diff --git a/schema/bom-1.6.proto b/schema/bom-1.6.proto index 89991875..1c6f842c 100644 --- a/schema/bom-1.6.proto +++ b/schema/bom-1.6.proto @@ -370,7 +370,7 @@ message License { // Licensing details describing the licensor/licensee, license type, renewal and expiration dates, and other important metadata optional Licensing licensing = 6; // Specifies optional, custom, properties - repeated Property properties = 7; + repeated Property properties = 7; } message Licensing { @@ -1481,17 +1481,29 @@ message Condition { } enum TaskType { + // A task that copies software or data used to accomplish other tasks in the workflow. TASK_TYPE_COPY = 0; + // A task that clones a software repository into the workflow in order to retrieve its source code or data for use in a build step. TASK_TYPE_CLONE = 1; + // A task that checks source code for programmatic and stylistic errors. TASK_TYPE_LINT = 2; + // A task that performs a scan against source code, or built or deployed components and services. Scans are typically run to gather or test for security vulnerabilities or policy compliance. TASK_TYPE_SCAN = 3; + // A task that merges changes or fixes into source code prior to a build step in the workflow. TASK_TYPE_MERGE = 4; + // A task that builds the source code, dependencies and/or data into an artifact that can be deployed to and executed on target systems. TASK_TYPE_BUILD = 5; + // A task that verifies the functionality of a component or service. TASK_TYPE_TEST = 6; + // A task that delivers a built artifact to one or more target repositories or storage systems. TASK_TYPE_DELIVER = 7; + // A task that deploys a built artifact for execution on one or more target systems. TASK_TYPE_DEPLOY = 8; + // A task that releases a built, versioned artifact to a target repository or distribution system. TASK_TYPE_RELEASE = 9; + // A task that cleans unnecessary tools, build artifacts and/or data from workflow storage. TASK_TYPE_CLEAN = 10; + // A workflow task that does not match current task type definitions. TASK_TYPE_OTHER = 11; } diff --git a/schema/bom-1.6.schema.json b/schema/bom-1.6.schema.json index 3e5c5877..7312c990 100644 --- a/schema/bom-1.6.schema.json +++ b/schema/bom-1.6.schema.json @@ -4344,7 +4344,21 @@ "release", "clean", "other" - ] + ], + "meta:enum": { + "copy": "A task that copies software or data used to accomplish other tasks in the workflow.", + "clone": "A task that clones a software repository into the workflow in order to retrieve its source code or data for use in a build step.", + "lint": "A task that checks source code for programmatic and stylistic errors.", + "scan": "A task that performs a scan against source code, or built or deployed components and services. Scans are typically run to gather or test for security vulnerabilities or policy compliance.", + "merge": "A task that merges changes or fixes into source code prior to a build step in the workflow.", + "build": "A task that builds the source code, dependencies and/or data into an artifact that can be deployed to and executed on target systems.", + "test": "A task that verifies the functionality of a component or service.", + "deliver": "A task that delivers a built artifact to one or more target repositories or storage systems.", + "deploy": "A task that deploys a built artifact for execution on one or more target systems.", + "release": "A task that releases a built, versioned artifact to a target repository or distribution system.", + "clean": "A task that cleans unnecessary tools, build artifacts and/or data from workflow storage.", + "other": "A workflow task that does not match current task type definitions." + } }, "parameter": { "title": "Parameter", diff --git a/schema/bom-1.6.xsd b/schema/bom-1.6.xsd index c3c9b230..2254dad6 100644 --- a/schema/bom-1.6.xsd +++ b/schema/bom-1.6.xsd @@ -845,8 +845,8 @@ limitations under the License. of interest to the general public are encouraged to be registered in the CycloneDX Property Taxonomy - https://github.com/CycloneDX/cyclonedx-property-taxonomy. Formal registration is OPTIONAL. - - + + @@ -2158,7 +2158,7 @@ limitations under the License. A valid SPDX license expression. Refer to https://spdx.org/specifications for syntax requirements - + Example values: - Apache-2.0 AND (MIT OR GPL-2.0-only) - GPL-3.0-only WITH Classpath-exception-2.0 @@ -3976,7 +3976,7 @@ limitations under the License. - + @@ -4745,18 +4745,66 @@ limitations under the License. - - - - - - - - - - - - + + + A task that copies software or data used to accomplish other tasks in the workflow. + + + + + A task that clones a software repository into the workflow in order to retrieve its source code or data for use in a build step. + + + + + A task that checks source code for programmatic and stylistic errors. + + + + + A task that performs a scan against source code, or built or deployed components and services. Scans are typically run to gather or test for security vulnerabilities or policy compliance. + + + + + A task that merges changes or fixes into source code prior to a build step in the workflow. + + + + + A task that builds the source code, dependencies and/or data into an artifact that can be deployed to and executed on target systems. + + + + + A task that verifies the functionality of a component or service. + + + + + A task that delivers a built artifact to one or more target repositories or storage systems. + + + + + A task that deploys a built artifact for execution on one or more target systems. + + + + + A task that releases a built, versioned artifact to a target repository or distribution system. + + + + + A task that cleans unnecessary tools, build artifacts and/or data from workflow storage. + + + + + A workflow task that does not match current task type definitions. + +