@appthreat/cdx-proto
Version:
Library to serialize/deserialize CycloneDX BOM with protocol buffers
1,191 lines • 341 kB
TypeScript
import type { GenEnum, GenFile, GenMessage } from "@bufbuild/protobuf/codegenv2";
import type { Timestamp } from "@bufbuild/protobuf/wkt";
import type { Message } from "@bufbuild/protobuf";
/**
* Describes the file bom-1.7.proto.
*/
export declare const file_bom_1_7: GenFile;
/**
* Specifies attributes of the text
*
* @generated from message cyclonedx.v1_7.AttachedText
*/
export type AttachedText = Message<"cyclonedx.v1_7.AttachedText"> & {
/**
* Specifies the format and nature of the data being attached, helping systems correctly interpret and process the content. Common content type examples include `application/json` for JSON data and `text/plain` for plan text documents. [RFC 2045 section 5.1](https://www.ietf.org/rfc/rfc2045.html#section-5.1) outlines the structure and use of content types. For a comprehensive list of registered content types, refer to the [IANA media types registry](https://www.iana.org/assignments/media-types/media-types.xhtml).
*
* @generated from field: optional string content_type = 1;
*/
contentType?: string | undefined;
/**
* Specifies the encoding the text is represented in
*
* @generated from field: optional string encoding = 2;
*/
encoding?: string | undefined;
/**
* SimpleContent value of element. Proactive controls such as input validation and sanitization should be employed to prevent misuse of attachment text.
*
* @generated from field: string value = 3;
*/
value: string;
};
/**
* Describes the message cyclonedx.v1_7.AttachedText.
* Use `create(AttachedTextSchema)` to create a new message.
*/
export declare const AttachedTextSchema: GenMessage<AttachedText>;
/**
* @generated from message cyclonedx.v1_7.Bom
*/
export type Bom = Message<"cyclonedx.v1_7.Bom"> & {
/**
* The version of the CycloneDX specification a BOM is written to (starting at version 1.3)
*
* @generated from field: string spec_version = 1;
*/
specVersion: string;
/**
* The version allows component publishers/authors to make changes to existing BOMs to update various aspects of the document such as description or licenses. When a system is presented with multiple BOMs for the same component, the system should use the most recent version of the BOM. The default version is '1' and should be incremented for each version of the BOM that is published. Each version of a component should have a unique BOM and if no changes are made to the BOMs, then each BOM will have a version of '1'.
*
* @generated from field: optional int32 version = 2;
*/
version?: number | undefined;
/**
* Every BOM generated should have a unique serial number, even if the contents of the BOM being generated have not changed over time. The process or tool responsible for creating the BOM should create random UUID's for every BOM generated.
*
* @generated from field: optional string serial_number = 3;
*/
serialNumber?: string | undefined;
/**
* Provides additional information about a BOM.
*
* @generated from field: optional cyclonedx.v1_7.Metadata metadata = 4;
*/
metadata?: Metadata | undefined;
/**
* Provides the ability to document a list of components.
*
* @generated from field: repeated cyclonedx.v1_7.Component components = 5;
*/
components: Component[];
/**
* Provides the ability to document a list of external services.
*
* @generated from field: repeated cyclonedx.v1_7.Service services = 6;
*/
services: Service[];
/**
* Provides the ability to document external references related to the BOM or to the project the BOM describes.
*
* @generated from field: repeated cyclonedx.v1_7.ExternalReference external_references = 7;
*/
externalReferences: ExternalReference[];
/**
* Provides the ability to document dependency relationships.
*
* @generated from field: repeated cyclonedx.v1_7.Dependency dependencies = 8;
*/
dependencies: Dependency[];
/**
* Compositions describe constituent parts (including components, services, and dependency relationships) and their completeness. The completeness of vulnerabilities expressed in a BOM may also be described.
*
* @generated from field: repeated cyclonedx.v1_7.Composition compositions = 9;
*/
compositions: Composition[];
/**
* Vulnerabilities identified in components or services.
*
* @generated from field: repeated cyclonedx.v1_7.Vulnerability vulnerabilities = 10;
*/
vulnerabilities: Vulnerability[];
/**
* Comments made by people, organizations, or tools about any object with a bom_ref, such as components, services, vulnerabilities, or the BOM itself. Unlike inventory information, annotations may contain opinion or commentary from various stakeholders.
*
* @generated from field: repeated cyclonedx.v1_7.Annotation annotations = 11;
*/
annotations: Annotation[];
/**
* Specifies custom properties.
*
* @generated from field: repeated cyclonedx.v1_7.Property properties = 12;
*/
properties: Property[];
/**
* Describes the formulation of any referencable object within the BOM, including components, services, metadata, declarations, or the BOM itself. This may encompass how the object was created, assembled, deployed, tested, certified, or otherwise brought into its present form. Common examples include software build pipelines, deployment processes, AI/ML model training, cryptographic key generation or certification, and third-party audits. Processes are modeled using declared and observed formulas, composed of workflows, tasks, and individual steps.
*
* @generated from field: repeated cyclonedx.v1_7.Formula formulation = 13;
*/
formulation: Formula[];
/**
* The list of declarations which describe the conformance to standards. Each declaration may include attestations, claims, and evidence.
*
* @generated from field: repeated cyclonedx.v1_7.Declarations declarations = 14;
*/
declarations: Declarations[];
/**
* A collection of reusable objects that are defined and may be used elsewhere in the BOM.
