@appthreat/cdx-proto
Version:
Library to serialize/deserialize CycloneDX BOM with protocol buffers
1,394 lines • 167 kB
TypeScript
import type { GenEnum, GenFile, GenMessage } from "@bufbuild/protobuf/codegenv2";
import type { Timestamp } from "@bufbuild/protobuf/wkt";
import type { Message } from "@bufbuild/protobuf";
/**
* Describes the file bom-1.5.proto.
*/
export declare const file_bom_1_5: GenFile;
/**
* Specifies attributes of the text
*
* @generated from message cyclonedx.v1_5.AttachedText
*/
export type AttachedText = Message<"cyclonedx.v1_5.AttachedText"> & {
/**
* Specifies the content type of the text. Defaults to 'text/plain' if not specified.
*
* @generated from field: optional string content_type = 1;
*/
contentType?: string | undefined;
/**
* Specifies the optional encoding the text is represented in
*
* @generated from field: optional string encoding = 2;
*/
encoding?: string | undefined;
/**
* SimpleContent value of element. Proactive controls such as input validation and sanitization should be employed to prevent misuse of attachment text.
*
* @generated from field: string value = 3;
*/
value: string;
};
/**
* Describes the message cyclonedx.v1_5.AttachedText.
* Use `create(AttachedTextSchema)` to create a new message.
*/
export declare const AttachedTextSchema: GenMessage<AttachedText>;
/**
* @generated from message cyclonedx.v1_5.Bom
*/
export type Bom = Message<"cyclonedx.v1_5.Bom"> & {
/**
* The version of the CycloneDX specification a BOM is written to (starting at version 1.3)
*
* @generated from field: string spec_version = 1;
*/
specVersion: string;
/**
* The version allows component publishers/authors to make changes to existing BOMs to update various aspects of the document such as description or licenses. When a system is presented with multiple BOMs for the same component, the system should use the most recent version of the BOM. The default version is '1' and should be incremented for each version of the BOM that is published. Each version of a component should have a unique BOM and if no changes are made to the BOMs, then each BOM will have a version of '1'.
*
* @generated from field: optional int32 version = 2;
*/
version?: number | undefined;
/**
* Every BOM generated should have a unique serial number, even if the contents of the BOM being generated have not changed over time. The process or tool responsible for creating the BOM should create random UUID's for every BOM generated.
*
* @generated from field: optional string serial_number = 3;
*/
serialNumber?: string | undefined;
/**
* Provides additional information about a BOM.
*
* @generated from field: optional cyclonedx.v1_5.Metadata metadata = 4;
*/
metadata?: Metadata | undefined;
/**
* Provides the ability to document a list of components.
*
* @generated from field: repeated cyclonedx.v1_5.Component components = 5;
*/
components: Component[];
/**
* Provides the ability to document a list of external services.
*
* @generated from field: repeated cyclonedx.v1_5.Service services = 6;
*/
services: Service[];
/**
* Provides the ability to document external references related to the BOM or to the project the BOM describes.
*
* @generated from field: repeated cyclonedx.v1_5.ExternalReference external_references = 7;
*/
externalReferences: ExternalReference[];
/**
* Provides the ability to document dependency relationships.
*
* @generated from field: repeated cyclonedx.v1_5.Dependency dependencies = 8;
*/
dependencies: Dependency[];
/**
* Compositions describe constituent parts (including components, services, and dependency relationships) and their completeness. The completeness of vulnerabilities expressed in a BOM may also be described.
*
* @generated from field: repeated cyclonedx.v1_5.Composition compositions = 9;
*/
compositions: Composition[];
/**
* Vulnerabilities identified in components or services.
*
* @generated from field: repeated cyclonedx.v1_5.Vulnerability vulnerabilities = 10;
*/
vulnerabilities: Vulnerability[];
/**
* Comments made by people, organizations, or tools about any object with a bom-ref, such as components, services, vulnerabilities, or the BOM itself. Unlike inventory information, annotations may contain opinion or commentary from various stakeholders.
*
* @generated from field: repeated cyclonedx.v1_5.Annotation annotations = 11;
*/
annotations: Annotation[];
/**
* Specifies optional, custom, properties
*
* @generated from field: repeated cyclonedx.v1_5.Property properties = 12;
*/
properties: Property[];
/**
* Describes how a component or service was manufactured or deployed. This is achieved through the use of formulas, workflows, tasks, and steps, which declare the precise steps to reproduce along with the observed formulas describing the steps which transpired in the manufacturing process.
*
* @generated from field: repeated cyclonedx.v1_5.Formula formulation = 13;
*/
formulation: Formula[];
};
/**
* Describes the message cyclonedx.v1_5.Bom.
* Use `create(BomSchema)` to create a new message.
*/
export declare const BomSchema: GenMessage<Bom>;
/**
* @generated from message cyclonedx.v1_5.Commit
*/
export type Commit = Message<"cyclonedx.v1_5.Commit"> & {
/**
* A unique identifier of the commit. This may be version control specific. For example, Subversion uses revision numbers whereas git uses commit hashes.
*
* @generated from field: optional string uid = 1;
*/
uid?: string | undefined;
/**
* The URL to the commit. This URL will typically point to a commit in a version control system.
*
* @generated from field: optional string url = 2;
*/
url?: string | undefined;
/**
* The author who created the changes in the commit
*
* @generated from field: optional cyclonedx.v1_5.IdentifiableAction author = 3;
*/
author?: IdentifiableAction | undefined;
/**
* The person who committed or pushed the commit
*
* @generated from field: optional cyclonedx.v1_5.IdentifiableAction committer = 4;
*/
committer?: IdentifiableAction | undefined;
/**
* The text description of the contents of the commit
*
* @generated from field: optional string message = 5;
*/
message?: string | undefined;
};
/**
* Describes the message cyclonedx.v1_5.Commit.
