CycloneDX v1.4 XML Reference

Schema Document Properties

Target Namespacehttp://cyclonedx.org/schema/bom/1.4
Version1.4.2
Element and Attribute Namespaces
  • Global element and attribute declarations belong to this schema's target namespace.
  • By default, local element declarations belong to this schema's target namespace.
  • By default, local attribute declarations have no namespace.
Schema Composition
  • This schema imports schema(s) from the following namespace(s):
    • http://cyclonedx.org/schema/spdx (at http://cyclonedx.org/schema/spdx)
No documentation provided.
PrefixNamespace
bomhttp://cyclonedx.org/schema/bom/1.4
spdxhttp://cyclonedx.org/schema/spdx
vchttp://www.w3.org/2007/XMLSchema-versioning
xshttp://www.w3.org/2001/XMLSchema
xmlhttp://www.w3.org/XML/1998/namespace
<xs:schema elementFormDefault="qualified" targetNamespace="http://cyclonedx.org/schema/bom/1.4" minVersion="1.0" maxVersion="1.1" version="1.4.2">
   <xs:import namespace="http://cyclonedx.org/schema/spdx" schemaLocation="http://cyclonedx.org/schema/spdx"/>
...
</xs:schema>

Global Declarations

Element: bom

Namebom
TypeLocally-defined complex type
Nillableno
Abstractno
No documentation provided.
<bom:bom
 version="xs:integer" [0..1] 
 serialNumber="bom:urnUuid" [0..1] 
 Allow any attributes from any namespace (lax validation).
>
   <!--
    Uniqueness Constraint - bom-ref
    Selector - .//*
    Field(s) - @bom-ref
   -->
   <bom:metadata> bom:metadata </bom:metadata> [0..1] 
   <bom:components> bom:componentsType </bom:components> [0..1] 
   <bom:services> bom:servicesType </bom:services> [0..1] 
   <bom:externalReferences> bom:externalReferences </bom:externalReferences> [0..1] 
   <bom:dependencies> bom:dependenciesType </bom:dependencies> [0..1] 
   <bom:compositions> bom:compositionsType </bom:compositions> [0..1] 
   <bom:properties> bom:propertiesType </bom:properties> [0..1] 
   <bom:vulnerabilities> bom:vulnerabilitiesType </bom:vulnerabilities> [0..1] 
   Allow any elements from a namespace other than this schema's namespace (lax validation). [0..*]
</bom:bom>
<xs:element name="bom">
   <xs:complexType>
      <xs:sequence>
         <xs:element name="metadata" type="bom:metadata" minOccurs="0" maxOccurs="1"/>
         <xs:element name="components" type="bom:componentsType" minOccurs="0" maxOccurs="1"/>
         <xs:element name="services" type="bom:servicesType" minOccurs="0" maxOccurs="1"/>
         <xs:element name="externalReferences" type="bom:externalReferences" minOccurs="0" maxOccurs="1"/>
         <xs:element name="dependencies" type="bom:dependenciesType" minOccurs="0" maxOccurs="1"/>
         <xs:element name="compositions" type="bom:compositionsType" minOccurs="0" maxOccurs="1"/>
         <xs:element name="properties" type="bom:propertiesType" minOccurs="0" maxOccurs="1"/>
         <xs:element name="vulnerabilities" type="bom:vulnerabilitiesType" minOccurs="0" maxOccurs="1"/>
         <xs:any namespace="##other" processContents="lax" minOccurs="0" maxOccurs="unbounded"/>
      </xs:sequence>
      <xs:attribute name="version" type="xs:integer" default="1"/>
      <xs:attribute name="serialNumber" type="bom:urnUuid"/>
      <xs:anyAttribute namespace="##any" processContents="lax"/>
   </xs:complexType>
   <xs:unique name="bom-ref">
      <xs:selector xpath=".//*"/>
      <xs:field xpath="@bom-ref"/>
   </xs:unique>
</xs:element>

Global Definitions

Complex Type: advisoryType

Super-types:None
Sub-types:None
NameadvisoryType
Abstractno
No documentation provided.
<...>
   <bom:title> xs:normalizedString </bom:title> [0..1] 
   <bom:url> xs:anyURI </bom:url> [1] 
</...>
<xs:complexType name="advisoryType">
   <xs:sequence>
      <xs:element name="title" type="xs:normalizedString" minOccurs="0" maxOccurs="1"/>
      <xs:element name="url" type="xs:anyURI" minOccurs="1" maxOccurs="1"/>
   </xs:sequence>
</xs:complexType>

Complex Type: attachedTextType

Super-types:xs:string < attachedTextType (by extension)
Sub-types:None
NameattachedTextType
Abstractno
No documentation provided.
<...
 content-type="xs:normalizedString" [0..1] 
 encoding="bom:encoding" [0..1] 
>
    xs:string
</...>
<xs:complexType name="attachedTextType">
   <xs:simpleContent>
      <xs:extension base="xs:string">
         <xs:attribute name="content-type" type="xs:normalizedString" default="text/plain"/>
         <xs:attribute name="encoding" type="bom:encoding"/>
      </xs:extension>
   </xs:simpleContent>
</xs:complexType>

Complex Type: bomReferenceType

Super-types:None
Sub-types:None
NamebomReferenceType
Abstractno
No documentation provided.
<...
 ref="bom:refType" [1] 
 Allow any attributes from a namespace other than this schema's namespace (lax validation).
/> 

<xs:complexType name="bomReferenceType">
   <xs:attribute name="ref" type="bom:refType" use="required"/>
   <xs:anyAttribute namespace="##other" processContents="lax"/>
</xs:complexType>

Complex Type: commitType

Super-types:None
Sub-types:None
NamecommitType
Abstractno
No documentation provided.
<...>
   <bom:uid> xs:normalizedString </bom:uid> [0..1] 
   <bom:url> xs:anyURI </bom:url> [0..1] 
   <bom:author> bom:identifiableActionType </bom:author> [0..1] 
   <bom:committer> bom:identifiableActionType </bom:committer> [0..1] 
   <bom:message> xs:normalizedString </bom:message> [0..1] 
   Allow any elements from a namespace other than this schema's namespace (lax validation). [0..*]
</...>
<xs:complexType name="commitType">
   <xs:sequence>
      <xs:element name="uid" type="xs:normalizedString" minOccurs="0" maxOccurs="1"/>
      <xs:element name="url" type="xs:anyURI" minOccurs="0" maxOccurs="1"/>
      <xs:element name="author" type="bom:identifiableActionType" minOccurs="0" maxOccurs="1"/>
      <xs:element name="committer" type="bom:identifiableActionType" minOccurs="0" maxOccurs="1"/>
      <xs:element name="message" type="xs:normalizedString" minOccurs="0" maxOccurs="1"/>
      <xs:any namespace="##other" processContents="lax" minOccurs="0" maxOccurs="unbounded"/>
   </xs:sequence>
</xs:complexType>

Complex Type: commitsType

Super-types:None
Sub-types:None
NamecommitsType
Abstractno

Zero or more commits can be specified.

<...>
   Start Sequence [0..*]
      <bom:commit> bom:commitType </bom:commit> [1] 
      Allow any elements from a namespace other than this schema's namespace (lax validation). [0..*]
   End Sequence
</...>
<xs:complexType name="commitsType">
   <xs:sequence minOccurs="0" maxOccurs="unbounded">
      <xs:element name="commit" type="bom:commitType"/>
      <xs:any namespace="##other" processContents="lax" minOccurs="0" maxOccurs="unbounded"/>
   </xs:sequence>
</xs:complexType>

Complex Type: component

Super-types:None
Sub-types:None
Namecomponent
Abstractno
No documentation provided.
<...
 type="bom:classification" [1] 
 mime-type="bom:mimeType" [0..1] 
 bom-ref="bom:refType" [0..1] 
 Allow any attributes from any namespace (lax validation).
>
   <bom:supplier> bom:organizationalEntity </bom:supplier> [0..1] 
   <bom:author> xs:normalizedString </bom:author> [0..1] 
   <bom:publisher> xs:normalizedString </bom:publisher> [0..1] 
   <bom:group> xs:normalizedString </bom:group> [0..1] 
   <bom:name> xs:normalizedString </bom:name> [1] 
   <bom:version> xs:normalizedString </bom:version> [0..1] 
   <bom:description> xs:normalizedString </bom:description> [0..1] 
   <bom:scope> bom:scope </bom:scope> [0..1] 
   <bom:hashes   > [0..1] 
      Start Sequence [0..*]
         <bom:hash> bom:hashType </bom:hash> [1]
      End Sequence
   </bom:hashes>
   <bom:licenses> bom:licenseChoiceType </bom:licenses> [0..1]
   <bom:copyright> xs:normalizedString </bom:copyright> [0..1] 
   <bom:cpe> bom:cpe </bom:cpe> [0..1] 
   <bom:purl> xs:anyURI </bom:purl> [0..1] 
   <bom:swid> bom:swidType </bom:swid> [0..1] 
   <bom:modified> xs:boolean </bom:modified> [0..1] 
   <bom:pedigree> bom:pedigreeType </bom:pedigree> [0..1] 
   <bom:externalReferences> bom:externalReferences </bom:externalReferences> [0..1] 
   <bom:properties> bom:propertiesType </bom:properties> [0..1] 
   <bom:components   > [0..1]  
      Start Sequence [0..*]
         <bom:component> bom:component </bom:component> [1]
         Allow any elements from a namespace other than this schema's namespace (lax validation). [0..*]
      End Sequence
   </bom:components>
   <bom:evidence> bom:componentEvidenceType </bom:evidence> [0..1] 
   <bom:releaseNotes> bom:releaseNotesType </bom:releaseNotes> [0..1] 
   Allow any elements from a namespace other than this schema's namespace (lax validation). [0..*]
</...>
<xs:complexType name="component">
   <xs:sequence>
      <xs:element name="supplier" type="bom:organizationalEntity" minOccurs="0" maxOccurs="1"/>
      <xs:element name="author" type="xs:normalizedString" minOccurs="0" maxOccurs="1"/>
      <xs:element name="publisher" type="xs:normalizedString" minOccurs="0" maxOccurs="1"/>
      <xs:element name="group" type="xs:normalizedString" minOccurs="0" maxOccurs="1"/>
      <xs:element name="name" type="xs:normalizedString" minOccurs="1" maxOccurs="1"/>
      <xs:element name="version" type="xs:normalizedString" minOccurs="0" maxOccurs="1"/>
      <xs:element name="description" type="xs:normalizedString" minOccurs="0" maxOccurs="1"/>
      <xs:element name="scope" type="bom:scope" minOccurs="0" maxOccurs="1"/>
      <xs:element name="hashes" minOccurs="0" maxOccurs="1">
         <xs:complexType>
            <xs:sequence minOccurs="0" maxOccurs="unbounded">
               <xs:element name="hash" type="bom:hashType"/>
            </xs:sequence>
         </xs:complexType>
      </xs:element>
      <xs:element name="licenses" type="bom:licenseChoiceType" minOccurs="0" maxOccurs="1"/>
      <xs:element name="copyright" type="xs:normalizedString" minOccurs="0" maxOccurs="1"/>
      <xs:element name="cpe" type="bom:cpe" minOccurs="0" maxOccurs="1"/>
      <xs:element name="purl" type="xs:anyURI" minOccurs="0" maxOccurs="1"/>
      <xs:element name="swid" type="bom:swidType" minOccurs="0" maxOccurs="1"/>
      <xs:element name="modified" type="xs:boolean" minOccurs="0" maxOccurs="1"/>
      <xs:element name="pedigree" type="bom:pedigreeType" minOccurs="0" maxOccurs="1"/>
      <xs:element name="externalReferences" type="bom:externalReferences" minOccurs="0" maxOccurs="1"/>
      <xs:element name="properties" type="bom:propertiesType" minOccurs="0" maxOccurs="1"/>
      <xs:element name="components" minOccurs="0" maxOccurs="1">
         <xs:complexType>
            <xs:sequence minOccurs="0" maxOccurs="unbounded">
               <xs:element name="component" type="bom:component"/>
               <xs:any namespace="##other" processContents="lax" minOccurs="0" maxOccurs="unbounded"/>
            </xs:sequence>
         </xs:complexType>
      </xs:element>
      <xs:element name="evidence" type="bom:componentEvidenceType" minOccurs="0" maxOccurs="1"/>
      <xs:element name="releaseNotes" type="bom:releaseNotesType" minOccurs="0" maxOccurs="1"/>
      <xs:any namespace="##other" processContents="lax" minOccurs="0" maxOccurs="unbounded"/>
   </xs:sequence>
   <xs:attribute name="type" type="bom:classification" use="required"/>
   <xs:attribute name="mime-type" type="bom:mimeType"/>
   <xs:attribute name="bom-ref" type="bom:refType"/>
   <xs:anyAttribute namespace="##any" processContents="lax"/>
</xs:complexType>