*
* @generated from field: repeated cyclonedx.v1_7.Definition definitions = 15;
*/
definitions: Definition[];
/**
* A collection of attributions indicating which entity supplied information for specific fields within the BOM.
*
* @generated from field: repeated cyclonedx.v1_7.Citation citations = 16;
*/
citations: Citation[];
};
/**
* Describes the message cyclonedx.v1_7.Bom.
* Use `create(BomSchema)` to create a new message.
*/
export declare const BomSchema: GenMessage<Bom>;
/**
* @generated from message cyclonedx.v1_7.Commit
*/
export type Commit = Message<"cyclonedx.v1_7.Commit"> & {
/**
* A unique identifier of the commit. This may be version control specific. For example, Subversion uses revision numbers whereas git uses commit hashes.
*
* @generated from field: optional string uid = 1;
*/
uid?: string | undefined;
/**
* The URL to the commit. This URL will typically point to a commit in a version control system.
*
* @generated from field: optional string url = 2;
*/
url?: string | undefined;
/**
* The author who created the changes in the commit
*
* @generated from field: optional cyclonedx.v1_7.IdentifiableAction author = 3;
*/
author?: IdentifiableAction | undefined;
/**
* The person who committed or pushed the commit
*
* @generated from field: optional cyclonedx.v1_7.IdentifiableAction committer = 4;
*/
committer?: IdentifiableAction | undefined;
/**
* The text description of the contents of the commit
*
* @generated from field: optional string message = 5;
*/
message?: string | undefined;
};
/**
* Describes the message cyclonedx.v1_7.Commit.
* Use `create(CommitSchema)` to create a new message.
*/
export declare const CommitSchema: GenMessage<Commit>;
/**
* @generated from message cyclonedx.v1_7.Component
*/
export type Component = Message<"cyclonedx.v1_7.Component"> & {
/**
* Specifies the type of component. For software components, classify as an application if no more specific appropriate classification is available or cannot be determined for the component.
*
* @generated from field: cyclonedx.v1_7.Classification type = 1;
*/
type: Classification;
/**
* The mime-type of the component. When used on file components, the mime-type can provide additional context about the kind of file being represented, such as an image, font, or executable. Some library or framework components may also have an associated mime-type.
*
* @generated from field: optional string mime_type = 2;
*/
mimeType?: string | undefined;
/**
* A identifier which can be used to reference the component elsewhere in the BOM. Uniqueness is enforced within all elements and children of the root-level bom element.
*
* @generated from field: optional string bom_ref = 3;
*/
bomRef?: string | undefined;
/**
* The organization that supplied the component. The supplier may often be the manufacturer but may also be a distributor or repackager.
*
* @generated from field: optional cyclonedx.v1_7.OrganizationalEntity supplier = 4;
*/
supplier?: OrganizationalEntity | undefined;
/**
* DEPRECATED - DO NOT USE - This will be removed in a future version - Use `.authors` or `.manufacturer` instead.
* The person(s) or organization(s) that authored the component
*
* @generated from field: optional string author = 5 [deprecated = true];
* @deprecated
*/
author?: string | undefined;
/**
* The person(s) or organization(s) that published the component
*
* @generated from field: optional string publisher = 6;
*/
publisher?: string | undefined;
/**
* The grouping name or identifier. This will often be a shortened, single name of the company or project that produced the component or the source package or domain name. Whitespace and special characters should be avoided. Examples include: apache, org.apache.commons, and apache.org.
*
* @generated from field: optional string group = 7;
*/
group?: string | undefined;
/**
* The name of the component. This will often be a shortened, single name of the component. Examples: commons-lang3 and jquery
*
* @generated from field: string name = 8;
*/
name: string;
/**
* The component version. The version should ideally comply with semantic versioning but is not enforced.
* Version was made optional in v1.4 of the spec.
* For backward compatibility, it is recommended to use an empty string to represent components without version information.
* Must be used exclusively, either 'version' or 'versionRange', but not both.
*
* @generated from field: string version = 9;
*/
version: string;
/**
* For an external component, this specifies the accepted version range.
* The value must adhere to the Package URL Version Range syntax (vers), as defined at https://github.com/package-url/vers-spec.
* May only be used if `isExternal` is set to `true`.
* Must be used exclusively, either 'version' or 'versionRange', but not both.
*
* @generated from field: optional string versionRange = 33;
*/
versionRange?: string | undefined;
/**
* Specifies a description for the component
*
* @generated from field: optional string description = 10;
*/
description?: string | undefined;
/**
* Specifies the scope of the component. If a scope is not specified, SCOPE_REQUIRED scope should be assumed by the consumer of the BOM
*
* @generated from field: optional cyclonedx.v1_7.Scope scope = 11;
*/
scope?: Scope | undefined;
/**
* The hashes of the component.
*
* @generated from field: repeated cyclonedx.v1_7.Hash hashes = 12;
*/
hashes: Hash[];
/**
* A list of SPDX licenses and/or named licenses and/or SPDX License Expression.
*
* @generated from field: repeated cyclonedx.v1_7.LicenseChoice licenses = 13;
*/
licenses: LicenseChoice[];
/**
* An copyright notice informing users of the underlying claims to copyright ownership in a published work.
