From 96117b4507bf4cc7f5f48254784d3bdd77748258 Mon Sep 17 00:00:00 2001 From: Basil Hess Date: Thu, 8 Jan 2026 18:21:03 +0100 Subject: [PATCH 1/3] Extend cryptography-related behaviors Signed-off-by: Basil Hess --- .../model/cyclonedx-behavior-2.0.schema.json | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) diff --git a/schema/2.0/model/cyclonedx-behavior-2.0.schema.json b/schema/2.0/model/cyclonedx-behavior-2.0.schema.json index 58f0914e..8fc95e2e 100644 --- a/schema/2.0/model/cyclonedx-behavior-2.0.schema.json +++ b/schema/2.0/model/cyclonedx-behavior-2.0.schema.json @@ -819,6 +819,24 @@ "security:cryptography:validatesCertificate", "security:cryptography:verifiesHash", "security:cryptography:verifiesSignature", + "security:cryptography:authenticates", + "security:cryptography:ensuresConfidentiality", + "security:cryptography:ensuresIntegrity", + "security:cryptography:ensuresNonRepudiation", + "security:cryptography:ensuresAccountability", + "security:cryptography:preservesPrivacy", + "security:cryptography:identifies", + "security:cryptography:usesIdentity", + "security:cryptography:validatesToken", + "security:cryptography:signsDocument", + "security:cryptography:encryptsDataAtRest", + "security:cryptography:encryptsDataInTransit", + "security:cryptography:decryptsDataAtRest", + "security:cryptography:decryptsDataInTransit", + "security:cryptography:encryptsDisk", + "security:cryptography:decryptsDisk", + "security:cryptography:encryptsSecret", + "security:cryptography:decryptsSecret", "security:errorHandling", "security:errorHandling:catchesException", "security:errorHandling:disclosesErrorDetails", From 70de9459d7ed738a590895f527d166cb99dbedee Mon Sep 17 00:00:00 2001 From: Basil Hess Date: Wed, 14 Jan 2026 17:29:33 +0100 Subject: [PATCH 2/3] A few extensions to the crypto behaviors Signed-off-by: Basil Hess --- schema/2.0/model/cyclonedx-behavior-2.0.schema.json | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/schema/2.0/model/cyclonedx-behavior-2.0.schema.json b/schema/2.0/model/cyclonedx-behavior-2.0.schema.json index 8fc95e2e..02d4df79 100644 --- a/schema/2.0/model/cyclonedx-behavior-2.0.schema.json +++ b/schema/2.0/model/cyclonedx-behavior-2.0.schema.json @@ -808,13 +808,21 @@ "security:cryptography:encryptsData", "security:cryptography:exchangesKey", "security:cryptography:generatesKey", + "security:cryptography:wrapsKey", "security:cryptography:generatesRandomValue", "security:cryptography:hashesData", "security:cryptography:issuesCertificate", + "security:cryptography:presentsServerCertificate", + "security:cryptography:presentsClientCertificate", "security:cryptography:retrievesKey", "security:cryptography:revokesCertificate", "security:cryptography:rotatesKey", "security:cryptography:signsData", + "security:cryptography:verifiesDataSignature", + "security:cryptography:signsCode", + "security:cryptography:verifiesCodeSignature", + "security:cryptography:signsDocument", + "security:cryptography:verifiesDocumentSignature", "security:cryptography:storesKey", "security:cryptography:validatesCertificate", "security:cryptography:verifiesHash", @@ -828,7 +836,6 @@ "security:cryptography:identifies", "security:cryptography:usesIdentity", "security:cryptography:validatesToken", - "security:cryptography:signsDocument", "security:cryptography:encryptsDataAtRest", "security:cryptography:encryptsDataInTransit", "security:cryptography:decryptsDataAtRest", From bb7e30e578fd3164dcf046602e96524e42733663 Mon Sep 17 00:00:00 2001 From: Basil Hess Date: Thu, 22 Jan 2026 13:30:29 +0100 Subject: [PATCH 3/3] Makes sure meta:enum descrptions are available for the new behaviors. Orders new entries alphabetically in the enum Signed-off-by: Basil Hess --- .../model/cyclonedx-behavior-2.0.schema.json | 73 +++++++++++++------ 1 file changed, 50 insertions(+), 23 deletions(-) diff --git a/schema/2.0/model/cyclonedx-behavior-2.0.schema.json b/schema/2.0/model/cyclonedx-behavior-2.0.schema.json index 02d4df79..25814a61 100644 --- a/schema/2.0/model/cyclonedx-behavior-2.0.schema.json +++ b/schema/2.0/model/cyclonedx-behavior-2.0.schema.json @@ -802,48 +802,49 @@ "security:authorization:revokesAccess", "security:authorization:revokesImpersonation", "security:cryptography", + "security:cryptography:authenticates", "security:cryptography:checksRevocation", "security:cryptography:decryptsData", + "security:cryptography:decryptsDataAtRest", + "security:cryptography:decryptsDataInTransit", + "security:cryptography:decryptsDisk", + "security:cryptography:decryptsSecret", "security:cryptography:destroysKey", "security:cryptography:encryptsData", + "security:cryptography:encryptsDataAtRest", + "security:cryptography:encryptsDataInTransit", + "security:cryptography:encryptsDisk", + "security:cryptography:encryptsSecret", + "security:cryptography:ensuresAccountability", + "security:cryptography:ensuresConfidentiality", + "security:cryptography:ensuresIntegrity", + "security:cryptography:ensuresNonRepudiation", "security:cryptography:exchangesKey", "security:cryptography:generatesKey", - "security:cryptography:wrapsKey", "security:cryptography:generatesRandomValue", "security:cryptography:hashesData", + "security:cryptography:hashesPassword", + "security:cryptography:identifies", "security:cryptography:issuesCertificate", - "security:cryptography:presentsServerCertificate", + "security:cryptography:preservesPrivacy", "security:cryptography:presentsClientCertificate", + "security:cryptography:presentsServerCertificate", "security:cryptography:retrievesKey", "security:cryptography:revokesCertificate", "security:cryptography:rotatesKey", - "security:cryptography:signsData", - "security:cryptography:verifiesDataSignature", "security:cryptography:signsCode", - "security:cryptography:verifiesCodeSignature", + "security:cryptography:signsData", "security:cryptography:signsDocument", - "security:cryptography:verifiesDocumentSignature", "security:cryptography:storesKey", + "security:cryptography:usesIdentity", "security:cryptography:validatesCertificate", + "security:cryptography:validatesToken", + "security:cryptography:verifiesCodeSignature", + "security:cryptography:verifiesDataSignature", + "security:cryptography:verifiesDocumentSignature", "security:cryptography:verifiesHash", "security:cryptography:verifiesSignature", - "security:cryptography:authenticates", - "security:cryptography:ensuresConfidentiality", - "security:cryptography:ensuresIntegrity", - "security:cryptography:ensuresNonRepudiation", - "security:cryptography:ensuresAccountability", - "security:cryptography:preservesPrivacy", - "security:cryptography:identifies", - "security:cryptography:usesIdentity", - "security:cryptography:validatesToken", - "security:cryptography:encryptsDataAtRest", - "security:cryptography:encryptsDataInTransit", - "security:cryptography:decryptsDataAtRest", - "security:cryptography:decryptsDataInTransit", - "security:cryptography:encryptsDisk", - "security:cryptography:decryptsDisk", - "security:cryptography:encryptsSecret", - "security:cryptography:decryptsSecret", + "security:cryptography:wrapsKey", "security:errorHandling", "security:errorHandling:catchesException", "security:errorHandling:disclosesErrorDetails", @@ -1543,23 +1544,49 @@ "security:authorization:revokesAccess": "The entity withdraws previously granted permissions.", "security:authorization:revokesImpersonation": "The entity terminates another's permission to act on its behalf.", "security:cryptography": "Behaviours that employ cryptographic operations to protect data confidentiality and integrity.", + "security:cryptography:authenticates": "The entity verifies the identity of a user, process, or device.", "security:cryptography:checksRevocation": "The entity queries certificate revocation status.", "security:cryptography:decryptsData": "The entity restores encrypted data to readable form.", + "security:cryptography:decryptsDataAtRest": "The entity restores stored encrypted data to readable form.", + "security:cryptography:decryptsDataInTransit": "The entity restores data received over a network to readable form.", + "security:cryptography:decryptsDisk": "The entity unlocks and decrypts contents of an encrypted disk.", + "security:cryptography:decryptsSecret": "The entity retrieves and decrypts a secured credential or metadata.", "security:cryptography:destroysKey": "The entity securely erases a key.", "security:cryptography:encryptsData": "The entity transforms data to prevent unauthorised reading.", + "security:cryptography:encryptsDataAtRest": "The entity protects stored data by converting it to unreadable form.", + "security:cryptography:encryptsDataInTransit": "The entity protects data moving across a network.", + "security:cryptography:encryptsDisk": "The entity applies full-disk encryption to protect all data on a drive.", + "security:cryptography:encryptsSecret": "The entity secures sensitive credentials or metadata.", + "security:cryptography:ensuresAccountability": "The entity ensures actions can be traced to a specific individual or process.", + "security:cryptography:ensuresConfidentiality": "The entity protects sensitive information from unauthorised access.", + "security:cryptography:ensuresIntegrity": "The entity guarantees that data has not been altered or tampered with.", + "security:cryptography:ensuresNonRepudiation": "The entity provides proof of origin and integrity to prevent denial.", "security:cryptography:exchangesKey": "The entity shares a key with another party.", "security:cryptography:generatesKey": "The entity creates a cryptographic key.", "security:cryptography:generatesRandomValue": "The entity produces a cryptographically secure random value.", "security:cryptography:hashesData": "The entity generates a cryptographic hash.", + "security:cryptography:hashesPassword": "The entity applies a cryptographic hash function to a password.", + "security:cryptography:identifies": "The entity establishes a unique identity for an actor within the system.", "security:cryptography:issuesCertificate": "The entity creates and signs a digital certificate.", + "security:cryptography:preservesPrivacy": "The entity protects personally identifiable information and user data.", + "security:cryptography:presentsClientCertificate": "The entity provides a client certificate for authentication.", + "security:cryptography:presentsServerCertificate": "The entity provides a server certificate for authentication.", "security:cryptography:retrievesKey": "The entity obtains a stored key.", "security:cryptography:revokesCertificate": "The entity invalidates a certificate.", "security:cryptography:rotatesKey": "The entity replaces a key with a new one.", + "security:cryptography:signsCode": "The entity applies a digital signature to executable code.", "security:cryptography:signsData": "The entity creates a digital signature.", + "security:cryptography:signsDocument": "The entity applies a digital signature to a document.", "security:cryptography:storesKey": "The entity saves a key securely.", + "security:cryptography:usesIdentity": "The entity utilises established identity credentials for operations.", "security:cryptography:validatesCertificate": "The entity verifies certificate authenticity.", + "security:cryptography:validatesToken": "The entity verifies the authenticity and expiration of a security token.", + "security:cryptography:verifiesCodeSignature": "The entity validates a digital signature on executable code.", + "security:cryptography:verifiesDataSignature": "The entity validates a digital signature on data.", + "security:cryptography:verifiesDocumentSignature": "The entity validates a digital signature on a document.", "security:cryptography:verifiesHash": "The entity validates data against a hash.", "security:cryptography:verifiesSignature": "The entity validates a digital signature.", + "security:cryptography:wrapsKey": "The entity encrypts a key for secure storage or transport.", "security:errorHandling": "Behaviours that manage error conditions to prevent information disclosure.", "security:errorHandling:catchesException": "The entity intercepts an error condition.", "security:errorHandling:disclosesErrorDetails": "The entity reveals internal information in error messages.",