CycloneDX · jkowalleck · Feb 10, 2024 · Feb 9, 2024 · Feb 9, 2024 · Feb 9, 2024
diff --git a/schema/bom-1.6.proto b/schema/bom-1.6.proto
@@ -370,7 +370,7 @@ message License {
   // Licensing details describing the licensor/licensee, license type, renewal and expiration dates, and other important metadata
   optional Licensing licensing = 6;
   // Specifies optional, custom, properties
-  repeated Property properties = 7;  
+  repeated Property properties = 7;
 }
 
 message Licensing {
@@ -1481,17 +1481,29 @@ message Condition {
 }
 
 enum TaskType {
+  // A task that copies software or data used to accomplish other tasks in the workflow.
   TASK_TYPE_COPY = 0;
+  // A task that clones a software repository into the workflow in order to retrieve its source code or data for use in a build step.
   TASK_TYPE_CLONE = 1;
+  // A task that checks source code for programmatic and stylistic errors.
   TASK_TYPE_LINT = 2;
+  // A task that performs a scan against source code, or built or deployed components and services. Scans are typically run to gather or test for security vulnerabilities or policy compliance.
   TASK_TYPE_SCAN = 3;
+  // A task that merges changes or fixes into source code prior to a build step in the workflow.
   TASK_TYPE_MERGE = 4;
+  // A task that builds the source code, dependencies and/or data into an artifact that can be deployed to and executed on target systems.
   TASK_TYPE_BUILD = 5;
+  // A task that verifies the functionality of a component or service.
   TASK_TYPE_TEST = 6;
+  // A task that delivers a built artifact to one or more target repositories or storage systems.
   TASK_TYPE_DELIVER = 7;
+  // A task that deploys a built artifact for execution on one or more target systems.
   TASK_TYPE_DEPLOY = 8;
+  // A task that releases a built, versioned artifact to a target repository or distribution system.
   TASK_TYPE_RELEASE = 9;
+  // A task that cleans unnecessary tools, build artifacts and/or data from workflow storage.
   TASK_TYPE_CLEAN = 10;
+  // A workflow task that does not match current task type definitions.
   TASK_TYPE_OTHER = 11;
 }
 

diff --git a/schema/bom-1.6.schema.json b/schema/bom-1.6.schema.json
@@ -4340,7 +4340,21 @@
         "release",
         "clean",
         "other"
-      ]
+      ],
+      "meta:enum": {
+        "copy": "A task that copies software or data used to accomplish other tasks in the workflow.",
+        "clone": "A task that clones a software repository into the workflow in order to retrieve its source code or data for use in a build step.",
+        "lint": "A task that checks source code for programmatic and stylistic errors.",
+        "scan": "A task that performs a scan against source code, or built or deployed components and services. Scans are typically run to gather or test for security vulnerabilities or policy compliance.",
+        "merge": "A task that merges changes or fixes into source code prior to a build step in the workflow.",
+        "build": "A task that builds the source code, dependencies and/or data into an artifact that can be deployed to and executed on target systems.",
+        "test": "A task that verifies the functionality of a component or service.",
+        "deliver": "A task that delivers a built artifact to one or more target repositories or storage systems.",
+        "deploy": "A task that deploys a built artifact for execution on one or more target systems.",
+        "release": "A task that releases a built, versioned artifact to a target repository or distribution system.",
+        "clean": "A task that cleans unnecessary tools, build artifacts and/or data from workflow storage.",
+        "other": "A workflow task that does not match current task type definitions."
+      }
     },
     "parameter": {
       "title": "Parameter",

diff --git a/schema/bom-1.6.xsd b/schema/bom-1.6.xsd
@@ -845,8 +845,8 @@ limitations under the License.
                         of interest to the general public are encouraged to be registered in the
                         CycloneDX Property Taxonomy - https://github.com/CycloneDX/cyclonedx-property-taxonomy.
                         Formal registration is OPTIONAL.</xs:documentation>
-                </xs:annotation>  
-            </xs:element>    
+                </xs:annotation>
+            </xs:element>
             <xs:any namespace="##other" processContents="lax" minOccurs="0" maxOccurs="unbounded">
                 <xs:annotation>
                     <xs:documentation>
@@ -2158,7 +2158,7 @@ limitations under the License.
                 <xs:annotation>
                     <xs:documentation>A valid SPDX license expression.
                         Refer to https://spdx.org/specifications for syntax requirements
-                    
+
                         Example values:
                         - Apache-2.0 AND (MIT OR GPL-2.0-only)
                         - GPL-3.0-only WITH Classpath-exception-2.0
@@ -3976,7 +3976,7 @@ limitations under the License.
             </xs:element>
         </xs:choice>
     </xs:complexType>
-    
+
     <xs:complexType name="annotationType">
         <xs:sequence>
             <xs:element name="subjects" minOccurs="0" maxOccurs="1">
@@ -4745,18 +4745,66 @@ limitations under the License.
 