Complex Type: componentEvidenceType

Super-types:None
Sub-types:None
NamecomponentEvidenceType
Abstractno
No documentation provided.
<...
 Allow any attributes from any namespace (lax validation).
>
   <bom:licenses> bom:licenseChoiceType </bom:licenses> [0..1]
   <bom:copyright> bom:copyrightsType </bom:copyright> [0..1]
   Allow any elements from a namespace other than this schema's namespace (lax validation). [0..*]
</...>
<xs:complexType name="componentEvidenceType">
   <xs:sequence>
      <xs:element name="licenses" type="bom:licenseChoiceType" minOccurs="0" maxOccurs="1"/>
      <xs:element name="copyright" type="bom:copyrightsType" minOccurs="0" maxOccurs="1"/>
      <xs:any namespace="##other" processContents="lax" minOccurs="0" maxOccurs="unbounded"/>
   </xs:sequence>
   <xs:anyAttribute namespace="##any" processContents="lax"/>
</xs:complexType>

Complex Type: componentsType

Super-types:None
Sub-types:None
NamecomponentsType
Abstractno
No documentation provided.
<...
 Allow any attributes from any namespace (lax validation).
>
   Start Sequence [0..*]
      <bom:component> bom:component </bom:component> [1]
      Allow any elements from a namespace other than this schema's namespace (lax validation). [0..*]
   End Sequence
</...>
<xs:complexType name="componentsType">
   <xs:sequence minOccurs="0" maxOccurs="unbounded">
      <xs:element name="component" type="bom:component"/>
      <xs:any namespace="##other" processContents="lax" minOccurs="0" maxOccurs="unbounded"/>
   </xs:sequence>
   <xs:anyAttribute namespace="##any" processContents="lax"/>
</xs:complexType>

Complex Type: compositionType

Super-types:None
Sub-types:None
NamecompositionType
Abstractno
No documentation provided.
<...>
   Start Sequence [0..*]
      <bom:aggregate> bom:aggregateType </bom:aggregate> [1] 
      <bom:assemblies      > [0..1]  
         Start Sequence [0..*]
            <bom:assembly> bom:bomReferenceType </bom:assembly> [1]
            Allow any elements from a namespace other than this schema's namespace (lax validation). [0..*]
         End Sequence
      </bom:assemblies>
      <bom:dependencies      > [0..1]  
         Start Sequence [0..*]
            <bom:dependency> bom:bomReferenceType </bom:dependency> [1]
            Allow any elements from a namespace other than this schema's namespace (lax validation). [0..*]
         End Sequence
      </bom:dependencies>
   End Sequence
</...>
<xs:complexType name="compositionType">
   <xs:sequence minOccurs="0" maxOccurs="unbounded">
      <xs:element name="aggregate" type="bom:aggregateType" default="not_specified"/>
      <xs:element name="assemblies" minOccurs="0" maxOccurs="1">
         <xs:complexType>
            <xs:sequence minOccurs="0" maxOccurs="unbounded">
               <xs:element name="assembly" type="bom:bomReferenceType"/>
               <xs:any namespace="##other" processContents="lax" minOccurs="0" maxOccurs="unbounded"/>
            </xs:sequence>
         </xs:complexType>
      </xs:element>
      <xs:element name="dependencies" minOccurs="0" maxOccurs="1">
         <xs:complexType>
            <xs:sequence minOccurs="0" maxOccurs="unbounded">
               <xs:element name="dependency" type="bom:bomReferenceType"/>
               <xs:any namespace="##other" processContents="lax" minOccurs="0" maxOccurs="unbounded"/>
            </xs:sequence>
         </xs:complexType>
      </xs:element>
   </xs:sequence>
</xs:complexType>

Complex Type: compositionsType

Super-types:None
Sub-types:None
NamecompositionsType
Abstractno
No documentation provided.
<...
 Allow any attributes from any namespace (lax validation).
>
   Start Sequence [0..*]
      <bom:composition> bom:compositionType </bom:composition> [1]
      Allow any elements from a namespace other than this schema's namespace (lax validation). [0..*]
   End Sequence
</...>
<xs:complexType name="compositionsType">
   <xs:sequence minOccurs="0" maxOccurs="unbounded">
      <xs:element name="composition" type="bom:compositionType"/>
      <xs:any namespace="##other" processContents="lax" minOccurs="0" maxOccurs="unbounded"/>
   </xs:sequence>
   <xs:anyAttribute namespace="##any" processContents="lax"/>
</xs:complexType>

Complex Type: copyrightsType

Super-types:None
Sub-types:None
NamecopyrightsType
Abstractno
No documentation provided.
<...>
   <bom:text> xs:string </bom:text> [0..*]
</...>
<xs:complexType name="copyrightsType">
   <xs:sequence>
      <xs:element name="text" type="xs:string" minOccurs="0" maxOccurs="unbounded"/>
   </xs:sequence>
</xs:complexType>

Complex Type: dataClassificationType

Super-types:xs:normalizedString < dataClassificationType (by extension)
Sub-types:None
NamedataClassificationType
Abstractno

Specifies the data classification.

<...
 flow="bom:dataFlowType" [1] 
>
    xs:normalizedString
</...>
<xs:complexType name="dataClassificationType">
   <xs:simpleContent>
      <xs:extension base="xs:normalizedString">
         <xs:attribute name="flow" type="bom:dataFlowType" use="required"/>
      </xs:extension>
   </xs:simpleContent>
</xs:complexType>

Complex Type: dependenciesType

Super-types:None
Sub-types:None
NamedependenciesType
Abstractno
No documentation provided.
<...>
   Start Sequence [0..*]
      <bom:dependency> bom:dependencyType </bom:dependency> [1] 
   End Sequence
</...>
<xs:complexType name="dependenciesType">
   <xs:sequence minOccurs="0" maxOccurs="unbounded">
      <xs:element name="dependency" type="bom:dependencyType"/>
   </xs:sequence>
</xs:complexType>

Complex Type: dependencyType

Super-types:None
Sub-types:None
NamedependencyType
Abstractno
No documentation provided.
<...
 ref="bom:refType" [1] 
 Allow any attributes from a namespace other than this schema's namespace (lax validation).
>
   Start Sequence [0..*]
      <bom:dependency> bom:dependencyType </bom:dependency> [1]
   End Sequence
</...>
<xs:complexType name="dependencyType">
   <xs:sequence minOccurs="0" maxOccurs="unbounded">
      <xs:element name="dependency" type="bom:dependencyType"/>
   </xs:sequence>
   <xs:attribute name="ref" type="bom:refType" use="required"/>
   <xs:anyAttribute namespace="##other" processContents="lax"/>
</xs:complexType>

Complex Type: diffType

Super-types:None
Sub-types:None
NamediffType
Abstractno
No documentation provided.
<...>
   <bom:text> bom:attachedTextType </bom:text> [0..1] 
   <bom:url> xs:anyURI </bom:url> [0..1] 
   Allow any elements from a namespace other than this schema's namespace (lax validation). [0..*]
</...>
<xs:complexType name="diffType">
   <xs:sequence>
      <xs:element name="text" type="bom:attachedTextType" minOccurs="0" maxOccurs="1"/>
      <xs:element name="url" type="xs:anyURI" minOccurs="0" maxOccurs="1"/>
      <xs:any namespace="##other" processContents="lax" minOccurs="0" maxOccurs="unbounded"/>
   </xs:sequence>
</xs:complexType>

Complex Type: externalReference

Super-types:None
Sub-types:None
NameexternalReference
Abstractno
No documentation provided.
<...
 type="bom:externalReferenceType" [1] 
 Allow any attributes from any namespace (lax validation).
>
   <bom:url> xs:anyURI </bom:url> [1] 
   <bom:comment> xs:string </bom:comment> [0..1] 
   <bom:hashes   > [0..1] 
      Start Sequence [0..*]
         <bom:hash> bom:hashType </bom:hash> [1]
      End Sequence
   </bom:hashes>
</...>
<xs:complexType name="externalReference">
   <xs:sequence>
      <xs:element name="url" type="xs:anyURI" minOccurs="1" maxOccurs="1"/>
      <xs:element name="comment" type="xs:string" minOccurs="0" maxOccurs="1"/>
      <xs:element name="hashes" minOccurs="0" maxOccurs="1">
         <xs:complexType>
            <xs:sequence minOccurs="0" maxOccurs="unbounded">
               <xs:element name="hash" type="bom:hashType"/>
            </xs:sequence>
         </xs:complexType>
      </xs:element>
   </xs:sequence>
   <xs:attribute name="type" type="bom:externalReferenceType" use="required"/>
   <xs:anyAttribute namespace="##any" processContents="lax"/>
</xs:complexType>

Complex Type: externalReferences

Super-types:None
Sub-types:None
NameexternalReferences
Abstractno

External references provide a way to document systems, sites, and information that may be relevant but which are not included with the BOM.