* Use `create(CommitSchema)` to create a new message.
*/
export declare const CommitSchema: GenMessage<Commit>;
/**
* @generated from message cyclonedx.v1_5.Component
*/
export type Component = Message<"cyclonedx.v1_5.Component"> & {
/**
* Specifies the type of component. For software components, classify as application if no more specific appropriate classification is available or cannot be determined for the component.
*
* @generated from field: cyclonedx.v1_5.Classification type = 1;
*/
type: Classification;
/**
* The optional mime-type of the component. When used on file components, the mime-type can provide additional context about the kind of file being represented such as an image, font, or executable. Some library or framework components may also have an associated mime-type.
*
* @generated from field: optional string mime_type = 2;
*/
mimeType?: string | undefined;
/**
* An optional identifier which can be used to reference the component elsewhere in the BOM. Uniqueness is enforced within all elements and children of the root-level bom element.
*
* @generated from field: optional string bom_ref = 3;
*/
bomRef?: string | undefined;
/**
* The organization that supplied the component. The supplier may often be the manufacture, but may also be a distributor or repackager.
*
* @generated from field: optional cyclonedx.v1_5.OrganizationalEntity supplier = 4;
*/
supplier?: OrganizationalEntity | undefined;
/**
* The person(s) or organization(s) that authored the component
*
* @generated from field: optional string author = 5;
*/
author?: string | undefined;
/**
* The person(s) or organization(s) that published the component
*
* @generated from field: optional string publisher = 6;
*/
publisher?: string | undefined;
/**
* The grouping name or identifier. This will often be a shortened, single name of the company or project that produced the component, or the source package or domain name. Whitespace and special characters should be avoided. Examples include: apache, org.apache.commons, and apache.org.
*
* @generated from field: optional string group = 7;
*/
group?: string | undefined;
/**
* The name of the component. This will often be a shortened, single name of the component. Examples: commons-lang3 and jquery
*
* @generated from field: string name = 8;
*/
name: string;
/**
* The component version. The version should ideally comply with semantic versioning but is not enforced. Version was made optional in v1.4 of the spec. For backward compatibility, it is RECOMMENDED to use an empty string to represent components without version information.
*
* @generated from field: string version = 9;
*/
version: string;
/**
* Specifies a description for the component
*
* @generated from field: optional string description = 10;
*/
description?: string | undefined;
/**
* Specifies the scope of the component. If scope is not specified, SCOPE_REQUIRED scope should be assumed by the consumer of the BOM
*
* @generated from field: optional cyclonedx.v1_5.Scope scope = 11;
*/
scope?: Scope | undefined;
/**
* @generated from field: repeated cyclonedx.v1_5.Hash hashes = 12;
*/
hashes: Hash[];
/**
* @generated from field: repeated cyclonedx.v1_5.LicenseChoice licenses = 13;
*/
licenses: LicenseChoice[];
/**
* An optional copyright notice informing users of the underlying claims to copyright ownership in a published work.
*
* @generated from field: optional string copyright = 14;
*/
copyright?: string | undefined;
/**
* DEPRECATED - DO NOT USE. This will be removed in a future version. Specifies a well-formed CPE name. See https://nvd.nist.gov/products/cpe
*
* @generated from field: optional string cpe = 15;
*/
cpe?: string | undefined;
/**
* Specifies the package-url (PURL). The purl, if specified, must be valid and conform to the specification defined at: https://github.com/package-url/purl-spec
*
* @generated from field: optional string purl = 16;
*/
purl?: string | undefined;
/**
* Specifies metadata and content for ISO-IEC 19770-2 Software Identification (SWID) Tags.
*
* @generated from field: optional cyclonedx.v1_5.Swid swid = 17;
*/
swid?: Swid | undefined;
/**
* DEPRECATED - DO NOT USE. This will be removed in a future version. Use the pedigree element instead to supply information on exactly how the component was modified. A boolean value indicating is the component has been modified from the original. A value of true indicates the component is a derivative of the original. A value of false indicates the component has not been modified from the original.
*
* @generated from field: optional bool modified = 18;
*/
modified?: boolean | undefined;
/**
* Component pedigree is a way to document complex supply chain scenarios where components are created, distributed, modified, redistributed, combined with other components, etc.
*
* @generated from field: optional cyclonedx.v1_5.Pedigree pedigree = 19;
*/
pedigree?: Pedigree | undefined;
/**
* Provides the ability to document external references related to the component or to the project the component describes.
*
* @generated from field: repeated cyclonedx.v1_5.ExternalReference external_references = 20;
*/
externalReferences: ExternalReference[];
/**
* Specifies optional sub-components. This is not a dependency tree. It provides a way to specify a hierarchical representation of component assemblies, similar to system -> subsystem -> parts assembly in physical supply chains.
*
* @generated from field: repeated cyclonedx.v1_5.Component components = 21;
*/
components: Component[];
/**
* Specifies optional, custom, properties
*
* @generated from field: repeated cyclonedx.v1_5.Property properties = 22;
*/
properties: Property[];
/**
* Specifies optional license and copyright evidence
*
* @generated from field: optional cyclonedx.v1_5.Evidence evidence = 23;
*/
evidence?: Evidence | undefined;
/**
* Specifies optional release notes.
*
* @generated from field: optional cyclonedx.v1_5.ReleaseNotes releaseNotes = 24;
*/
releaseNotes?: ReleaseNotes | undefined;
/**
* A model card describes the intended uses of a machine learning model, potential limitations, biases, ethical considerations, training parameters, datasets used to train the model, performance metrics, and other relevant data useful for ML transparency.
*
* @generated from field: optional cyclonedx.v1_5.ModelCard modelCard = 25;
*/
modelCard?: ModelCard | undefined;
/**
* This object SHOULD be specified for any component of type `data` and MUST NOT be specified for other component types.
*
* @generated from field: optional cyclonedx.v1_5.ComponentData data = 26;
*/
data?: ComponentData | undefined;
};
/**
* Describes the message cyclonedx.v1_5.Component.
* Use `create(ComponentSchema)` to create a new message.
*/
export declare const ComponentSchema: GenMessage<Component>;
/**
* Specifies the data flow.
*
* @generated from message cyclonedx.v1_5.DataFlow
*/
export type DataFlow = Message<"cyclonedx.v1_5.DataFlow"> & {
/**
* Specifies the flow direction of the data.
*
* @generated from field: cyclonedx.v1_5.DataFlowDirection flow = 1;
*/
flow: DataFlowDirection;
/**
* Data classification tags data according to its type, sensitivity, and value if altered, stolen, or destroyed.
*
* @generated from field: string value = 2;
*/
value: string;
/**
* Name for the defined data
*
* @generated from field: optional string name = 3;
*/
name?: string | undefined;
/**
* Short description of the data content and usage
*
* @generated from field: optional string description = 4;
*/
description?: string | undefined;
/**
* The URI, URL, or BOM-Link of the components or services the data came in from
*
* @generated from field: repeated string source = 5;
*/
source: string[];
/**
* The URI, URL, or BOM-Link of the components or services the data is sent to
*
* @generated from field: repeated string destination = 6;
*/
destination: string[];
/**
* Data Governance
*
* @generated from field: optional cyclonedx.v1_5.DataGovernance governance = 7;
*/
governance?: DataGovernance | undefined;
};
/**
* Describes the message cyclonedx.v1_5.DataFlow.
* Use `create(DataFlowSchema)` to create a new message.
*/
export declare const DataFlowSchema: GenMessage<DataFlow>;
/**
* @generated from message cyclonedx.v1_5.Dependency
*/
export type Dependency = Message<"cyclonedx.v1_5.Dependency"> & {
/**
* References a component or service by the its bom-ref attribute
*
* @generated from field: string ref = 1;
*/
ref: string;
/**
* @generated from field: repeated cyclonedx.v1_5.Dependency dependencies = 2;
*/
dependencies: Dependency[];
};
/**
* Describes the message cyclonedx.v1_5.Dependency.
* Use `create(DependencySchema)` to create a new message.
*/
export declare const DependencySchema: GenMessage<Dependency>;
/**
* @generated from message cyclonedx.v1_5.Diff
*/
export type Diff = Message<"cyclonedx.v1_5.Diff"> & {
/**
* Specifies the optional text of the diff
*
* @generated from field: optional cyclonedx.v1_5.AttachedText text = 1;
*/
text?: AttachedText | undefined;
/**
* Specifies the URL to the diff
*
* @generated from field: optional string url = 2;
*/
url?: string | undefined;
};
/**
* Describes the message cyclonedx.v1_5.Diff.
* Use `create(DiffSchema)` to create a new message.
*/
export declare const DiffSchema: GenMessage<Diff>;
/**
* @generated from message cyclonedx.v1_5.ExternalReference
*/
export type ExternalReference = Message<"cyclonedx.v1_5.ExternalReference"> & {
/**
* Specifies the type of external reference. There are built-in types to describe common references. If a type does not exist for the reference being referred to, use the "other" type.
*
* @generated from field: cyclonedx.v1_5.ExternalReferenceType type = 1;
*/
type: ExternalReferenceType;
/**
* The URL to the external reference
*
* @generated from field: string url = 2;
*/
url: string;
/**
* An optional comment describing the external reference
*
* @generated from field: optional string comment = 3;
*/
comment?: string | undefined;
/**
* Optional integrity hashes for the external resource content
*
* @generated from field: repeated cyclonedx.v1_5.Hash hashes = 4;
*/
hashes: Hash[];
};
/**
* Describes the message cyclonedx.v1_5.ExternalReference.
* Use `create(ExternalReferenceSchema)` to create a new message.
*/
export declare const ExternalReferenceSchema: GenMessage<ExternalReference>;
/**
* Specifies the file hash of the component
*
* @generated from message cyclonedx.v1_5.Hash
*/
export type Hash = Message<"cyclonedx.v1_5.Hash"> & {
/**
* Specifies the algorithm used to create the hash
*
* @generated from field: cyclonedx.v1_5.HashAlg alg = 1;
*/
alg: HashAlg;
/**
* SimpleContent value of element
*
* @generated from field: string value = 2;
*/
value: string;
};
/**
* Describes the message cyclonedx.v1_5.Hash.
* Use `create(HashSchema)` to create a new message.
*/
export declare const HashSchema: GenMessage<Hash>;
/**
* @generated from message cyclonedx.v1_5.IdentifiableAction
*/
export type IdentifiableAction = Message<"cyclonedx.v1_5.IdentifiableAction"> & {
/**
* The timestamp in which the action occurred
*
* @generated from field: optional google.protobuf.Timestamp timestamp = 1;
*/
timestamp?: Timestamp | undefined;
/**
* The name of the individual who performed the action
*
* @generated from field: optional string name = 2;
*/
name?: string | undefined;
/**
* The email address of the individual who performed the action
*
* @generated from field: optional string email = 3;
*/
email?: string | undefined;
};
/**
* Describes the message cyclonedx.v1_5.IdentifiableAction.
* Use `create(IdentifiableActionSchema)` to create a new message.
*/
export declare const IdentifiableActionSchema: GenMessage<IdentifiableAction>;
/**
* @generated from message cyclonedx.v1_5.Issue
*/
export type Issue = Message<"cyclonedx.v1_5.Issue"> & {
/**
* Specifies the type of issue
*
* @generated from field: cyclonedx.v1_5.IssueClassification type = 1;
*/
type: IssueClassification;
/**
* The identifier of the issue assigned by the source of the issue
*
* @generated from field: optional string id = 2;
*/
id?: string | undefined;
/**
* The name of the issue
*
* @generated from field: optional string name = 3;
*/
name?: string | undefined;
/**
* A description of the issue
*
* @generated from field: optional string description = 4;
*/
description?: string | undefined;
/**
* @generated from field: optional cyclonedx.v1_5.Source source = 5;
*/
source?: Source | undefined;
/**
* @generated from field: repeated string references = 6;
*/
references: string[];
};
/**
* Describes the message cyclonedx.v1_5.Issue.
* Use `create(IssueSchema)` to create a new message.
*/
export declare const IssueSchema: GenMessage<Issue>;
/**
* The source of the issue where it is documented.
*
* @generated from message cyclonedx.v1_5.Source
*/
export type Source = Message<"cyclonedx.v1_5.Source"> & {
/**
* The name of the source. For example "National Vulnerability Database", "NVD", and "Apache"
*
* @generated from field: optional string name = 1;
*/
name?: string | undefined;
/**
* The url of the issue documentation as provided by the source
*
* @generated from field: optional string url = 2;
*/
url?: string | undefined;
};
/**
* Describes the message cyclonedx.v1_5.Source.
* Use `create(SourceSchema)` to create a new message.
*/
export declare const SourceSchema: GenMessage<Source>;
/**
* @generated from message cyclonedx.v1_5.LicenseChoice
*/
export type LicenseChoice = Message<"cyclonedx.v1_5.LicenseChoice"> & {
/**
* @generated from oneof cyclonedx.v1_5.LicenseChoice.choice
*/
choice: {
/**
* @generated from field: cyclonedx.v1_5.License license = 1;
*/
value: License;
case: "license";
} | {
/**
* @generated from field: string expression = 2;
*/
value: string;
case: "expression";
} | {
case: undefined;
value?: undefined;
};
};
/**
* Describes the message cyclonedx.v1_5.LicenseChoice.
* Use `create(LicenseChoiceSchema)` to create a new message.
*/
export declare const LicenseChoiceSchema: GenMessage<LicenseChoice>;
/**
* @generated from message cyclonedx.v1_5.License
*/
export type License = Message<"cyclonedx.v1_5.License"> & {
/**
* @generated from oneof cyclonedx.v1_5.License.license
*/
license: {
/**
* A valid SPDX license ID
*
* @generated from field: string id = 1;
*/
value: string;
case: "id";
} | {
/**
* If SPDX does not define the license used, this field may be used to provide the license name
*
* @generated from field: string name = 2;
*/
value: string;
case: "name";
} | {
case: undefined;
value?: undefined;
};
/**
* Specifies the optional full text of the attachment
*
* @generated from field: optional cyclonedx.v1_5.AttachedText text = 3;
*/
text?: AttachedText | undefined;
/**
* The URL to the attachment file. If the attachment is a license or BOM, an externalReference should also be specified for completeness.
*
* @generated from field: optional string url = 4;
*/
url?: string | undefined;
/**
* An optional identifier which can be used to reference the license elsewhere in the BOM. Uniqueness is enforced within all elements and children of the root-level bom element.
*
* @generated from field: optional string bom_ref = 5;
*/
bomRef?: string | undefined;
/**
* Licensing details describing the licensor/licensee, license type, renewal and expiration dates, and other important metadata
*
* @generated from field: optional cyclonedx.v1_5.Licensing licensing = 6;
*/
licensing?: Licensing | undefined;
/**
* Specifies optional, custom, properties
*
* @generated from field: repeated cyclonedx.v1_5.Property properties = 7;
*/
properties: Property[];
};
/**
* Describes the message cyclonedx.v1_5.License.
* Use `create(LicenseSchema)` to create a new message.
*/
export declare const LicenseSchema: GenMessage<License>;
/**
* @generated from message cyclonedx.v1_5.Licensing
*/
export type Licensing = Message<"cyclonedx.v1_5.Licensing"> & {
/**
* License identifiers that may be used to manage licenses and their lifecycle
*
* @generated from field: repeated string altIds = 1;
*/
altIds: string[];
/**
* The individual or organization that grants a license to another individual or organization
*
* @generated from field: optional cyclonedx.v1_5.OrganizationalEntityOrContact licensor = 2;
*/
licensor?: OrganizationalEntityOrContact | undefined;
/**
* The individual or organization for which a license was granted to
*
* @generated from field: optional cyclonedx.v1_5.OrganizationalEntityOrContact licensee = 3;
*/
licensee?: OrganizationalEntityOrContact | undefined;
/**
* The individual or organization that purchased the license
*
* @generated from field: optional cyclonedx.v1_5.OrganizationalEntityOrContact purchaser = 4;
*/
purchaser?: OrganizationalEntityOrContact | undefined;
/**
* The purchase order identifier the purchaser sent to a supplier or vendor to authorize a purchase
*
* @generated from field: optional string purchaseOrder = 5;
*/
purchaseOrder?: string | undefined;
/**
* The type of license(s) that was granted to the licensee
*
* @generated from field: repeated cyclonedx.v1_5.LicensingTypeEnum licenseTypes = 6;
*/
licenseTypes: LicensingTypeEnum[];
/**
* The timestamp indicating when the license was last renewed. For new purchases, this is often the purchase or acquisition date. For non-perpetual licenses or subscriptions, this is the timestamp of when the license was last renewed.
*
* @generated from field: optional google.protobuf.Timestamp lastRenewal = 7;
*/
lastRenewal?: Timestamp | undefined;
/**
* The timestamp indicating when the current license expires (if applicable).
*
* @generated from field: optional google.protobuf.Timestamp expiration = 8;
*/
expiration?: Timestamp | undefined;
};
/**
* Describes the message cyclonedx.v1_5.Licensing.
* Use `create(LicensingSchema)` to create a new message.
*/
export declare const LicensingSchema: GenMessage<Licensing>;
/**
* @generated from message cyclonedx.v1_5.OrganizationalEntityOrContact
*/
export type OrganizationalEntityOrContact = Message<"cyclonedx.v1_5.OrganizationalEntityOrContact"> & {
/**
* @generated from oneof cyclonedx.v1_5.OrganizationalEntityOrContact.choice
*/
choice: {
/**
* @generated from field: cyclonedx.v1_5.OrganizationalEntity organization = 1;
*/
value: OrganizationalEntity;
case: "organization";
} | {
/**
* @generated from field: cyclonedx.v1_5.OrganizationalContact individual = 2;
*/
value: OrganizationalContact;
case: "individual";
} | {
case: undefined;
value?: undefined;
};
};
/**
* Describes the message cyclonedx.v1_5.OrganizationalEntityOrContact.
* Use `create(OrganizationalEntityOrContactSchema)` to create a new message.
*/
export declare const OrganizationalEntityOrContactSchema: GenMessage<OrganizationalEntityOrContact>;
/**
* @generated from message cyclonedx.v1_5.Metadata
*/
export type Metadata = Message<"cyclonedx.v1_5.Metadata"> & {
/**
* The date and time (timestamp) when the document was created.
*
* @generated from field: optional google.protobuf.Timestamp timestamp = 1;
*/
timestamp?: Timestamp | undefined;
/**
* The tool(s) used in the creation of the BOM.
*
* @generated from field: optional cyclonedx.v1_5.Tool tools = 2;
*/
tools?: Tool | undefined;
/**
* The person(s) who created the BOM. Authors are common in BOMs created through manual processes. BOMs created through automated means may not have authors.
*
* @generated from field: repeated cyclonedx.v1_5.OrganizationalContact authors = 3;
*/
authors: OrganizationalContact[];
/**
* The component that the BOM describes.
*
* @generated from field: optional cyclonedx.v1_5.Component component = 4;
*/
component?: Component | undefined;
/**
* The organization that manufactured the component that the BOM describes.
*
* @generated from field: optional cyclonedx.v1_5.OrganizationalEntity manufacture = 5;
*/
manufacture?: OrganizationalEntity | undefined;
/**
* The organization that supplied the component that the BOM describes. The supplier may often be the manufacture, but may also be a distributor or repackager.
*
* @generated from field: optional cyclonedx.v1_5.OrganizationalEntity supplier = 6;
*/
supplier?: OrganizationalEntity | undefined;
/**
* The license information for the BOM document
*
* @generated from field: optional cyclonedx.v1_5.LicenseChoice licenses = 7;
*/
licenses?: LicenseChoice | undefined;
/**
* Specifies optional, custom, properties
*
* @generated from field: repeated cyclonedx.v1_5.Property properties = 8;
*/
properties: Property[];
/**
* The product lifecycle(s) that this BOM represents.
*
* @generated from field: repeated cyclonedx.v1_5.Lifecycles lifecycles = 9;
*/
lifecycles: Lifecycles[];
};
/**
* Describes the message cyclonedx.v1_5.Metadata.
* Use `create(MetadataSchema)` to create a new message.
*/
export declare const MetadataSchema: GenMessage<Metadata>;
/**
* @generated from message cyclonedx.v1_5.Lifecycles
*/
export type Lifecycles = Message<"cyclonedx.v1_5.Lifecycles"> & {
/**
* @generated from oneof cyclonedx.v1_5.Lifecycles.choice
*/
choice: {
/**
* A pre-defined phase in the product lifecycle.
*
* @generated from field: cyclonedx.v1_5.LifecyclePhase phase = 1;
*/
value: LifecyclePhase;
case: "phase";
} | {
/**
* The name of the lifecycle phase
*
* @generated from field: string name = 2;
*/
value: string;
case: "name";
} | {
case: undefined;
value?: undefined;
};
/**
* The description of the lifecycle phase
*
* @generated from field: optional string description = 3;
*/
description?: string | undefined;
};
/**
* Describes the message cyclonedx.v1_5.Lifecycles.
* Use `create(LifecyclesSchema)` to create a new message.
*/
export declare const LifecyclesSchema: GenMessage<Lifecycles>;
/**
* @generated from message cyclonedx.v1_5.OrganizationalContact
*/
export type OrganizationalContact = Message<"cyclonedx.v1_5.OrganizationalContact"> & {
/**
* The name of the contact
*
* @generated from field: optional string name = 1;
*/
name?: string | undefined;
/**
* The email address of the contact.
*
* @generated from field: optional string email = 2;
*/
email?: string | undefined;
/**
* The phone number of the contact.