     <xs:simpleType name="taskTypeEnum">
         <xs:restriction base="xs:string">
-            <xs:enumeration value="copy"/>
-            <xs:enumeration value="clone"/>
-            <xs:enumeration value="lint"/>
-            <xs:enumeration value="scan"/>
-            <xs:enumeration value="merge"/>
-            <xs:enumeration value="build"/>
-            <xs:enumeration value="test"/>
-            <xs:enumeration value="deliver"/>
-            <xs:enumeration value="deploy"/>
-            <xs:enumeration value="release"/>
-            <xs:enumeration value="clean"/>
-            <xs:enumeration value="other"/>
+            <xs:enumeration value="copy">
+                <xs:annotation>
+                    <xs:documentation>A task that copies software or data used to accomplish other tasks in the workflow.</xs:documentation>
+                </xs:annotation>
+            </xs:enumeration>
+            <xs:enumeration value="clone">
+                <xs:annotation>
+                    <xs:documentation>A task that clones a software repository into the workflow in order to retrieve its source code or data for use in a build step.</xs:documentation>
+                </xs:annotation>
+            </xs:enumeration>
+            <xs:enumeration value="lint">
+                <xs:annotation>
+                    <xs:documentation>A task that checks source code for programmatic and stylistic errors.</xs:documentation>
+                </xs:annotation>
+            </xs:enumeration>
+            <xs:enumeration value="scan">
+                <xs:annotation>
+                    <xs:documentation>A task that performs a scan against source code, or built or deployed components and services. Scans are typically run to gather or test for security vulnerabilities or policy compliance.</xs:documentation>
+                </xs:annotation>
+            </xs:enumeration>
+            <xs:enumeration value="merge">
+                <xs:annotation>
+                    <xs:documentation>A task that merges changes or fixes into source code prior to a build step in the workflow.</xs:documentation>
+                </xs:annotation>
+            </xs:enumeration>
+            <xs:enumeration value="build">
+                <xs:annotation>
+                    <xs:documentation>A task that builds the source code, dependencies and/or data into an artifact that can be deployed to and executed on target systems.</xs:documentation>
+                </xs:annotation>
+            </xs:enumeration>
+            <xs:enumeration value="test">
+                <xs:annotation>
+                    <xs:documentation>A task that verifies the functionality of a component or service.</xs:documentation>
+                </xs:annotation>
+            </xs:enumeration>
+            <xs:enumeration value="deliver">
+                <xs:annotation>
+                    <xs:documentation>A task that delivers a built artifact to one or more target repositories or storage systems.</xs:documentation>
+                </xs:annotation>
+            </xs:enumeration>
+            <xs:enumeration value="deploy">
+                <xs:annotation>
+                    <xs:documentation>A task that deploys a built artifact for execution on one or more target systems.</xs:documentation>
+                </xs:annotation>
+            </xs:enumeration>
+            <xs:enumeration value="release">
+                <xs:annotation>
+                    <xs:documentation>A task that releases a built, versioned artifact to a target repository or distribution system.</xs:documentation>
+                </xs:annotation>
+            </xs:enumeration>
+            <xs:enumeration value="clean">
+                <xs:annotation>
+                    <xs:documentation>A task that cleans unnecessary tools, build artifacts and/or data from workflow storage.</xs:documentation>
+                </xs:annotation>
+            </xs:enumeration>
+            <xs:enumeration value="other">
+                <xs:annotation>
+                    <xs:documentation>A workflow task that does not match current task type definitions.</xs:documentation>
+                </xs:annotation>
+            </xs:enumeration>
         </xs:restriction>
     </xs:simpleType>