@appthreat/cdx-proto

import type { BinaryReadOptions, FieldList, JsonReadOptions, JsonValue, PartialMessage, PlainMessage } from "@bufbuild/protobuf"; import { Message, proto3, Timestamp } from "@bufbuild/protobuf"; /** * @generated from enum cyclonedx.v1_6.Classification */ export declare enum Classification { /** * buf:lint:ignore ENUM_ZERO_VALUE_SUFFIX -- `null` is our fallback, doubling `unspecified` * * @generated from enum value: CLASSIFICATION_NULL = 0; */ NULL = 0, /** * A software application. Refer to https://en.wikipedia.org/wiki/Application_software for information about applications. * * @generated from enum value: CLASSIFICATION_APPLICATION = 1; */ APPLICATION = 1, /** * A software framework. Refer to https://en.wikipedia.org/wiki/Software_framework for information on how frameworks vary slightly from libraries. * * @generated from enum value: CLASSIFICATION_FRAMEWORK = 2; */ FRAMEWORK = 2, /** * A software library. Refer to https://en.wikipedia.org/wiki/Library_(computing) for information about libraries. All third-party and open source reusable components will likely be a library. If the library also has key features of a framework, then it should be classified as a framework. If not, or is unknown, then specifying library is recommended. * * @generated from enum value: CLASSIFICATION_LIBRARY = 3; */ LIBRARY = 3, /** * A software operating system without regard to deployment model (i.e. installed on physical hardware, virtual machine, image, etc) Refer to https://en.wikipedia.org/wiki/Operating_system * * @generated from enum value: CLASSIFICATION_OPERATING_SYSTEM = 4; */ OPERATING_SYSTEM = 4, /** * A hardware device such as a processor, or chip-set. A hardware device containing firmware should include a component for the physical hardware itself, and another component of type 'firmware' or 'operating-system' (whichever is relevant), describing information about the software running on the device. See also the list of known device properties: https://github.com/CycloneDX/cyclonedx-property-taxonomy/blob/main/cdx/device.md * * @generated from enum value: CLASSIFICATION_DEVICE = 5; */ DEVICE = 5, /** * A computer file. Refer to https://en.wikipedia.org/wiki/Computer_file for information about files. * * @generated from enum value: CLASSIFICATION_FILE = 6; */ FILE = 6, /** * A packaging and/or runtime format, not specific to any particular technology, which isolates software inside the container from software outside of a container through virtualization technology. Refer to https://en.wikipedia.org/wiki/OS-level_virtualization * * @generated from enum value: CLASSIFICATION_CONTAINER = 7; */ CONTAINER = 7, /** * A special type of software that provides low-level control over a devices hardware. Refer to https://en.wikipedia.org/wiki/Firmware * * @generated from enum value: CLASSIFICATION_FIRMWARE = 8; */ FIRMWARE = 8, /** * A special type of software that operates or controls a particular type of device. Refer to https://en.wikipedia.org/wiki/Device_driver * * @generated from enum value: CLASSIFICATION_DEVICE_DRIVER = 9; */ DEVICE_DRIVER = 9, /** * A runtime environment which interprets or executes software. This may include runtimes such as those that execute bytecode or low-code/no-code application platforms. * * @generated from enum value: CLASSIFICATION_PLATFORM = 10; */ PLATFORM = 10, /** * A model based on training data that can make predictions or decisions without being explicitly programmed to do so. * * @generated from enum value: CLASSIFICATION_MACHINE_LEARNING_MODEL = 11; */ MACHINE_LEARNING_MODEL = 11, /** * A collection of discrete values that convey information. * * @generated from enum value: CLASSIFICATION_DATA = 12; */ DATA = 12, /** * A cryptographic asset including algorithms, protocols, certificates, keys, tokens, and secrets. * * @generated from enum value: CLASSIFICATION_CRYPTOGRAPHIC_ASSET = 13; */ CRYPTOGRAPHIC_ASSET = 13 } /** * Specifies the flow direction of the data. Valid values are: inbound, outbound, bi-directional, and unknown. Direction is relative to the service. Inbound flow states that data enters the service. Outbound flow states that data leaves the service. Bi-directional states that data flows both ways, and unknown states that the direction is not known. * buf:lint:ignore ENUM_VALUE_PREFIX -- Enum value names should be prefixed with "DATA_FLOW_DIRECTION_" * * @generated from enum cyclonedx.v1_6.DataFlowDirection */ export declare enum DataFlowDirection { /** * buf:lint:ignore ENUM_ZERO_VALUE_SUFFIX -- `null` is our fallback, doubling `unspecified` * * @generated from enum value: DATA_FLOW_NULL = 0; */ DATA_FLOW_NULL = 0, /** * @generated from enum value: DATA_FLOW_INBOUND = 1; */ DATA_FLOW_INBOUND = 1, /** * @generated from enum value: DATA_FLOW_OUTBOUND = 2; */ DATA_FLOW_OUTBOUND = 2, /** * @generated from enum value: DATA_FLOW_BI_DIRECTIONAL = 3; */ DATA_FLOW_BI_DIRECTIONAL = 3, /** * @generated from enum value: DATA_FLOW_UNKNOWN = 4; */ DATA_FLOW_UNKNOWN = 4 } /** * @generated from enum cyclonedx.v1_6.ExternalReferenceType */ export declare enum ExternalReferenceType { /** * Use this if no other types accurately describe the purpose of the external reference * buf:lint:ignore ENUM_ZERO_VALUE_SUFFIX -- `other` is our fallback, doubling `unspecified` * * @generated from enum value: EXTERNAL_REFERENCE_TYPE_OTHER = 0; */ OTHER = 0, /** * Version Control System * * @generated from enum value: EXTERNAL_REFERENCE_TYPE_VCS = 1; */ VCS = 1, /** * Issue, defect tracking system, or an Application Lifecycle