*
* @generated from field: optional string copyright = 14;
*/
copyright?: string | undefined;
/**
* DEPRECATED - DO NOT USE. This will be removed in a future version. Specifies a well-formed CPE name. See https://nvd.nist.gov/products/cpe
*
* @generated from field: optional string cpe = 15;
*/
cpe?: string | undefined;
/**
* Specifies the package-url (PURL). The purl, if specified, must be valid and conform to the specification defined at: https://github.com/package-url/purl-spec
*
* @generated from field: optional string purl = 16;
*/
purl?: string | undefined;
/**
* Specifies metadata and content for ISO-IEC 19770-2 Software Identification (SWID) Tags.
*
* @generated from field: optional cyclonedx.v1_7.Swid swid = 17;
*/
swid?: Swid | undefined;
/**
* DEPRECATED - DO NOT USE. This will be removed in a future version. Use the pedigree element instead to supply information on exactly how the component was modified. A boolean value indicating is the component has been modified from the original. A value of true indicates the component is a derivative of the original. A value of false indicates the component has not been modified from the original.
*
* @generated from field: optional bool modified = 18;
*/
modified?: boolean | undefined;
/**
* Component pedigree is a way to document complex supply chain scenarios where components are created, distributed, modified, redistributed, combined with other components, etc.
*
* @generated from field: optional cyclonedx.v1_7.Pedigree pedigree = 19;
*/
pedigree?: Pedigree | undefined;
/**
* Provides the ability to document external references related to the component or to the project the component describes.
*
* @generated from field: repeated cyclonedx.v1_7.ExternalReference external_references = 20;
*/
externalReferences: ExternalReference[];
/**
* Specifies sub-components. This is not a dependency tree. It provides a way to specify a hierarchical representation of component assemblies, similar to system -> subsystem -> parts assembly in physical supply chains.
*
* @generated from field: repeated cyclonedx.v1_7.Component components = 21;
*/
components: Component[];
/**
* Specifies custom properties.
*
* @generated from field: repeated cyclonedx.v1_7.Property properties = 22;
*/
properties: Property[];
/**
* Specifies license and copyright evidence.
*
* @generated from field: optional cyclonedx.v1_7.Evidence evidence = 23;
*/
evidence?: Evidence | undefined;
/**
* Specifies release notes.
*
* @generated from field: optional cyclonedx.v1_7.ReleaseNotes releaseNotes = 24;
*/
releaseNotes?: ReleaseNotes | undefined;
/**
* A model card describes the intended uses of a machine learning model, potential limitations, biases, ethical considerations, training parameters, datasets used to train the model, performance metrics, and other relevant data useful for ML transparency.
*
* @generated from field: optional cyclonedx.v1_7.ModelCard modelCard = 25;
*/
modelCard?: ModelCard | undefined;
/**
* This object SHOULD be specified for any component of type `data` and must not be specified for other component types.
*
* @generated from field: repeated cyclonedx.v1_7.ComponentData data = 26;
*/
data: ComponentData[];
/**
* Cryptographic assets have properties that uniquely define them and that make them actionable for further reasoning. As an example, it makes a difference if one knows the algorithm family (e.g. AES) or the specific variant or instantiation (e.g. AES-128-GCM). This is because the security level and the algorithm primitive (authenticated encryption) is only defined by the definition of the algorithm variant. The presence of a weak cryptographic algorithm like SHA1 vs. HMAC-SHA1 also makes a difference.
*
* @generated from field: optional cyclonedx.v1_7.CryptoProperties cryptoProperties = 27;
*/
cryptoProperties?: CryptoProperties | undefined;
/**
* The organization that created the component. Manufacturer is common in components created through automated processes. Components created through manual means may have `.authors` instead.
*
* @generated from field: optional cyclonedx.v1_7.OrganizationalEntity manufacturer = 28;
*/
manufacturer?: OrganizationalEntity | undefined;
/**
* The person(s) who created the component. Authors are common in components created through manual processes. Components created through automated means may have `.manufacturer` instead.
*
* @generated from field: repeated cyclonedx.v1_7.OrganizationalContact authors = 29;
*/
authors: OrganizationalContact[];
/**
* Textual strings that aid in discovery, search, and retrieval of the associated object. Tags often serve as a way to group or categorize similar or related objects by various attributes. Examples include "json-parser", "object-persistence", "text-to-image", "translation", and "object-detection".
*
* @generated from field: repeated string tags = 30;
*/
tags: string[];
/**
* Specifies the OmniBOR Artifact ID. The OmniBOR, if specified, must be valid and conform to the specification defined at: https://www.iana.org/assignments/uri-schemes/prov/gitoid
*
* @generated from field: repeated string omniborId = 31;
*/
omniborId: string[];
/**
* Specifies the Software Heritage persistent identifier (SWHID). The SWHID, if specified, must be valid and conform to the specification defined at: https://docs.softwareheritage.org/devel/swh-model/persistent-identifiers.html
*
* @generated from field: repeated string swhid = 32;
*/
swhid: string[];
/**
* Determine whether this component is external.
* An external component is one that is not part of an assembly, but is expected to be provided by the environment, regardless of the component's `scope`. This setting can be useful for distinguishing which components are bundled with the product and which can be relied upon to be present in the deployment environment.
* This may be set to `true` for runtime components only. For `Bom.metadata.component`, it must be set to `false`.
*
* implicit defaults to `false`
*
* @generated from field: optional bool isExternal = 34;
*/
isExternal?: boolean | undefined;
/**
* A list of assertions made regarding patents associated with this component or service. Assertions distinguish between ownership, licensing, and other relevant interactions with patents.
*
* @generated from field: repeated cyclonedx.v1_7.PatentAssertion patent_assertions = 35;
*/
patentAssertions: PatentAssertion[];
};
/**
* Describes the message cyclonedx.v1_7.Component.
* Use `create(ComponentSchema)` to create a new message.
*/
export declare const ComponentSchema: GenMessage<Component>;
/**
* Specifies the data flow.
*
* @generated from message cyclonedx.v1_7.DataFlow
*/
export type DataFlow = Message<"cyclonedx.v1_7.DataFlow"> & {
/**
* Specifies the flow direction of the data.
*
* @generated from field: cyclonedx.v1_7.DataFlowDirection flow = 1;
*/
flow: DataFlowDirection;
/**
* Data classification tags data according to its type, sensitivity, and value if altered, stolen, or destroyed.
*
* @generated from field: string value = 2;
*/
value: string;
/**
* Name for the defined data
*
* @generated from field: optional string name = 3;
*/
name?: string | undefined;
/**
* Short description of the data content and usage
*
* @generated from field: optional string description = 4;
*/
description?: string | undefined;
/**
* The URI, URL, or BOM-Link of the components or services the data came in from
*
* @generated from field: repeated string source = 5;
*/
source: string[];
/**
* The URI, URL, or BOM-Link of the components or services the data is sent to
*
* @generated from field: repeated string destination = 6;
*/
destination: string[];
/**
* Data Governance
*
* @generated from field: optional cyclonedx.v1_7.DataGovernance governance = 7;
*/
governance?: DataGovernance | undefined;
};
/**
* Describes the message cyclonedx.v1_7.DataFlow.
* Use `create(DataFlowSchema)` to create a new message.
*/
export declare const DataFlowSchema: GenMessage<DataFlow>;
/**
* Defines the direct dependencies of a component, service, or the components provided/implemented by a given component. Components or services that do not have their own dependencies must be declared as empty elements within the graph. Components or services that are not represented in the dependency graph may have unknown dependencies. It is recommended that implementations assume this to be opaque and not an indicator of an object being dependency-free. It is recommended to leverage compositions to indicate unknown dependency graphs.
*
* @generated from message cyclonedx.v1_7.Dependency
*/
export type Dependency = Message<"cyclonedx.v1_7.Dependency"> & {
/**
* References a component or service by its bom_ref attribute
*
* @generated from field: string ref = 1;
*/
ref: string;
/**
* The bom_ref identifiers of the components or services that are dependencies of this dependency object.
*
* @generated from field: repeated cyclonedx.v1_7.Dependency dependencies = 2;
*/
dependencies: Dependency[];
/**
* The bom_ref identifiers of the components or services that define a given specification or standard, which are provided or implemented by this dependency object.
*
* @generated from field: repeated string provides = 3;
*/
provides: string[];
};
/**
* Describes the message cyclonedx.v1_7.Dependency.
* Use `create(DependencySchema)` to create a new message.
*/
export declare const DependencySchema: GenMessage<Dependency>;
/**
* The patch file (or diff) that shows changes. Refer to https://en.wikipedia.org/wiki/Diff
*
* @generated from message cyclonedx.v1_7.Diff
*/
export type Diff = Message<"cyclonedx.v1_7.Diff"> & {
/**
* Specifies the text of the diff
*
* @generated from field: optional cyclonedx.v1_7.AttachedText text = 1;
*/
text?: AttachedText | undefined;
/**
* Specifies the URL to the diff
*
* @generated from field: optional string url = 2;
*/
url?: string | undefined;
};
/**
* Describes the message cyclonedx.v1_7.Diff.
* Use `create(DiffSchema)` to create a new message.
*/
export declare const DiffSchema: GenMessage<Diff>;
/**
* External references provide a way to document systems, sites, and information that may be relevant but are not included with the BOM. They may also establish specific relationships within or external to the BOM.
*
* @generated from message cyclonedx.v1_7.ExternalReference
*/
export type ExternalReference = Message<"cyclonedx.v1_7.ExternalReference"> & {
/**
* Specifies the type of external reference. There are built-in types to describe common references. If a type does not exist for the reference being referred to, use the "other" type.
*
* @generated from field: cyclonedx.v1_7.ExternalReferenceType type = 1;
*/
type: ExternalReferenceType;
/**
* The URL to the external reference
*
* @generated from field: string url = 2;
*/
url: string;
/**
* A comment describing the external reference
*
* @generated from field: optional string comment = 3;
*/
comment?: string | undefined;
/**
* Integrity hashes for the external resource content
*
* @generated from field: repeated cyclonedx.v1_7.Hash hashes = 4;
*/
hashes: Hash[];
/**
* Specifies custom properties.
*
* @generated from field: repeated cyclonedx.v1_7.Property properties = 5;
*/
properties: Property[];
};
/**
* Describes the message cyclonedx.v1_7.ExternalReference.
* Use `create(ExternalReferenceSchema)` to create a new message.
*/
export declare const ExternalReferenceSchema: GenMessage<ExternalReference>;
/**
* Specifies the file hash of the component
*
* @generated from message cyclonedx.v1_7.Hash
*/
export type Hash = Message<"cyclonedx.v1_7.Hash"> & {
/**
* Specifies the algorithm used to create the hash
*
* @generated from field: cyclonedx.v1_7.HashAlg alg = 1;
*/
alg: HashAlg;
/**
* SimpleContent value of element
*
* @generated from field: string value = 2;
*/
value: string;
};
/**
* Describes the message cyclonedx.v1_7.Hash.
