diff --git a/schema/bom-1.5.proto b/schema/bom-1.5.proto
index 937ea0e1..ce873571 100644
--- a/schema/bom-1.5.proto
+++ b/schema/bom-1.5.proto
@@ -121,16 +121,24 @@ message Component {
   optional ReleaseNotes releaseNotes = 24;
 }
 
-// Specifies the data classification.
-message DataClassification {
+// Specifies the data flow.
+message DataFlow {
   // Specifies the flow direction of the data.
-  DataFlow flow = 1;
-  // SimpleContent value of element
+  DataFlowDirection flow = 1;
+  // Data classification tags data according to its type, sensitivity, and value if altered, stolen, or destroyed.
   string value = 2;
+  // Name for the defined data
+  optional string name = 3;
+  // Short description of the data content and usage
+  optional string description = 4;
+  // The URI, URL, or BOM-Link of the components or services the data came in from
+  repeated string source = 5;
+  // The URI, URL, or BOM-Link of the components or services the data is sent to
+  repeated string destination = 6;
 }
 
 // Specifies the flow direction of the data. Valid values are: inbound, outbound, bi-directional, and unknown. Direction is relative to the service. Inbound flow states that data enters the service. Outbound flow states that data leaves the service. Bi-directional states that data flows both ways, and unknown states that the direction is not known.
-enum DataFlow {
+enum DataFlowDirection {
   DATA_FLOW_NULL = 0;
   DATA_FLOW_INBOUND = 1;
   DATA_FLOW_OUTBOUND = 2;
@@ -451,7 +459,7 @@ message Service {
   optional bool authenticated = 8;
   // A boolean value indicating if use of the service crosses a trust zone or boundary. A value of true indicates that by using the service, a trust boundary is crossed. A value of false indicates that by using the service, a trust boundary is not crossed.
   optional bool x_trust_boundary = 9;
-  repeated DataClassification data = 10;
+  repeated DataFlow data = 10;
   repeated LicenseChoice licenses = 11;
   // Provides the ability to document external references related to the service.
   repeated ExternalReference external_references = 12;
@@ -461,6 +469,8 @@ message Service {
   repeated Property properties = 14;
   // Specifies optional release notes.
   optional ReleaseNotes releaseNotes = 15;
+  // The name of the trust zone the service resides in.
+  optional string trustZone = 16;
 }
 
 message Swid {
diff --git a/schema/bom-1.5.schema.json b/schema/bom-1.5.schema.json
index f2f43304..95ab3a6a 100644
--- a/schema/bom-1.5.schema.json
+++ b/schema/bom-1.5.schema.json
@@ -1145,12 +1145,17 @@
           "title": "Crosses Trust Boundary",
           "description": "A boolean value indicating if use of the service crosses a trust zone or boundary. A value of true indicates that by using the service, a trust boundary is crossed. A value of false indicates that by using the service, a trust boundary is not crossed."
         },
+        "trustZone": {
+          "type": "string",
+          "title": "Trust Zone",
+          "description": "The name of the trust zone the service resides in."
+        },
         "data": {
           "type": "array",
           "additionalItems": false,
-          "items": {"$ref": "#/definitions/dataClassification"},
-          "title": "Data Classification",
-          "description": "Specifies the data classification."
+          "items": {"$ref": "#/definitions/dataFlow"},
+          "title": "Data",
+          "description": "Specifies the data flow, classification, and other relevant information."
         },
         "licenses": {
           "type": "array",
@@ -1192,7 +1197,7 @@
         }
       }
     },
-    "dataClassification": {
+    "dataFlow": {
       "type": "object",
       "title": "Hash Objects",
       "required": [
@@ -1202,7 +1207,7 @@
       "additionalProperties": false,
       "properties": {
         "flow": {
-          "$ref": "#/definitions/dataFlow",
+          "$ref": "#/definitions/dataFlowDirection",
           "title": "Directional Flow",
           "description": "Specifies the flow direction of the data. Direction is relative to the service. Inbound flow states that data enters the service. Outbound flow states that data leaves the service. Bi-directional states that data flows both ways, and unknown states that the direction is not known."
         },
@@ -1210,10 +1215,46 @@
           "type": "string",
           "title": "Classification",
           "description": "Data classification tags data according to its type, sensitivity, and value if altered, stolen, or destroyed."
+        },
+        "name": {
+          "type": "string",
+          "title": "Name",
+          "description": "Name for the defined data",
+          "examples": [
+            "Credit card reporting"
+          ]
+        },
+        "description": {
+          "type": "string",
+          "title": "Description",
+          "description": "Short description of the data content and usage",
+          "examples": [
+            "Credit card information being exchanged in between the web app and the database"
+          ]
+        },
+        "source": {
+          "type": "array",
+          "additionalItems": false,
+          "items": {
+            "type": "string",
+            "format": "iri-reference"
+          },
+          "title": "Source",
+          "description": "The URI, URL, or BOM-Link of the components or services the data came in from"
+        },
+        "destination": {
+          "type": "array",
+          "additionalItems": false,
+          "items": {
+            "type": "string",
+            "format": "iri-reference"
+          },
+          "title": "Destination",
+          "description": "The URI, URL, or BOM-Link of the components or services the data is sent to"
         }
       }
     },
-    "dataFlow": {
+    "dataFlowDirection": {
       "type": "string",
       "enum": [
         "inbound",
diff --git a/schema/bom-1.5.xsd b/schema/bom-1.5.xsd
index 357f6fd3..f204bbb5 100644
--- a/schema/bom-1.5.xsd
+++ b/schema/bom-1.5.xsd
@@ -1544,15 +1544,76 @@ limitations under the License.
                         A value of false indicates that by using the service, a trust boundary is not crossed.</xs:documentation>
                 </xs:annotation>
             </xs:element>
+            <xs:element name="trustZone" type="xs:string" minOccurs="0" maxOccurs="1">
+                <xs:annotation>
+                    <xs:documentation>The name of the trust zone the service resides in.</xs:documentation>
+                </xs:annotation>
+            </xs:element>
             <xs:element name="data" minOccurs="0" maxOccurs="1">
                 <xs:complexType>
-                    <xs:sequence minOccurs="0" maxOccurs="unbounded">
-                        <xs:element name="classification" type="bom:dataClassificationType">
+                    <xs:choice>
+                        <xs:sequence minOccurs="0" maxOccurs="unbounded">
+                            <xs:element name="classification" type="bom:dataClassificationType">
+                                <xs:annotation>
+                                    <xs:documentation>DEPRECATED: Specifies the data classification. THIS FIELD IS DEPRECATED AS OF v1.5. Use dataflow\classification instead</xs:documentation>
+                                </xs:annotation>
+                            </xs:element>
+                        </xs:sequence>
+                        <xs:element name="dataflow" minOccurs="0" maxOccurs="unbounded">
                             <xs:annotation>
                                 <xs:documentation>Specifies the data classification.</xs:documentation>
                             </xs:annotation>
+                            <xs:complexType>
+                                <xs:sequence>
+                                    <xs:element name="classification" type="bom:dataClassificationType" minOccurs="0" maxOccurs="1">
+                                        <xs:annotation>
+                                            <xs:documentation>Specifies the data classification.</xs:documentation>
+                                        </xs:annotation>
+                                    </xs:element>
+                                    <xs:element name="source" minOccurs="0" maxOccurs="1">
+                                        <xs:annotation>
+                                            <xs:documentation>The URI, URL, or BOM-Link of the components or services the data came in from.</xs:documentation>
+                                        </xs:annotation>
+                                        <xs:complexType>
+                                            <xs:sequence minOccurs="0" maxOccurs="unbounded">
+                                                <xs:element name="url" type="xs:anyURI"/>
+                                            </xs:sequence>
+                                        </xs:complexType>
+                                    </xs:element>
+                                    <xs:element name="destination" minOccurs="0" maxOccurs="1">
+                                        <xs:annotation>
+                                            <xs:documentation>The URI, URL, or BOM-Link of the components or services the data is sent to.</xs:documentation>
+                                        </xs:annotation>
+                                        <xs:complexType>
+                                            <xs:sequence minOccurs="0" maxOccurs="unbounded">
+                                                <xs:element name="url" type="xs:anyURI"/>
+                                            </xs:sequence>
+                                        </xs:complexType>
+                                    </xs:element>
+                                </xs:sequence>
+                                <xs:attribute name="name" type="xs:string" use="optional">
+                                    <xs:annotation>
+                                        <xs:documentation>
+                                            Name for the defined data.
+                                        </xs:documentation>
+                                    </xs:annotation>
+                                </xs:attribute>
+                                <xs:attribute name="description" type="xs:string" use="optional">
+                                    <xs:annotation>
+                                        <xs:documentation>
+                                            Short description of the data content and usage.
+                                        </xs:documentation>
+                                    </xs:annotation>
+                                </xs:attribute>
+                                <xs:anyAttribute namespace="##any" processContents="lax">
+                                    <xs:annotation>
+                                        <xs:documentation>User-defined attributes may be used on this element as long as they
+                                            do not have the same name as an existing attribute used by the schema.</xs:documentation>
+                                    </xs:annotation>
+                                </xs:anyAttribute>
+                            </xs:complexType>
                         </xs:element>
-                    </xs:sequence>
+                    </xs:choice>
                 </xs:complexType>
             </xs:element>
             <xs:element name="licenses" type="bom:licenseChoiceType" minOccurs="0" maxOccurs="1"/>
diff --git a/tools/src/test/resources/1.5/valid-saasbom-1.5.json b/tools/src/test/resources/1.5/valid-saasbom-1.5.json
new file mode 100644
index 00000000..929d1130
--- /dev/null
+++ b/tools/src/test/resources/1.5/valid-saasbom-1.5.json
@@ -0,0 +1,294 @@
+{
+  "bomFormat": "CycloneDX",
+  "specVersion": "1.5",
+  "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79",
+  "version": 1,
+  "metadata": {
+    "timestamp": "2021-01-10T12:00:00Z",
+    "component": {
+      "bom-ref": "acme-stock-application",
+      "type": "application",
+      "name": "Acme SaaSBOM Example",
+      "version": "2022-1"
+    }
+  },
+  "services": [
+    {
+      "bom-ref": "stock-ticker-service",
+      "provider": {
+        "name": "Acme Inc",
+        "url": [ "https://example.com" ]
+      },
+      "group": "com.example",
+      "name": "Stock Ticker Service",
+      "version": "2022-1",
+      "endpoints": [
+        "https://example.com/",
+        "https://example.com/app"
+      ],
+      "authenticated": true,
+      "trustZone": "Acme Public Zone",
+      "data": [
+        {
+          "name": "Consumer to Stock Service",
+          "description": "Traffic to/from consumer to service",
+          "classification": "Customer",
+          "flow": "bi-directional",
+          "source": [
+            "https://0.0.0.0"
+          ],
+          "destination": [
+            "https://0.0.0.0"
+          ]
+        },
+        {
+          "name": "Stock Service to MS-1",
+          "description": "Traffic to/from stock service to microservice-1",
+          "classification": "PII",
+          "flow": "bi-directional",
+          "source": [
+            "urn:cdx:3e671687-395b-41f5-a30f-a58921a69b79/1#ms-1.example.com"
+          ],
+          "destination": [
+            "urn:cdx:3e671687-395b-41f5-a30f-a58921a69b79/1#ms-1.example.com"
+          ]
+        },
+        {
+          "name": "Stock Service to MS-2",
+          "description": "Traffic to/from stock service to microservice-2",
+          "classification": "PIFI",
+          "flow": "bi-directional",
+          "source": [
+            "urn:cdx:3e671687-395b-41f5-a30f-a58921a69b79/1#ms-2.example.com"
+          ],
+          "destination": [
+            "urn:cdx:3e671687-395b-41f5-a30f-a58921a69b79/1#ms-2.example.com"
+          ]
+        },
+        {
+          "name": "Stock Service to MS-3",
+          "description": "Traffic to/from stock service to microservice-3",
+          "classification": "Public",
+          "flow": "bi-directional",
+          "source": [
+            "urn:cdx:3e671687-395b-41f5-a30f-a58921a69b79/1#ms-3.example.com"
+          ],
+          "destination": [
+            "urn:cdx:3e671687-395b-41f5-a30f-a58921a69b79/1#ms-3.example.com"
+          ]
+        }
+      ],
+      "externalReferences": [
+        {
+          "type": "documentation",
+          "url": "https://example.com/app/swagger"
+        }
+      ],
+      "services": [
+        {
+          "bom-ref": "ms-1.example.com",
+          "provider": {
+            "name": "Acme Inc",
+            "url": [ "https://example.com" ]
+          },
+          "group": "com.example",
+          "name": "Microservice 1",
+          "version": "2022-1",
+          "description": "Example Microservice",
+          "endpoints": [
+            "https://ms-1.example.com"
+          ],
+          "authenticated": true,
+          "trustZone": "Acme Private Zone",
+          "data": [
+            {
+              "name": "Stock Service to MS-1",
+              "description": "Traffic to/from stock service to microservice-1",
+              "classification": "PII",
+              "flow": "bi-directional",
+              "source": [
+                "urn:cdx:3e671687-395b-41f5-a30f-a58921a69b79/1#stock-ticker-service"
+              ],
+              "destination": [
+                "urn:cdx:3e671687-395b-41f5-a30f-a58921a69b79/1#stock-ticker-service"
