Skip to content

Commit 41a4be0

Browse files
madpahmadpah
committedFeb 2, 2022
doc: added page to docs to call out which parts of the specification this library supports
Signed-off-by: Paul Horton <phorton@sonatype.com>
1 parent 6c280e7 commit 41a4be0

File tree

2 files changed

+38
-0
lines changed

2 files changed

+38
-0
lines changed
 

‎docs/architecture.rst

+1
Original file line numberDiff line numberDiff line change
@@ -20,6 +20,7 @@ When wishing to generate a BOM, the process is as follows:
2020
:caption: Contents:
2121

2222
modelling
23+
schema-support
2324
outputting
2425

2526
.. _cyclondex-python: https://pypi.org/project/cyclonedx-bom/

‎docs/schema-support.rst

+37
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,37 @@
1+
Schema Support
2+
==============
3+
4+
This library has partial support for the CycloneDX specification (we continue to grow support).
5+
6+
The following sub-sections aim to explain what support this library provides and any known gaps in support. We do this
7+
by calling out support for data as defined in the latest CycloneDX standard specification, regardless of whether it is
8+
supported in prior versions of the CycloneDX schema.
9+
10+
+----------------------------+---------------+---------------------------------------------------------------------------------------------------+
11+
| Data Path | Supported? | Notes |
12+
+============================+===============+===================================================================================================+
13+
| ``bom[@version]`` | Yes | |
14+
+----------------------------+---------------+---------------------------------------------------------------------------------------------------+
15+
| ``bom[@serialNumber]`` | Yes | |
16+
+----------------------------+---------------+---------------------------------------------------------------------------------------------------+
17+
| ``bom.metadata`` | Yes (partial) | Not supported: ``authors``, ``manufacture``, ``supplier``, ``licenses``, ``properties``. |
18+
+----------------------------+---------------+---------------------------------------------------------------------------------------------------+
19+
| ``bom.components`` | Yes | Not supported: ``modified`` (as it is deprecated), ``signature``. |
20+
+----------------------------+---------------+---------------------------------------------------------------------------------------------------+
21+
| ``bom.services`` | Yes | Not supported: ``signature``. |
22+
+----------------------------+---------------+---------------------------------------------------------------------------------------------------+
23+
| ``bom.externalReferences`` | Yes | |
24+
+----------------------------+---------------+---------------------------------------------------------------------------------------------------+
25+
| ``bom.dependencies`` | No | |
26+
+----------------------------+---------------+---------------------------------------------------------------------------------------------------+
27+
| ``bom.compositions`` | No | |
28+
+----------------------------+---------------+---------------------------------------------------------------------------------------------------+
29+
| ``bom.properties`` | No | See `schema specification bug 130`_ |
30+
+----------------------------+---------------+---------------------------------------------------------------------------------------------------+
31+
| ``bom.vulnerabilities`` | Yes | Note: Prior to CycloneDX 1.4, these were present under ``bom.components`` via a schema extension. |
32+
+----------------------------+---------------+---------------------------------------------------------------------------------------------------+
33+
| ``bom.signature`` | No | |
34+
+----------------------------+---------------+---------------------------------------------------------------------------------------------------+
35+
36+
37+
.. _schema specification bug 130: https://github.com/CycloneDX/specification/issues/130

0 commit comments

Comments
 (0)