Skip to content

Commit

Permalink
rework dependency type to provides (#366)
Browse files Browse the repository at this point in the history
changes as discussed here:
#347 (comment)
  • Loading branch information
stevespringett authored Jan 26, 2024
2 parents 29fc0a6 + d8ae85e commit 56e936e
Show file tree
Hide file tree
Showing 6 changed files with 57 additions and 62 deletions.
8 changes: 2 additions & 6 deletions schema/bom-1.6.proto
Original file line number Diff line number Diff line change
Expand Up @@ -171,16 +171,12 @@ enum DataFlowDirection {
}

message Dependency {
enum DependencyType {
DEPENDENCY_TYPE_IMPLEMENTS = 0;
DEPENDENCY_TYPE_USES = 1;
}
// References a component or service by the its bom-ref attribute
string ref = 1;
// The bom-ref identifiers of the components or services that are dependencies of this dependency object.
repeated Dependency dependencies = 2;
// Defines and characterizes the type of dependency
optional DependencyType type = 3;
// The bom-ref identifiers of the components or services that define a given specification or standard, which are provided or implemented by this dependency object.
repeated string provides = 3;
}

message Diff {
Expand Down
27 changes: 8 additions & 19 deletions schema/bom-1.6.schema.json
Original file line number Diff line number Diff line change
Expand Up @@ -1766,11 +1766,14 @@
"title": "Depends On",
"description": "The bom-ref identifiers of the components or services that are dependencies of this dependency object."
},
"type": {
"type": "string",
"title": "Dependency Type",
"description": "Defines and characterizes the type of dependency",
"$ref": "#/definitions/dependencyType"
"provides": {
"type": "array",
"uniqueItems": true,
"items": {
"$ref": "#/definitions/refLinkType"
},
"title": "Provides",
"description": "The bom-ref identifiers of the components or services that define a given specification or standard, which are provided or implemented by this dependency object.\nFor example, a cryptographic library which implements a cryptographic algorithm. A component which implements another component does not imply that the implementation is in use."
}
}
},
Expand Down Expand Up @@ -4601,20 +4604,6 @@
"title": "Signature",
"description": "Enveloped signature in [JSON Signature Format (JSF)](https://cyberphone.github.io/doc/security/jsf.html)."
},
"dependencyType": {
"type": "string",
"title": "Dependency Type",
"enum": [
"implements",
"uses"
],
"meta:enum": {
"implements": "Refers to a component or service that fulfills the requirements of a given specification or standard. For example, a cryptographic library which implements a cryptographic algorithm. A component which implements another component does not imply that the implementation is in use.",
"uses": "Refers to a component or service that relies on another component or service, either explicitly via function calls or via configuration at run time."
},
"default": "uses",
"description": "An optional field that describes the type of dependency."
},
"cryptoProperties": {
"type": "object",
"title": "Cryptographic Properties",
Expand Down
48 changes: 20 additions & 28 deletions schema/bom-1.6.xsd
Original file line number Diff line number Diff line change
Expand Up @@ -1851,18 +1851,32 @@ limitations under the License.

<xs:complexType name="dependencyType">
<xs:sequence minOccurs="0" maxOccurs="unbounded">
<xs:element name="dependency" type="bom:dependencyType"/>
<xs:element name="dependency" type="bom:dependencyType" minOccurs="0">
<xs:annotation>
<xs:documentation>The component or service that is a dependency of this dependency object.</xs:documentation>
</xs:annotation>
</xs:element>
<xs:element name="provides" minOccurs="0">
<xs:annotation>
<xs:documentation>
The component or service that define a given specification or standard, which is provided or implemented by this dependency object.
For example, a cryptographic library which implements a cryptographic algorithm. A component which implements another component does not imply that the implementation is in use.
</xs:documentation>
</xs:annotation>
<xs:complexType>
<xs:attribute name="ref" type="bom:refLinkType" use="required">
<xs:annotation>
<xs:documentation>References a component or service by its bom-ref attribute</xs:documentation>
</xs:annotation>
</xs:attribute>
</xs:complexType>
</xs:element>
</xs:sequence>
<xs:attribute name="ref" type="bom:refLinkType" use="required">
<xs:annotation>
<xs:documentation>References a component or service by its bom-ref attribute</xs:documentation>
</xs:annotation>
</xs:attribute>
<xs:attribute name="type" type="bom:dependencyUsageType" default="uses" use="optional">
<xs:annotation>
<xs:documentation>An optional field that describes the type of dependency.</xs:documentation>
</xs:annotation>
</xs:attribute>
<xs:anyAttribute namespace="##other" processContents="lax">
<xs:annotation>
<xs:documentation>User-defined attributes may be used on this element as long as they
Expand All @@ -1871,28 +1885,6 @@ limitations under the License.
</xs:anyAttribute>
</xs:complexType>

<xs:simpleType name="dependencyUsageType">
<xs:restriction base="xs:string">
<xs:enumeration value="implements">
<xs:annotation>
<xs:documentation>
Refers to a component or service that fulfills the requirements of a given specification or
standard. For example, a cryptographic library which implements a cryptographic algorithm.
A component which implements another component does not imply that the implementation is in use.
</xs:documentation>
</xs:annotation>
</xs:enumeration>
<xs:enumeration value="uses">
<xs:annotation>
<xs:documentation>
Refers to a component or service that relies on another component or service, either explicitly
via function calls or via configuration at run time.
</xs:documentation>
</xs:annotation>
</xs:enumeration>
</xs:restriction>
</xs:simpleType>

<xs:complexType name="dependenciesType">
<xs:sequence minOccurs="0" maxOccurs="unbounded">
<xs:element name="dependency" type="bom:dependencyType">
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -37,18 +37,23 @@
"bom-ref": "crypto-library",
"name": "Crypto library",
"version": "1.0.0"
},
{
"type": "library",
"bom-ref": "some-library",
"name": "Some library",
"version": "1.0.0"
}
],
"dependencies": [
{
"ref": "acme-application",
"type": "uses",
"dependsOn": ["crypto-library"]
},
{
"ref": "crypto-library",
"type": "implements",
"dependsOn": ["aes128gcm"]
"provides": ["aes128gcm"],
"dependsOn": ["some-library"]
}
]
}
Original file line number Diff line number Diff line change
@@ -1,3 +1,6 @@
# proto-file: schema/bom-1.6.proto
# proto-message:

spec_version: "1.6"
version: 1
serial_number: "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79"
Expand Down Expand Up @@ -40,21 +43,26 @@ components: [
bom_ref: "crypto-library"
name: "Crypto library"
version: "1.0.0"
},
{
type: CLASSIFICATION_LIBRARY
bom_ref: "some-library"
name: "Some library"
version: "1.0.0"
}
],
dependencies: [
{
ref: "acme-application"
type: DEPENDENCY_TYPE_USES
dependencies {
ref: "crypto-library"
}
},
{
ref: "crypto-library"
type: DEPENDENCY_TYPE_IMPLEMENTS
provides: [ "aes128gcm" ]
dependencies {
ref: "aes128gcm"
ref: "some-library"
}
}
]
Original file line number Diff line number Diff line change
Expand Up @@ -34,13 +34,18 @@
<name>Crypto Library</name>
<version>1.0.0</version>
</component>
<component type="library" bom-ref="some-library">
<name>Some Library</name>
<version>1.0.0</version>
</component>
</components>
<dependencies>
<dependency ref="acme-application" type="uses">
<dependency ref="acme-application">
<dependency ref="crypto-library"/>
</dependency>
<dependency ref="crypto-library" type="implements">
<dependency ref="aes128gcm"/>
<dependency ref="crypto-library">
<provides ref="aes128gcm"/>
<dependency ref="some-library"/>
</dependency>
</dependencies>
</bom>

0 comments on commit 56e936e

Please sign in to comment.