<...>
   Start Sequence [0..*]
      <bom:reference> bom:externalReference </bom:reference> [1] 
   End Sequence
</...>
<xs:complexType name="externalReferences">
   <xs:sequence minOccurs="0" maxOccurs="unbounded">
      <xs:element name="reference" type="bom:externalReference"/>
   </xs:sequence>
</xs:complexType>

Complex Type: hashType

Super-types:xs:token < hashValue (by restriction) < hashType (by extension)
Sub-types:None
NamehashType
Abstractno

Specifies the file hash of the component

<...
 alg="bom:hashAlg" [1] 
>
    bom:hashValue
</...>
<xs:complexType name="hashType">
   <xs:simpleContent>
      <xs:extension base="bom:hashValue">
         <xs:attribute name="alg" type="bom:hashAlg" use="required"/>
      </xs:extension>
   </xs:simpleContent>
</xs:complexType>

Complex Type: identifiableActionType

Super-types:None
Sub-types:None
NameidentifiableActionType
Abstractno
No documentation provided.
<...>
   <bom:timestamp> xs:dateTime </bom:timestamp> [0..1] 
   <bom:name> xs:normalizedString </bom:name> [0..1] 
   <bom:email> xs:normalizedString </bom:email> [0..1] 
   Allow any elements from a namespace other than this schema's namespace (lax validation). [0..*]
</...>
<xs:complexType name="identifiableActionType">
   <xs:sequence>
      <xs:element name="timestamp" type="xs:dateTime" minOccurs="0" maxOccurs="1"/>
      <xs:element name="name" type="xs:normalizedString" minOccurs="0" maxOccurs="1"/>
      <xs:element name="email" type="xs:normalizedString" minOccurs="0" maxOccurs="1"/>
      <xs:any namespace="##other" processContents="lax" minOccurs="0" maxOccurs="unbounded"/>
   </xs:sequence>
</xs:complexType>

Complex Type: issueType

Super-types:None
Sub-types:None
NameissueType
Abstractno

An individual issue that has been resolved.

<...
 type="bom:issueClassification" [1] 
>
   <bom:id> xs:normalizedString </bom:id> [0..1] 
   <bom:name> xs:normalizedString </bom:name> [0..1] 
   <bom:description> xs:normalizedString </bom:description> [0..1] 
   <bom:source   > [0..1] 
      <bom:name> xs:normalizedString </bom:name> [0..1] 
      <bom:url> xs:anyURI </bom:url> [0..1] 
   </bom:source>
   <bom:references   > [0..1] 
      Start Sequence [0..*]
         <bom:url> xs:anyURI </bom:url> [1]
      End Sequence
   </bom:references>
   Allow any elements from a namespace other than this schema's namespace (lax validation). [0..*]
</...>
<xs:complexType name="issueType">
   <xs:sequence>
      <xs:element name="id" type="xs:normalizedString" minOccurs="0" maxOccurs="1"/>
      <xs:element name="name" type="xs:normalizedString" minOccurs="0" maxOccurs="1"/>
      <xs:element name="description" type="xs:normalizedString" minOccurs="0" maxOccurs="1"/>
      <xs:element name="source" minOccurs="0" maxOccurs="1">
         <xs:complexType>
            <xs:sequence>
               <xs:element name="name" type="xs:normalizedString" minOccurs="0" maxOccurs="1"/>
               <xs:element name="url" type="xs:anyURI" minOccurs="0" maxOccurs="1"/>
            </xs:sequence>
         </xs:complexType>
      </xs:element>
      <xs:element name="references" minOccurs="0" maxOccurs="1">
         <xs:complexType>
            <xs:sequence minOccurs="0" maxOccurs="unbounded">
               <xs:element name="url" type="xs:anyURI"/>
            </xs:sequence>
         </xs:complexType>
      </xs:element>
      <xs:any namespace="##other" processContents="lax" minOccurs="0" maxOccurs="unbounded"/>
   </xs:sequence>
   <xs:attribute name="type" type="bom:issueClassification" use="required"/>
</xs:complexType>

Complex Type: licenseChoiceType

Super-types:None
Sub-types:None
NamelicenseChoiceType
Abstractno
No documentation provided.
<...>
   Start Choice [1]
      <bom:license> bom:licenseType </bom:license> [0..*]
      <bom:expression> xs:normalizedString </bom:expression> [0..1] 
   End Choice
</...>
<xs:complexType name="licenseChoiceType">
   <xs:choice>
      <xs:element name="license" type="bom:licenseType" minOccurs="0" maxOccurs="unbounded"/>
      <xs:element name="expression" type="xs:normalizedString" minOccurs="0" maxOccurs="1"/>
   </xs:choice>
</xs:complexType>

Complex Type: licenseType

Super-types:None
Sub-types:None
NamelicenseType
Abstractno
No documentation provided.
<...>
   Start Choice [1]
      <bom:id> spdx:licenseId </bom:id> [0..1] 
      <bom:name> xs:normalizedString </bom:name> [0..1] 
   End Choice
   <bom:text> bom:attachedTextType </bom:text> [0..1] 
   <bom:url> xs:anyURI </bom:url> [0..1] 
   Allow any elements from a namespace other than this schema's namespace (lax validation). [0..*]
</...>
<xs:complexType name="licenseType">
   <xs:sequence>
      <xs:choice>
         <xs:element name="id" type="spdx:licenseId" minOccurs="0" maxOccurs="1"/>
         <xs:element name="name" type="xs:normalizedString" minOccurs="0" maxOccurs="1"/>
      </xs:choice>
      <xs:element name="text" type="bom:attachedTextType" minOccurs="0" maxOccurs="1"/>
      <xs:element name="url" type="xs:anyURI" minOccurs="0" maxOccurs="1"/>
      <xs:any namespace="##other" processContents="lax" minOccurs="0" maxOccurs="unbounded"/>
   </xs:sequence>
</xs:complexType>

Complex Type: metadata

Super-types:None
Sub-types:None
Namemetadata
Abstractno
No documentation provided.
<...
 Allow any attributes from a namespace other than this schema's namespace (lax validation).
>
   Start Sequence [0..1]
      <bom:timestamp> xs:dateTime </bom:timestamp> [0..1] 
      <bom:tools      > [0..1]  
         Start Sequence [0..*]
            <bom:tool> bom:toolType </bom:tool> [0..1]
         End Sequence
      </bom:tools>
      <bom:authors      > [0..1]  
         Start Sequence [0..*]
            <bom:author> bom:organizationalContact </bom:author> [1]
         End Sequence
      </bom:authors>
      <bom:component> bom:component </bom:component> [0..1] 
      <bom:manufacture> bom:organizationalEntity </bom:manufacture> [0..1] 
      <bom:supplier> bom:organizationalEntity </bom:supplier> [0..1] 
      <bom:licenses> bom:licenseChoiceType </bom:licenses> [0..1]
      <bom:properties> bom:propertiesType </bom:properties> [0..1] 
      Allow any elements from a namespace other than this schema's namespace (lax validation). [0..*]
   End Sequence
</...>
<xs:complexType name="metadata">
   <xs:sequence minOccurs="0" maxOccurs="1">
      <xs:element name="timestamp" type="xs:dateTime" minOccurs="0"/>
      <xs:element name="tools" minOccurs="0" maxOccurs="1">
         <xs:complexType>
            <xs:sequence minOccurs="0" maxOccurs="unbounded">
               <xs:element name="tool" type="bom:toolType" minOccurs="0"/>
            </xs:sequence>
         </xs:complexType>
      </xs:element>
      <xs:element name="authors" minOccurs="0" maxOccurs="1">
         <xs:complexType>
            <xs:sequence minOccurs="0" maxOccurs="unbounded">
               <xs:element name="author" type="bom:organizationalContact"/>
            </xs:sequence>
         </xs:complexType>
      </xs:element>
      <xs:element name="component" type="bom:component" minOccurs="0"/>
      <xs:element name="manufacture" type="bom:organizationalEntity" minOccurs="0" maxOccurs="1"/>
      <xs:element name="supplier" type="bom:organizationalEntity" minOccurs="0" maxOccurs="1"/>
      <xs:element name="licenses" type="bom:licenseChoiceType" minOccurs="0" maxOccurs="1"/>
      <xs:element name="properties" type="bom:propertiesType" minOccurs="0" maxOccurs="1"/>
      <xs:any namespace="##other" processContents="lax" minOccurs="0" maxOccurs="unbounded"/>
   </xs:sequence>
   <xs:anyAttribute namespace="##other" processContents="lax"/>
</xs:complexType>

Complex Type: organizationalContact

Super-types:None
Sub-types:None
NameorganizationalContact
Abstractno
No documentation provided.
<...
 Allow any attributes from a namespace other than this schema's namespace (lax validation).
>
   Start Sequence [0..1]
      <bom:name> xs:normalizedString </bom:name> [0..1] 
      <bom:email> xs:normalizedString </bom:email> [0..1] 
      <bom:phone> xs:normalizedString </bom:phone> [0..1] 
      Allow any elements from a namespace other than this schema's namespace (lax validation). [0..*]
   End Sequence
</...>
<xs:complexType name="organizationalContact">
   <xs:sequence minOccurs="0" maxOccurs="1">
      <xs:element name="name" type="xs:normalizedString" minOccurs="0" maxOccurs="1"/>
      <xs:element name="email" type="xs:normalizedString" minOccurs="0" maxOccurs="1"/>
      <xs:element name="phone" type="xs:normalizedString" minOccurs="0" maxOccurs="1"/>
      <xs:any namespace="##other" processContents="lax" minOccurs="0" maxOccurs="unbounded"/>
   </xs:sequence>
   <xs:anyAttribute namespace="##other" processContents="lax"/>
</xs:complexType>

Complex Type: organizationalEntity

Super-types:None
Sub-types:None
NameorganizationalEntity
Abstractno
No documentation provided.
<...
 Allow any attributes from a namespace other than this schema's namespace (lax validation).
>
   Start Sequence [0..1]
      <bom:name> xs:normalizedString </bom:name> [0..1] 
      <bom:url> xs:anyURI </bom:url> [0..*] 
      <bom:contact> bom:organizationalContact </bom:contact> [0..*] 
      Allow any elements from a namespace other than this schema's namespace (lax validation). [0..*]
   End Sequence
</...>
<xs:complexType name="organizationalEntity">
   <xs:sequence minOccurs="0" maxOccurs="1">
      <xs:element name="name" type="xs:normalizedString" minOccurs="0" maxOccurs="1"/>
      <xs:element name="url" type="xs:anyURI" minOccurs="0" maxOccurs="unbounded"/>
      <xs:element name="contact" type="bom:organizationalContact" minOccurs="0" maxOccurs="unbounded"/>
      <xs:any namespace="##other" processContents="lax" minOccurs="0" maxOccurs="unbounded"/>
   </xs:sequence>
   <xs:anyAttribute namespace="##other" processContents="lax"/>
</xs:complexType>

Complex Type: patchType

Super-types:None
Sub-types:None
NamepatchType
Abstractno
No documentation provided.
<...
 type="bom:patchClassification" [1] 
>
   <bom:diff> bom:diffType </bom:diff> [0..1] 
   <bom:resolves   > [0..1] 
      Start Sequence [0..*]
         <bom:issue> bom:issueType </bom:issue> [1]
      End Sequence
   </bom:resolves>
   Allow any elements from a namespace other than this schema's namespace (lax validation). [0..*]
</...>
<xs:complexType name="patchType">
   <xs:sequence>
      <xs:element name="diff" type="bom:diffType" minOccurs="0" maxOccurs="1"/>
      <xs:element name="resolves" minOccurs="0" maxOccurs="1">
         <xs:complexType>
            <xs:sequence minOccurs="0" maxOccurs="unbounded">
               <xs:element name="issue" type="bom:issueType"/>
            </xs:sequence>
         </xs:complexType>
      </xs:element>
      <xs:any namespace="##other" processContents="lax" minOccurs="0" maxOccurs="unbounded"/>
   </xs:sequence>
   <xs:attribute name="type" type="bom:patchClassification" use="required"/>
</xs:complexType>

Complex Type: patchesType

Super-types:None
Sub-types:None
NamepatchesType
Abstractno

Zero or more patches can be specified.

<...>
   Start Sequence [0..*]
      <bom:patch> bom:patchType </bom:patch> [1] 
      Allow any elements from a namespace other than this schema's namespace (lax validation). [0..*]
   End Sequence
</...>
<xs:complexType name="patchesType">
   <xs:sequence minOccurs="0" maxOccurs="unbounded">
      <xs:element name="patch" type="bom:patchType"/>
      <xs:any namespace="##other" processContents="lax" minOccurs="0" maxOccurs="unbounded"/>
   </xs:sequence>
</xs:complexType>

Complex Type: pedigreeType

Super-types:None
Sub-types:None
NamepedigreeType
Abstractno

Component pedigree is a way to document complex supply chain scenarios where components are created, distributed, modified, redistributed, combined with other components, etc. Pedigree supports viewing this complex chain from the beginning, the end, or anywhere in the middle. It also provides a way to document variants where the exact relation may not be known.

<...>
   <bom:ancestors> bom:componentsType </bom:ancestors> [0..1] 
   <bom:descendants> bom:componentsType </bom:descendants> [0..1] 
   <bom:variants> bom:componentsType </bom:variants> [0..1] 
   <bom:commits> bom:commitsType </bom:commits> [0..1] 
   <bom:patches> bom:patchesType </bom:patches> [0..1] 
   <bom:notes> xs:string </bom:notes> [0..1] 
   Allow any elements from a namespace other than this schema's namespace (lax validation). [0..*]
</...>
<xs:complexType name="pedigreeType">
   <xs:sequence>
      <xs:element name="ancestors" type="bom:componentsType" minOccurs="0" maxOccurs="1"/>
      <xs:element name="descendants" type="bom:componentsType" minOccurs="0" maxOccurs="1"/>
      <xs:element name="variants" type="bom:componentsType" minOccurs="0" maxOccurs="1"/>
      <xs:element name="commits" type="bom:commitsType" minOccurs="0" maxOccurs="1"/>
      <xs:element name="patches" type="bom:patchesType" minOccurs="0" maxOccurs="1"/>
      <xs:element name="notes" type="xs:string" minOccurs="0" maxOccurs="1"/>
      <xs:any namespace="##other" processContents="lax" minOccurs="0" maxOccurs="unbounded"/>
   </xs:sequence>
</xs:complexType>

Complex Type: propertiesType

Super-types:None
Sub-types:None
NamepropertiesType
Abstractno
No documentation provided.
<...
 Allow any attributes from any namespace (lax validation).
>
   Start Sequence [0..*]
      <bom:property> bom:propertyType </bom:property> [1]
      Allow any elements from a namespace other than this schema's namespace (lax validation). [0..*]
   End Sequence
</...>
<xs:complexType name="propertiesType">
   <xs:sequence minOccurs="0" maxOccurs="unbounded">
      <xs:element name="property" type="bom:propertyType"/>
      <xs:any namespace="##other" processContents="lax" minOccurs="0" maxOccurs="unbounded"/>
   </xs:sequence>
   <xs:anyAttribute namespace="##any" processContents="lax"/>
</xs:complexType>

Complex Type: propertyType

Super-types:xs:normalizedString < propertyType (by extension)
Sub-types:None
NamepropertyType
Abstractno

Specifies an individual property with a name and value.

<...
 name="xs:string" [1] 
>
    xs:normalizedString
</...>
<xs:complexType name="propertyType">
   <xs:simpleContent>
      <xs:extension base="xs:normalizedString">
         <xs:attribute name="name" type="xs:string" use="required"/>
      </xs:extension>
   </xs:simpleContent>
</xs:complexType>

Complex Type: ratingType

Super-types:None
Sub-types:None
NameratingType
Abstractno
No documentation provided.
<...>
   <bom:source> bom:vulnerabilitySourceType </bom:source> [0..1] 
   <bom:score> xs:decimal </bom:score> [0..1] 
   <bom:severity> bom:severityType </bom:severity> [0..1] 
   <bom:method> bom:scoreSourceType </bom:method> [0..1] 
   <bom:vector> xs:normalizedString </bom:vector> [0..1] 
   <bom:justification> xs:string </bom:justification> [0..1] 
</...>
<xs:complexType name="ratingType">
   <xs:sequence>
      <xs:element name="source" type="bom:vulnerabilitySourceType" minOccurs="0" maxOccurs="1"/>
      <xs:element name="score" type="xs:decimal" minOccurs="0" maxOccurs="1"/>
      <xs:element name="severity" type="bom:severityType" minOccurs="0" maxOccurs="1"/>
      <xs:element name="method" type="bom:scoreSourceType" minOccurs="0" maxOccurs="1"/>
      <xs:element name="vector" type="xs:normalizedString" minOccurs="0" maxOccurs="1"/>
      <xs:element name="justification" type="xs:string" minOccurs="0" maxOccurs="1"/>
   </xs:sequence>
</xs:complexType>

Complex Type: releaseNotesType

Super-types:None
Sub-types:None
NamereleaseNotesType
Abstractno
No documentation provided.
<...
 Allow any attributes from any namespace (lax validation).
>
   Start Sequence [0..*]
      <bom:type> xs:normalizedString </bom:type> [1] 
      <bom:title> xs:string </bom:title> [0..1] 
      <bom:featuredImage> xs:anyURI </bom:featuredImage> [0..1] 
      <bom:socialImage> xs:anyURI </bom:socialImage> [0..1] 
      <bom:description> xs:string </bom:description> [0..1] 
      <bom:timestamp> xs:dateTime </bom:timestamp> [0..1] 
      <bom:aliases      > [0..1] 
         Start Sequence [0..*]
            <bom:alias> xs:normalizedString </bom:alias> [1] 
         End Sequence
      </bom:aliases>
      <bom:tags      > [0..1] 
         Start Sequence [0..*]
            <bom:tag> xs:normalizedString </bom:tag> [1] 
         End Sequence
      </bom:tags>
      <bom:resolves      > [0..1]  
         Start Sequence [0..*]
            <bom:issue> bom:issueType </bom:issue> [1]
         End Sequence
      </bom:resolves>
      <bom:notes      > [0..1] 
         Start Sequence [0..*]
            <bom:note            > [1]  
               Start Sequence [0..*]
                  <bom:locale> bom:localeType </bom:locale> [0..1] 
                  <bom:text> bom:attachedTextType </bom:text> [1] 
               End Sequence
            </bom:note>
         End Sequence
      </bom:notes>
      <bom:properties> bom:propertiesType </bom:properties> [0..1] 
      Allow any elements from a namespace other than this schema's namespace (lax validation). [0..*]
   End Sequence
</...>
<xs:complexType name="releaseNotesType">
   <xs:sequence minOccurs="0" maxOccurs="unbounded">
      <xs:element name="type" type="xs:normalizedString" minOccurs="1" maxOccurs="1"/>
      <xs:element name="title" type="xs:string" minOccurs="0" maxOccurs="1"/>
      <xs:element name="featuredImage" type="xs:anyURI" minOccurs="0" maxOccurs="1"/>
      <xs:element name="socialImage" type="xs:anyURI" minOccurs="0" maxOccurs="1"/>
      <xs:element name="description" type="xs:string" minOccurs="0" maxOccurs="1"/>
      <xs:element name="timestamp" type="xs:dateTime" minOccurs="0" maxOccurs="1"/>
      <xs:element name="aliases" minOccurs="0" maxOccurs="1">
         <xs:complexType>
            <xs:sequence minOccurs="0" maxOccurs="unbounded">
               <xs:element name="alias" type="xs:normalizedString"/>
            </xs:sequence>
         </xs:complexType>
      </xs:element>
      <xs:element name="tags" minOccurs="0" maxOccurs="1">
         <xs:complexType>
            <xs:sequence minOccurs="0" maxOccurs="unbounded">
               <xs:element name="tag" type="xs:normalizedString"/>
            </xs:sequence>
         </xs:complexType>
      </xs:element>
      <xs:element name="resolves" minOccurs="0" maxOccurs="1">
         <xs:complexType>
            <xs:sequence minOccurs="0" maxOccurs="unbounded">
               <xs:element name="issue" type="bom:issueType"/>
            </xs:sequence>
         </xs:complexType>
      </xs:element>
      <xs:element name="notes" minOccurs="0" maxOccurs="1">
         <xs:complexType>
            <xs:sequence minOccurs="0" maxOccurs="unbounded">
               <xs:element name="note">
                  <xs:complexType>
                     <xs:sequence minOccurs="0" maxOccurs="unbounded">
                        <xs:element name="locale" type="bom:localeType" minOccurs="0" maxOccurs="1"/>
                        <xs:element name="text" type="bom:attachedTextType" minOccurs="1" maxOccurs="1"/>
                     </xs:sequence>
                  </xs:complexType>
               </xs:element>
            </xs:sequence>
         </xs:complexType>
      </xs:element>
      <xs:element name="properties" type="bom:propertiesType" minOccurs="0" maxOccurs="1"/>
      <xs:any namespace="##other" processContents="lax" minOccurs="0" maxOccurs="unbounded"/>
   </xs:sequence>
   <xs:anyAttribute namespace="##any" processContents="lax"/>
</xs:complexType>

Complex Type: service

Super-types:None
Sub-types:None
Nameservice
Abstractno
No documentation provided.
<...
 bom-ref="bom:refType" [0..1] 
 Allow any attributes from any namespace (lax validation).
>
   <bom:provider> bom:organizationalEntity </bom:provider> [0..1] 
   <bom:group> xs:normalizedString </bom:group> [0..1] 
   <bom:name> xs:normalizedString </bom:name> [1] 
   <bom:version> xs:normalizedString </bom:version> [0..1] 
   <bom:description> xs:normalizedString </bom:description> [0..1] 
   <bom:endpoints   > [0..1] 
      Start Sequence [0..*]
         <bom:endpoint> xs:anyURI </bom:endpoint> [1] 
      End Sequence
   </bom:endpoints>
   <bom:authenticated> xs:boolean </bom:authenticated> [0..1] 
   <bom:x-trust-boundary> xs:boolean </bom:x-trust-boundary> [0..1] 
   <bom:data   > [0..1] 
      Start Sequence [0..*]
         <bom:classification> bom:dataClassificationType </bom:classification> [1] 
      End Sequence
   </bom:data>
   <bom:licenses> bom:licenseChoiceType </bom:licenses> [0..1]
   <bom:externalReferences> bom:externalReferences </bom:externalReferences> [0..1] 
   <bom:properties> bom:propertiesType </bom:properties> [0..1] 
   <bom:services   > [0..1]  
      Start Sequence [0..*]
         <bom:service> bom:service </bom:service> [1]
         Allow any elements from a namespace other than this schema's namespace (lax validation). [0..*]
      End Sequence
   </bom:services>
   <bom:releaseNotes> bom:releaseNotesType </bom:releaseNotes> [0..1] 
   Allow any elements from a namespace other than this schema's namespace (lax validation). [0..*]
</...>
<xs:complexType name="service">
   <xs:sequence>
      <xs:element name="provider" type="bom:organizationalEntity" minOccurs="0" maxOccurs="1"/>
      <xs:element name="group" type="xs:normalizedString" minOccurs="0" maxOccurs="1"/>
      <xs:element name="name" type="xs:normalizedString" minOccurs="1" maxOccurs="1"/>
      <xs:element name="version" type="xs:normalizedString" minOccurs="0" maxOccurs="1"/>
      <xs:element name="description" type="xs:normalizedString" minOccurs="0" maxOccurs="1"/>
      <xs:element name="endpoints" minOccurs="0" maxOccurs="1">
         <xs:complexType>
            <xs:sequence minOccurs="0" maxOccurs="unbounded">
               <xs:element name="endpoint" type="xs:anyURI" minOccurs="1"/>
            </xs:sequence>
         </xs:complexType>
      </xs:element>
      <xs:element name="authenticated" type="xs:boolean" minOccurs="0" maxOccurs="1"/>
      <xs:element name="x-trust-boundary" type="xs:boolean" minOccurs="0" maxOccurs="1"/>
      <xs:element name="data" minOccurs="0" maxOccurs="1">
         <xs:complexType>
            <xs:sequence minOccurs="0" maxOccurs="unbounded">
               <xs:element name="classification" type="bom:dataClassificationType"/>
            </xs:sequence>
         </xs:complexType>
      </xs:element>
      <xs:element name="licenses" type="bom:licenseChoiceType" minOccurs="0" maxOccurs="1"/>
      <xs:element name="externalReferences" type="bom:externalReferences" minOccurs="0" maxOccurs="1"/>
      <xs:element name="properties" type="bom:propertiesType" minOccurs="0" maxOccurs="1"/>
      <xs:element name="services" minOccurs="0" maxOccurs="1">
         <xs:complexType>
            <xs:sequence minOccurs="0" maxOccurs="unbounded">
               <xs:element name="service" type="bom:service"/>
               <xs:any namespace="##other" processContents="lax" minOccurs="0" maxOccurs="unbounded"/>
            </xs:sequence>
         </xs:complexType>
      </xs:element>
      <xs:element name="releaseNotes" type="bom:releaseNotesType" minOccurs="0" maxOccurs="1"/>
      <xs:any namespace="##other" processContents="lax" minOccurs="0" maxOccurs="unbounded"/>
   </xs:sequence>
   <xs:attribute name="bom-ref" type="bom:refType"/>
   <xs:anyAttribute namespace="##any" processContents="lax"/>
</xs:complexType>

Complex Type: servicesType

Super-types:None
Sub-types:None
NameservicesType
Abstractno
No documentation provided.
<...
 Allow any attributes from any namespace (lax validation).
>
   Start Sequence [0..*]
      <bom:service> bom:service </bom:service> [1]
      Allow any elements from a namespace other than this schema's namespace (lax validation). [0..*]
   End Sequence
</...>
<xs:complexType name="servicesType">
   <xs:sequence minOccurs="0" maxOccurs="unbounded">
      <xs:element name="service" type="bom:service"/>
      <xs:any namespace="##other" processContents="lax" minOccurs="0" maxOccurs="unbounded"/>
   </xs:sequence>
   <xs:anyAttribute namespace="##any" processContents="lax"/>
</xs:complexType>

Complex Type: swidType

Super-types:None
Sub-types:None
NameswidType
Abstractno
No documentation provided.
<...
 tagId="xs:string" [1] 
 name="xs:string" [1] 
 version="xs:string" [0..1] 
 tagVersion="xs:integer" [0..1] 
 patch="xs:boolean" [0..1] 
>
   <bom:text> bom:attachedTextType </bom:text> [0..1] 
   <bom:url> xs:anyURI </bom:url> [0..1] 
   Allow any elements from a namespace other than this schema's namespace (lax validation). [0..*]
</...>
<xs:complexType name="swidType">
   <xs:sequence>
      <xs:element name="text" type="bom:attachedTextType" minOccurs="0" maxOccurs="1"/>
      <xs:element name="url" type="xs:anyURI" minOccurs="0" maxOccurs="1"/>
      <xs:any namespace="##other" processContents="lax" minOccurs="0" maxOccurs="unbounded"/>
   </xs:sequence>
   <xs:attribute name="tagId" type="xs:string" use="required"/>
   <xs:attribute name="name" type="xs:string" use="required"/>
   <xs:attribute name="version" type="xs:string" use="optional" default="0.0"/>
   <xs:attribute name="tagVersion" type="xs:integer" use="optional" default="0"/>
   <xs:attribute name="patch" type="xs:boolean" use="optional" default="false"/>
</xs:complexType>

Complex Type: toolType

Super-types:None
Sub-types:None
NametoolType
Abstractno

Information about the automated or manual tool used

<...
 Allow any attributes from a namespace other than this schema's namespace (lax validation).
>
   Start Sequence [0..1]
      <bom:vendor> xs:normalizedString </bom:vendor> [0..1] 
      <bom:name> xs:normalizedString </bom:name> [0..1] 
      <bom:version> xs:normalizedString </bom:version> [0..1] 
      <bom:hashes      > [0..1] 
         Start Sequence [0..*]
            <bom:hash> bom:hashType </bom:hash> [1]
         End Sequence
      </bom:hashes>
      <bom:externalReferences> bom:externalReferences </bom:externalReferences> [0..1] 
      Allow any elements from a namespace other than this schema's namespace (lax validation). [0..*]
   End Sequence
</...>
<xs:complexType name="toolType">
   <xs:sequence minOccurs="0" maxOccurs="1">
      <xs:element name="vendor" type="xs:normalizedString" minOccurs="0" maxOccurs="1"/>
      <xs:element name="name" type="xs:normalizedString" minOccurs="0" maxOccurs="1"/>
      <xs:element name="version" type="xs:normalizedString" minOccurs="0" maxOccurs="1"/>
      <xs:element name="hashes" minOccurs="0" maxOccurs="1">
         <xs:complexType>
            <xs:sequence minOccurs="0" maxOccurs="unbounded">
               <xs:element name="hash" type="bom:hashType"/>
            </xs:sequence>
         </xs:complexType>
      </xs:element>
      <xs:element name="externalReferences" type="bom:externalReferences" minOccurs="0" maxOccurs="1"/>
      <xs:any namespace="##other" processContents="lax" minOccurs="0" maxOccurs="unbounded"/>
   </xs:sequence>
   <xs:anyAttribute namespace="##other" processContents="lax"/>
</xs:complexType>

Complex Type: vulnerabilitiesType

Super-types:None
Sub-types:None
NamevulnerabilitiesType
Abstractno
No documentation provided.
<...
 Allow any attributes from any namespace (lax validation).
>
   Start Sequence [0..*]
      <bom:vulnerability> bom:vulnerabilityType </bom:vulnerability> [1] 
      Allow any elements from a namespace other than this schema's namespace (lax validation). [0..*]
   End Sequence
</...>
<xs:complexType name="vulnerabilitiesType">
   <xs:sequence minOccurs="0" maxOccurs="unbounded">
      <xs:element name="vulnerability" type="bom:vulnerabilityType"/>
      <xs:any namespace="##other" processContents="lax" minOccurs="0" maxOccurs="unbounded"/>
   </xs:sequence>
   <xs:anyAttribute namespace="##any" processContents="lax"/>
</xs:complexType>

Complex Type: vulnerabilitySourceType

Super-types:None
Sub-types:None
NamevulnerabilitySourceType
Abstractno
No documentation provided.
<...>
   Start Sequence [0..*]
      <bom:name> xs:normalizedString </bom:name> [0..1] 
      <bom:url> xs:anyURI </bom:url> [0..1] 
   End Sequence
</...>
<xs:complexType name="vulnerabilitySourceType">
   <xs:sequence minOccurs="0" maxOccurs="unbounded">
      <xs:element name="name" type="xs:normalizedString" minOccurs="0" maxOccurs="1"/>
      <xs:element name="url" type="xs:anyURI" minOccurs="0" maxOccurs="1"/>
   </xs:sequence>
</xs:complexType>

Complex Type: vulnerabilityType

Super-types:None
Sub-types:None
NamevulnerabilityType
Abstractno
No documentation provided.
<...
 bom-ref="bom:refType" [0..1] 
>
   Start Sequence [0..1]
      <bom:id> xs:normalizedString </bom:id> [0..1] 
      <bom:source> bom:vulnerabilitySourceType </bom:source> [0..1] 
      <bom:references      > [0..1]  
         Start Sequence [0..*]
            <bom:reference            > [1]  
               <bom:id> xs:normalizedString </bom:id> [0..1] 
               <bom:source> bom:vulnerabilitySourceType </bom:source> [0..1] 
            </bom:reference>
            Allow any elements from a namespace other than this schema's namespace (lax validation). [0..*]
         End Sequence
      </bom:references>
      <bom:ratings      > [0..1]  
         <bom:rating> bom:ratingType </bom:rating> [0..*]
      </bom:ratings>
      <bom:cwes      > [0..1] 
         <bom:cwe> xs:integer </bom:cwe> [0..*]
      </bom:cwes>
      <bom:description> xs:string </bom:description> [0..1] 
      <bom:detail> xs:string </bom:detail> [0..1] 
      <bom:recommendation> xs:string </bom:recommendation> [0..1] 
      <bom:advisories      > [0..1] 
         <bom:advisory> bom:advisoryType </bom:advisory> [0..*]
      </bom:advisories>
      <bom:created> xs:dateTime </bom:created> [0..1] 
      <bom:published> xs:dateTime </bom:published> [0..1] 
      <bom:updated> xs:dateTime </bom:updated> [0..1] 
      <bom:credits      > [0..1]  
         <bom:organizations         > [0..1]  
            Start Sequence [0..*]
               <bom:organization> bom:organizationalEntity </bom:organization> [1]
            End Sequence
         </bom:organizations>
         <bom:individuals         > [0..1]  
            Start Sequence [0..*]
               <bom:individual> bom:organizationalContact </bom:individual> [1]
            End Sequence
         </bom:individuals>
      </bom:credits>
      <bom:tools      > [0..1]  
         Start Sequence [0..*]
            <bom:tool> bom:toolType </bom:tool> [0..1]
         End Sequence
      </bom:tools>
      <bom:analysis      > [0..1] 
         Start Sequence [0..1]
            <bom:state> bom:impactAnalysisStateType </bom:state> [0..1] 
            <bom:justification> bom:impactAnalysisJustificationType </bom:justification> [0..1] 
            <bom:responses            > [0..1]  
               Start Sequence [0..*]
                  <bom:response> bom:impactAnalysisResponsesType </bom:response> [1]
               End Sequence
            </bom:responses>
            <bom:detail> xs:string </bom:detail> [0..1] 
         End Sequence
      </bom:analysis>
      <bom:affects      > [0..1]  
         Start Sequence [0..*]
            <bom:target            > [1] 
               Start Sequence [0..1]
                  <bom:ref> bom:refType </bom:ref> [1] 
                  <bom:versions                  > [0..1]  
                     Start Sequence [0..*]
                        <bom:version                        > [1] 
                           Start Sequence [0..1]
                              Start Choice [1]
                                 <bom:version> xs:normalizedString </bom:version> [1] 
                                 <bom:range> xs:normalizedString </bom:range> [1] 
                              End Choice
                              <bom:status> bom:impactAnalysisAffectedStatusType </bom:status> [0..1] 
                           End Sequence
                        </bom:version>
                     End Sequence
                  </bom:versions>
               End Sequence
            </bom:target>
         End Sequence
      </bom:affects>
      <bom:properties> bom:propertiesType </bom:properties> [0..1] 
   End Sequence
</...>
<xs:complexType name="vulnerabilityType">
   <xs:sequence minOccurs="0" maxOccurs="1">
      <xs:element name="id" type="xs:normalizedString" minOccurs="0" maxOccurs="1"/>
      <xs:element name="source" type="bom:vulnerabilitySourceType" minOccurs="0" maxOccurs="1"/>
      <xs:element name="references" minOccurs="0" maxOccurs="1">
         <xs:complexType>
            <xs:sequence minOccurs="0" maxOccurs="unbounded">
               <xs:element name="reference">
                  <xs:complexType>
                     <xs:sequence minOccurs="1" maxOccurs="1">
                        <xs:element name="id" type="xs:normalizedString" minOccurs="0" maxOccurs="1"/>
                        <xs:element name="source" type="bom:vulnerabilitySourceType" minOccurs="0" maxOccurs="1"/>
                     </xs:sequence>
                  </xs:complexType>
               </xs:element>
               <xs:any namespace="##other" processContents="lax" minOccurs="0" maxOccurs="unbounded"/>
            </xs:sequence>
         </xs:complexType>
      </xs:element>
      <xs:element name="ratings" minOccurs="0" maxOccurs="1">
         <xs:complexType>
            <xs:sequence>
               <xs:element name="rating" type="bom:ratingType" minOccurs="0" maxOccurs="unbounded"/>
            </xs:sequence>
         </xs:complexType>
      </xs:element>
      <xs:element name="cwes" minOccurs="0" maxOccurs="1">
         <xs:complexType>
            <xs:sequence>
               <xs:element name="cwe" type="xs:integer" minOccurs="0" maxOccurs="unbounded"/>
            </xs:sequence>
         </xs:complexType>
      </xs:element>
      <xs:element name="description" type="xs:string" minOccurs="0" maxOccurs="1"/>
      <xs:element name="detail" type="xs:string" minOccurs="0" maxOccurs="1"/>
      <xs:element name="recommendation" type="xs:string" minOccurs="0" maxOccurs="1"/>
      <xs:element name="advisories" minOccurs="0" maxOccurs="1">
         <xs:complexType>
            <xs:sequence>
               <xs:element name="advisory" type="bom:advisoryType" minOccurs="0" maxOccurs="unbounded"/>
            </xs:sequence>
         </xs:complexType>
      </xs:element>
      <xs:element name="created" type="xs:dateTime" minOccurs="0" maxOccurs="1"/>
      <xs:element name="published" type="xs:dateTime" minOccurs="0" maxOccurs="1"/>
      <xs:element name="updated" type="xs:dateTime" minOccurs="0" maxOccurs="1"/>
      <xs:element name="credits" minOccurs="0" maxOccurs="1">
         <xs:complexType>
            <xs:sequence>
               <xs:element name="organizations" minOccurs="0" maxOccurs="1">
                  <xs:complexType>
                     <xs:sequence minOccurs="0" maxOccurs="unbounded">
                        <xs:element name="organization" type="bom:organizationalEntity"/>
                     </xs:sequence>
                  </xs:complexType>
               </xs:element>
               <xs:element name="individuals" minOccurs="0" maxOccurs="1">
                  <xs:complexType>
                     <xs:sequence minOccurs="0" maxOccurs="unbounded">
                        <xs:element name="individual" type="bom:organizationalContact"/>
                     </xs:sequence>
                  </xs:complexType>
               </xs:element>
            </xs:sequence>
         </xs:complexType>
      </xs:element>
      <xs:element name="tools" minOccurs="0" maxOccurs="1">
         <xs:complexType>
            <xs:sequence minOccurs="0" maxOccurs="unbounded">
               <xs:element name="tool" type="bom:toolType" minOccurs="0"/>
            </xs:sequence>
         </xs:complexType>
      </xs:element>
      <xs:element name="analysis" minOccurs="0" maxOccurs="1">
         <xs:complexType>
            <xs:sequence minOccurs="0" maxOccurs="1">
               <xs:element name="state" type="bom:impactAnalysisStateType" minOccurs="0" maxOccurs="1"/>
               <xs:element name="justification" type="bom:impactAnalysisJustificationType" minOccurs="0" maxOccurs="1"/>
               <xs:element name="responses" minOccurs="0" maxOccurs="1">
                  <xs:complexType>
                     <xs:sequence minOccurs="0" maxOccurs="unbounded">
                        <xs:element name="response" type="bom:impactAnalysisResponsesType"/>
                     </xs:sequence>
                  </xs:complexType>
               </xs:element>
               <xs:element name="detail" type="xs:string" minOccurs="0" maxOccurs="1"/>
            </xs:sequence>
         </xs:complexType>
      </xs:element>
      <xs:element name="affects" minOccurs="0" maxOccurs="1">
         <xs:complexType>
            <xs:sequence minOccurs="0" maxOccurs="unbounded">
               <xs:element name="target">
                  <xs:complexType>
                     <xs:sequence minOccurs="0" maxOccurs="1">
                        <xs:element name="ref" type="bom:refType" minOccurs="1" maxOccurs="1"/>
                        <xs:element name="versions" minOccurs="0" maxOccurs="1">
                           <xs:complexType>
                              <xs:sequence minOccurs="0" maxOccurs="unbounded">
                                 <xs:element name="version">
                                    <xs:complexType>
                                       <xs:sequence minOccurs="0" maxOccurs="1">
                                          <xs:choice>
                                             <xs:element name="version" type="xs:normalizedString" minOccurs="1" maxOccurs="1"/>
                                             <xs:element name="range" type="xs:normalizedString" minOccurs="1" maxOccurs="1"/>
                                          </xs:choice>
                                          <xs:element name="status" type="bom:impactAnalysisAffectedStatusType" minOccurs="0" maxOccurs="1" default="affected"/>
                                       </xs:sequence>
                                    </xs:complexType>
                                 </xs:element>
                              </xs:sequence>
                           </xs:complexType>
                        </xs:element>
                     </xs:sequence>
                  </xs:complexType>
               </xs:element>
            </xs:sequence>
         </xs:complexType>
      </xs:element>
      <xs:element name="properties" type="bom:propertiesType" minOccurs="0" maxOccurs="1"/>
   </xs:sequence>
   <xs:attribute name="bom-ref" type="bom:refType"/>
</xs:complexType>