* Use `create(HashSchema)` to create a new message.
*/
export declare const HashSchema: GenMessage<Hash>;
/**
* @generated from message cyclonedx.v1_7.IdentifiableAction
*/
export type IdentifiableAction = Message<"cyclonedx.v1_7.IdentifiableAction"> & {
/**
* The timestamp in which the action occurred
*
* @generated from field: optional google.protobuf.Timestamp timestamp = 1;
*/
timestamp?: Timestamp | undefined;
/**
* The name of the individual who performed the action
*
* @generated from field: optional string name = 2;
*/
name?: string | undefined;
/**
* The email address of the individual who performed the action
*
* @generated from field: optional string email = 3;
*/
email?: string | undefined;
};
/**
* Describes the message cyclonedx.v1_7.IdentifiableAction.
* Use `create(IdentifiableActionSchema)` to create a new message.
*/
export declare const IdentifiableActionSchema: GenMessage<IdentifiableAction>;
/**
* An individual issue that has been resolved.
*
* @generated from message cyclonedx.v1_7.Issue
*/
export type Issue = Message<"cyclonedx.v1_7.Issue"> & {
/**
* Specifies the type of issue
*
* @generated from field: cyclonedx.v1_7.IssueClassification type = 1;
*/
type: IssueClassification;
/**
* The identifier of the issue assigned by the source of the issue
*
* @generated from field: optional string id = 2;
*/
id?: string | undefined;
/**
* The name of the issue
*
* @generated from field: optional string name = 3;
*/
name?: string | undefined;
/**
* A description of the issue
*
* @generated from field: optional string description = 4;
*/
description?: string | undefined;
/**
* The source of the issue where it is documented
*
* @generated from field: optional cyclonedx.v1_7.Source source = 5;
*/
source?: Source | undefined;
/**
* A collection of URL's for reference. Multiple URLs are allowed. Example: "https://example.com"
*
* @generated from field: repeated string references = 6;
*/
references: string[];
};
/**
* Describes the message cyclonedx.v1_7.Issue.
* Use `create(IssueSchema)` to create a new message.
*/
export declare const IssueSchema: GenMessage<Issue>;
/**
* The source of the issue where it is documented.
*
* @generated from message cyclonedx.v1_7.Source
*/
export type Source = Message<"cyclonedx.v1_7.Source"> & {
/**
* The name of the source. For example, "National Vulnerability Database", "NVD", and "Apache"
*
* @generated from field: optional string name = 1;
*/
name?: string | undefined;
/**
* The url of the issue documentation as provided by the source
*
* @generated from field: optional string url = 2;
*/
url?: string | undefined;
};
/**
* Describes the message cyclonedx.v1_7.Source.
* Use `create(SourceSchema)` to create a new message.
*/
export declare const SourceSchema: GenMessage<Source>;
/**
* @generated from message cyclonedx.v1_7.LicenseChoice
*/
export type LicenseChoice = Message<"cyclonedx.v1_7.LicenseChoice"> & {
/**
* @generated from oneof cyclonedx.v1_7.LicenseChoice.choice
*/
choice: {
/**
* A license
*
* @generated from field: cyclonedx.v1_7.License license = 1;
*/
value: License;
case: "license";
} | {
/**
* A valid SPDX license expression. Refer to https://spdx.org/specifications for syntax requirements.
*
* @generated from field: string expression = 2;
*/
value: string;
case: "expression";
} | {
/**
* A SPDX license expression and its details
*
* @generated from field: cyclonedx.v1_7.LicenseExpressionDetailed expression_detailed = 5;
*/
value: LicenseExpressionDetailed;
case: "expressionDetailed";
} | {
case: undefined;
value?: undefined;
};
/**
* This field must only be used when `expression` is chosen as the other options have their own acknowledgement.
*
* @generated from field: optional cyclonedx.v1_7.LicenseAcknowledgementEnumeration acknowledgement = 3;
*/
acknowledgement?: LicenseAcknowledgementEnumeration | undefined;
/**
* This field must only be used when `expression` is chosen as the other options have their own bom_ref.
*
* @generated from field: optional string bom_ref = 4;
*/
bomRef?: string | undefined;
};
/**
* Describes the message cyclonedx.v1_7.LicenseChoice.
* Use `create(LicenseChoiceSchema)` to create a new message.
*/
export declare const LicenseChoiceSchema: GenMessage<LicenseChoice>;
/**
* Specifies the details and attributes related to a software license. It can either include a valid SPDX license identifier or a named license, along with additional properties such as license acknowledgment, comprehensive commercial licensing information, and the full text of the license.
*
* @generated from message cyclonedx.v1_7.License
*/
export type License = Message<"cyclonedx.v1_7.License"> & {
/**
* @generated from oneof cyclonedx.v1_7.License.license
*/
license: {
/**
* A valid SPDX license identifier. If specified, this value must be one of the enumeration of valid SPDX license identifiers defined in the spdx.schema.json (or spdx.xml) subschema which is synchronized with the official SPDX license list.
*
* @generated from field: string id = 1;
*/
value: string;
case: "id";
} | {
/**
* The name of the license. This may include the name of a commercial or proprietary license or an open source license that may not be defined by SPDX.
*
* @generated from field: string name = 2;
*/
value: string;
case: "name";
} | {
case: undefined;
value?: undefined;
};
/**
* Specifies the full text of the attachment
*
* @generated from field: optional cyclonedx.v1_7.AttachedText text = 3;
*/
text?: AttachedText | undefined;
/**
* The URL to the attachment file. If the attachment is a license or BOM, an externalReference should also be specified for completeness.
