Skip to content

Should cryptoProperties only be specified for components of type cryptographic-asset? #522

New issue
New issue
Open
Enhancement
Open
Should cryptoProperties only be specified for components of type cryptographic-asset?#522
Enhancement
Labels
proposed core enhancement
Milestone
 
1.7
@stevespringett

Description

@stevespringett
stevespringett
opened on Sep 11, 2024

Discussed in #520

Originally posted by andreas-hilti September 11, 2024
ModelCard
https://cyclonedx.org/docs/1.6/json/#components_items_modelCard
has the following restriction:

This object SHOULD be specified for any component of type machine-learning-model and MUST NOT be specified for other component types.

Similarly, data
https://cyclonedx.org/docs/1.6/json/#components_items_data
has the restriction:

This object SHOULD be specified for any component of type data and MUST NOT be specified for other component types.

This makes me wonder whether the CryptoProperties:
https://cyclonedx.org/docs/1.6/json/#components_items_cryptoProperties
should have a similar restriction? Should they be specified only for components of type cryptographic-asset? The description kind of implies it, however, it is not explicitly specified.

Metadata

Metadata

Assignees

No one assigned

    Labels

    proposed core enhancement

    Type

    Projects

    No projects

    Milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions