You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
xBOM specification is currently optimized for automation and integration purposes. Despite this goal, xBOM documents are often consumed in the following ad-hoc ways:
Consumption via GUI tools like Dependency-Track that can present the information as tables and charts.
Manual handling using XML and JSON viewer tools.
To improve digital accessibility & inclusion and ensure consistency among the ecosystem, the xBOM specification could be improved to refer to alternative content (in TEXT/HTML/YAML/JSON/bom-link formats) for various attributes. An externalReference of type accessible-description could be added to aid voiceover and screen reader tools to better present in the information belonging to a particular section of an xBOM.
For instance, consider the below metadata in an SBOM.
The accessible alternative content for this metadata section in text format could be:
This Software Bill-of-Materials (SBOM) document was generated at 24th October, 2024 using the tool cdxgen from OWASP Foundation. The document represents the lifecycles: build.
The document has 10 components and 20 services.
xBOM tools such as cdxgen could be improved to auto-generate the accessible description and automatically link the content to reduce the generation effort.
Tools such as Dependency-Track could be enhanced to present the information from this external reference using compatible ARIA tags.
When bom-link is used instead of file urls, the accessible content could be stored under the annotations attribute.
Alternatives
There are currently no alternatives to include ARIA tags in a JSON document.
Describe the feature
xBOM specification is currently optimized for automation and integration purposes. Despite this goal, xBOM documents are often consumed in the following ad-hoc ways:
To improve digital accessibility & inclusion and ensure consistency among the ecosystem, the xBOM specification could be improved to refer to alternative content (in TEXT/HTML/YAML/JSON/bom-link formats) for various attributes. An externalReference of type
accessible-descriptioncould be added to aid voiceover and screen reader tools to better present in the information belonging to a particular section of an xBOM.For instance, consider the below metadata in an SBOM.
{ "metadata": { "timestamp": "2024-10-24T09:21:23Z", "tools": { "components": [ { "group": "@cyclonedx", "name": "cdxgen", "version": "10.11.0", "purl": "pkg:npm/%40cyclonedx/[email protected]", "type": "application", "bom-ref": "pkg:npm/@cyclonedx/[email protected]", "publisher": "OWASP Foundation", "authors": [ { "name": "OWASP Foundation" } ] } ] }, "authors": [ { "name": "OWASP Foundation" } ], "lifecycles": [ { "phase": "build" } ], "externalReferences" : [ {"url": "url:cdx:fbef273d-0bce-4931-a748-0bf547cf7575/1/accessible-metadata.txt", "type": "accessible-description", "comment": ""} ] }The accessible alternative content for this metadata section in text format could be:
xBOM tools such as cdxgen could be improved to auto-generate the accessible description and automatically link the content to reduce the generation effort.
Tools such as Dependency-Track could be enhanced to present the information from this external reference using compatible ARIA tags.
When bom-link is used instead of file urls, the accessible content could be stored under the annotations attribute.
Alternatives
There are currently no alternatives to include ARIA tags in a JSON document.
Additional context
The text was updated successfully, but these errors were encountered: