From d329585eace9c9ef603062f8cb3e5fcfc6c9f9a1 Mon Sep 17 00:00:00 2001 From: Steve Springett Date: Sat, 23 Mar 2024 00:41:04 -0500 Subject: [PATCH] Add support for redaction to compositions Signed-off-by: Steve Springett --- schema/bom-1.6.proto | 20 +++++++++++--------- schema/bom-1.6.schema.json | 22 ++++++++++++---------- schema/bom-1.6.xsd | 25 +++++++++++++++---------- 3 files changed, 38 insertions(+), 29 deletions(-) diff --git a/schema/bom-1.6.proto b/schema/bom-1.6.proto index 7312e33f..80c80dee 100644 --- a/schema/bom-1.6.proto +++ b/schema/bom-1.6.proto @@ -652,24 +652,26 @@ enum Aggregate { // The relationship completeness is not specified. // buf:lint:ignore ENUM_ZERO_VALUE_SUFFIX -- `not specified` is our fallback, doubling `unspecified` AGGREGATE_NOT_SPECIFIED = 0; - // The relationship is complete. No further relationships including constituent components, services, or dependencies are known to exist. + // The information is complete. No further relationships including constituent components, services, or dependencies are known to exist. AGGREGATE_COMPLETE = 1; - // The relationship is incomplete. Additional relationships exist and may include constituent components, services, or dependencies. + // The information is incomplete. Additional relationships exist and may include constituent components, services, or dependencies. AGGREGATE_INCOMPLETE = 2; - // The relationship is incomplete. Only relationships for first-party components, services, or their dependencies are represented. + // The information is incomplete. Only relationships for first-party components, services, or their dependencies are represented. AGGREGATE_INCOMPLETE_FIRST_PARTY_ONLY = 3; - // The relationship is incomplete. Only relationships for third-party components, services, or their dependencies are represented. + // The information is incomplete. Only relationships for third-party components, services, or their dependencies are represented. AGGREGATE_INCOMPLETE_THIRD_PARTY_ONLY = 4; - // The relationship may be complete or incomplete. This usually signifies a 'best-effort' to obtain constituent components, services, or dependencies but the completeness is inconclusive. + // The information may be complete or incomplete. This usually signifies a 'best-effort' to obtain constituent components, services, or dependencies but the completeness is inconclusive. AGGREGATE_UNKNOWN = 5; - // The relationship is incomplete. Only relationships for first-party components, services, or their dependencies are represented, limited specifically to those that are proprietary. + // The information is incomplete. Only relationships for first-party components, services, or their dependencies are represented, limited specifically to those that are proprietary. AGGREGATE_INCOMPLETE_FIRST_PARTY_PROPRIETARY_ONLY = 6; - // The relationship is incomplete. Only relationships for first-party components, services, or their dependencies are represented, limited specifically to those that are opensource. + // The information is incomplete. Only relationships for first-party components, services, or their dependencies are represented, limited specifically to those that are opensource. AGGREGATE_INCOMPLETE_FIRST_PARTY_OPENSOURCE_ONLY = 7; - // The relationship is incomplete. Only relationships for third-party components, services, or their dependencies are represented, limited specifically to those that are proprietary. + // The information is incomplete. Only relationships for third-party components, services, or their dependencies are represented, limited specifically to those that are proprietary. AGGREGATE_INCOMPLETE_THIRD_PARTY_PROPRIETARY_ONLY = 8; - // The relationship is incomplete. Only relationships for third-party components, services, or their dependencies are represented, limited specifically to those that are opensource. + // The information is incomplete. Only relationships for third-party components, services, or their dependencies are represented, limited specifically to those that are opensource. AGGREGATE_INCOMPLETE_THIRD_PARTY_OPENSOURCE_ONLY = 9; + // The information has been redacted. + AGGREGATE_REDACTED = 10; } message Composition { diff --git a/schema/bom-1.6.schema.json b/schema/bom-1.6.schema.json index 8e96ebda..2b538c0a 100644 --- a/schema/bom-1.6.schema.json +++ b/schema/bom-1.6.schema.json @@ -2237,20 +2237,22 @@ "incomplete_third_party_only", "incomplete_third_party_proprietary_only", "incomplete_third_party_opensource_only", + "redacted", "unknown", "not_specified" ], "meta:enum": { - "complete": "The relationship is complete. No further relationships including constituent components, services, or dependencies are known to exist.", - "incomplete": "The relationship is incomplete. Additional relationships exist and may include constituent components, services, or dependencies.", - "incomplete_first_party_only": "The relationship is incomplete. Only relationships for first-party components, services, or their dependencies are represented.", - "incomplete_first_party_proprietary_only": "The relationship is incomplete. Only relationships for first-party components, services, or their dependencies are represented, limited specifically to those that are proprietary.", - "incomplete_first_party_opensource_only": "The relationship is incomplete. Only relationships for first-party components, services, or their dependencies are represented, limited specifically to those that are opensource.", - "incomplete_third_party_only": "The relationship is incomplete. Only relationships for third-party components, services, or their dependencies are represented.", - "incomplete_third_party_proprietary_only": "The relationship is incomplete. Only