xml

Signed-off-by: Jan Kowalleck <[email protected]>
CycloneDX · Feb 20, 2024 · cd1fbe9 · cd1fbe9
1 parent 5639eef
commit cd1fbe9
Show file tree

Hide file tree

Showing 5 changed files with 81 additions and 13 deletions.
diff --git a/schema/bom-1.6.schema.json b/schema/bom-1.6.schema.json
@@ -668,13 +668,13 @@
         },
         "manufacturer": {
           "title": "BOM Manufacturer",
-          "description": "The organization that created the BOM. Manufacturer is common in BOMs created through automated processes. BOMs created through manual means may have '@.authors' instead.",
+          "description": "The organization that created the BOM.\nManufacturer is common in BOMs created through automated processes. BOMs created through manual means may have '@.authors' instead.",
           "$ref": "#/definitions/organizationalEntity"
         },
         "authors": {
           "type": "array",
           "title": "BOM Authors",
-          "description": "The person(s) who created the BOM. Authors are common in BOMs created through manual processes. BOMs created through automated means may have '@.manufacturer' instead.",
+          "description": "The person(s) who created the BOM.\nAuthors are common in BOMs created through manual processes. BOMs created through automated means may have '@.manufacturer' instead.",
           "items": {"$ref": "#/definitions/organizationalContact"}
         },
         "component": {
@@ -874,13 +874,13 @@
         },
         "manufacturer": {
           "title": "Component Manufacturer",
-          "description": "The organization that created the component. Manufacturer is common in components created through automated processes. Components created through manual means may have `@.authors` instead.",
+          "description": "The organization that created the component.\nManufacturer is common in components created through automated processes. Components created through manual means may have `@.authors` instead.",
           "$ref": "#/definitions/organizationalEntity"
         },
         "authors" :{
           "type": "array",
           "title": "Component Authors",
-          "description": "The person(s) who created the component. Authors are common in components created through manual processes. Components created through automated means may have `@.manufacturer` instead.",
+          "description": "The person(s) who created the component.\nAuthors are common in components created through manual processes. Components created through automated means may have `@.manufacturer` instead.",
           "items": {"$ref": "#/definitions/organizationalContact"}
         },
         "author": {

diff --git a/schema/bom-1.6.xsd b/schema/bom-1.6.xsd
@@ -198,8 +198,10 @@ limitations under the License.
             </xs:element>
             <xs:element name="authors" minOccurs="0" maxOccurs="1">
                 <xs:annotation>
-                    <xs:documentation>The person(s) who created the BOM. Authors are common in BOMs created through
-                        manual processes. BOMs created through automated means may not have authors.</xs:documentation>
+                    <xs:documentation>
+                        The person(s) who created the BOM.
+                        Authors are common in BOMs created through manual processes. BOMs created through automated means may have './manufacturer' instead.
+                    </xs:documentation>
                 </xs:annotation>
                 <xs:complexType>
                     <xs:sequence minOccurs="0" maxOccurs="unbounded">
@@ -212,9 +214,20 @@ limitations under the License.
                     <xs:documentation>The component that the BOM describes.</xs:documentation>
                 </xs:annotation>
             </xs:element>
+            <xs:element name="manufacturer" type="bom:organizationalEntity" minOccurs="0" maxOccurs="1">
+                <xs:annotation>
+                    <xs:documentation>
+                        The organization that created the BOM.
+                        Manufacturer is common in BOMs created through automated processes. BOMs created through manual means may have './authors' instead.
+                    </xs:documentation>
+                </xs:annotation>
+            </xs:element>
             <xs:element name="manufacture" type="bom:organizationalEntity" minOccurs="0" maxOccurs="1">
                 <xs:annotation>
-                    <xs:documentation>The organization that manufactured the component that the BOM describes.</xs:documentation>
+                    <xs:documentation>
+                        DEPRECATED - DO NOT USE. This will be removed in a future version. Use the `./component/manufacturer` instead.
+                        The organization that manufactured the component that the BOM describes.
+                    </xs:documentation>
                 </xs:annotation>
             </xs:element>
             <xs:element name="supplier" type="bom:organizationalEntity" minOccurs="0" maxOccurs="1">
@@ -483,9 +496,33 @@ limitations under the License.
                         be the manufacturer, but may also be a distributor or repackager.</xs:documentation>
                 </xs:annotation>
             </xs:element>
+            <xs:element name="manufacturer" type="bom:organizationalEntity" minOccurs="0" maxOccurs="1">
+                <xs:annotation>
+                    <xs:documentation>
+                        The organization that created the component.
+                        Manufacturer is common in components created through automated processes. Components created through manual means may have './authors' instead.
+                    </xs:documentation>
+                </xs:annotation>
+            </xs:element>
+            <xs:element name="authors" minOccurs="0" maxOccurs="1">
+                <xs:annotation>
+                    <xs:documentation>
+                        The person(s) who created the component.
+                        Authors are common in components created through manual processes. Components created through automated means may have `./manufacturer` instead.
+                    </xs:documentation>
+                </xs:annotation>
+                <xs:complexType>
+                    <xs:sequence minOccurs="0" maxOccurs="unbounded">
+                        <xs:element name="author" type="bom:organizationalContact"/>
+                    </xs:sequence>
+                </xs:complexType>
+            </xs:element>
             <xs:element name="author" type="xs:normalizedString" minOccurs="0" maxOccurs="1">
                 <xs:annotation>
-                    <xs:documentation>The person(s) or organization(s) that authored the component</xs:documentation>
+                    <xs:documentation>
+                        DEPRECATED - DO NOT USE. This will be removed in a future version. Use `./authors` or `./manufacturer` instead.
+                        The person(s) or organization(s) that authored the component.
+                    </xs:documentation>
                 </xs:annotation>
             </xs:element>
             <xs:element name="publisher" type="xs:normalizedString" minOccurs="0" maxOccurs="1">

