@appthreat/cdx-proto
Version:
Library to serialize/deserialize CycloneDX BOM with protocol buffers
1,355 lines (1,354 loc) • 197 kB
TypeScript
import type { BinaryReadOptions, FieldList, JsonReadOptions, JsonValue, PartialMessage, PlainMessage } from "@bufbuild/protobuf";
import { Message, proto3, Timestamp } from "@bufbuild/protobuf";
/**
* @generated from enum cyclonedx.v1_5.Classification
*/
export declare enum Classification {
/**
* @generated from enum value: CLASSIFICATION_NULL = 0;
*/
NULL = 0,
/**
* A software application. Refer to https://en.wikipedia.org/wiki/Application_software for information about applications.
*
* @generated from enum value: CLASSIFICATION_APPLICATION = 1;
*/
APPLICATION = 1,
/**
* A software framework. Refer to https://en.wikipedia.org/wiki/Software_framework for information on how frameworks vary slightly from libraries.
*
* @generated from enum value: CLASSIFICATION_FRAMEWORK = 2;
*/
FRAMEWORK = 2,
/**
* A software library. Refer to https://en.wikipedia.org/wiki/Library_(computing) for information about libraries. All third-party and open source reusable components will likely be a library. If the library also has key features of a framework, then it should be classified as a framework. If not, or is unknown, then specifying library is recommended.
*
* @generated from enum value: CLASSIFICATION_LIBRARY = 3;
*/
LIBRARY = 3,
/**
* A software operating system without regard to deployment model (i.e. installed on physical hardware, virtual machine, image, etc) Refer to https://en.wikipedia.org/wiki/Operating_system
*
* @generated from enum value: CLASSIFICATION_OPERATING_SYSTEM = 4;
*/
OPERATING_SYSTEM = 4,
/**
* A hardware device such as a processor, or chip-set. A hardware device containing firmware should include a component for the physical hardware itself, and another component of type 'firmware' or 'operating-system' (whichever is relevant), describing information about the software running on the device. See also the list of known device properties: https://github.com/CycloneDX/cyclonedx-property-taxonomy/blob/main/cdx/device.md
*
* @generated from enum value: CLASSIFICATION_DEVICE = 5;
*/
DEVICE = 5,
/**
* A computer file. Refer to https://en.wikipedia.org/wiki/Computer_file for information about files.
*
* @generated from enum value: CLASSIFICATION_FILE = 6;
*/
FILE = 6,
/**
* A packaging and/or runtime format, not specific to any particular technology, which isolates software inside the container from software outside of a container through virtualization technology. Refer to https://en.wikipedia.org/wiki/OS-level_virtualization
*
* @generated from enum value: CLASSIFICATION_CONTAINER = 7;
*/
CONTAINER = 7,
/**
* A special type of software that provides low-level control over a devices hardware. Refer to https://en.wikipedia.org/wiki/Firmware
*
* @generated from enum value: CLASSIFICATION_FIRMWARE = 8;
*/
FIRMWARE = 8,
/**
* A special type of software that operates or controls a particular type of device. Refer to https://en.wikipedia.org/wiki/Device_driver
*
* @generated from enum value: CLASSIFICATION_DEVICE_DRIVER = 9;
*/
DEVICE_DRIVER = 9,
/**
* A runtime environment which interprets or executes software. This may include runtimes such as those that execute bytecode or low-code/no-code application platforms.
*
* @generated from enum value: CLASSIFICATION_PLATFORM = 10;
*/
PLATFORM = 10,
/**
* A model based on training data that can make predictions or decisions without being explicitly programmed to do so.
*
* @generated from enum value: CLASSIFICATION_MACHINE_LEARNING_MODEL = 11;
*/
MACHINE_LEARNING_MODEL = 11,
/**
* A collection of discrete values that convey information.
*
* @generated from enum value: CLASSIFICATION_DATA = 12;
*/
DATA = 12
}
/**
* Specifies the flow direction of the data. Valid values are: inbound, outbound, bi-directional, and unknown. Direction is relative to the service. Inbound flow states that data enters the service. Outbound flow states that data leaves the service. Bi-directional states that data flows both ways, and unknown states that the direction is not known.
*
* @generated from enum cyclonedx.v1_5.DataFlowDirection
*/
export declare enum DataFlowDirection {
/**
* @generated from enum value: DATA_FLOW_NULL = 0;
*/
DATA_FLOW_NULL = 0,
/**
* @generated from enum value: DATA_FLOW_INBOUND = 1;
*/
DATA_FLOW_INBOUND = 1,
/**
* @generated from enum value: DATA_FLOW_OUTBOUND = 2;
*/
DATA_FLOW_OUTBOUND = 2,
/**
* @generated from enum value: DATA_FLOW_BI_DIRECTIONAL = 3;
*/
DATA_FLOW_BI_DIRECTIONAL = 3,
/**
* @generated from enum value: DATA_FLOW_UNKNOWN = 4;
*/
DATA_FLOW_UNKNOWN = 4
}
/**
* @generated from enum cyclonedx.v1_5.ExternalReferenceType
*/
export declare enum ExternalReferenceType {
/**
* Use this if no other types accurately describe the purpose of the external reference
*
* @generated from enum value: EXTERNAL_REFERENCE_TYPE_OTHER = 0;
*/
OTHER = 0,
/**
* Version Control System
*
* @generated from enum value: EXTERNAL_REFERENCE_TYPE_VCS = 1;
*/
VCS = 1,
/**
* Issue or defect tracking system, or an Application Lifecycle Management (ALM) system
*
* @generated from enum value: EXTERNAL_REFERENCE_TYPE_ISSUE_TRACKER = 2;
*/
ISSUE_TRACKER = 2,
/**
* Website
*
* @generated from enum value: EXTERNAL_REFERENCE_TYPE_WEBSITE = 3;
*/
WEBSITE = 3,
/**
* Security advisories
*
* @generated from enum value: EXTERNAL_REFERENCE_TYPE_ADVISORIES = 4;
*/
ADVISORIES = 4,
/**
* Bill-of-material document (CycloneDX, SPDX, SWID, etc)
*
* @generated from enum value: EXTERNAL_REFERENCE_TYPE_BOM = 5;
*/
BOM = 5,
/**
* Mailing list or discussion group
*
* @generated from enum value: EXTERNAL_REFERENCE_TYPE_MAILING_LIST = 6;
*/
MAILING_LIST = 6,
/**
* Social media account
*
* @generated from enum value: EXTERNAL_REFERENCE_TYPE_SOCIAL = 7;
*/
SOCIAL = 7,
/**
* Real-time chat platform
*
* @generated from enum value: EXTERNAL_REFERENCE_TYPE_CHAT = 8;
*/
CHAT = 8,
/**
* Documentation, guides, or how-to instructions
*
* @generated from enum value: EXTERNAL_REFERENCE_TYPE_DOCUMENTATION = 9;
*/
DOCUMENTATION = 9,
/**
* Community or commercial support
*
* @generated from enum value: EXTERNAL_REFERENCE_TYPE_SUPPORT = 10;
*/
SUPPORT = 10,
/**
* Direct or repository download location
*
* @generated from enum value: EXTERNAL_REFERENCE_TYPE_DISTRIBUTION = 11;
*/
DISTRIBUTION = 11,
/**
* The URL to the license file. If a license URL has been defined in the license node, it should also be defined as an external reference for completeness
*
* @generated from enum value: EXTERNAL_REFERENCE_TYPE_LICENSE = 12;
*/
LICENSE = 12,
/**
* Build-system specific meta file (i.e. pom.xml, package.json, .nuspec, etc)
*
* @generated from enum value: EXTERNAL_REFERENCE_TYPE_BUILD_META = 13;
*/
BUILD_META = 13,
/**
* URL to an automated build system
*
* @generated from enum value: EXTERNAL_REFERENCE_TYPE_BUILD_SYSTEM = 14;
*/
BUILD_SYSTEM = 14,
/**
* Specifies a way to contact the maintainer, supplier, or provider in the event of a security incident. Common URIs include links to a disclosure procedure, a mailto (RFC-2368) that specifies an email address, a tel (RFC-3966) that specifies a phone number, or dns (RFC-4501]) that specifies the records containing DNS Security TXT.
