feat: Add support for TLP marking in metadata - correct TLP description (fixes CycloneDX#595)

Signed-off-by: anthonyharrison <[email protected]>

Author: anthonyharrison

schema/bom-1.7.proto

@@ -514,7 +514,7 @@ message Metadata {
   repeated Lifecycles lifecycles = 9;
   // The organization that created the BOM. Manufacturer is common in BOMs created through automated processes. BOMs created through manual means may have '.authors' instead.
   optional OrganizationalEntity manufacturer = 10;
-  // The Traffic Light Protocol (TLP) classification that controls the sharing and distribution of the component that the BOM describes.
+  // The Traffic Light Protocol (TLP) classification that controls the sharing and distribution of the data that the BOM describes.
   optional Tlp distribution = 11;
 }
 
@@ -677,7 +677,7 @@ message Swid {
   optional string url = 7;
 }
 
-// The Traffic Light Protocol (TLP) classification for the component that the BOM describes. TLP is a classification system for identifying the potential risk associated with artefact, including whether it is subject to certain types of legal, financial, or technical threats. Refer to https://www.first.org/tlp/ for further information. The default classification is `TLP_CLEAR`
+// The Traffic Light Protocol (TLP) classification for the data that the BOM describes. TLP is a classification system for identifying the potential risk associated with artefact, including whether it is subject to certain types of legal, financial, or technical threats. Refer to https://www.first.org/tlp/ for further information. The default classification is `TLP_CLEAR`
 enum Tlp {
   // buf:lint:ignore ENUM_ZERO_VALUE_SUFFIX -- `TLP_CLEAR` is our fallback, the default.
   TLP_CLEAR = 0;

schema/bom-1.7.schema.json

@@ -715,7 +715,7 @@
         },
         "distribution": {
           "title": "Distribution",
-          "description": "The Traffic Light Protocol (TLP) classification that controls the sharing and distribution of the component that the BOM describes.",
+          "description": "The Traffic Light Protocol (TLP) classification that controls the sharing and distribution of the data that the BOM describes.",
           "$ref": "#/definitions/tlpClassification"
         }
       }
@@ -724,7 +724,7 @@
       "type" : "string",
       "default": "CLEAR",
       "title": "Traffic Light Protocol (TLP) Classification",
-      "description": "The Traffic Light Protocol (TLP) classification for the component that the BOM describes. TLP is a classification system for identifying the potential risk associated with artefact, including whether it is subject to certain types of legal, financial, or technical threats. Refer to [https://www.first.org/tlp/](https://www.first.org/tlp/) for further information. The default classification is CLEAR",
+      "description": "The Traffic Light Protocol (TLP) classification for the data that the BOM describes. TLP is a classification system for identifying the potential risk associated with artefact, including whether it is subject to certain types of legal, financial, or technical threats. Refer to [https://www.first.org/tlp/](https://www.first.org/tlp/) for further information. The default classification is CLEAR",
       "enum": [
         "AMBER",
         "AMBER_AND_STRICT",

schema/bom-1.7.xsd

@@ -259,7 +259,7 @@ limitations under the License.
             <xs:element name="distribution" type="bom:tlpType" minOccurs="0" maxOccurs="1">
                 <xs:annotation>
                     <xs:documentation>The Traffic Light Protocol (TLP) classification that controls the sharing and distribution
-                        of the component that the BOM describes.</xs:documentation>
+                        of the data that the BOM describes.</xs:documentation>
                 </xs:annotation>
             </xs:element>
             <xs:any namespace="##other" processContents="lax" minOccurs="0" maxOccurs="unbounded">
@@ -399,7 +399,7 @@ limitations under the License.
     <xs:simpleType name="tlpType" default="CLEAR">
         <xs:annotation>
             <xs:documentation xml:lang="en">
-                The Traffic Light Protocol (TLP) classification for the component that the BOM describes. TLP is a classification
+                The Traffic Light Protocol (TLP) classification for the data that the BOM describes. TLP is a classification
                 system for identifying the potential risk associated with artefact, including whether it is subject to certain
                 types of legal, financial, or technical threats. Refer to https://www.first.org/tlp/ for further information.
                 The default classification is CLEAR.