CycloneDX v1.3 XML Reference
Schema Document Properties
Target Namespace | http://cyclonedx.org/schema/bom/1.3 |
---|---|
Version | 1.3.1 |
Element and Attribute Namespaces |
|
Schema Composition |
|
Global Declarations
Element: bom
<bom:bom version="xs:integer" [0..1] serialNumber="bom:urnUuid" [0..1] Allow any attributes from any namespace (lax validation). > <!-- Uniqueness Constraint - bom-ref Selector - .//* Field(s) - @bom-ref --> <bom:metadata> bom:metadata </bom:metadata> [0..1] <bom:components> bom:componentsType </bom:components> [0..1] <bom:services> bom:servicesType </bom:services> [0..1] <bom:externalReferences> bom:externalReferences </bom:externalReferences> [0..1] <bom:dependencies> bom:dependenciesType </bom:dependencies> [0..1] <bom:compositions> bom:compositionsType </bom:compositions> [0..1] <bom:properties> bom:propertiesType </bom:properties> [0..1] Allow any elements from a namespace other than this schema's namespace (lax validation). [0..*] </bom:bom>
<xs:element name="bom"> <xs:complexType> <xs:sequence> <xs:element name="metadata" type="bom:metadata" minOccurs="0" maxOccurs="1"/> <xs:element name="components" type="bom:componentsType" minOccurs="0" maxOccurs="1"/> <xs:element name="services" type="bom:servicesType" minOccurs="0" maxOccurs="1"/> <xs:element name="externalReferences" type="bom:externalReferences" minOccurs="0" maxOccurs="1"/> <xs:element name="dependencies" type="bom:dependenciesType" minOccurs="0" maxOccurs="1"/> <xs:element name="compositions" type="bom:compositionsType" minOccurs="0" maxOccurs="1"/> <xs:element name="properties" type="bom:propertiesType" minOccurs="0" maxOccurs="1"/> <xs:any namespace="##other" processContents="lax" minOccurs="0" maxOccurs="unbounded"/> </xs:sequence> <xs:attribute name="version" type="xs:integer" default="1"/> <xs:attribute name="serialNumber" type="bom:urnUuid"/> <xs:anyAttribute namespace="##any" processContents="lax"/> </xs:complexType> <xs:unique name="bom-ref"> <xs:selector xpath=".//*"/> <xs:field xpath="@bom-ref"/> </xs:unique> </xs:element>
Global Definitions
Complex Type: attachedTextType
Super-types: | xs:string < attachedTextType (by extension) |
---|---|
Sub-types: | None |
Name | attachedTextType |
---|---|
Abstract | no |
Complex Type: bomReferenceType
Super-types: | None |
---|---|
Sub-types: | None |
Name | bomReferenceType |
---|---|
Abstract | no |
Complex Type: commitType
Super-types: | None |
---|---|
Sub-types: | None |
Name | commitType |
---|---|
Abstract | no |
<...> <bom:uid> xs:normalizedString </bom:uid> [0..1] <bom:url> xs:anyURI </bom:url> [0..1] <bom:author> bom:identifiableActionType </bom:author> [0..1] <bom:committer> bom:identifiableActionType </bom:committer> [0..1] <bom:message> xs:normalizedString </bom:message> [0..1] Allow any elements from a namespace other than this schema's namespace (lax validation). [0..*] </...>
<xs:complexType name="commitType"> <xs:sequence> <xs:element name="uid" type="xs:normalizedString" minOccurs="0" maxOccurs="1"/> <xs:element name="url" type="xs:anyURI" minOccurs="0" maxOccurs="1"/> <xs:element name="author" type="bom:identifiableActionType" minOccurs="0" maxOccurs="1"/> <xs:element name="committer" type="bom:identifiableActionType" minOccurs="0" maxOccurs="1"/> <xs:element name="message" type="xs:normalizedString" minOccurs="0" maxOccurs="1"/> <xs:any namespace="##other" processContents="lax" minOccurs="0" maxOccurs="unbounded"/> </xs:sequence> </xs:complexType>
Complex Type: commitsType
Super-types: | None |
---|---|
Sub-types: | None |
Name | commitsType |
---|---|
Abstract | no |
Zero or more commits can be specified.