*
* @generated from enum value: EXTERNAL_REFERENCE_TYPE_SECURITY_CONTACT = 15;
*/
SECURITY_CONTACT = 15,
/**
* Human or machine-readable statements containing facts, evidence, or testimony
*
* @generated from enum value: EXTERNAL_REFERENCE_TYPE_ATTESTATION = 16;
*/
ATTESTATION = 16,
/**
* An enumeration of identified weaknesses, threats, and countermeasures, dataflow diagram (DFD), attack tree, and other supporting documentation in human-readable or machine-readable format
*
* @generated from enum value: EXTERNAL_REFERENCE_TYPE_THREAT_MODEL = 17;
*/
THREAT_MODEL = 17,
/**
* The defined assumptions, goals, and capabilities of an adversary.
*
* @generated from enum value: EXTERNAL_REFERENCE_TYPE_ADVERSARY_MODEL = 18;
*/
ADVERSARY_MODEL = 18,
/**
* Identifies and analyzes the potential of future events that may negatively impact individuals, assets, and/or the environment. Risk assessments may also include judgments on the tolerability of each risk.
*
* @generated from enum value: EXTERNAL_REFERENCE_TYPE_RISK_ASSESSMENT = 19;
*/
RISK_ASSESSMENT = 19,
/**
* The location where a component was published to. This is often the same as "distribution" but may also include specialized publishing processes that act as an intermediary
*
* @generated from enum value: EXTERNAL_REFERENCE_TYPE_DISTRIBUTION_INTAKE = 20;
*/
DISTRIBUTION_INTAKE = 20,
/**
* A Vulnerability Disclosure Report (VDR) which asserts the known and previously unknown vulnerabilities that affect a component, service, or product including the analysis and findings describing the impact (or lack of impact) that the reported vulnerability has on a component, service, or product
*
* @generated from enum value: EXTERNAL_REFERENCE_TYPE_VULNERABILITY_ASSERTION = 21;
*/
VULNERABILITY_ASSERTION = 21,
/**
* A Vulnerability Exploitability eXchange (VEX) which asserts the known vulnerabilities that do not affect a product, product family, or organization, and optionally the ones that do. The VEX should include the analysis and findings describing the impact (or lack of impact) that the reported vulnerability has on the product, product family, or organization
*
* @generated from enum value: EXTERNAL_REFERENCE_TYPE_EXPLOITABILITY_STATEMENT = 22;
*/
EXPLOITABILITY_STATEMENT = 22,
/**
* Results from an authorized simulated cyberattack on a component or service, otherwise known as a penetration test
*
* @generated from enum value: EXTERNAL_REFERENCE_TYPE_PENTEST_REPORT = 23;
*/
PENTEST_REPORT = 23,
/**
* SARIF or proprietary machine or human-readable report for which static analysis has identified code quality, security, and other potential issues with the source code
*
* @generated from enum value: EXTERNAL_REFERENCE_TYPE_STATIC_ANALYSIS_REPORT = 24;
*/
STATIC_ANALYSIS_REPORT = 24,
/**
* Dynamic analysis report that has identified issues such as vulnerabilities and misconfigurations
*
* @generated from enum value: EXTERNAL_REFERENCE_TYPE_DYNAMIC_ANALYSIS_REPORT = 25;
*/
DYNAMIC_ANALYSIS_REPORT = 25,
/**
* Report generated by analyzing the call stack of a running application
*
* @generated from enum value: EXTERNAL_REFERENCE_TYPE_RUNTIME_ANALYSIS_REPORT = 26;
*/
RUNTIME_ANALYSIS_REPORT = 26,
/**
* Report generated by Software Composition Analysis (SCA), container analysis, or other forms of component analysis
*
* @generated from enum value: EXTERNAL_REFERENCE_TYPE_COMPONENT_ANALYSIS_REPORT = 27;
*/
COMPONENT_ANALYSIS_REPORT = 27,
/**
* Report containing a formal assessment of an organization, business unit, or team against a maturity model
*
* @generated from enum value: EXTERNAL_REFERENCE_TYPE_MATURITY_REPORT = 28;
*/
MATURITY_REPORT = 28,
/**
* Industry, regulatory, or other certification from an accredited (if applicable) certification body
*
* @generated from enum value: EXTERNAL_REFERENCE_TYPE_CERTIFICATION_REPORT = 29;
*/
CERTIFICATION_REPORT = 29,
/**
* Report or system in which quality metrics can be obtained
*
* @generated from enum value: EXTERNAL_REFERENCE_TYPE_QUALITY_METRICS = 30;
*/
QUALITY_METRICS = 30,
/**
* Code or configuration that defines and provisions virtualized infrastructure, commonly referred to as Infrastructure as Code (IaC)
*
* @generated from enum value: EXTERNAL_REFERENCE_TYPE_CODIFIED_INFRASTRUCTURE = 31;
*/
CODIFIED_INFRASTRUCTURE = 31,
/**
* A model card describes the intended uses of a machine learning model, potential limitations, biases, ethical considerations, training parameters, datasets used to train the model, performance metrics, and other relevant data useful for ML transparency.
*
* @generated from enum value: EXTERNAL_REFERENCE_TYPE_MODEL_CARD = 32;
*/
MODEL_CARD = 32,
/**
* Plans of Action and Milestones (POAM) compliment an "attestation" external reference. POAM is defined by NIST as a "document that identifies tasks needing to be accomplished. It details resources required to accomplish the elements of the plan, any milestones in meeting the tasks and scheduled completion dates for the milestones".
*
* @generated from enum value: EXTERNAL_REFERENCE_TYPE_POAM = 33;
*/
POAM = 33,
/**
* A record of events that occurred in a computer system or application, such as problems, errors, or information on current operations.
*
* @generated from enum value: EXTERNAL_REFERENCE_TYPE_LOG = 34;
*/
LOG = 34,
/**
* Parameters or settings that may be used by other components or services.
*
* @generated from enum value: EXTERNAL_REFERENCE_TYPE_CONFIGURATION = 35;
*/
CONFIGURATION = 35,
/**
* Information used to substantiate a claim.
*
* @generated from enum value: EXTERNAL_REFERENCE_TYPE_EVIDENCE = 36;
*/
EVIDENCE = 36,
/**
* Describes how a component or service was manufactured or deployed.
*
* @generated from enum value: EXTERNAL_REFERENCE_TYPE_FORMULATION = 37;
*/
FORMULATION = 37
}
/**
* @generated from enum cyclonedx.v1_5.HashAlg
*/
export declare enum HashAlg {
/**
* @generated from enum value: HASH_ALG_NULL = 0;
*/
NULL = 0,
/**
* @generated from enum value: HASH_ALG_MD_5 = 1;
*/
MD_5 = 1,
/**
* @generated from enum value: HASH_ALG_SHA_1 = 2;
*/
SHA_1 = 2,
/**
* @generated from enum value: HASH_ALG_SHA_256 = 3;
*/
SHA_256 = 3,
/**
* @generated from enum value: HASH_ALG_SHA_384 = 4;
*/
SHA_384 = 4,
/**
* @generated from enum value: HASH_ALG_SHA_512 = 5;
*/
SHA_512 = 5,
/**
* @generated from enum value: HASH_ALG_SHA_3_256 = 6;
*/
SHA_3_256 = 6,
/**
* @generated from enum value: HASH_ALG_SHA_3_384 = 7;
*/
SHA_3_384 = 7,
/**
* @generated from enum value: HASH_ALG_SHA_3_512 = 8;
*/
SHA_3_512 = 8,
/**
* @generated from enum value: HASH_ALG_BLAKE_2_B_256 = 9;
*/
BLAKE_2_B_256 = 9,
/**
* @generated from enum value: HASH_ALG_BLAKE_2_B_384 = 10;
*/
BLAKE_2_B_384 = 10,
/**
* @generated from enum value: HASH_ALG_BLAKE_2_B_512 = 11;
*/
BLAKE_2_B_512 = 11,
/**
* @generated from enum value: HASH_ALG_BLAKE_3 = 12;
*/
BLAKE_3 = 12
}
/**
* @generated from enum cyclonedx.v1_5.IssueClassification
*/
export declare enum IssueClassification {
/**
* @generated from enum value: ISSUE_CLASSIFICATION_NULL = 0;
*/
NULL = 0,
/**
* A fault, flaw, or bug in software
*
* @generated from enum value: ISSUE_CLASSIFICATION_DEFECT = 1;
*/
DEFECT = 1,
/**
* A new feature or behavior in software
*
* @generated from enum value: ISSUE_CLASSIFICATION_ENHANCEMENT = 2;
*/
ENHANCEMENT = 2,
/**
* A special type of defect which impacts security
*
* @generated from enum value: ISSUE_CLASSIFICATION_SECURITY = 3;
*/
SECURITY = 3
}
/**
* @generated from enum cyclonedx.v1_5.LicensingTypeEnum
*/
export declare enum LicensingTypeEnum {
/**
* @generated from enum value: LICENSING_TYPE_NULL = 0;
*/
LICENSING_TYPE_NULL = 0,
/**
* A license that grants use of software solely for the purpose of education or research.
*
* @generated from enum value: LICENSING_TYPE_ACADEMIC = 1;
*/
LICENSING_TYPE_ACADEMIC = 1,
/**
* A license covering use of software embedded in a specific piece of hardware.
*
* @generated from enum value: LICENSING_TYPE_APPLIANCE = 2;
*/
LICENSING_TYPE_APPLIANCE = 2,
/**
* A Client Access License (CAL) allows client computers to access services provided by server software.
*
* @generated from enum value: LICENSING_TYPE_CLIENT_ACCESS = 3;
*/
LICENSING_TYPE_CLIENT_ACCESS = 3,
/**
* A Concurrent User license (aka floating license) limits the number of licenses for a software application and licenses are shared among a larger number of users.
*
* @generated from enum value: LICENSING_TYPE_CONCURRENT_USER = 4;
*/
LICENSING_TYPE_CONCURRENT_USER = 4,
/**
* A license where the core of a computer's processor is assigned a specific number of points.
*
* @generated from enum value: LICENSING_TYPE_CORE_POINTS = 5;
*/
LICENSING_TYPE_CORE_POINTS = 5,
/**
* A license for which consumption is measured by non-standard metrics.
*
* @generated from enum value: LICENSING_TYPE_CUSTOM_METRIC = 6;
*/
LICENSING_TYPE_CUSTOM_METRIC = 6,
/**
* A license that covers a defined number of installations on computers and other types of devices.
*
* @generated from enum value: LICENSING_TYPE_DEVICE = 7;
*/
LICENSING_TYPE_DEVICE = 7,
/**
* A license that grants permission to install and use software for trial purposes.
*
* @generated from enum value: LICENSING_TYPE_EVALUATION = 8;
*/
LICENSING_TYPE_EVALUATION = 8,
/**
* A license that grants access to the software to one or more pre-defined users.
*
* @generated from enum value: LICENSING_TYPE_NAMED_USER = 9;
*/
LICENSING_TYPE_NAMED_USER = 9,
/**
* A license that grants access to the software on one or more pre-defined computers or devices.
*
* @generated from enum value: LICENSING_TYPE_NODE_LOCKED = 10;
*/
LICENSING_TYPE_NODE_LOCKED = 10,
/**
* An Original Equipment Manufacturer license that is delivered with hardware, cannot be transferred to other hardware, and is valid for the life of the hardware.
*
* @generated from enum value: LICENSING_TYPE_OEM = 11;
*/
LICENSING_TYPE_OEM = 11,
/**
* A license where the software is sold on a one-time basis and the licensee can use a copy of the software indefinitely.
*
* @generated from enum value: LICENSING_TYPE_PERPETUAL = 12;
*/
LICENSING_TYPE_PERPETUAL = 12,
/**
* A license where each installation consumes points per processor.
*
* @generated from enum value: LICENSING_TYPE_PROCESSOR_POINTS = 13;
*/
LICENSING_TYPE_PROCESSOR_POINTS = 13,
/**
* A license where the licensee pays a fee to use the software or service.
*
* @generated from enum value: LICENSING_TYPE_SUBSCRIPTION = 14;
*/
LICENSING_TYPE_SUBSCRIPTION = 14,
/**
* A license that grants access to the software or service by a specified number of users.
*
* @generated from enum value: LICENSING_TYPE_USER = 15;
*/
LICENSING_TYPE_USER = 15,
/**
* Another license type.
*
* @generated from enum value: LICENSING_TYPE_OTHER = 16;
*/
LICENSING_TYPE_OTHER = 16
}
/**
* @generated from enum cyclonedx.v1_5.LifecyclePhase
*/
export declare enum LifecyclePhase {
/**
* BOM produced early in the development lifecycle containing inventory of components and services that are proposed or planned to be used. The inventory may need to be procured, retrieved, or resourced prior to use.
*
* @generated from enum value: LIFECYCLE_PHASE_DESIGN = 0;
*/
DESIGN = 0,
/**
* BOM consisting of information obtained prior to a build process and may contain source files and development artifacts and manifests. The inventory may need to be resolved and retrieved prior to use.
*
* @generated from enum value: LIFECYCLE_PHASE_PRE_BUILD = 1;
*/
PRE_BUILD = 1,
/**
* BOM consisting of information obtained during a build process where component inventory is available for use. The precise versions of resolved components are usually available at this time as well as the provenance of where the components were retrieved from.
*
* @generated from enum value: LIFECYCLE_PHASE_BUILD = 2;
*/
BUILD = 2,
/**
* BOM consisting of information obtained after a build process has completed and the resulting components(s) are available for further analysis. Built components may exist as the result of a CI/CD process, may have been installed or deployed to a system or device, and may need to be retrieved or extracted from the system or device.
*
* @generated from enum value: LIFECYCLE_PHASE_POST_BUILD = 3;
*/
POST_BUILD = 3,
/**
* BOM produced that represents inventory that is running and operational. This may include staging or production environments and will generally encompass multiple SBOMs describing the applications and operating system, along with HBOMs describing the hardware that makes up the system. Operations Bill of Materials (OBOM) can provide full-stack inventory of runtime environments, configurations, and additional dependencies.
*
* @generated from enum value: LIFECYCLE_PHASE_OPERATIONS = 4;
*/
OPERATIONS = 4,
/**
* BOM consisting of information observed through network discovery providing point-in-time enumeration of embedded, on-premise, and cloud-native services such as server applications, connected devices, microservices, and serverless functions.
*
* @generated from enum value: LIFECYCLE_PHASE_DISCOVERY = 5;
*/
DISCOVERY = 5,
/**
* BOM containing inventory that will be, or has been retired from operations.
*
* @generated from enum value: LIFECYCLE_PHASE_DECOMMISSION = 6;
*/
DECOMMISSION = 6
}
/**
* @generated from enum cyclonedx.v1_5.PatchClassification
*/
export declare enum PatchClassification {
/**
* @generated from enum value: PATCH_CLASSIFICATION_NULL = 0;
*/
NULL = 0,
/**
* A patch which is not developed by the creators or maintainers of the software being patched. Refer to https://en.wikipedia.org/wiki/Unofficial_patch
*
* @generated from enum value: PATCH_CLASSIFICATION_UNOFFICIAL = 1;
*/
UNOFFICIAL = 1,
/**
* A patch which dynamically modifies runtime behavior. Refer to https://en.wikipedia.org/wiki/Monkey_patch
*
* @generated from enum value: PATCH_CLASSIFICATION_MONKEY = 2;
*/
MONKEY = 2,
/**
* A patch which takes code from a newer version of software and applies it to older versions of the same software. Refer to https://en.wikipedia.org/wiki/Backporting
*
* @generated from enum value: PATCH_CLASSIFICATION_BACKPORT = 3;
*/
BACKPORT = 3,
/**
* A patch created by selectively applying commits from other versions or branches of the same software.
*
* @generated from enum value: PATCH_CLASSIFICATION_CHERRY_PICK = 4;
*/
CHERRY_PICK = 4
}
/**
* @generated from enum cyclonedx.v1_5.Scope
*/
export declare enum Scope {
/**
* Default
*
* @generated from enum value: SCOPE_UNSPECIFIED = 0;
*/
UNSPECIFIED = 0,
/**
* The component is required for runtime
*
* @generated from enum value: SCOPE_REQUIRED = 1;
*/
REQUIRED = 1,
/**
* The component is optional at runtime. Optional components are components that are not capable of being called due to them not be installed or otherwise accessible by any means. Components that are installed but due to configuration or other restrictions are prohibited from being called must be scoped as 'required'.
*
* @generated from enum value: SCOPE_OPTIONAL = 2;
*/
OPTIONAL = 2,
/**
* Components that are excluded provide the ability to document component usage for test and other non-runtime purposes. Excluded components are not reachable within a call graph at runtime.
*
* @generated from enum value: SCOPE_EXCLUDED = 3;
*/
EXCLUDED = 3
}
/**
* @generated from enum cyclonedx.v1_5.Aggregate
*/
export declare enum Aggregate {
/**
* The relationship completeness is not specified.
*
* @generated from enum value: AGGREGATE_NOT_SPECIFIED = 0;
*/
NOT_SPECIFIED = 0,
/**
* The relationship is complete. No further relationships including constituent components, services, or dependencies are known to exist.
*
* @generated from enum value: AGGREGATE_COMPLETE = 1;
*/
COMPLETE = 1,
/**
* The relationship is incomplete. Additional relationships exist and may include constituent components, services, or dependencies.
*
* @generated from enum value: AGGREGATE_INCOMPLETE = 2;
*/
INCOMPLETE = 2,
/**
* The relationship is incomplete. Only relationships for first-party components, services, or their dependencies are represented.
*
* @generated from enum value: AGGREGATE_INCOMPLETE_FIRST_PARTY_ONLY = 3;
*/
INCOMPLETE_FIRST_PARTY_ONLY = 3,
/**
* The relationship is incomplete. Only relationships for third-party components, services, or their dependencies are represented.
*
* @generated from enum value: AGGREGATE_INCOMPLETE_THIRD_PARTY_ONLY = 4;
*/
INCOMPLETE_THIRD_PARTY_ONLY = 4,
/**
* The relationship may be complete or incomplete. This usually signifies a 'best-effort' to obtain constituent components, services, or dependencies but the completeness is inconclusive.
*
* @generated from enum value: AGGREGATE_UNKNOWN = 5;
*/
UNKNOWN = 5,
/**
* The relationship is incomplete. Only relationships for first-party components, services, or their dependencies are represented, limited specifically to those that are proprietary.
*
* @generated from enum value: AGGREGATE_INCOMPLETE_FIRST_PARTY_PROPRIETARY_ONLY = 6;
*/
INCOMPLETE_FIRST_PARTY_PROPRIETARY_ONLY = 6,
/**
* The relationship is incomplete. Only relationships for first-party components, services, or their dependencies are represented, limited specifically to those that are opensource.
*
* @generated from enum value: AGGREGATE_INCOMPLETE_FIRST_PARTY_OPENSOURCE_ONLY = 7;
*/
INCOMPLETE_FIRST_PARTY_OPENSOURCE_ONLY = 7,
/**
* The relationship is incomplete. Only relationships for third-party components, services, or their dependencies are represented, limited specifically to those that are proprietary.
*
* @generated from enum value: AGGREGATE_INCOMPLETE_THIRD_PARTY_PROPRIETARY_ONLY = 8;
*/
INCOMPLETE_THIRD_PARTY_PROPRIETARY_ONLY = 8,
/**
* The relationship is incomplete. Only relationships for third-party components, services, or their dependencies are represented, limited specifically to those that are opensource.
*
* @generated from enum value: AGGREGATE_INCOMPLETE_THIRD_PARTY_OPENSOURCE_ONLY = 9;
*/
INCOMPLETE_THIRD_PARTY_OPENSOURCE_ONLY = 9
}
/**
* @generated from enum cyclonedx.v1_5.EvidenceFieldType
*/
export declare enum EvidenceFieldType {
/**
* @generated from enum value: EVIDENCE_FIELD_NULL = 0;
*/
EVIDENCE_FIELD_NULL = 0,
/**
* @generated from enum value: EVIDENCE_FIELD_GROUP = 1;
*/
EVIDENCE_FIELD_GROUP = 1,
/**
* @generated from enum value: EVIDENCE_FIELD_NAME = 2;
*/
EVIDENCE_FIELD_NAME = 2,
/**
* @generated from enum value: EVIDENCE_FIELD_VERSION = 3;
*/
EVIDENCE_FIELD_VERSION = 3,
/**
* @generated from enum value: EVIDENCE_FIELD_PURL = 4;
*/
EVIDENCE_FIELD_PURL = 4,
/**
* @generated from enum value: EVIDENCE_FIELD_CPE = 5;
*/
EVIDENCE_FIELD_CPE = 5,
/**
* @generated from enum value: EVIDENCE_FIELD_SWID = 6;
*/
EVIDENCE_FIELD_SWID = 6,
/**
* @generated from enum value: EVIDENCE_FIELD_HASH = 7;
*/
EVIDENCE_FIELD_HASH = 7
}
/**
* @generated from enum cyclonedx.v1_5.EvidenceTechnique
*/
export declare enum EvidenceTechnique {
/**
* @generated from enum value: EVIDENCE_TECHNIQUE_SOURCE_CODE_ANALYSIS = 0;
*/
SOURCE_CODE_ANALYSIS = 0,
/**
* @generated from enum value: EVIDENCE_TECHNIQUE_BINARY_ANALYSIS = 1;
*/
BINARY_ANALYSIS = 1,
/**
* @generated from enum value: EVIDENCE_TECHNIQUE_MANIFEST_ANALYSIS = 2;
*/
MANIFEST_ANALYSIS = 2,
/**
* @generated from enum value: EVIDENCE_TECHNIQUE_AST_FINGERPRINT = 3;
*/
AST_FINGERPRINT = 3,
/**
* @generated from enum value: EVIDENCE_TECHNIQUE_HASH_COMPARISON = 4;
*/
HASH_COMPARISON = 4,
/**
* @generated from enum value: EVIDENCE_TECHNIQUE_INSTRUMENTATION = 5;
*/
INSTRUMENTATION = 5,
/**
* @generated from enum value: EVIDENCE_TECHNIQUE_DYNAMIC_ANALYSIS = 6;
*/
DYNAMIC_ANALYSIS = 6,
/**
* @generated from enum value: EVIDENCE_TECHNIQUE_FILENAME = 7;
*/
FILENAME = 7,
/**
* @generated from enum value: EVIDENCE_TECHNIQUE_ATTESTATION = 8;
*/
ATTESTATION = 8,
/**
* @generated from enum value: EVIDENCE_TECHNIQUE_OTHER = 9;
*/
OTHER = 9
}
/**
* @generated from enum cyclonedx.v1_5.Severity
*/
export declare enum Severity {
/**
* @generated from enum value: SEVERITY_UNKNOWN = 0;
*/
UNKNOWN = 0,
/**
* @generated from enum value: SEVERITY_CRITICAL = 1;
*/
CRITICAL = 1,
/**
* @generated from enum value: SEVERITY_HIGH = 2;
*/
HIGH = 2,
/**
* @generated from enum value: SEVERITY_MEDIUM = 3;
*/
MEDIUM = 3,
/**
* @generated from enum value: SEVERITY_LOW = 4;
*/
LOW = 4,
/**
* @generated from enum value: SEVERITY_INFO = 5;
*/
INFO = 5,
/**
* @generated from enum value: SEVERITY_NONE = 6;
*/
NONE = 6
}
/**
* @generated from enum cyclonedx.v1_5.ScoreMethod
*/
export declare enum ScoreMethod {
/**
* An undefined score method
*
* @generated from enum value: SCORE_METHOD_NULL = 0;
*/
NULL = 0,
/**
* Common Vulnerability Scoring System v2 - https://www.first.org/cvss/v2/
*
* @generated from enum value: SCORE_METHOD_CVSSV2 = 1;
*/
CVSSV2 = 1,
/**
* Common Vulnerability Scoring System v3 - https://www.first.org/cvss/v3-0/
*
* @generated from enum value: SCORE_METHOD_CVSSV3 = 2;
*/
CVSSV3 = 2,
/**
* Common Vulnerability Scoring System v3.1 - https://www.first.org/cvss/v3-1/
*
* @generated from enum value: SCORE_METHOD_CVSSV31 = 3;
*/
CVSSV31 = 3,
/**
* OWASP Risk Rating Methodology - https://owasp.org/www-community/OWASP_Risk_Rating_Methodology
*
* @generated from enum value: SCORE_METHOD_OWASP = 4;
*/
OWASP = 4,
/**
* Other scoring method
*
* @generated from enum value: SCORE_METHOD_OTHER = 5;
*/
OTHER = 5,
/**
* Common Vulnerability Scoring System v3.1 - https://www.first.org/cvss/v4-0/
*
* @generated from enum value: SCORE_METHOD_CVSSV4 = 6;
*/
CVSSV4 = 6,
/**
* Stakeholder Specific Vulnerability Categorization (all versions) - https://github.com/CERTCC/SSVC
*
* @generated from enum value: SCORE_METHOD_SSVC = 7;
*/
SSVC = 7
}
/**
* @generated from enum cyclonedx.v1_5.ImpactAnalysisState
*/
export declare enum ImpactAnalysisState {
/**
* An undefined impact analysis state
*
* @generated from enum value: IMPACT_ANALYSIS_STATE_NULL = 0;
*/
NULL = 0,
/**
* The vulnerability has been remediated.
*
* @generated from enum value: IMPACT_ANALYSIS_STATE_RESOLVED = 1;
*/
RESOLVED = 1,
/**
* The vulnerability has been remediated and evidence of the changes are provided in the affected components pedigree containing verifiable commit history and/or diff(s).
*
* @generated from enum value: IMPACT_ANALYSIS_STATE_RESOLVED_WITH_PEDIGREE = 2;
*/
RESOLVED_WITH_PEDIGREE = 2,
/**
* The vulnerability may be directly or indirectly exploitable.
*
* @generated from enum value: IMPACT_ANALYSIS_STATE_EXPLOITABLE = 3;
*/
EXPLOITABLE = 3,
/**
* The vulnerability is being investigated.
*
* @generated from enum value: IMPACT_ANALYSIS_STATE_IN_TRIAGE = 4;
*/
IN_TRIAGE = 4,
/**
* The vulnerability is not specific to the component or service and was falsely identified or associated.
*
* @generated from enum value: IMPACT_ANALYSIS_STATE_FALSE_POSITIVE = 5;
*/
FALSE_POSITIVE = 5,
/**
* The component or service is not affected by the vulnerability. Justification should be specified for all not_affected cases.
*
* @generated from enum value: IMPACT_ANALYSIS_STATE_NOT_AFFECTED = 6;
*/
NOT_AFFECTED = 6
}
/**
* @generated from enum cyclonedx.v1_5.ImpactAnalysisJustification
*/
export declare enum ImpactAnalysisJustification {
/**
* An undefined impact analysis justification
*
* @generated from enum value: IMPACT_ANALYSIS_JUSTIFICATION_NULL = 0;
*/
NULL = 0,
/**
* The code has been removed or tree-shaked.
*
* @generated from enum value: IMPACT_ANALYSIS_JUSTIFICATION_CODE_NOT_PRESENT = 1;
*/
CODE_NOT_PRESENT = 1,
/**
* The vulnerable code is not invoked at runtime.
*
* @generated from enum value: IMPACT_ANALYSIS_JUSTIFICATION_CODE_NOT_REACHABLE = 2;
*/
CODE_NOT_REACHABLE = 2,
/**
* Exploitability requires a configurable option to be set/unset.
*
* @generated from enum value: IMPACT_ANALYSIS_JUSTIFICATION_REQUIRES_CONFIGURATION = 3;
*/
REQUIRES_CONFIGURATION = 3,
/**
* Exploitability requires a dependency that is not present.
*
* @generated from enum value: IMPACT_ANALYSIS_JUSTIFICATION_REQUIRES_DEPENDENCY = 4;
*/
REQUIRES_DEPENDENCY = 4,
/**
* Exploitability requires a certain environment which is not present.
*
* @generated from enum value: IMPACT_ANALYSIS_JUSTIFICATION_REQUIRES_ENVIRONMENT = 5;
*/
REQUIRES_ENVIRONMENT = 5,
/**
* Exploitability requires a compiler flag to be set/unset.
*
* @generated from enum value: IMPACT_ANALYSIS_JUSTIFICATION_PROTECTED_BY_COMPILER = 6;
*/
PROTECTED_BY_COMPILER = 6,
/**
* Exploits are prevented at runtime.
*
* @generated from enum value: IMPACT_ANALYSIS_JUSTIFICATION_PROTECTED_AT_RUNTIME = 7;
*/
PROTECTED_AT_RUNTIME = 7,
/**
* Attacks are blocked at physical, logical, or network perimeter.
*
* @generated from enum value: IMPACT_ANALYSIS_JUSTIFICATION_PROTECTED_AT_PERIMETER = 8;
*/
PROTECTED_AT_PERIMETER = 8,
/**
* Preventative measures have been implemented that reduce the likelihood and/or impact of the vulnerability.
*
* @generated from enum value: IMPACT_ANALYSIS_JUSTIFICATION_PROTECTED_BY_MITIGATING_CONTROL = 9;
*/
PROTECTED_BY_MITIGATING_CONTROL = 9
}
/**
* @generated from enum cyclonedx.v1_5.VulnerabilityResponse
*/
export declare enum VulnerabilityResponse {
/**
* @generated from enum value: VULNERABILITY_RESPONSE_NULL = 0;
*/
NULL = 0,
/**
* @generated from enum value: VULNERABILITY_RESPONSE_CAN_NOT_FIX = 1;
*/
CAN_NOT_FIX = 1,
/**
* @generated from enum value: VULNERABILITY_RESPONSE_WILL_NOT_FIX = 2;
*/
WILL_NOT_FIX = 2,
/**
* @generated from enum value: VULNERABILITY_RESPONSE_UPDATE = 3;
*/
UPDATE = 3,
/**
* @generated from enum value: VULNERABILITY_RESPONSE_ROLLBACK = 4;
*/
ROLLBACK = 4,
/**
* @generated from enum value: VULNERABILITY_RESPONSE_WORKAROUND_AVAILABLE = 5;
*/
WORKAROUND_AVAILABLE = 5
}
/**
* @generated from enum cyclonedx.v1_5.VulnerabilityAffectedStatus
*/
export declare enum VulnerabilityAffectedStatus {
/**
* The vulnerability status of a given version or range of versions of a product. The statuses 'affected' and 'unaffected' indicate that the version is affected or unaffected by the vulnerability. The status 'unknown' indicates that it is unknown or unspecified whether the given version is affected. There can be many reasons for an 'unknown' status, including that an investigation has not been undertaken or that a vendor has not disclosed the status.
*
* @generated from enum value: VULNERABILITY_AFFECTED_STATUS_UNKNOWN = 0;
*/
UNKNOWN = 0,
/**
* @generated from enum value: VULNERABILITY_AFFECTED_STATUS_AFFECTED = 1;
*/
AFFECTED = 1,
/**
* @generated from enum value: VULNERABILITY_AFFECTED_STATUS_NOT_AFFECTED = 2;
*/
NOT_AFFECTED = 2
}
/**
* @generated from enum cyclonedx.v1_5.ModelParameterApproachType
*/
export declare enum ModelParameterApproachType {
/**
* @generated from enum value: MODEL_PARAMETER_APPROACH_TYPE_SUPERVISED = 0;
*/
SUPERVISED = 0,
/**
* @generated from enum value: MODEL_PARAMETER_APPROACH_TYPE_UNSUPERVISED = 1;
*/
UNSUPERVISED = 1,
/**
* @generated from enum value: MODEL_PARAMETER_APPROACH_TYPE_REINFORCED_LEARNING = 2;
*/
REINFORCED_LEARNING = 2,
/**
* @generated from enum value: MODEL_PARAMETER_APPROACH_TYPE_SEMI_SUPERVISED = 3;
*/
SEMI_SUPERVISED = 3,
/**
* @generated from enum value: MODEL_PARAMETER_APPROACH_TYPE_SELF_SUPERVISED = 4;
*/
SELF_SUPERVISED = 4
}
/**
* @generated from enum cyclonedx.v1_5.ComponentDataType
*/
export declare enum ComponentDataType {
/**
* Any type of code, code snippet, or data-as-code
*
* @generated from enum value: COMPONENT_DATA_TYPE_SOURCE_CODE = 0;
*/
SOURCE_CODE = 0,
/**
* Parameters or settings that may be used by other components.
*
* @generated from enum value: COMPONENT_DATA_TYPE_CONFIGURATION = 1;
*/
CONFIGURATION = 1,
/**
* A collection of data.
*
* @generated from enum value: COMPONENT_DATA_TYPE_DATASET = 2;
*/
DATASET = 2,
/**
* Data that can be used to create new instances of what the definition defines.
*
* @generated from enum value: COMPONENT_DATA_TYPE_DEFINITION = 3;
*/
DEFINITION = 3,
/**
* Any other type of data that does not fit into existing definitions.
*
* @generated from enum value: COMPONENT_DATA_TYPE_OTHER = 4;
*/
OTHER = 4
}
/**
* @generated from enum cyclonedx.v1_5.TaskType
*/
export declare enum TaskType {
/**
* @generated from enum value: TASK_TYPE_COPY = 0;
*/
COPY = 0,
/**
* @generated from enum value: TASK_TYPE_CLONE = 1;
*/
CLONE = 1,
/**
* @generated from enum value: TASK_TYPE_LINT = 2;
*/
LINT = 2,
/**
* @generated from enum value: TASK_TYPE_SCAN = 3;
*/
SCAN = 3,
/**
* @generated from enum value: TASK_TYPE_MERGE = 4;
*/
MERGE = 4,
/**
* @generated from enum value: TASK_TYPE_BUILD = 5;
*/
BUILD = 5,
/**
* @generated from enum value: TASK_TYPE_TEST = 6;
*/
TEST = 6,
/**
* @generated from enum value: TASK_TYPE_DELIVER = 7;
*/
DELIVER = 7,
/**
* @generated from enum value: TASK_TYPE_DEPLOY = 8;
*/
DEPLOY = 8,
/**
* @generated from enum value: TASK_TYPE_RELEASE = 9;
*/
RELEASE = 9,
/**
* @generated from enum value: TASK_TYPE_CLEAN = 10;
*/
CLEAN = 10,
/**
* @generated from enum value: TASK_TYPE_OTHER = 11;
*/
OTHER = 11
}
/**
* Specifies attributes of the text
*
* @generated from message cyclonedx.v1_5.AttachedText
*/
export declare class AttachedText extends Message<AttachedText> {
/**
* Specifies the content type of the text. Defaults to 'text/plain' if not specified.
*
* @generated from field: optional string content_type = 1;
*/
contentType?: string;
/**
* Specifies the optional encoding the text is represented in
*
* @generated from field: optional string encoding = 2;
*/
encoding?: string;
/**
* SimpleContent value of element. Proactive controls such as input validation and sanitization should be employed to prevent misuse of attachment text.
*
* @generated from field: string value = 3;
*/
value: string;
constructor(data?: PartialMessage<AttachedText>);
static readonly runtime: typeof proto3;
static readonly typeName = "cyclonedx.v1_5.AttachedText";
static readonly fields: FieldList;
static fromBinary(bytes: Uint8Array, options?: Partial<BinaryReadOptions>): AttachedText;
static fromJson(jsonValue: JsonValue, options?: Partial<JsonReadOptions>): AttachedText;
static fromJsonString(jsonString: string, options?: Partial<JsonReadOptions>): AttachedText;
static equals(a: AttachedText | PlainMessage<AttachedText> | undefined, b: AttachedText | PlainMessage<AttachedText> | undefined): boolean;
}
/**
* @generated from message cyclonedx.v1_5.Bom
*/
export declare class Bom extends Message<Bom> {
/**
* The version of the CycloneDX specification a BOM is written to (starting at version 1.3)
*
* @generated from field: string spec_version = 1;
*/
specVersion: string;
/**
* The version allows component publishers/authors to make changes to existing BOMs to update various aspects of the document such as description or licenses. When a system is presented with multiple BOMs for the same component, the system should use the most recent version of the BOM. The default version is '1' and should be incremented for each version of the BOM that is published. Each version of a component should have a unique BOM and if no changes are made to the BOMs, then each BOM will have a version of '1'.
