mirror of
https://github.com/anchore/grype
synced 2024-11-15 08:47:11 +00:00
184 lines
8.1 KiB
XML
184 lines
8.1 KiB
XML
<?xml version="1.0" encoding="UTF-8"?>
|
|
<!--
|
|
CycloneDX BOM Descriptor Extension
|
|
|
|
Licensed under the Apache License, Version 2.0 (the "License");
|
|
you may not use this file except in compliance with the License.
|
|
You may obtain a copy of the License at
|
|
|
|
http://www.apache.org/licenses/LICENSE-2.0
|
|
|
|
Unless required by applicable law or agreed to in writing, software
|
|
distributed under the License is distributed on an "AS IS" BASIS,
|
|
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
See the License for the specific language governing permissions and
|
|
limitations under the License.
|
|
-->
|
|
<xs:schema xmlns:xs="http://www.w3.org/2001/XMLSchema"
|
|
xmlns:vc="http://www.w3.org/2007/XMLSchema-versioning"
|
|
xmlns:bom="http://cyclonedx.org/schema/bom/1.1"
|
|
xmlns:bd="http://cyclonedx.org/schema/ext/bom-descriptor/1.0"
|
|
xmlns:v="http://cyclonedx.org/schema/ext/vulnerability/1.0"
|
|
elementFormDefault="qualified"
|
|
targetNamespace="http://cyclonedx.org/schema/ext/bom-descriptor/1.0"
|
|
vc:minVersion="1.0"
|
|
vc:maxVersion="1.1"
|
|
version="1.0">
|
|
|
|
<xs:annotation>
|
|
<xs:documentation>
|
|
<name>CycloneDX BOM Descriptor Extension</name>
|
|
<url>https://cyclonedx.org/ext/bom-descriptor</url>
|
|
<license uri="http://www.apache.org/licenses/LICENSE-2.0"
|
|
version="2.0">Apache License, Version 2.0</license>
|
|
<authors>
|
|
<author>Steve Springett</author>
|
|
</authors>
|
|
</xs:documentation>
|
|
</xs:annotation>
|
|
|
|
<xs:import namespace="http://cyclonedx.org/schema/bom/1.1" schemaLocation="http://cyclonedx.org/schema/bom/1.1"/>
|
|
|
|
<xs:complexType name="metadata">
|
|
<xs:sequence minOccurs="0" maxOccurs="1">
|
|
<xs:element name="timestamp" type="xs:dateTime" minOccurs="0">
|
|
<xs:annotation>
|
|
<xs:documentation>The date and time (timestamp) when the document was created.</xs:documentation>
|
|
</xs:annotation>
|
|
</xs:element>
|
|
<xs:element name="tool" minOccurs="0" type="bd:toolType">
|
|
<xs:annotation>
|
|
<xs:documentation>The tool used to create the BOM.</xs:documentation>
|
|
</xs:annotation>
|
|
</xs:element>
|
|
<xs:element name="authors" minOccurs="0" maxOccurs="1">
|
|
<xs:annotation>
|
|
<xs:documentation>The person(s) who created the BOM. Authors are common in BOMs created through
|
|
manual processes. BOMs created through automated means may not have authors.</xs:documentation>
|
|
</xs:annotation>
|
|
<xs:complexType>
|
|
<xs:sequence minOccurs="0" maxOccurs="unbounded">
|
|
<xs:element name="author" type="bd:organizationalPerson"/>
|
|
</xs:sequence>
|
|
</xs:complexType>
|
|
</xs:element>
|
|
<xs:element name="component" type="bom:component" minOccurs="0">
|
|
<xs:annotation>
|
|
<xs:documentation>The component that the BOM describes.</xs:documentation>
|
|
</xs:annotation>
|
|
</xs:element>
|
|
<xs:element name="manufacture" type="bd:organizationalEntity" minOccurs="0" maxOccurs="unbounded">
|
|
<xs:annotation>
|
|
<xs:documentation>The organization that manufactured the component that the BOM describes.</xs:documentation>
|
|
</xs:annotation>
|
|
</xs:element>
|
|
<xs:element name="supplier" type="bd:organizationalEntity" minOccurs="0" maxOccurs="unbounded">
|
|
<xs:annotation>
|
|
<xs:documentation>The organization that supplied the component that the BOM describes. The
|
|
supplier may often be the manufacture, but may also be a distributor or repackager.</xs:documentation>
|
|
</xs:annotation>
|
|
</xs:element>
|
|
</xs:sequence>
|
|
<xs:anyAttribute namespace="##other" processContents="lax">
|
|
<xs:annotation>
|
|
<xs:documentation>User-defined attributes may be used on this element as long as they
|
|
do not have the same name as an existing attribute used by the schema.</xs:documentation>
|
|
</xs:annotation>
|
|
</xs:anyAttribute>
|
|
</xs:complexType>
|
|
|
|
<xs:complexType name="organizationalEntity">
|
|