relationships for third-party components, services, or their dependencies are represented, limited specifically to those that are proprietary.", - "incomplete_third_party_opensource_only": "The relationship is incomplete. Only relationships for third-party components, services, or their dependencies are represented, limited specifically to those that are opensource.", - "unknown": "The relationship may be complete or incomplete. This usually signifies a 'best-effort' to obtain constituent components, services, or dependencies but the completeness is inconclusive.", - "not_specified": "The relationship completeness is not specified." + "complete": "The information is complete. No further relationships including constituent components, services, or dependencies are known to exist.", + "incomplete": "The information is incomplete. Additional relationships exist and may include constituent components, services, or dependencies.", + "incomplete_first_party_only": "The information is incomplete. Only relationships for first-party components, services, or their dependencies are represented.", + "incomplete_first_party_proprietary_only": "The information is incomplete. Only relationships for first-party components, services, or their dependencies are represented, limited specifically to those that are proprietary.", + "incomplete_first_party_opensource_only": "The information is incomplete. Only relationships for first-party components, services, or their dependencies are represented, limited specifically to those that are opensource.", + "incomplete_third_party_only": "The information is incomplete. Only relationships for third-party components, services, or their dependencies are represented.", + "incomplete_third_party_proprietary_only": "The information is incomplete. Only relationships for third-party components, services, or their dependencies are represented, limited specifically to those that are proprietary.", + "incomplete_third_party_opensource_only": "The information is incomplete. Only relationships for third-party components, services, or their dependencies are represented, limited specifically to those that are opensource.", + "redacted": "The information has been redacted.", + "unknown": "The information may be complete or incomplete. This usually signifies a 'best-effort' to obtain constituent components, services, or dependencies but the completeness is inconclusive.", + "not_specified": "The information completeness is not specified." } }, "property": { diff --git a/schema/bom-1.6.xsd b/schema/bom-1.6.xsd index b904975e..63a4e630 100644 --- a/schema/bom-1.6.xsd +++ b/schema/bom-1.6.xsd @@ -2646,52 +2646,57 @@ limitations under the License. - The relationship is complete. No further relationships including constituent components, services, or dependencies are known to exist. + The information is complete. No further relationships including constituent components, services, or dependencies are known to exist. - The relationship is incomplete. Additional relationships exist and may include constituent components, services, or dependencies. + The information is incomplete. Additional relationships exist and may include constituent components, services, or dependencies. - The relationship is incomplete. Only relationships for first-party components, services, or their dependencies are represented. + The information is incomplete. Only relationships for first-party components, services, or their dependencies are represented. - The relationship is incomplete. Only relationships for third-party components, services, or their dependencies are represented, limited specifically to those that are proprietary. + The information is incomplete. Only relationships for third-party components, services, or their dependencies are represented, limited specifically to those that are proprietary. - The relationship is incomplete. Only relationships for third-party components, services, or their dependencies are represented, limited specifically to those that are opensource. + The information is incomplete. Only relationships for third-party components, services, or their dependencies are represented, limited specifically to those that are opensource. - The relationship is incomplete. Only relationships for third-party components, services, or their dependencies are represented. + The information is incomplete. Only relationships for third-party components, services, or their dependencies are represented. - The relationship is incomplete. Only relationships for third-party components, services, or their dependencies are represented, limited specifically to those that are proprietary. + The information is incomplete. Only relationships for third-party components, services, or their dependencies are represented, limited specifically to those that are proprietary. - The relationship is incomplete. Only relationships for third-party components, services, or their dependencies are represented, limited specifically to those that are opensource. + The information is incomplete. Only relationships for third-party components, services, or their dependencies are represented, limited specifically to those that are opensource. + + + + + The information has been redacted. - The relationship may be complete or incomplete. This usually signifies a 'best-effort' to obtain constituent components, services, or dependencies but the completeness is inconclusive. + The information may be complete or incomplete. This usually signifies a 'best-effort' to obtain constituent components, services, or dependencies but the completeness is inconclusive. - The relationship completeness is not specified. + The information completeness is not specified.