Skip to content

feat(validation): add CycloneDX 1.6 schema validation#22

Open
arunsanna wants to merge 4 commits intoGenAI-Security-Project:mainfrom
arunsanna:feature/schema-validation-issue-17
Open

feat(validation): add CycloneDX 1.6 schema validation#22
arunsanna wants to merge 4 commits intoGenAI-Security-Project:mainfrom
arunsanna:feature/schema-validation-issue-17

Conversation

@arunsanna
Copy link

@arunsanna arunsanna commented Jan 15, 2026

Summary

Implements CycloneDX 1.6 JSON schema validation for generated AIBOMs to ensure compliance and interoperability.

Changes

  • New validation.py module with full schema validation capabilities:

    • validate_aibom(): Full schema validation against CycloneDX 1.6 JSON schema
    • validate_minimal_requirements(): Lightweight sanity check without full schema
    • get_validation_summary(): Get validation results for completeness reports
    • Schema caching (in-memory + file-based) for performance

  • Generator integration:

    • Validates AIBOM after creation, logs warnings if issues found
    • Includes validation results in enhancement report

  • Completeness scoring integration:

    • Adds schema validation summary to scoring results
    • Available via schema_validation key in results

  • Test suite: 11 comprehensive tests covering:

    • Minimal requirements validation
    • Validation summary generation
    • Full schema validation
    • Schema caching

New dependency

  • jsonschema>=4.17.0 added to requirements.txt

Test Plan

  • Run validation module tests (pytest tests/test_validation.py -v)
  • Verify schema downloads and caches correctly
  • Test with valid and invalid AIBOMs
  • Verify integration with generator

Test Results

tests/test_validation.py::TestMinimalRequirements::test_valid_minimal_aibom PASSED
tests/test_validation.py::TestMinimalRequirements::test_missing_bomformat PASSED
tests/test_validation.py::TestMinimalRequirements::test_invalid_bomformat PASSED
tests/test_validation.py::TestMinimalRequirements::test_unsupported_specversion PASSED
tests/test_validation.py::TestMinimalRequirements::test_invalid_serialnumber_format PASSED
tests/test_validation.py::TestMinimalRequirements::test_components_not_array PASSED
tests/test_validation.py::TestValidationSummary::test_valid_aibom_summary PASSED
tests/test_validation.py::TestValidationSummary::test_invalid_aibom_summary PASSED
tests/test_validation.py::TestSchemaValidation::test_valid_complete_aibom PASSED
tests/test_validation.py::TestSchemaValidation::test_schema_loading PASSED
tests/test_validation.py::TestSchemaCache::test_schema_caching PASSED

============================== 11 passed in 0.05s ==============================

Closes #17

@arunsanna
feat(validation): add CycloneDX 1.6 schema validation
1e74ff7 
- Add validation.py module with full CycloneDX 1.6 JSON schema validation
- Implement schema caching (in-memory + file-based) for performance
- Add validate_aibom() for full schema validation
- Add validate_minimal_requirements() for lightweight checks
- Add get_validation_summary() for completeness reports
- Integrate validation into generator with enhancement report
- Add schema validation to completeness scoring in utils.py
- Add comprehensive test suite with 11 tests

Closes GenAI-Security-Project#17
Copilot AI review requested due to automatic review settings January 15, 2026 04:43
Copilot AI reviewed Jan 15, 2026
View reviewed changes
Copy link

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This pull request adds CycloneDX 1.6 JSON schema validation capabilities to the AIBOM generator to ensure compliance and interoperability.

Changes:

  • Adds a new validation.py module with schema validation functions including full schema validation, minimal requirements checking, and validation summary generation
  • Integrates validation into the generator workflow with warnings for schema violations
  • Adds schema validation results to completeness scoring and enhancement reports

Reviewed changes

Copilot reviewed 5 out of 5 changed files in this pull request and generated 3 comments.

Show a summary per file
File Description
validation.py New module providing CycloneDX 1.6 schema validation with caching support
test_validation.py Comprehensive test suite with 11 tests covering validation functions
generator.py Integrates schema validation into AIBOM generation workflow
utils.py Adds schema validation summary to completeness scoring results
requirements.txt Adds jsonschema>=4.17.0 dependency
Comments suppressed due to low confidence (1)

HF_files/aibom-generator/src/aibom-generator/generator.py:1

  • Duplicate import of 'json' on lines 1 and 4. Remove one of the duplicate imports.
import json

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

@arunsanna
fix(generator): use SPDX-compliant license format
3518687 
- Import normalize_license_id from utils
- Normalize license IDs to proper SPDX format (e.g., Apache-2.0)
- Use 'name' field instead of 'id' for non-SPDX licenses
- Update _get_license_url to use SPDX-compliant keys
- Fix NOASSERTION to use name field (not a valid SPDX id)
@arunsanna
fix: address PR review comments for schema validation
0473b25 
- Remove unused os import from validation.py
- Improve serialNumber error message to show actual value
- Replace print() with logger.warning() in utils.py
- Move logger definition before schema validation import
@arunsanna
fix: remove duplicate json import in generator.py
c50b42b
@arunsanna
Copy link
Author

arunsanna commented Feb 2, 2026

✅ Testing Completed - VERIFIED

Test Space: https://megamind1-aibom-pr22-schema-validation.hf.space

Test Results

Test Result
App functionality ✅ Working
Schema validation integration ✅ Confirmed
AIBOM generation ✅ CycloneDX 1.6 compliant

Files Verified

  • src/aibom-generator/validation.py
  • src/aibom-generator/schemas/bom-1.6.schema.json
  • tests/test_validation.py

Ready for merge.

@arunsanna arunsanna mentioned this pull request Feb 3, 2026
Merged
3 tasks
@arunsanna
Copy link
Author

arunsanna commented Feb 3, 2026

Status Update: Superseded by v0.2

The CycloneDX 1.6 schema validation has been incorporated into the v0.2 branch architecture.

Evidence: src/utils/validation.py implements:

  • validate_aibom() - Full schema validation
  • load_schema() - Schema loading with caching
  • get_validation_summary() - Validation reporting

Schema files in src/schemas/:

  • bom-1.6.schema.json
  • spdx.schema.json

This PR can be closed as schema validation is already in v0.2.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Enhancement: Add CycloneDX 1.6 schema validation

1 participant

@arunsanna