diff --git a/schema/bom-1.5.proto b/schema/bom-1.5.proto
index 375f6f26..3e3004b3 100644
--- a/schema/bom-1.5.proto
+++ b/schema/bom-1.5.proto
@@ -279,6 +279,8 @@ message License {
optional string bom_ref = 5;
// Licensing details describing the licensor/licensee, license type, renewal and expiration dates, and other important metadata
optional Licensing licensing = 6;
+ // Specifies optional, custom, properties
+ repeated Property properties = 7;
}
message Licensing {
diff --git a/schema/bom-1.5.schema.json b/schema/bom-1.5.schema.json
index 2e5b5b3b..835f4b12 100644
--- a/schema/bom-1.5.schema.json
+++ b/schema/bom-1.5.schema.json
@@ -783,6 +783,13 @@
"description": "The timestamp indicating when the current license expires (if applicable)."
}
}
+ },
+ "properties": {
+ "type": "array",
+ "title": "Properties",
+ "description": "Provides the ability to document properties in a name-value store. This provides flexibility to include data not officially supported in the standard without having to use additional namespaces or create extensions. Unlike key-value stores, properties support duplicate names, each potentially having different values. Property names of interest to the general public are encouraged to be registered in the [CycloneDX Property Taxonomy](https://github.com/CycloneDX/cyclonedx-property-taxonomy). Formal registration is OPTIONAL.",
+ "additionalItems": false,
+ "items": {"$ref": "#/definitions/property"}
}
}
},
diff --git a/schema/bom-1.5.xsd b/schema/bom-1.5.xsd
index 2c17a397..51dc81c5 100644
--- a/schema/bom-1.5.xsd
+++ b/schema/bom-1.5.xsd
@@ -89,7 +89,7 @@ limitations under the License.
- Provides the ability to document properties in a key/value store.
+ Provides the ability to document properties in a name/value store.
This provides flexibility to include data not officially supported in the standard
without having to use additional namespaces or create extensions. Property names
of interest to the general public are encouraged to be registered in the
@@ -358,7 +358,7 @@ limitations under the License.
- Provides the ability to document properties in a key/value store.
+ Provides the ability to document properties in a name/value store.
This provides flexibility to include data not officially supported in the standard
without having to use additional namespaces or create extensions. Property names
of interest to the general public are encouraged to be registered in the
@@ -588,6 +588,16 @@ limitations under the License.
+
+
+ Provides the ability to document properties in a name/value store.
+ This provides flexibility to include data not officially supported in the standard
+ without having to use additional namespaces or create extensions. Property names
+ of interest to the general public are encouraged to be registered in the
+ CycloneDX Property Taxonomy - https://github.com/CycloneDX/cyclonedx-property-taxonomy.
+ Formal registration is OPTIONAL.
+
+
@@ -1046,8 +1056,8 @@ limitations under the License.
are URIs and therefore can accept any URL scheme including https, mailto, tel, and dns.
External references may also include formally registered URNs such as CycloneDX BOM-Link to
reference CycloneDX BOMs or any object within a BOM. BOM-Link transforms applicable external
- references into relationships that can be expressed in a BOM or across BOMs. Refer to:
- https://cyclonedx.org/capabilities/bomlink/
+ references into relationships that can be expressed in a BOM or across BOMs. Refer to:
+ https://cyclonedx.org/capabilities/bomlink/
@@ -1548,7 +1558,7 @@ limitations under the License.
- Provides the ability to document properties in a key/value store.
+ Provides the ability to document properties in a name/value store.
This provides flexibility to include data not officially supported in the standard
without having to use additional namespaces or create extensions. Property names
of interest to the general public are encouraged to be registered in the
@@ -1900,7 +1910,7 @@ limitations under the License.
- Provides the ability to document properties in a key/value store.
+ Provides the ability to document properties in a name/value store.
This provides flexibility to include data not officially supported in the standard
without having to use additional namespaces or create extensions. Property names
of interest to the general public are encouraged to be registered in the
@@ -2271,7 +2281,7 @@ limitations under the License.
- Provides the ability to document properties in a key/value store.
+ Provides the ability to document properties in a name/value store.
This provides flexibility to include data not officially supported in the standard
without having to use additional namespaces or create extensions. Property names
of interest to the general public are encouraged to be registered in the
@@ -2621,7 +2631,7 @@ limitations under the License.
- Provides the ability to document properties in a key/value store.
+ Provides the ability to document properties in a name/value store.
This provides flexibility to include data not officially supported in the standard
without having to use additional namespaces or create extensions. Property names
of interest to the general public are encouraged to be registered in the
diff --git a/tools/src/test/resources/1.5/valid-properties-1.5.json b/tools/src/test/resources/1.5/valid-properties-1.5.json
index 3a33ccfa..24ce5de1 100644
--- a/tools/src/test/resources/1.5/valid-properties-1.5.json
+++ b/tools/src/test/resources/1.5/valid-properties-1.5.json
@@ -28,6 +28,31 @@
"type": "library",
"name": "acme-library",
"version": "1.0.0",
+ "licenses": [
+ {
+ "license": {
+ "id": "Apache-2.0",
+ "properties": [
+ {
+ "name": "Foo",
+ "value": "Bar"
+ },
+ {
+ "name": "Foo",
+ "value": "You"
+ },
+ {
+ "name": "Foo",
+ "value": "Two"
+ },
+ {
+ "name": "Bar",
+ "value": "Foo"
+ }
+ ]
+ }
+ }
+ ],
"properties": [
{
"name": "Foo",
diff --git a/tools/src/test/resources/1.5/valid-properties-1.5.textproto b/tools/src/test/resources/1.5/valid-properties-1.5.textproto
index 94f4e2b4..63d878b5 100644
--- a/tools/src/test/resources/1.5/valid-properties-1.5.textproto
+++ b/tools/src/test/resources/1.5/valid-properties-1.5.textproto
@@ -23,6 +23,27 @@ components {
type: CLASSIFICATION_LIBRARY
name: "acme-library"
version: "1.0.0"
+ licenses {
+ license {
+ id: "Apache-2.0"
+ properties {
+ name: "Foo"
+ value: "Bar"
+ }
+ properties {
+ name: "Foo"
+ value: "You"
+ }
+ properties {
+ name: "Foo"
+ value: "Two"
+ }
+ properties {
+ name: "Bar"
+ value: "Foo"
+ }
+ }
+ }
properties {
name: "Foo"
value: "Bar"
diff --git a/tools/src/test/resources/1.5/valid-properties-1.5.xml b/tools/src/test/resources/1.5/valid-properties-1.5.xml
index 85abf9e9..91a1916f 100644
--- a/tools/src/test/resources/1.5/valid-properties-1.5.xml
+++ b/tools/src/test/resources/1.5/valid-properties-1.5.xml
@@ -12,6 +12,17 @@
acme-library
1.0.0
+
+
+ Apache-2.0
+
+ Bar
+ You
+ Two
+ Foo
+
+
+
Bar
Foo