*
* @generated from field: optional string url = 4;
*/
url?: string | undefined;
/**
* A identifier which can be used to reference the license elsewhere in the BOM. Uniqueness is enforced within all elements and children of the root-level bom element.
*
* @generated from field: optional string bom_ref = 5;
*/
bomRef?: string | undefined;
/**
* Licensing details describing the licensor/licensee, license type, renewal and expiration dates, and other important metadata
*
* @generated from field: optional cyclonedx.v1_7.Licensing licensing = 6;
*/
licensing?: Licensing | undefined;
/**
* Specifies custom properties.
*
* @generated from field: repeated cyclonedx.v1_7.Property properties = 7;
*/
properties: Property[];
/**
* Declared licenses and concluded licenses represent two different stages in the licensing process within software development. Declared licenses refer to the initial intention of the software authors regarding the licensing terms under which their code is released. On the other hand, concluded licenses are the result of a comprehensive analysis of the project's codebase to identify and confirm the actual licenses of the components used, which may differ from the initially declared licenses. While declared licenses provide an upfront indication of the licensing intentions, concluded licenses offer a more thorough understanding of the actual licensing within a project, facilitating proper compliance and risk management. Observed licenses are defined in `@.evidence.licenses`. Observed licenses form the evidence necessary to substantiate a concluded license.
*
* @generated from field: optional cyclonedx.v1_7.LicenseAcknowledgementEnumeration acknowledgement = 8;
*/
acknowledgement?: LicenseAcknowledgementEnumeration | undefined;
};
/**
* Describes the message cyclonedx.v1_7.License.
* Use `create(LicenseSchema)` to create a new message.
*/
export declare const LicenseSchema: GenMessage<License>;
/**
* Specifies the details and attributes related to a software license.
* It must be a valid SPDX license expression, along with additional properties such as license acknowledgment.
*
* @generated from message cyclonedx.v1_7.LicenseExpressionDetailed
*/
export type LicenseExpressionDetailed = Message<"cyclonedx.v1_7.LicenseExpressionDetailed"> & {
/**
* A valid SPDX license expression. Refer to https://spdx.org/specifications for syntax requirements.
* Example values:
* - "Apache-2.0 AND (MIT OR GPL-2.0-only)",
* - "GPL-3.0-only WITH Classpath-exception-2.0"
*
* @generated from field: string expression = 1;
*/
expression: string;
/**
* Licensing details describing the licensor/licensee, license type, renewal and expiration dates, and other important metadata
* Details for parts of the `expression`.
*
* @generated from field: repeated cyclonedx.v1_7.LicenseExpressionDetailed.ExpressionDetails details = 2;
*/
details: LicenseExpressionDetailed_ExpressionDetails[];
/**
* A identifier which can be used to reference the license elsewhere in the BOM. Uniqueness is enforced within all elements and children of the root-level bom element.
*
* @generated from field: optional string bom_ref = 3;
*/
bomRef?: string | undefined;
/**
* Declared licenses and concluded licenses represent two different stages in the licensing process within software development. Declared licenses refer to the initial intention of the software authors regarding the licensing terms under which their code is released. On the other hand, concluded licenses are the result of a comprehensive analysis of the project's codebase to identify and confirm the actual licenses of the components used, which may differ from the initially declared licenses. While declared licenses provide an upfront indication of the licensing intentions, concluded licenses offer a more thorough understanding of the actual licensing within a project, facilitating proper compliance and risk management. Observed licenses are defined in `@.evidence.licenses`. Observed licenses form the evidence necessary to substantiate a concluded license.
*
* @generated from field: optional cyclonedx.v1_7.LicenseAcknowledgementEnumeration acknowledgement = 4;
*/
acknowledgement?: LicenseAcknowledgementEnumeration | undefined;
/**
* Licensing details describing the licensor/licensee, license type, renewal and expiration dates, and other important metadata
*
* @generated from field: optional cyclonedx.v1_7.Licensing licensing = 5;
*/
licensing?: Licensing | undefined;
/**
* Specifies custom properties.
*
* @generated from field: repeated cyclonedx.v1_7.Property properties = 6;
*/
properties: Property[];
};
/**
* Describes the message cyclonedx.v1_7.LicenseExpressionDetailed.
* Use `create(LicenseExpressionDetailedSchema)` to create a new message.
*/
export declare const LicenseExpressionDetailedSchema: GenMessage<LicenseExpressionDetailed>;
/**
* This document specifies the details and attributes related to a software license identifier. An SPDX expression may be a compound of license identifiers.
* The `license_identifier` field serves as the key that identifies each record. Note that this key is not required to be unique, as the same license identifier could apply to multiple, different but similar license details, texts, etc.
*
* @generated from message cyclonedx.v1_7.LicenseExpressionDetailed.ExpressionDetails
*/
export type LicenseExpressionDetailed_ExpressionDetails = Message<"cyclonedx.v1_7.LicenseExpressionDetailed.ExpressionDetails"> & {
/**
* A valid SPDX license identifier. Refer to https://spdx.org/specifications for syntax requirements.
* This field serves as the primary key, which uniquely identifies each record.
