Skip to content

feat(schema): add acknowledgement field to BOM operations #6

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
isasmendiagus wants to merge 2 commits into
base: main
Choose a base branch
from
Open

feat(schema): add acknowledgement field to BOM operations #6

Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
7b87382
feat(schema): add `acknowledgement` field to BOM operations
isasmendiagus Mar 19, 2026
2349f6f
feat(schema): add `organization` and `timestamp` fields to BOM schema
isasmendiagus Mar 24, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
47 changes: 44 additions & 3 deletions scanoss-settings-schema.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -18,6 +18,11 @@
"description": {
"type": "string",
"description": "Description of the project"
},
"organization": {
"type": "string",
"description": "Name of the organization responsible for this project and its BOM decisions",
"examples": ["SCANOSS"]
}
}
},
Expand Down Expand Up @@ -288,6 +293,16 @@
"comment": {
"type": "string",
"description": "Additional notes or comments"
},
"acknowledgement": {
"type": "string",
"description": "Formal acknowledgement of this BOM decision, propagated to SBOM output"
},
"timestamp": {
"type": "string",
"format": "date-time",
"description": "ISO 8601 UTC timestamp recording when this BOM decision was made",
"examples": ["2026-03-15T10:30:00Z"]
}
},
"uniqueItems": true,
Expand All @@ -298,7 +313,9 @@
{
"path": "src/lib/component.js",
"purl": "pkg:npm/lodash@4.17.21",
"comment": "Full match: path + purl"
"comment": "Full match: path + purl",
"acknowledgement": "Confirmed: lodash 4.17.21 vendored under src/lib",
"timestamp": "2026-03-15T10:30:00Z"
},
{
"purl": "pkg:npm/vue@2.6.12",
Expand Down Expand Up @@ -329,6 +346,16 @@
"comment": {
"type": "string",
"description": "Additional notes or comments"
},
"acknowledgement": {
"type": "string",
"description": "Formal acknowledgement of this BOM decision, propagated to SBOM output"
},
"timestamp": {
"type": "string",
"format": "date-time",
"description": "ISO 8601 UTC timestamp recording when this BOM decision was made",
"examples": ["2026-03-15T10:30:00Z"]
}
},
"anyOf": [
Expand All @@ -342,7 +369,9 @@
{
"path": "src/main.c",
"purl": "pkg:npm/vue@2.6.12",
"comment": "Full match: removes only this purl at this path"
"comment": "Full match: removes only this purl at this path",
"acknowledgement": "Reviewed and confirmed as original code, not third-party",
"timestamp": "2026-03-15T10:30:00Z"
},
{
"purl": "pkg:npm/deprecated-pkg@1.0.0",
Expand Down Expand Up @@ -378,6 +407,16 @@
"type": "string",
"description": "Additional notes or comments"
},
"acknowledgement": {
"type": "string",
"description": "Formal acknowledgement of this BOM decision, propagated to SBOM output"
},
"timestamp": {
"type": "string",
"format": "date-time",
"description": "ISO 8601 UTC timestamp recording when this BOM decision was made",
"examples": ["2026-03-15T10:30:00Z"]
},
"license": {
"type": "string",
"description": "License of the replacement component. Should be a valid SPDX license expression (e.g. `MIT`, `Apache-2.0`, `GPL-3.0-only`).",
Expand All @@ -402,7 +441,9 @@
"purl": "pkg:npm/old-lib@1.0.0",
"replace_with": "pkg:npm/new-lib@2.0.0",
"license": "MIT",
"comment": "Upgrade to newer version"
"comment": "Upgrade to newer version",
"acknowledgement": "Verified upstream project is the correct attribution",
"timestamp": "2026-03-15T10:30:00Z"
}
]
]
Expand Down