coderpatros
commented
2 years ago @smlambert feel free to ask me anything on the CycloneDX Slack if you have any questions about CycloneDX.
Open smlambert opened 2 years ago
coderpatros
commented
2 years ago @smlambert feel free to ask me anything on the CycloneDX Slack if you have any questions about CycloneDX.
spoole167
commented
2 years ago I'll take point on the investigation to start
coderpatros
commented
2 years ago @spoole167 extensions are problematic due to limitations in JSON and protobuf. Custom properties are recommended as a lightweight way to extend the core spec for specific use cases without using an extension. They can be applied at the top level metadata, component, or service levels.
We have an official, namespaced, custom property taxonomy registry.
For example, there is the option to register an adoptium namespace that is managed by the Adoptium project. It could then go further and define an adoptium:temurin namespace, or whatever makes sense.
https://github.com/CycloneDX/cyclonedx-property-taxonomy
Let me know if you have any questions. Happy to have a chat about it.
spoole167
commented
2 years ago @coderpatros hi - have been exploring and talking to some folk about cycloneDX. Would like to chat to you about some specifics.
coderpatros
commented
2 years ago @spoole167 happy to chat. You can message me on the OWASP or CycloneDX slack https://cyclonedx.org/slack/invite or my email address is patrick.dwyer@owasp.org and we can organise an online call.
SehrishHussain
commented
2 years ago Hi @coderpatros, I have a few questions regarding CycloneDX SBoM. Have sent you a message on slack. Please check. Your help is very appreciated.
Now that we have a prototype (related: https://github.com/adoptium/temurin-build/issues/2594), we would like to investigate creating an extension via a popular/standard way of defining the same information: see https://cyclonedx.org/about/guiding-principles/