*
* @generated from field: optional string phone = 3;
*/
phone?: string | undefined;
/**
* An optional identifier which can be used to reference the object elsewhere in the BOM. Uniqueness is enforced within all elements and children of the root-level bom element.
*
* @generated from field: optional string bom_ref = 4;
*/
bomRef?: string | undefined;
};
/**
* Describes the message cyclonedx.v1_5.OrganizationalContact.
* Use `create(OrganizationalContactSchema)` to create a new message.
*/
export declare const OrganizationalContactSchema: GenMessage<OrganizationalContact>;
/**
* @generated from message cyclonedx.v1_5.OrganizationalEntity
*/
export type OrganizationalEntity = Message<"cyclonedx.v1_5.OrganizationalEntity"> & {
/**
* The name of the organization
*
* @generated from field: optional string name = 1;
*/
name?: string | undefined;
/**
* The URL of the organization. Multiple URLs are allowed.
*
* @generated from field: repeated string url = 2;
*/
url: string[];
/**
* A contact person at the organization. Multiple contacts are allowed.
*
* @generated from field: repeated cyclonedx.v1_5.OrganizationalContact contact = 3;
*/
contact: OrganizationalContact[];
/**
* An optional identifier which can be used to reference the object elsewhere in the BOM. Uniqueness is enforced within all elements and children of the root-level bom element.
*
* @generated from field: optional string bom_ref = 4;
*/
bomRef?: string | undefined;
};
/**
* Describes the message cyclonedx.v1_5.OrganizationalEntity.
* Use `create(OrganizationalEntitySchema)` to create a new message.
*/
export declare const OrganizationalEntitySchema: GenMessage<OrganizationalEntity>;
/**
* @generated from message cyclonedx.v1_5.Patch
*/
export type Patch = Message<"cyclonedx.v1_5.Patch"> & {
/**
* Specifies the purpose for the patch including the resolution of defects, security issues, or new behavior or functionality
*
* @generated from field: cyclonedx.v1_5.PatchClassification type = 1;
*/
type: PatchClassification;
/**
* The patch file (or diff) that show changes. Refer to https://en.wikipedia.org/wiki/Diff
*
* @generated from field: optional cyclonedx.v1_5.Diff diff = 2;
*/
diff?: Diff | undefined;
/**
* @generated from field: repeated cyclonedx.v1_5.Issue resolves = 3;
*/
resolves: Issue[];
};
/**
* Describes the message cyclonedx.v1_5.Patch.
* Use `create(PatchSchema)` to create a new message.
*/
export declare const PatchSchema: GenMessage<Patch>;
/**
* Component pedigree is a way to document complex supply chain scenarios where components are created, distributed, modified, redistributed, combined with other components, etc. Pedigree supports viewing this complex chain from the beginning, the end, or anywhere in the middle. It also provides a way to document variants where the exact relation may not be known.
*
* @generated from message cyclonedx.v1_5.Pedigree
*/
export type Pedigree = Message<"cyclonedx.v1_5.Pedigree"> & {
/**
* Describes zero or more components in which a component is derived from. This is commonly used to describe forks from existing projects where the forked version contains a ancestor node containing the original component it was forked from. For example, Component A is the original component. Component B is the component being used and documented in the BOM. However, Component B contains a pedigree node with a single ancestor documenting Component A - the original component from which Component B is derived from.
*
* @generated from field: repeated cyclonedx.v1_5.Component ancestors = 1;
*/
ancestors: Component[];
/**
* Descendants are the exact opposite of ancestors. This provides a way to document all forks (and their forks) of an original or root component.
*
* @generated from field: repeated cyclonedx.v1_5.Component descendants = 2;
*/
descendants: Component[];
/**
* Variants describe relations where the relationship between the components are not known. For example, if Component A contains nearly identical code to Component B. They are both related, but it is unclear if one is derived from the other, or if they share a common ancestor.
*
* @generated from field: repeated cyclonedx.v1_5.Component variants = 3;
*/
variants: Component[];
/**
* A list of zero or more commits which provide a trail describing how the component deviates from an ancestor, descendant, or variant.
*
* @generated from field: repeated cyclonedx.v1_5.Commit commits = 4;
*/
commits: Commit[];
/**
* A list of zero or more patches describing how the component deviates from an ancestor, descendant, or variant. Patches may be complimentary to commits or may be used in place of commits.
*
* @generated from field: repeated cyclonedx.v1_5.Patch patches = 5;
*/
patches: Patch[];
/**
* Notes, observations, and other non-structured commentary describing the components pedigree.
*
* @generated from field: optional string notes = 6;
*/
notes?: string | undefined;
};
/**
* Describes the message cyclonedx.v1_5.Pedigree.
* Use `create(PedigreeSchema)` to create a new message.
*/
export declare const PedigreeSchema: GenMessage<Pedigree>;
/**
* @generated from message cyclonedx.v1_5.Service
*/
export type Service = Message<"cyclonedx.v1_5.Service"> & {
/**
* An optional identifier which can be used to reference the service elsewhere in the BOM. Uniqueness is enforced within all elements and children of the root-level bom element.
*
* @generated from field: optional string bom_ref = 1;
*/
bomRef?: string | undefined;
/**
* The organization that provides the service.
*
* @generated from field: optional cyclonedx.v1_5.OrganizationalEntity provider = 2;
*/
provider?: OrganizationalEntity | undefined;
/**
* The grouping name, namespace, or identifier. This will often be a shortened, single name of the company or project that produced the service or domain name. Whitespace and special characters should be avoided.
*
* @generated from field: optional string group = 3;
*/
group?: string | undefined;
/**
* The name of the service. This will often be a shortened, single name of the service.
