Type Alias Bom

Type declaration

• annotations: Annotation[]

  Comments made by people, organizations, or tools about any object with a bom-ref, such as components, services, vulnerabilities, or the BOM itself. Unlike inventory information, annotations may contain opinion or commentary from various stakeholders.

  Generated

  from field: repeated cyclonedx.v1_6.Annotation annotations = 11;

• components: Component[]

  Provides the ability to document a list of components.

  Generated

  from field: repeated cyclonedx.v1_6.Component components = 5;

• compositions: Composition[]

  Compositions describe constituent parts (including components, services, and dependency relationships) and their completeness. The completeness of vulnerabilities expressed in a BOM may also be described.

  Generated

  from field: repeated cyclonedx.v1_6.Composition compositions = 9;

• declarations: Declarations[]

  The list of declarations which describe the conformance to standards. Each declaration may include attestations, claims, and evidence.

  Generated

  from field: repeated cyclonedx.v1_6.Declarations declarations = 14;

• definitions: Definition[]

  A collection of reusable objects that are defined and may be used elsewhere in the BOM.

  Generated

  from field: repeated cyclonedx.v1_6.Definition definitions = 15;

• dependencies: Dependency[]

  Provides the ability to document dependency relationships.

  Generated

  from field: repeated cyclonedx.v1_6.Dependency dependencies = 8;

• externalReferences: ExternalReference[]

  Provides the ability to document external references related to the BOM or to the project the BOM describes.

  Generated

  from field: repeated cyclonedx.v1_6.ExternalReference external_references = 7;

• formulation: Formula[]

  Describes how a component or service was manufactured or deployed. This is achieved through the use of formulas, workflows, tasks, and steps, which declare the precise steps to reproduce along with the observed formulas describing the steps which transpired in the manufacturing process.

  Generated

  from field: repeated cyclonedx.v1_6.Formula formulation = 13;

• Optionalmetadata?: Metadata

  Provides additional information about a BOM.

  Generated

  from field: optional cyclonedx.v1_6.Metadata metadata = 4;

• properties: Property[]

  Specifies optional, custom, properties

  Generated

  from field: repeated cyclonedx.v1_6.Property properties = 12;

• OptionalserialNumber?: string

  Every BOM generated should have a unique serial number, even if the contents of the BOM being generated have not changed over time. The process or tool responsible for creating the BOM should create random UUID's for every BOM generated.

  Generated

  from field: optional string serial_number = 3;

• services: Service[]

  Provides the ability to document a list of external services.

  Generated

  from field: repeated cyclonedx.v1_6.Service services = 6;

• specVersion: string

  The version of the CycloneDX specification a BOM is written to (starting at version 1.3)

  Generated

  from field: string spec_version = 1;

• Optionalversion?: number

  The version allows component publishers/authors to make changes to existing BOMs to update various aspects of the document such as description or licenses. When a system is presented with multiple BOMs for the same component, the system should use the most recent version of the BOM. The default version is '1' and should be incremented for each version of the BOM that is published. Each version of a component should have a unique BOM and if no changes are made to the BOMs, then each BOM will have a version of '1'.

  Generated

  from field: optional int32 version = 2;

• vulnerabilities: Vulnerability[]

  Vulnerabilities identified in components or services.

  Generated

  from field: repeated cyclonedx.v1_6.Vulnerability vulnerabilities = 10;