search

CycloneDX / specification

OWASP CycloneDX is a full-stack Bill of Materials (BOM) standard that provides advanced supply chain capabilities for cyber risk reduction. SBOM, SaaSBOM, HBOM, AI/ML-BOM, CBOM, OBOM, MBOM, VDR, and VEX
https://cyclonedx.org/
Apache License 2.0
337 stars 57 forks source link

Support for ulid #450

Open prabhu opened 2 months ago

prabhu commented 2 months ago

https://github.com/ulid/spec

Currently, serialNumber has to be a uuid beginning with urn:uuid:. We can extend this to add support for ulid and other specifications to empower more modern applications.

jkowalleck commented 2 months ago

What would be a use case for this? What are edge cases? What is the scope? What are out-of scopes? What are the drawbacks?

prabhu commented 2 months ago

Different identifier specs have different use cases and properties. ulid, for instance, supports sorting. As a specification, we can allow the flexibility to support a range of identifiers.