Add country of origin to HBOM spec

**Motivation**

We have a number of customers that want HBOM like data from us (i.e. a list of components), but they want to also know the country of origin of the component and currently the CDX HBOM does not appear to provide this information.

**Proposal**

Here's what I have in mind:

- Add an optional property to the component with a "name" of "cdx:device:countryOfOrigin" (at least that's what it would be in SPDX JSON format).
- What constitutes the country of origin is defined in [International Certificate of Origin Guidelines: Facilitating trade through global origin procedures](https://2go.iccwbo.org/international-certificate-of-origin-guidelines-config+book_version-Book/) provided by the International Chamber of Commerce.  This is commonly used in international trade to provide a [Certificate of Origin](https://en.wikipedia.org/wiki/Certificate_of_origin) for an item.
- The country of origin would be noted in the corresponding "value" field using ISO-3166-1 alpha-2.

Example:

```json5
{
// ...
"properties": [
        {
          "name": "cdx:device:countryOfOrigin",
          "value": "TW"
        },
        // ...
],
}
```

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Uh oh!

Add country of origin to HBOM spec #67

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Uh oh!

Add country of origin to HBOM spec #67

Description

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions