diff --git a/examples/application.sbom.json b/examples/application.sbom.json index 9c7b5e406..b44f24c68 100644 --- a/examples/application.sbom.json +++ b/examples/application.sbom.json @@ -29,15 +29,6 @@ ] } ] - }, - "tools": { - "components": [ - { - "type": "application", - "name": "sbom_generator", - "version": "0.1.0" - } - ] } }, "components": [ diff --git a/examples/env-template.sbom.json b/examples/env-template.sbom.json index 4d3e167a4..a22a0feef 100644 --- a/examples/env-template.sbom.json +++ b/examples/env-template.sbom.json @@ -23,15 +23,6 @@ "purl": "pkg:maven/org.qubership.deploy/env-templates@8518ba0e_20241008-044612?registry_id=sandbox" } ] - }, - "tools": { - "components": [ - { - "type": "application", - "name": "sbom_generator", - "version": "0.1.0" - } - ] } }, "components": [ diff --git a/schemas/application.sbom.schema.json b/schemas/application.sbom.schema.json index b846bca99..9ceb21808 100644 --- a/schemas/application.sbom.schema.json +++ b/schemas/application.sbom.schema.json @@ -207,8 +207,7 @@ "description": "Provides additional information about a BOM", "required": [ "timestamp", - "component", - "tools" + "component" ], "additionalProperties": false, "properties": { @@ -363,54 +362,6 @@ "description": "A list of software and hardware components included in the parent component. This is not a dependency tree. It provides a way to specify a hierarchical representation of component assemblies, similar to system → subsystem → parts assembly in physical supply chains" } } - }, - "tools": { - "type": "object", - "title": "Tools", - "description": "The tool(s) used in the creation, enrichment, and validation of the BOM", - "additionalProperties": false, - "properties": { - "components": { - "type": "array", - "title": "Components", - "description": "A list of software and hardware components used as tools", - "items": { - "type": "object", - "title": "Component", - "required": [ - "type", - "name", - "version" - ], - "additionalProperties": false, - "uniqueItems": true, - "properties": { - "type": { - "type": "string", - "enum": [ - "application" - ], - "title": "Component Type", - "description": "Specifies the type of component. For software components, classify as application if no more specific appropriate classification is available or cannot be determined for the component" - }, - "name": { - "type": "string", - "title": "Component Name", - "description": "The name of the component. This will often be a shortened, single name of the component. Examples: commons-lang3 and jquery", - "examples": [ - "tomcat-catalina" - ] - }, - "version": { - "$ref": "#/$defs/version", - "title": "Component Version", - "description": "The component version. The version should ideally comply with semantic versioning but is not enforced" - } - } - }, - "uniqueItems": true - } - } } } }, diff --git a/schemas/env-template.sbom.schema.json b/schemas/env-template.sbom.schema.json index 1e82dda61..dc96438c3 100644 --- a/schemas/env-template.sbom.schema.json +++ b/schemas/env-template.sbom.schema.json @@ -122,8 +122,7 @@ "description": "Provides additional information about a BOM", "required": [ "timestamp", - "component", - "tools" + "component" ], "additionalProperties": false, "properties": { @@ -252,55 +251,6 @@ "description": "A list of software and hardware components included in the parent component. This is not a dependency tree. It provides a way to specify a hierarchical representation of component assemblies, similar to system → subsystem → parts assembly in physical supply chains" } } - }, - "tools": { - "type": "object", - "title": "Tools", - "description": "The tool(s) used in the creation, enrichment, and validation of the BOM.", - "additionalProperties": false, - "properties": { - "components": { - "type": "array", - "title": "Components", - "description": "A list of software and hardware components used as tools.", - "items": { - "type": "object", - "title": "Component", - "required": [ - "type", - "name", - "version" - ], - "additionalProperties": false, - "uniqueItems": true, - "properties": { - "type": { - "type": "string", - "enum": [ - "application" - ], - "title": "Component Type", - "description": "Specifies the type of component. For software components, classify as application if no more specific appropriate classification is available or cannot be determined for the component" - }, - "name": { - "type": "string", - "title": "Component Name", - "description": "The name of the component. This will often be a shortened, single name of the component. Examples: commons-lang3 and jquery", - "examples": [ - "tomcat-catalina" - ] - }, - "version": { - "$ref": "#/definitions/version", - "title": "Component Version", - "description": "The component version. The version should ideally comply with semantic versioning but is not enforced" - } - } - }, - "uniqueItems": true - - } - } } } },