Simple Type: aggregateType

Super-types:xs:string < aggregateType (by restriction)
Sub-types:None
NameaggregateType
Content
  • Base XSD Type: string
  • value comes from list: { 'complete'| 'incomplete'| 'incomplete_first_party_only'| 'incomplete_third_party_only'| 'unknown'| 'not_specified'}
No documentation provided.
<xs:simpleType name="aggregateType">
   <xs:restriction base="xs:string">
      <xs:enumeration value="complete"/>
      <xs:enumeration value="incomplete"/>
      <xs:enumeration value="incomplete_first_party_only"/>
      <xs:enumeration value="incomplete_third_party_only"/>
      <xs:enumeration value="unknown"/>
      <xs:enumeration value="not_specified"/>
   </xs:restriction>
</xs:simpleType>

Simple Type: classification

Super-types:xs:string < classification (by restriction)
Sub-types:None
Nameclassification
Content
  • Base XSD Type: string
  • value comes from list: { 'application'| 'framework'| 'library'| 'container'| 'operating-system'| 'device'| 'firmware'| 'file'}
No documentation provided.
<xs:simpleType name="classification">
   <xs:restriction base="xs:string">
      <xs:enumeration value="application"/>
      <xs:enumeration value="framework"/>
      <xs:enumeration value="library"/>
      <xs:enumeration value="container"/>
      <xs:enumeration value="operating-system"/>
      <xs:enumeration value="device"/>
      <xs:enumeration value="firmware"/>
      <xs:enumeration value="file"/>
   </xs:restriction>
</xs:simpleType>

Simple Type: cpe

Super-types:xs:string < cpe (by restriction)
Sub-types:None
Namecpe
Content
  • Base XSD Type: string
  • pattern = ([c][pP][eE]:/[AHOaho]?(:[A-Za-z0-9\._\-~%]*){0,6})|(cpe:2\.3:[aho\*\-](:(((\?*|\*?)([a-zA-Z0-9\-\._]|(\\[\\\*\?!"#$$%&'\(\)\+,/:;<=>@\[\]\^`\{\|}~]))+(\?*|\*?))|[\*\-])){5}(:(([a-zA-Z]{2,3}(-([a-zA-Z]{2}|[0-9]{3}))?)|[\*\-]))(:(((\?*|\*?)([a-zA-Z0-9\-\._]|(\\[\\\*\?!"#$$%&'\(\)\+,/:;<=>@\[\]\^`\{\|}~]))+(\?*|\*?))|[\*\-])){4})

Define the format for acceptable CPE URIs. Supports CPE 2.2 and CPE 2.3 formats. Refer to https://nvd.nist.gov/products/cpe for official specification.

<xs:simpleType name="cpe">
   <xs:restriction base="xs:string">
      <xs:pattern value="([c][pP][eE]:/[AHOaho]?(:[A-Za-z0-9\._\-~%]*){0,6})|(cpe:2\.3:[aho\*\-](:(((\?*|\*?)([a-zA-Z0-9\-\._]|(\\[\\\*\?!"#$$%&'\(\)\+,/:;<=>@\[\]\^`\{\|}~]))+(\?*|\*?))|[\*\-])){5}(:(([a-zA-Z]{2,3}(-([a-zA-Z]{2}|[0-9]{3}))?)|[\*\-]))(:(((\?*|\*?)([a-zA-Z0-9\-\._]|(\\[\\\*\?!"#$$%&'\(\)\+,/:;<=>@\[\]\^`\{\|}~]))+(\?*|\*?))|[\*\-])){4})"/>
   </xs:restriction>
</xs:simpleType>

Simple Type: dataFlowType

Super-types:xs:string < dataFlowType (by restriction)
Sub-types:None
NamedataFlowType
Content
  • Base XSD Type: string
  • value comes from list: {'inbound'|'outbound'|'bi-directional'|'unknown'}

Specifies the flow direction of the data. Valid values are: inbound, outbound, bi-directional, and unknown. Direction is relative to the service. Inbound flow states that data enters the service. Outbound flow states that data leaves the service. Bi-directional states that data flows both ways, and unknown states that the direction is not known.

<xs:simpleType name="dataFlowType">
   <xs:restriction base="xs:string">
      <xs:enumeration value="inbound"/>
      <xs:enumeration value="outbound"/>
      <xs:enumeration value="bi-directional"/>
      <xs:enumeration value="unknown"/>
   </xs:restriction>
</xs:simpleType>

Simple Type: encoding

Super-types:xs:string < encoding (by restriction)
Sub-types:None
Nameencoding
Content
  • Base XSD Type: string
  • value comes from list: {'base64'}
No documentation provided.
<xs:simpleType name="encoding">
   <xs:restriction base="xs:string">
      <xs:enumeration value="base64"/>
   </xs:restriction>
</xs:simpleType>

Simple Type: externalReferenceType

Super-types:xs:string < externalReferenceType (by restriction)
Sub-types:None
NameexternalReferenceType
Content
  • Base XSD Type: string
  • value comes from list: { 'vcs'| 'issue-tracker'| 'website'| 'advisories'| 'bom'| 'mailing-list'| 'social'| 'chat'| 'documentation'| 'support'| 'distribution'| 'license'| 'build-meta'| 'build-system'| 'release-notes'| 'other'}
No documentation provided.
<xs:simpleType name="externalReferenceType">
   <xs:restriction base="xs:string">
      <xs:enumeration value="vcs"/>
      <xs:enumeration value="issue-tracker"/>
      <xs:enumeration value="website"/>
      <xs:enumeration value="advisories"/>
      <xs:enumeration value="bom"/>
      <xs:enumeration value="mailing-list"/>
      <xs:enumeration value="social"/>
      <xs:enumeration value="chat"/>
      <xs:enumeration value="documentation"/>
      <xs:enumeration value="support"/>
      <xs:enumeration value="distribution"/>
      <xs:enumeration value="license"/>
      <xs:enumeration value="build-meta"/>
      <xs:enumeration value="build-system"/>
      <xs:enumeration value="release-notes"/>
      <xs:enumeration value="other"/>
   </xs:restriction>
</xs:simpleType>

Simple Type: hashAlg

Super-types:xs:string < hashAlg (by restriction)
Sub-types:None
NamehashAlg
Content
  • Base XSD Type: string
  • value comes from list: { 'MD5'| 'SHA-1'| 'SHA-256'| 'SHA-384'| 'SHA-512'| 'SHA3-256'| 'SHA3-384'| 'SHA3-512'| 'BLAKE2b-256'| 'BLAKE2b-384'| 'BLAKE2b-512'| 'BLAKE3'}
No documentation provided.
<xs:simpleType name="hashAlg">
   <xs:restriction base="xs:string">
      <xs:enumeration value="MD5"/>
      <xs:enumeration value="SHA-1"/>
      <xs:enumeration value="SHA-256"/>
      <xs:enumeration value="SHA-384"/>
      <xs:enumeration value="SHA-512"/>
      <xs:enumeration value="SHA3-256"/>
      <xs:enumeration value="SHA3-384"/>
      <xs:enumeration value="SHA3-512"/>
      <xs:enumeration value="BLAKE2b-256"/>
      <xs:enumeration value="BLAKE2b-384"/>
      <xs:enumeration value="BLAKE2b-512"/>
      <xs:enumeration value="BLAKE3"/>
   </xs:restriction>
</xs:simpleType>

Simple Type: hashValue

Super-types:xs:token < hashValue (by restriction)
Sub-types:
NamehashValue
Content
  • Base XSD Type: token
  • pattern = ([a-fA-F0-9]{32})|([a-fA-F0-9]{40})|([a-fA-F0-9]{64})|([a-fA-F0-9]{96})|([a-fA-F0-9]{128})
No documentation provided.
<xs:simpleType name="hashValue">
   <xs:restriction base="xs:token">
      <xs:pattern value="([a-fA-F0-9]{32})|([a-fA-F0-9]{40})|([a-fA-F0-9]{64})|([a-fA-F0-9]{96})|([a-fA-F0-9]{128})"/>
   </xs:restriction>
</xs:simpleType>

Simple Type: impactAnalysisAffectedStatusType

Super-types:xs:string < impactAnalysisAffectedStatusType (by restriction)
Sub-types:None
NameimpactAnalysisAffectedStatusType
Content
  • Base XSD Type: string
  • value comes from list: {'affected'|'unaffected'|'unknown'}
Prohibited Derivationsrestriction

The vulnerability status of a given version or range of versions of a product. The statuses 'affected' and 'unaffected' indicate that the version is affected or unaffected by the vulnerability. The status 'unknown' indicates that it is unknown or unspecified whether the given version is affected. There can be many reasons for an 'unknown' status, including that an investigation has not been undertaken or that a vendor has not disclosed the status.

<xs:simpleType name="impactAnalysisAffectedStatusType" final="restriction">
   <xs:restriction base="xs:string">
      <xs:enumeration value="affected"/>
      <xs:enumeration value="unaffected"/>
      <xs:enumeration value="unknown"/>
   </xs:restriction>
</xs:simpleType>

Simple Type: impactAnalysisJustificationType

Super-types:xs:string < impactAnalysisJustificationType (by restriction)
Sub-types:None
NameimpactAnalysisJustificationType
Content
  • Base XSD Type: string
  • value comes from list: { 'code_not_present'| 'code_not_reachable'| 'requires_configuration'| 'requires_dependency'| 'requires_environment'| 'protected_by_compiler'| 'protected_at_runtime'| 'protected_at_perimeter'| 'protected_by_mitigating_control'}
Prohibited Derivationsrestriction

The rationale of why the impact analysis state was asserted.

<xs:simpleType name="impactAnalysisJustificationType" final="restriction">
   <xs:restriction base="xs:string">
      <xs:enumeration value="code_not_present"/>
      <xs:enumeration value="code_not_reachable"/>
      <xs:enumeration value="requires_configuration"/>
      <xs:enumeration value="requires_dependency"/>
      <xs:enumeration value="requires_environment"/>
      <xs:enumeration value="protected_by_compiler"/>
      <xs:enumeration value="protected_at_runtime"/>
      <xs:enumeration value="protected_at_perimeter"/>
      <xs:enumeration value="protected_by_mitigating_control"/>
   </xs:restriction>
</xs:simpleType>

Simple Type: impactAnalysisResponsesType

Super-types:xs:string < impactAnalysisResponsesType (by restriction)
Sub-types:None
NameimpactAnalysisResponsesType
Content
  • Base XSD Type: string
  • value comes from list: {'can_not_fix'|'will_not_fix'|'update'|'rollback'|'workaround_available'}
Prohibited Derivationsrestriction

The rationale of why the impact analysis state was asserted.

<xs:simpleType name="impactAnalysisResponsesType" final="restriction">
   <xs:restriction base="xs:string">
      <xs:enumeration value="can_not_fix"/>
      <xs:enumeration value="will_not_fix"/>
      <xs:enumeration value="update"/>
      <xs:enumeration value="rollback"/>
      <xs:enumeration value="workaround_available"/>
   </xs:restriction>
</xs:simpleType>

Simple Type: impactAnalysisStateType

Super-types:xs:string < impactAnalysisStateType (by restriction)
Sub-types:None
NameimpactAnalysisStateType
Content
  • Base XSD Type: string
  • value comes from list: { 'resolved'| 'resolved_with_pedigree'| 'exploitable'| 'in_triage'| 'false_positive'| 'not_affected'}
Prohibited Derivationsrestriction

Declares the current state of an occurrence of a vulnerability, after automated or manual analysis.

<xs:simpleType name="impactAnalysisStateType" final="restriction">
   <xs:restriction base="xs:string">
      <xs:enumeration value="resolved"/>
      <xs:enumeration value="resolved_with_pedigree"/>
      <xs:enumeration value="exploitable"/>
      <xs:enumeration value="in_triage"/>
      <xs:enumeration value="false_positive"/>
      <xs:enumeration value="not_affected"/>
   </xs:restriction>
</xs:simpleType>

Simple Type: issueClassification

Super-types:xs:string < issueClassification (by restriction)
Sub-types:None
NameissueClassification
Content
  • Base XSD Type: string
  • value comes from list: {'defect'|'enhancement'|'security'}
No documentation provided.
<xs:simpleType name="issueClassification">
   <xs:restriction base="xs:string">
      <xs:enumeration value="defect"/>
      <xs:enumeration value="enhancement"/>
      <xs:enumeration value="security"/>
   </xs:restriction>
</xs:simpleType>

Simple Type: localeType

Super-types:xs:string < localeType (by restriction)
Sub-types:None
NamelocaleType
Content
  • Base XSD Type: string
  • pattern = ([a-z]{2})(-[A-Z]{2})?

Defines a syntax for representing two character language code (ISO-639) followed by an optional two character country code. The language code MUST be lower case. If the country code is specified, the country code MUST be upper case. The language code and country code MUST be separated by a minus sign. Examples: en, en-US, fr, fr-CA

<xs:simpleType name="localeType">
   <xs:restriction base="xs:string">
      <xs:pattern value="([a-z]{2})(-[A-Z]{2})?"/>
   </xs:restriction>
</xs:simpleType>

Simple Type: mimeType

Super-types:xs:token < mimeType (by restriction)
Sub-types:None
NamemimeType
Content
  • Base XSD Type: token
  • pattern = [-+a-z0-9.]+/[-+a-z0-9.]+
No documentation provided.
<xs:simpleType name="mimeType">
   <xs:restriction base="xs:token">
      <xs:pattern value="[-+a-z0-9.]+/[-+a-z0-9.]+"/>
   </xs:restriction>
</xs:simpleType>

Simple Type: patchClassification

Super-types:xs:string < patchClassification (by restriction)
Sub-types:None
NamepatchClassification
Content
  • Base XSD Type: string
  • value comes from list: {'unofficial'|'monkey'|'backport'|'cherry-pick'}
No documentation provided.
<xs:simpleType name="patchClassification">
   <xs:restriction base="xs:string">
      <xs:enumeration value="unofficial"/>
      <xs:enumeration value="monkey"/>
      <xs:enumeration value="backport"/>
      <xs:enumeration value="cherry-pick"/>
   </xs:restriction>
</xs:simpleType>

Simple Type: refType

Super-types:xs:string < refType (by restriction)
Sub-types:None
NamerefType
Content
  • Base XSD Type: string

Identifier-DataType for interlinked elements.

<xs:simpleType name="refType">
   <xs:restriction base="xs:string"/>
</xs:simpleType>

Simple Type: scope

Super-types:xs:string < scope (by restriction)
Sub-types:None
Namescope
Content
  • Base XSD Type: string
  • value comes from list: {'required'|'optional'|'excluded'}
No documentation provided.
<xs:simpleType name="scope">
   <xs:restriction base="xs:string">
      <xs:enumeration value="required"/>
      <xs:enumeration value="optional"/>
      <xs:enumeration value="excluded"/>
   </xs:restriction>
</xs:simpleType>

Simple Type: scoreSourceType

Super-types:xs:string < scoreSourceType (by restriction)
Sub-types:None
NamescoreSourceType
Content
  • Base XSD Type: string
  • value comes from list: {'CVSSv2'|'CVSSv3'|'CVSSv31'|'OWASP'|'other'}
Prohibited Derivationsrestriction

Specifies the severity or risk scoring methodology or standard used.

<xs:simpleType name="scoreSourceType" final="restriction">
   <xs:restriction base="xs:string">
      <xs:enumeration value="CVSSv2"/>
      <xs:enumeration value="CVSSv3"/>
      <xs:enumeration value="CVSSv31"/>
      <xs:enumeration value="OWASP"/>
      <xs:enumeration value="other"/>
   </xs:restriction>
</xs:simpleType>

Simple Type: severityType

Super-types:xs:string < severityType (by restriction)
Sub-types:None
NameseverityType
Content
  • Base XSD Type: string
  • value comes from list: { 'critical'| 'high'| 'medium'| 'low'| 'info'| 'none'| 'unknown'}
Prohibited Derivationsrestriction

Textual representation of the severity of the vulnerability adopted by the analysis method. If the analysis method uses values other than what is provided, the user is expected to translate appropriately.

<xs:simpleType name="severityType" final="restriction">
   <xs:restriction base="xs:string">
      <xs:enumeration value="critical"/>
      <xs:enumeration value="high"/>
      <xs:enumeration value="medium"/>
      <xs:enumeration value="low"/>
      <xs:enumeration value="info"/>
      <xs:enumeration value="none"/>
      <xs:enumeration value="unknown"/>
   </xs:restriction>
</xs:simpleType>

Simple Type: urnUuid

Super-types:xs:string < urnUuid (by restriction)
Sub-types:None
NameurnUuid
Content
  • Base XSD Type: string
  • pattern = urn:uuid:([0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12})|(\{[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}\})

Defines a string representation of a UUID conforming to RFC 4122.

<xs:simpleType name="urnUuid">
   <xs:restriction base="xs:string">
      <xs:pattern value="urn:uuid:([0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12})|(\{[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}\})"/>
   </xs:restriction>
</xs:simpleType>

Glossary

Abstract (Applies to complex type definitions and element declarations). An abstract element or complex type cannot used to validate an element instance. If there is a reference to an abstract element, only element declarations that can substitute the abstract element can be used to validate the instance. For references to abstract type definitions, only derived types can be used.

All Model Group Child elements can be provided in any order in instances. See: http://www.w3.org/TR/xmlschema-1/#element-all.

Choice Model Group Only one from the list of child elements and model groups can be provided in instances. See: http://www.w3.org/TR/xmlschema-1/#element-choice.

Collapse Whitespace Policy Replace tab, line feed, and carriage return characters with space character (Unicode character 32). Then, collapse contiguous sequences of space characters into single space character, and remove leading and trailing space characters.

Disallowed Substitutions (Applies to element declarations). If substitution is specified, then substitution group members cannot be used in place of the given element declaration to validate element instances. If derivation methods, e.g. extension, restriction, are specified, then the given element declaration will not validate element instances that have types derived from the element declaration's type using the specified derivation methods. Normally, element instances can override their declaration's type by specifying an xsi:type attribute.

Key Constraint Like Uniqueness Constraint, but additionally requires that the specified value(s) must be provided. See: http://www.w3.org/TR/xmlschema-1/#cIdentity-constraint_Definitions.

Key Reference Constraint Ensures that the specified value(s) must match value(s) from a Key Constraint or Uniqueness Constraint. See: http://www.w3.org/TR/xmlschema-1/#cIdentity-constraint_Definitions.

Model Group Groups together element content, specifying the order in which the element content can occur and the number of times the group of element content may be repeated. See: http://www.w3.org/TR/xmlschema-1/#Model_Groups.

Nillable (Applies to element declarations). If an element declaration is nillable, instances can use the xsi:nil attribute. The xsi:nil attribute is the boolean attribute, nil, from the http://www.w3.org/2001/XMLSchema-instance namespace. If an element instance has an xsi:nil attribute set to true, it can be left empty, even though its element declaration may have required content.

Notation A notation is used to identify the format of a piece of data. Values of elements and attributes that are of type, NOTATION, must come from the names of declared notations. See: http://www.w3.org/TR/xmlschema-1/#cNotation_Declarations.

Preserve Whitespace Policy Preserve whitespaces exactly as they appear in instances.

Prohibited Derivations (Applies to type definitions). Derivation methods that cannot be used to create sub-types from a given type definition.

Prohibited Substitutions (Applies to complex type definitions). Prevents sub-types that have been derived using the specified derivation methods from validating element instances in place of the given type definition.

Replace Whitespace Policy Replace tab, line feed, and carriage return characters with space character (Unicode character 32).

Sequence Model Group Child elements and model groups must be provided in the specified order in instances. See: http://www.w3.org/TR/xmlschema-1/#element-sequence.

Substitution Group Elements that are members of a substitution group can be used wherever the head element of the substitution group is referenced.

Substitution Group Exclusions (Applies to element declarations). Prohibits element declarations from nominating themselves as being able to substitute a given element declaration, if they have types that are derived from the original element's type using the specified derivation methods.

Target Namespace The target namespace identifies the namespace that components in this schema belongs to. If no target namespace is provided, then the schema components do not belong to any namespace.

Uniqueness Constraint Ensures uniqueness of an element/attribute value, or a combination of values, within a specified scope. See: http://www.w3.org/TR/xmlschema-1/#cIdentity-constraint_Definitions.