<...> Start Sequence [0..*] <bom:commit> bom:commitType </bom:commit> [1] Allow any elements from a namespace other than this schema's namespace (lax validation). [0..*] End Sequence </...>
Complex Type: component
Super-types: | None |
---|---|
Sub-types: | None |
Name | component |
---|---|
Abstract | no |
<... type="bom:classification" [1] mime-type="bom:mimeType" [0..1] bom-ref="bom:refType" [0..1] Allow any attributes from any namespace (lax validation). > <bom:supplier> bom:organizationalEntity </bom:supplier> [0..1] <bom:author> xs:normalizedString </bom:author> [0..1] <bom:publisher> xs:normalizedString </bom:publisher> [0..1] <bom:group> xs:normalizedString </bom:group> [0..1] <bom:name> xs:normalizedString </bom:name> [1] <bom:version> xs:normalizedString </bom:version> [1] <bom:description> xs:normalizedString </bom:description> [0..1] <bom:scope> bom:scope </bom:scope> [0..1] <bom:hashes > [0..1] Start Sequence [0..*] <bom:hash> bom:hashType </bom:hash> [1] End Sequence </bom:hashes> <bom:licenses> bom:licenseChoiceType </bom:licenses> [0..1] <bom:copyright> xs:normalizedString </bom:copyright> [0..1] <bom:cpe> bom:cpe </bom:cpe> [0..1] <bom:purl> xs:anyURI </bom:purl> [0..1] <bom:swid> bom:swidType </bom:swid> [0..1] <bom:modified> xs:boolean </bom:modified> [0..1] <bom:pedigree> bom:pedigreeType </bom:pedigree> [0..1] <bom:externalReferences> bom:externalReferences </bom:externalReferences> [0..1] <bom:properties> bom:propertiesType </bom:properties> [0..1] <bom:components > [0..1] Start Sequence [0..*] <bom:component> bom:component </bom:component> [1] Allow any elements from a namespace other than this schema's namespace (lax validation). [0..*] End Sequence </bom:components> <bom:evidence> bom:componentEvidenceType </bom:evidence> [0..1] Allow any elements from a namespace other than this schema's namespace (lax validation). [0..*] </...>
<xs:complexType name="component"> <xs:sequence> <xs:element name="supplier" type="bom:organizationalEntity" minOccurs="0" maxOccurs="1"/> <xs:element name="author" type="xs:normalizedString" minOccurs="0" maxOccurs="1"/> <xs:element name="publisher" type="xs:normalizedString" minOccurs="0" maxOccurs="1"/> <xs:element name="group" type="xs:normalizedString" minOccurs="0" maxOccurs="1"/> <xs:element name="name" type="xs:normalizedString" minOccurs="1" maxOccurs="1"/> <xs:element name="version" type="xs:normalizedString" minOccurs="1" maxOccurs="1"/> <xs:element name="description" type="xs:normalizedString" minOccurs="0" maxOccurs="1"/> <xs:element name="scope" type="bom:scope" minOccurs="0" maxOccurs="1"/> <xs:element name="hashes" minOccurs="0" maxOccurs="1"> <xs:complexType> <xs:sequence minOccurs="0" maxOccurs="unbounded"> <xs:element name="hash" type="bom:hashType"/> </xs:sequence> </xs:complexType> </xs:element> <xs:element name="licenses" type="bom:licenseChoiceType" minOccurs="0" maxOccurs="1"/> <xs:element name="copyright" type="xs:normalizedString" minOccurs="0" maxOccurs="1"/> <xs:element name="cpe" type="bom:cpe" minOccurs="0" maxOccurs="1"/> <xs:element name="purl" type="xs:anyURI" minOccurs="0" maxOccurs="1"/> <xs:element name="swid" type="bom:swidType" minOccurs="0" maxOccurs="1"/> <xs:element name="modified" type="xs:boolean" minOccurs="0" maxOccurs="1"/> <xs:element name="pedigree" type="bom:pedigreeType" minOccurs="0" maxOccurs="1"/> <xs:element name="externalReferences" type="bom:externalReferences" minOccurs="0" maxOccurs="1"/> <xs:element name="properties" type="bom:propertiesType" minOccurs="0" maxOccurs="1"/> <xs:element name="components" minOccurs="0" maxOccurs="1"> <xs:complexType> <xs:sequence minOccurs="0" maxOccurs="unbounded"> <xs:element name="component" type="bom:component"/> <xs:any namespace="##other" processContents="lax" minOccurs="0" maxOccurs="unbounded"/> </xs:sequence> </xs:complexType> </xs:element> <xs:element name="evidence" type="bom:componentEvidenceType" minOccurs="0" maxOccurs="1"/> <xs:any namespace="##other" processContents="lax" minOccurs="0" maxOccurs="unbounded"/> </xs:sequence> <xs:attribute name="type" type="bom:classification" use="required"/> <xs:attribute name="mime-type" type="bom:mimeType"/> <xs:attribute name="bom-ref" type="bom:refType"/> <xs:anyAttribute namespace="##any" processContents="lax"/> </xs:complexType>
Complex Type: componentEvidenceType
Super-types: | None |
---|---|
Sub-types: | None |
Name | componentEvidenceType |
---|---|
Abstract | no |
<... Allow any attributes from any namespace (lax validation). > <bom:licenses> bom:licenseChoiceType </bom:licenses> [0..1] <bom:copyright> bom:copyrightsType </bom:copyright> [0..1] Allow any elements from a namespace other than this schema's namespace (lax validation). [0..*] </...>
<xs:complexType name="componentEvidenceType"> <xs:sequence> <xs:element name="licenses" type="bom:licenseChoiceType" minOccurs="0" maxOccurs="1"/> <xs:element name="copyright" type="bom:copyrightsType" minOccurs="0" maxOccurs="1"/> <xs:any namespace="##other" processContents="lax" minOccurs="0" maxOccurs="unbounded"/> </xs:sequence> <xs:anyAttribute namespace="##any" processContents="lax"/> </xs:complexType>
Complex Type: componentsType
Super-types: | None |
