Enhancement: Add CycloneDX 1.6 schema validation

[arunsanna]

Description

The generator produces CycloneDX 1.6 JSON output but does not validate the output against the official CycloneDX schema. This can result in invalid AIBOMs being generated without any warning.

Current Issues Found

1. Minimal AIBOM structure may be invalid

# generator.py lines 211-252
def _create_minimal_aibom():
    # tools.components structure may not match CycloneDX spec
    "tools": {
        "components": [...]  # Should be "tools" containing components array
    }

2. No validation before returning

# generator.py lines 206-209
# Silent fallback to minimal AIBOM on ANY exception
# No validation that output conforms to schema

Proposed Solution

1. Add schema validation utility

# validation.py
from jsonschema import validate, ValidationError
import requests

CYCLONEDX_1_6_SCHEMA_URL = "https://cyclonedx.org/schema/bom-1.6.schema.json"

def validate_aibom(aibom: dict) -> tuple[bool, list[str]]:
    """Validate AIBOM against CycloneDX 1.6 schema."""
    schema = load_schema()  # Cache locally
    try:
        validate(instance=aibom, schema=schema)
        return True, []
    except ValidationError as e:
        return False, [str(e)]

2. Validate before returning

# generator.py
def generate_aibom(self, model_id):
    aibom = self._create_aibom_structure(...)
    
    is_valid, errors = validate_aibom(aibom)
    if not is_valid:
        logger.warning("Generated AIBOM has schema issues: %s", errors)
        # Could add to completeness report
    
    return aibom

3. Include validation in completeness scoring

# Add to score report
{
    "schema_validation": {
        "valid": true,
        "errors": [],
        "schema_version": "1.6"
    }
}

Benefits

• Ensure generated AIBOMs are valid CycloneDX documents
• Catch structural issues during development
• Improve tool interoperability
• Listed in CycloneDX Tool Center implies conformance

Dependencies

jsonschema>=4.17.0

References

• CycloneDX 1.6 JSON Schema
• CycloneDX Tool Center