* Example values:
* - "Apache-2.0",
* - "GPL-3.0-only WITH Classpath-exception-2.0"
* - "LicenseRef-my-custom-license"
*
* @generated from field: string license_identifier = 1;
*/
licenseIdentifier: string;
/**
* A identifier which can be used to reference the license elsewhere in the BOM. Uniqueness is enforced within all elements and children of the root-level bom element.
*
* @generated from field: optional string bom_ref = 2;
*/
bomRef?: string | undefined;
/**
* A way to include the textual content of the license.
*
* @generated from field: optional cyclonedx.v1_7.AttachedText text = 3;
*/
text?: AttachedText | undefined;
/**
* The URL to the license file. If specified, a 'license' externalReference should also be specified for completeness
*
* @generated from field: optional string url = 4;
*/
url?: string | undefined;
};
/**
* Describes the message cyclonedx.v1_7.LicenseExpressionDetailed.ExpressionDetails.
* Use `create(LicenseExpressionDetailed_ExpressionDetailsSchema)` to create a new message.
*/
export declare const LicenseExpressionDetailed_ExpressionDetailsSchema: GenMessage<LicenseExpressionDetailed_ExpressionDetails>;
/**
* @generated from message cyclonedx.v1_7.Licensing
*/
export type Licensing = Message<"cyclonedx.v1_7.Licensing"> & {
/**
* License identifiers that may be used to manage licenses and their lifecycle
*
* @generated from field: repeated string altIds = 1;
*/
altIds: string[];
/**
* The individual or organization that grants a license to another individual or organization
*
* @generated from field: optional cyclonedx.v1_7.OrganizationalEntityOrContact licensor = 2;
*/
licensor?: OrganizationalEntityOrContact | undefined;
/**
* The individual or organization for which a license was granted to
*
* @generated from field: optional cyclonedx.v1_7.OrganizationalEntityOrContact licensee = 3;
*/
licensee?: OrganizationalEntityOrContact | undefined;
/**
* The individual or organization that purchased the license
*
* @generated from field: optional cyclonedx.v1_7.OrganizationalEntityOrContact purchaser = 4;
*/
purchaser?: OrganizationalEntityOrContact | undefined;
/**
* The purchase order identifier the purchaser sent to a supplier or vendor to authorize a purchase
*
* @generated from field: optional string purchaseOrder = 5;
*/
purchaseOrder?: string | undefined;
/**
* The type of license(s) that was granted to the licensee
*
* @generated from field: repeated cyclonedx.v1_7.LicensingTypeEnum licenseTypes = 6;
*/
licenseTypes: LicensingTypeEnum[];
/**
* The timestamp indicating when the license was last renewed. For new purchases, this is often the purchase or acquisition date. For non-perpetual licenses or subscriptions, this is the timestamp of when the license was last renewed.
*
* @generated from field: optional google.protobuf.Timestamp lastRenewal = 7;
*/
lastRenewal?: Timestamp | undefined;
/**
* The timestamp indicating when the current license expires (if applicable).
*
* @generated from field: optional google.protobuf.Timestamp expiration = 8;
*/
expiration?: Timestamp | undefined;
};
/**
* Describes the message cyclonedx.v1_7.Licensing.
* Use `create(LicensingSchema)` to create a new message.
*/
export declare const LicensingSchema: GenMessage<Licensing>;
/**
* EITHER an organization OR an individual
*
* @generated from message cyclonedx.v1_7.OrganizationalEntityOrContact
*/
export type OrganizationalEntityOrContact = Message<"cyclonedx.v1_7.OrganizationalEntityOrContact"> & {
/**
* @generated from oneof cyclonedx.v1_7.OrganizationalEntityOrContact.choice
*/
choice: {
/**
* Organization
*
* @generated from field: cyclonedx.v1_7.OrganizationalEntity organization = 1;
*/
value: OrganizationalEntity;
case: "organization";
} | {
/**
* Individual
*
* @generated from field: cyclonedx.v1_7.OrganizationalContact individual = 2;
*/
value: OrganizationalContact;
case: "individual";
} | {
case: undefined;
value?: undefined;
};
};
/**
* Describes the message cyclonedx.v1_7.OrganizationalEntityOrContact.
* Use `create(OrganizationalEntityOrContactSchema)` to create a new message.
*/
export declare const OrganizationalEntityOrContactSchema: GenMessage<OrganizationalEntityOrContact>;
/**
* @generated from message cyclonedx.v1_7.Metadata
*/
export type Metadata = Message<"cyclonedx.v1_7.Metadata"> & {
/**
* The date and time (timestamp) when the document was created.
*
* @generated from field: optional google.protobuf.Timestamp timestamp = 1;
*/
timestamp?: Timestamp | undefined;
/**
* The tool(s) used in the creation of the BOM.
*
* @generated from field: optional cyclonedx.v1_7.Tool tools = 2;
*/
tools?: Tool | undefined;
/**
* The person(s) who created the BOM. Authors are common in BOMs created through manual processes. BOMs created through automated means may have '.manufacturer' instead.
*
* @generated from field: repeated cyclonedx.v1_7.OrganizationalContact authors = 3;
*/
authors: OrganizationalContact[];
/**
* The component that the BOM describes.
*
* @generated from field: optional cyclonedx.v1_7.Component component = 4;
*/
component?: Component | undefined;
/**
* DEPRECATED - DO NOT USE - This will be removed in a future version - Use the `.component.manufacturer` instead.
* The organization that manufactured the component that the BOM describes.
