Skip to content

Commit 6b3d22f

Browse files
authored
Merge pull request #213 from taleodor/2026-02-add-cle
feat: CLE support
2 parents ca695e6 + d4bb1b2 commit 6b3d22f

2 files changed

Lines changed: 283 additions & 2 deletions

File tree

README.md

Lines changed: 9 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -84,7 +84,15 @@ Vulnerability Disclosure Reports (VDR) and Vulnerability Exploitability eXchange
8484

8585
### CLE
8686

87-
Product lifecycle events that are captured and communicated through the Common Lifecycle Enumeration will be supported. This includes product rebranding, repackaging, mergers and acquisitions, and product milestone events such as end-of-life and end-of-support.
87+
Product lifecycle events are communicated through the [ECMA-428 Common Lifecycle Enumeration standard](https://ecma-international.org/publications-and-standards/standards/ecma-428/). This includes product rebranding, repackaging, mergers and acquisitions, and product milestone events such as end-of-life and end-of-support.
88+
89+
Inclusion of CLE is optional and it may be introduced on the following levels:
90+
- TEA Product
91+
- TEA Component
92+
- TEA Product Release
93+
- TEA Component Release
94+
95+
If CLE is included, it is the responsibility of the TEA implementation to ensure consistency of CLE events across the TEA Product and its releases and similarly across the TEA Component and its releases.
8896

8997
## Insights
9098

spec/openapi.yaml

Lines changed: 274 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -87,6 +87,30 @@ paths:
8787
$ref: "#/components/responses/404-object-by-id-not-found"
8888
tags:
8989
- TEA Product Release
90+
/productRelease/{uuid}/cle:
91+
get:
92+
description: Get the CLE (Common Lifecycle Enumeration) data for a TEA Product Release
93+
operationId: getCleByProductReleaseId
94+
parameters:
95+
- name: uuid
96+
in: path
97+
required: true
98+
description: UUID of TEA Product Release in the TEA server
99+
schema:
100+
"$ref": "#/components/schemas/uuid"
101+
responses:
102+
'200':
103+
description: CLE data for the requested TEA Product Release found and returned
104+
content:
105+
application/json:
106+
schema:
107+
"$ref": "#/components/schemas/cle"
108+
'400':
109+
$ref: "#/components/responses/400-invalid-request"
110+
'404':
111+
$ref: "#/components/responses/404-object-by-id-not-found"
112+
tags:
113+
- CLE
90114
/productReleases:
91115
get:
92116
description: Returns a list of TEA product releases. Note that multiple product releases may match.
@@ -103,6 +127,30 @@ paths:
103127
$ref: "#/components/responses/400-invalid-request"
104128
tags:
105129
- TEA Product Release
130+
/product/{uuid}/cle:
131+
get:
132+
description: Get the CLE (Common Lifecycle Enumeration) data for a TEA Product
133+
operationId: getCleByProductId
134+
parameters:
135+
- name: uuid
136+
in: path
137+
required: true
138+
description: UUID of TEA Product in the TEA server
139+
schema:
140+
"$ref": "#/components/schemas/uuid"
141+
responses:
142+
'200':
143+
description: CLE data for the requested TEA Product found and returned
144+
content:
145+
application/json:
146+
schema:
147+
"$ref": "#/components/schemas/cle"
148+
'400':
149+
$ref: "#/components/responses/400-invalid-request"
150+
'404':
151+
$ref: "#/components/responses/404-object-by-id-not-found"
152+
tags:
153+
- CLE
106154
/products:
107155
get:
108156
description: Returns a list of TEA products. Note that multiple products may
@@ -170,6 +218,30 @@ paths:
170218
$ref: "#/components/responses/404-object-by-id-not-found"
171219
tags:
172220
- TEA Component
221+
/component/{uuid}/cle:
222+
get:
223+
description: Get the CLE (Common Lifecycle Enumeration) data for a TEA Component
224+
operationId: getCleByComponentId
225+
parameters:
226+
- name: uuid
227+
in: path
228+
required: true
229+
description: UUID of TEA Component in the TEA server
230+
schema:
231+
"$ref": "#/components/schemas/uuid"
232+
responses:
233+
'200':
234+
description: CLE data for the requested TEA Component found and returned
235+
content:
236+
application/json:
237+
schema:
238+
"$ref": "#/components/schemas/cle"
239+
'400':
240+
$ref: "#/components/responses/400-invalid-request"
241+
'404':
242+
$ref: "#/components/responses/404-object-by-id-not-found"
243+
tags:
244+
- CLE
173245
/componentRelease/{uuid}:
174246
get:
175247
description: Get the TEA Component Release with its latest collection
@@ -194,6 +266,30 @@ paths:
194266
$ref: "#/components/responses/404-object-by-id-not-found"
195267
tags:
196268
- TEA Component Release
269+
/componentRelease/{uuid}/cle:
270+
get:
271+
description: Get the CLE (Common Lifecycle Enumeration) data for a TEA Component Release
272+
operationId: getCleByComponentReleaseId
273+
parameters:
274+
- name: uuid
275+
in: path
276+
required: true
277+
description: UUID of TEA Component Release in the TEA server
278+
schema:
279+
"$ref": "#/components/schemas/uuid"
280+
responses:
281+
'200':
282+
description: CLE data for the requested TEA Component Release found and returned
283+
content:
284+
application/json:
285+
schema:
286+
"$ref": "#/components/schemas/cle"
287+
'400':
288+
$ref: "#/components/responses/400-invalid-request"
289+
'404':
290+
$ref: "#/components/responses/404-object-by-id-not-found"
291+
tags:
292+
- CLE
197293
/componentRelease/{uuid}/collection/latest:
198294
get:
199295
description: Get the latest TEA Collection belonging to the TEA Component Release
@@ -628,7 +724,6 @@ components:
628724
description: List of different formats of this component release
629725
items:
630726
"$ref": "#/components/schemas/release-distribution"
631-
# add lifecycle here
632727
required:
633728
- uuid
634729
- version
@@ -1061,6 +1156,183 @@ components:
10611156
- productReleaseUuid
10621157
- servers
10631158