*
* @generated from field: optional int32 version = 2;
*/
version?: number;
/**
* Every BOM generated should have a unique serial number, even if the contents of the BOM being generated have not changed over time. The process or tool responsible for creating the BOM should create random UUID's for every BOM generated.
*
* @generated from field: optional string serial_number = 3;
*/
serialNumber?: string;
/**
* Provides additional information about a BOM.
*
* @generated from field: optional cyclonedx.v1_5.Metadata metadata = 4;
*/
metadata?: Metadata;
/**
* Provides the ability to document a list of components.
*
* @generated from field: repeated cyclonedx.v1_5.Component components = 5;
*/
components: Component[];
/**
* Provides the ability to document a list of external services.
*
* @generated from field: repeated cyclonedx.v1_5.Service services = 6;
*/
services: Service[];
/**
* Provides the ability to document external references related to the BOM or to the project the BOM describes.
*
* @generated from field: repeated cyclonedx.v1_5.ExternalReference external_references = 7;
*/
externalReferences: ExternalReference[];
/**
* Provides the ability to document dependency relationships.
*
* @generated from field: repeated cyclonedx.v1_5.Dependency dependencies = 8;
*/
dependencies: Dependency[];
/**
* Compositions describe constituent parts (including components, services, and dependency relationships) and their completeness. The completeness of vulnerabilities expressed in a BOM may also be described.
*
* @generated from field: repeated cyclonedx.v1_5.Composition compositions = 9;
*/
compositions: Composition[];
/**
* Vulnerabilities identified in components or services.
*
* @generated from field: repeated cyclonedx.v1_5.Vulnerability vulnerabilities = 10;
*/
vulnerabilities: Vulnerability[];
/**
* Comments made by people, organizations, or tools about any object with a bom-ref, such as components, services, vulnerabilities, or the BOM itself. Unlike inventory information, annotations may contain opinion or commentary from various stakeholders.
*
* @generated from field: repeated cyclonedx.v1_5.Annotation annotations = 11;
*/
annotations: Annotation[];
/**
* Specifies optional, custom, properties
*
* @generated from field: repeated cyclonedx.v1_5.Property properties = 12;
*/
properties: Property[];
/**
* Describes how a component or service was manufactured or deployed. This is achieved through the use of formulas, workflows, tasks, and steps, which declare the precise steps to reproduce along with the observed formulas describing the steps which transpired in the manufacturing process.
*
* @generated from field: repeated cyclonedx.v1_5.Formula formulation = 13;
*/
formulation: Formula[];
constructor(data?: PartialMessage<Bom>);
static readonly runtime: typeof proto3;
static readonly typeName = "cyclonedx.v1_5.Bom";
static readonly fields: FieldList;
static fromBinary(bytes: Uint8Array, options?: Partial<BinaryReadOptions>): Bom;
static fromJson(jsonValue: JsonValue, options?: Partial<JsonReadOptions>): Bom;
static fromJsonString(jsonString: string, options?: Partial<JsonReadOptions>): Bom;
static equals(a: Bom | PlainMessage<Bom> | undefined, b: Bom | PlainMessage<Bom> | undefined): boolean;
}
/**
* @generated from message cyclonedx.v1_5.Commit
*/
export declare class Commit extends Message<Commit> {
/**
* A unique identifier of the commit. This may be version control specific. For example, Subversion uses revision numbers whereas git uses commit hashes.
*
* @generated from field: optional string uid = 1;
*/
uid?: string;
/**
* The URL to the commit. This URL will typically point to a commit in a version control system.
*
* @generated from field: optional string url = 2;
*/
url?: string;
/**
* The author who created the changes in the commit
*
* @generated from field: optional cyclonedx.v1_5.IdentifiableAction author = 3;
*/
author?: IdentifiableAction;
/**
* The person who committed or pushed the commit
*
* @generated from field: optional cyclonedx.v1_5.IdentifiableAction committer = 4;
*/
committer?: IdentifiableAction;
/**
* The text description of the contents of the commit
*
* @generated from field: optional string message = 5;
*/
message?: string;
constructor(data?: PartialMessage<Commit>);
static readonly runtime: typeof proto3;
static readonly typeName = "cyclonedx.v1_5.Commit";
static readonly fields: FieldList;
static fromBinary(bytes: Uint8Array, options?: Partial<BinaryReadOptions>): Commit;
static fromJson(jsonValue: JsonValue, options?: Partial<JsonReadOptions>): Commit;
static fromJsonString(jsonString: string, options?: Partial<JsonReadOptions>): Commit;
static equals(a: Commit | PlainMessage<Commit> | undefined, b: Commit | PlainMessage<Commit> | undefined): boolean;
}
/**
* @generated from message cyclonedx.v1_5.Component
*/
export declare class Component extends Message<Component> {
/**
* Specifies the type of component. For software components, classify as application if no more specific appropriate classification is available or cannot be determined for the component.
*
* @generated from field: cyclonedx.v1_5.Classification type = 1;
*/
type: Classification;
/**
* The optional mime-type of the component. When used on file components, the mime-type can provide additional context about the kind of file being represented such as an image, font, or executable. Some library or framework components may also have an associated mime-type.
*
* @generated from field: optional string mime_type = 2;
*/
mimeType?: string;
/**
* An optional identifier which can be used to reference the component elsewhere in the BOM. Uniqueness is enforced within all elements and children of the root-level bom element.
*
* @generated from field: optional string bom_ref = 3;
*/
bomRef?: string;
/**
* The organization that supplied the component. The supplier may often be the manufacture, but may also be a distributor or repackager.
*
* @generated from field: optional cyclonedx.v1_5.OrganizationalEntity supplier = 4;
*/
supplier?: OrganizationalEntity;
/**
* The person(s) or organization(s) that authored the component
*
* @generated from field: optional string author = 5;
*/
author?: string;
/**
* The person(s) or organization(s) that published the component
*
* @generated from field: optional string publisher = 6;
*/
publisher?: string;