<xs:sequence minOccurs="0" maxOccurs="1">
|
|
<xs:element name="name" type="xs:normalizedString" minOccurs="0" maxOccurs="1">
|
|
<xs:annotation>
|
|
<xs:documentation>The name of the organization</xs:documentation>
|
|
</xs:annotation>
|
|
</xs:element>
|
|
<xs:element name="url" type="xs:anyURI" minOccurs="0" maxOccurs="unbounded">
|
|
<xs:annotation>
|
|
<xs:documentation>The URL of the organization. Multiple URLs are allowed.</xs:documentation>
|
|
</xs:annotation>
|
|
</xs:element>
|
|
<xs:element name="contact" type="bd:organizationalPerson" minOccurs="0" maxOccurs="unbounded">
|
|
<xs:annotation>
|
|
<xs:documentation>A contact person at the organization. Multiple contacts are allowed.</xs:documentation>
|
|
</xs:annotation>
|
|
</xs:element>
|
|
</xs:sequence>
|
|
<xs:anyAttribute namespace="##other" processContents="lax">
|
|
<xs:annotation>
|
|
<xs:documentation>User-defined attributes may be used on this element as long as they
|
|
do not have the same name as an existing attribute used by the schema.</xs:documentation>
|
|
</xs:annotation>
|
|
</xs:anyAttribute>
|
|
</xs:complexType>
|
|
|
|
<xs:complexType name="toolType">
|
|
<xs:annotation>
|
|
<xs:documentation>Specifies a tool (manual or automated).</xs:documentation>
|
|
</xs:annotation>
|
|
<xs:sequence minOccurs="0" maxOccurs="1">
|
|
<xs:element name="vendor" minOccurs="0" maxOccurs="1" type="xs:normalizedString">
|
|
<xs:annotation>
|
|
<xs:documentation>The vendor of the tool used to create the BOM.</xs:documentation>
|
|
</xs:annotation>
|
|
</xs:element>
|
|
<xs:element name="name" minOccurs="0" maxOccurs="1" type="xs:normalizedString">
|
|
<xs:annotation>
|
|
<xs:documentation>The name of the tool used to create the BOM.</xs:documentation>
|
|
</xs:annotation>
|
|
</xs:element>
|
|
<xs:element name="version" minOccurs="0" maxOccurs="1" type="xs:normalizedString">
|
|
<xs:annotation>
|
|
<xs:documentation>The version of the tool used to create the BOM.</xs:documentation>
|
|
</xs:annotation>
|
|
</xs:element>
|
|
<xs:element name="hashes" minOccurs="0" maxOccurs="1">
|
|
<xs:complexType>
|
|
<xs:sequence minOccurs="0" maxOccurs="unbounded">
|
|
<xs:element name="hash" type="bom:hashType"/>
|
|
</xs:sequence>
|
|
</xs:complexType>
|
|
</xs:element>
|
|
</xs:sequence>
|
|
<xs:anyAttribute namespace="##other" processContents="lax">
|
|
<xs:annotation>
|
|
<xs:documentation>User-defined attributes may be used on this element as long as they
|
|
do not have the same name as an existing attribute used by the schema.</xs:documentation>
|
|
</xs:annotation>
|
|
</xs:anyAttribute>
|
|
</xs:complexType>
|
|
|
|
<xs:complexType name="organizationalPerson">
|
|
<xs:sequence minOccurs="0" maxOccurs="1">
|
|
<xs:element name="name" type="xs:normalizedString" minOccurs="0" maxOccurs="1">
|
|
<xs:annotation>
|
|
<xs:documentation>The name of the person</xs:documentation>
|
|
</xs:annotation>
|
|
</xs:element>
|
|
<xs:element name="email" type="xs:normalizedString" minOccurs="0" maxOccurs="unbounded">
|
|
<xs:annotation>
|
|
<xs:documentation>The email address of the person. Multiple email addresses are allowed.</xs:documentation>
|
|
</xs:annotation>
|
|
</xs:element>
|
|
<xs:element name="phone" type="xs:normalizedString" minOccurs="0" maxOccurs="unbounded">
|
|
<xs:annotation>
|
|
<xs:documentation>The phone number of the person. Multiple phone numbers are allowed.</xs:documentation>
|
|
</xs:annotation>
|
|
</xs:element>
|
|
</xs:sequence>
|
|
<xs:anyAttribute namespace="##other" processContents="lax">
|
|
<xs:annotation>
|
|
<xs:documentation>User-defined attributes may be used on this element as long as they
|
|
do not have the same name as an existing attribute used by the schema.</xs:documentation>
|
|
</xs:annotation>
|
|
</xs:anyAttribute>
|
|
</xs:complexType>
|
|
|
|
<xs:element name="metadata" type="bd:metadata">
|
|
<xs:annotation>
|
|
<xs:documentation>Provides additional information about a BOM.</xs:documentation>
|
|
</xs:annotation>
|
|
</xs:element>
|
|
|
|
</xs:schema>
|