1159+
#
1160+
# CLE (Common Lifecycle Enumeration) objects
1161+
# Based on ECMA-428 TC54 TG3 CLE Specification v1.0.0
1162+
#
1163+
cle-event-type:
1164+
type: string
1165+
description: The type of CLE lifecycle event
1166+
enum:
1167+
- released
1168+
- endOfDevelopment
1169+
- endOfSupport
1170+
- endOfLife
1171+
- endOfDistribution
1172+
- endOfMarketing
1173+
- supersededBy
1174+
- componentRenamed
1175+
- withdrawn
1176+
cle-version-specifier:
1177+
type: object
1178+
description: A version specifier that can be either a single version or a version range
1179+
properties:
1180+
version:
1181+
type: string
1182+
description: A specific version string
1183+
range:
1184+
type: string
1185+
description: A version range in vers format (e.g. "vers:npm/>=1.0.0|<2.0.0")
1186+
cle-event:
1187+
type: object
1188+
description: A discrete lifecycle event from the CLE specification
1189+
properties:
1190+
id:
1191+
type: integer
1192+
description: A unique, auto-incrementing integer identifier for the event
1193+
type:
1194+
description: The type of lifecycle event
1195+
$ref: "#/components/schemas/cle-event-type"
1196+
effective:
1197+
type: string
1198+
format: date-time
1199+
description: ISO 8601 timestamp (UTC) when the event takes effect
1200+
published:
1201+
type: string
1202+
format: date-time
1203+
description: ISO 8601 timestamp (UTC) when the event was first published
1204+
version:
1205+
type: string
1206+
description: Version string (used by released event type)
1207+
versions:
1208+
type: array
1209+
description: List of version specifiers affected by this event
1210+
items:
1211+
$ref: "#/components/schemas/cle-version-specifier"
1212+
supportId:
1213+
type: string
1214+
description: Reference to a support policy ID defined in the definitions section
1215+
license:
1216+
type: string
1217+
description: License identifier (used by released event type)
1218+
supersededByVersion:
1219+
type: string
1220+
description: Version string that supersedes the affected versions (used by supersededBy event type)
1221+
identifiers:
1222+
type: array
1223+
description: New identifiers for the component (used by componentRenamed event type)
1224+
items:
1225+
$ref: "#/components/schemas/identifier"
1226+
eventId:
1227+
type: integer
1228+
description: ID of the event being withdrawn (used by withdrawn event type)
1229+
reason:
1230+
type: string
1231+
description: Human-readable explanation (used by withdrawn event type)
1232+
description:
1233+
type: string
1234+
description: Human-readable description of the event
1235+
references:
1236+
type: array
1237+
description: List of URLs to supporting documentation
1238+
items:
1239+
type: string
1240+
format: uri
1241+
required:
1242+
- id
1243+
- type
1244+
- effective
1245+
- published
1246+
examples:
1247+
- id: 1
1248+
type: released
1249+
effective: "2024-01-01T00:00:00Z"
1250+
version: "1.0.0"
1251+
license: MIT
1252+
published: "2023-06-01T00:00:00Z"
