Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

document and revisit taskType #245

Closed
jkowalleck opened this issue Jun 16, 2023 · 9 comments · Fixed by #377
Closed

document and revisit taskType #245

jkowalleck opened this issue Jun 16, 2023 · 9 comments · Fixed by #377
Assignees
Labels
CDX 1.5 related to release v1.5 documentation
Milestone

Comments

@jkowalleck
Copy link
Member

jkowalleck commented Jun 16, 2023

Originally posted by @jkowalleck in #222 (comment)

see also: #222 (comment)

@mrutkows reminded: should reflect CI/CD stages. There might be some standardization work done for the wordings.

this ticket is about adding documentation for TaskType and its Enum values.
see

@jkowalleck jkowalleck added this to the 1.6 milestone Jun 16, 2023
@jkowalleck jkowalleck changed the title document the taskType document and revisit taskType Jun 16, 2023
@stevespringett
Copy link
Member

Is work being done on this for v1.6?

@jkowalleck
Copy link
Member Author

jkowalleck commented Jan 16, 2024

@mrutkows could you provide the missing texts/docs for taskType?
IIRC: You said you would provide them after 1.5 release, because you missed to do so before and ran out of time back then.

FYI @stevespringett i created this ticket as a reminder for CWG, that the docs were missing in 1.5

@mrutkows
Copy link
Contributor

mrutkows commented Feb 7, 2024

@mrutkows
Copy link
Contributor

mrutkows commented Feb 7, 2024

See example:

"enum": [
  "design",
  "pre-build",
  "build",
  "post-build",
  "operations",
  "discovery",
  "decommission"
],
"meta:enum": {
  "design": "BOM produced early in the development lifecycle containing inventory of components and services that are proposed or planned to be used. The inventory may need to be procured, retrieved, or resourced prior to use.",
  "pre-build": "BOM consisting of information obtained prior to a build process and may contain source files and development artifacts and manifests. The inventory may need to be resolved and retrieved prior to use.",
  "build": "BOM consisting of information obtained during a build process where component inventory is available for use. The precise versions of resolved components are usually available at this time as well as the provenance of where the components were retrieved from.",
  "post-build": "BOM consisting of information obtained after a build process has completed and the resulting components(s) are available for further analysis. Built components may exist as the result of a CI/CD process, may have been installed or deployed to a system or device, and may need to be retrieved or extracted from the system or device.",
  "operations": "BOM produced that represents inventory that is running and operational. This may include staging or production environments and will generally encompass multiple SBOMs describing the applications and operating system, along with HBOMs describing the hardware that makes up the system. Operations Bill of Materials (OBOM) can provide full-stack inventory of runtime environments, configurations, and additional dependencies.",
  "discovery": "BOM consisting of information observed through network discovery providing point-in-time enumeration of embedded, on-premise, and cloud-native services such as server applications, connected devices, microservices, and serverless functions.",
  "decommission": "BOM containing inventory that will be, or has been retired from operations."
}

@jkowalleck
Copy link
Member Author

re #245 (comment)
@mrutkows could you fork this repo and do the changes in a feature branch from 1.6-dev, and open a pull request targeting that same branch.

@mrutkows
Copy link
Contributor

mrutkows commented Feb 8, 2024

@jkowalleck I deleted my stale fork and create a new one yesterday (which was the easiest path to pick up all the new branches) ;)
https://github.com/mrutkows/specification

@jkowalleck
Copy link
Member Author

jkowalleck commented Feb 8, 2024

re #245 (comment)
@mrutkows this might help in the future: https://docs.github.com/en/pull-requests/collaborating-with-pull-requests/working-with-forks/syncing-a-fork

@mrutkows
Copy link
Contributor

mrutkows commented Feb 8, 2024

re #245 (comment) @mrutkows this might help in the future: https://docs.github.com/en/pull-requests/collaborating-with-pull-requests/working-with-forks/syncing-a-fork

Unfortunately, the new GitHub GUI (the button in the article) will only sync existing branches in your current fork (as well as by default only syncing main/master branch for a new fork unless you uncheck a box)... and the command line would have me compose commands on a per-branch basis...