---|---|
Sub-types: | None |
Name | componentsType |
---|---|
Abstract | no |
<xs:complexType name="componentsType"> <xs:sequence minOccurs="0" maxOccurs="unbounded"> <xs:element name="component" type="bom:component"/> <xs:any namespace="##other" processContents="lax" minOccurs="0" maxOccurs="unbounded"/> </xs:sequence> <xs:anyAttribute namespace="##any" processContents="lax"/> </xs:complexType>
Complex Type: compositionType
Super-types: | None |
---|---|
Sub-types: | None |
Name | compositionType |
---|---|
Abstract | no |
<...> Start Sequence [0..*] <bom:aggregate> bom:aggregateType </bom:aggregate> [1] <bom:assemblies > [0..1] Start Sequence [0..*] <bom:assembly> bom:bomReferenceType </bom:assembly> [1] Allow any elements from a namespace other than this schema's namespace (lax validation). [0..*] End Sequence </bom:assemblies> <bom:dependencies > [0..1] Start Sequence [0..*] <bom:dependency> bom:bomReferenceType </bom:dependency> [1] Allow any elements from a namespace other than this schema's namespace (lax validation). [0..*] End Sequence </bom:dependencies> End Sequence </...>
<xs:complexType name="compositionType"> <xs:sequence minOccurs="0" maxOccurs="unbounded"> <xs:element name="aggregate" type="bom:aggregateType" default="not_specified"/> <xs:element name="assemblies" minOccurs="0" maxOccurs="1"> <xs:complexType> <xs:sequence minOccurs="0" maxOccurs="unbounded"> <xs:element name="assembly" type="bom:bomReferenceType"/> <xs:any namespace="##other" processContents="lax" minOccurs="0" maxOccurs="unbounded"/> </xs:sequence> </xs:complexType> </xs:element> <xs:element name="dependencies" minOccurs="0" maxOccurs="1"> <xs:complexType> <xs:sequence minOccurs="0" maxOccurs="unbounded"> <xs:element name="dependency" type="bom:bomReferenceType"/> <xs:any namespace="##other" processContents="lax" minOccurs="0" maxOccurs="unbounded"/> </xs:sequence> </xs:complexType> </xs:element> </xs:sequence> </xs:complexType>
Complex Type: compositionsType
Super-types: | None |
---|---|
Sub-types: | None |
Name | compositionsType |
---|---|
Abstract | no |
<... Allow any attributes from any namespace (lax validation). > Start Sequence [0..*] <bom:composition> bom:compositionType </bom:composition> [1] Allow any elements from a namespace other than this schema's namespace (lax validation). [0..*] End Sequence </...>
<xs:complexType name="compositionsType"> <xs:sequence minOccurs="0" maxOccurs="unbounded"> <xs:element name="composition" type="bom:compositionType"/> <xs:any namespace="##other" processContents="lax" minOccurs="0" maxOccurs="unbounded"/> </xs:sequence> <xs:anyAttribute namespace="##any" processContents="lax"/> </xs:complexType>
Complex Type: copyrightsType
Super-types: | None |
---|---|
Sub-types: | None |
Name | copyrightsType |
---|---|
Abstract | no |
Complex Type: dataClassificationType
Super-types: | xs:normalizedString < dataClassificationType (by extension) |
---|---|
Sub-types: | None |
Name | dataClassificationType |
---|---|
Abstract | no |
Specifies the data classification.
<... flow="bom:dataFlowType" [1] > xs:normalizedString </...>
Complex Type: dependenciesType
Super-types: | None |
---|---|
Sub-types: | None |
Name | dependenciesType |
---|---|
Abstract | no |
<...> Start Sequence [0..*] <bom:dependency> bom:dependencyType </bom:dependency> [1] End Sequence </...>
Complex Type: dependencyType
Super-types: | None |
---|---|
Sub-types: | None |
Name | dependencyType |
---|---|
Abstract | no |
<xs:complexType name="dependencyType"> <xs:sequence minOccurs="0" maxOccurs="unbounded"> <xs:element name="dependency" type="bom:dependencyType"/> </xs:sequence> <xs:attribute name="ref" type="bom:refType" use="required"/> <xs:anyAttribute namespace="##other" processContents="lax"/> </xs:complexType>
Complex Type: diffType
Super-types: | None |
---|---|
Sub-types: | None |
Name | diffType |
---|---|
Abstract | no |
<xs:complexType name="diffType"> <xs:sequence> <xs:element name="text" type="bom:attachedTextType" minOccurs="0" maxOccurs="1"/> <xs:element name="url" type="xs:anyURI" minOccurs="0" maxOccurs="1"/> <xs:any namespace="##other" processContents="lax" minOccurs="0" maxOccurs="unbounded"/> </xs:sequence> </xs:complexType>
Complex Type: externalReference
Super-types: | None |
---|---|
Sub-types: | None |
Name | externalReference |
---|---|
Abstract | no |
<xs:complexType name="externalReference"> <xs:sequence> <xs:element name="url" type="xs:anyURI" minOccurs="1" maxOccurs="1"/> <xs:element name="comment" type="xs:string" minOccurs="0" maxOccurs="1"/> <xs:element name="hashes" minOccurs="0" maxOccurs="1"> <xs:complexType> <xs:sequence minOccurs="0" maxOccurs="unbounded"> <xs:element name="hash" type="bom:hashType"/> </xs:sequence> </xs:complexType> </xs:element> </xs:sequence> <xs:attribute name="type" type="bom:externalReferenceType" use="required"/> <xs:anyAttribute namespace="##any" processContents="lax"/> </xs:complexType>
Complex Type: externalReferences
Super-types: | None |
---|---|
Sub-types: | None |
Name | externalReferences |
---|---|
Abstract | no |
External references provide a way to document systems, sites, and information that may be relevant but which are not included with the BOM.
