Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[DOCS] Document your CycloneDX properties #3497

Open
jkowalleck opened this issue Dec 4, 2024 · 1 comment
Open

[DOCS] Document your CycloneDX properties #3497

jkowalleck opened this issue Dec 4, 2024 · 1 comment
Labels
enhancement New feature or request needs-discussion

Comments

@jkowalleck
Copy link

jkowalleck commented Dec 4, 2024

What would you like to be added:

I would love to see a documentation of the CycloneDX property taxonomy used by syft.
Maybe I just missed it? At least it was not linked in the official registry https://github.com/CycloneDX/cyclonedx-property-taxonomy/blob/3edec8ccbb8ca63dc9949a695d119cf9f3d51446/README.md?plain=1#L116

I guess, the documentation could be done in a regularly updated file in this repo, or even in this repo's wiki.

Why is this needed:

You have a CycloneDX property top-level namespace syft registered. I did not find any documentation for it.
You are using own CycloneDX properties - see

"properties": [
{
"name": "syft:package:foundBy",
"value": "go-module-file-cataloger"
},
{
"name": "syft:package:language",
"value": "go"
},
{
"name": "syft:package:metadataType",
"value": "GolangModMetadata"
},
{
"name": "syft:package:type",
"value": "go-module"
},
{
"name": "syft:cpe23",
"value": "cpe:2.3:a:wagoodman:go_partybus:v0.0.0-20230516145632-8ccac152c651:*:*:*:*:*:*:*"
},
{
"name": "syft:location:0:path",
"value": "/go.mod"
}

To me, it is unclear when these properties are used, what they mean, and which ones exist in the first place.
It would help if I had a documentation for the syft: CycloneDX property taxonomy.

Additional context:

CycloneDX property taxonomy registry: https://github.com/CycloneDX/cyclonedx-property-taxonomy/blob/main/README.md

@jkowalleck jkowalleck added the enhancement New feature or request label Dec 4, 2024
@jkowalleck jkowalleck changed the title [DOCS] Document your [DOCS] Document your CycloneDX properties Dec 4, 2024
@spiffcs
Copy link
Contributor

spiffcs commented Dec 4, 2024

Thanks for the issue @jkowalleck! I've added this to our needs-discussion label so that this Thursday we can pick this up on our live stream and talk as a team at how to improve our documentation surrounding the outputs that we generate with syft.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
enhancement New feature or request needs-discussion
Projects
Status: No status
Development

No branches or pull requests

2 participants