*
* @generated from field: optional cyclonedx.v1_7.OrganizationalEntity manufacture = 5 [deprecated = true];
* @deprecated
*/
manufacture?: OrganizationalEntity | undefined;
/**
* The organization that supplied the component that the BOM describes. The supplier may often be the manufacture, but may also be a distributor or repackager.
*
* @generated from field: optional cyclonedx.v1_7.OrganizationalEntity supplier = 6;
*/
supplier?: OrganizationalEntity | undefined;
/**
* The license information for the BOM document. This may be different from the license(s) of the component(s) that the BOM describes.
* A list of SPDX licenses and/or named licenses and/or SPDX License Expression.
*
* @generated from field: repeated cyclonedx.v1_7.LicenseChoice licenses = 7;
*/
licenses: LicenseChoice[];
/**
* Specifies custom properties.
*
* @generated from field: repeated cyclonedx.v1_7.Property properties = 8;
*/
properties: Property[];
/**
* Lifecycles communicate the stage(s) in which data in the BOM was captured. Different types of data may be available at various phases of a lifecycle, such as the Software Development Lifecycle (SDLC), IT Asset Management (ITAM), and Software Asset Management (SAM). Thus, a BOM may include data specific to or only obtainable in a given lifecycle.
*
* @generated from field: repeated cyclonedx.v1_7.Lifecycles lifecycles = 9;
*/
lifecycles: Lifecycles[];
/**
* The organization that created the BOM. Manufacturer is common in BOMs created through automated processes. BOMs created through manual means may have '.authors' instead.
*
* @generated from field: optional cyclonedx.v1_7.OrganizationalEntity manufacturer = 10;
*/
manufacturer?: OrganizationalEntity | undefined;
/**
* Conditions and constraints governing the sharing and distribution of the data or components described by this BOM.
*
* @generated from field: optional cyclonedx.v1_7.Metadata.DistributionConstraints distributionConstraints = 11;
*/
distributionConstraints?: Metadata_DistributionConstraints | undefined;
};
/**
* Describes the message cyclonedx.v1_7.Metadata.
* Use `create(MetadataSchema)` to create a new message.
*/
export declare const MetadataSchema: GenMessage<Metadata>;
/**
* @generated from message cyclonedx.v1_7.Metadata.DistributionConstraints
*/
export type Metadata_DistributionConstraints = Message<"cyclonedx.v1_7.Metadata.DistributionConstraints"> & {
/**
* The Traffic Light Protocol (TLP) classification that controls the sharing and distribution of the data that the BOM describes.
*
* @generated from field: optional cyclonedx.v1_7.TlpClassification tlp = 1;
*/
tlp?: TlpClassification | undefined;
};
/**
* Describes the message cyclonedx.v1_7.Metadata.DistributionConstraints.
* Use `create(Metadata_DistributionConstraintsSchema)` to create a new message.
*/
export declare const Metadata_DistributionConstraintsSchema: GenMessage<Metadata_DistributionConstraints>;
/**
* @generated from message cyclonedx.v1_7.Lifecycles
*/
export type Lifecycles = Message<"cyclonedx.v1_7.Lifecycles"> & {
/**
* @generated from oneof cyclonedx.v1_7.Lifecycles.choice
*/
choice: {
/**
* A pre-defined phase in the product lifecycle.
*
* @generated from field: cyclonedx.v1_7.LifecyclePhase phase = 1;
*/
value: LifecyclePhase;
case: "phase";
} | {
/**
* The name of the lifecycle phase
*
* @generated from field: string name = 2;
*/
value: string;
case: "name";
} | {
case: undefined;
value?: undefined;
};
/**
* The description of the lifecycle phase
*
* @generated from field: optional string description = 3;
*/
description?: string | undefined;
};
/**
* Describes the message cyclonedx.v1_7.Lifecycles.
* Use `create(LifecyclesSchema)` to create a new message.
*/
export declare const LifecyclesSchema: GenMessage<Lifecycles>;
/**
* @generated from message cyclonedx.v1_7.OrganizationalContact
*/
export type OrganizationalContact = Message<"cyclonedx.v1_7.OrganizationalContact"> & {
/**
* The name of the contact
*
* @generated from field: optional string name = 1;
*/
name?: string | undefined;
/**
* The email address of the contact.
*
* @generated from field: optional string email = 2;
*/
email?: string | undefined;
/**
* The phone number of the contact.
*
* @generated from field: optional string phone = 3;
*/
phone?: string | undefined;
/**
* A identifier which can be used to reference the object elsewhere in the BOM. Uniqueness is enforced within all elements and children of the root-level bom element.
*
* @generated from field: optional string bom_ref = 4;
*/
bomRef?: string | undefined;
};
/**
* Describes the message cyclonedx.v1_7.OrganizationalContact.
* Use `create(OrganizationalContactSchema)` to create a new message.
*/
export declare const OrganizationalContactSchema: GenMessage<OrganizationalContact>;
/**
* @generated from message cyclonedx.v1_7.OrganizationalEntity
*/
export type OrganizationalEntity = Message<"cyclonedx.v1_7.OrganizationalEntity"> & {
/**
* The name of the organization
*
* @generated from field: optional string name = 1;
*/
name?: string | undefined;
/**
* The URL of the organization. Multiple URLs are allowed.
*
* @generated from field: repeated string url = 2;
*/
url: string[];
/**
* A contact person at the organization. Multiple contacts are allowed.
*
* @generated from field: repeated cyclonedx.v1_7.OrganizationalContact contact = 3;
*/
contact: Organizat