-
Notifications
You must be signed in to change notification settings - Fork 1
/
SAGVendorSchema.xsd
225 lines (204 loc) · 7.82 KB
/
SAGVendorSchema.xsd
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
<?xml version="1.0" encoding="UTF-8"?>
<schema elementFormDefault="qualified"
targetNamespace="http://softwareassuranceguardian.com/"
version="1.2.2" xmlns="http://www.w3.org/2001/XMLSchema" xmlns:SAG="http://softwareassuranceguardian.com/">
<!--
Copyright and all other rights reserved by Reliable Energy Analytics, LLC (REA) 2018-2023.
Licensed under Creative Commons 4.0 https://creativecommons.org/licenses/by/4.0/
GIFTED to the Internet Engineering Task Force Supply Chain Integrity, Transparency and Trust (IETF SCITT) work group on July 17, 2023
A sample template for use by software producers to manage artifacts that may be required to satisfy CISA/OMB self attestation form processing
is also available online at https://github.com/rjb4standards/REA-Products/tree/master/CISA_VRFtemplate
DISCLAIMER OF WARRANTIES
TO THE EXTENT NOT PROHIBITED BY LAW, REA HEREBY DISCLAIMS ALL EXPRESS OR IMPLIED REPRESENTATIONS,
WARRANTIES, GUARANTEES, AND CONDITIONS OF ANY KIND, ARISING BY LAW OR OTHERWISE, WITH REGARD TO THIS ARTIFACT,
INCLUDING BUT NOT LIMITED TO REPRESENTATIONS, WARRANTIES, GUARANTEES, AND CONDITIONS OF MERCHANTABILITY,
FITNESS FOR A PARTICULAR PURPOSE, TITLE, NONINFRINGEMENT, AND QUALITY OF SERVICE.
REA MAKES NO REPRESENTATIONS OR WARRANTIES REGARDING THE CONTENT, EFFECTIVENESS, USEFULNESS, RELIABILITY,
AVAILABILITY, TIMELINESS, QUALITY, SUITABILITY, ACCURACY OR COMPLETENESS OF THIS ARTIFACT OR THE
RESULTS YOU MAY OBTAIN BY USING THE ARTIFACT OR THAT THE ARTIFACT WILL BE ERROR-FREE.
-->
<element name="VendorResponse" type="SAG:VendorResponsetype"></element>
<complexType name="VendorResponsetype">
<sequence>
<element name="VendorLegalName" type="string" maxOccurs="1"
minOccurs="1">
</element>
<element name="SupplierID" type="string" maxOccurs="1"
minOccurs="1">
</element>
<element name="StreetAddress" type="string" maxOccurs="1"
minOccurs="1">
</element>
<element name="City" type="string" maxOccurs="1"
minOccurs="1">
</element>
<element name="StateOrProvince" type="string" maxOccurs="1"
minOccurs="1">
</element>
<element name="ZipCode" type="string" maxOccurs="1"
minOccurs="1">
</element>
<element name="Country" type="string" maxOccurs="1"
minOccurs="1">
</element>
<element name="WebsiteURL" type="string" maxOccurs="1"
minOccurs="1">
</element>
<element name="ContactTelephone" type="string" maxOccurs="1"
minOccurs="1">
</element>
<element name="ContactEmail" type="string" maxOccurs="1"
minOccurs="1">
</element>
<element name="ContactPerson" type="string" maxOccurs="1"
minOccurs="1">
</element>
<element name="DUNSNumber" type="string" maxOccurs="1"
minOccurs="1">
</element>
<element name="NAESBEIRID" type="string" maxOccurs="1"
minOccurs="1">
</element>
<element name="CyberSecPolicyURL" type="string"
maxOccurs="1" minOccurs="1">
</element>
<element name="FinancialDataURL" type="string" maxOccurs="1"
minOccurs="1">
</element>
<element name="CompanyDataURL" type="string" maxOccurs="1"
minOccurs="1">
</element>
<element name="Products" type="SAG:Products" maxOccurs="1"
minOccurs="1">
</element>
</sequence>
</complexType>
<complexType name="ProductType">
<sequence>
<element name="LicensorName" type="string" maxOccurs="1"
minOccurs="1">
</element>
<element name="ProductName" type="string" maxOccurs="1"
minOccurs="1">
</element>
<element name="DescriptionURL" type="string" maxOccurs="1"
minOccurs="1">
</element>
<element name="Version" type="string" maxOccurs="1"
minOccurs="1">
</element>
<element name="SBOM" type="SAG:SBOMType" maxOccurs="1"
minOccurs="1">
</element>
<element name="SourceLocationURL" type="string"
maxOccurs="1" minOccurs="1">
</element>
<element name="DigitallySigned" maxOccurs="1"
minOccurs="1">
<simpleType>
<restriction base="string">
<enumeration value="Y"></enumeration>
<enumeration value="N"></enumeration>
</restriction>
</simpleType>
</element>
<element name="UnsolvedVulnerabilities" maxOccurs="1"
minOccurs="1">
<simpleType>
<restriction base="string">
<enumeration value="Y"></enumeration>
<enumeration value="N"></enumeration>
</restriction>
</simpleType>
</element>
<element name="KnownVulnInfoURL" type="SAG:KnownVulnType"
maxOccurs="1" minOccurs="1">
</element>
<element name="SDLCPolicyURL" type="string" maxOccurs="1"
minOccurs="1">
</element>
<element name="SDLCEvidenceDataURL" type="string"
maxOccurs="1" minOccurs="1">
</element>
<element name="CyberSecLabelURL" type="string" minOccurs="1" maxOccurs="1"></element>
<element name="CommercialStatus" maxOccurs="1"
minOccurs="1">
<simpleType>
<restriction base="string">
<enumeration value="Available"></enumeration>
<enumeration value="Retired"></enumeration>
<enumeration value="EOL"></enumeration>
<enumeration value="BetaTest"></enumeration>
<enumeration value="Pilot"></enumeration>
<enumeration value="Abandoned"></enumeration>
</restriction>
</simpleType>
</element>
<element name="SupportStatus" maxOccurs="1" minOccurs="1">
<simpleType>
<restriction base="string">
<enumeration value="Supported"></enumeration>
<enumeration value="Unsupported"></enumeration>
<enumeration value="Community"></enumeration>
</restriction>
</simpleType>
</element>
<element name="LastModifiedDateTimeUTC" type="dateTime"
maxOccurs="1" minOccurs="1">
</element>
</sequence>
</complexType>
<complexType name="Products">
<sequence>
<element name="Product" type="SAG:ProductType" maxOccurs="unbounded" minOccurs="1"></element>
</sequence>
</complexType>
<attributeGroup name="SBOMAttrGrp">
<attribute name="type">
<simpleType>
<restriction base="string">
<enumeration value="spdx"></enumeration>
<enumeration value="cycloneDX"></enumeration>
</restriction>
</simpleType>
</attribute>
<attribute name="version" type="string"></attribute>
<attribute name="format">
<simpleType>
<restriction base="string">
<enumeration value="JSON"></enumeration>
<enumeration value="XML"></enumeration>
<enumeration value="TV"></enumeration>
</restriction>
</simpleType>
</attribute>
<attribute name="DigitalSignatureURL" type="string"></attribute>
</attributeGroup>
<complexType name="SBOMType">
<simpleContent>
<extension base="string">
<attributeGroup ref="SAG:SBOMAttrGrp"></attributeGroup>
</extension>
</simpleContent>
</complexType>
<complexType name="KnownVulnType">
<simpleContent>
<extension base="string">
<attribute name="DocFormat">
<simpleType>
<restriction base="string">
<enumeration value="Word"></enumeration>
<enumeration value="PDF"></enumeration>
<enumeration value="XML"></enumeration>
<enumeration value="JSON"></enumeration>
<enumeration value="HTML"></enumeration>
<enumeration value="Text"></enumeration>
<enumeration value="CDXVEX"></enumeration>
</restriction>
</simpleType>
</attribute>
<attribute name="DigitalSignatureURL" type="string"></attribute>
</extension>
</simpleContent>
</complexType>
</schema>