1253+
- id: 3
1254+
type: endOfSupport
1255+
effective: "2024-01-01T00:00:00Z"
1256+
versions:
1257+
- version: "1.0.0"
1258+
supportId: standard
1259+
published: "2023-06-01T00:00:00Z"
1260+
cle-support-definition:
1261+
type: object
1262+
description: A support policy definition from CLE
1263+
properties:
1264+
id:
1265+
type: string
1266+
description: Unique identifier for the support policy
1267+
description:
1268+
type: string
1269+
description: Human-readable description of the policy
1270+
url:
1271+
type: string
1272+
format: uri
1273+
description: URL to detailed documentation about this support policy
1274+
required:
1275+
- id
1276+
- description
1277+
examples:
1278+
- id: standard
1279+
description: Standard product support policy
1280+
url: https://example.com/support/standard
1281+
cle-definitions:
1282+
type: object
1283+
description: Container for reusable CLE policy definitions
1284+
properties:
1285+
support:
1286+
type: array
1287+
description: List of support policies
1288+
items:
1289+
$ref: "#/components/schemas/cle-support-definition"
1290+
cle:
1291+
type: object
1292+
description: |
1293+
Common Lifecycle Enumeration (CLE) object based on ECMA-428 TC54 TG3 CLE Specification v1.0.0.
1294+
Contains lifecycle events and optional reusable definitions for a component or product.
1295+
properties:
1296+
events:
1297+
type: array
1298+
description: |
1299+
Ordered array of CLE Event objects representing lifecycle events.
1300+
MUST be ordered by ID in descending order (newest events with highest IDs first).
1301+
items:
1302+
$ref: "#/components/schemas/cle-event"
1303+
definitions:
1304+
description: Container for reusable policy definitions referenced by events
1305+
$ref: "#/components/schemas/cle-definitions"
1306+
required:
1307+
- events
1308+
examples:
1309+
- events:
1310+
- id: 3
1311+
type: endOfSupport
1312+
effective: "2025-06-01T00:00:00Z"
1313+
versions:
1314+
- range: "vers:npm/>=1.0.0|<2.0.0"
1315+
supportId: standard
1316+
published: "2025-01-01T00:00:00Z"
1317+
- id: 2
1318+
type: endOfDevelopment
1319+
effective: "2025-01-01T00:00:00Z"
1320+
versions:
1321+
- version: "1.0.0"
1322+
supportId: standard
1323+
published: "2024-06-01T00:00:00Z"
1324+
- id: 1
1325+
type: released
1326+
effective: "2024-01-01T00:00:00Z"
1327+
version: "1.0.0"
1328+
license: Apache-2.0
1329+
published: "2024-01-01T00:00:00Z"
1330+
definitions:
1331+
support:
1332+
- id: standard
1333+
description: Standard product support policy
1334+
url: https://example.com/support/standard
1335+
10641336
pagination-details:
10651337
type: object
10661338
properties:
@@ -1223,6 +1495,7 @@ tags:
12231495
- name: TEA Component Release
12241496
- name: TEA Artifact
12251497
- name: TEA Discovery
1498+
- name: CLE
12261499
externalDocs:
12271500
description: Transparency Exchange API specification
12281501
url: https://github.com/CycloneDX/transparency-exchange-api

0 commit comments

Comments
 (0)