*
* @generated from field: string name = 4;
*/
name: string;
/**
* The service version.
*
* @generated from field: optional string version = 5;
*/
version?: string | undefined;
/**
* Specifies a description for the service.
*
* @generated from field: optional string description = 6;
*/
description?: string | undefined;
/**
* @generated from field: repeated string endpoints = 7;
*/
endpoints: string[];
/**
* A boolean value indicating if the service requires authentication. A value of true indicates the service requires authentication prior to use. A value of false indicates the service does not require authentication.
*
* @generated from field: optional bool authenticated = 8;
*/
authenticated?: boolean | undefined;
/**
* A boolean value indicating if use of the service crosses a trust zone or boundary. A value of true indicates that by using the service, a trust boundary is crossed. A value of false indicates that by using the service, a trust boundary is not crossed.
*
* @generated from field: optional bool x_trust_boundary = 9;
*/
xTrustBoundary?: boolean | undefined;
/**
* @generated from field: repeated cyclonedx.v1_5.DataFlow data = 10;
*/
data: DataFlow[];
/**
* @generated from field: repeated cyclonedx.v1_5.LicenseChoice licenses = 11;
*/
licenses: LicenseChoice[];
/**
* Provides the ability to document external references related to the service.
*
* @generated from field: repeated cyclonedx.v1_5.ExternalReference external_references = 12;
*/
externalReferences: ExternalReference[];
/**
* Specifies optional sub-service. This is not a dependency tree. It provides a way to specify a hierarchical representation of service assemblies, similar to system -> subsystem -> parts assembly in physical supply chains.
*
* @generated from field: repeated cyclonedx.v1_5.Service services = 13;
*/
services: Service[];
/**
* Specifies optional, custom, properties
*
* @generated from field: repeated cyclonedx.v1_5.Property properties = 14;
*/
properties: Property[];
/**
* Specifies optional release notes.
*
* @generated from field: optional cyclonedx.v1_5.ReleaseNotes releaseNotes = 15;
*/
releaseNotes?: ReleaseNotes | undefined;
/**
* The name of the trust zone the service resides in.
*
* @generated from field: optional string trustZone = 16;
*/
trustZone?: string | undefined;
};
/**
* Describes the message cyclonedx.v1_5.Service.
* Use `create(ServiceSchema)` to create a new message.
*/
export declare const ServiceSchema: GenMessage<Service>;
/**
* @generated from message cyclonedx.v1_5.Swid
*/
export type Swid = Message<"cyclonedx.v1_5.Swid"> & {
/**
* Maps to the tagId of a SoftwareIdentity.
*
* @generated from field: string tag_id = 1;
*/
tagId: string;
/**
* Maps to the name of a SoftwareIdentity.
*
* @generated from field: string name = 2;
*/
name: string;
/**
* Maps to the version of a SoftwareIdentity. Defaults to '0.0' if not specified.
*
* @generated from field: optional string version = 3;
*/
version?: string | undefined;
/**
* Maps to the tagVersion of a SoftwareIdentity. Defaults to '0' if not specified.
*
* @generated from field: optional int32 tag_version = 4;
*/
tagVersion?: number | undefined;
/**
* Maps to the patch of a SoftwareIdentity. Defaults to 'false' if not specified.
*
* @generated from field: optional bool patch = 5;
*/
patch?: boolean | undefined;
/**
* Specifies the full content of the SWID tag.
*
* @generated from field: optional cyclonedx.v1_5.AttachedText text = 6;
*/
text?: AttachedText | undefined;
/**
* The URL to the SWID file.
*
* @generated from field: optional string url = 7;
*/
url?: string | undefined;
};
/**
* Describes the message cyclonedx.v1_5.Swid.
* Use `create(SwidSchema)` to create a new message.
*/
export declare const SwidSchema: GenMessage<Swid>;
/**
* Specifies a tool (manual or automated).
*
* @generated from message cyclonedx.v1_5.Tool
*/
export type Tool = Message<"cyclonedx.v1_5.Tool"> & {
/**
* DEPRECATED - DO NOT USE - The vendor of the tool used to create the BOM.
*
* @generated from field: optional string vendor = 1 [deprecated = true];
* @deprecated
*/
vendor?: string | undefined;
/**
* DEPRECATED - DO NOT USE - The name of the tool used to create the BOM.
*
* @generated from field: optional string name = 2 [deprecated = true];
* @deprecated
*/
name?: string | undefined;
/**
* DEPRECATED - DO NOT USE - The version of the tool used to create the BOM.
*
* @generated from field: optional string version = 3 [deprecated = true];
* @deprecated
*/
version?: string | undefined;
/**
* DEPRECATED - DO NOT USE
*
* @generated from field: repeated cyclonedx.v1_5.Hash hashes = 4 [deprecated = true];
* @deprecated
*/
hashes: Hash[];
/**
* DEPRECATED - DO NOT USE - Provides the ability to document external references related to the tool.
*
* @generated from field: repeated cyclonedx.v1_5.ExternalReference external_references = 5 [deprecated = true];
* @deprecated
*/
externalReferences: ExternalReference[];
/**
* A list of software and hardware components used as tools
*
* @generated from field: repeated cyclonedx.v1_5.Component components = 6;
*/
components: Component[];
/**
* A list of services used as tools. This may include microservices, function-as-a-service, and other types of network or intra-process services.
*
* @generated from field: repeated cyclonedx.v1_5.Service services = 7;
*/
services: Service[];
};
/**
* Describes the message cyclonedx.v1_5.Tool.
* Use `create(ToolSchema)` to create a new message.