<...> Start Sequence [0..*] <bom:reference> bom:externalReference </bom:reference> [1] End Sequence </...>
Complex Type: hashType
Name | hashType |
---|---|
Abstract | no |
Specifies the file hash of the component
Complex Type: identifiableActionType
Super-types: | None |
---|---|
Sub-types: | None |
Name | identifiableActionType |
---|---|
Abstract | no |
<xs:complexType name="identifiableActionType"> <xs:sequence> <xs:element name="timestamp" type="xs:dateTime" minOccurs="0" maxOccurs="1"/> <xs:element name="name" type="xs:normalizedString" minOccurs="0" maxOccurs="1"/> <xs:element name="email" type="xs:normalizedString" minOccurs="0" maxOccurs="1"/> <xs:any namespace="##other" processContents="lax" minOccurs="0" maxOccurs="unbounded"/> </xs:sequence> </xs:complexType>
Complex Type: issueType
Super-types: | None |
---|---|
Sub-types: | None |
Name | issueType |
---|---|
Abstract | no |
<... type="bom:issueClassification" [1] > <bom:id> xs:normalizedString </bom:id> [0..1] <bom:name> xs:normalizedString </bom:name> [0..1] <bom:description> xs:normalizedString </bom:description> [0..1] <bom:source > [0..1] <bom:name> xs:normalizedString </bom:name> [0..1] <bom:url> xs:anyURI </bom:url> [0..1] </bom:source> <bom:references > [0..1] Start Sequence [0..*] <bom:url> xs:anyURI </bom:url> [1] End Sequence </bom:references> Allow any elements from a namespace other than this schema's namespace (lax validation). [0..*] </...>
<xs:complexType name="issueType"> <xs:sequence> <xs:element name="id" type="xs:normalizedString" minOccurs="0" maxOccurs="1"/> <xs:element name="name" type="xs:normalizedString" minOccurs="0" maxOccurs="1"/> <xs:element name="description" type="xs:normalizedString" minOccurs="0" maxOccurs="1"/> <xs:element name="source" minOccurs="0" maxOccurs="1"> <xs:complexType> <xs:sequence> <xs:element name="name" type="xs:normalizedString" minOccurs="0" maxOccurs="1"/> <xs:element name="url" type="xs:anyURI" minOccurs="0" maxOccurs="1"/> </xs:sequence> </xs:complexType> </xs:element> <xs:element name="references" minOccurs="0" maxOccurs="1"> <xs:complexType> <xs:sequence minOccurs="0" maxOccurs="unbounded"> <xs:element name="url" type="xs:anyURI"/> </xs:sequence> </xs:complexType> </xs:element> <xs:any namespace="##other" processContents="lax" minOccurs="0" maxOccurs="unbounded"/> </xs:sequence> <xs:attribute name="type" type="bom:issueClassification" use="required"/> </xs:complexType>
Complex Type: licenseChoiceType
Super-types: | None |
---|---|
Sub-types: | None |
Name | licenseChoiceType |
---|---|
Abstract | no |
Complex Type: licenseType
Super-types: | None |
---|---|
Sub-types: | None |
Name | licenseType |
---|---|
Abstract | no |
<...> Start Choice [1] <bom:id> spdx:licenseId </bom:id> [0..1] <bom:name> xs:normalizedString </bom:name> [0..1] End Choice <bom:text> bom:attachedTextType </bom:text> [0..1] <bom:url> xs:anyURI </bom:url> [0..1] Allow any elements from a namespace other than this schema's namespace (lax validation). [0..*] </...>
<xs:complexType name="licenseType"> <xs:sequence> <xs:choice> <xs:element name="id" type="spdx:licenseId" minOccurs="0" maxOccurs="1"/> <xs:element name="name" type="xs:normalizedString" minOccurs="0" maxOccurs="1"/> </xs:choice> <xs:element name="text" type="bom:attachedTextType" minOccurs="0" maxOccurs="1"/> <xs:element name="url" type="xs:anyURI" minOccurs="0" maxOccurs="1"/> <xs:any namespace="##other" processContents="lax" minOccurs="0" maxOccurs="unbounded"/> </xs:sequence> </xs:complexType>
Complex Type: metadata
Super-types: | None |
---|---|
Sub-types: | None |
Name | metadata |
---|---|
Abstract | no |
<... Allow any attributes from a namespace other than this schema's namespace (lax validation). > Start Sequence [0..1] <bom:timestamp> xs:dateTime </bom:timestamp> [0..1] <bom:tools > [0..1] Start Sequence [0..*] <bom:tool> bom:toolType </bom:tool> [0..1] End Sequence </bom:tools> <bom:authors > [0..1] Start Sequence [0..*] <bom:author> bom:organizationalContact </bom:author> [1] End Sequence </bom:authors> <bom:component> bom:component </bom:component> [0..1] <bom:manufacture> bom:organizationalEntity </bom:manufacture> [0..1] <bom:supplier> bom:organizationalEntity </bom:supplier> [0..1] <bom:licenses> bom:licenseChoiceType </bom:licenses> [0..1] <bom:properties> bom:propertiesType </bom:properties> [0..1] Allow any elements from a namespace other than this schema's namespace (lax validation). [0..*] End Sequence </...>
<xs:complexType name="metadata"> <xs:sequence minOccurs="0" maxOccurs="1"> <xs:element name="timestamp" type="xs:dateTime" minOccurs="0"/> <xs:element name="tools" minOccurs="0" maxOccurs="1"> <xs:complexType> <xs:sequence minOccurs="0" maxOccurs="unbounded"> <xs:element name="tool" type="bom:toolType" minOccurs="0"/> </xs:sequence> </xs:complexType> </xs:element> <xs:element name="authors" minOccurs="0" maxOccurs="1"> <xs:complexType> <xs:sequence minOccurs="0" maxOccurs="unbounded"> <xs:element name="author" type="bom:organizationalContact"/> </xs:sequence> </xs:complexType> </xs:element> <xs:element name="component" type="bom:component" minOccurs="0"/> <xs:element name="manufacture" type="bom:organizationalEntity" minOccurs="0" maxOccurs="1"/> <xs:element name="supplier" type="bom:organizationalEntity" minOccurs="0" maxOccurs="1"/> <xs:element name="licenses" type="bom:licenseChoiceType" minOccurs="0" maxOccurs="1"/> <xs:element name="properties" type="bom:propertiesType" minOccurs="0" maxOccurs="1"/> <xs:any namespace="##other" processContents="lax" minOccurs="0" maxOccurs="unbounded"/> </xs:sequence> <xs:anyAttribute namespace="##other" processContents="lax"/> </xs:complexType>
Complex Type: organizationalContact