diff --git a/tools/src/test/resources/1.6/valid-bom-1.6.xml b/tools/src/test/resources/1.6/valid-bom-1.6.xml
@@ -28,14 +28,14 @@
                 <text content-type="text/xml" encoding="base64">PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0idXRmLTgiID8+CjxTb2Z0d2FyZUlkZW50aXR5IHhtbDpsYW5nPSJFTiIgbmFtZT0iQWNtZSBBcHBsaWNhdGlvbiIgdmVyc2lvbj0iOS4xLjEiIAogdmVyc2lvblNjaGVtZT0ibXVsdGlwYXJ0bnVtZXJpYyIgCiB0YWdJZD0ic3dpZGdlbi1iNTk1MWFjOS00MmMwLWYzODItM2YxZS1iYzdhMmE0NDk3Y2JfOS4xLjEiIAogeG1sbnM9Imh0dHA6Ly9zdGFuZGFyZHMuaXNvLm9yZy9pc28vMTk3NzAvLTIvMjAxNS9zY2hlbWEueHNkIj4gCiB4bWxuczp4c2k9Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvWE1MU2NoZW1hLWluc3RhbmNlIiAKIHhzaTpzY2hlbWFMb2NhdGlvbj0iaHR0cDovL3N0YW5kYXJkcy5pc28ub3JnL2lzby8xOTc3MC8tMi8yMDE1LWN1cnJlbnQvc2NoZW1hLnhzZCBzY2hlbWEueHNkIiA+CiAgPE1ldGEgZ2VuZXJhdG9yPSJTV0lEIFRhZyBPbmxpbmUgR2VuZXJhdG9yIHYwLjEiIC8+IAogIDxFbnRpdHkgbmFtZT0iQWNtZSwgSW5jLiIgcmVnaWQ9ImV4YW1wbGUuY29tIiByb2xlPSJ0YWdDcmVhdG9yIiAvPiAKPC9Tb2Z0d2FyZUlkZW50aXR5Pg==</text>
             </swid>
         </component>
-        <manufacture>
+        <manufacturer>
             <name>Acme, Inc.</name>
             <url>https://example.com</url>
             <contact>
                 <name>Acme Professional Services</name>
                 <email>[email protected]</email>
             </contact>
-        </manufacture>
+        </manufacturer>
         <supplier>
             <name>Acme, Inc.</name>
             <url>https://example.com</url>
@@ -47,7 +47,7 @@
     </metadata>
     <components>
         <component type="application">
-            <author>Acme Super Heros</author>
+            <author>Joane Doe et al.</author>
             <publisher>Acme Inc</publisher>
             <group>com.acme</group>
             <name>tomcat-catalina</name>
@@ -120,7 +120,24 @@
                     <email>[email protected]</email>
                 </contact>
             </supplier>
-            <author>Example Super Heros</author>
+            <manufacturer>
+                <name>Example-2, Inc.Example-2, Inc.</name>
+                <url>https://example.org</url>
+                <contact>
+                    <email>[email protected]</email>
+                </contact>
+            </manufacturer>
+            <authors>
+                <author>
+                    <name>Anthony Edward Stark</name>
+                    <email>[email protected]</email>
+                    <phone>555-212-970-4133</phone>
+                </author>
+                <author>
+                    <name>Peter Benjamin Parker</name>
+                    <email>[email protected]</email>
+                </author>
+            </authors>
             <group>org.example</group>
             <name>mylibrary</name>
             <version>1.0.0</version>

diff --git a/tools/src/test/resources/1.6/valid-metadata-manufacture-1.6.xml b/tools/src/test/resources/1.6/valid-metadata-manufacture-1.6.xml
@@ -2,7 +2,7 @@
 <bom serialNumber="urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79" version="1" xmlns="http://cyclonedx.org/schema/bom/1.6">
     <metadata>
         <manufacture bom-ref="manufacturer-1">
-            <name>Acme, Inc.</name>
+            <name>Acme, Inc. // deprecated</name>
             <url>https://example.com</url>
             <contact bom-ref="contact-1">
                 <name>Acme Professional Services</name>

diff --git a/tools/src/test/resources/1.6/valid-metadata-manufacturer-1.6.xml b/tools/src/test/resources/1.6/valid-metadata-manufacturer-1.6.xml
@@ -0,0 +1,14 @@
+<?xml version="1.0"?>
+<bom serialNumber="urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79" version="1" xmlns="http://cyclonedx.org/schema/bom/1.6">
+    <metadata>
+        <manufacturer bom-ref="manufacturer-1">
+            <name>Acme, Inc.</name>
+            <url>https://example.com</url>
+            <contact bom-ref="contact-1">
+                <name>Acme Professional Services</name>
+                <email>[email protected]</email>
+            </contact>
+        </manufacturer>
+    </metadata>
+    <components />
+</bom>