search

CycloneDX / cyclonedx-rust-cargo

Creates CycloneDX Software Bill of Materials (SBOM) from Rust (Cargo) projects
https://cyclonedx.org/
Apache License 2.0
106 stars 44 forks source link

Add 'ServiceData' in 'data' field to support spec version 1.5 #673

Closed justahero closed 7 months ago

justahero commented 7 months ago

This PR updates the data field type (in services) to support version 1.5. The JSON schema for the ServiceData type expands 'data' block, nesting the properties into a dataflow block for the XML format. The JSON format keeps addtional fiels on the same level. The given XML examples in the specification repository still allow both variants in version 1.5. The XML structure is either of the following.

<data>
  <classification flow="inbound">PII</classification>
</data>

or

<data>
  <dataflow name="Stock Service to MS-1" description="Traffic to/from stock service to microservice-1">
    <classification flow="bi-directional">PII</classification>
    <source>
      <url>urn:cdx:3e671687-395b-41f5-a30f-a58921a69b79/1#ms-1.example.com</url>
    </source>
    <destination>
      <url>urn:cdx:3e671687-395b-41f5-a30f-a58921a69b79/1#ms-1.example.com</url>
    </destination>
  </dataflow>
</data>

Both versions are supported in XML serialization code.