Is `bom-ref` required or optional?

[weaversa]

The 1.6 schema of a workflow, task, workspace, and trigger require a bom-ref, yet each description for a bom-ref says it is "an optional identifier". Is the description incorrect, or is the required field incorrect? The other ~20 instances of bom-ref have the same description but are not required.

For example, see: https://github.com/CycloneDX/specification/blob/e9e0e4e6f4226d60e739a957bbcdb65fd3510ffd/schema/bom-1.6.schema.json#L3881-3896

 "workflow": {
      "title": "Workflow",
      "description": "A specialized orchestration task.",
      "$comment": "Workflow are as task themselves and can trigger other workflow tasks.  These relationships can be modeled in the taskDependencies graph.",
      "type": "object",
      "required": [
        "bom-ref",
        "uid",
        "taskTypes"
      ],
      "additionalProperties": false,
      "properties": {
        "bom-ref": {
          "title": "BOM Reference",
          "description": "An optional identifier which can be used to reference the workflow elsewhere in the BOM. Every bom-ref must be unique within the BOM.\nValue SHOULD not start with the BOM-Link intro 'urn:cdx:' to avoid conflicts with BOM-Links.",
          "$ref": "#/definitions/refType"
        },

[stevespringett]

There are a few places in the spec where it’s required. This is one of them. The description in this case is defective. I’ll ensure this gets resolved in v1.7

[stevespringett]

Note to self: remove required and optional keywords from all descriptions

[jkowalleck]

this is a duplicate of #616, right?

[weaversa]

I agree it's a duplicate.

[jkowalleck]

will start working on a fix