feat: Add support for TLP marking in metadata (fixes CycloneDX#595)

anthonyharrison · anthonyharrison · commit 925f5f90e272 · 2025-02-23T15:13:45.000Z
Signed-off-by: anthonyharrison &lt;anthony.p.harrison@gmail.com&gt;
diff --git a/schema/bom-1.7.proto b/schema/bom-1.7.proto
@@ -685,7 +685,7 @@ enum Tlp {
   // Limited distribution but can be shared within an organization and with clients
   AMBER = 2;
   // Limited distribution but can be shared within an organization.
-  AMBER+STRICT = 3;
+  AMBER_AND_STRICT = 3;
   // Restricted distribution to individual recipients and must not be shared.
   RED = 4;
 }
diff --git a/schema/bom-1.7.schema.json b/schema/bom-1.7.schema.json
@@ -726,14 +726,14 @@
       "description": "The Traffic Light Protocol (TLP) classification for the component that the BOM describes. TLP is a classification system for identifying the potential risk associated with artefact, including whether it is subject to certain types of legal, financial, or technical threats. Refer to [https://www.first.org/tlp/](https://www.first.org/tlp/) for further information. The default classification is CLEAR",
       "enum": [
         "AMBER",
-        "AMBER+STRICT",
+        "AMBER_AND_STRICT",
         "GREEN",
         "RED",
         "CLEAR"
       ],
       "meta:enum": {
         "AMBER": "The BOM is subject to limited disclosure, and recipients can only share the BOM on a need-to-know basis within their organization and with clients.",
-        "AMBER+STRICT": "The BOM is subject to limited disclosure, and recipients can only share the BOM on a need-to-know basis within their organization.",
+        "AMBER_AND_STRICT": "The BOM is subject to limited disclosure, and recipients can only share the BOM on a need-to-know basis within their organization.",
         "GREEN": "The BOM is subject to limited disclosure, and recipients can share the BOM within their community but not via publicly accessible channels.",
         "RED": "The BOM is subject to restricted distribution to individual recipients only and must not be shared.",
         "CLEAR": "The BOM is not subject to any restrictions as regards the sharing of the information within the BOM."
diff --git a/schema/bom-1.7.xsd b/schema/bom-1.7.xsd
@@ -421,7 +421,7 @@ limitations under the License.
                     </xs:documentation>
                 </xs:annotation>
             </xs:enumeration>
-            <xs:enumeration value="AMBER+STRICT">
+            <xs:enumeration value="AMBER_AND_STRICT">
                 <xs:annotation>
                     <xs:documentation>
                         The BOM is subject to limited disclosure, and recipients can only share the BOM on a need-to-know

Original file line number	Diff line number	Diff line change
`@@ -685,7 +685,7 @@ enum Tlp {`
`685`	`685`	`// Limited distribution but can be shared within an organization and with clients`
`686`	`686`	`AMBER = 2;`
`687`	`687`	`// Limited distribution but can be shared within an organization.`
`688`		`- AMBER+STRICT = 3;`
	`688`	`+ AMBER_AND_STRICT = 3;`
`689`	`689`	`// Restricted distribution to individual recipients and must not be shared.`
`690`	`690`	`RED = 4;`
`691`	`691`	`}`