As of v1.5, the description of metadata.supplier states:
|
"supplier": { |
|
"title": "Supplier", |
|
"description": " The organization that supplied the component that the BOM describes. The supplier may often be the manufacturer, but may also be a distributor or repackager.", |
|
"$ref": "#/definitions/organizationalEntity" |
This is in addition to metadata.component.supplier, which states:
|
"supplier": { |
|
"title": "Component Supplier", |
|
"description": " The organization that supplied the component. The supplier may often be the manufacturer, but may also be a distributor or repackager.", |
|
"$ref": "#/definitions/organizationalEntity" |
|
}, |
Based on those descriptions, it is unclear what the subject of metadata.supplier is. metadata.component is the component that the BOM describes, meaning metadata.component.supplier would be the same as metadata.supplier.
As discussed in this Slack thread, it seems that metadata.supplier describes the supplier of the BOM itself. If that is the case, the schema documentation should be updated to include this fact.
As of v1.5, the description of
metadata.supplierstates:specification/schema/bom-1.5.schema.json
Lines 268 to 271 in 299209a
This is in addition to
metadata.component.supplier, which states:specification/schema/bom-1.5.schema.json
Lines 430 to 434 in 299209a
Based on those descriptions, it is unclear what the subject of
metadata.supplieris.metadata.componentis the component that the BOM describes, meaningmetadata.component.supplierwould be the same asmetadata.supplier.As discussed in this Slack thread, it seems that
metadata.supplierdescribes the supplier of the BOM itself. If that is the case, the schema documentation should be updated to include this fact.