Management (ALM) system * * @generated from enum value: EXTERNAL_REFERENCE_TYPE_ISSUE_TRACKER = 2; */ ISSUE_TRACKER = 2, /** * Website * * @generated from enum value: EXTERNAL_REFERENCE_TYPE_WEBSITE = 3; */ WEBSITE = 3, /** * Security advisories * * @generated from enum value: EXTERNAL_REFERENCE_TYPE_ADVISORIES = 4; */ ADVISORIES = 4, /** * Bill-of-material document (CycloneDX, SPDX, SWID, etc) * * @generated from enum value: EXTERNAL_REFERENCE_TYPE_BOM = 5; */ BOM = 5, /** * Mailing list or discussion group * * @generated from enum value: EXTERNAL_REFERENCE_TYPE_MAILING_LIST = 6; */ MAILING_LIST = 6, /** * Social media account * * @generated from enum value: EXTERNAL_REFERENCE_TYPE_SOCIAL = 7; */ SOCIAL = 7, /** * Real-time chat platform * * @generated from enum value: EXTERNAL_REFERENCE_TYPE_CHAT = 8; */ CHAT = 8, /** * Documentation, guides, or how-to instructions * * @generated from enum value: EXTERNAL_REFERENCE_TYPE_DOCUMENTATION = 9; */ DOCUMENTATION = 9, /** * Community or commercial support * * @generated from enum value: EXTERNAL_REFERENCE_TYPE_SUPPORT = 10; */ SUPPORT = 10, /** * Direct or repository download location * * @generated from enum value: EXTERNAL_REFERENCE_TYPE_DISTRIBUTION = 11; */ DISTRIBUTION = 11, /** * The URL to the license file. If a license URL has been defined in the license node, it should also be defined as an external reference for completeness * * @generated from enum value: EXTERNAL_REFERENCE_TYPE_LICENSE = 12; */ LICENSE = 12, /** * Build-system specific meta file (i.e. pom.xml, package.json, .nuspec, etc) * * @generated from enum value: EXTERNAL_REFERENCE_TYPE_BUILD_META = 13; */ BUILD_META = 13, /** * URL to an automated build system * * @generated from enum value: EXTERNAL_REFERENCE_TYPE_BUILD_SYSTEM = 14; */ BUILD_SYSTEM = 14, /** * Specifies a way to contact the maintainer, supplier, or provider in the event of a security incident. Common URIs include links to a disclosure procedure, a mailto (RFC-2368) that specifies an email address, a tel (RFC-3966) that specifies a phone number, or dns (RFC-4501) that specifies the records containing DNS Security TXT. * * @generated from enum value: EXTERNAL_REFERENCE_TYPE_SECURITY_CONTACT = 15; */ SECURITY_CONTACT = 15, /** * Human or machine-readable statements containing facts, evidence, or testimony * * @generated from enum value: EXTERNAL_REFERENCE_TYPE_ATTESTATION = 16; */ ATTESTATION = 16, /** * An enumeration of identified weaknesses, threats, and countermeasures, dataflow diagram (DFD), attack tree, and other supporting documentation in human-readable or machine-readable format * * @generated from enum value: EXTERNAL_REFERENCE_TYPE_THREAT_MODEL = 17; */ THREAT_MODEL = 17, /** * The defined assumptions, goals, and capabilities of an adversary. * * @generated from enum value: EXTERNAL_REFERENCE_TYPE_ADVERSARY_MODEL = 18; */ ADVERSARY_MODEL = 18, /** * Identifies and analyzes the potential of future events that may negatively impact individuals, assets, and/or the environment. Risk assessments may also include judgments on the tolerability of each risk. * * @generated from enum value: EXTERNAL_REFERENCE_TYPE_RISK_ASSESSMENT = 19; */ RISK_ASSESSMENT = 19, /** * The location where a component was published. This is often the same as "distribution" but may also include specialized publishing processes that act as an intermediary * * @generated from enum value: EXTERNAL_REFERENCE_TYPE_DISTRIBUTION_INTAKE = 20; */ DISTRIBUTION_INTAKE = 20, /** * A Vulnerability Disclosure Report (VDR) which asserts the known and previously unknown vulnerabilities that affect a component, service, or product including the analysis and findings describing the impact (or lack of impact) that the reported vulnerability has on a component, service, or product * * @generated from enum value: EXTERNAL_REFERENCE_TYPE_VULNERABILITY_ASSERTION = 21; */ VULNERABILITY_ASSERTION = 21, /** * A Vulnerability Exploitability eXchange (VEX) asserts the known vulnerabilities that do not affect a product, product family, or organization, and optionally, the ones that do. The VEX should include the analysis and findings describing the impact (or lack of impact) that the reported vulnerability has on the product, product family, or organization * * @generated from enum value: EXTERNAL_REFERENCE_TYPE_EXPLOITABILITY_STATEMENT = 22; */ EXPLOITABILITY_STATEMENT = 22, /** * Results from an authorized simulated cyberattack on a component or service, otherwise known as a penetration test * * @generated from enum value: EXTERNAL_REFERENCE_TYPE_PENTEST_REPORT = 23; */ PENTEST_REPORT = 23, /** * SARIF or proprietary machine or human-readable report for which static analysis has identified code quality, security, and other potential issues with the source code * * @generated from enum value: EXTERNAL_REFERENCE_TYPE_STATIC_ANALYSIS_REPORT = 24; */ STATIC_ANALYSIS_REPORT = 24, /** * Dynamic analysis report that has identified issues such as vulnerabilities and misconfigurations * * @generated from enum value: EXTERNAL_REFERENCE_TYPE_DYNAMIC_ANALYSIS_REPORT = 25; */ DYNAMIC_ANALYSIS_REPORT = 25, /** * Report generated by analyzing the call stack of a running application * * @generated from enum value: EXTERNAL_REFERENCE_TYPE_RUNTIME_ANALYSIS_REPORT = 26; */ RUNTIME_ANALYSIS_REPORT = 26, /** * Report generated by Software Composition Analysis (SCA), container analysis, or other forms of component analysis * * @generated from enum value: EXTERNAL_REFERENCE_TYPE_COMPONENT_ANALYSIS_REPORT = 27; */ COMPONENT_ANALYSIS_REPORT = 27, /** * Report containing a formal assessment of an organization, business unit, or team against a maturity model * * @generated from enum value: EXTERNAL_REFERENCE_TYPE_MATURITY_REPORT = 28; */ MATURITY_REPORT = 28, /** * Industry, regulatory, or other certification from an accredited (if applicable) certification body * * @generated from enum value: EXTERNAL_REFERENCE_TYPE_CERTIFICATION_REPORT = 29; */ CERTIFICATION_REPORT = 29, /** * Report or system in which quality metrics can be obtained * * @generated from enum value: EXTERNAL_REFERENCE_TYPE_QUALITY_METRICS = 30; */ QUALITY_METRICS = 30, /** * Code or configuration that defines and provisions virtualized infrastructure, commonly referred to as Infrastructure as Code (IaC) * * @generated from enum value: EXTERNAL_REFERENCE_TYPE_CODIFIED_INFRASTRUCTURE = 31; */ CODIFIED_INFRASTRUCTURE = 31, /** * A model card describes the intended uses of a machine learning model, potential limitations, biases, ethical considerations, training parameters, datasets used to train the model, performance metrics, and other relevant data useful for ML transparency. * * @generated from enum value: EXTERNAL_REFERENCE_TYPE_MODEL_CARD = 32; */ MODEL_CARD = 32, /** * Plans of Action and Milestones (POAM) complement an "attestation" external reference. POAM is defined by NIST as a "document that identifies tasks needing to be accomplished. It details resources required to accomplish the elements of the plan, any milestones in meeting the tasks and scheduled completion dates for the milestones". * * @generated from enum value: EXTERNAL_REFERENCE_TYPE_POAM = 33; */ POAM = 33, /** * A record of events that occurred in a computer system or application, such as problems, errors, or information on current operations. * * @generated from enum value: EXTERNAL_REFERENCE_TYPE_LOG = 34; */ LOG = 34, /** * Parameters or settings that may be used by other components or services. * * @generated from enum value: EXTERNAL_REFERENCE_TYPE_CONFIGURATION = 35; */ CONFIGURATION = 35, /** * Information used to substantiate a claim. * * @generated from enum value: EXTERNAL_REFERENCE_TYPE_EVIDENCE = 36; */ EVIDENCE = 36, /** * Describes how a component or service was manufactured or deployed. * * @generated from enum value: EXTERNAL_REFERENCE_TYPE_FORMULATION = 37; */ FORMULATION = 37, /** * The location where the source code distributable can be obtained. This is often an archive format such as zip or tar.gz. The source-distribution type complements the use of the version control (vcs) type. * * @generated from enum value: EXTERNAL_REFERENCE_TYPE_SOURCE_DISTRIBUTION = 38; */ SOURCE_DISTRIBUTION = 38, /** * An e-signature is commonly a scanned representation of a written signature or a stylized script of the person's name. * * @generated from enum value: EXTERNAL_REFERENCE_TYPE_ELECTRONIC_SIGNATURE = 39; */ ELECTRONIC_SIGNATURE = 39, /** * A signature that leverages cryptography, typically public/private key pairs, which provides strong authenticity verification. * * @generated from enum value: EXTERNAL_REFERENCE_TYPE_DIGITAL_SIGNATURE = 40; */ DIGITAL_SIGNATURE = 40, /** * Document that complies with RFC-9116 (A File Format to Aid in Security Vulnerability Disclosure) * * @generated from enum value: EXTERNAL_REFERENCE_TYPE_RFC_9116 = 41; */ RFC_9116 = 41 } /** * @generated from enum cyclonedx.v1_6.HashAlg */ export declare enum HashAlg { /** * buf:lint:ignore ENUM_ZERO_VALUE_SUFFIX -- `null` is our fallback, doubling `unspecified` * * @generated from enum value: HASH_ALG_NULL = 0; */ NULL = 0, /** * @generated from enum value: HASH_ALG_MD_5 = 1; */ MD_5 = 1, /** * @generated from enum value: HASH_ALG_SHA_1 = 2; */ SHA_1 = 2, /** * @generated from enum value: HASH_ALG_SHA_256 = 3; */ SHA_256 = 3, /** * @generated from enum value: HASH_ALG_SHA_384 = 4; */ SHA_384 = 4, /** * @generated from enum value: HASH_ALG_SHA_512 = 5; */ SHA_512 = 5, /** * @generated from enum value: HASH_ALG_SHA_3_256 = 6; */ SHA_3_256 = 6, /** * @generated from enum value: HASH_ALG_SHA_3_384 = 7; */ SHA_3_384 = 7, /** * @generated from enum value: HASH_ALG_SHA_3_512 = 8; */ SHA_3_512 = 8, /** * @generated from enum value: HASH_ALG_BLAKE_2_B_256 = 9; */ BLAKE_2_B_256 = 9, /** * @generated from enum value: HASH_ALG_BLAKE_2_B_384 = 10; */ BLAKE_2_B_384 = 10, /** * @generated from enum value: HASH_ALG_BLAKE_2_B_512 = 11; */ BLAKE_2_B_512 = 11, /** * @generated from enum value: HASH_ALG_BLAKE_3 = 12; */ BLAKE_3 = 12 } /** * @generated from enum cyclonedx.v1_6.IssueClassification */ export declare enum IssueClassification { /** * buf:lint:ignore ENUM_ZERO_VALUE_SUFFIX -- `null` is our fallback, doubling `unspecified` * * @generated from enum value: ISSUE_CLASSIFICATION_NULL = 0; */ NULL = 0, /** * A fault, flaw, or bug in software * * @generated from enum value: ISSUE_CLASSIFICATION_DEFECT = 1; */ DEFECT = 1, /** * A new feature or behavior in software * * @generated from enum value: ISSUE_CLASSIFICATION_ENHANCEMENT = 2; */ ENHANCEMENT = 2, /** * A special type of defect which impacts security * * @generated from enum value: ISSUE_CLASSIFICATION_SECURITY = 3; */ SECURITY = 3 } /** * Declared licenses and concluded licenses represent two different stages in the licensing process within software development. Declared licenses refer to the initial intention of the software authors regarding the licensing terms under which their code is released. On the other hand, concluded licenses are the result of a comprehensive analysis of the project's codebase to identify and confirm the actual licenses of the components used, which may differ from the initially declared licenses. While declared licenses provide an upfront indication of the licensing intentions, concluded licenses offer a more thorough understanding of the actual licensing within a project, facilitating proper compliance and risk management. Observed licenses are defined in `@.evidence.licenses`. Observed licenses form the evidence necessary to substantiate a concluded license. * * @generated from enum cyclonedx.v1_6.LicenseAcknowledgementEnumeration */ export declare enum LicenseAcknowledgementEnumeration { /** * The license acknowledgement is not specified. * * @generated from enum value: LICENSE_ACKNOWLEDGEMENT_ENUMERATION_UNSPECIFIED = 0; */ UNSPECIFIED = 0, /** * Declared licenses represent the initial intentions of authors regarding the licensing terms of their code. * * @generated from enum value: LICENSE_ACKNOWLEDGEMENT_ENUMERATION_DECLARED = 1; */ DECLARED = 1, /** * Concluded licenses are verified and confirmed. * * @generated from enum value: LICENSE_ACKNOWLEDGEMENT_ENUMERATION_CONCLUDED = 2; */ CONCLUDED = 2 } /** * buf:lint:ignore ENUM_VALUE_PREFIX -- Enum value names should be prefixed with "LICENSING_TYPE_ENUM_" * * @generated from enum cyclonedx.v1_6.LicensingTypeEnum */ export declare enum LicensingTypeEnum { /** * buf:lint:ignore ENUM_ZERO_VALUE_SUFFIX -- `null` is our fallback, doubling `unspecified` * * @generated from enum value: LICENSING_TYPE_NULL = 0; */ LICENSING_TYPE_NULL = 0, /** * A license that grants use of software solely for the purpose of education or research. * * @generated from enum value: LICENSING_TYPE_ACADEMIC = 1; */ LICENSING_TYPE_ACADEMIC = 1, /** * A license covering use of software embedded in a specific piece of hardware. * * @generated from enum value: LICENSING_TYPE_APPLIANCE = 2; */ LICENSING_TYPE_APPLIANCE = 2, /** * A Client Access License (CAL) allows client computers to access services provided by server software. * * @generated from enum value: LICENSING_TYPE_CLIENT_ACCESS = 3; */ LICENSING_TYPE_CLIENT_ACCESS = 3, /** * A Concurrent User license (aka floating license) limits the number of licenses for a software application and licenses are shared among a larger number of users. * * @generated from enum value: LICENSING_TYPE_CONCURRENT_USER = 4; */ LICENSING_TYPE_CONCURRENT_USER = 4, /** * A license where the core of a computer's processor is assigned a specific number of points. * * @generated from enum value: LICENSING_TYPE_CORE_POINTS = 5; */ LICENSING_TYPE_CORE_POINTS = 5, /** * A license for which consumption is measured by non-standard metrics. * * @generated from enum value: LICENSING_TYPE_CUSTOM_METRIC = 6; */ LICENSING_TYPE_CUSTOM_METRIC = 6, /** * A license that covers a defined number of installations on computers and other types of devices. * * @generated from enum value: LICENSING_TYPE_DEVICE = 7; */ LICENSING_TYPE_DEVICE = 7, /** * A license that grants permission to install and use software for trial purposes. * * @generated from enum value: LICENSING_TYPE_EVALUATION = 8; */ LICENSING_TYPE_EVALUATION = 8, /** * A license that grants access to the software to one or more pre-defined users. * * @generated from enum value: LICENSING_TYPE_NAMED_USER = 9; */ LICENSING_TYPE_NAMED_USER = 9, /** * A license that grants access to the software on one or more pre-defined computers or devices. * * @generated from enum value: LICENSING_TYPE_NODE_LOCKED = 10; */ LICENSING_TYPE_NODE_LOCKED = 10, /** * An Original Equipment Manufacturer license that is delivered with hardware, cannot be transferred to other hardware, and is valid for the life of the hardware. * * @generated from enum value: LICENSING_TYPE_OEM = 11; */ LICENSING_TYPE_OEM = 11, /** * A license where the software is sold on a one-time basis and the licensee can use a copy of the software indefinitely. * * @generated from enum value: LICENSING_TYPE_PERPETUAL = 12; */ LICENSING_TYPE_PERPETUAL = 12, /** * A license where each installation consumes points per processor. * * @generated from enum value: LICENSING_TYPE_PROCESSOR_POINTS = 13; */ LICENSING_TYPE_PROCESSOR_POINTS = 13, /** * A license where the licensee pays a fee to use the software or service. * * @generated from enum value: LICENSING_TYPE_SUBSCRIPTION = 14; */ LICENSING_TYPE_SUBSCRIPTION = 14, /** * A license that grants access to the software or service by a specified number of users. * * @generated from enum value: LICENSING_TYPE_USER = 15; */ LICENSING_TYPE_USER = 15, /** * Another license type. * * @generated from enum value: LICENSING_TYPE_OTHER = 16; */ LICENSING_TYPE_OTHER = 16 } /** * @generated from enum cyclonedx.v1_6.LifecyclePhase */ export declare enum LifecyclePhase { /** * BOM produced early in the development lifecycle containing an inventory of components and services that are proposed or planned to be used. The inventory may need to be procured, retrieved, or resourced prior to use. * buf:lint:ignore ENUM_ZERO_VALUE_SUFFIX -- value `0` is a fallback(meaning "unspecified") in protobuf3. this usage here is an error; it shall be fixed with v2.0 of this very schema * * @generated from enum value: LIFECYCLE_PHASE_DESIGN = 0; */ DESIGN = 0, /** * BOM consists of information obtained prior to a build process and may contain source files, development artifacts, and manifests. The inventory may need to be resolved and retrieved prior to use. * * @generated from enum value: LIFECYCLE_PHASE_PRE_BUILD = 1; */ PRE_BUILD = 1, /** * BOM consisting of information obtained during a build process where component inventory