@jkowalleck jkowalleck linked a pull request Feb 9, 2024 that will close this issue
3 tasks
@jkowalleck jkowalleck added the CDX 1.5 related to release v1.5 label Feb 9, 2024
jkowalleck added a commit that referenced this issue Feb 10, 2024
@jkowalleck
Copy link
Member Author

closed via #377

@jkowalleck jkowalleck mentioned this issue Feb 10, 2024
stevespringett added a commit that referenced this issue Apr 9, 2024
## Added

* Core enhancement: Attestation
([#192](#192) via
[#348](#348))
* Core enhancement: Cryptography Bill of Materials — CBOM
([#171](#171),
[#291](#291) via
[#347](#347))
* Feature to express the URL to source distribution
([#98](#98) via
[#269](#269))
* Feature to express the URL to RFC 9116 compliant documents
([#380](#380) via
[#381](#381))
* Feature to express tags/keywords for services and components (via
[#383](#383))
* Feature to express details for component authors
([#335](#335) via
[#379](#379))
* Feature to express details for component and BOM manufacturer
([#346](#346) via
[#379](#379))
* Feature to express communicate concluded values from observed
evidences ([#411](#411)
via [#412](#412))
* Features to express license acknowledgement
([#407](#407) via
[#408](#408))
* Feature to express environmental consideration information for model
cards ([#396](#396) via
[#395](#395))
* Feature to express the address of organizational entities (via
[#395](#395))
* Feature to express additional component identifiers: Universal Bill Of
Receipts Identifier and Software Heritage persistent IDs
([#413](#413) via
[#414](#414))

## Fixed

* Allow multiple evidence identities by XML/JSON schema
([#272](#272) via
[#359](#359))
  This was already correct via ProtoBuff schema.
* Prevent empty `license` entities by XML schema
([#288](#288) via
[#292](#292))
  This was already correct in JSON/ProtoBuff schema.
* Prevent empty or malformed `property` entities by JSON schema
([#371](#371) via
[#375](#375))
  This was already correct in XML/ProtoBuff schema.
* Allow multiple `licenses` in `Metadata` by ProtoBuff schema
([#264](#264) via
[#401](#401))
  This was already correct in XML/JSON schema.

## Changed

* Allow arbitrary `$schema` values by JSON schema
([#402](#402) via
[#403](#403))
* Increased max length of `versionRange` (via
[`3e01ce6`](3e01ce6))
* Harmonized length of `version` (via
[#417](#417))

## Deprecated

* Data model "Component"'s field `author` was deprecated. (via
[#379](#379))
  Use field `authors` or field `manufacturer` instead.
* Data model "Metadata"'s field `manufacture` was deprecated.
([#346](#346) via
[#379](#379))
  Use "Metadata"'s field `component`'s field `manufacturer` instead. 
  - for XML: `/bom/metadata/component/manufacturer`
  - for JSON: `$.metadata.component.manufacturer`
  - for ProtoBuf: `Bom:metadata.component.manufacturer`

## Documentation

* Centralize version and version-range (via
[#322](#322))
* Streamlined SPDX expression related descriptions (via
[#327](#327))
* Enhanced descriptions of `bom-ref`/`refType`
([#336](#336) via
[#344](#344))
* Enhanced readability of enum documentation in JSON schema
([#361](#361) via
[#362](#362))
* Fixed typo "compliment" -> "complement" (via
[#369](#369))
* Added documentation for enum "ComponentScope"'s values in JSON schema
([#293](#293) via
[`d92e58e`](d92e58e))
  Texts were a taken from the existing ones in XML/ProtoBuff schema.
* Added documentation for enum "TaskType"'s values
([#245](#245) via
[#377](#377))
* Improve documentation for data model "Metadata"'s field `licenses`
([#273](#273) via
[#378](#378))
* Added documentation for enum "MachineLearningApproachType"'s values
([#351](#351) via
[#416](#416))
* Rephrased some texts here and there.

## Test data

* Added test data for newly added use cases
* Added quality assurance for our ProtoBuf schemas
([#384](#384) via
[#385](#385))
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
CDX 1.5 related to release v1.5 documentation
Projects
None yet
3 participants