CycloneDX 2.0 - Auto-Generate .proto Schema from JSON Schema in 2.0

[stevespringett]

Problem

In CycloneDX 1.x, the .proto schema for Protocol Buffers is manually maintained. This has led to:

• Inconsistencies between the .proto definitions and the canonical JSON Schema
• Increased maintenance overhead

As the JSON Schema is the authoritative source of truth, maintaining .proto files separately introduces unnecessary risk and manual effort.

---

Goal for 2.0

Automate the generation of the CycloneDX .proto schema directly from the JSON Schema.

This will ensure:

• The .proto schema is always in sync with the JSON Schema
• Manual maintenance is eliminated
• Future changes to the data model propagate consistently across formats

---

Proposal

• Build or adopt a tooling pipeline that transforms the JSON Schema into .proto
• Apply CycloneDX-specific naming conventions (e.g. AGGREGATE_COMPLETE, NOT_SPECIFIED)
• Generate comments and field metadata from the JSON Schema description and meta:enum entries
• Validate output to ensure it meets current Protobuf compatibility and API expectations
• Ensure enum ordering remains consistent from release-to-release

---

🔧 Benefits

• Accuracy: Guaranteed alignment between .proto and JSON Schema
• Efficiency: No manual work to maintain parallel definitions
• Maintainability: Lower barrier to support future schema changes and extensions
• Tooling Harmony: Protobuf-based consumers stay aligned with core model evolution

---

🧠 Related Topics

• [#1662] Automate GraphQL schema generation
• [#1489] Consolidate schema format pipelines
• [#1724] Use JSON Schema as single source of truth for all serializations