Update site for 1.6

Signed-off-by: Steve Springett <steve@springett.us>

_data/articles.yml

@@ -30,6 +30,12 @@ external:
     image: /theme/assets/images/news/confluent.png
     url: https://www.confluent.io/blog/software-bill-of-materials/
 internal:
+  - title: CycloneDX v1.6 Introduces Support for Attestations of Compliance with Any Standard
+    subtitle: CycloneDX Attestations dramatically increases organizations’ ability to automate compliance via "compliance as code".
+    organization: OWASP Foundation
+    date: 2023-12-06
+    type: Blog
+    externalLink: https://owasp.org/blog/2023/12/06/CycloneDX-attestations.html
   - title: OWASP CycloneDX - The Missing Standard For Describing Cryptography in Software
     subtitle: OWASP is advancing the CycloneDX standard to support cryptographic assets such as algorithms, certificates, and keys in support of OMB M-23-02 and NSM-10. This work aligns to efforts from NIST and NSA in promoting cryptographic transparency in the lifecycle of components that use or implement cryptography.
     organization: OWASP Foundation

_data/guides.yml

@@ -4,10 +4,23 @@
   link_text: View document
   link_url: ./CycloneDX%20One%20Pager.pdf
 - title: Authoritative Guide to SBOM
+  edition: Second Edition
   author: OWASP Foundation
   text: A guide to adopting CycloneDX Software Bill of Materials (SBOM) in an existing or new project.
   link_text: View Guide
   link_url: sbom
+- title: Authoritative Guide to CBOM
+  edition: First Edition
+  author: OWASP Foundation
+  text: The definitive reference for using Cryptographic Bill of Materials (CBOM) for Post-Quantum Cryptography (PQC) readiness.
+  link_text: View Guide
+  link_url: cbom
+- title: Authoritative Guide to Attestations
+  edition: First Edition
+  author: OWASP Foundation
+  text: A guide providing a path for organizations to digitally transform audit and attestation workflows utilizing any standard or requirement.
+  link_text: View Guide
+  link_url: attestations
 - title: CycloneDX YouTube Channel
   author: OWASP Foundation
   text: Video tutorials explaining SBOM and its many use cases.

_redirects

@@ -24,18 +24,20 @@
 /docs/1.5/ /docs/1.5/json/ 302
 /docs/1.6/ /docs/1.6/json/ 302
 
-/docs/latest /docs/1.5/json/ 302
-/docs/latest/ /docs/1.5/json/ 302
-/docs/latest/json /docs/1.5/json/ 302
-/docs/latest/json/ /docs/1.5/json/ 302
-/docs/latest/xml /docs/1.5/xml/ 302
-/docs/latest/xml/ /docs/1.5/xml/ 302
+/docs/latest /docs/1.6/json/ 302
+/docs/latest/ /docs/1.6/json/ 302
+/docs/latest/json /docs/1.6/json/ 302
+/docs/latest/json/ /docs/1.6/json/ 302
+/docs/latest/xml /docs/1.6/xml/ 302
+/docs/latest/xml/ /docs/1.6/xml/ 302
 
 /schema/bom-1.2a.schema.json /schema/bom-1.2-strict.schema.json 302
 /schema/bom-1.2b.schema.json /schema/bom-1.2-strict.schema.json 302
 /schema/bom-1.3a.schema.json /schema/bom-1.3-strict.schema.json 302
 
 /guides/sbom/* /guides/OWASP_CycloneDX-Authoritative-Guide-to-SBOM-en.pdf 302
+/guides/cbom/* /guides/OWASP_CycloneDX-Authoritative-Guide-to-CBOM-en.pdf 302
+/guides/attestations/* /guides/OWASP_CycloneDX-Authoritative-Guide-to-Attestations-en.pdf 302
 
 /shortcut/example/key https://github.com/CycloneDX/bom-examples/tree/master/CBOM/Key 302
 /shortcut/example/protocol https://github.com/CycloneDX/bom-examples/tree/master/CBOM/Protocol 302

about/history/index.md

@@ -38,6 +38,7 @@ and consuming CycloneDX SBOMs.
 
 | Version           | Release Date    |
 |-------------------|-----------------|
+| CycloneDX 1.6     | 09 April 2024   |
 | CycloneDX 1.5     | 26 June 2023    |
 | CycloneDX 1.4     | 12 January 2022 |
 | CycloneDX 1.3     | 04 May 2021     |

capabilities/attestations/index.md

@@ -0,0 +1,63 @@
+---
+# Page settings
+layout: document
+keywords: application security, software security, software bill of material, SBOM, BOM, open source, supply chain, specification, spdx, license, package url, purl, cpe
+comments: false
+banner: false
+
+# Hero section
+title: Attestations (CDXA)
+window_title: CycloneDX - Attestations (CDXA)
+description: Attestations (CDXA)
+
+# Micro navigation
+micro_nav: false
+
+# Breadcrumbs
+breadcrumbs:
+  - title: CYCLONEDX
+  - title: GETTING STARTED
+  - title: CAPABILITIES
+
+# Page navigation
+
+---
+
+# CycloneDX Attestations (CDXA)
+
+&nbsp;<!-- without this hack, the dropdown menu has issues due to h1 and h2 happening right after each other -->
+
+<div id="capabilities-section">
+<p class="large-quote">Machine-readable statements of claims, evidence, and testimony in compliance with standards</p>
+{% include capabilities-stack.html %}
+</div>
+
+CycloneDX is a full-stack bill of materials standard supporting entire runtime environments consisting of hardware,
+firmware, containers, operating systems, applications and their libraries. Coupled with the ability to specify configuration
+makes CycloneDX ideal for Operational Bill of Materials. OBOM is a security behavior defined in [BSIMM](https://www.bsimm.com/)
+and similar maturity models.
+
+CycloneDX properties provide a mechanism to store configuration on a per-component and per-service basis inside a BOM.
+The specification also provides a mechanism to store URLs to documentation, including configuration management systems.
+
+## Independent OBOM and SBOM
+Inventory described in a SBOM will typically remain static until such time the inventory changes.
+However, operational information may be dynamic and subject to change. Therefore, it is recommended to decouple
+the OBOM from the SBOM. This allows OBOM information to be updated without having to create and track additional SBOMs.
+
+![Independent SBOM and OBOM Document](../../theme/assets/images/obom-sbom.svg){: width="500" }
+
+## High-Level Object Model
+![CycloneDX Object Model Swimlane](../../theme/assets/images/CycloneDX-Object-Model-Swimlane.svg){: width="900"}
+
+## References
+
+* [BSIMM SE3.6 - Enhance application inventory with operations bill of materials](https://www.bsimm.com/framework/deployment/software-environment.html)
+
+## Examples
+
+BOMs demonstrating OBOM capabilities can be found at
+[https://github.com/CycloneDX/bom-examples](https://github.com/CycloneDX/bom-examples)
+
+## Additional Capabilities
+{% include capabilities-selection.html %}