is available for use. The precise versions of resolved components are usually available at this time as well as the provenance of where the components were retrieved from. * * @generated from enum value: LIFECYCLE_PHASE_BUILD = 2; */ BUILD = 2, /** * BOM consisting of information obtained after a build process has completed and the resulting components(s) are available for further analysis. Built components may exist as the result of a CI/CD process, may have been installed or deployed to a system or device, and may need to be retrieved or extracted from the system or device. * * @generated from enum value: LIFECYCLE_PHASE_POST_BUILD = 3; */ POST_BUILD = 3, /** * BOM produced that represents inventory that is running and operational. This may include staging or production environments and will generally encompass multiple SBOMs describing the applications and operating system, along with HBOMs describing the hardware that makes up the system. Operations Bill of Materials (OBOM) can provide full-stack inventory of runtime environments, configurations, and additional dependencies. * * @generated from enum value: LIFECYCLE_PHASE_OPERATIONS = 4; */ OPERATIONS = 4, /** * BOM consisting of information observed through network discovery providing point-in-time enumeration of embedded, on-premise, and cloud-native services such as server applications, connected devices, microservices, and serverless functions. * * @generated from enum value: LIFECYCLE_PHASE_DISCOVERY = 5; */ DISCOVERY = 5, /** * BOM containing inventory that will be, or has been retired from operations. * * @generated from enum value: LIFECYCLE_PHASE_DECOMMISSION = 6; */ DECOMMISSION = 6 } /** * @generated from enum cyclonedx.v1_6.PatchClassification */ export declare enum PatchClassification { /** * buf:lint:ignore ENUM_ZERO_VALUE_SUFFIX -- `null` is our fallback, doubling `unspecified` * * @generated from enum value: PATCH_CLASSIFICATION_NULL = 0; */ NULL = 0, /** * A patch which is not developed by the creators or maintainers of the software being patched. Refer to https://en.wikipedia.org/wiki/Unofficial_patch * * @generated from enum value: PATCH_CLASSIFICATION_UNOFFICIAL = 1; */ UNOFFICIAL = 1, /** * A patch which dynamically modifies runtime behavior. Refer to https://en.wikipedia.org/wiki/Monkey_patch * * @generated from enum value: PATCH_CLASSIFICATION_MONKEY = 2; */ MONKEY = 2, /** * A patch which takes code from a newer version of software and applies it to older versions of the same software. Refer to https://en.wikipedia.org/wiki/Backporting * * @generated from enum value: PATCH_CLASSIFICATION_BACKPORT = 3; */ BACKPORT = 3, /** * A patch created by selectively applying commits from other versions or branches of the same software. * * @generated from enum value: PATCH_CLASSIFICATION_CHERRY_PICK = 4; */ CHERRY_PICK = 4 } /** * @generated from enum cyclonedx.v1_6.Scope */ export declare enum Scope { /** * Default * * @generated from enum value: SCOPE_UNSPECIFIED = 0; */ UNSPECIFIED = 0, /** * The component is required for runtime * * @generated from enum value: SCOPE_REQUIRED = 1; */ REQUIRED = 1, /** * The component is optional at runtime. Optional components are components that are not capable of being called due to them not being installed or otherwise accessible by any means. Components that are installed but, due to configuration or other restrictions, are prohibited from being called must be scoped as 'required'. * * @generated from enum value: SCOPE_OPTIONAL = 2; */ OPTIONAL = 2, /** * Components that are excluded provide the ability to document component usage for test and other non-runtime purposes. Excluded components are not reachable within a call graph at runtime. * * @generated from enum value: SCOPE_EXCLUDED = 3; */ EXCLUDED = 3 } /** * @generated from enum cyclonedx.v1_6.Aggregate */ export declare enum Aggregate { /** * The relationship completeness is not specified. * buf:lint:ignore ENUM_ZERO_VALUE_SUFFIX -- `not specified` is our fallback, doubling `unspecified` * * @generated from enum value: AGGREGATE_NOT_SPECIFIED = 0; */ NOT_SPECIFIED = 0, /** * The relationship is complete. No further relationships including constituent components, services, or dependencies are known to exist. * * @generated from enum value: AGGREGATE_COMPLETE = 1; */ COMPLETE = 1, /** * The relationship is incomplete. Additional relationships exist and may include constituent components, services, or dependencies. * * @generated from enum value: AGGREGATE_INCOMPLETE = 2; */ INCOMPLETE = 2, /** * The relationship is incomplete. Only relationships for first-party components, services, or their dependencies are represented. * * @generated from enum value: AGGREGATE_INCOMPLETE_FIRST_PARTY_ONLY = 3; */ INCOMPLETE_FIRST_PARTY_ONLY = 3, /** * The relationship is incomplete. Only relationships for third-party components, services, or their dependencies are represented. * * @generated from enum value: AGGREGATE_INCOMPLETE_THIRD_PARTY_ONLY = 4; */ INCOMPLETE_THIRD_PARTY_ONLY = 4, /** * The relationship may be complete or incomplete. This usually signifies a 'best-effort' to obtain constituent components, services, or dependencies but the completeness is inconclusive. * * @generated from enum value: AGGREGATE_UNKNOWN = 5; */ UNKNOWN = 5, /** * The relationship is incomplete. Only relationships for first-party components, services, or their dependencies are represented, limited specifically to those that are proprietary. * * @generated from enum value: AGGREGATE_INCOMPLETE_FIRST_PARTY_PROPRIETARY_ONLY = 