Comments made by people, organizations, or tools about any object with a bom-ref, such as components, services, vulnerabilities, or the BOM itself. Unlike inventory information, annotations may contain opinion or commentary from various stakeholders.
from field: repeated cyclonedx.v1_5.Annotation annotations = 11;
Provides the ability to document a list of components.
from field: repeated cyclonedx.v1_5.Component components = 5;
Compositions describe constituent parts (including components, services, and dependency relationships) and their completeness. The completeness of vulnerabilities expressed in a BOM may also be described.
from field: repeated cyclonedx.v1_5.Composition compositions = 9;
Provides the ability to document dependency relationships.
from field: repeated cyclonedx.v1_5.Dependency dependencies = 8;
Provides the ability to document external references related to the BOM or to the project the BOM describes.
from field: repeated cyclonedx.v1_5.ExternalReference external_references = 7;
Describes how a component or service was manufactured or deployed. This is achieved through the use of formulas, workflows, tasks, and steps, which declare the precise steps to reproduce along with the observed formulas describing the steps which transpired in the manufacturing process.
from field: repeated cyclonedx.v1_5.Formula formulation = 13;
Optional metadataProvides additional information about a BOM.
from field: optional cyclonedx.v1_5.Metadata metadata = 4;
Specifies optional, custom, properties
from field: repeated cyclonedx.v1_5.Property properties = 12;
Optional serialEvery BOM generated should have a unique serial number, even if the contents of the BOM being generated have not changed over time. The process or tool responsible for creating the BOM should create random UUID's for every BOM generated.
from field: optional string serial_number = 3;
Provides the ability to document a list of external services.
from field: repeated cyclonedx.v1_5.Service services = 6;
The version of the CycloneDX specification a BOM is written to (starting at version 1.3)
from field: string spec_version = 1;
Optional versionThe version allows component publishers/authors to make changes to existing BOMs to update various aspects of the document such as description or licenses. When a system is presented with multiple BOMs for the same component, the system should use the most recent version of the BOM. The default version is '1' and should be incremented for each version of the BOM that is published. Each version of a component should have a unique BOM and if no changes are made to the BOMs, then each BOM will have a version of '1'.
from field: optional int32 version = 2;
Vulnerabilities identified in components or services.
from field: repeated cyclonedx.v1_5.Vulnerability vulnerabilities = 10;
Static Readonly fieldsStatic Readonly runtimeStatic Readonly typeParse from binary data, merging fields.
Repeated fields are appended. Map entries are added, overwriting existing keys.
If a message field is already present, it will be merged with the new data.
Optional options: Partial<BinaryReadOptions>Protected toJSONOverride for serialization behavior. This will be invoked when calling JSON.stringify on this message (i.e. JSON.stringify(msg)).
Note that this will not serialize google.protobuf.Any with a packed message because the protobuf JSON format specifies that it needs to be unpacked, and this is only possible with a type registry to look up the message type. As a result, attempting to serialize a message with this type will throw an Error.
This method is protected because you should not need to invoke it directly -- instead use JSON.stringify or toJsonString for stringified JSON. Alternatively, if actual JSON is desired, you should use toJson.
Static equalsStatic fromStatic fromStatic from
Generated
from message cyclonedx.v1_5.Bom