Open dcentrica opened 1 year ago
stevespringett
commented
1 year ago CycloneDX v1.5 adds a few more component type. One of the new types is platform which is defined as
A runtime environment which interprets or executes software. This may include runtimes such as those that execute bytecode or low-code/no-code application platforms
jkowalleck
commented
1 year ago JVM interprets byte code.
Python and php-fpm interprets (script) code.
PS: nowadays, some are actually just-in-time compilers, not pure interpreters.
jkowalleck
commented
1 year ago @dcentrica what about using component.type value "platform" ?
We might adjust the documentation, to make clear that is serves the desired purpose. What would have helped you?
- A runtime environment which interprets or executes software. This may include runtimes such as those that execute bytecode or low-code/no-code application platforms.
+ A runtime environment which interprets or executes software. This may include runtimes such as those that execute bytecode, or just-in-time compilers, or low-code/no-code application platforms.@stevespringett if we wanted to extend the docs and meaning of an enum, do we need to consult the @CycloneDX/industry-working-group ?
PS: got an answer offline: nope, not needed.
At as v1.4 the only values accepted by
components.typeare as follows:Having reviewed the definitions of each, none fits the bill to describe an application's runtime e.g. "JVM", "Python", "php-fpm" etc. These are programming language runtimes, and not "frameworks" or "libraries".
My suggestion is to add a new
components.typeof "runtime".