feat: Add support for TLP marking in metadata - add default values and documentation (fixes CycloneDX#595)

anthonyharrison · anthonyharrison · commit d3d243f4e941 · 2025-02-23T17:59:32.000Z
Signed-off-by: anthonyharrison &lt;anthony.p.harrison@gmail.com&gt;
diff --git a/schema/bom-1.7.proto b/schema/bom-1.7.proto
@@ -677,9 +677,10 @@ message Swid {
   optional string url = 7;
 }
 
+// The Traffic Light Protocol (TLP) classification for the component that the BOM describes. TLP is a classification system for identifying the potential risk associated with artefact, including whether it is subject to certain types of legal, financial, or technical threats. Refer to https://www.first.org/tlp/ for further information. The default classification is `TLP_CLEAR`
 enum Tlp {
-  // Default
-  TLP_CLEAR = 0;
+  // buf:lint:ignore ENUM_ZERO_VALUE_SUFFIX -- `TLP_CLEAR` is our fallback, the default.
+  TLP_CLEAR_UNSPECIFIED = 0;
   // Limited distribution but can be shared within a community.
   TLP_GREEN = 1;
   // Limited distribution but can be shared within an organization and with clients
diff --git a/schema/bom-1.7.schema.json b/schema/bom-1.7.schema.json
@@ -722,6 +722,7 @@
     },
     "tlpClassification": {
       "type" : "string",
+      "default": "CLEAR",
       "title": "Traffic Light Protocol (TLP) Classification",
       "description": "The Traffic Light Protocol (TLP) classification for the component that the BOM describes. TLP is a classification system for identifying the potential risk associated with artefact, including whether it is subject to certain types of legal, financial, or technical threats. Refer to [https://www.first.org/tlp/](https://www.first.org/tlp/) for further information. The default classification is CLEAR",
       "enum": [
diff --git a/schema/bom-1.7.xsd b/schema/bom-1.7.xsd
@@ -396,7 +396,15 @@ limitations under the License.
         </xs:anyAttribute>
     </xs:complexType>
 
-    <xs:simpleType name="tlpType">
+    <xs:simpleType name="tlpType" default="CLEAR">
+        <xs:annotation>
+            <xs:documentation xml:lang="en">
+                The Traffic Light Protocol (TLP) classification for the component that the BOM describes. TLP is a classification
+                system for identifying the potential risk associated with artefact, including whether it is subject to certain
+                types of legal, financial, or technical threats. Refer to https://www.first.org/tlp/ for further information.
+                The default classification is CLEAR.
+            </xs:documentation>
+        </xs:annotation>
         <xs:restriction base="xs:string">
             <xs:enumeration value="CLEAR">
                 <xs:annotation>