+              ]
+            },
+            {
+              "name": "MS-1 to Database",
+              "description": "Traffic to/from microservice-1 to database",
+              "classification": "PII",
+              "flow": "bi-directional",
+              "source": [
+                "urn:cdx:3e671687-395b-41f5-a30f-a58921a69b79/1#ms-1-pgsql.example.com"
+              ],
+              "destination": [
+                "urn:cdx:3e671687-395b-41f5-a30f-a58921a69b79/1#ms-1-pgsql.example.com"
+              ]
+            }
+          ],
+          "externalReferences": [
+            {
+              "type": "documentation",
+              "url": "https://ms-1.example.com/swagger"
+            }
+          ]
+        },
+        {
+          "bom-ref": "ms-2.example.com",
+          "provider": {
+            "name": "Acme Inc",
+            "url": [ "https://example.com" ]
+          },
+          "group": "com.example",
+          "name": "Microservice 2",
+          "version": "2022-1",
+          "description": "Example Microservice",
+          "endpoints": [
+            "https://ms-2.example.com"
+          ],
+          "authenticated": true,
+          "trustZone": "Acme Private Zone",
+          "data": [
+            {
+              "name": "Stock Service to MS-2",
+              "description": "Traffic to/from stock service to microservice-2",
+              "classification": "PIFI",
+              "flow": "bi-directional",
+              "source": [
+                "urn:cdx:3e671687-395b-41f5-a30f-a58921a69b79/1#stock-ticker-service"
+              ],
+              "destination": [
+                "urn:cdx:3e671687-395b-41f5-a30f-a58921a69b79/1#stock-ticker-service"
+              ]
+            }
+          ],
+          "externalReferences": [
+            {
+              "type": "documentation",
+              "url": "https://ms-2.example.com/swagger"
+            }
+          ]
+        },
+        {
+          "bom-ref": "ms-3.example.com",
+          "provider": {
+            "name": "Acme Inc",
+            "url": [ "https://example.com" ]
+          },
+          "group": "com.example",
+          "name": "Microservice 3",
+          "version": "2022-1",
+          "description": "Example Microservice",
+          "endpoints": [
+            "https://ms-3.example.com"
+          ],
+          "authenticated": true,
+          "trustZone": "Acme Private Zone",
+          "data": [
+            {
+              "name": "Stock Service to MS-3",
+              "description": "Traffic to/from stock service to microservice-3",
+              "classification": "Public",
+              "flow": "bi-directional",
+              "source": [
+                "urn:cdx:3e671687-395b-41f5-a30f-a58921a69b79/1#stock-ticker-service"
+              ],
+              "destination": [
+                "urn:cdx:3e671687-395b-41f5-a30f-a58921a69b79/1#stock-ticker-service"
+              ]
+            },
+            {
+              "name": "MS-3 to S3",
+              "description": "Data pushed from microservice-3 to S3 bucket",
+              "classification": "Public",
+              "flow": "outbound",
+              "destination": [
+                "urn:cdx:3e671687-395b-41f5-a30f-a58921a69b79/1#s3-example.amazon.com"
+              ]
+            }
+          ],
+          "externalReferences": [
+            {
+              "type": "documentation",
+              "url": "https://ms-3.example.com/swagger"
+            }
+          ]
+        },
+        {
+          "bom-ref": "ms-1-pgsql.example.com",
+          "group": "org.postgresql",
+          "name": "Postgres",
+          "version": "14.1",
+          "description": "Postgres database for Microservice #1",
+          "endpoints": [
+            "https://ms-1-pgsql.example.com:5432"
+          ],
+          "authenticated": true,
+          "trustZone": "Acme Private Zone",
+          "data": [
+            {
+              "name": "MS-1 to Database",
+              "description": "Traffic to/from microservice-1 to database",
+              "classification": "PII",
+              "flow": "bi-directional",
+              "source": [
+                "urn:cdx:3e671687-395b-41f5-a30f-a58921a69b79/1#ms-1.example.com"
+              ],
+              "destination": [
+                "urn:cdx:3e671687-395b-41f5-a30f-a58921a69b79/1#ms-1.example.com"
+              ]
+            }
+          ]
+        },
+        {
+          "bom-ref": "s3-example.amazon.com",
+          "group": "com.amazon",
+          "name": "S3",
+          "description": "S3 bucket",
+          "endpoints": [
+            "https://s3-example.amazon.com"
+          ],
+          "authenticated": true,
+          "trustZone": "Public Internet",
+          "data": [
+            {
+              "name": "MS-3 to S3",
+              "description": "Data pushed from microservice-3 to S3 bucket",
+              "classification": "Public",