*/
export declare const ToolSchema: GenMessage<Tool>;
/**
* Specifies a property
*
* @generated from message cyclonedx.v1_5.Property
*/
export type Property = Message<"cyclonedx.v1_5.Property"> & {
/**
* @generated from field: string name = 1;
*/
name: string;
/**
* @generated from field: optional string value = 2;
*/
value?: string | undefined;
};
/**
* Describes the message cyclonedx.v1_5.Property.
* Use `create(PropertySchema)` to create a new message.
*/
export declare const PropertySchema: GenMessage<Property>;
/**
* @generated from message cyclonedx.v1_5.Composition
*/
export type Composition = Message<"cyclonedx.v1_5.Composition"> & {
/**
* Indicates the aggregate completeness
*
* @generated from field: cyclonedx.v1_5.Aggregate aggregate = 1;
*/
aggregate: Aggregate;
/**
* The assemblies the aggregate completeness applies to
*
* @generated from field: repeated string assemblies = 2;
*/
assemblies: string[];
/**
* The dependencies the aggregate completeness applies to
*
* @generated from field: repeated string dependencies = 3;
*/
dependencies: string[];
/**
* The bom-ref identifiers of the vulnerabilities being described.
*
* @generated from field: repeated string vulnerabilities = 4;
*/
vulnerabilities: string[];
/**
* An optional identifier which can be used to reference the composition elsewhere in the BOM. Every bom-ref MUST be unique within the BOM.
*
* @generated from field: optional string bom_ref = 5;
*/
bomRef?: string | undefined;
};
/**
* Describes the message cyclonedx.v1_5.Composition.
* Use `create(CompositionSchema)` to create a new message.
*/
export declare const CompositionSchema: GenMessage<Composition>;
/**
* @generated from message cyclonedx.v1_5.EvidenceCopyright
*/
export type EvidenceCopyright = Message<"cyclonedx.v1_5.EvidenceCopyright"> & {
/**
* Copyright text
*
* @generated from field: string text = 1;
*/
text: string;
};
/**
* Describes the message cyclonedx.v1_5.EvidenceCopyright.
* Use `create(EvidenceCopyrightSchema)` to create a new message.
*/
export declare const EvidenceCopyrightSchema: GenMessage<EvidenceCopyright>;
/**
* @generated from message cyclonedx.v1_5.Evidence
*/
export type Evidence = Message<"cyclonedx.v1_5.Evidence"> & {
/**
* @generated from field: repeated cyclonedx.v1_5.LicenseChoice licenses = 1;
*/
licenses: LicenseChoice[];
/**
* @generated from field: repeated cyclonedx.v1_5.EvidenceCopyright copyright = 2;
*/
copyright: EvidenceCopyright[];
/**
* @generated from field: optional cyclonedx.v1_5.EvidenceIdentity identity = 3;
*/
identity?: EvidenceIdentity | undefined;
/**
* @generated from field: repeated cyclonedx.v1_5.EvidenceOccurrences occurrences = 4;
*/
occurrences: EvidenceOccurrences[];
/**
* @generated from field: optional cyclonedx.v1_5.Callstack callstack = 5;
*/
callstack?: Callstack | undefined;
};
/**
* Describes the message cyclonedx.v1_5.Evidence.
* Use `create(EvidenceSchema)` to create a new message.
*/
export declare const EvidenceSchema: GenMessage<Evidence>;
/**
* Evidence of the components use through the callstack.
*
* @generated from message cyclonedx.v1_5.Callstack
*/
export type Callstack = Message<"cyclonedx.v1_5.Callstack"> & {
/**
* @generated from field: repeated cyclonedx.v1_5.Callstack.Frames frames = 1;
*/
frames: Callstack_Frames[];
};
/**
* Describes the message cyclonedx.v1_5.Callstack.
* Use `create(CallstackSchema)` to create a new message.
*/
export declare const CallstackSchema: GenMessage<Callstack>;
/**
* @generated from message cyclonedx.v1_5.Callstack.Frames
*/
export type Callstack_Frames = Message<"cyclonedx.v1_5.Callstack.Frames"> & {
/**
* A package organizes modules into namespaces, providing a unique namespace for each type it contains.
*
* @generated from field: optional string package = 1;
*/
package?: string | undefined;
/**
* A module or class that encloses functions/methods and other code.
*
* @generated from field: string module = 2;
*/
module: string;
/**
* A block of code designed to perform a particular task.
*
* @generated from field: optional string function = 3;
*/
function?: string | undefined;
/**
* Optional arguments that are passed to the module or function.
*
* @generated from field: repeated string parameters = 4;
*/
parameters: string[];
/**
* The line number the code that is called resides on.
*
* @generated from field: optional int32 line = 5;
*/
line?: number | undefined;
/**
* The column the code that is called resides.
*
* @generated from field: optional int32 column = 6;
*/
column?: number | undefined;
/**
* The full path and filename of the module.
*
* @generated from field: optional string fullFilename = 7;
*/
fullFilename?: string | undefined;
};
/**
* Describes the message cyclonedx.v1_5.Callstack.Frames.
* Use `create(Callstack_FramesSchema)` to create a new message.
*/
export declare const Callstack_FramesSchema: GenMessage<Callstack_Frames>;
/**
* @generated from message cyclonedx.v1_5.EvidenceIdentity
*/
export type EvidenceIdentity = Message<"cyclonedx.v1_5.EvidenceIdentity"> & {
/**
* The identity field of the component which the evidence describes.
*
* @generated from field: cyclonedx.v1_5.EvidenceFieldType field = 1;
*/
field: EvidenceF