diff --git a/schema/bom-1.6.proto b/schema/bom-1.6.proto
index d8d3abd3..511e7c34 100644
--- a/schema/bom-1.6.proto
+++ b/schema/bom-1.6.proto
@@ -171,16 +171,12 @@ enum DataFlowDirection {
}
message Dependency {
- enum DependencyType {
- DEPENDENCY_TYPE_IMPLEMENTS = 0;
- DEPENDENCY_TYPE_USES = 1;
- }
// References a component or service by the its bom-ref attribute
string ref = 1;
// The bom-ref identifiers of the components or services that are dependencies of this dependency object.
repeated Dependency dependencies = 2;
- // Defines and characterizes the type of dependency
- optional DependencyType type = 3;
+ // The bom-ref identifiers of the components or services that define a given specification or standard, which are provided or implemented by this dependency object.
+ repeated string provides = 3;
}
message Diff {
diff --git a/schema/bom-1.6.schema.json b/schema/bom-1.6.schema.json
index 51013151..4ecc4ae5 100644
--- a/schema/bom-1.6.schema.json
+++ b/schema/bom-1.6.schema.json
@@ -1766,11 +1766,14 @@
"title": "Depends On",
"description": "The bom-ref identifiers of the components or services that are dependencies of this dependency object."
},
- "type": {
- "type": "string",
- "title": "Dependency Type",
- "description": "Defines and characterizes the type of dependency",
- "$ref": "#/definitions/dependencyType"
+ "provides": {
+ "type": "array",
+ "uniqueItems": true,
+ "items": {
+ "$ref": "#/definitions/refLinkType"
+ },
+ "title": "Provides",
+ "description": "The bom-ref identifiers of the components or services that define a given specification or standard, which are provided or implemented by this dependency object.\nFor example, a cryptographic library which implements a cryptographic algorithm. A component which implements another component does not imply that the implementation is in use."
}
}
},
@@ -4601,20 +4604,6 @@
"title": "Signature",
"description": "Enveloped signature in [JSON Signature Format (JSF)](https://cyberphone.github.io/doc/security/jsf.html)."
},
- "dependencyType": {
- "type": "string",
- "title": "Dependency Type",
- "enum": [
- "implements",
- "uses"
- ],
- "meta:enum": {
- "implements": "Refers to a component or service that fulfills the requirements of a given specification or standard. For example, a cryptographic library which implements a cryptographic algorithm. A component which implements another component does not imply that the implementation is in use.",
- "uses": "Refers to a component or service that relies on another component or service, either explicitly via function calls or via configuration at run time."
- },
- "default": "uses",
- "description": "An optional field that describes the type of dependency."
- },
"cryptoProperties": {
"type": "object",
"title": "Cryptographic Properties",
diff --git a/schema/bom-1.6.xsd b/schema/bom-1.6.xsd
index 15a903b6..12731aa6 100644
--- a/schema/bom-1.6.xsd
+++ b/schema/bom-1.6.xsd
@@ -1851,18 +1851,32 @@ limitations under the License.
-
+
+
+ The component or service that is a dependency of this dependency object.
+
+
+
+
+
+ The component or service that define a given specification or standard, which is provided or implemented by this dependency object.
+ For example, a cryptographic library which implements a cryptographic algorithm. A component which implements another component does not imply that the implementation is in use.
+
+
+
+
+
+ References a component or service by its bom-ref attribute
+
+
+
+
References a component or service by its bom-ref attribute
-
-
- An optional field that describes the type of dependency.
-
-
User-defined attributes may be used on this element as long as they
@@ -1871,28 +1885,6 @@ limitations under the License.
-
-
-
-
-
- Refers to a component or service that fulfills the requirements of a given specification or
- standard. For example, a cryptographic library which implements a cryptographic algorithm.
- A component which implements another component does not imply that the implementation is in use.
-
-
-
-
-
-
- Refers to a component or service that relies on another component or service, either explicitly
- via function calls or via configuration at run time.
-
-
-
-
-
-
diff --git a/tools/src/test/resources/1.6/valid-cryptography-1.6.json b/tools/src/test/resources/1.6/valid-cryptography-implementation-1.6.json
similarity index 86%
rename from tools/src/test/resources/1.6/valid-cryptography-1.6.json
rename to tools/src/test/resources/1.6/valid-cryptography-implementation-1.6.json
index b498646a..3bff0945 100644
--- a/tools/src/test/resources/1.6/valid-cryptography-1.6.json
+++ b/tools/src/test/resources/1.6/valid-cryptography-implementation-1.6.json
@@ -37,18 +37,23 @@
"bom-ref": "crypto-library",
"name": "Crypto library",
"version": "1.0.0"
+ },
+ {
+ "type": "library",
+ "bom-ref": "some-library",
+ "name": "Some library",
+ "version": "1.0.0"
}
],
"dependencies": [
{
"ref": "acme-application",
- "type": "uses",
"dependsOn": ["crypto-library"]
},
{
"ref": "crypto-library",
- "type": "implements",
- "dependsOn": ["aes128gcm"]
+ "provides": ["aes128gcm"],
+ "dependsOn": ["some-library"]
}
]
}
diff --git a/tools/src/test/resources/1.6/valid-cryptography-1.6.textproto b/tools/src/test/resources/1.6/valid-cryptography-implementation-1.6.textproto
similarity index 85%
rename from tools/src/test/resources/1.6/valid-cryptography-1.6.textproto
rename to tools/src/test/resources/1.6/valid-cryptography-implementation-1.6.textproto
index ccc3dbb0..a7b1a0be 100644
--- a/tools/src/test/resources/1.6/valid-cryptography-1.6.textproto
+++ b/tools/src/test/resources/1.6/valid-cryptography-implementation-1.6.textproto
@@ -1,3 +1,6 @@
+# proto-file: schema/bom-1.6.proto
+# proto-message:
+
spec_version: "1.6"
version: 1
serial_number: "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79"
@@ -40,21 +43,26 @@ components: [
bom_ref: "crypto-library"
name: "Crypto library"
version: "1.0.0"
+ },
+ {
+ type: CLASSIFICATION_LIBRARY
+ bom_ref: "some-library"
+ name: "Some library"
+ version: "1.0.0"
}
],
dependencies: [
{
ref: "acme-application"
- type: DEPENDENCY_TYPE_USES
dependencies {
ref: "crypto-library"
}
},
{
ref: "crypto-library"
- type: DEPENDENCY_TYPE_IMPLEMENTS
+ provides: [ "aes128gcm" ]
dependencies {
- ref: "aes128gcm"
+ ref: "some-library"
}
}
]
diff --git a/tools/src/test/resources/1.6/valid-cryptography-1.6.xml b/tools/src/test/resources/1.6/valid-cryptography-implementation-1.6.xml
similarity index 85%
rename from tools/src/test/resources/1.6/valid-cryptography-1.6.xml
rename to tools/src/test/resources/1.6/valid-cryptography-implementation-1.6.xml
index 4639eb5c..d9c97fee 100644
--- a/tools/src/test/resources/1.6/valid-cryptography-1.6.xml
+++ b/tools/src/test/resources/1.6/valid-cryptography-implementation-1.6.xml
@@ -34,13 +34,18 @@
Crypto Library
1.0.0
+
+ Some Library
+ 1.0.0
+
-
+
-
-
+
+
+