Code Improvements

src/main/java/org/cyclonedx/generators/json/BomJsonGenerator.java

@@ -45,6 +45,7 @@ public class BomJsonGenerator extends AbstractBomGenerator
   /**
    * Constructs a new BomGenerator object.
    * @param bom the BOM to generate
+   * @param version the version of the CycloneDX schema to use.
    */
   public BomJsonGenerator(Bom bom, final Version version) {
     super(version, bom, Format.JSON);

src/main/java/org/cyclonedx/generators/xml/BomXmlGenerator.java

@@ -48,6 +48,7 @@ public class BomXmlGenerator extends AbstractBomGenerator
     /**
      * Constructs a new BomXmlGenerator object.
      * @param bom the BOM to generate
+     * @param version the version of the CycloneDX schema to use.
      */
     public BomXmlGenerator(final Bom bom, final Version version) {
         super(version, bom, Format.XML);
@@ -121,6 +122,7 @@ String toXML(final Bom bom, final boolean prettyPrint) throws GeneratorException
      * Creates a CycloneDX BoM from a set of Components.
      * @return an XML Document representing a CycloneDX BoM
      * @since 1.1.0
+     * @throws ParserConfigurationException if an error occurs
      */
     public Document generate() throws ParserConfigurationException {
         return generateDocument(bom);

src/main/java/org/cyclonedx/model/Annotation.java

@@ -58,6 +58,8 @@ public class Annotation extends ExtensibleElement
 
     private String text;
 
+    @JsonOnly
+    @JsonProperty("signature")
     private Signature signature;
 
     public String getBomRef() {

src/main/java/org/cyclonedx/model/Evidence.java

@@ -78,8 +78,8 @@ public void setLicenses(LicenseChoice licenses) {
         this.licenses = licenses;
     }
 
-    @JacksonXmlElementWrapper(useWrapping = false)
-    @JacksonXmlProperty(localName = "copyright")
+    @JacksonXmlElementWrapper(localName = "copyright")
+    @JacksonXmlProperty(localName = "text")
     @JsonProperty("copyright")
     public List<Copyright> getCopyright() {
         return copyright;

src/main/java/org/cyclonedx/model/attestation/Attestation.java

@@ -8,6 +8,7 @@
 import com.fasterxml.jackson.annotation.JsonPropertyOrder;
 import com.fasterxml.jackson.dataformat.xml.annotation.JacksonXmlElementWrapper;
 import com.fasterxml.jackson.dataformat.xml.annotation.JacksonXmlProperty;
+import org.cyclonedx.model.JsonOnly;
 import org.cyclonedx.model.Signature;
 
 @JsonIgnoreProperties(ignoreUnknown = true)
@@ -26,6 +27,7 @@ public class Attestation
 
   private List<AttestationMap> map;
 
+  @JsonOnly
   private Signature signature;
 
   public String getSummary() {

src/main/java/org/cyclonedx/model/attestation/Claim.java

@@ -10,6 +10,7 @@
 import com.fasterxml.jackson.dataformat.xml.annotation.JacksonXmlElementWrapper;
 import com.fasterxml.jackson.dataformat.xml.annotation.JacksonXmlProperty;
 import org.cyclonedx.model.ExternalReference;
+import org.cyclonedx.model.JsonOnly;
 import org.cyclonedx.model.Signature;
 
 @JsonIgnoreProperties(ignoreUnknown = true)
@@ -44,6 +45,7 @@ public class Claim
 
   private List<ExternalReference> externalReferences;
 
+  @JsonOnly
   private Signature signature;
 
   public String getBomRef() {
@@ -111,7 +113,7 @@ public void setCounterEvidence(final List<String> counterEvidence) {
   }
 
   @JacksonXmlElementWrapper(localName = "externalReferences")
-  @JacksonXmlProperty(localName = "externalReference")
+  @JacksonXmlProperty(localName = "reference")
   public List<ExternalReference> getExternalReferences() {
     return externalReferences;
   }

src/main/java/org/cyclonedx/model/attestation/Declarations.java

@@ -8,6 +8,8 @@
 import com.fasterxml.jackson.annotation.JsonPropertyOrder;
 import com.fasterxml.jackson.dataformat.xml.annotation.JacksonXmlElementWrapper;
 import com.fasterxml.jackson.dataformat.xml.annotation.JacksonXmlProperty;
+import org.cyclonedx.model.ExtensibleElement;
+import org.cyclonedx.model.JsonOnly;
 import org.cyclonedx.model.Signature;
 import org.cyclonedx.model.attestation.affirmation.Affirmation;
 import org.cyclonedx.model.attestation.evidence.Evidence;
@@ -23,7 +25,7 @@
     "affirmation",
     "signature"
 })
-public class Declarations
+public class Declarations extends ExtensibleElement
 {
   private List<Assessor> assessors;
 
@@ -37,8 +39,11 @@ public class Declarations
 
   private Affirmation affirmation;
 
+  @JsonOnly
   private Signature signature;
 
+  @JacksonXmlElementWrapper(localName = "assessors")
+  @JacksonXmlProperty(localName = "assessor")
   public List<Assessor> getAssessors() {
     return assessors;
   }

src/main/java/org/cyclonedx/model/attestation/affirmation/Affirmation.java

@@ -8,6 +8,8 @@
 import com.fasterxml.jackson.annotation.JsonPropertyOrder;
 import com.fasterxml.jackson.dataformat.xml.annotation.JacksonXmlElementWrapper;
 import com.fasterxml.jackson.dataformat.xml.annotation.JacksonXmlProperty;
+import org.cyclonedx.model.ExtensibleElement;
+import org.cyclonedx.model.JsonOnly;
 import org.cyclonedx.model.Signature;
 
 @JsonIgnoreProperties(ignoreUnknown = true)
@@ -17,12 +19,13 @@
     "signatories",
     "signature"
 })
-public class Affirmation
+public class Affirmation extends ExtensibleElement
 {
   private String statement;
 
   private List<Signatory> signatories;
 
+  @JsonOnly
   private Signature signature;
 
   public String getStatement() {

src/main/java/org/cyclonedx/model/attestation/affirmation/Signatory.java

@@ -4,23 +4,27 @@
 
 import com.fasterxml.jackson.annotation.JsonIgnoreProperties;
 import com.fasterxml.jackson.annotation.JsonInclude;
+import com.fasterxml.jackson.annotation.JsonPropertyOrder;
 import com.fasterxml.jackson.annotation.JsonTypeName;
 import com.fasterxml.jackson.databind.annotation.JsonDeserialize;
+import org.cyclonedx.model.ExtensibleElement;
 import org.cyclonedx.model.ExternalReference;
+import org.cyclonedx.model.JsonOnly;
 import org.cyclonedx.model.OrganizationalEntity;
 import org.cyclonedx.model.Signature;
 import org.cyclonedx.util.deserializer.SignatoryDeserializer;
 
 @JsonIgnoreProperties(ignoreUnknown = true)
 @JsonInclude(JsonInclude.Include.NON_EMPTY)
-@JsonTypeName("signatory")
+@JsonPropertyOrder({"name", "role", "signature", "organization", "externalReference"})
 @JsonDeserialize(using = SignatoryDeserializer.class)
-public class Signatory
+public class Signatory extends ExtensibleElement
 {
   private String name;
 
   private String role;
 
+  @JsonOnly
   private Signature signature;
 
   private OrganizationalEntity organization;

src/main/java/org/cyclonedx/model/attestation/evidence/Evidence.java

@@ -11,6 +11,8 @@
 import com.fasterxml.jackson.databind.annotation.JsonSerialize;
 import com.fasterxml.jackson.dataformat.xml.annotation.JacksonXmlElementWrapper;
 import com.fasterxml.jackson.dataformat.xml.annotation.JacksonXmlProperty;
+import org.cyclonedx.model.ExtensibleElement;
+import org.cyclonedx.model.JsonOnly;
 import org.cyclonedx.model.OrganizationalContact;
 import org.cyclonedx.model.Signature;
 import org.cyclonedx.util.serializer.CustomDateSerializer;
@@ -27,7 +29,7 @@
     "reviewer",
     "signature"
 })
-public class Evidence
+public class Evidence extends ExtensibleElement
 {
   @JacksonXmlProperty(isAttribute = true, localName = "bom-ref")
   @JsonProperty("bom-ref")
@@ -49,6 +51,7 @@ public class Evidence
 
   private OrganizationalContact reviewer;
 
+  @JsonOnly
   private Signature signature;
 
   public String getBomRef() {

src/main/java/org/cyclonedx/model/component/crypto/AlgorithmProperties.java

@@ -26,7 +26,10 @@
     "curve",
     "executionEnvironment",
     "implementationPlatform",
-    "certificationLevel", "mode", "padding", "cryptoFunctions",
+    "certificationLevel",
+    "mode",
+    "padding",
+    "cryptoFunctions",
     "classicalSecurityLevel", "nistQuantumSecurityLevel"
 })
 public class AlgorithmProperties

src/main/java/org/cyclonedx/model/definition/Standard.java

@@ -10,6 +10,7 @@
 import com.fasterxml.jackson.dataformat.xml.annotation.JacksonXmlElementWrapper;
 import com.fasterxml.jackson.dataformat.xml.annotation.JacksonXmlProperty;
 import org.cyclonedx.model.ExternalReference;
+import org.cyclonedx.model.JsonOnly;
 import org.cyclonedx.model.Signature;
 
 @JsonIgnoreProperties(ignoreUnknown = true)
@@ -44,6 +45,7 @@ public class Standard
 
   private List<ExternalReference> externalReferences;
 
+  @JsonOnly
   private Signature signature;
 
   public String getBomRef() {

src/main/java/org/cyclonedx/model/vulnerability/ProofOfConcept.java

@@ -0,0 +1,74 @@
+package org.cyclonedx.model.vulnerability;
+
+import java.util.List;
+import java.util.Objects;
+
+import com.fasterxml.jackson.annotation.JsonIgnoreProperties;
+import com.fasterxml.jackson.annotation.JsonInclude;
+import com.fasterxml.jackson.annotation.JsonProperty;
+import com.fasterxml.jackson.annotation.JsonPropertyOrder;
+import com.fasterxml.jackson.dataformat.xml.annotation.JacksonXmlElementWrapper;
+import com.fasterxml.jackson.dataformat.xml.annotation.JacksonXmlProperty;
+import org.cyclonedx.model.AttachmentText;
+
+@JsonIgnoreProperties(ignoreUnknown = true)
+@JsonPropertyOrder({
+    "reproductionSteps",
+    "environment",
+    "supportingMaterial"
+})
+@JsonInclude(JsonInclude.Include.NON_EMPTY)
+public class ProofOfConcept
+{
+  private String reproductionSteps;
+
+  private String environment;
+
+  private List<AttachmentText> supportingMaterial;
+
+  public String getEnvironment() {
+    return environment;
+  }
+
+  public void setEnvironment(final String environment) {
+    this.environment = environment;
+  }
+
+  @JacksonXmlElementWrapper(localName = "supportingMaterial")
+  @JacksonXmlProperty(localName = "attachment")
+  @JsonProperty("supportingMaterial")
+  public List<AttachmentText> getSupportingMaterial() {
+    return supportingMaterial;
+  }
+
+  public void setSupportingMaterial(final List<AttachmentText> supportingMaterial) {
+    this.supportingMaterial = supportingMaterial;
+  }
+
+  public String getReproductionSteps() {
+    return reproductionSteps;
+  }
+
+  public void setReproductionSteps(final String reproductionSteps) {
+    this.reproductionSteps = reproductionSteps;
+  }
+
+  @Override
+  public boolean equals(final Object object) {
+    if (this == object) {
+      return true;
+    }
+    if (!(object instanceof ProofOfConcept)) {
+      return false;
+    }
+    ProofOfConcept that = (ProofOfConcept) object;
+    return Objects.equals(reproductionSteps, that.reproductionSteps) &&
+        Objects.equals(environment, that.environment) &&
+        Objects.equals(supportingMaterial, that.supportingMaterial);
+  }
+
+  @Override
+  public int hashCode() {
+    return Objects.hash(reproductionSteps, environment, supportingMaterial);
+  }
+}

src/main/java/org/cyclonedx/model/vulnerability/Vulnerability.java

@@ -47,6 +47,8 @@
     "description",
     "detail",
     "recommendation",
+    "workaround",
+    "proofOfConcept",
     "advisories",
     "created",
     "published",
@@ -74,6 +76,13 @@ public Vulnerability() {}
   private String description;
   private String detail;
   private String recommendation;
+
+  @VersionFilter(org.cyclonedx.Version.VERSION_15)
+  private String workaround;
+
+  @VersionFilter(org.cyclonedx.Version.VERSION_15)
+  private ProofOfConcept proofOfConcept;
+
   private List<Advisory> advisories;
   @JsonSerialize(using = CustomDateSerializer.class)
   @VersionFilter(org.cyclonedx.Version.VERSION_14)
@@ -273,6 +282,22 @@ public void setProperties(final List<Property> properties) {
     this.properties = properties;
   }
 
+  public String getWorkaround() {
+    return workaround;
+  }
+
+  public void setWorkaround(final String workaround) {
+    this.workaround = workaround;
+  }
+
+  public ProofOfConcept getProofOfConcept() {
+    return proofOfConcept;
+  }
+
+  public void setProofOfConcept(final ProofOfConcept proofOfConcept) {
+    this.proofOfConcept = proofOfConcept;
+  }
+
   @Override
   public boolean equals(Object o) {
     if (this == o) return true;
@@ -296,31 +321,35 @@ public boolean equals(Object o) {
             Objects.equals(tools, rhs.tools) &&
             Objects.equals(analysis, rhs.analysis) &&
             Objects.equals(affects, rhs.affects) &&
+            Objects.equals(workaround, rhs.workaround) &&
+            Objects.equals(proofOfConcept, rhs.proofOfConcept) &&
             Objects.equals(properties, rhs.properties);
   }
 
   @Override
   public int hashCode() {
     return Objects.hash(
-            bomRef,
-            id,
-            source,
-            references,
-            ratings,
-            cwes,
-            description,
-            detail,
-            recommendation,
-            advisories,
-            created,
-            published,
-            updated,
-            rejected,
-            credits,
-            tools,
-            analysis,
-            affects,
-            properties);
+        bomRef,
+        id,
+        source,
+        references,
+        ratings,
+        cwes,
+        description,
+        detail,
+        recommendation,
+        advisories,
+        created,
+        published,
+        updated,
+        rejected,
+        credits,
+        tools,
+        analysis,
+        affects,
+        workaround,
+        proofOfConcept,
+        properties);
   }
 
   @JsonInclude(JsonInclude.Include.NON_NULL)