryptographic libraries. They may, however, also be 'hardcoded' in software components."
3199
+ " Certificates and related cryptographic material like keys, tokens, secrets or passwords are other"
3200
+ " cryptographic assets to be modelled."
4002
3201
  ),
4003
- min_length=1,
4004
- title="BOM Reference",
4005
- ),
4006
- ]
4007
- uid: Annotated[
4008
- str,
4009
- Field(
4010
- description="The unique identifier for the resource instance within its deployment context.",
4011
- title="Unique Identifier (UID)",
3202
+ title="Asset Type",
4012
3203
  ),
4013
3204
  ]
4014
- name: Annotated[Optional[str], Field(description="The name of the resource instance.", title="Name")] = None
4015
- aliases: Annotated[
4016
- Optional[List[str]],
4017
- Field(
4018
- description=(
4019
- "The names for the workspace as referenced by other workflow tasks. Effectively, a name mapping so"
4020
- " other tasks can use their own local name in their steps."
4021
- ),
4022
- title="Aliases",
4023
- ),
4024
- ] = None
4025
- description: Annotated[
4026
- Optional[str], Field(description="A description of the resource instance.", title="Description")
4027
- ] = None
4028
- resourceReferences: Annotated[
4029
- Optional[List[Union[ResourceReferenceChoice1, ResourceReferenceChoice2]]],
4030
- Field(
4031
- description="References to component or service resources that are used to realize the resource instance.",
4032
- title="Resource references",
4033
- ),
4034
- ] = None
4035
- accessMode: Annotated[
4036
- Optional[AccessMode],
4037
- Field(
4038
- description=(
4039
- "Describes the read-write access control for the workspace relative to the owning resource instance."
4040
- ),
4041
- title="Access mode",
4042
- ),
4043
- ] = None
4044
- mountPath: Annotated[
4045
- Optional[str],
4046
- Field(
4047
- description=(
4048
- "A path to a location on disk where the workspace will be available to the associated task's steps."
4049
- ),
4050
- title="Mount path",
4051
- ),
4052
- ] = None
4053
- managedDataType: Annotated[
4054
- Optional[str],
4055
- Field(
4056
- description="The name of a domain-specific data type the workspace represents.",
4057
- examples=["ConfigMap", "Secret"],
4058
- title="Managed data type",
4059
- ),
3205
+ algorithmProperties: Annotated[
3206
+ Optional[AlgorithmProperties],
3207
+ Field(description="Additional properties specific to a cryptographic algorithm.", title="Algorithm Properties"),
4060
3208
  ] = None
4061
- volumeRequest: Annotated[
4062
- Optional[str],
3209
+ certificateProperties: Annotated[
3210
+ Optional[CertificateProperties],
4063
3211
  Field(
4064
- description="Identifies the reference to the request for a specific volume type and parameters.",
4065
- examples=["a kubernetes Persistent Volume Claim (PVC) name"],
4066
- title="Volume request",
3212
+ description="Properties for cryptographic assets of asset type 'certificate'",
3213
+ title="Certificate Properties",
4067
3214
  ),
4068
3215
  ] = None
4069
- volume: Annotated[
4070
- Optional[Volume],
3216
+ relatedCryptoMaterialProperties: Annotated[
3217
+ Optional[RelatedCryptoMaterialProperties],
4071
3218
  Field(
4072
- description="Information about the actual volume instance allocated to the workspace.",
4073
- examples=["see https://kubernetes.io/docs/concepts/storage/persistent-volumes/"],
4074
- title="Volume",
3219
+ description="Properties for cryptographic assets of asset type: `related-crypto-material`",
3220
+ title="Related Cryptographic Material Properties",
4075
3221
  ),
4076
3222
  ] = None
4077
- properties: Annotated[
4078
- Optional[List[Property]],
3223
+ protocolProperties: Annotated[
3224
+ Optional[ProtocolProperties],
4079
3225
  Field(
4080
- description=(
4081
- "Provides the ability to document properties in a name-value store. This provides flexibility to"
4082
- " include data not officially supported in the standard without having to use additional namespaces or"
4083
- " create extensions. Unlike key-value stores, properties support duplicate names, each potentially"
4084
- " having different values. Property names of interest to the general public are encouraged to be"
4085
- " registered in the [CycloneDX Property"
4086
- " Taxonomy](https://github.com/CycloneDX/cyclonedx-property-taxonomy). Formal registration is optional."
4087
- ),
4088
- title="Properties",
3226
+ description="Properties specific to cryptographic assets of type: `protocol`.", title="Protocol Properties"
4089
3227
  ),
4090
3228
  ] = None
3229
+ oid: Annotated[
3230
+ Optional[str], Field(description="The object identifier (OID) of the cryptographic asset.", title="OID")
3231
+ ] = None
4091
3232
 
4092
3233
 
4093
- class Event(CycloneDXBaseModel):
3234
+ class Assessor(CycloneDXBaseModel):
4094
3235
  """
4095
- Represents something that happened that may trigger a response.
3236
+ The assessor who evaluates claims and determines conformance to requirements and confidence in that assessment.
4096
3237
  """
4097
3238
 
4098
3239
  class Config:
4099
3240
  extra = Extra.forbid
4100
3241
 
4101
- uid: Annotated[
4102
- Optional[str], Field(description="The unique identifier of the event.", title="Unique Identifier (UID)")
4103
- ] = None
4104
- description: Annotated[Optional[str], Field(description="A description of the event.", title="Description")] = None
4105
- timeReceived: Annotated[
4106
- Optional[datetime],
4107
- Field(description="The date and time (timestamp) when the event was received.", title="Time Received"),
4108
- ] = None
4109
- data: Annotated[Optional[Attachment], Field(description="Encoding of the raw event data.", title="Data")] = None
4110
- source: Annotated[
4111
- Optional[Union[ResourceReferenceChoice1, ResourceReferenceChoice2]],
4112
- Field(description="References the component or service that was the source of the event", title="Source"),
4113
- ] = None
4114
- target: Annotated[
4115
- Optional[Union[ResourceReferenceChoice1, ResourceReferenceChoice2]],
4116
- Field(description="References the component or service that was the target of the event", title="Target"),
3242
+ bom_ref: Annotated[
3243
+ Optional[str],
3244
+ Field(
3245
+ alias="bom-ref",
3246
+ description=(
3247
+ "An optional identifier which can be used to reference the object elsewhere in the BOM. Every bom-ref"
3248
+ " MUST be unique within the BOM."
3249
+ ),
3250
+ min_length=1,
3251
+ title="BOM Reference",
3252
+ ),
4117
3253
  ] = None
4118
- properties: Annotated[
4119
- Optional[List[Property]],
3254
+ thirdParty: Annotated[
3255
+ Optional[bool],
4120
3256
  Field(
4121
3257
  description=(
4122
- "Provides the ability to document properties in a name-value store. This provides flexibility to"
4123
- " include data not officially supported in the standard without having to use additional namespaces or"
4124
- " create extensions. Unlike key-value stores, properties support duplicate names, each potentially"
4125
- " having different values. Property names of interest to the general public are encouraged to be"
4126
- " registered in the [CycloneDX Property"
4127
- " Taxonomy](https://github.com/CycloneDX/cyclonedx-property-taxonomy). Formal registration is optional."
3258
+ "The boolean indicating if the assessor is outside the organization generating claims. A value of false"
3259
+ " indicates a self assessor."
4128
3260
  ),
4129
- title="Properties",
3261
+ title="Third Party",
4130
3262
  ),
4131
3263
  ] = None
3264
+ organization: Annotated[
3265
+ Optional[OrganizationalEntity], Field(description="The entity issuing the assessment.", title="Organization")
3266
+ ] = None
4132
3267
 
4133
3268
 
4134
- class InputType1(CycloneDXBaseModel):
3269
+ class Tool(CycloneDXBaseModel):
4135
3270
  """
4136
- Type that represents various input data types and formats.
3271
+ [Deprecated] This will be removed in a future version. Use component or service instead. Information about the automated or manual tool used
4137
3272
  """
4138
3273
 
4139
3274
  class Config:
4140
3275
  extra = Extra.forbid
4141
3276
 
4142
- source: Annotated[
4143
- Optional[Union[ResourceReferenceChoice1, ResourceReferenceChoice2]],
3277
+ vendor: Annotated[
3278
+ Optional[str], Field(description="The name of the vendor who created the tool", title="Tool Vendor")
3279
+ ] = None
3280
+ name: Annotated[Optional[str], Field(description="The name of the tool", title="Tool Name")] = None
3281
+ version: Annotated[
3282
+ Optional[str],
4144
3283
  Field(
4145
- description=(
4146
- "A reference to the component or service that provided the input to the task (e.g., reference to a"
4147
- " service with data flow value of `inbound`)"
4148
- ),
4149
- examples=["source code repository", "database"],
4150
- title="Source",
3284
+ description="The version of the tool",
3285
+ examples=["9.0.14", "v1.33.7", "7.0.0-M1", "2.0pre1", "1.0.0-beta1", "0.8.15"],
3286
+ max_length=1024,
3287
+ title="Tool Version",
4151
3288
  ),
4152
3289
  ] = None
4153
- target: Annotated[
4154
- Optional[Union[ResourceReferenceChoice1, ResourceReferenceChoice2]],
3290
+ hashes: Annotated[
3291
+ Optional[List[Hash]], Field(description="The hashes of the tool (if applicable).", title="Hashes")
3292
+ ] = None
3293
+ externalReferences: Annotated[
3294
+ Optional[List[ExternalReference]],
4155
3295
  Field(
4156
3296
  description=(
4157
- "A reference to the component or service that received or stored the input if not the task itself"
4158
- " (e.g., a local, named storage workspace)"
3297
+ "External references provide a way to document systems, sites, and information that may be relevant,"
3298
+ " but are not included with the BOM. They may also establish specific relationships within or external"
3299
+ " to the BOM."
4159
3300
  ),
4160
- examples=["workspace", "directory"],
4161
- title="Target",
3301
+ title="External References",
4162
3302
  ),
4163
3303
  ] = None
4164
- resource: Annotated[
4165
- Union[ResourceReferenceChoice1, ResourceReferenceChoice2],
3304
+
3305
+
3306
+ class QuantitativeAnalysis(CycloneDXBaseModel):
3307
+ """
3308
+ A quantitative analysis of the model
3309
+ """
3310
+
3311
+ class Config:
3312
+ extra = Extra.forbid
3313
+
3314
+ performanceMetrics: Annotated[
3315
+ Optional[List[PerformanceMetric]],
4166
3316
  Field(
4167
3317
  description=(
4168
- "A reference to an independent resource provided as an input to a task by the workflow runtime."
3318
+ "The model performance metrics being reported. Examples may include accuracy, F1 score, precision,"
3319
+ " top-3 error rates, MSC, etc."
4169
3320
  ),
4170
- examples=[
4171
- "a reference to a configuration file in a repository (i.e., a bom-ref)",
4172
- "a reference to a scanning service used in a task (i.e., a bom-ref)",
4173
- ],
4174
- title="Resource",
4175
- ),
4176
- ]
4177
- parameters: Annotated[
4178
- Optional[List[Parameter]],
4179
- Field(
4180
- description="Inputs that have the form of parameters with names and values.",
4181
- title="Parameters",
3321
+ title="Performance Metrics",
4182
3322
  ),
4183
3323
  ] = None
4184
- environmentVars: Annotated[
4185
- Optional[List[Union[Property, str]]],
3324
+ graphics: Optional[GraphicsCollection] = None
3325
+
3326
+
3327
+ class DataGovernance(CycloneDXBaseModel):
3328
+ """
3329
+ Data governance captures information regarding data ownership, stewardship, and custodianship, providing insights into the individuals or entities responsible for managing, overseeing, and safeguarding the data throughout its lifecycle.
3330
+ """
3331
+
3332
+ class Config:
3333
+ extra = Extra.forbid
3334
+
3335
+ custodians: Annotated[
3336
+ Optional[List[DataGovernanceResponsibleParty]],
4186
3337
  Field(
4187
- description="Inputs that have the form of parameters with names and values.",
4188
- title="Environment variables",
3338
+ description="Data custodians are responsible for the safe custody, transport, and storage of data.",
3339
+ title="Data Custodians",
4189
3340
  ),
4190
3341
  ] = None
4191
- data: Annotated[Optional[Attachment], Field(description="Inputs that have the form of data.", title="Data")] = None
4192
- properties: Annotated[
4193
- Optional[List[Property]],
3342
+ stewards: Annotated[
3343
+ Optional[List[DataGovernanceResponsibleParty]],
4194
3344
  Field(
4195
- description=(
4196
- "Provides the ability to document properties in a name-value store. This provides flexibility to"
4197
- " include data not officially supported in the standard without having to use additional namespaces or"
4198
- " create extensions. Unlike key-value stores, properties support duplicate names, each potentially"
4199
- " having different values. Property names of interest to the general public are encouraged to be"
4200
- " registered in the [CycloneDX Property"
4201
- " Taxonomy](https://github.com/CycloneDX/cyclonedx-property-taxonomy). Formal registration is optional."
4202
- ),
4203
- title="Properties",
3345
+ description="Data stewards are responsible for data content, context, and associated business rules.",
3346
+ title="Data Stewards",
4204
3347
  ),
4205
3348
  ] = None
3349
+ owners: Annotated[
3350
+ Optional[List[DataGovernanceResponsibleParty]],
3351
+ Field(description="Data owners are concerned with risk and appropriate access to data.", title="Data Owners"),
3352
+ ] = None
4206
3353
 
4207
3354
 
4208
- class InputType2(CycloneDXBaseModel):
3355
+ class EnergyConsumption(CycloneDXBaseModel):
4209
3356
  """
4210
- Type that represents various input data types and formats.
3357
+ Describes energy consumption information incurred for the specified lifecycle activity.
4211
3358
  """
4212
3359
 
4213
3360
  class Config:
4214
3361
  extra = Extra.forbid
4215
3362
 
4216
- source: Annotated[
4217
- Optional[Union[ResourceReferenceChoice1, ResourceReferenceChoice2]],
4218
- Field(
4219
- description=(
4220
- "A reference to the component or service that provided the input to the task (e.g., reference to a"
4221
- " service with data flow value of `inbound`)"
4222
- ),
4223
- examples=["source code repository", "database"],
4224
- title="Source",
4225
- ),
4226
- ] = None
4227
- target: Annotated[
4228
- Optional[Union[ResourceReferenceChoice1, ResourceReferenceChoice2]],
3363
+ activity: Annotated[
3364
+ Activity,
4229
3365
  Field(
4230
3366
  description=(
4231
- "A reference to the component or service that received or stored the input if not the task itself"
4232
- " (e.g., a local, named storage workspace)"
3367
+ "The type of activity that is part of a machine learning model development or operational lifecycle."
4233
3368
  ),
4234
- examples=["workspace", "directory"],
4235
- title="Target",
3369
+ title="Activity",
4236
3370
  ),
4237
- ] = None
4238
- resource: Annotated[
4239
- Optional[Union[ResourceReferenceChoice1, ResourceReferenceChoice2]],
3371
+ ]
3372
+ energyProviders: Annotated[
3373
+ List[EnergyProvider],
4240
3374
  Field(
4241
3375
  description=(
4242
- "A reference to an independent resource provided as an input to a task by the workflow runtime."
3376
+ "The provider(s) of the energy consumed by the associated model development lifecycle activity."
4243
3377
  ),
4244
- examples=[
4245
- "a reference to a configuration file in a repository (i.e., a bom-ref)",
4246
- "a reference to a scanning service used in a task (i.e., a bom-ref)",
4247
- ],
4248
- title="Resource",
4249
- ),
4250
- ] = None
4251
- parameters: Annotated[
4252
- List[Parameter],
4253
- Field(
4254
- description="Inputs that have the form of parameters with names and values.",
4255
- title="Parameters",
3378
+ title="Energy Providers",
4256
3379
  ),
4257
3380
  ]
4258
- environmentVars: Annotated[
4259
- Optional[List[Union[Property, str]]],
3381
+ activityEnergyCost: Annotated[
3382
+ EnergyMeasure,
4260
3383
  Field(
4261
- description="Inputs that have the form of parameters with names and values.",
4262
- title="Environment variables",
3384
+ description="The total energy cost associated with the model lifecycle activity.",
3385
+ title="Activity Energy Cost",
4263
3386
  ),
3387
+ ]
3388
+ co2CostEquivalent: Annotated[
3389
+ Optional[Co2Measure],
3390
+ Field(description="The CO2 cost (debit) equivalent to the total energy cost.", title="CO2 Equivalent Cost"),
4264
3391
  ] = None
4265
- data: Annotated[Optional[Attachment], Field(description="Inputs that have the form of data.", title="Data")] = None
4266
- properties: Annotated[
4267
- Optional[List[Property]],
4268
- Field(
4269
- description=(
4270
- "Provides the ability to document properties in a name-value store. This provides flexibility to"
4271
- " include data not officially supported in the standard without having to use additional namespaces or"
4272
- " create extensions. Unlike key-value stores, properties support duplicate names, each potentially"
4273
- " having different values. Property names of interest to the general public are encouraged to be"
4274
- " registered in the [CycloneDX Property"
4275
- " Taxonomy](https://github.com/CycloneDX/cyclonedx-property-taxonomy). Formal registration is optional."
4276
- ),
4277
- title="Properties",
4278
- ),
3392
+ co2CostOffset: Annotated[
3393
+ Optional[Co2Measure],
3394
+ Field(description="The CO2 offset (credit) for the CO2 equivalent cost.", title="CO2 Cost Offset"),
4279
3395
  ] = None
3396
+ properties: Annotated[Optional[List[Property]], Field(title="Properties")] = None
4280
3397
 
4281
3398
 
4282
- class InputType3(CycloneDXBaseModel):
3399
+ class Workspace(CycloneDXBaseModel):
4283
3400
  """
4284
- Type that represents various input data types and formats.
3401
+ A named filesystem or data resource shareable by workflow tasks.
4285
3402
  """
4286
3403
 
4287
3404
  class Config:
4288
3405
  extra = Extra.forbid
4289
3406
 
4290
- source: Annotated[
4291
- Optional[Union[ResourceReferenceChoice1, ResourceReferenceChoice2]],
3407
+ bom_ref: Annotated[
3408
+ str,
3409
+ Field(
3410
+ alias="bom-ref",
3411
+ description=(
3412
+ "An optional identifier which can be used to reference the workspace elsewhere in the BOM. Every"
3413
+ " bom-ref MUST be unique within the BOM.\nValue SHOULD not start with the BOM-Link intro 'urn:cdx:' to"
3414
+ " avoid conflicts with BOM-Links."
3415
+ ),
3416
+ min_length=1,
3417
+ title="BOM Reference",
3418
+ ),
3419
+ ]
3420
+ uid: Annotated[
3421
+ str,
3422
+ Field(
3423
+ description="The unique identifier for the resource instance within its deployment context.",
3424
+ title="Unique Identifier (UID)",
3425
+ ),
3426
+ ]
3427
+ name: Annotated[Optional[str], Field(description="The name of the resource instance.", title="Name")] = None
3428
+ aliases: Annotated[
3429
+ Optional[List[str]],
4292
3430
  Field(
4293
3431
  description=(
4294
- "A reference to the component or service that provided the input to the task (e.g., reference to a"
4295
- " service with data flow value of `inbound`)"
3432
+ "The names for the workspace as referenced by other workflow tasks. Effectively, a name mapping so"
3433
+ " other tasks can use their own local name in their steps."
4296
3434
  ),
4297
- examples=["source code repository", "database"],
4298
- title="Source",
3435
+ title="Aliases",
4299
3436
  ),
4300
3437
  ] = None
4301
- target: Annotated[
4302
- Optional[Union[ResourceReferenceChoice1, ResourceReferenceChoice2]],
3438
+ description: Annotated[
3439
+ Optional[str], Field(description="A description of the resource instance.", title="Description")
3440
+ ] = None
3441
+ resourceReferences: Annotated[
3442
+ Optional[List[ResourceReferenceChoice]],
3443
+ Field(
3444
+ description="References to component or service resources that are used to realize the resource instance.",
3445
+ title="Resource references",
3446
+ ),
3447
+ ] = None
3448
+ accessMode: Annotated[
3449
+ Optional[AccessMode],
4303
3450
  Field(
4304
3451
  description=(
4305
- "A reference to the component or service that received or stored the input if not the task itself"
4306
- " (e.g., a local, named storage workspace)"
3452
+ "Describes the read-write access control for the workspace relative to the owning resource instance."
4307
3453
  ),
4308
- examples=["workspace", "directory"],
4309
- title="Target",
3454
+ title="Access mode",
4310
3455
  ),
4311
3456
  ] = None
4312
- resource: Annotated[
4313
- Optional[Union[ResourceReferenceChoice1, ResourceReferenceChoice2]],
3457
+ mountPath: Annotated[
3458
+ Optional[str],
4314
3459
  Field(
4315
3460
  description=(
4316
- "A reference to an independent resource provided as an input to a task by the workflow runtime."
3461
+ "A path to a location on disk where the workspace will be available to the associated task's steps."
4317
3462
  ),
4318
- examples=[
4319
- "a reference to a configuration file in a repository (i.e., a bom-ref)",
4320
- "a reference to a scanning service used in a task (i.e., a bom-ref)",
4321
- ],
4322
- title="Resource",
3463
+ title="Mount path",
4323
3464
  ),
4324
3465
  ] = None
4325
- parameters: Annotated[
4326
- Optional[List[Parameter]],
3466
+ managedDataType: Annotated[
3467
+ Optional[str],
4327
3468
  Field(
4328
- description="Inputs that have the form of parameters with names and values.",
4329
- title="Parameters",
3469
+ description="The name of a domain-specific data type the workspace represents.",
3470
+ examples=["ConfigMap", "Secret"],
3471
+ title="Managed data type",
4330
3472
  ),
4331
3473
  ] = None
4332
- environmentVars: Annotated[
4333
- List[Union[Property, str]],
3474
+ volumeRequest: Annotated[
3475
+ Optional[str],
4334
3476
  Field(
4335
- description="Inputs that have the form of parameters with names and values.",
4336
- title="Environment variables",
3477
+ description="Identifies the reference to the request for a specific volume type and parameters.",
3478
+ examples=["a kubernetes Persistent Volume Claim (PVC) name"],
3479
+ title="Volume request",
4337
3480
  ),
4338
- ]
4339
- data: Annotated[Optional[Attachment], Field(description="Inputs that have the form of data.", title="Data")] = None
4340
- properties: Annotated[
4341
- Optional[List[Property]],
3481
+ ] = None
3482
+ volume: Annotated[
3483
+ Optional[Volume],
4342
3484
  Field(
4343
- description=(
4344
- "Provides the ability to document properties in a name-value store. This provides flexibility to"
4345
- " include data not officially supported in the standard without having to use additional namespaces or"
4346
- " create extensions. Unlike key-value stores, properties support duplicate names, each potentially"
4347
- " having different values. Property names of interest to the general public are encouraged to be"
4348
- " registered in the [CycloneDX Property"
4349
- " Taxonomy](https://github.com/CycloneDX/cyclonedx-property-taxonomy). Formal registration is optional."
4350
- ),
4351
- title="Properties",
3485
+ description="Information about the actual volume instance allocated to the workspace.",
3486
+ examples=["see https://kubernetes.io/docs/concepts/storage/persistent-volumes/"],
3487
+ title="Volume",
4352
3488
  ),
4353
3489
  ] = None
3490
+ properties: Annotated[Optional[List[Property]], Field(title="Properties")] = None
3491
+
3492
+
3493
+ class Event(CycloneDXBaseModel):
3494
+ """
3495
+ Represents something that happened that may trigger a response.
3496
+ """
3497
+
3498
+ class Config:
3499
+ extra = Extra.forbid
3500
+
3501
+ uid: Annotated[
3502
+ Optional[str], Field(description="The unique identifier of the event.", title="Unique Identifier (UID)")
3503
+ ] = None
3504
+ description: Annotated[Optional[str], Field(description="A description of the event.", title="Description")] = None
3505
+ timeReceived: Annotated[
3506
+ Optional[datetime],
3507
+ Field(description="The date and time (timestamp) when the event was received.", title="Time Received"),
3508
+ ] = None
3509
+ data: Annotated[Optional[Attachment], Field(description="Encoding of the raw event data.", title="Data")] = None
3510
+ source: Annotated[
3511
+ Optional[ResourceReferenceChoice],
3512
+ Field(description="References the component or service that was the source of the event", title="Source"),
3513
+ ] = None
3514
+ target: Annotated[
3515
+ Optional[ResourceReferenceChoice],
3516
+ Field(description="References the component or service that was the target of the event", title="Target"),
3517
+ ] = None
3518
+ properties: Annotated[Optional[List[Property]], Field(title="Properties")] = None
4354
3519
 
4355
3520
 
4356
- class InputType4(CycloneDXBaseModel):
3521
+ class InputType(CycloneDXBaseModel):
4357
3522
  """
4358
3523
  Type that represents various input data types and formats.
4359
3524
  """
@@ -4362,7 +3527,7 @@ class InputType4(CycloneDXBaseModel):
4362
3527
  extra = Extra.forbid
4363
3528
 
4364
3529
  source: Annotated[
4365
- Optional[Union[ResourceReferenceChoice1, ResourceReferenceChoice2]],
3530
+ Optional[ResourceReferenceChoice],
4366
3531
  Field(
4367
3532
  description=(
4368
3533
  "A reference to the component or service that provided the input to the task (e.g., reference to a"
@@ -4373,7 +3538,7 @@ class InputType4(CycloneDXBaseModel):
4373
3538
  ),
4374
3539
  ] = None
4375
3540
  target: Annotated[
4376
- Optional[Union[ResourceReferenceChoice1, ResourceReferenceChoice2]],
3541
+ Optional[ResourceReferenceChoice],
4377
3542
  Field(
4378
3543
  description=(
4379
3544
  "A reference to the component or service that received or stored the input if not the task itself"
@@ -4384,7 +3549,7 @@ class InputType4(CycloneDXBaseModel):
4384
3549
  ),
4385
3550
  ] = None
4386
3551
  resource: Annotated[
4387
- Optional[Union[ResourceReferenceChoice1, ResourceReferenceChoice2]],
3552
+ Optional[ResourceReferenceChoice],
4388
3553
  Field(
4389
3554
  description=(
4390
3555
  "A reference to an independent resource provided as an input to a task by the workflow runtime."
@@ -4410,92 +3575,24 @@ class InputType4(CycloneDXBaseModel):
4410
3575
  title="Environment variables",
4411
3576
  ),
4412
3577
  ] = None
4413
- data: Annotated[Attachment, Field(description="Inputs that have the form of data.", title="Data")]
4414
- properties: Annotated[
4415
- Optional[List[Property]],
4416
- Field(
4417
- description=(
4418
- "Provides the ability to document properties in a name-value store. This provides flexibility to"
4419
- " include data not officially supported in the standard without having to use additional namespaces or"
4420
- " create extensions. Unlike key-value stores, properties support duplicate names, each potentially"
4421
- " having different values. Property names of interest to the general public are encouraged to be"
4422
- " registered in the [CycloneDX Property"
4423
- " Taxonomy](https://github.com/CycloneDX/cyclonedx-property-taxonomy). Formal registration is optional."
4424
- ),
4425
- title="Properties",
4426
- ),
4427
- ] = None
4428
-
4429
-
4430
- class OutputType1(CycloneDXBaseModel):
4431
- class Config:
4432
- extra = Extra.forbid
4433
-
4434
- type: Annotated[Optional[Type7], Field(description="Describes the type of data output.", title="Type")] = None
4435
- source: Annotated[
4436
- Optional[Union[ResourceReferenceChoice1, ResourceReferenceChoice2]],
4437
- Field(
4438
- description="Component or service that generated or provided the output from the task (e.g., a build tool)",
4439
- title="Source",
4440
- ),
4441
- ] = None
4442
- target: Annotated[
4443
- Optional[Union[ResourceReferenceChoice1, ResourceReferenceChoice2]],
4444
- Field(
4445
- description=(
4446
- "Component or service that received the output from the task (e.g., reference to an artifactory service"
4447
- " with data flow value of `outbound`)"
4448
- ),
4449
- examples=["a log file described as an `externalReference` within its target domain."],
4450
- title="Target",
4451
- ),
4452
- ] = None
4453
- resource: Annotated[
4454
- Union[ResourceReferenceChoice1, ResourceReferenceChoice2],
4455
- Field(
4456
- description="A reference to an independent resource generated as output by the task.",
4457
- examples=["configuration file", "source code", "scanning service"],
4458
- title="Resource",
4459
- ),
4460
- ]
4461
- data: Annotated[Optional[Attachment], Field(description="Outputs that have the form of data.", title="Data")] = None
4462
- environmentVars: Annotated[
4463
- Optional[List[Union[Property, str]]],
4464
- Field(
4465
- description="Outputs that have the form of environment variables.",
4466
- title="Environment variables",
4467
- ),
4468
- ] = None
4469
- properties: Annotated[
4470
- Optional[List[Property]],
4471
- Field(
4472
- description=(
4473
- "Provides the ability to document properties in a name-value store. This provides flexibility to"
4474
- " include data not officially supported in the standard without having to use additional namespaces or"
4475
- " create extensions. Unlike key-value stores, properties support duplicate names, each potentially"
4476
- " having different values. Property names of interest to the general public are encouraged to be"
4477
- " registered in the [CycloneDX Property"
4478
- " Taxonomy](https://github.com/CycloneDX/cyclonedx-property-taxonomy). Formal registration is optional."
4479
- ),
4480
- title="Properties",
4481
- ),
4482
- ] = None
3578
+ data: Annotated[Optional[Attachment], Field(description="Inputs that have the form of data.", title="Data")] = None
3579
+ properties: Annotated[Optional[List[Property]], Field(title="Properties")] = None
4483
3580
 
4484
3581
 
4485
- class OutputType2(CycloneDXBaseModel):
3582
+ class OutputType(CycloneDXBaseModel):
4486
3583
  class Config:
4487
3584
  extra = Extra.forbid
4488
3585
 
4489
3586
  type: Annotated[Optional[Type7], Field(description="Describes the type of data output.", title="Type")] = None
4490
3587
  source: Annotated[
4491
- Optional[Union[ResourceReferenceChoice1, ResourceReferenceChoice2]],
3588
+ Optional[ResourceReferenceChoice],
4492
3589
  Field(
4493
3590
  description="Component or service that generated or provided the output from the task (e.g., a build tool)",
4494
3591
  title="Source",
4495
3592
  ),
4496
3593
  ] = None
4497
3594
  target: Annotated[
4498
- Optional[Union[ResourceReferenceChoice1, ResourceReferenceChoice2]],
3595
+ Optional[ResourceReferenceChoice],
4499
3596
  Field(
4500
3597
  description=(
4501
3598
  "Component or service that received the output from the task (e.g., reference to an artifactory service"
@@ -4506,7 +3603,7 @@ class OutputType2(CycloneDXBaseModel):
4506
3603
  ),
4507
3604
  ] = None
4508
3605
  resource: Annotated[
4509
- Optional[Union[ResourceReferenceChoice1, ResourceReferenceChoice2]],
3606
+ Optional[ResourceReferenceChoice],
4510
3607
  Field(
4511
3608
  description="A reference to an independent resource generated as output by the task.",
4512
3609
  examples=["configuration file", "source code", "scanning service"],
@@ -4514,61 +3611,6 @@ class OutputType2(CycloneDXBaseModel):
4514
3611
  ),
4515
3612
  ] = None
4516
3613
  data: Annotated[Optional[Attachment], Field(description="Outputs that have the form of data.", title="Data")] = None
4517
- environmentVars: Annotated[
4518
- List[Union[Property, str]],
4519
- Field(
4520
- description="Outputs that have the form of environment variables.",
4521
- title="Environment variables",
4522
- ),
4523
- ]
4524
- properties: Annotated[
4525
- Optional[List[Property]],
4526
- Field(
4527
- description=(
4528
- "Provides the ability to document properties in a name-value store. This provides flexibility to"
4529
- " include data not officially supported in the standard without having to use additional namespaces or"
4530
- " create extensions. Unlike key-value stores, properties support duplicate names, each potentially"
4531
- " having different values. Property names of interest to the general public are encouraged to be"
4532
- " registered in the [CycloneDX Property"
4533
- " Taxonomy](https://github.com/CycloneDX/cyclonedx-property-taxonomy). Formal registration is optional."
4534
- ),
4535
- title="Properties",
4536
- ),
4537
- ] = None
4538
-
4539
-
4540
- class OutputType3(CycloneDXBaseModel):
4541
- class Config:
4542
- extra = Extra.forbid
4543
-
4544
- type: Annotated[Optional[Type7], Field(description="Describes the type of data output.", title="Type")] = None
4545
- source: Annotated[
4546
- Optional[Union[ResourceReferenceChoice1, ResourceReferenceChoice2]],
4547
- Field(
4548
- description="Component or service that generated or provided the output from the task (e.g., a build tool)",
4549
- title="Source",
4550
- ),
4551
- ] = None
4552
- target: Annotated[
4553
- Optional[Union[ResourceReferenceChoice1, ResourceReferenceChoice2]],
4554
- Field(
4555
- description=(
4556
- "Component or service that received the output from the task (e.g., reference to an artifactory service"
4557
- " with data flow value of `outbound`)"
4558
- ),
4559
- examples=["a log file described as an `externalReference` within its target domain."],
4560
- title="Target",
4561
- ),
4562
- ] = None
4563
- resource: Annotated[
4564
- Optional[Union[ResourceReferenceChoice1, ResourceReferenceChoice2]],
4565
- Field(
4566
- description="A reference to an independent resource generated as output by the task.",
4567
- examples=["configuration file", "source code", "scanning service"],
4568
- title="Resource",
4569
- ),
4570
- ] = None
4571
- data: Annotated[Attachment, Field(description="Outputs that have the form of data.", title="Data")]
4572
3614
  environmentVars: Annotated[
4573
3615
  Optional[List[Union[Property, str]]],
4574
3616
  Field(
@@ -4576,20 +3618,7 @@ class OutputType3(CycloneDXBaseModel):
4576
3618
  title="Environment variables",
4577
3619
  ),
4578
3620
  ] = None
4579
- properties: Annotated[
4580
- Optional[List[Property]],
4581
- Field(
4582
- description=(
4583
- "Provides the ability to document properties in a name-value store. This provides flexibility to"
4584
- " include data not officially supported in the standard without having to use additional namespaces or"
4585
- " create extensions. Unlike key-value stores, properties support duplicate names, each potentially"
4586
- " having different values. Property names of interest to the general public are encouraged to be"
4587
- " registered in the [CycloneDX Property"
4588
- " Taxonomy](https://github.com/CycloneDX/cyclonedx-property-taxonomy). Formal registration is optional."
4589
- ),
4590
- title="Properties",
4591
- ),
4592
- ] = None
3621
+ properties: Annotated[Optional[List[Property]], Field(title="Properties")] = None
4593
3622
 
4594
3623
 
4595
3624
  class Signature1(CycloneDXBaseModel):
@@ -4701,7 +3730,7 @@ class ComponentData(CycloneDXBaseModel):
4701
3730
  alias="bom-ref",
4702
3731
  description=(
4703
3732
  "An optional identifier which can be used to reference the dataset elsewhere in the BOM. Every bom-ref"
4704
- " must be unique within the BOM.\nValue SHOULD not start with the BOM-Link intro 'urn:cdx:' to avoid"
3733
+ " MUST be unique within the BOM.\nValue SHOULD not start with the BOM-Link intro 'urn:cdx:' to avoid"
4705
3734
  " conflicts with BOM-Links."
4706
3735
  ),
4707
3736
  min_length=1,
@@ -4764,20 +3793,7 @@ class EnvironmentalConsiderations(CycloneDXBaseModel):
4764
3793
  title="Energy Consumptions",
4765
3794
  ),
4766
3795
  ] = None
4767
- properties: Annotated[
4768
- Optional[List[Property]],
4769
- Field(
4770
- description=(
4771
- "Provides the ability to document properties in a name-value store. This provides flexibility to"
4772
- " include data not officially supported in the standard without having to use additional namespaces or"
4773
- " create extensions. Unlike key-value stores, properties support duplicate names, each potentially"
4774
- " having different values. Property names of interest to the general public are encouraged to be"
4775
- " registered in the [CycloneDX Property"
4776
- " Taxonomy](https://github.com/CycloneDX/cyclonedx-property-taxonomy). Formal registration is optional."
4777
- ),
4778
- title="Properties",
4779
- ),
4780
- ] = None
3796
+ properties: Annotated[Optional[List[Property]], Field(title="Properties")] = None
4781
3797
 
4782
3798
 
4783
3799
  class Trigger(CycloneDXBaseModel):
@@ -4794,7 +3810,7 @@ class Trigger(CycloneDXBaseModel):
4794
3810
  alias="bom-ref",
4795
3811
  description=(
4796
3812
  "An optional identifier which can be used to reference the trigger elsewhere in the BOM. Every bom-ref"
4797
- " must be unique within the BOM.\nValue SHOULD not start with the BOM-Link intro 'urn:cdx:' to avoid"
3813
+ " MUST be unique within the BOM.\nValue SHOULD not start with the BOM-Link intro 'urn:cdx:' to avoid"
4798
3814
  " conflicts with BOM-Links."
4799
3815
  ),
4800
3816
  min_length=1,
@@ -4813,7 +3829,7 @@ class Trigger(CycloneDXBaseModel):
4813
3829
  Optional[str], Field(description="A description of the resource instance.", title="Description")
4814
3830
  ] = None
4815
3831
  resourceReferences: Annotated[
4816
- Optional[List[Union[ResourceReferenceChoice1, ResourceReferenceChoice2]]],
3832
+ Optional[List[ResourceReferenceChoice]],
4817
3833
  Field(
4818
3834
  description="References to component or service resources that are used to realize the resource instance.",
4819
3835
  title="Resource references",
@@ -4829,7 +3845,6 @@ class Trigger(CycloneDXBaseModel):
4829
3845
  conditions: Annotated[
4830
3846
  Optional[List[Condition]],
4831
3847
  Field(
4832
- description="A list of conditions used to determine if a trigger should be activated.",
4833
3848
  title="Conditions",
4834
3849
  ),
4835
3850
  ] = None
@@ -4838,7 +3853,7 @@ class Trigger(CycloneDXBaseModel):
4838
3853
  Field(description="The date and time (timestamp) when the trigger was activated.", title="Time activated"),
4839
3854
  ] = None
4840
3855
  inputs: Annotated[
4841
- Optional[List[Union[InputType1, InputType2, InputType3, InputType4]]],
3856
+ Optional[List[InputType]],
4842
3857
  Field(
4843
3858
  description="Represents resources and data brought into a task at runtime by executor or task commands",
4844
3859
  examples=["a `configuration` file which was declared as a local `component` or `externalReference`"],
@@ -4846,27 +3861,14 @@ class Trigger(CycloneDXBaseModel):
4846
3861
  ),
4847
3862
  ] = None
4848
3863
  outputs: Annotated[
4849
- Optional[List[Union[OutputType1, OutputType2, OutputType3]]],
3864
+ Optional[List[OutputType]],
4850
3865
  Field(
4851
3866
  description="Represents resources and data output from a task at runtime by executor or task commands",
4852
- examples=["a log file or metrics data produced by the task"],
4853
- title="Outputs",
4854
- ),
4855
- ] = None
4856
- properties: Annotated[
4857
- Optional[List[Property]],
4858
- Field(
4859
- description=(
4860
- "Provides the ability to document properties in a name-value store. This provides flexibility to"
4861
- " include data not officially supported in the standard without having to use additional namespaces or"
4862
- " create extensions. Unlike key-value stores, properties support duplicate names, each potentially"
4863
- " having different values. Property names of interest to the general public are encouraged to be"
4864
- " registered in the [CycloneDX Property"
4865
- " Taxonomy](https://github.com/CycloneDX/cyclonedx-property-taxonomy). Formal registration is optional."
4866
- ),
4867
- title="Properties",
3867
+ examples=["a log file or metrics data produced by the task"],
3868
+ title="Outputs",
4868
3869
  ),
4869
3870
  ] = None
3871
+ properties: Annotated[Optional[List[Property]], Field(title="Properties")] = None
4870
3872
 
4871
3873
 
4872
3874
  class Attestation(CycloneDXBaseModel):
@@ -4912,7 +3914,7 @@ class Claim(CycloneDXBaseModel):
4912
3914
  alias="bom-ref",
4913
3915
  description=(
4914
3916
  "An optional identifier which can be used to reference the object elsewhere in the BOM. Every bom-ref"
4915
- " must be unique within the BOM."
3917
+ " MUST be unique within the BOM."
4916
3918
  ),
4917
3919
  min_length=1,
4918
3920
  title="BOM Reference",
@@ -4933,13 +3935,12 @@ class Claim(CycloneDXBaseModel):
4933
3935
  Optional[str], Field(description="The specific statement or assertion about the target.", title="Predicate")
4934
3936
  ] = None
4935
3937
  mitigationStrategies: Annotated[
4936
- Optional[List[str]],
3938
+ Optional[List[RefLinkType]],
4937
3939
  Field(
4938
3940
  description=(
4939
3941
  "The list of `bom-ref` to the evidence provided describing the mitigation strategies. Each mitigation"
4940
3942
  " strategy should include an explanation of how any weaknesses in the evidence will be mitigated."
4941
3943
  ),
4942
- min_length=1,
4943
3944
  title="Mitigation Strategies",
4944
3945
  ),
4945
3946
  ] = None
@@ -4951,17 +3952,13 @@ class Claim(CycloneDXBaseModel):
4951
3952
  ),
4952
3953
  ] = None
4953
3954
  evidence: Annotated[
4954
- Optional[List[str]],
4955
- Field(
4956
- description="The list of `bom-ref` to evidence that supports this claim.", min_length=1, title="Evidence"
4957
- ),
3955
+ Optional[List[RefLinkType]],
3956
+ Field(description="The list of `bom-ref` to evidence that supports this claim.", title="Evidence"),
4958
3957
  ] = None
4959
3958
  counterEvidence: Annotated[
4960
- Optional[List[str]],
3959
+ Optional[List[RefLinkType]],
4961
3960
  Field(
4962
- description="The list of `bom-ref` to counterEvidence that supports this claim.",
4963
- min_length=1,
4964
- title="Counter Evidence",
3961
+ description="The list of `bom-ref` to counterEvidence that supports this claim.", title="Counter Evidence"
4965
3962
  ),
4966
3963
  ] = None
4967
3964
  externalReferences: Annotated[
@@ -4997,7 +3994,7 @@ class Evidence(CycloneDXBaseModel):
4997
3994
  alias="bom-ref",
4998
3995
  description=(
4999
3996
  "An optional identifier which can be used to reference the object elsewhere in the BOM. Every bom-ref"
5000
- " must be unique within the BOM."
3997
+ " MUST be unique within the BOM."
5001
3998
  ),
5002
3999
  min_length=1,
5003
4000
  title="BOM Reference",
@@ -5050,79 +4047,7 @@ class Evidence(CycloneDXBaseModel):
5050
4047
  ] = None
5051
4048
 
5052
4049
 
5053
- class Signatories(CycloneDXBaseModel):
5054
- class Config:
5055
- extra = Extra.forbid
5056
-
5057
- name: Annotated[Optional[str], Field(description="The signatory's name.", title="Name")] = None
5058
- role: Annotated[
5059
- Optional[str], Field(description="The signatory's role within an organization.", title="Role")
5060
- ] = None
5061
- signature: Annotated[
5062
- Union[Signature1, Signature2, Signer],
5063
- Field(
5064
- description=(
5065
- "Enveloped signature in [JSON Signature Format"
5066
- " (JSF)](https://cyberphone.github.io/doc/security/jsf.html)."
5067
- ),
5068
- title="Signature",
5069
- ),
5070
- ]
5071
- organization: Annotated[
5072
- Optional[OrganizationalEntity], Field(description="The signatory's organization.", title="Organization")
5073
- ] = None
5074
- externalReference: Annotated[
5075
- Optional[ExternalReference],
5076
- Field(
5077
- description=(
5078
- "External references provide a way to document systems, sites, and information that may be relevant but"
5079
- " are not included with the BOM. They may also establish specific relationships within or external to"
5080
- " the BOM."
5081
- ),
5082
- title="External Reference",
5083
- ),
5084
- ] = None
5085
-
5086
-
5087
- class Signatories1(CycloneDXBaseModel):
5088
- class Config:
5089
- extra = Extra.forbid
5090
-
5091
- name: Annotated[Optional[str], Field(description="The signatory's name.", title="Name")] = None
5092
- role: Annotated[
5093
- Optional[str], Field(description="The signatory's role within an organization.", title="Role")
5094
- ] = None
5095
- signature: Annotated[
5096
- Optional[Union[Signature1, Signature2, Signer]],
5097
- Field(
5098
- description=(
5099
- "Enveloped signature in [JSON Signature Format"
5100
- " (JSF)](https://cyberphone.github.io/doc/security/jsf.html)."
5101
- ),
5102
- title="Signature",
5103
- ),
5104
- ] = None
5105
- organization: Annotated[
5106
- OrganizationalEntity, Field(description="The signatory's organization.", title="Organization")
5107
- ]
5108
- externalReference: Annotated[
5109
- ExternalReference,
5110
- Field(
5111
- description=(
5112
- "External references provide a way to document systems, sites, and information that may be relevant but"
5113
- " are not included with the BOM. They may also establish specific relationships within or external to"
5114
- " the BOM."
5115
- ),
5116
- title="External Reference",
5117
- ),
5118
- ]
5119
-
5120
-
5121
4050
  class Affirmation(CycloneDXBaseModel):
5122
- """
5123
- A concise statement affirmed by an individual regarding all declarations, often used for third-party auditor acceptance or recipient acknowledgment. It includes a list of authorized signatories who assert the validity of the document on behalf of the organization.
5124
- """
5125
-
5126
4051
  class Config:
5127
4052
  extra = Extra.forbid
5128
4053
 
@@ -5138,7 +4063,7 @@ class Affirmation(CycloneDXBaseModel):
5138
4063
  ),
5139
4064
  ] = None
5140
4065
  signatories: Annotated[
5141
- Optional[List[Union[Signatories, Signatories1]]],
4066
+ Optional[List],
5142
4067
  Field(
5143
4068
  description=(
5144
4069
  "The list of signatories authorized on behalf of an organization to assert validity of this document."
@@ -5168,7 +4093,7 @@ class Service(CycloneDXBaseModel):
5168
4093
  alias="bom-ref",
5169
4094
  description=(
5170
4095
  "An optional identifier which can be used to reference the service elsewhere in the BOM. Every bom-ref"
5171
- " must be unique within the BOM.\nValue SHOULD not start with the BOM-Link intro 'urn:cdx:' to avoid"
4096
+ " MUST be unique within the BOM.\nValue SHOULD not start with the BOM-Link intro 'urn:cdx:' to avoid"
5172
4097
  " conflicts with BOM-Links."
5173
4098
  ),
5174
4099
  min_length=1,
@@ -5261,7 +4186,7 @@ class Service(CycloneDXBaseModel):
5261
4186
  description=(
5262
4187
  "EITHER (list of SPDX licenses and/or named licenses) OR (tuple of one SPDX License Expression)"
5263
4188
  ),
5264
- title="Service License(s)",
4189
+ title="Component License(s)",
5265
4190
  ),
5266
4191
  ] = None
5267
4192
  externalReferences: Annotated[
@@ -5297,7 +4222,7 @@ class Service(CycloneDXBaseModel):
5297
4222
  " create extensions. Unlike key-value stores, properties support duplicate names, each potentially"
5298
4223
  " having different values. Property names of interest to the general public are encouraged to be"
5299
4224
  " registered in the [CycloneDX Property"
5300
- " Taxonomy](https://github.com/CycloneDX/cyclonedx-property-taxonomy). Formal registration is optional."
4225
+ " Taxonomy](https://github.com/CycloneDX/cyclonedx-property-taxonomy). Formal registration is OPTIONAL."
5301
4226
  ),
5302
4227
  title="Properties",
5303
4228
  ),
@@ -5335,7 +4260,7 @@ class Compositions(CycloneDXBaseModel):
5335
4260
  alias="bom-ref",
5336
4261
  description=(
5337
4262
  "An optional identifier which can be used to reference the composition elsewhere in the BOM. Every"
5338
- " bom-ref must be unique within the BOM.\nValue SHOULD not start with the BOM-Link intro 'urn:cdx:' to"
4263
+ " bom-ref MUST be unique within the BOM.\nValue SHOULD not start with the BOM-Link intro 'urn:cdx:' to"
5339
4264
  " avoid conflicts with BOM-Links."
5340
4265
  ),
5341
4266
  min_length=1,
@@ -5390,6 +4315,53 @@ class Compositions(CycloneDXBaseModel):
5390
4315
  ] = None
5391
4316
 
5392
4317
 
4318
+ class Annotations(CycloneDXBaseModel):
4319
+ """
4320
+ A comment, note, explanation, or similar textual content which provides additional context to the object(s) being annotated.
4321
+ """
4322
+
4323
+ class Config:
4324
+ extra = Extra.forbid
4325
+
4326
+ bom_ref: Annotated[
4327
+ Optional[str],
4328
+ Field(
4329
+ alias="bom-ref",
4330
+ description=(
4331
+ "An optional identifier which can be used to reference the annotation elsewhere in the BOM. Every"
4332
+ " bom-ref MUST be unique within the BOM.\nValue SHOULD not start with the BOM-Link intro 'urn:cdx:' to"
4333
+ " avoid conflicts with BOM-Links."
4334
+ ),
4335
+ min_length=1,
4336
+ title="BOM Reference",
4337
+ ),
4338
+ ] = None
4339
+ subjects: Annotated[
4340
+ List[Union[RefLinkType, BomLinkElementType]],
4341
+ Field(
4342
+ description=(
4343
+ "The object in the BOM identified by its bom-ref. This is often a component or service, but may be any"
4344
+ " object type supporting bom-refs."
4345
+ ),
4346
+ title="Subjects",
4347
+ ),
4348
+ ]
4349
+ timestamp: Annotated[
4350
+ datetime, Field(description="The date and time (timestamp) when the annotation was created.", title="Timestamp")
4351
+ ]
4352
+ text: Annotated[str, Field(description="The textual content of the annotation.", title="Text")]
4353
+ signature: Annotated[
4354
+ Optional[Union[Signature1, Signature2, Signer]],
4355
+ Field(
4356
+ description=(
4357
+ "Enveloped signature in [JSON Signature Format"
4358
+ " (JSF)](https://cyberphone.github.io/doc/security/jsf.html)."
4359
+ ),
4360
+ title="Signature",
4361
+ ),
4362
+ ] = None
4363
+
4364
+
5393
4365
  class ModelParameters(CycloneDXBaseModel):
5394
4366
  """
5395
4367
  Hyper-parameters for construction of the model.
@@ -5430,7 +4402,7 @@ class ModelParameters(CycloneDXBaseModel):
5430
4402
  ),
5431
4403
  ] = None
5432
4404
  datasets: Annotated[
5433
- Optional[List[Union[ComponentData, Datasets]]],
4405
+ Optional[List[Union[ComponentData, Dataset]]],
5434
4406
  Field(description="The datasets used to train and evaluate the model.", title="Datasets"),
5435
4407
  ] = None
5436
4408
  inputs: Annotated[
@@ -5504,7 +4476,7 @@ class Considerations(CycloneDXBaseModel):
5504
4476
 
5505
4477
  class ModelCard(CycloneDXBaseModel):
5506
4478
  """
5507
- A model card describes the intended uses of a machine learning model and potential limitations, including biases and ethical considerations. Model cards typically contain the training parameters, which datasets were used to train the model, performance metrics, and other relevant data useful for ML transparency. This object SHOULD be specified for any component of type `machine-learning-model` and must not be specified for other component types.
4479
+ A model card describes the intended uses of a machine learning model and potential limitations, including biases and ethical considerations. Model cards typically contain the training parameters, which datasets were used to train the model, performance metrics, and other relevant data useful for ML transparency. This object SHOULD be specified for any component of type `machine-learning-model` and MUST NOT be specified for other component types.
5508
4480
  """
5509
4481
 
5510
4482
  class Config:
@@ -5516,7 +4488,7 @@ class ModelCard(CycloneDXBaseModel):
5516
4488
  alias="bom-ref",
5517
4489
  description=(
5518
4490
  "An optional identifier which can be used to reference the model card elsewhere in the BOM. Every"
5519
- " bom-ref must be unique within the BOM.\nValue SHOULD not start with the BOM-Link intro 'urn:cdx:' to"
4491
+ " bom-ref MUST be unique within the BOM.\nValue SHOULD not start with the BOM-Link intro 'urn:cdx:' to"
5520
4492
  " avoid conflicts with BOM-Links."
5521
4493
  ),
5522
4494
  min_length=1,
@@ -5550,7 +4522,7 @@ class ModelCard(CycloneDXBaseModel):
5550
4522
  " create extensions. Unlike key-value stores, properties support duplicate names, each potentially"
5551
4523
  " having different values. Property names of interest to the general public are encouraged to be"
5552
4524
  " registered in the [CycloneDX Property"
5553
- " Taxonomy](https://github.com/CycloneDX/cyclonedx-property-taxonomy). Formal registration is optional."
4525
+ " Taxonomy](https://github.com/CycloneDX/cyclonedx-property-taxonomy). Formal registration is OPTIONAL."
5554
4526
  ),
5555
4527
  title="Properties",
5556
4528
  ),
@@ -5571,7 +4543,7 @@ class Task(CycloneDXBaseModel):
5571
4543
  alias="bom-ref",
5572
4544
  description=(
5573
4545
  "An optional identifier which can be used to reference the task elsewhere in the BOM. Every bom-ref"
5574
- " must be unique within the BOM.\nValue SHOULD not start with the BOM-Link intro 'urn:cdx:' to avoid"
4546
+ " MUST be unique within the BOM.\nValue SHOULD not start with the BOM-Link intro 'urn:cdx:' to avoid"
5575
4547
  " conflicts with BOM-Links."
5576
4548
  ),
5577
4549
  min_length=1,
@@ -5590,7 +4562,7 @@ class Task(CycloneDXBaseModel):
5590
4562
  Optional[str], Field(description="A description of the resource instance.", title="Description")
5591
4563
  ] = None
5592
4564
  resourceReferences: Annotated[
5593
- Optional[List[Union[ResourceReferenceChoice1, ResourceReferenceChoice2]]],
4565
+ Optional[List[ResourceReferenceChoice]],
5594
4566
  Field(
5595
4567
  description="References to component or service resources that are used to realize the resource instance.",
5596
4568
  title="Resource references",
@@ -5613,7 +4585,7 @@ class Task(CycloneDXBaseModel):
5613
4585
  ),
5614
4586
  ] = None
5615
4587
  inputs: Annotated[
5616
- Optional[List[Union[InputType1, InputType2, InputType3, InputType4]]],
4588
+ Optional[List[InputType]],
5617
4589
  Field(
5618
4590
  description="Represents resources and data brought into a task at runtime by executor or task commands",
5619
4591
  examples=["a `configuration` file which was declared as a local `component` or `externalReference`"],
@@ -5621,7 +4593,7 @@ class Task(CycloneDXBaseModel):
5621
4593
  ),
5622
4594
  ] = None
5623
4595
  outputs: Annotated[
5624
- Optional[List[Union[OutputType1, OutputType2, OutputType3]]],
4596
+ Optional[List[OutputType]],
5625
4597
  Field(
5626
4598
  description="Represents resources and data output from a task at runtime by executor or task commands",
5627
4599
  examples=["a log file or metrics data produced by the task"],
@@ -5649,20 +4621,7 @@ class Task(CycloneDXBaseModel):
5649
4621
  title="Runtime topology",
5650
4622
  ),
5651
4623
  ] = None
5652
- properties: Annotated[
5653
- Optional[List[Property]],
5654
- Field(
5655
- description=(
5656
- "Provides the ability to document properties in a name-value store. This provides flexibility to"
5657
- " include data not officially supported in the standard without having to use additional namespaces or"
5658
- " create extensions. Unlike key-value stores, properties support duplicate names, each potentially"
5659
- " having different values. Property names of interest to the general public are encouraged to be"
5660
- " registered in the [CycloneDX Property"
5661
- " Taxonomy](https://github.com/CycloneDX/cyclonedx-property-taxonomy). Formal registration is optional."
5662
- ),
5663
- title="Properties",
5664
- ),
5665
- ] = None
4624
+ properties: Annotated[Optional[List[Property]], Field(title="Properties")] = None
5666
4625
 
5667
4626
 
5668
4627
  class Standard(CycloneDXBaseModel):
@@ -5679,7 +4638,7 @@ class Standard(CycloneDXBaseModel):
5679
4638
  alias="bom-ref",
5680
4639
  description=(
5681
4640
  "An optional identifier which can be used to reference the object elsewhere in the BOM. Every bom-ref"
5682
- " must be unique within the BOM."
4641
+ " MUST be unique within the BOM."
5683
4642
  ),
5684
4643
  min_length=1,
5685
4644
  title="BOM Reference",
@@ -5771,7 +4730,7 @@ class Workflow(CycloneDXBaseModel):
5771
4730
  alias="bom-ref",
5772
4731
  description=(
5773
4732
  "An optional identifier which can be used to reference the workflow elsewhere in the BOM. Every bom-ref"
5774
- " must be unique within the BOM.\nValue SHOULD not start with the BOM-Link intro 'urn:cdx:' to avoid"
4733
+ " MUST be unique within the BOM.\nValue SHOULD not start with the BOM-Link intro 'urn:cdx:' to avoid"
5775
4734
  " conflicts with BOM-Links."
5776
4735
  ),
5777
4736
  min_length=1,
@@ -5790,7 +4749,7 @@ class Workflow(CycloneDXBaseModel):
5790
4749
  Optional[str], Field(description="A description of the resource instance.", title="Description")
5791
4750
  ] = None
5792
4751
  resourceReferences: Annotated[
5793
- Optional[List[Union[ResourceReferenceChoice1, ResourceReferenceChoice2]]],
4752
+ Optional[List[ResourceReferenceChoice]],
5794
4753
  Field(
5795
4754
  description="References to component or service resources that are used to realize the resource instance.",
5796
4755
  title="Resource references",
@@ -5827,7 +4786,7 @@ class Workflow(CycloneDXBaseModel):
5827
4786
  ),
5828
4787
  ] = None
5829
4788
  inputs: Annotated[
5830
- Optional[List[Union[InputType1, InputType2, InputType3, InputType4]]],
4789
+ Optional[List[InputType]],
5831
4790
  Field(
5832
4791
  description="Represents resources and data brought into a task at runtime by executor or task commands",
5833
4792
  examples=["a `configuration` file which was declared as a local `component` or `externalReference`"],
@@ -5835,7 +4794,7 @@ class Workflow(CycloneDXBaseModel):
5835
4794
  ),
5836
4795
  ] = None
5837
4796
  outputs: Annotated[
5838
- Optional[List[Union[OutputType1, OutputType2, OutputType3]]],
4797
+ Optional[List[OutputType]],
5839
4798
  Field(
5840
4799
  description="Represents resources and data output from a task at runtime by executor or task commands",
5841
4800
  examples=["a log file or metrics data produced by the task"],
@@ -5863,20 +4822,7 @@ class Workflow(CycloneDXBaseModel):
5863
4822
  title="Runtime topology",
5864
4823
  ),
5865
4824
  ] = None
5866
- properties: Annotated[
5867
- Optional[List[Property]],
5868
- Field(
5869
- description=(
5870
- "Provides the ability to document properties in a name-value store. This provides flexibility to"
5871
- " include data not officially supported in the standard without having to use additional namespaces or"
5872
- " create extensions. Unlike key-value stores, properties support duplicate names, each potentially"
5873
- " having different values. Property names of interest to the general public are encouraged to be"
5874
- " registered in the [CycloneDX Property"
5875
- " Taxonomy](https://github.com/CycloneDX/cyclonedx-property-taxonomy). Formal registration is optional."
5876
- ),
5877
- title="Properties",
5878
- ),
5879
- ] = None
4825
+ properties: Annotated[Optional[List[Property]], Field(title="Properties")] = None
5880
4826
 
5881
4827
 
5882
4828
  class Targets(CycloneDXBaseModel):
@@ -5931,17 +4877,7 @@ class Declarations(CycloneDXBaseModel):
5931
4877
  targets: Annotated[
5932
4878
  Optional[Targets], Field(description="The list of targets which claims are made against.", title="Targets")
5933
4879
  ] = None
5934
- affirmation: Annotated[
5935
- Optional[Affirmation],
5936
- Field(
5937
- description=(
5938
- "A concise statement affirmed by an individual regarding all declarations, often used for third-party"
5939
- " auditor acceptance or recipient acknowledgment. It includes a list of authorized signatories who"
5940
- " assert the validity of the document on behalf of the organization."
5941
- ),
5942
- title="Affirmation",
5943
- ),
5944
- ] = None
4880
+ affirmation: Annotated[Optional[Affirmation], Field(title="Affirmation")] = None
5945
4881
  signature: Annotated[
5946
4882
  Optional[Union[Signature1, Signature2, Signer]],
5947
4883
  Field(
@@ -5964,7 +4900,7 @@ class CyclonedxBillOfMaterialsStandard(CycloneDXBaseModel):
5964
4900
  Field(
5965
4901
  description=(
5966
4902
  "Specifies the format of the BOM. This helps to identify the file as CycloneDX since BOMs do not have a"
5967
- ' filename convention, nor does JSON schema support namespaces. This value must be "CycloneDX".'
4903
+ ' filename convention, nor does JSON schema support namespaces. This value MUST be "CycloneDX".'
5968
4904
  ),
5969
4905
  title="BOM Format",
5970
4906
  ),
@@ -5973,7 +4909,7 @@ class CyclonedxBillOfMaterialsStandard(CycloneDXBaseModel):
5973
4909
  str,
5974
4910
  Field(
5975
4911
  description="The version of the CycloneDX specification the BOM conforms to.",
5976
- examples=["1.6.1"],
4912
+ examples=["1.6"],
5977
4913
  title="CycloneDX Specification Version",
5978
4914
  ),
5979
4915
  ]
@@ -5982,8 +4918,8 @@ class CyclonedxBillOfMaterialsStandard(CycloneDXBaseModel):
5982
4918
  Field(
5983
4919
  description=(
5984
4920
  "Every BOM generated SHOULD have a unique serial number, even if the contents of the BOM have not"
5985
- " changed over time. If specified, the serial number must conform to [RFC"
5986
- " 4122](https://www.ietf.org/rfc/rfc4122.html). Use of serial numbers is recommended."
4921
+ " changed over time. If specified, the serial number MUST conform to RFC-4122. Use of serial numbers is"
4922
+ " RECOMMENDED."
5987
4923
  ),
5988
4924
  examples=["urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79"],
5989
4925
  regex="^urn:uuid:[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$",
@@ -6109,7 +5045,7 @@ class CyclonedxBillOfMaterialsStandard(CycloneDXBaseModel):
6109
5045
  " create extensions. Unlike key-value stores, properties support duplicate names, each potentially"
6110
5046
  " having different values. Property names of interest to the general public are encouraged to be"
6111
5047
  " registered in the [CycloneDX Property"
6112
- " Taxonomy](https://github.com/CycloneDX/cyclonedx-property-taxonomy). Formal registration is optional."
5048
+ " Taxonomy](https://github.com/CycloneDX/cyclonedx-property-taxonomy). Formal registration is OPTIONAL."
6113
5049
  ),
6114
5050
  title="Properties",
6115
5051
  ),
@@ -6126,7 +5062,7 @@ class CyclonedxBillOfMaterialsStandard(CycloneDXBaseModel):
6126
5062
  ] = None
6127
5063
 
6128
5064
 
6129
- class Tools(CycloneDXBaseModel):
5065
+ class ToolModel(CycloneDXBaseModel):
6130
5066
  """
6131
5067
  The tool(s) used in the creation, enrichment, and validation of the BOM.
6132
5068
  """
@@ -6162,7 +5098,7 @@ class Metadata(CycloneDXBaseModel):
6162
5098
  Field(description="The date and time (timestamp) when the BOM was created.", title="Timestamp"),
6163
5099
  ] = None
6164
5100
  lifecycles: Annotated[
6165
- Optional[List[Union[Lifecycles, Lifecycles1]]],
5101
+ Optional[List[Union[Lifecycle, Lifecycle1]]],
6166
5102
  Field(
6167
5103
  description=(
6168
5104
  "Lifecycles communicate the stage(s) in which data in the BOM was captured. Different types of data may"
@@ -6174,7 +5110,7 @@ class Metadata(CycloneDXBaseModel):
6174
5110
  ),
6175
5111
  ] = None
6176
5112
  tools: Annotated[
6177
- Optional[Union[Tools, List[Tool]]],
5113
+ Optional[Union[ToolModel, List[Tool]]],
6178
5114
  Field(description="The tool(s) used in the creation, enrichment, and validation of the BOM.", title="Tools"),
6179
5115
  ] = None
6180
5116
  manufacturer: Annotated[
@@ -6239,7 +5175,7 @@ class Metadata(CycloneDXBaseModel):
6239
5175
  " create extensions. Unlike key-value stores, properties support duplicate names, each potentially"
6240
5176
  " having different values. Property names of interest to the general public are encouraged to be"
6241
5177
  " registered in the [CycloneDX Property"
6242
- " Taxonomy](https://github.com/CycloneDX/cyclonedx-property-taxonomy). Formal registration is optional."
5178
+ " Taxonomy](https://github.com/CycloneDX/cyclonedx-property-taxonomy). Formal registration is OPTIONAL."
6243
5179
  ),
6244
5180
  title="Properties",
6245
5181
  ),
@@ -6353,7 +5289,7 @@ class Component(CycloneDXBaseModel):
6353
5289
  alias="bom-ref",
6354
5290
  description=(
6355
5291
  "An optional identifier which can be used to reference the component elsewhere in the BOM. Every"
6356
- " bom-ref must be unique within the BOM.\nValue SHOULD not start with the BOM-Link intro 'urn:cdx:' to"
5292
+ " bom-ref MUST be unique within the BOM.\nValue SHOULD not start with the BOM-Link intro 'urn:cdx:' to"
6357
5293
  " avoid conflicts with BOM-Links."
6358
5294
  ),
6359
5295
  min_length=1,
@@ -6496,7 +5432,7 @@ class Component(CycloneDXBaseModel):
6496
5432
  Optional[str],
6497
5433
  Field(
6498
5434
  description=(
6499
- "Asserts the identity of the component using package-url (purl). The purl, if specified, must be valid"
5435
+ "Asserts the identity of the component using package-url (purl). The purl, if specified, MUST be valid"
6500
5436
  " and conform to the specification defined at:"
6501
5437
  " [https://github.com/package-url/purl-spec](https://github.com/package-url/purl-spec). Refer to"
6502
5438
  " `@.evidence.identity` to optionally provide evidence that substantiates the assertion of the"
@@ -6510,7 +5446,7 @@ class Component(CycloneDXBaseModel):
6510
5446
  Optional[List[str]],
6511
5447
  Field(
6512
5448
  description=(
6513
- "Asserts the identity of the component using the OmniBOR Artifact ID. The OmniBOR, if specified, must"
5449
+ "Asserts the identity of the component using the OmniBOR Artifact ID. The OmniBOR, if specified, MUST"
6514
5450
  " be valid and conform to the specification defined at:"
6515
5451
  " [https://www.iana.org/assignments/uri-schemes/prov/gitoid](https://www.iana.org/assignments/uri-schemes/prov/gitoid)."
6516
5452
  " Refer to `@.evidence.identity` to optionally provide evidence that substantiates the assertion of the"
@@ -6528,13 +5464,13 @@ class Component(CycloneDXBaseModel):
6528
5464
  Field(
6529
5465
  description=(
6530
5466
  "Asserts the identity of the component using the Software Heritage persistent identifier (SWHID). The"
6531
- " SWHID, if specified, must be valid and conform to the specification defined at:"
5467
+ " SWHID, if specified, MUST be valid and conform to the specification defined at:"
6532
5468
  " [https://docs.softwareheritage.org/devel/swh-model/persistent-identifiers.html](https://docs.softwareheritage.org/devel/swh-model/persistent-identifiers.html)."
6533
5469
  " Refer to `@.evidence.identity` to optionally provide evidence that substantiates the assertion of the"
6534
5470
  " component's identity."
6535
5471
  ),
6536
5472
  examples=["swh:1:cnt:94a9ed024d3859793618152ea559a168bbcbb5e2"],
6537
- title="Software Heritage Identifier",
5473
+ title="SoftWare Heritage Identifier",
6538
5474
  ),
6539
5475
  ] = None
6540
5476
  swid: Annotated[
@@ -6611,7 +5547,7 @@ class Component(CycloneDXBaseModel):
6611
5547
  Optional[List[ComponentData]],
6612
5548
  Field(
6613
5549
  description=(
6614
- "This object SHOULD be specified for any component of type `data` and must not be specified for other"
5550
+ "This object SHOULD be specified for any component of type `data` and MUST NOT be specified for other"
6615
5551
  " component types."
6616
5552
  ),
6617
5553
  title="Data",
@@ -6627,7 +5563,7 @@ class Component(CycloneDXBaseModel):
6627
5563
  " create extensions. Unlike key-value stores, properties support duplicate names, each potentially"
6628
5564
  " having different values. Property names of interest to the general public are encouraged to be"
6629
5565
  " registered in the [CycloneDX Property"
6630
- " Taxonomy](https://github.com/CycloneDX/cyclonedx-property-taxonomy). Formal registration is optional."
5566
+ " Taxonomy](https://github.com/CycloneDX/cyclonedx-property-taxonomy). Formal registration is OPTIONAL."
6631
5567
  ),
6632
5568
  title="Properties",
6633
5569
  ),
@@ -6655,7 +5591,7 @@ class Component(CycloneDXBaseModel):
6655
5591
  ] = None
6656
5592
 
