streamline VulnerabilityReference

jkowalleck · jkowalleck · commit 5f8a94799fcf · 2023-06-20T10:39:23.000+02:00
see #154 (comment) fixes #154 Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com>
diff --git a/schema/bom-1.5.proto b/schema/bom-1.5.proto
@@ -818,9 +818,9 @@ message ProofOfConcept {
 
 message VulnerabilityReference {
   // An identifier that uniquely identifies the vulnerability.
-  optional string id = 1;
+  string id = 1;
   // The source that published the vulnerability.
-  optional Source source = 2;
+  Source source = 2;
 }
 
 message VulnerabilityRating {
diff --git a/schema/bom-1.5.xsd b/schema/bom-1.5.xsd
@@ -3345,13 +3345,13 @@ limitations under the License.
                             </xs:annotation>
                             <xs:complexType>
                                 <xs:sequence minOccurs="1" maxOccurs="1">
-                                    <xs:element name="id" type="xs:normalizedString" minOccurs="0" maxOccurs="1">
+                                    <xs:element name="id" type="xs:normalizedString" minOccurs="1" maxOccurs="1">
                                         <xs:annotation>
                                             <xs:documentation>The identifier that uniquely identifies the vulnerability. For example:
                                                 CVE-2021-39182, GHSA-35m5-8cvj-8783, and SNYK-PYTHON-ENROCRYPT-1912876.</xs:documentation>
                                         </xs:annotation>
                                     </xs:element>
-                                    <xs:element name="source" type="bom:vulnerabilitySourceType" minOccurs="0" maxOccurs="1">
+                                    <xs:element name="source" type="bom:vulnerabilitySourceType" minOccurs="1" maxOccurs="1">
                                         <xs:annotation>
                                             <xs:documentation>The source that published the vulnerability.</xs:documentation>
                                         </xs:annotation>