+              "flow": "inbound",
+              "source": [
+                "urn:cdx:3e671687-395b-41f5-a30f-a58921a69b79/1#ms-3.example.com"
+              ]
+            }
+          ]
+        }
+      ]
+    }
+  ],
+  "dependencies": [
+    {
+      "ref": "acme-stock-application",
+      "dependsOn": [ "stock-ticker-service" ]
+    },
+    {
+      "ref": "stock-ticker-service",
+      "dependsOn": [
+        "ms-1.example.com",
+        "ms-2.example.com",
+        "ms-3.example.com"
+      ]
+    },
+    {
+      "ref": "ms-1.example.com",
+      "dependsOn": [ "ms-1-pgsql.example.com" ]
+    },
+    {
+      "ref": "ms-2.example.com",
+      "dependsOn": [ ]
+    },
+    {
+      "ref": "ms-3.example.com",
+      "dependsOn": [ "s3-example.amazon.com" ]
+    }
+  ]
+}
\ No newline at end of file
diff --git a/tools/src/test/resources/1.5/valid-saasbom-1.5.textproto b/tools/src/test/resources/1.5/valid-saasbom-1.5.textproto
new file mode 100644
index 00000000..6b025220
--- /dev/null
+++ b/tools/src/test/resources/1.5/valid-saasbom-1.5.textproto
@@ -0,0 +1,195 @@
+spec_version: "1.5"
+version: 1
+serial_number: "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79"
+metadata {
+  timestamp {
+    seconds: 3173618478
+    nanos: 3
+  }
+  component {
+    type: CLASSIFICATION_APPLICATION
+    bom_ref: "acme-stock-application"
+    name: "Acme SaaSBOM Example"
+    version: "2022-1"
+  }
+}
+services {
+  bom_ref: "stock-ticker-service"
+  provider {
+    name: "Acme Inc"
+    url: "https://example.com"
+  }
+  group: "com.example"
+  name: "Stock Ticker Service"
+  version:"2022-1"
+  endpoints: "https://example.com/"
+  endpoints: "https://example.com/app"
+  authenticated: true
+  trustZone:  "Acme Public Zone"
+  data {
+    flow: DATA_FLOW_BI_DIRECTIONAL
+    value: "Customer"
+    name: "Consumer to Stock Service",
+    description: "Traffic to/from consumer to service"
+    source: "https://0.0.0.0"
+    destination: "https://0.0.0.0"
+  }
+  data {
+    flow: DATA_FLOW_BI_DIRECTIONAL
+    value: "PII"
+    name: "Stock Service to MS-1"
+    description: "Traffic to/from stock service to microservice-1"
+    source: "urn:cdx:3e671687-395b-41f5-a30f-a58921a69b79/1#ms-1.example.com"
+    destination: "urn:cdx:3e671687-395b-41f5-a30f-a58921a69b79/1#ms-1.example.com"
+  }
+  data {
+    flow: DATA_FLOW_BI_DIRECTIONAL
+    value: "PIFI"
+    name: "Stock Service to MS-2"
+    description: "Traffic to/from stock service to microservice-2"
+    source: "urn:cdx:3e671687-395b-41f5-a30f-a58921a69b79/1#ms-2.example.com"
+    destination: "urn:cdx:3e671687-395b-41f5-a30f-a58921a69b79/1#ms-2.example.com"
+  }
+  data {
+    flow: DATA_FLOW_BI_DIRECTIONAL
+    value: "Public"
+    name: "Stock Service to MS-3"
+    description: "Traffic to/from stock service to microservice-3"
+    source: "urn:cdx:3e671687-395b-41f5-a30f-a58921a69b79/1#ms-3.example.com"
+    destination: "urn:cdx:3e671687-395b-41f5-a30f-a58921a69b79/1#ms-3.example.com"
+  }
+  external_references {
+    type: EXTERNAL_REFERENCE_TYPE_DOCUMENTATION
+    url: "https://example.com/app/swagger"
+  }
+  services {
+    bom_ref: "ms-1.example.com"
+    provider {
+      name: "Acme Inc"
+      url: "https://example.com"
+    }
+    group: "com.example"
+    name: "Microservice 1"
+    version:"2022-1"
+    endpoints: "https://ms-1.example.com"
+    authenticated: true
+    trustZone:  "Acme Private Zone"
+    data {
+      flow: DATA_FLOW_BI_DIRECTIONAL
+      value: "PII"
+      name: "Stock Service to MS-1"
+      description: "Traffic to/from stock service to microservice-1"
+      source: "urn:cdx:3e671687-395b-41f5-a30f-a58921a69b79/1#stock-ticker-service"
+      destination: "urn:cdx:3e671687-395b-41f5-a30f-a58921a69b79/1#stock-ticker-service"
+    }
+    data {
+      flow: DATA_FLOW_BI_DIRECTIONAL
+      value: "PII"
+      name: "MS-1 to Database"
+      description: "Traffic to/from microservice-1 to database"
+      source: "urn:cdx:3e671687-395b-41f5-a30f-a58921a69b79/1#ms-1-pgsql.example.com"
+      destination: "urn:cdx:3e671687-395b-41f5-a30f-a58921a69b79/1#ms-1-pgsql.example.com"
+    }
+    external_references {
+      type: EXTERNAL_REFERENCE_TYPE_DOCUMENTATION
+      url: "https://ms-1.example.com/swagger"
+    }
+  }
+  services {
+    bom_ref: "ms-2.example.com"
+    provider {
+      name: "Acme Inc"
+      url: "https://example.com"
+    }
+    group: "com.example"
+    name: "Microservice 2"
+    version:"2022-1"
+    endpoints: "https://ms-2.example.com"
+    authenticated: true
+    trustZone:  "Acme Private Zone"
+    data {
+      flow: DATA_FLOW_BI_DIRECTIONAL
+      value: "PIFI"
+      name: "Stock Service to MS-2"
+      description: "Traffic to/from stock service to microservice-2"
+      source: "urn:cdx:3e671687-395b-41f5-a30f-a58921a69b79/1#stock-ticker-service"
+      destination: "urn:cdx:3e671687-395b-41f5-a30f-a58921a69b79/1#stock-ticker-service"