6; */ INCOMPLETE_FIRST_PARTY_PROPRIETARY_ONLY = 6, /** * The relationship is incomplete. Only relationships for first-party components, services, or their dependencies are represented, limited specifically to those that are opensource. * * @generated from enum value: AGGREGATE_INCOMPLETE_FIRST_PARTY_OPENSOURCE_ONLY = 7; */ INCOMPLETE_FIRST_PARTY_OPENSOURCE_ONLY = 7, /** * The relationship is incomplete. Only relationships for third-party components, services, or their dependencies are represented, limited specifically to those that are proprietary. * * @generated from enum value: AGGREGATE_INCOMPLETE_THIRD_PARTY_PROPRIETARY_ONLY = 8; */ INCOMPLETE_THIRD_PARTY_PROPRIETARY_ONLY = 8, /** * The relationship is incomplete. Only relationships for third-party components, services, or their dependencies are represented, limited specifically to those that are opensource. * * @generated from enum value: AGGREGATE_INCOMPLETE_THIRD_PARTY_OPENSOURCE_ONLY = 9; */ INCOMPLETE_THIRD_PARTY_OPENSOURCE_ONLY = 9 } /** * buf:lint:ignore ENUM_VALUE_PREFIX -- Enum value names should be prefixed with "EVIDENCE_FIELD_TYPE_" * * @generated from enum cyclonedx.v1_6.EvidenceFieldType */ export declare enum EvidenceFieldType { /** * buf:lint:ignore ENUM_ZERO_VALUE_SUFFIX -- `null` is our fallback, doubling `unspecified` * * @generated from enum value: EVIDENCE_FIELD_NULL = 0; */ EVIDENCE_FIELD_NULL = 0, /** * @generated from enum value: EVIDENCE_FIELD_GROUP = 1; */ EVIDENCE_FIELD_GROUP = 1, /** * @generated from enum value: EVIDENCE_FIELD_NAME = 2; */ EVIDENCE_FIELD_NAME = 2, /** * @generated from enum value: EVIDENCE_FIELD_VERSION = 3; */ EVIDENCE_FIELD_VERSION = 3, /** * @generated from enum value: EVIDENCE_FIELD_PURL = 4; */ EVIDENCE_FIELD_PURL = 4, /** * @generated from enum value: EVIDENCE_FIELD_CPE = 5; */ EVIDENCE_FIELD_CPE = 5, /** * @generated from enum value: EVIDENCE_FIELD_SWID = 6; */ EVIDENCE_FIELD_SWID = 6, /** * @generated from enum value: EVIDENCE_FIELD_HASH = 7; */ EVIDENCE_FIELD_HASH = 7, /** * @generated from enum value: EVIDENCE_FIELD_OMNIBOR_ID = 8; */ EVIDENCE_FIELD_OMNIBOR_ID = 8, /** * @generated from enum value: EVIDENCE_FIELD_SWHID = 9; */ EVIDENCE_FIELD_SWHID = 9 } /** * @generated from enum cyclonedx.v1_6.EvidenceTechnique */ export declare enum EvidenceTechnique { /** * buf:lint:ignore ENUM_ZERO_VALUE_SUFFIX -- value `0` is a fallback(meaning "unspecified") in protobuf3. this usage here is an error, it shall be fixed with v2.0 of this very schema * * @generated from enum value: EVIDENCE_TECHNIQUE_SOURCE_CODE_ANALYSIS = 0; */ SOURCE_CODE_ANALYSIS = 0, /** * @generated from enum value: EVIDENCE_TECHNIQUE_BINARY_ANALYSIS = 1; */ BINARY_ANALYSIS = 1, /** * @generated from enum value: EVIDENCE_TECHNIQUE_MANIFEST_ANALYSIS = 2; */ MANIFEST_ANALYSIS = 2, /** * @generated from enum value: EVIDENCE_TECHNIQUE_AST_FINGERPRINT = 3; */ AST_FINGERPRINT = 3, /** * @generated from enum value: EVIDENCE_TECHNIQUE_HASH_COMPARISON = 4; */ HASH_COMPARISON = 4, /** * @generated from enum value: EVIDENCE_TECHNIQUE_INSTRUMENTATION = 5; */ INSTRUMENTATION = 5, /** * @generated from enum value: EVIDENCE_TECHNIQUE_DYNAMIC_ANALYSIS = 6; */ DYNAMIC_ANALYSIS = 6, /** * @generated from enum value: EVIDENCE_TECHNIQUE_FILENAME = 7; */ FILENAME = 7, /** * @generated from enum value: EVIDENCE_TECHNIQUE_ATTESTATION = 8; */ ATTESTATION = 8, /** * @generated from enum value: EVIDENCE_TECHNIQUE_OTHER = 9; */ OTHER = 9 } /** * @generated from enum cyclonedx.v1_6.Severity */ export declare enum Severity { /** * buf:lint:ignore ENUM_ZERO_VALUE_SUFFIX -- `unknown` is our fallback, doubling `unspecified` * * @generated from enum value: SEVERITY_UNKNOWN = 0; */ UNKNOWN = 0, /** * @generated from enum value: SEVERITY_CRITICAL = 1; */ CRITICAL = 1, /** * @generated from enum value: SEVERITY_HIGH = 2; */ HIGH = 2, /** * @generated from enum value: SEVERITY_MEDIUM = 3; */ MEDIUM = 3, /** * @generated from enum value: SEVERITY_LOW = 4; */ LOW = 4, /** * @generated from enum value: SEVERITY_INFO = 5; */ INFO = 5, /** * @generated from enum value: SEVERITY_NONE = 6; */ NONE = 6 } /** * @generated from enum cyclonedx.v1_6.ScoreMethod */ export declare enum ScoreMethod { /** * An undefined score method * buf:lint:ignore ENUM_ZERO_VALUE_SUFFIX -- `null` is our fallback, doubling `unspecified` * * @generated from enum value: SCORE_METHOD_NULL = 0; */ NULL = 0, /** * Common Vulnerability Scoring System v2 - https://www.first.org/cvss/v2/ * * @generated from enum value: SCORE_METHOD_CVSSV2 = 1; */ CVSSV2 = 1, /** * Common Vulnerability Scoring System v3 - https://www.first.org/cvss/v3-0/ * * @generated from enum value: SCORE_METHOD_CVSSV3 = 2; */ CVSSV3 = 2, /** * Common Vulnerability Scoring System v3.1 - https://www.first.org/cvss/v3-1/ * * @generated from enum value: SCORE_METHOD_CVSSV31 = 3; */ CVSSV31 = 3, /** * OWASP Risk Rating Methodology - https://owasp.org/www-community/OWASP_Risk_Rating_Methodology * * @generated from enum value: SCORE_METHOD_OWASP = 4; */ OWASP = 4, /** * Other scoring method * * @generated from enum value: SCORE_METHOD_OTHER = 5; */ OTHER = 5, /** * Common Vulnerability Scoring System v4.0 - https://www.first.org/cvss/v4-0/ * * @generated from enum value: SCORE_METHOD_CVSSV4 = 6; */ CVSSV4 = 6, /** * Stakeholder Specific Vulnerability Categorization (all versions) - https://github.com/CERTCC/SSVC * * @generated from enum value: SCORE_METHOD_SSVC = 7; */ SSVC = 7 } /** * @generated from enum cyclonedx.v1_6.ImpactAnalysisState */ export declare enum ImpactAnalysisState { /** * An undefined