Skip to content

feat: Add support for TLP marking in metadata #604

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 11 commits into from
Jun 5, 2025
Merged

feat: Add support for TLP marking in metadata #604

merged 11 commits into from
Jun 5, 2025

Conversation

anthonyharrison
Copy link

@anthonyharrison anthonyharrison commented Feb 22, 2025
edited by jkowalleck
Loading

As discussed in ticket #595, this PR adds TLP marking in the BOM metadata.

This PR superseeds #603

fixes #595

@anthonyharrison anthonyharrison requested a review from a team as a code owner February 22, 2025 20:50
@jkowalleck jkowalleck linked an issue Feb 22, 2025 that may be closed by this pull request
[FEATURE]: Include TLP marking in metadata #595
Closed
@jkowalleck jkowalleck added this to the 1.7 milestone Feb 22, 2025
jkowalleck
jkowalleck requested changes Feb 23, 2025
View reviewed changes
Copy link
Member

@jkowalleck jkowalleck left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

could you add some documentation here and there, and properly set the default values?

@jkowalleck
Copy link
Member

jkowalleck commented Feb 23, 2025
edited
Loading

for backwards compatibility reasons, i would not set "CLEAR" as the default value.
I'd prefer a unset as default.

clean means a decision actively was made, right?

in JSON, this would mean no default is defined, and the property is optional.
in XML, this would mean no default is defined, and the element is optional.
in protobuf, this would mean adding a case TLP_UNSPECIFIED = 0;, and the field is optional.

@anthonyharrison
Copy link
Author

for backwards compatibility reasons, i would not set "CLEAR" as the default value. I'd prefer a unset as default.

clean means a decision actively was made, right?

in JSON, this would mean no default is defined, and the property is optional. in XML, this would mean no default is defined, and the element is optional. in protobuf, this would mean adding a case TLP_UNSPECIFIED = 0;, and the field is optional.

I see CLEAR as the default when the user makes no choice as the user is more likely to explicitly state one of the other values (which indicates that he has thought about the constraints as regards sharing the BOM). Personally, I would prefer to see all BOMs to have the TLP value explicitly stated but that is possibly too much to expect at this stage.

jkowalleck
jkowalleck reviewed Feb 24, 2025
View reviewed changes
@jkowalleck jkowalleck requested review from jkowalleck and a team February 24, 2025 15:29
jkowalleck
jkowalleck requested changes Mar 6, 2025
View reviewed changes
@jkowalleck
Copy link
Member

I'll try to fix the open issues ASAP

@jkowalleck
fixed schema and docs
98d888d 
Signed-off-by: Jan Kowalleck <[email protected]>
@jkowalleck
tests: fix examples
dbd3c43 
Signed-off-by: Jan Kowalleck <[email protected]>
jkowalleck
jkowalleck requested changes Mar 6, 2025
View reviewed changes
@jkowalleck
style fixes
636eb43 
Signed-off-by: Jan Kowalleck <[email protected]>
@jkowalleck jkowalleck requested a review from a team March 6, 2025 10:35
@jkowalleck jkowalleck self-requested a review March 13, 2025 10:29
@jkowalleck
Copy link
Member

@anthonyharrison, the current state looks promising.

According to the CycloneDX working model, the next step would be to move from "prototype" to "draft", meaning the community review phase (RFC) would start.
Do you want to change anything, or should we move to RFC?

@anthonyharrison
Copy link
Author

@jkowalleck Let's go to the next stage and see what the community thinks. I have no outstanding changes.

@jkowalleck jkowalleck added draft RFC notice sent A public RFC notice was distributed to the CycloneDX mailing list for consideration request for comment ready for review and removed prototype labels Mar 16, 2025
@jkowalleck
Copy link
Member

RFC notice sent.

Public RFC period ends April 13, 2025

@jkowalleck jkowalleck changed the title feat: Add support for TLP marking in metadata (fixes #595) feat: Add support for TLP marking in metadata Apr 14, 2025
@jkowalleck jkowalleck requested a review from a team April 14, 2025 06:56
@jkowalleck jkowalleck added promote to tc54 Promote to Ecma Technical Committee 54 RFC vote accepted labels Apr 14, 2025
prabhu
prabhu reviewed Apr 28, 2025
View reviewed changes
prabhu
prabhu reviewed Apr 28, 2025
View reviewed changes
@jkowalleck
Copy link
Member

All current discussuons are basically too late. Public RFC ended on 13. of April.

This feature is promoted to become standardized under Ecma. Vote will be on 1. May.

Please do not alter the current state last minute.
FYI : If you want to alter things, we will restart the month long RFC phase and then wait another month or so for Ecma.

@jkowalleck jkowalleck added the tc54 accepted Ecma TC54 has accepted the feature candidate label Jun 5, 2025
@jkowalleck
Copy link
Member

This feature was just appoved by Ecma TC54 👍

@jkowalleck jkowalleck merged commit a9122e8 into CycloneDX:1.7-dev Jun 5, 2025
9 checks passed
@jkowalleck jkowalleck mentioned this pull request Jun 5, 2025
Draft
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@prabhu prabhu prabhu left review comments

@jkowalleck jkowalleck jkowalleck approved these changes

Assignees
No one assigned
Labels
draft promote to tc54 Promote to Ecma Technical Committee 54 proposed core enhancement ready for review request for comment RFC notice sent A public RFC notice was distributed to the CycloneDX mailing list for consideration RFC vote accepted tc54 accepted Ecma TC54 has accepted the feature candidate
Projects
None yet
Milestone
1.7
Development

Successfully merging this pull request may close these issues.

[FEATURE]: Include TLP marking in metadata
3 participants
@anthonyharrison @jkowalleck @prabhu