Super-types: | None |
---|---|
Sub-types: | None |
Name | organizationalContact |
---|---|
Abstract | no |
<... Allow any attributes from a namespace other than this schema's namespace (lax validation). > Start Sequence [0..1] <bom:name> xs:normalizedString </bom:name> [0..1] <bom:email> xs:normalizedString </bom:email> [0..1] <bom:phone> xs:normalizedString </bom:phone> [0..1] Allow any elements from a namespace other than this schema's namespace (lax validation). [0..*] End Sequence </...>
<xs:complexType name="organizationalContact"> <xs:sequence minOccurs="0" maxOccurs="1"> <xs:element name="name" type="xs:normalizedString" minOccurs="0" maxOccurs="1"/> <xs:element name="email" type="xs:normalizedString" minOccurs="0" maxOccurs="1"/> <xs:element name="phone" type="xs:normalizedString" minOccurs="0" maxOccurs="1"/> <xs:any namespace="##other" processContents="lax" minOccurs="0" maxOccurs="unbounded"/> </xs:sequence> <xs:anyAttribute namespace="##other" processContents="lax"/> </xs:complexType>
Complex Type: organizationalEntity
Super-types: | None |
---|---|
Sub-types: | None |
Name | organizationalEntity |
---|---|
Abstract | no |
<... Allow any attributes from a namespace other than this schema's namespace (lax validation). > Start Sequence [0..1] <bom:name> xs:normalizedString </bom:name> [0..1] <bom:url> xs:anyURI </bom:url> [0..*] <bom:contact> bom:organizationalContact </bom:contact> [0..*] Allow any elements from a namespace other than this schema's namespace (lax validation). [0..*] End Sequence </...>
<xs:complexType name="organizationalEntity"> <xs:sequence minOccurs="0" maxOccurs="1"> <xs:element name="name" type="xs:normalizedString" minOccurs="0" maxOccurs="1"/> <xs:element name="url" type="xs:anyURI" minOccurs="0" maxOccurs="unbounded"/> <xs:element name="contact" type="bom:organizationalContact" minOccurs="0" maxOccurs="unbounded"/> <xs:any namespace="##other" processContents="lax" minOccurs="0" maxOccurs="unbounded"/> </xs:sequence> <xs:anyAttribute namespace="##other" processContents="lax"/> </xs:complexType>
Complex Type: patchType
Super-types: | None |
---|---|
Sub-types: | None |
Name | patchType |
---|---|
Abstract | no |
<... type="bom:patchClassification" [1] > <bom:diff> bom:diffType </bom:diff> [0..1] <bom:resolves > [0..1] Start Sequence [0..*] <bom:issue> bom:issueType </bom:issue> [1] End Sequence </bom:resolves> Allow any elements from a namespace other than this schema's namespace (lax validation). [0..*] </...>
<xs:complexType name="patchType"> <xs:sequence> <xs:element name="diff" type="bom:diffType" minOccurs="0" maxOccurs="1"/> <xs:element name="resolves" minOccurs="0" maxOccurs="1"> <xs:complexType> <xs:sequence minOccurs="0" maxOccurs="unbounded"> <xs:element name="issue" type="bom:issueType"/> </xs:sequence> </xs:complexType> </xs:element> <xs:any namespace="##other" processContents="lax" minOccurs="0" maxOccurs="unbounded"/> </xs:sequence> <xs:attribute name="type" type="bom:patchClassification" use="required"/> </xs:complexType>
Complex Type: patchesType
Super-types: | None |
---|---|
Sub-types: | None |
Name | patchesType |
---|---|
Abstract | no |
Zero or more patches can be specified.
Complex Type: pedigreeType
Super-types: | None |
---|---|
Sub-types: | None |
Name | pedigreeType |
---|---|
Abstract | no |
Component pedigree is a way to document complex supply chain scenarios where components are created, distributed, modified, redistributed, combined with other components, etc. Pedigree supports viewing this complex chain from the beginning, the end, or anywhere in the middle. It also provides a way to document variants where the exact relation may not be known.
<...> <bom:ancestors> bom:componentsType </bom:ancestors> [0..1] <bom:descendants> bom:componentsType </bom:descendants> [0..1] <bom:variants> bom:componentsType </bom:variants> [0..1] <bom:commits> bom:commitsType </bom:commits> [0..1] <bom:patches> bom:patchesType </bom:patches> [0..1] <bom:notes> xs:string </bom:notes> [0..1] Allow any elements from a namespace other than this schema's namespace (lax validation). [0..*] </...>
<xs:complexType name="pedigreeType"> <xs:sequence> <xs:element name="ancestors" type="bom:componentsType" minOccurs="0" maxOccurs="1"/> <xs:element name="descendants" type="bom:componentsType" minOccurs="0" maxOccurs="1"/> <xs:element name="variants" type="bom:componentsType" minOccurs="0" maxOccurs="1"/> <xs:element name="commits" type="bom:commitsType" minOccurs="0" maxOccurs="1"/> <xs:element name="patches" type="bom:patchesType" minOccurs="0" maxOccurs="1"/> <xs:element name="notes" type="xs:string" minOccurs="0" maxOccurs="1"/> <xs:any namespace="##other" processContents="lax" minOccurs="0" maxOccurs="unbounded"/> </xs:sequence> </xs:complexType>
Complex Type: propertiesType
Super-types: | None |
---|---|
Sub-types: | None |
Name | propertiesType |
---|---|
Abstract | no |
<... Allow any attributes from any namespace (lax validation). > Start Sequence [0..*] <bom:property> bom:propertyType </bom:property> [1] Allow any elements from a namespace other than this schema's namespace (lax validation). [0..*] End Sequence </...>
<xs:complexType name="propertiesType"> <xs:sequence minOccurs="0" maxOccurs="unbounded"> <xs:element name="property" type="bom:propertyType"/> <xs:any namespace="##other" processContents="lax" minOccurs="0" maxOccurs="unbounded"/> </xs:sequence> <xs:anyAttribute namespace="##any" processContents="lax"/> </xs:complexType>
Complex Type: propertyType
Super-types: | xs:normalizedString < propertyType (by extension) |
---|---|
Sub-types: | None |
Name | propertyType |
---|---|
Abstract | no |
Specifies an individual property with a name and value.
Complex Type: service
Super-types: | None |
---|---|
Sub-types: | None |
Name | service |
---|---|
Abstract | no |
<... bom-ref="bom:refType" [0..1] Allow any attributes from any namespace (lax validation). > <bom:provider> bom:organizationalEntity </bom:provider> [0..1] <bom:group> xs:normalizedString </bom:group> [0..1] <bom:name> xs:normalizedString </bom:name> [1] <bom:version> xs:normalizedString </bom:version> [0..1] <bom:description> xs:normalizedString </bom:description> [0..1] <bom:endpoints > [0..1] Start Sequence [0..*] <bom:endpoint> xs:anyURI </bom:endpoint> [1] End Sequence </bom:endpoints> <bom:authenticated> xs:boolean </bom:authenticated> [0..1] <bom:x-trust-boundary> xs:boolean </bom:x-trust-boundary> [0..1] <bom:data > [0..1] Start Sequence [0..*] <bom:classification> bom:dataClassificationType </bom:classification> [1] End Sequence </bom:data> <bom:licenses> bom:licenseChoiceType </bom:licenses> [0..1] <bom:externalReferences> bom:externalReferences </bom:externalReferences> [0..1] <bom:properties> bom:propertiesType </bom:properties> [0..1] <bom:services > [0..1] Start Sequence [0..*] <bom:service> bom:service </bom:service> [1] Allow any elements from a namespace other than this schema's namespace (lax validation). [0..*] End Sequence </bom:services> Allow any elements from a namespace other than this schema's namespace (lax validation). [0..*] </...>
<xs:complexType name="service"> <xs:sequence> <xs:element name="provider" type="bom:organizationalEntity" minOccurs="0" maxOccurs="1"/> <xs:element name="group" type="xs:normalizedString" minOccurs="0" maxOccurs="1"/> <xs:element name="name" type="xs:normalizedString" minOccurs="1" maxOccurs="1"/> <xs:element name="version" type="xs:normalizedString" minOccurs="0" maxOccurs="1"/> <xs:element name="description" type="xs:normalizedString" minOccurs="0" maxOccurs="1"/> <xs:element name="endpoints" minOccurs="0" maxOccurs="1"> <xs:complexType> <xs:sequence minOccurs="0" maxOccurs="unbounded"> <xs:element name="endpoint" type="xs:anyURI" minOccurs="1"/> </xs:sequence> </xs:complexType> </xs:element> <xs:element name="authenticated" type="xs:boolean" minOccurs="0" maxOccurs="1"/> <xs:element name="x-trust-boundary" type="xs:boolean" minOccurs="0" maxOccurs="1"/> <xs:element name="data" minOccurs="0" maxOccurs="1"> <xs:complexType> <xs:sequence minOccurs="0" maxOccurs="unbounded"> <xs:element name="classification" type="bom:dataClassificationType"/> </xs:sequence> </xs:complexType> </xs:element> <xs:element name="licenses" type="bom:licenseChoiceType" minOccurs="0" maxOccurs="1"/> <xs:element name="externalReferences" type="bom:externalReferences" minOccurs="0" maxOccurs="1"/> <xs:element name="properties" type="bom:propertiesType" minOccurs="0" maxOccurs="1"/> <xs:element name="services" minOccurs="0" maxOccurs="1"> <xs:complexType> <xs:sequence minOccurs="0" maxOccurs="unbounded"> <xs:element name="service" type="bom:service"/> <xs:any namespace="##other" processContents="lax" minOccurs="0" maxOccurs="unbounded"/> </xs:sequence> </xs:complexType> </xs:element> <xs:any namespace="##other" processContents="lax" minOccurs="0" maxOccurs="unbounded"/> </xs:sequence> <xs:attribute name="bom-ref" type="bom:refType"/> <xs:anyAttribute namespace="##any" processContents="lax"/> </xs:complexType>
Complex Type: servicesType
Super-types: | None |
---|---|
Sub-types: | None |
Name | servicesType |
---|---|
Abstract | no |
<xs:complexType name="servicesType"> <xs:sequence minOccurs="0" maxOccurs="unbounded"> <xs:element name="service" type="bom:service"/> <xs:any namespace="##other" processContents="lax" minOccurs="0" maxOccurs="unbounded"/> </xs:sequence> <xs:anyAttribute namespace="##any" processContents="lax"/> </xs:complexType>
Complex Type: swidType
Super-types: | None |
---|---|
Sub-types: | None |
Name | swidType |
---|---|
Abstract | no |
<... tagId="xs:string" [1] name="xs:string" [1] version="xs:string" [0..1] tagVersion="xs:integer" [0..1] patch="xs:boolean" [0..1] > <bom:text> bom:attachedTextType </bom:text> [0..1] <bom:url> xs:anyURI </bom:url> [0..1] Allow any elements from a namespace other than this schema's namespace (lax validation). [0..*] </...>
<xs:complexType name="swidType"> <xs:sequence> <xs:element name="text" type="bom:attachedTextType" minOccurs="0" maxOccurs="1"/> <xs:element name="url" type="xs:anyURI" minOccurs="0" maxOccurs="1"/> <xs:any namespace="##other" processContents="lax" minOccurs="0" maxOccurs="unbounded"/> </xs:sequence> <xs:attribute name="tagId" type="xs:string" use="required"/> <xs:attribute name="name" type="xs:string" use="required"/> <xs:attribute name="version" type="xs:string" use="optional" default="0.0"/> <xs:attribute name="tagVersion" type="xs:integer" use="optional" default="0"/> <xs:attribute name="patch" type="xs:boolean" use="optional" default="false"/> </xs:complexType>
Complex Type: toolType
Super-types: | None |
---|---|
Sub-types: | None |
Name | toolType |
---|---|
Abstract | no |
Specifies a tool (manual or automated).
<... Allow any attributes from a namespace other than this schema's namespace (lax validation). > Start Sequence [0..1] <bom:vendor> xs:normalizedString </bom:vendor> [0..1] <bom:name> xs:normalizedString </bom:name> [0..1] <bom:version> xs:normalizedString </bom:version> [0..1] <bom:hashes > [0..1] Start Sequence [0..*] <bom:hash> bom:hashType </bom:hash> [1] End Sequence </bom:hashes> Allow any elements from a namespace other than this schema's namespace (lax validation). [0..*] End Sequence </...>
<xs:complexType name="toolType"> <xs:sequence minOccurs="0" maxOccurs="1"> <xs:element name="vendor" type="xs:normalizedString" minOccurs="0" maxOccurs="1"/> <xs:element name="name" type="xs:normalizedString" minOccurs="0" maxOccurs="1"/> <xs:element name="version" type="xs:normalizedString" minOccurs="0" maxOccurs="1"/> <xs:element name="hashes" minOccurs="0" maxOccurs="1"> <xs:complexType> <xs:sequence minOccurs="0" maxOccurs="unbounded"> <xs:element name="hash" type="bom:hashType"/> </xs:sequence> </xs:complexType> </xs:element> <xs:any namespace="##other" processContents="lax" minOccurs="0" maxOccurs="unbounded"/> </xs:sequence> <xs:anyAttribute namespace="##other" processContents="lax"/> </xs:complexType>
Simple Type: aggregateType
Super-types: | xs:string < aggregateType (by restriction) |
---|---|
Sub-types: | None |
Name | aggregateType |
---|---|
Content |
|
<xs:simpleType name="aggregateType"> <xs:restriction base="xs:string"> <xs:enumeration value="complete"/> <xs:enumeration value="incomplete"/> <xs:enumeration value="incomplete_first_party_only"/> <xs:enumeration value="incomplete_third_party_only"/> <xs:enumeration value="unknown"/> <xs:enumeration value="not_specified"/> </xs:restriction> </xs:simpleType>
Simple Type: classification
Super-types: | xs:string < classification (by restriction) |
---|---|
Sub-types: | None |
Name | classification |
---|---|
Content |
|
<xs:simpleType name="classification"> <xs:restriction base="xs:string"> <xs:enumeration value="application"/> <xs:enumeration value="framework"/> <xs:enumeration value="library"/> <xs:enumeration value="container"/> <xs:enumeration value="operating-system"/> <xs:enumeration value="device"/> <xs:enumeration value="firmware"/> <xs:enumeration value="file"/> </xs:restriction> </xs:simpleType>
Simple Type: cpe
Super-types: | xs:string < cpe (by restriction) |
---|---|
Sub-types: | None |
Name | cpe |
---|---|
Content |
|
Define the format for acceptable CPE URIs. Supports CPE 2.2 and CPE 2.3 formats. Refer to https://nvd.nist.gov/products/cpe for official specification.
<xs:simpleType name="cpe"> <xs:restriction base="xs:string"> <xs:pattern value="([c][pP][eE]:/[AHOaho]?(:[A-Za-z0-9\._\-~%]*){0,6})|(cpe:2\.3:[aho\*\-](:(((\?*|\*?)([a-zA-Z0-9\-\._]|(\\[\\\*\?!"#$$%&'\(\)\+,/:;<=>@\[\]\^`\{\|}~]))+(\?*|\*?))|[\*\-])){5}(:(([a-zA-Z]{2,3}(-([a-zA-Z]{2}|[0-9]{3}))?)|[\*\-]))(:(((\?*|\*?)([a-zA-Z0-9\-\._]|(\\[\\\*\?!"#$$%&'\(\)\+,/:;<=>@\[\]\^`\{\|}~]))+(\?*|\*?))|[\*\-])){4})"/> </xs:restriction> </xs:simpleType>
Simple Type: dataFlowType
Super-types: | xs:string < dataFlowType (by restriction) |
---|---|
Sub-types: | None |
Name | dataFlowType |
---|---|
Content |
|
Specifies the flow direction of the data. Valid values are: inbound, outbound, bi-directional, and unknown. Direction is relative to the service. Inbound flow states that data enters the service. Outbound flow states that data leaves the service. Bi-directional states that data flows both ways, and unknown states that the direction is not known.