impact analysis state * buf:lint:ignore ENUM_ZERO_VALUE_SUFFIX -- `null` is our fallback, doubling `unspecified` * * @generated from enum value: IMPACT_ANALYSIS_STATE_NULL = 0; */ NULL = 0, /** * The vulnerability has been remediated. * * @generated from enum value: IMPACT_ANALYSIS_STATE_RESOLVED = 1; */ RESOLVED = 1, /** * The vulnerability has been remediated, and evidence of the changes is provided in the affected components pedigree containing verifiable commit history and/or diff(s). * * @generated from enum value: IMPACT_ANALYSIS_STATE_RESOLVED_WITH_PEDIGREE = 2; */ RESOLVED_WITH_PEDIGREE = 2, /** * The vulnerability may be directly or indirectly exploitable. * * @generated from enum value: IMPACT_ANALYSIS_STATE_EXPLOITABLE = 3; */ EXPLOITABLE = 3, /** * The vulnerability is being investigated. * * @generated from enum value: IMPACT_ANALYSIS_STATE_IN_TRIAGE = 4; */ IN_TRIAGE = 4, /** * The vulnerability is not specific to the component or service and was falsely identified or associated. * * @generated from enum value: IMPACT_ANALYSIS_STATE_FALSE_POSITIVE = 5; */ FALSE_POSITIVE = 5, /** * The component or service is not affected by the vulnerability. Justification should be specified for all not_affected cases. * * @generated from enum value: IMPACT_ANALYSIS_STATE_NOT_AFFECTED = 6; */ NOT_AFFECTED = 6 } /** * @generated from enum cyclonedx.v1_6.ImpactAnalysisJustification */ export declare enum ImpactAnalysisJustification { /** * An undefined impact analysis justification * buf:lint:ignore ENUM_ZERO_VALUE_SUFFIX -- `null` is our fallback, doubling `unspecified` * * @generated from enum value: IMPACT_ANALYSIS_JUSTIFICATION_NULL = 0; */ NULL = 0, /** * The code has been removed or tree-shaked. * * @generated from enum value: IMPACT_ANALYSIS_JUSTIFICATION_CODE_NOT_PRESENT = 1; */ CODE_NOT_PRESENT = 1, /** * The vulnerable code is not invoked at runtime. * * @generated from enum value: IMPACT_ANALYSIS_JUSTIFICATION_CODE_NOT_REACHABLE = 2; */ CODE_NOT_REACHABLE = 2, /** * Exploitability requires a configurable option to be set/unset. * * @generated from enum value: IMPACT_ANALYSIS_JUSTIFICATION_REQUIRES_CONFIGURATION = 3; */ REQUIRES_CONFIGURATION = 3, /** * Exploitability requires a dependency that is not present. * * @generated from enum value: IMPACT_ANALYSIS_JUSTIFICATION_REQUIRES_DEPENDENCY = 4; */ REQUIRES_DEPENDENCY = 4, /** * Exploitability requires a certain environment which is not present. * * @generated from enum value: IMPACT_ANALYSIS_JUSTIFICATION_REQUIRES_ENVIRONMENT = 5; */ REQUIRES_ENVIRONMENT = 5, /** * Exploitability requires a compiler flag to be set/unset. * * @generated from enum value: IMPACT_ANALYSIS_JUSTIFICATION_PROTECTED_BY_COMPILER = 6; */ PROTECTED_BY_COMPILER = 6, /** * Exploits are prevented at runtime. * * @generated from enum value: IMPACT_ANALYSIS_JUSTIFICATION_PROTECTED_AT_RUNTIME = 7; */ PROTECTED_AT_RUNTIME = 7, /** * Attacks are blocked at physical, logical, or network perimeter. * * @generated from enum value: IMPACT_ANALYSIS_JUSTIFICATION_PROTECTED_AT_PERIMETER = 8; */ PROTECTED_AT_PERIMETER = 8, /** * Preventative measures have been implemented that reduce the likelihood and/or impact of the vulnerability. * * @generated from enum value: IMPACT_ANALYSIS_JUSTIFICATION_PROTECTED_BY_MITIGATING_CONTROL = 9; */ PROTECTED_BY_MITIGATING_CONTROL = 9 } /** * @generated from enum cyclonedx.v1_6.VulnerabilityResponse */ export declare enum VulnerabilityResponse { /** * unspecified value * buf:lint:ignore ENUM_ZERO_VALUE_SUFFIX -- `null` is our fallback, doubling `unspecified` * * @generated from enum value: VULNERABILITY_RESPONSE_NULL = 0; */ NULL = 0, /** * @generated from enum value: VULNERABILITY_RESPONSE_CAN_NOT_FIX = 1; */ CAN_NOT_FIX = 1, /** * @generated from enum value: VULNERABILITY_RESPONSE_WILL_NOT_FIX = 2; */ WILL_NOT_FIX = 2, /** * @generated from enum value: VULNERABILITY_RESPONSE_UPDATE = 3; */ UPDATE = 3, /** * @generated from enum value: VULNERABILITY_RESPONSE_ROLLBACK = 4; */ ROLLBACK = 4, /** * @generated from enum value: VULNERABILITY_RESPONSE_WORKAROUND_AVAILABLE = 5; */ WORKAROUND_AVAILABLE = 5 } /** * The vulnerability status of a given version or range of versions of a product. The statuses 'affected' and 'unaffected' indicate that the version is affected or unaffected by the vulnerability. The status 'unknown' indicates that it is unknown or unspecified whether the given version is affected. There can be many reasons for an 'unknown' status, including that an investigation has not been undertaken or that a vendor has not disclosed the status. * * @generated from enum cyclonedx.v1_6.VulnerabilityAffectedStatus */ export declare enum VulnerabilityAffectedStatus { /** * It is unknown (or unspecified) whether the given version is affected. * buf:lint:ignore ENUM_ZERO_VALUE_SUFFIX -- `unknown` is our fallback, doubling `unspecified` * * @generated from enum value: VULNERABILITY_AFFECTED_STATUS_UNKNOWN = 0; */ UNKNOWN = 0, /** * @generated from enum value: VULNERABILITY_AFFECTED_STATUS_AFFECTED = 1; */ AFFECTED = 1, /** * @generated from enum value: VULNERABILITY_AFFECTED_STATUS_NOT_AFFECTED = 2; */ NOT_AFFECTED = 2 } /** * @generated from enum cyclonedx.v1_6.ModelParameterApproachType */ export declare enum ModelParameterApproachType { /** * buf:lint:ignore ENUM_ZERO_VALUE_SUFFIX -- value `0` is a fallback(meaning "unspecified") in protobuf3. this usage here is an error, it shall be fixed with v2.0 of this very schema * Supervised machine learning involves training an algorithm on labeled data to predict or