6657
5593
 
6658
- class Tools1(CycloneDXBaseModel):
5594
+ class Tool1(CycloneDXBaseModel):
6659
5595
  """
6660
5596
  The tool(s) used to identify, confirm, or score the vulnerability.
6661
5597
  """
@@ -6696,7 +5632,7 @@ class Vulnerability(CycloneDXBaseModel):
6696
5632
  alias="bom-ref",
6697
5633
  description=(
6698
5634
  "An optional identifier which can be used to reference the vulnerability elsewhere in the BOM. Every"
6699
- " bom-ref must be unique within the BOM.\nValue SHOULD not start with the BOM-Link intro 'urn:cdx:' to"
5635
+ " bom-ref MUST be unique within the BOM.\nValue SHOULD not start with the BOM-Link intro 'urn:cdx:' to"
6700
5636
  " avoid conflicts with BOM-Links."
6701
5637
  ),
6702
5638
  min_length=1,
@@ -6730,11 +5666,10 @@ class Vulnerability(CycloneDXBaseModel):
6730
5666
  Optional[List[Rating]], Field(description="List of vulnerability ratings", title="Ratings")
6731
5667
  ] = None
6732
5668
  cwes: Annotated[
6733
- Optional[List[int]],
5669
+ Optional[List[Cwe]],
6734
5670
  Field(
6735
5671
  description="List of Common Weaknesses Enumerations (CWEs) codes that describes this vulnerability.",
6736
5672
  examples=[399],
6737
- ge=1,
6738
5673
  title="CWEs",
6739
5674
  ),
6740
5675
  ] = None
@@ -6814,7 +5749,7 @@ class Vulnerability(CycloneDXBaseModel):
6814
5749
  ),
6815
5750
  ] = None
6816
5751
  tools: Annotated[
6817
- Optional[Union[Tools1, List[Tool]]],
5752
+ Optional[Union[Tool1, List[Tool]]],
6818
5753
  Field(description="The tool(s) used to identify, confirm, or score the vulnerability.", title="Tools"),
6819
5754
  ] = None
6820
5755
  analysis: Annotated[
@@ -6839,143 +5774,13 @@ class Vulnerability(CycloneDXBaseModel):
6839
5774
  " create extensions. Unlike key-value stores, properties support duplicate names, each potentially"
6840
5775
  " having different values. Property names of interest to the general public are encouraged to be"
6841
5776
  " registered in the [CycloneDX Property"
6842
- " Taxonomy](https://github.com/CycloneDX/cyclonedx-property-taxonomy). Formal registration is optional."
5777
+ " Taxonomy](https://github.com/CycloneDX/cyclonedx-property-taxonomy). Formal registration is OPTIONAL."
6843
5778
  ),
6844
5779
  title="Properties",
6845
5780
  ),
6846
5781
  ] = None
6847
5782
 
6848
5783
 
6849
- class Annotator(CycloneDXBaseModel):
6850
- """
6851
- The organization, person, component, or service which created the textual content of the annotation.
6852
- """
6853
-
6854
- class Config:
6855
- extra = Extra.forbid
6856
-
6857
- organization: Annotated[OrganizationalEntity, Field(description="The organization that created the annotation")]
6858
- individual: Annotated[
6859
- Optional[OrganizationalContact], Field(description="The person that created the annotation")
6860
- ] = None
6861
- component: Annotated[
6862
- Optional[Component], Field(description="The tool or component that created the annotation")
6863
- ] = None
6864
- service: Annotated[Optional[Service], Field(description="The service that created the annotation")] = None
6865
-
6866
-
6867
- class Annotator1(CycloneDXBaseModel):
6868
- """
6869
- The organization, person, component, or service which created the textual content of the annotation.
6870
- """
6871
-
6872
- class Config:
6873
- extra = Extra.forbid
6874
-
6875
- organization: Annotated[
6876
- Optional[OrganizationalEntity], Field(description="The organization that created the annotation")
6877
- ] = None
6878
- individual: Annotated[OrganizationalContact, Field(description="The person that created the annotation")]
6879
- component: Annotated[
6880
- Optional[Component], Field(description="The tool or component that created the annotation")
6881
- ] = None
6882
- service: Annotated[Optional[Service], Field(description="The service that created the annotation")] = None
6883
-
6884
-
6885
- class Annotator2(CycloneDXBaseModel):
6886
- """
6887
- The organization, person, component, or service which created the textual content of the annotation.
6888
- """
6889
-
6890
- class Config:
6891
- extra = Extra.forbid
6892
-
6893
- organization: Annotated[
6894
- Optional[OrganizationalEntity], Field(description="The organization that created the annotation")
6895
- ] = None
6896
- individual: Annotated[
6897
- Optional[OrganizationalContact], Field(description="The person that created the annotation")
6898
- ] = None
6899
- component: Annotated[Component, Field(description="The tool or component that created the annotation")]
6900
- service: Annotated[Optional[Service], Field(description="The service that created the annotation")] = None
6901
-
6902
-
6903
- class Annotator3(CycloneDXBaseModel):
6904
- """
6905
- The organization, person, component, or service which created the textual content of the annotation.
6906
- """
6907
-
6908
- class Config:
6909
- extra = Extra.forbid
6910
-
6911
- organization: Annotated[
6912
- Optional[OrganizationalEntity], Field(description="The organization that created the annotation")
6913
- ] = None
6914
- individual: Annotated[
6915
- Optional[OrganizationalContact], Field(description="The person that created the annotation")
6916
- ] = None
6917
- component: Annotated[
6918
- Optional[Component], Field(description="The tool or component that created the annotation")
6919
- ] = None
6920
- service: Annotated[Service, Field(description="The service that created the annotation")]
6921
-
6922
-
6923
- class Annotations(CycloneDXBaseModel):
6924
- """
6925
- A comment, note, explanation, or similar textual content which provides additional context to the object(s) being annotated.
6926
- """
6927
-
6928
- class Config:
6929
- extra = Extra.forbid
6930
-
6931
- bom_ref: Annotated[
6932
- Optional[str],
6933
- Field(
6934
- alias="bom-ref",
6935
- description=(
6936
- "An optional identifier which can be used to reference the annotation elsewhere in the BOM. Every"
6937
- " bom-ref must be unique within the BOM.\nValue SHOULD not start with the BOM-Link intro 'urn:cdx:' to"
6938
- " avoid conflicts with BOM-Links."
6939
- ),
6940
- min_length=1,
6941
- title="BOM Reference",
6942
- ),
6943
- ] = None
6944
- subjects: Annotated[
6945
- List[Union[RefLinkType, BomLinkElementType]],
6946
- Field(
6947
- description=(
6948
- "The object in the BOM identified by its bom-ref. This is often a component or service, but may be any"
6949
- " object type supporting bom-refs."
6950
- ),
6951
- title="Subjects",
6952
- ),
6953
- ]
6954
- annotator: Annotated[
6955
- Union[Annotator, Annotator1, Annotator2, Annotator3],
6956
- Field(
6957
- description=(
6958
- "The organization, person, component, or service which created the textual content of the annotation."
6959
- ),
6960
- title="Annotator",
6961
- ),
6962
- ]
6963
- timestamp: Annotated[
6964
- datetime, Field(description="The date and time (timestamp) when the annotation was created.", title="Timestamp")
6965
- ]
6966
- text: Annotated[str, Field(description="The textual content of the annotation.", title="Text")]
6967
- signature: Annotated[
6968
- Optional[Union[Signature1, Signature2, Signer]],
6969
- Field(
6970
- description=(
6971
- "Enveloped signature in [JSON Signature Format"
6972
- " (JSF)](https://cyberphone.github.io/doc/security/jsf.html)."
6973
- ),
6974
- title="Signature",
6975
- ),
6976
- ] = None
6977
-
6978
-
6979
5784
  class Formula(CycloneDXBaseModel):
6980
5785
  """
6981
5786
  Describes workflows and resources that captures rules and other aspects of how the associated BOM component or service was formed.
@@ -6990,7 +5795,7 @@ class Formula(CycloneDXBaseModel):
6990
5795
  alias="bom-ref",
6991
5796
  description=(
6992
5797
  "An optional identifier which can be used to reference the formula elsewhere in the BOM. Every bom-ref"
6993
- " must be unique within the BOM.\nValue SHOULD not start with the BOM-Link intro 'urn:cdx:' to avoid"
5798
+ " MUST be unique within the BOM.\nValue SHOULD not start with the BOM-Link intro 'urn:cdx:' to avoid"
6994
5799
  " conflicts with BOM-Links."
6995
5800
  ),
6996
5801
  min_length=1,
@@ -7025,25 +5830,12 @@ class Formula(CycloneDXBaseModel):
7025
5830
  title="Workflows",
7026
5831
  ),
7027
5832
  ] = None
7028
- properties: Annotated[
7029
- Optional[List[Property]],
7030
- Field(
7031
- description=(
7032
- "Provides the ability to document properties in a name-value store. This provides flexibility to"
7033
- " include data not officially supported in the standard without having to use additional namespaces or"
7034
- " create extensions. Unlike key-value stores, properties support duplicate names, each potentially"
7035
- " having different values. Property names of interest to the general public are encouraged to be"
7036
- " registered in the [CycloneDX Property"
7037
- " Taxonomy](https://github.com/CycloneDX/cyclonedx-property-taxonomy). Formal registration is optional."
7038
- ),
7039
- title="Properties",
7040
- ),
7041
- ] = None
5833
+ properties: Annotated[Optional[List[Property]], Field(title="Properties")] = None
7042
5834
 
7043
5835
 
7044
5836
  Service.update_forward_refs()
7045
5837
  Targets.update_forward_refs()
7046
5838
  CyclonedxBillOfMaterialsStandard.update_forward_refs()
7047
- Tools.update_forward_refs()
5839
+ ToolModel.update_forward_refs()
7048
5840
  Metadata.update_forward_refs()
7049
5841
  Pedigree.update_forward_refs()