Skip to content

feat: licenses acknowledgement SHOULD be unique #626

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
wants to merge 4 commits into
base: master
Choose a base branch
from
Open

feat: licenses acknowledgement SHOULD be unique #626

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
bcb4ba1
feat: license acknowledge should beunique
jkowalleck Apr 14, 2025
cdb4f48
Merge branch '1.7-dev' into feat/licenses/acknowledgement-should-be-u…
jkowalleck Jun 6, 2025
a17b6e6
Merge remote-tracking branch 'origin/1.7-dev' into feat/licenses/ackn…
jkowalleck Aug 8, 2025
3abdbbd
update
jkowalleck Aug 8, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 4 additions & 0 deletions schema/bom-1.7.proto
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -124,6 +124,7 @@ message Component {
// The hashes of the component.
repeated Hash hashes = 12;
// A list of SPDX licenses and/or named licenses and/or SPDX License Expression.
// There should be no more than one per license acknowledgement.
repeated LicenseChoice licenses = 13;
// An optional copyright notice informing users of the underlying claims to copyright ownership in a published work.
optional string copyright = 14;
Expand Down Expand Up @@ -574,6 +575,7 @@ message Metadata {
optional OrganizationalEntity supplier = 6;
// The license information for the BOM document. This may be different from the license(s) of the component(s) that the BOM describes.
// A list of SPDX licenses and/or named licenses and/or SPDX License Expression.
// There should be no more than one per license acknowledgement.
repeated LicenseChoice licenses = 7;
// Specifies optional, custom, properties
repeated Property properties = 8;
Expand Down Expand Up @@ -711,6 +713,7 @@ message Service {
// Specifies information about the data including the directional flow of data and the data classification.
repeated DataFlow data = 10;
// A list of SPDX licenses and/or named licenses and/or SPDX License Expression.
// There should be no more than one per license acknowledgement.
repeated LicenseChoice licenses = 11;
// Provides the ability to document external references related to the service.
repeated ExternalReference external_references = 12;
Expand Down Expand Up @@ -833,6 +836,7 @@ message EvidenceCopyright {
// Provides the ability to document evidence collected through various forms of extraction or analysis.
message Evidence {
// A list of SPDX licenses and/or named licenses and/or SPDX License Expression.
// There should be no license acknowledgement assigned to any of these.
repeated LicenseChoice licenses = 1;
// Copyright evidence captures intellectual property assertions, providing evidence of possible ownership and legal protection.
repeated EvidenceCopyright copyright = 2;
Expand Down
11 changes: 7 additions & 4 deletions schema/bom-1.7.schema.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -714,7 +714,7 @@
},
"licenses": {
"title": "BOM License(s)",
"description": "The license information for the BOM document.\nThis may be different from the license(s) of the component(s) that the BOM describes.",
"description": "The license information for the BOM document. This may be different from the license(s) of the component(s) that the BOM describes.\nThere should be no more than one per license acknowledgement.",
"$ref": "#/definitions/licenseChoice"
},
"properties": {
Expand Down Expand Up @@ -1000,7 +1000,8 @@
},
"licenses": {
"$ref": "#/definitions/licenseChoice",
"title": "Component License(s)"
"title": "Component License(s)",
"description": "A list of SPDX licenses and/or named licenses and/or SPDX License Expression.\nThere should be no more than one per license acknowledgement."
},
"copyright": {
"type": "string",
Expand Down Expand Up @@ -2072,7 +2073,8 @@
},
"licenses": {
"$ref": "#/definitions/licenseChoice",
"title": "Service License(s)"
"title": "Service License(s)",
"description": "A list of SPDX licenses and/or named licenses and/or SPDX License Expression.\nThere should be no more than one per license acknowledgement."
},
"patentAssertions": {
"$ref": "#/definitions/patentAssertions",
Expand Down Expand Up @@ -2350,7 +2352,8 @@
},
"licenses": {
"$ref": "#/definitions/licenseChoice",
"title": "License Evidence"
"title": "License Evidence",
"description": "A list of SPDX licenses and/or named licenses and/or SPDX License Expression.\nThere should be no license acknowledgement assigned to any of these."
},
"copyright": {
"type": "array",
Expand Down
28 changes: 25 additions & 3 deletions schema/bom-1.7.xsd
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -243,6 +243,7 @@ limitations under the License.
<xs:documentation>
The license information for the BOM document.
This may be different from the license(s) of the component(s) that the BOM describes.
There should be no more than one per license acknowledgement.
</xs:documentation>
</xs:annotation>
</xs:element>
Expand Down Expand Up @@ -647,7 +648,14 @@ limitations under the License.
</xs:sequence>
</xs:complexType>
</xs:element>
<xs:element name="licenses" type="bom:licenseChoiceType" minOccurs="0" maxOccurs="1"/>
<xs:element name="licenses" type="bom:licenseChoiceType" minOccurs="0" maxOccurs="1">
<xs:annotation>
<xs:documentation>
A list of SPDX licenses and/or named licenses and/or SPDX License Expression.
There should be no more than one per license acknowledgement.
</xs:documentation>
</xs:annotation>
</xs:element>
<xs:element name="copyright" type="xs:normalizedString" minOccurs="0" maxOccurs="1">
<xs:annotation>
<xs:documentation>A copyright notice informing users of the underlying claims to copyright ownership in a published work.</xs:documentation>
Expand Down Expand Up @@ -2428,7 +2436,14 @@ limitations under the License.
</xs:choice>
</xs:complexType>
</xs:element>
<xs:element name="licenses" type="bom:licenseChoiceType" minOccurs="0" maxOccurs="1"/>
<xs:element name="licenses" type="bom:licenseChoiceType" minOccurs="0" maxOccurs="1">
<xs:annotation>
<xs:documentation>
A list of SPDX licenses and/or named licenses and/or SPDX License Expression.
There should be no more than one per license acknowledgement.
</xs:documentation>
</xs:annotation>
</xs:element>
<xs:element name="patentAssertions" minOccurs="0" maxOccurs="1">
<xs:annotation>
<xs:documentation>
Expand Down Expand Up @@ -2890,7 +2905,14 @@ limitations under the License.
</xs:sequence>
</xs:complexType>
</xs:element>
<xs:element name="licenses" type="bom:licenseChoiceType" minOccurs="0" maxOccurs="1"/>
<xs:element name="licenses" type="bom:licenseChoiceType" minOccurs="0" maxOccurs="1">
<xs:annotation>
<xs:documentation>
A list of SPDX licenses and/or named licenses and/or SPDX License Expression.
There should be no license acknowledgement assigned to any of these.
</xs:documentation>
</xs:annotation>
</xs:element>
<xs:element name="copyright" type="bom:copyrightsType" minOccurs="0" maxOccurs="1">
<xs:annotation>
<xs:documentation>
Expand Down