capabilities/cbom/index.md

@@ -0,0 +1,63 @@
+---
+# Page settings
+layout: document
+keywords: application security, software security, software bill of material, SBOM, BOM, open source, supply chain, specification, spdx, license, package url, purl, cpe
+comments: false
+banner: false
+
+# Hero section
+title: Cryptography Bill of Materials (CBOM)
+window_title: CycloneDX - Cryptography Bill of Materials (CBOM)
+description: Cryptography Bill of Materials (CBOM)
+
+# Micro navigation
+micro_nav: false
+
+breadcrumbs:
+  - title: CYCLONEDX
+  - title: GETTING STARTED
+  - title: CAPABILITIES
+  - title: CBOM
+
+# Page navigation
+
+---
+
+# Cryptography Bill of Materials (CBOM)
+
+&nbsp;<!-- without this hack, the dropdown menu has issues due to h1 and h2 happening right after each other -->
+
+<div id="capabilities-section">
+<p class="large-quote">Discover, manage and report on cryptography in preparation for quantum safe systems and applications</p>
+{% include capabilities-stack.html %}
+</div>
+
+A Cryptography Bill of Materials (CBOM) describes cryptographic assets and their dependencies. Discovering, managing,
+and reporting on cryptographic assets is necessary as the first step on the migration journey to quantum-safe systems
+and applications. Cryptography is typically buried deep within components used to compose and build systems and
+applications. As part of an agile cryptographic approach, organizations should seek to understand what cryptographic
+assets they are using and facilitate the assessment of the risk posture to provide a starting point for mitigation.
+
+## BOM With Embedded Cryptographic Assets
+CycloneDX supports embedding cryptographic assets into existing SBOM or HBOMs. Leveraging this approach has the benefit
+in that the dependency graph can include all software and hardware components, their dependencies, and which
+components provide various cryptographic capabilities.
+
+![BOM With Embedded CBOM](../../theme/assets/images/embedded-cbom.svg){: width="205" }
+
+## Independent SBOM and CBOM
+To facilitate cryptographic agility, independent SBOM/HBOM and CBOM may be leveraged and optionally specify the 
+configuration made to enable or disable cryptographic features and functions. 
+
+![Independent SBOM and CBOM Document](../../theme/assets/images/cbom-sbom.svg){: width="500" }
+
+## High-Level Object Model
+![CycloneDX Object Model Swimlane](../../theme/assets/images/CycloneDX-Object-Model-Swimlane.svg){: width="900"}
+
+## Examples
+
+BOMs demonstrating CBOM capabilities can be found at
+[https://github.com/CycloneDX/bom-examples](https://github.com/CycloneDX/bom-examples)
+
+## Additional Capabilities
+{% include capabilities-selection.html %}

docs/1.0/xml/index.html

@@ -199,13 +199,15 @@
          <div class="container">
             <div class="navbar-header"><a href="https://cyclonedx.org" class="navbar-brand site-header__logo"><img src="https://cyclonedx.org/theme/assets/images/layout/logo-white.svg" width="150"></img></a><ul class="nav navbar-nav navbar-right">
                   <li class="dropdown"><a href="#" class="dropdown-toggle version-selector" data-toggle="dropdown" role="button" aria-haspopup="true" aria-expanded="false">v1.0 (XML)<span class="caret"></span></a><ul class="dropdown-menu">
+                        <li><a class="dropdown-item" href="https://cyclonedx.org/docs/1.6/json/">v1.6 (JSON)</a></li>
                         <li><a class="dropdown-item" href="https://cyclonedx.org/docs/1.5/json/">v1.5 (JSON)</a></li>
                         <li><a class="dropdown-item" href="https://cyclonedx.org/docs/1.4/json/">v1.4 (JSON)</a></li>
                         <li><a class="dropdown-item" href="https://cyclonedx.org/docs/1.3/json/">v1.3 (JSON)</a></li>
                         <li><a class="dropdown-item" href="https://cyclonedx.org/docs/1.2/json/">v1.2 (JSON)</a></li>
                         <li style="padding:0">
                            <hr class="dropdown-divider"></hr>
                         </li>
+                        <li><a class="dropdown-item" href="https://cyclonedx.org/docs/1.6/xml/">v1.6 (XML)</a></li>
                         <li><a class="dropdown-item" href="https://cyclonedx.org/docs/1.5/xml/">v1.5 (XML)</a></li>
                         <li><a class="dropdown-item" href="https://cyclonedx.org/docs/1.4/xml/">v1.4 (XML)</a></li>
                         <li><a class="dropdown-item" href="https://cyclonedx.org/docs/1.3/xml/">v1.3 (XML)</a></li>
@@ -1494,7 +1496,7 @@ <h2><a id="Glossary">Glossary</a></h2>
                </div>
             </div>
          </div>
-      </div><script src="https://cdnjs.cloudflare.com/ajax/libs/jquery/3.6.3/jquery.min.js" type="text/javascript" charset="UTF-8"></script><script src="https://cdnjs.cloudflare.com/ajax/libs/twitter-bootstrap/3.4.1/js/bootstrap.min.js" type="text/javascript" charset="UTF-8"></script><script>
+      </div><script src="https://cdnjs.cloudflare.com/ajax/libs/jquery/3.7.1/jquery.min.js" type="text/javascript" charset="UTF-8"></script><script src="https://cdnjs.cloudflare.com/ajax/libs/twitter-bootstrap/3.4.1/js/bootstrap.min.js" type="text/javascript" charset="UTF-8"></script><script>
 
                $(function () { $("[data-toggle='tooltip']").tooltip(); });
                $(function () { $("[data-toggle='popover']").popover(); });

docs/1.1/xml/index.html

@@ -199,13 +199,15 @@
          <div class="container">
             <div class="navbar-header"><a href="https://cyclonedx.org" class="navbar-brand site-header__logo"><img src="https://cyclonedx.org/theme/assets/images/layout/logo-white.svg" width="150"></img></a><ul class="nav navbar-nav navbar-right">
                   <li class="dropdown"><a href="#" class="dropdown-toggle version-selector" data-toggle="dropdown" role="button" aria-haspopup="true" aria-expanded="false">v1.1 (XML)<span class="caret"></span></a><ul class="dropdown-menu">
+                        <li><a class="dropdown-item" href="https://cyclonedx.org/docs/1.6/json/">v1.6 (JSON)</a></li>
                         <li><a class="dropdown-item" href="https://cyclonedx.org/docs/1.5/json/">v1.5 (JSON)</a></li>
                         <li><a class="dropdown-item" href="https://cyclonedx.org/docs/1.4/json/">v1.4 (JSON)</a></li>
                         <li><a class="dropdown-item" href="https://cyclonedx.org/docs/1.3/json/">v1.3 (JSON)</a></li>
                         <li><a class="dropdown-item" href="https://cyclonedx.org/docs/1.2/json/">v1.2 (JSON)</a></li>
                         <li style="padding:0">
                            <hr class="dropdown-divider"></hr>
                         </li>
+                        <li><a class="dropdown-item" href="https://cyclonedx.org/docs/1.6/xml/">v1.6 (XML)</a></li>
                         <li><a class="dropdown-item" href="https://cyclonedx.org/docs/1.5/xml/">v1.5 (XML)</a></li>
                         <li><a class="dropdown-item" href="https://cyclonedx.org/docs/1.4/xml/">v1.4 (XML)</a></li>
                         <li><a class="dropdown-item" href="https://cyclonedx.org/docs/1.3/xml/">v1.3 (XML)</a></li>
@@ -3274,7 +3276,7 @@ <h2><a id="Glossary">Glossary</a></h2>
                </div>
             </div>
          </div>
-      </div><script src="https://cdnjs.cloudflare.com/ajax/libs/jquery/3.6.3/jquery.min.js" type="text/javascript" charset="UTF-8"></script><script src="https://cdnjs.cloudflare.com/ajax/libs/twitter-bootstrap/3.4.1/js/bootstrap.min.js" type="text/javascript" charset="UTF-8"></script><script>
+      </div><script src="https://cdnjs.cloudflare.com/ajax/libs/jquery/3.7.1/jquery.min.js" type="text/javascript" charset="UTF-8"></script><script src="https://cdnjs.cloudflare.com/ajax/libs/twitter-bootstrap/3.4.1/js/bootstrap.min.js" type="text/javascript" charset="UTF-8"></script><script>
 
                $(function () { $("[data-toggle='tooltip']").tooltip(); });
                $(function () { $("[data-toggle='popover']").popover(); });