Skip to content

Refactors role-specific properties into entities #776

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Draft
stevespringett wants to merge 1 commit into
base: 2.0-dev
Choose a base branch
from
Draft

Refactors role-specific properties into entities #776

stevespringett wants to merge 1 commit into from
+158 −0

Conversation

@stevespringett
Copy link
Member

@stevespringett stevespringett commented Jan 15, 2026

Implements and closes #718

@stevespringett
Initial commit of entities
affbb5d 
Signed-off-by: Steve Springett <[email protected]>
@stevespringett stevespringett added this to the 2.0 milestone Jan 15, 2026
@stevespringett stevespringett self-assigned this Jan 15, 2026
@stevespringett stevespringett added breaking-changes CDX 2.0 related to release v2.0 labels Jan 15, 2026
@stevespringett stevespringett mentioned this pull request Jan 15, 2026
Open
@stevespringett stevespringett linked an issue Jan 15, 2026 that may be closed by this pull request
[REFACTOR]: Role-based organizationalEntities (manufacturers, suppliers, etc) into extensible objects #718
Open
@stevespringett stevespringett added request for comment RFC notice sent A public RFC notice was distributed to the CycloneDX mailing list for consideration labels Jan 15, 2026
@jkowalleck jkowalleck requested a review from Copilot January 16, 2026 09:33
Copilot AI reviewed Jan 16, 2026
View reviewed changes
Copy link
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This pull request introduces a new entity schema to CycloneDX 2.0 that refactors role-specific properties into a unified entity structure. The change implements issue #718 by adding new entity types (entity, entityChoice, and entities) along with a comprehensive role taxonomy to the common schema model.

Changes:

  • Adds entity object definition with person/organization roles and priority handling
  • Introduces predefined and custom role taxonomies covering 27 predefined roles
  • Creates entityChoice and entities collection types for flexible entity referencing

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

jkowalleck
jkowalleck requested changes Jan 17, 2026
View reviewed changes
schema/2.0/model/cyclonedx-common-2.0.schema.json
},
"entity": {
"type": "object",
"title": "Entity",
Copy link
Member

@jkowalleck jkowalleck Jan 17, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

"entity" for id, and "Entity" for title - a much too broad term.
please use a more narrow term.

background: every item of a collection is an entity. every banana is an entity of fruit. ...

schema/2.0/model/cyclonedx-common-2.0.schema.json
}
]
},
"role": {
Copy link
Member

@jkowalleck jkowalleck Jan 17, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

"role" for id, and "Role" for title - a much too broad term.
please use a more narrow term.

i mean, if we ever have roles for services or something, you would call them "ServiceRoles", right?
Better not use these broad and general terms for things that are pretty narrow in their scope, this prevents extensions in the future and might lead to confusion.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@jkowalleck jkowalleck jkowalleck requested changes

Assignees

@stevespringett stevespringett

Labels

breaking-changes CDX 2.0 related to release v2.0 request for comment RFC notice sent A public RFC notice was distributed to the CycloneDX mailing list for consideration

Projects

None yet

Milestone

2.0

Development

Successfully merging this pull request may close these issues.

[REFACTOR]: Role-based organizationalEntities (manufacturers, suppliers, etc) into extensible objects

3 participants

@stevespringett @jkowalleck