classify new data based on the patterns learned from the labeled examples. * * @generated from enum value: MODEL_PARAMETER_APPROACH_TYPE_SUPERVISED = 0; */ SUPERVISED = 0, /** * Unsupervised machine learning involves training algorithms on unlabeled data to discover patterns, structures, or relationships without explicit guidance, allowing the model to identify inherent structures or clusters within the data. * * @generated from enum value: MODEL_PARAMETER_APPROACH_TYPE_UNSUPERVISED = 1; */ UNSUPERVISED = 1, /** * Reinforcement learning is a type of machine learning where an agent learns to make decisions by interacting with an environment to maximize cumulative rewards, through trial and error. * * @generated from enum value: MODEL_PARAMETER_APPROACH_TYPE_REINFORCED_LEARNING = 2; */ REINFORCED_LEARNING = 2, /** * Semi-supervised machine learning utilizes a combination of labeled and unlabeled data during training to improve model performance, leveraging the benefits of both supervised and unsupervised learning techniques. * * @generated from enum value: MODEL_PARAMETER_APPROACH_TYPE_SEMI_SUPERVISED = 3; */ SEMI_SUPERVISED = 3, /** * Self-supervised machine learning involves training models to predict parts of the input data from other parts of the same data, without requiring external labels, enabling learning from large amounts of unlabeled data. * * @generated from enum value: MODEL_PARAMETER_APPROACH_TYPE_SELF_SUPERVISED = 4; */ SELF_SUPERVISED = 4 } /** * @generated from enum cyclonedx.v1_6.ComponentDataType */ export declare enum ComponentDataType { /** * Any type of code, code snippet, or data-as-code * buf:lint:ignore ENUM_ZERO_VALUE_SUFFIX -- value `0` is a fallback(meaning "unspecified") in protobuf3. this usage here is an error, it shall be fixed with v2.0 of this very schema * * @generated from enum value: COMPONENT_DATA_TYPE_SOURCE_CODE = 0; */ SOURCE_CODE = 0, /** * Parameters or settings that may be used by other components. * * @generated from enum value: COMPONENT_DATA_TYPE_CONFIGURATION = 1; */ CONFIGURATION = 1, /** * A collection of data. * * @generated from enum value: COMPONENT_DATA_TYPE_DATASET = 2; */ DATASET = 2, /** * Data that can be used to create new instances of what the definition defines. * * @generated from enum value: COMPONENT_DATA_TYPE_DEFINITION = 3; */ DEFINITION = 3, /** * Any other type of data that does not fit into existing definitions. * * @generated from enum value: COMPONENT_DATA_TYPE_OTHER = 4; */ OTHER = 4 } /** * @generated from enum cyclonedx.v1_6.TaskType */ export declare enum TaskType { /** * A task that copies software or data used to accomplish other tasks in the workflow. * buf:lint:ignore ENUM_ZERO_VALUE_SUFFIX -- value `0` is a fallback(meaning "unspecified") in protobuf3. this usage here is an error; it shall be fixed with v2.0 of this very schema * * @generated from enum value: TASK_TYPE_COPY = 0; */ COPY = 0, /** * A task that clones a software repository into the workflow in order to retrieve its source code or data for use in a build step. * * @generated from enum value: TASK_TYPE_CLONE = 1; */ CLONE = 1, /** * A task that checks source code for programmatic and stylistic errors. * * @generated from enum value: TASK_TYPE_LINT = 2; */ LINT = 2, /** * A task that performs a scan against source code, or built or deployed components and services. Scans are typically run to gather or test for security vulnerabilities or policy compliance. * * @generated from enum value: TASK_TYPE_SCAN = 3; */ SCAN = 3, /** * A task that merges changes or fixes into source code prior to a build step in the workflow. * * @generated from enum value: TASK_TYPE_MERGE = 4; */ MERGE = 4, /** * A task that builds the source code, dependencies and/or data into an artifact that can be deployed to and executed on target systems. * * @generated from enum value: TASK_TYPE_BUILD = 5; */ BUILD = 5, /** * A task that verifies the functionality of a component or service. * * @generated from enum value: TASK_TYPE_TEST = 6; */ TEST = 6, /** * A task that delivers a built artifact to one or more target repositories or storage systems. * * @generated from enum value: TASK_TYPE_DELIVER = 7; */ DELIVER = 7, /** * A task that deploys a built artifact for execution on one or more target systems. * * @generated from enum value: TASK_TYPE_DEPLOY = 8; */ DEPLOY = 8, /** * A task that releases a built, versioned artifact to a target repository or distribution system. * * @generated from enum value: TASK_TYPE_RELEASE = 9; */ RELEASE = 9, /** * A task that cleans unnecessary tools, build artifacts and/or data from workflow storage. * * @generated from enum value: TASK_TYPE_CLEAN = 10; */ CLEAN = 10, /** * A workflow task that does not match current task type definitions. * * @generated from enum value: TASK_TYPE_OTHER = 11; */ OTHER = 11 } /** * Specifies attributes of the text * * @generated from message cyclonedx.v1_6.AttachedText */ export declare class AttachedText extends Message<AttachedText> { /** * Specifies the content type of the text. Defaults to 'text/plain' if not specified. * * @generated from field: optional string content_type = 1; */ contentType?: string; /** * Specifies the optional encoding the text is represented in * * @generated from field: optional string encoding = 2; */ encoding?: string; /** * SimpleContent value of element. Proactive controls such as input validation and sanitization should be employed to prevent misuse of attachment text. * * @generated from field: string value = 3; */ value: string; constructor(data?: Par