Simple Type: encoding
Super-types: | xs:string < encoding (by restriction) |
---|---|
Sub-types: | None |
Name | encoding |
---|---|
Content |
|
Simple Type: externalReferenceType
Super-types: | xs:string < externalReferenceType (by restriction) |
---|---|
Sub-types: | None |
Name | externalReferenceType |
---|---|
Content |
|
<xs:simpleType name="externalReferenceType"> <xs:restriction base="xs:string"> <xs:enumeration value="vcs"/> <xs:enumeration value="issue-tracker"/> <xs:enumeration value="website"/> <xs:enumeration value="advisories"/> <xs:enumeration value="bom"/> <xs:enumeration value="mailing-list"/> <xs:enumeration value="social"/> <xs:enumeration value="chat"/> <xs:enumeration value="documentation"/> <xs:enumeration value="support"/> <xs:enumeration value="distribution"/> <xs:enumeration value="license"/> <xs:enumeration value="build-meta"/> <xs:enumeration value="build-system"/> <xs:enumeration value="other"/> </xs:restriction> </xs:simpleType>
Simple Type: hashAlg
Super-types: | xs:string < hashAlg (by restriction) |
---|---|
Sub-types: | None |
Name | hashAlg |
---|---|
Content |
|
<xs:simpleType name="hashAlg"> <xs:restriction base="xs:string"> <xs:enumeration value="MD5"/> <xs:enumeration value="SHA-1"/> <xs:enumeration value="SHA-256"/> <xs:enumeration value="SHA-384"/> <xs:enumeration value="SHA-512"/> <xs:enumeration value="SHA3-256"/> <xs:enumeration value="SHA3-384"/> <xs:enumeration value="SHA3-512"/> <xs:enumeration value="BLAKE2b-256"/> <xs:enumeration value="BLAKE2b-384"/> <xs:enumeration value="BLAKE2b-512"/> <xs:enumeration value="BLAKE3"/> </xs:restriction> </xs:simpleType>
Simple Type: hashValue
Name | hashValue |
---|---|
Content |
|
Simple Type: issueClassification
Super-types: | xs:string < issueClassification (by restriction) |
---|---|
Sub-types: | None |
Name | issueClassification |
---|---|
Content |
|
Simple Type: mimeType
Super-types: | xs:token < mimeType (by restriction) |
---|---|
Sub-types: | None |
Name | mimeType |
---|---|
Content |
|
Simple Type: patchClassification
Super-types: | xs:string < patchClassification (by restriction) |
---|---|
Sub-types: | None |
Name | patchClassification |
---|---|
Content |
|
Simple Type: refType
Super-types: | xs:string < refType (by restriction) |
---|---|
Sub-types: | None |
Name | refType |
---|---|
Content |
|
Identifier-DataType for interlinked elements.
Simple Type: scope
Super-types: | xs:string < scope (by restriction) |
---|---|
Sub-types: | None |
Name | scope |
---|---|
Content |
|
Simple Type: urnUuid
Super-types: | xs:string < urnUuid (by restriction) |
---|---|
Sub-types: | None |
Name | urnUuid |
---|---|
Content |
|
Defines a string representation of a UUID conforming to RFC 4122.
Glossary
Abstract (Applies to complex type definitions and element declarations). An abstract element or complex type cannot used to validate an element instance. If there is a reference to an abstract element, only element declarations that can substitute the abstract element can be used to validate the instance. For references to abstract type definitions, only derived types can be used.
All Model Group Child elements can be provided in any order in instances. See: http://www.w3.org/TR/xmlschema-1/#element-all.
Choice Model Group Only one from the list of child elements and model groups can be provided in instances. See: http://www.w3.org/TR/xmlschema-1/#element-choice.
Collapse Whitespace Policy Replace tab, line feed, and carriage return characters with space character (Unicode character 32). Then, collapse contiguous sequences of space characters into single space character, and remove leading and trailing space characters.
Disallowed Substitutions (Applies to element declarations). If substitution is specified, then substitution group members cannot be used in place of the given element declaration to validate element instances. If derivation methods, e.g. extension, restriction, are specified, then the given element declaration will not validate element instances that have types derived from the element declaration's type using the specified derivation methods. Normally, element instances can override their declaration's type by specifying an xsi:type
attribute.
Key Constraint Like Uniqueness Constraint, but additionally requires that the specified value(s) must be provided. See: http://www.w3.org/TR/xmlschema-1/#cIdentity-constraint_Definitions.
Key Reference Constraint Ensures that the specified value(s) must match value(s) from a Key Constraint or Uniqueness Constraint. See: http://www.w3.org/TR/xmlschema-1/#cIdentity-constraint_Definitions.
Model Group Groups together element content, specifying the order in which the element content can occur and the number of times the group of element content may be repeated. See: http://www.w3.org/TR/xmlschema-1/#Model_Groups.
Nillable (Applies to element declarations). If an element declaration is nillable, instances can use the xsi:nil
attribute. The xsi:nil
attribute is the boolean attribute, nil, from the http://www.w3.org/2001/XMLSchema-instance namespace. If an element instance has an xsi:nil
attribute set to true, it can be left empty, even though its element declaration may have required content.
Notation A notation is used to identify the format of a piece of data. Values of elements and attributes that are of type, NOTATION, must come from the names of declared notations. See: http://www.w3.org/TR/xmlschema-1/#cNotation_Declarations.
Preserve Whitespace Policy Preserve whitespaces exactly as they appear in instances.
Prohibited Derivations (Applies to type definitions). Derivation methods that cannot be used to create sub-types from a given type definition.
Prohibited Substitutions (Applies to complex type definitions). Prevents sub-types that have been derived using the specified derivation methods from validating element instances in place of the given type definition.
Replace Whitespace Policy Replace tab, line feed, and carriage return characters with space character (Unicode character 32).
Sequence Model Group Child elements and model groups must be provided in the specified order in instances. See: http://www.w3.org/TR/xmlschema-1/#element-sequence.
Substitution Group Elements that are members of a substitution group can be used wherever the head element of the substitution group is referenced.
Substitution Group Exclusions (Applies to element declarations). Prohibits element declarations from nominating themselves as being able to substitute a given element declaration, if they have types that are derived from the original element's type using the specified derivation methods.
Target Namespace The target namespace identifies the namespace that components in this schema belongs to. If no target namespace is provided, then the schema components do not belong to any namespace.
Uniqueness Constraint Ensures uniqueness of an element/attribute value, or a combination of values, within a specified scope. See: http://www.w3.org/TR/xmlschema-1/#cIdentity-constraint_Definitions.
Element comment
An optional comment describing the external reference