+    }
+    external_references {
+      type: EXTERNAL_REFERENCE_TYPE_DOCUMENTATION
+      url: "https://ms-2.example.com/swagger"
+    }
+  }
+  services {
+    bom_ref: "ms-3.example.com"
+    provider {
+      name: "Acme Inc"
+      url: "https://example.com"
+    }
+    group: "com.example"
+    name: "Microservice 3"
+    version:"2022-1"
+    endpoints: "https://ms-3.example.com"
+    authenticated: true
+    trustZone:  "Acme Private Zone"
+    data {
+      flow: DATA_FLOW_BI_DIRECTIONAL
+      value: "Public"
+      name: "Stock Service to MS-3"
+      description: "Traffic to/from stock service to microservice-3"
+      source: "urn:cdx:3e671687-395b-41f5-a30f-a58921a69b79/1#stock-ticker-service"
+      destination: "urn:cdx:3e671687-395b-41f5-a30f-a58921a69b79/1#stock-ticker-service"
+    }
+    data {
+      flow: DATA_FLOW_OUTBOUND
+      value: "Public"
+      name: "MS-3 to S3"
+      description: "Data pushed from microservice-3 to S3 bucket"
+      destination: "urn:cdx:3e671687-395b-41f5-a30f-a58921a69b79/1#s3-example.amazon.com"
+    }
+    external_references {
+      type: EXTERNAL_REFERENCE_TYPE_DOCUMENTATION
+      url: "https://ms-3.example.com/swagger"
+    }
+  }
+  services {
+    bom_ref: "ms-1-pgsql.example.com"
+    group: "org.postgresql"
+    name: "Postgres"
+    version:"14.1"
+    description: "Postgres database for Microservice #1"
+    endpoints: "https://ms-1-pgsql.example.com:5432"
+    authenticated: true
+    trustZone:  "Acme Private Zone"
+    data {
+      flow: DATA_FLOW_BI_DIRECTIONAL
+      value: "PII"
+      name: "MS-1 to Database"
+      description: "Traffic to/from microservice-1 to database"
+      source: "urn:cdx:3e671687-395b-41f5-a30f-a58921a69b79/1#ms-1.example.com"
+      destination: "urn:cdx:3e671687-395b-41f5-a30f-a58921a69b79/1#ms-1.example.com"
+    }
+  }
+  services {
+    bom_ref: "s3-example.amazon.com"
+    group: "com.amazon"
+    name: "S3"
+    description: "S3 bucket"
+    endpoints:  "https://s3-example.amazon.com"
+    authenticated: true
+    trustZone:  "Public Internet"
+    data {
+      flow: DATA_FLOW_INBOUND
+      value: "PII"
+      name: "MS-3 to S3"
+      description: "Data pushed from microservice-3 to S3 bucket"
+      source: "urn:cdx:3e671687-395b-41f5-a30f-a58921a69b79/1#ms-3.example.com"
+    }
+  }
+}
+dependencies {
+  ref: "pkg:maven/com.acme/stock-java-client@1.0.12"
+  dependencies {
+    ref: "b2a46a4b-8367-4bae-9820-95557cfe03a8"
+  }
+}
diff --git a/tools/src/test/resources/1.5/valid-saasbom-1.5.xml b/tools/src/test/resources/1.5/valid-saasbom-1.5.xml
new file mode 100644
index 00000000..d8101afc
--- /dev/null
+++ b/tools/src/test/resources/1.5/valid-saasbom-1.5.xml
@@ -0,0 +1,230 @@
+<?xml version="1.0"?>
+<bom serialNumber="urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79" version="1" xmlns="http://cyclonedx.org/schema/bom/1.5">
+    <metadata>
+        <timestamp>2021-01-10T12:00:00Z</timestamp>
+        <component type="application" bom-ref="acme-stock-application">
+            <name>Acme SaaSBOM Example</name>
+            <version>2022-1</version>
+        </component>
+    </metadata>
+    <services>
+        <service bom-ref="stock-ticker-service">
+            <provider>
+                <name>Acme Inc</name>
+                <url>https://example.com</url>
+            </provider>
+            <group>com.example</group>
+            <name>Stock ticker Service</name>
+            <endpoints>
+                <endpoint>https://example.com/</endpoint>
+                <endpoint>https://example.com/app</endpoint>
+            </endpoints>
+            <authenticated>true</authenticated>
+            <trustZone>Acme Public Zone</trustZone>
+            <data>
+                <dataflow name="Consumer to Stock Service" description="Traffic to/from consumer to service">
+                    <classification flow="bi-directional">Customer</classification>
+                    <source>
+                        <url>https://0.0.0.0</url>
+                    </source>
+                    <destination>
+                        <url>https://0.0.0.0</url>
+                    </destination>
+                </dataflow>
+                <dataflow name="Stock Service to MS-1" description="Traffic to/from stock service to microservice-1">
+                    <classification flow="bi-directional">PII</classification>
+                    <source>
+                        <url>urn:cdx:3e671687-395b-41f5-a30f-a58921a69b79/1#ms-1.example.com</url>
+                    </source>
+                    <destination>
+                        <url>urn:cdx:3e671687-395b-41f5-a30f-a58921a69b79/1#ms-1.example.com</url>
+                    </destination>
+                </dataflow>
+                <dataflow name="Stock Service to MS-2" description="Traffic to/from stock service to microservice-2">
+                    <classification flow="bi-directional">PIFI</classification>
