All Downloads are FREE. Search and download functionalities are using the official Maven repository.

.cyclonedx-core-java.2.5.1.source-code.bom-1.0.xsd Maven / Gradle / Ivy

Go to download

The CycloneDX core module provides a model representation of the BOM along with utilities to assist in creating, parsing, and validating BOMs.

There is a newer version: 10.0.0
Show newest version



    

    
        
            
                
                    The person(s) or organization(s) that published the component
                
            
            
                
                    The grouping name or identifier. This will often be a shortened, single
                        name of the company or project that produced the component, or the source package or
                        domain name. Whitespace and special characters should be avoided. Examples include:
                        apache, org.apache.commons, and apache.org.
                
            
            
                
                    The name of the component. This will often be a shortened, single name
                        of the component. Examples: commons-lang3 and jquery
                
            
            
                
                    The component version. The version should ideally comply with semantic versioning
                        but is not enforced.
                
            
            
                
                    Specifies a description for the component
                
            
            
                
                    Specifies the scope of the component. If scope is not specified, 'runtime'
                        scope will be assumed.
                
            
            
                
                    
                        
                    
                
            
            
                
                    
                        
                            
                                
                                    
                                        
                                            
                                                A valid SPDX license ID
                                            
                                        
                                        
                                            
                                                If SPDX does not define the license used, this field may be used to provide the license name
                                            
                                        
                                    
                                
                            
                        
                    
                
            
            
                
                    An optional copyright notice informing users of the underlying claims to copyright ownership in a published work.
                
            
            
                
                    Specifies a well-formed CPE name. See https://nvd.nist.gov/products/cpe
                
            
            
                
                    
                        Specifies the package-url (PURL). The purl, if specified, must be valid and conform
                        to the specification defined at: https://github.com/package-url/purl-spec
                    
                
            
            
                
                    
                        A boolean value indicating is the component has been modified from the original.
                        A value of true indicates the component is a derivative of the original.
                        A value of false indicates the component has not been modified from the original.
                    
                
            
            
                
                    
                        Specifies optional sub-components. This is not a dependency tree. It simply provides
                        an optional way to group large sets of components together.
                    
                
                
                    
                        
                    
                
            
        
        
            
                
                    Specifies the type of component. Software applications, libraries, frameworks, and
                    other dependencies should be classified as 'application'.
                
            
        
        
            
                User-defined attributes may be used on this element as long as they
                    do not have the same name as an existing attribute used by the schema.
            
        
    

    
        
            Specifies the file hash of the component
        
        
            
                
                    
                        Specifies the algorithm used to create hash
                    
                
            
        
    

    
        
            
                
                    The component is required for runtime
                
            
            
                
                    The component is optional at runtime. Optional components are components that
                        are not capable of being called due to them not be installed or otherwise accessible by any means.
                        Components that are installed but due to configuration or other restrictions are prohibited from
                        being called must be scoped as 'required'.
                
            
        
    

    
        
            
            
            
            
            
        
    

    
        
            
            
            
            
            
            
            
        
    

    
        
            
        
    

    
        
            
                Define the format for acceptable CPE URIs. Supports CPE 2.2 and CPE 2.3 formats. Refer to https://nvd.nist.gov/products/cpe for official specification.
            
        
        
            
        
    

    
        
            
                
                    
                        
                            
                        
                        
                            
                                User-defined attributes may be used on this element as long as they
                                    do not have the same name as an existing attribute used by the schema.
                            
                        
                    
                
            
            
                
                    The version allows component publishers/authors to make changes to existing
                        BOMs to update various aspects of the document such as description or licenses. When a system
                        is presented with multiiple BOMs for the same component, the system should use the most recent
                        version of the BOM. The default version is '1' and should be incremented for each version of the
                        BOM that is published. Each version of a component should have a unique BOM and if no changes are
                        made to the BOMs, then each BOM will have a version of '1'.
                
            
            
                
                    User-defined attributes may be used on this element as long as they
                        do not have the same name as an existing attribute used by the schema.
                
            
        
    




© 2015 - 2025 Weber Informatics LLC | Privacy Policy