Skip to content

Commit b29bae6

Browse files
authored
CycloneDX 1.7.1 - Schema Alignment & Typo-/Bug‑Fix Release (#932)
## Fixed – Schema Alignment * Protobuf: added the optional, repeated field `ModelCard.property` ([#726] via [#743]) * XML: added the optional, repeated node `//modelCard/properties` ([#726] via [#743]) * XML: changed the node `//modelCard/considerations/users/user` from optional to optional and repeated ([#737] via [#744]) * XML: changed the node `//modelCard/considerations/useCases/useCase` from optional to optional and repeated ([#737] via [#744]) * XML: changed the node `//modelCard/considerations/technicalLimitations/technicalLimitation` from optional to optional and repeated ([#737] via [#744]) * XML: changed the node `//modelCard/considerations/performanceTradeoffs/performanceTradeoff` from optional to optional and repeated ([#737] via [#744]) ## Tests * Added test cases for the updated schemas. [#726]: #726 [#743]: #743 [#737]: #737 [#744]: #744 ----- - fixes #917 - fixes #726 - fixes #737 --- progress: https://github.com/CycloneDX/specification/milestone/13 intended release: v1.7.1 backports: - 1.5.1 - #933 - 1.6.2 - #934
2 parents 06e31b4 + 0e38ff6 commit b29bae6

15 files changed

Lines changed: 171 additions & 33 deletions

schema/bom-1.5.proto

Lines changed: 3 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,5 +1,5 @@
11
syntax = "proto3";
2-
package cyclonedx.v1_5;
2+
package cyclonedx.v1_5; // 1.5.1
33
import "google/protobuf/timestamp.proto";
44

55
// Specifies attributes of the text
@@ -1009,6 +1009,8 @@ message ModelCard {
10091009
optional QuantitativeAnalysis quantitativeAnalysis = 3;
10101010
// What considerations should be taken into account regarding the model's construction, training, and application?
10111011
optional ModelCardConsiderations considerations = 4;
1012+
// Specifies optional, custom, properties
1013+
repeated Property properties = 5;
10121014

10131015
message ModelParameters {
10141016
// The overall approach to learning used by the model for problem solving.

schema/bom-1.5.xsd

Lines changed: 15 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -22,7 +22,7 @@ limitations under the License.
2222
targetNamespace="http://cyclonedx.org/schema/bom/1.5"
2323
vc:minVersion="1.0"
2424
vc:maxVersion="1.1"
25-
version="1.5.0">
25+
version="1.5.1">
2626

2727
<xs:import namespace="http://cyclonedx.org/schema/spdx" schemaLocation="http://cyclonedx.org/schema/spdx"/>
2828

@@ -2885,7 +2885,7 @@ limitations under the License.
28852885
</xs:annotation>
28862886
<xs:complexType>
28872887
<xs:sequence>
2888-
<xs:element name="user" type="xs:string" minOccurs="0" maxOccurs="1" />
2888+
<xs:element name="user" type="xs:string" minOccurs="0" maxOccurs="unbounded" />
28892889
</xs:sequence>
28902890
</xs:complexType>
28912891
</xs:element>
@@ -2897,7 +2897,7 @@ limitations under the License.
28972897
</xs:annotation>
28982898
<xs:complexType>
28992899
<xs:sequence>
2900-
<xs:element name="useCase" type="xs:string" minOccurs="0" maxOccurs="1" />
2900+
<xs:element name="useCase" type="xs:string" minOccurs="0" maxOccurs="unbounded" />
29012901
</xs:sequence>
29022902
</xs:complexType>
29032903
</xs:element>
@@ -2911,7 +2911,7 @@ limitations under the License.
29112911
</xs:annotation>
29122912
<xs:complexType>
29132913
<xs:sequence>
2914-
<xs:element name="technicalLimitation" type="xs:string" minOccurs="0" maxOccurs="1" />
2914+
<xs:element name="technicalLimitation" type="xs:string" minOccurs="0" maxOccurs="unbounded" />
29152915
</xs:sequence>
29162916
</xs:complexType>
29172917
</xs:element>
@@ -2923,7 +2923,7 @@ limitations under the License.
29232923
</xs:annotation>
29242924
<xs:complexType>
29252925
<xs:sequence>
2926-
<xs:element name="performanceTradeoff" type="xs:string" minOccurs="0" maxOccurs="1" />
2926+
<xs:element name="performanceTradeoff" type="xs:string" minOccurs="0" maxOccurs="unbounded" />
29272927
</xs:sequence>
29282928
</xs:complexType>
29292929
</xs:element>
@@ -3008,6 +3008,16 @@ limitations under the License.
30083008
</xs:sequence>
30093009
</xs:complexType>
30103010
</xs:element>
3011+
<xs:element name="properties" type="bom:propertiesType" minOccurs="0" maxOccurs="1">
3012+
<xs:annotation>
3013+
<xs:documentation>Provides the ability to document properties in a name/value store.
3014+
This provides flexibility to include data not officially supported in the standard
3015+
without having to use additional namespaces or create extensions. Property names
3016+
of interest to the general public are encouraged to be registered in the
3017+
CycloneDX Property Taxonomy - https://github.com/CycloneDX/cyclonedx-property-taxonomy.
3018+
Formal registration is OPTIONAL.</xs:documentation>
3019+
</xs:annotation>
3020+
</xs:element>
30113021
</xs:sequence>
30123022
<xs:attribute name="bom-ref" type="bom:refType">
30133023
<xs:annotation>

schema/bom-1.6.proto

Lines changed: 3 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,5 +1,5 @@
11
syntax = "proto3";
2-
package cyclonedx.v1_6; // version 1.6.1
2+
package cyclonedx.v1_6; // version 1.6.2
33
import "google/protobuf/timestamp.proto";
44

55
// Specifies attributes of the text
@@ -1152,6 +1152,8 @@ message ModelCard {
11521152
optional QuantitativeAnalysis quantitativeAnalysis = 3;
11531153
// What considerations should be taken into account regarding the model's construction, training, and application?
11541154
optional ModelCardConsiderations considerations = 4;
1155+
// Specifies optional, custom, properties
1156+
repeated Property properties = 5;
11551157

11561158
message ModelParameters {
11571159
// The overall approach to learning used by the model for problem-solving.

schema/bom-1.6.xsd

Lines changed: 15 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -22,7 +22,7 @@ limitations under the License.
2222
targetNamespace="http://cyclonedx.org/schema/bom/1.6"
2323
vc:minVersion="1.0"
2424
vc:maxVersion="1.1"
25-
version="1.6.1">
25+
version="1.6.2">
2626

2727
<xs:import namespace="http://cyclonedx.org/schema/spdx" schemaLocation="http://cyclonedx.org/schema/spdx"/>
2828

@@ -3256,7 +3256,7 @@ limitations under the License.
32563256
</xs:annotation>
32573257
<xs:complexType>
32583258
<xs:sequence>
3259-
<xs:element name="user" type="xs:string" minOccurs="0" maxOccurs="1" />
3259+
<xs:element name="user" type="xs:string" minOccurs="0" maxOccurs="unbounded" />
32603260
</xs:sequence>
32613261
</xs:complexType>
32623262
</xs:element>
@@ -3268,7 +3268,7 @@ limitations under the License.
32683268
</xs:annotation>
32693269
<xs:complexType>
32703270
<xs:sequence>
3271-
<xs:element name="useCase" type="xs:string" minOccurs="0" maxOccurs="1" />
3271+
<xs:element name="useCase" type="xs:string" minOccurs="0" maxOccurs="unbounded" />
32723272
</xs:sequence>
32733273
</xs:complexType>
32743274
</xs:element>
@@ -3282,7 +3282,7 @@ limitations under the License.
32823282
</xs:annotation>
32833283
<xs:complexType>
32843284
<xs:sequence>
3285-
<xs:element name="technicalLimitation" type="xs:string" minOccurs="0" maxOccurs="1" />
3285+
<xs:element name="technicalLimitation" type="xs:string" minOccurs="0" maxOccurs="unbounded" />
32863286
</xs:sequence>
32873287
</xs:complexType>
32883288
</xs:element>
@@ -3294,7 +3294,7 @@ limitations under the License.
32943294
</xs:annotation>
32953295
<xs:complexType>
32963296
<xs:sequence>
3297-
<xs:element name="performanceTradeoff" type="xs:string" minOccurs="0" maxOccurs="1" />
3297+
<xs:element name="performanceTradeoff" type="xs:string" minOccurs="0" maxOccurs="unbounded" />
32983298
</xs:sequence>
32993299
</xs:complexType>
33003300
</xs:element>
@@ -3386,6 +3386,16 @@ limitations under the License.
33863386
</xs:sequence>
33873387
</xs:complexType>
33883388
</xs:element>
3389+
<xs:element name="properties" type="bom:propertiesType" minOccurs="0" maxOccurs="1">
3390+
<xs:annotation>
3391+
<xs:documentation>Provides the ability to document properties in a name/value store.
3392+
This provides flexibility to include data not officially supported in the standard
3393+
without having to use additional namespaces or create extensions. Property names
3394+
of interest to the general public are encouraged to be registered in the
3395+
CycloneDX Property Taxonomy - https://github.com/CycloneDX/cyclonedx-property-taxonomy.
3396+
Formal registration is OPTIONAL.</xs:documentation>
3397+
</xs:annotation>
3398+
</xs:element>
33893399
</xs:sequence>
33903400
<xs:attribute name="bom-ref" type="bom:refType">
33913401
<xs:annotation>

schema/bom-1.7.proto

Lines changed: 3 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,5 +1,5 @@
11
syntax = "proto3";
2-
package cyclonedx.v1_7;
2+
package cyclonedx.v1_7; // 1.7.1
33
import "google/protobuf/timestamp.proto";
44

55
// Specifies attributes of the text
@@ -1254,6 +1254,8 @@ message ModelCard {
12541254
optional QuantitativeAnalysis quantitativeAnalysis = 3;
12551255
// What considerations should be taken into account regarding the model's construction, training, and application?
12561256
optional ModelCardConsiderations considerations = 4;
1257+
// Specifies optional, custom, properties
1258+
repeated Property properties = 5;
12571259

12581260
message ModelParameters {
12591261
// The overall approach to learning used by the model for problem-solving.

schema/bom-1.7.xsd

Lines changed: 15 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -22,7 +22,7 @@ limitations under the License.
2222
targetNamespace="http://cyclonedx.org/schema/bom/1.7"
2323
vc:minVersion="1.0"
2424
vc:maxVersion="1.1"
25-
version="1.7.0">
25+
version="1.7.1">
2626

2727
<xs:import namespace="http://cyclonedx.org/schema/spdx" schemaLocation="http://cyclonedx.org/schema/spdx"/>
2828

@@ -3499,7 +3499,7 @@ limitations under the License.
34993499
</xs:annotation>
35003500
<xs:complexType>
35013501
<xs:sequence>
3502-
<xs:element name="user" type="xs:string" minOccurs="0" maxOccurs="1" />
3502+
<xs:element name="user" type="xs:string" minOccurs="0" maxOccurs="unbounded" />
35033503
</xs:sequence>
35043504
</xs:complexType>
35053505
</xs:element>
@@ -3511,7 +3511,7 @@ limitations under the License.
35113511
</xs:annotation>
35123512
<xs:complexType>
35133513
<xs:sequence>
3514-
<xs:element name="useCase" type="xs:string" minOccurs="0" maxOccurs="1" />
3514+
<xs:element name="useCase" type="xs:string" minOccurs="0" maxOccurs="unbounded" />
35153515
</xs:sequence>
35163516
</xs:complexType>
35173517
</xs:element>
@@ -3525,7 +3525,7 @@ limitations under the License.
35253525
</xs:annotation>
35263526
<xs:complexType>
35273527
<xs:sequence>
3528-
<xs:element name="technicalLimitation" type="xs:string" minOccurs="0" maxOccurs="1" />
3528+
<xs:element name="technicalLimitation" type="xs:string" minOccurs="0" maxOccurs="unbounded" />
35293529
</xs:sequence>
35303530
</xs:complexType>
35313531
</xs:element>
@@ -3537,7 +3537,7 @@ limitations under the License.
35373537
</xs:annotation>
35383538
<xs:complexType>
35393539
<xs:sequence>
3540-
<xs:element name="performanceTradeoff" type="xs:string" minOccurs="0" maxOccurs="1" />
3540+
<xs:element name="performanceTradeoff" type="xs:string" minOccurs="0" maxOccurs="unbounded" />
35413541
</xs:sequence>
35423542
</xs:complexType>
35433543
</xs:element>
@@ -3629,6 +3629,16 @@ limitations under the License.
36293629
</xs:sequence>
36303630
</xs:complexType>
36313631
</xs:element>
3632+
<xs:element name="properties" type="bom:propertiesType" minOccurs="0" maxOccurs="1">
3633+
<xs:annotation>
3634+
<xs:documentation>Provides the ability to document properties in a name/value store.
3635+
This provides flexibility to include data not officially supported in the standard
3636+
without having to use additional namespaces or create extensions. Property names
3637+
of interest to the general public are encouraged to be registered in the
3638+
CycloneDX Property Taxonomy - https://github.com/CycloneDX/cyclonedx-property-taxonomy.
3639+
Formal registration is OPTIONAL.</xs:documentation>
3640+
</xs:annotation>
3641+
</xs:element>
36323642
</xs:sequence>
36333643
<xs:attribute name="bom-ref" type="bom:refType">
36343644
<xs:annotation>

tools/src/test/resources/1.5/valid-machine-learning-1.5.json

Lines changed: 19 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -60,16 +60,20 @@
6060
},
6161
"considerations": {
6262
"users": [
63-
"Who are the intended users of the model?"
63+
"Who are the intended users of the model?",
64+
"Data scientists and ML researchers"
6465
],
6566
"useCases": [
66-
"Who are the intended users of the model?"
67+
"Who are the intended users of the model?",
68+
"Text-to-image generation for creative applications"
6769
],
6870
"technicalLimitations": [
69-
"What are the known technical limitations of the model? E.g. What kind(s) of data should the model be expected not to perform well on? What are the factors that might degrade model performance?"
71+
"What are the known technical limitations of the model? E.g. What kind(s) of data should the model be expected not to perform well on? What are the factors that might degrade model performance?",
72+
"Limited performance on non-photographic styles"
7073
],
7174
"performanceTradeoffs": [
72-
"What are the known tradeoffs in accuracy/performance of the model?"
75+
"What are the known tradeoffs in accuracy/performance of the model?",
76+
"Higher resolution output requires more computational resources"
7377
],
7478
"ethicalConsiderations": [
7579
{
@@ -85,7 +89,17 @@
8589
"mitigationStrategy": "With respect to the benefits and harms outlined, please describe any mitigation strategy implemented."
8690
}
8791
]
88-
}
92+
},
93+
"properties": [
94+
{
95+
"name": "modelcard:custom-property",
96+
"value": "custom-value"
97+
},
98+
{
99+
"name": "modelcard:another-custom-property",
100+
"value": "another-custom-value"
101+
}
102+
]
89103
}
90104
}
91105
]

tools/src/test/resources/1.5/valid-machine-learning-1.5.textproto

Lines changed: 12 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -48,9 +48,13 @@ components {
4848
}
4949
considerations: {
5050
users: "Who are the intended users of the model?"
51+
users: "Data scientists and ML researchers"
5152
useCases: "Who are the intended users of the model?"
53+
useCases: "Text-to-image generation for creative applications"
5254
technicalLimitations: "What are the known technical limitations of the model? E.g. What kind(s) of data should the model be expected not to perform well on? What are the factors that might degrade model performance?"
55+
technicalLimitations: "Limited performance on non-photographic styles"
5356
performanceTradeoffs: "What are the known tradeoffs in accuracy/performance of the model?"
57+
performanceTradeoffs: "Higher resolution output requires more computational resources"
5458
ethicalConsiderations: {
5559
name: "The name of the risk"
5660
mitigationStrategy: "Strategy used to address this risk"
@@ -62,5 +66,13 @@ components {
6266
mitigationStrategy: "With respect to the benefits and harms outlined, please describe any mitigation strategy implemented."
6367
}
6468
}
69+
properties: {
70+
name: "modelcard:custom-property"
71+
value: "custom-value"
72+
}
73+
properties: {
74+
name: "modelcard:another-custom-property"
75+
value: "another-custom-value"
76+
}
6577
}
6678
}

tools/src/test/resources/1.5/valid-machine-learning-1.5.xml

Lines changed: 8 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -61,15 +61,19 @@
6161
<considerations>
6262
<users>
6363
<user>Who are the intended users of the model?</user>
64+
<user>Data scientists and ML researchers</user>
6465
</users>
6566
<useCases>
6667
<useCase>Who are the intended users of the model?</useCase>
68+
<useCase>Text-to-image generation for creative applications</useCase>
6769
</useCases>
6870
<technicalLimitations>
6971
<technicalLimitation>What are the known technical limitations of the model?</technicalLimitation>
72+
<technicalLimitation>Limited performance on non-photographic styles</technicalLimitation>
7073
</technicalLimitations>
7174
<performanceTradeoffs>
7275
<performanceTradeoff>What are the known tradeoffs in accuracy/performance of the model?</performanceTradeoff>
76+
<performanceTradeoff>Higher resolution output requires more computational resources</performanceTradeoff>
7377
</performanceTradeoffs>
7478
<ethicalConsiderations>
7579
<ethicalConsideration>
@@ -86,6 +90,10 @@
8690
</fairnessAssessment>
8791
</fairnessAssessments>
8892
</considerations>
93+
<properties>
94+
<property name="modelcard:custom-property">custom-value</property>
95+
<property name="modelcard:another-custom-property">another-custom-value</property>
96+
</properties>
8997
</modelCard>
9098
</component>
9199
</components>

tools/src/test/resources/1.6/valid-machine-learning-1.6.json

Lines changed: 19 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -62,16 +62,20 @@
6262
},
6363
"considerations": {
6464
"users": [
65-
"Who are the intended users of the model?"
65+
"Who are the intended users of the model?",
66+
"Data scientists and ML researchers"
6667
],
6768
"useCases": [
68-
"Who are the intended users of the model?"
69+
"Who are the intended users of the model?",
70+
"Text-to-image generation for creative applications"
6971
],
7072
"technicalLimitations": [
71-
"What are the known technical limitations of the model? E.g. What kind(s) of data should the model be expected not to perform well on? What are the factors that might degrade model performance?"
73+
"What are the known technical limitations of the model? E.g. What kind(s) of data should the model be expected not to perform well on? What are the factors that might degrade model performance?",
74+
"Limited performance on non-photographic styles"
7275
],
7376
"performanceTradeoffs": [
74-
"What are the known tradeoffs in accuracy/performance of the model?"
77+
"What are the known tradeoffs in accuracy/performance of the model?",
78+
"Higher resolution output requires more computational resources"
7579
],
7680
"ethicalConsiderations": [
7781
{
@@ -87,7 +91,17 @@
8791
"mitigationStrategy": "With respect to the benefits and harms outlined, please describe any mitigation strategy implemented."
8892
}
8993
]
90-
}
94+
},
95+
"properties": [
96+
{
97+
"name": "modelcard:custom-property",
98+
"value": "custom-value"
99+
},
100+
{
101+
"name": "modelcard:another-custom-property",
102+
"value": "another-custom-value"
103+
}
104+
]
91105
}
92106
}
93107
]

0 commit comments

Comments
 (0)