+                    <source>
+                        <url>urn:cdx:3e671687-395b-41f5-a30f-a58921a69b79/1#ms-2.example.com</url>
+                    </source>
+                    <destination>
+                        <url>urn:cdx:3e671687-395b-41f5-a30f-a58921a69b79/1#ms-2.example.com</url>
+                    </destination>
+                </dataflow>
+                <dataflow name="Stock Service to MS-3" description="Traffic to/from stock service to microservice-3">
+                    <classification flow="bi-directional">Public</classification>
+                    <source>
+                        <url>urn:cdx:3e671687-395b-41f5-a30f-a58921a69b79/1#ms-3.example.com</url>
+                    </source>
+                    <destination>
+                        <url>urn:cdx:3e671687-395b-41f5-a30f-a58921a69b79/1#ms-3.example.com</url>
+                    </destination>
+                </dataflow>
+            </data>
+            <externalReferences>
+                <reference type="documentation">
+                    <url>https://example.com/app/swagger</url>
+                </reference>
+            </externalReferences>
+            <services>
+                <service bom-ref="ms-1.example.com">
+                    <provider>
+                        <name>Acme Inc</name>
+                        <url>https://example.com</url>
+                    </provider>
+                    <group>com.example</group>
+                    <name>Microservice 1</name>
+                    <endpoints>
+                        <endpoint>https://ms-1.example.com</endpoint>
+                    </endpoints>
+                    <authenticated>true</authenticated>
+                    <trustZone>Acme Private Zone</trustZone>
+                    <data>
+                        <dataflow name="Stock Service to MS-1" description="Traffic to/from stock service to microservice-1">
+                            <classification flow="bi-directional">PII</classification>
+                            <source>
+                                <url>urn:cdx:3e671687-395b-41f5-a30f-a58921a69b79/1#stock-ticker-service</url>
+                            </source>
+                            <destination>
+                                <url>urn:cdx:3e671687-395b-41f5-a30f-a58921a69b79/1#stock-ticker-service</url>
+                            </destination>
+                        </dataflow>
+                        <dataflow name="MS-1 to Database" description="Traffic to/from microservice-1 to database">
+                            <classification flow="bi-directional">PII</classification>
+                            <source>
+                                <url>urn:cdx:3e671687-395b-41f5-a30f-a58921a69b79/1#ms-1-pgsql.example.com</url>
+                            </source>
+                            <destination>
+                                <url>urn:cdx:3e671687-395b-41f5-a30f-a58921a69b79/1#ms-1-pgsql.example.com</url>
+                            </destination>
+                        </dataflow>
+                    </data>
+                    <externalReferences>
+                        <reference type="documentation">
+                            <url>https://ms-1.example.com/swagger</url>
+                        </reference>
+                    </externalReferences>
+                </service>
+                <service bom-ref="ms-2.example.com">
+                    <provider>
+                        <name>Acme Inc</name>
+                        <url>https://example.com</url>
+                    </provider>
+                    <group>com.example</group>
+                    <name>Microservice 2</name>
+                    <endpoints>
+                        <endpoint>https://ms-2.example.com</endpoint>
+                    </endpoints>
+                    <authenticated>true</authenticated>
+                    <trustZone>Acme Private Zone</trustZone>
+                    <data>
+                        <dataflow name="Stock Service to MS-2" description="Traffic to/from stock service to microservice-2">
+                            <classification flow="bi-directional">PII</classification>
+                            <source>
+                                <url>urn:cdx:3e671687-395b-41f5-a30f-a58921a69b79/1#stock-ticker-service</url>
+                            </source>
+                            <destination>
+                                <url>urn:cdx:3e671687-395b-41f5-a30f-a58921a69b79/1#stock-ticker-service</url>
+                            </destination>
+                        </dataflow>
+                    </data>
+                    <externalReferences>
+                        <reference type="documentation">
+                            <url>https://ms-2.example.com/swagger</url>
+                        </reference>
+                    </externalReferences>
+                </service>
+                <service bom-ref="ms-3.example.com">
+                    <provider>
+                        <name>Acme Inc</name>
+                        <url>https://example.com</url>
+                    </provider>
+                    <group>com.example</group>
+                    <name>Microservice 3</name>
+                    <endpoints>
+                        <endpoint>https://ms-3.example.com</endpoint>
+                    </endpoints>
+                    <authenticated>true</authenticated>
+                    <trustZone>Acme Private Zone</trustZone>
+                    <data>
+                        <dataflow name="Stock Service to MS-3" description="Traffic to/from stock service to microservice-3">
+                            <classification flow="bi-directional">PII</classification>
+                            <source>
+                                <url>urn:cdx:3e671687-395b-41f5-a30f-a58921a69b79/1#stock-ticker-service</url>
+                            </source>
+                            <destination>
+                                <url>urn:cdx:3e671687-395b-41f5-a30f-a58921a69b79/1#stock-ticker-service</url>
+                            </destination>
+                        </dataflow>
+                        <dataflow name="MS-3 to S3" description="Data pushed from microservice-3 to S3 bucket">
+                            <classification flow="outbound">Public</classification>
+                            <destination>
+                                <url>urn:cdx:3e671687-395b-41f5-a30f-a58921a69b79/1#s3-example.amazon.com</url>
+                            </destination>
+                        </dataflow>
+                    </data>
+                    <externalReferences>
+                        <reference type="documentation">
+                            <url>https://ms-3.example.com/swagger</url>
+                        </reference>
+                    </externalReferences>
+                </service>
+                <service bom-ref="ms-1-pgsql.example.com">
+                    <group>org.postgresql</group>
+                    <name>Postgres</name>
+                    <version>14.1</version>
+                    <description>Postgres database for Microservice #1</description>
+                    <endpoints>
+                        <endpoint>https://ms-1-pgsql.example.com:5432</endpoint>
+                    </endpoints>
+                    <authenticated>true</authenticated>
+                    <trustZone>Acme Private Zone</trustZone>
+                    <data>
+                        <dataflow name="MS-1 to Database" description="Traffic to/from microservice-1 to database">
+                            <classification flow="bi-directional">PII</classification>
+                            <source>
+                                <url>urn:cdx:3e671687-395b-41f5-a30f-a58921a69b79/1#ms-1.example.com</url>
+                            </source>
+                            <destination>
+                                <url>urn:cdx:3e671687-395b-41f5-a30f-a58921a69b79/1#ms-1.example.com</url>
+                            </destination>
+                        </dataflow>
+                    </data>
+                </service>
+                <service bom-ref="s3-example.amazon.com">
+                    <group>com.amazon</group>
+                    <name>S3</name>
+                    <description>S3 bucket</description>
+                    <endpoints>
+                        <endpoint>https://s3-example.amazon.com</endpoint>
+                    </endpoints>
+                    <authenticated>true</authenticated>
+                    <trustZone>Public Internet</trustZone>
+                    <data>
+                        <dataflow name="MS-3 to S3" description="Data pushed from microservice-3 to S3 bucket">
+                            <classification flow="inbound">Public</classification>
+                            <source>
+                                <url>urn:cdx:3e671687-395b-41f5-a30f-a58921a69b79/1#ms-3.example.com</url>
+                            </source>
+                        </dataflow>
+                    </data>
+                </service>
+            </services>
+        </service>
+    </services>
+    <dependencies>
+        <dependency ref="acme-stock-application">
+            <dependency ref="stock-ticker-service"/>
+        </dependency>
+        <dependency ref="stock-ticker-service">
+            <dependency ref="ms-1.example.com"/>
+            <dependency ref="ms-2.example.com"/>
+            <dependency ref="ms-3.example.com"/>
+        </dependency>
+        <dependency ref="ms-1.example.com">
+            <dependency ref="ms-1-pgsql.example.com"/>
+        </dependency>
+        <dependency ref="ms-2.example.com" />
+        <dependency ref="ms-3.example.com">
+            <dependency ref="s3-example.amazon.com"/>
+        </dependency>
+    </dependencies>
+</bom>