Skip to content

refactor: drop tools.components from SBOM schemas and examples #1378

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
popoveugene wants to merge 1 commit into
base: main
Choose a base branch
from
Open

refactor: drop tools.components from SBOM schemas and examples #1378

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
9 changes: 0 additions & 9 deletions examples/application.sbom.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -29,15 +29,6 @@
]
}
]
},
"tools": {
"components": [
{
"type": "application",
"name": "sbom_generator",
"version": "0.1.0"
}
]
}
},
"components": [
Expand Down
9 changes: 0 additions & 9 deletions examples/env-template.sbom.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -23,15 +23,6 @@
"purl": "pkg:maven/org.qubership.deploy/env-templates@8518ba0e_20241008-044612?registry_id=sandbox"
}
]
},
"tools": {
"components": [
{
"type": "application",
"name": "sbom_generator",
"version": "0.1.0"
}
]
}
},
"components": [
Expand Down
51 changes: 1 addition & 50 deletions schemas/application.sbom.schema.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -207,8 +207,7 @@
"description": "Provides additional information about a BOM",
"required": [
"timestamp",
"component",
"tools"
"component"
],
"additionalProperties": false,
"properties": {
Expand Down Expand Up @@ -363,54 +362,6 @@
"description": "A list of software and hardware components included in the parent component. This is not a dependency tree. It provides a way to specify a hierarchical representation of component assemblies, similar to system → subsystem → parts assembly in physical supply chains"
}
}
},
"tools": {
"type": "object",
"title": "Tools",
"description": "The tool(s) used in the creation, enrichment, and validation of the BOM",
"additionalProperties": false,
"properties": {
"components": {
"type": "array",
"title": "Components",
"description": "A list of software and hardware components used as tools",
"items": {
"type": "object",
"title": "Component",
"required": [
"type",
"name",
"version"
],
"additionalProperties": false,
"uniqueItems": true,
"properties": {
"type": {
"type": "string",
"enum": [
"application"
],
"title": "Component Type",
"description": "Specifies the type of component. For software components, classify as application if no more specific appropriate classification is available or cannot be determined for the component"
},
"name": {
"type": "string",
"title": "Component Name",
"description": "The name of the component. This will often be a shortened, single name of the component. Examples: commons-lang3 and jquery",
"examples": [
"tomcat-catalina"
]
},
"version": {
"$ref": "#/$defs/version",
"title": "Component Version",
"description": "The component version. The version should ideally comply with semantic versioning but is not enforced"
}
}
},
"uniqueItems": true
}
}
}
}
},
Expand Down
52 changes: 1 addition & 51 deletions schemas/env-template.sbom.schema.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -122,8 +122,7 @@
"description": "Provides additional information about a BOM",
"required": [
"timestamp",
"component",
"tools"
"component"
],
"additionalProperties": false,
"properties": {
Expand Down Expand Up @@ -252,55 +251,6 @@
"description": "A list of software and hardware components included in the parent component. This is not a dependency tree. It provides a way to specify a hierarchical representation of component assemblies, similar to system → subsystem → parts assembly in physical supply chains"
}
}
},
"tools": {
"type": "object",
"title": "Tools",
"description": "The tool(s) used in the creation, enrichment, and validation of the BOM.",
"additionalProperties": false,
"properties": {
"components": {
"type": "array",
"title": "Components",
"description": "A list of software and hardware components used as tools.",
"items": {
"type": "object",
"title": "Component",
"required": [
"type",
"name",
"version"
],
"additionalProperties": false,
"uniqueItems": true,
"properties": {
"type": {
"type": "string",
"enum": [
"application"
],
"title": "Component Type",
"description": "Specifies the type of component. For software components, classify as application if no more specific appropriate classification is available or cannot be determined for the component"
},
"name": {
"type": "string",
"title": "Component Name",
"description": "The name of the component. This will often be a shortened, single name of the component. Examples: commons-lang3 and jquery",
"examples": [
"tomcat-catalina"
]
},
"version": {
"$ref": "#/definitions/version",
"title": "Component Version",
"description": "The component version. The version should ideally comply with semantic versioning but is not enforced"
}
}
},
"uniqueItems": true

}
}
}
}
},
Expand Down
Loading