Description
Currently, the data models in this library are largely written and maintained manually. While this approach has worked so far, it is time-consuming and requires significant effort for both implementation and review. This effort could be better invested in feature development and bug fixing.
With CycloneDX 2.0, the specification will be provided in a modularized, machine-readable JSON Schema format. This creates a strong opportunity to rethink how data models are created and maintained in this project, moving away from manual implementations toward automated generation.
Reference (work in progress):
Problem
- Data models are mostly handwritten
- High maintenance overhead
- Repetitive work for contributors
- Slows down development velocity due to review effort
Proposal
Leverage the official modularized JSON Schema provided with CycloneDX 2.0 to introduce static code generation for data models.
This would involve:
- Parsing the official CycloneDX 2.0 JSON Schema
- Generating PHP data models automatically from the schema
- Integrating code generation into the build and/or release process
- Minimizing manual intervention for future specification updates
Previous proof-of-concept implementations have already demonstrated that generating data models from the specification is feasible. These efforts should be revisited, consolidated, and formalized as part of this initiative.
Pipeline:
CycloneDX JSON Schema
↓
Preprocessing (if needed)
↓
Code Generation (datamodel-code-generator)
↓
Post-processing (formatting, adjustments)
↓
Generated Python Models
Possible Tools / Libraries
The following tools and approaches could be evaluated for generating PHP models from JSON Schema:
Expected Benefits
- Significant reduction in maintenance effort
- Improved consistency and correctness across models
- Faster adoption of new specification versions
- Reduced review overhead
- More time available for feature development and bug fixing
Considerations / Open Questions
- Should generated code be committed to the repository or generated during build time?
- decision: generated before build time, and commited to the repo
- How should custom logic or extensions be layered on top of generated models?
- How to ensure backward compatibility with CycloneDX 1.x?
- unclear yet, easy path: breaking change in the library, support only 2.x from then on
- What level of customization/configuration is required in the generation pipeline?
Additional Context
This proposal aligns directly with the direction of CycloneDX 2.0, which introduces a modular, JSON Schema–based specification explicitly designed for tooling and automation. Adopting code generation early will significantly improve the long-term maintainability and scalability of this library.
Note: This issue is intended as a meta-ticket to collect related subtasks and track overall implementation efforts.
Description
Currently, the data models in this library are largely written and maintained manually. While this approach has worked so far, it is time-consuming and requires significant effort for both implementation and review. This effort could be better invested in feature development and bug fixing.
With CycloneDX 2.0, the specification will be provided in a modularized, machine-readable JSON Schema format. This creates a strong opportunity to rethink how data models are created and maintained in this project, moving away from manual implementations toward automated generation.
Reference (work in progress):
Problem
Proposal
Leverage the official modularized JSON Schema provided with CycloneDX 2.0 to introduce static code generation for data models.
This would involve:
Previous proof-of-concept implementations have already demonstrated that generating data models from the specification is feasible. These efforts should be revisited, consolidated, and formalized as part of this initiative.
Pipeline:
Possible Tools / Libraries
The following tools and approaches could be evaluated for generating PHP models from JSON Schema:
quicktype — Apache 2.0
Generates typed models (including PHP) from JSON Schema, JSON, GraphQL, etc.
https://www.npmjs.com/package/quicktype
Jane PHP — MIT
A JSON Schema / OpenAPI code generator for PHP.
https://packagist.org/packages/jane/php
json-schema-to-php (various implementations) — MIT / permissive
Converts JSON Schema definitions into PHP class structures
OpenAPI Generator — Apache 2.0
Could be used if the schema is transformed into OpenAPI-compatible format
https://github.com/OpenAPITools/openapi-generator
Expected Benefits
Considerations / Open Questions
Additional Context
This proposal aligns directly with the direction of CycloneDX 2.0, which introduces a modular, JSON Schema–based specification explicitly designed for tooling and automation. Adopting code generation early will significantly improve the long-term maintainability and scalability of this library.
Note: This issue is intended as a meta-ticket to collect related subtasks and track overall implementation efforts.