Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Cdx-go and JSON schema inconsistency - fields missing from DataService #208

Open
c3st7n opened this issue Nov 21, 2024 · 0 comments
Open

Cdx-go and JSON schema inconsistency - fields missing from DataService #208

c3st7n opened this issue Nov 21, 2024 · 0 comments

Comments

@c3st7n
Copy link

c3st7n commented Nov 21, 2024

The cyclonedx-go implementation is missing all the option fields for the serviceData field.

cyclonedx-go/schema/bom-1.6.schema.json

Lines 1972 to 2046 in 8508cc1

"serviceData": {
"type": "object",
"title": "Hash Objects",
"required": [
"flow",
"classification"
],
"additionalProperties": false,
"properties": {
"flow": {
"$ref": "#/definitions/dataFlowDirection",
"title": "Directional Flow",
"description": "Specifies the flow direction of the data. Direction is relative to the service. Inbound flow states that data enters the service. Outbound flow states that data leaves the service. Bi-directional states that data flows both ways and unknown states that the direction is not known."
},
"classification": {
"$ref": "#/definitions/dataClassification"
},
"name": {
"type": "string",
"title": "Name",
"description": "Name for the defined data",
"examples": [
"Credit card reporting"
]
},
"description": {
"type": "string",
"title": "Description",
"description": "Short description of the data content and usage",
"examples": [
"Credit card information being exchanged in between the web app and the database"
]
},
"governance": {
"title": "Data Governance",
"$ref": "#/definitions/dataGovernance"
},
"source": {
"type": "array",
"items": {
"anyOf": [
{
"title": "URL",
"type": "string",
"format": "iri-reference"
},
{
"title": "BOM-Link Element",
"$ref": "#/definitions/bomLinkElementType"
}
]
},
"title": "Source",
"description": "The URI, URL, or BOM-Link of the components or services the data came in from"
},
"destination": {
"type": "array",
"items": {
"anyOf": [
{
"title": "URL",
"type": "string",
"format": "iri-reference"
},
{
"title": "BOM-Link Element",
"$ref": "#/definitions/bomLinkElementType"
}
]
},
"title": "Destination",
"description": "The URI, URL, or BOM-Link of the components or services the data is sent to"
}
}
},

In type Service:

cyclonedx-go/cyclonedx.go

Line 1288 in 8508cc1

Data *[]DataClassification `json:"data,omitempty" xml:"data>classification,omitempty"`

In type DataClassification:

cyclonedx-go/cyclonedx.go

Lines 519 to 522 in 8508cc1

type DataClassification struct {
Flow DataFlow `json:"flow" xml:"flow,attr"`
Classification string `json:"classification" xml:",chardata"`
}

The struct is missing name, description, governance, source and destination fields.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@c3st7n