docs: Tweak "compliment" to "complement" (#369)

stevespringett · web-flow · commit abc03a5bde72 · 2024-02-05T16:27:50.000-06:00
Correct the spelling of `compliment` &amp; `complimentary` to `complement` &amp;
`complementary` respectively.

* Compliment = a polite expression of praise or admiration.
* Complement = a thing that contributes extra features to something else
in such a way as to improve or emphasize its' quality

Correct spelling makes for easier translation to other languages.

Signed-off-by: Mark Symons &lt;mark.symons@fujitsu.com&gt;
diff --git a/README.md b/README.md
@@ -68,9 +68,9 @@ The officially supported media type for Protocol Buffer format is `application/x
 ## Related Work
 [SPDX (Software Package Data Exchange)][spdx-url] is a specification that provides low-level details of components, including all files, hashes, authors, and copyrights. SPDX also defines over 300 open source license IDs. CycloneDX builds on top of the work SPDX has accomplished with license IDs, but varies greatly in its approach towards building a software bill of material specification.
 
-[SWID (ISO/IEC 19770-2:2015)][swid-url] is used primarily to identify installed software and is the preferred format of the NVD. SWID tags are used in the National Vulnerability Database to describe vulnerable components. The CycloneDX specification compliments this work as CycloneDX documents can incorporate SWID tags and other high-level SWID metadata and optionally include entire SWID documents. Use of SWID tag ID's are useful in determining if a specific component has known vulnerabilities.
+[SWID (ISO/IEC 19770-2:2015)][swid-url] is used primarily to identify installed software and is the preferred format of the NVD. SWID tags are used in the National Vulnerability Database to describe vulnerable components. The CycloneDX specification complements this work as CycloneDX documents can incorporate SWID tags and other high-level SWID metadata and optionally include entire SWID documents. Use of SWID tag ID's are useful in determining if a specific component has known vulnerabilities.
 
-[CPE (Common Platform Enumeration)][cpe-url] is a specification that describes the vendor, name, and version for an application, operating system, or hardware device. CPE identifiers are used in the National Vulnerability Database to describe vulnerable components. The CycloneDX specification compliments this work as CycloneDX documents can easily be used to construct exact CPE identifiers that are useful in determining if a specific component has known vulnerabilities.
+[CPE (Common Platform Enumeration)][cpe-url] is a specification that describes the vendor, name, and version for an application, operating system, or hardware device. CPE identifiers are used in the National Vulnerability Database to describe vulnerable components. The CycloneDX specification complements this work as CycloneDX documents can easily be used to construct exact CPE identifiers that are useful in determining if a specific component has known vulnerabilities.
 
 ## Copyright & License
 
diff --git a/schema/bom-1.6.proto b/schema/bom-1.6.proto
@@ -264,7 +264,7 @@ enum ExternalReferenceType {
   EXTERNAL_REFERENCE_TYPE_CODIFIED_INFRASTRUCTURE = 31;
   // A model card describes the intended uses of a machine learning model, potential limitations, biases, ethical considerations, training parameters, datasets used to train the model, performance metrics, and other relevant data useful for ML transparency.
   EXTERNAL_REFERENCE_TYPE_MODEL_CARD = 32;
-    // Plans of Action and Milestones (POAM) compliment an "attestation" external reference. POAM is defined by NIST as a "document that identifies tasks needing to be accomplished. It details resources required to accomplish the elements of the plan, any milestones in meeting the tasks and scheduled completion dates for the milestones".
+    // Plans of Action and Milestones (POAM) complement an "attestation" external reference. POAM is defined by NIST as a "document that identifies tasks needing to be accomplished. It details resources required to accomplish the elements of the plan, any milestones in meeting the tasks and scheduled completion dates for the milestones".
   EXTERNAL_REFERENCE_TYPE_POAM = 33;
   // A record of events that occurred in a computer system or application, such as problems, errors, or information on current operations.
   EXTERNAL_REFERENCE_TYPE_LOG = 34;
@@ -536,7 +536,7 @@ message Pedigree {
   repeated Component variants = 3;
   // A list of zero or more commits which provide a trail describing how the component deviates from an ancestor, descendant, or variant.
   repeated Commit commits = 4;
-  // A list of zero or more patches describing how the component deviates from an ancestor, descendant, or variant. Patches may be complimentary to commits or may be used in place of commits.
+  // A list of zero or more patches describing how the component deviates from an ancestor, descendant, or variant. Patches may be complementary to commits or may be used in place of commits.
   repeated Patch patches = 5;
   // Notes, observations, and other non-structured commentary describing the components pedigree.
   optional string notes = 6;
diff --git a/schema/bom-1.6.schema.json b/schema/bom-1.6.schema.json
@@ -985,7 +985,7 @@
             "patches": {
               "type": "array",
               "title": "Patches",
-              "description": ">A list of zero or more patches describing how the component deviates from an ancestor, descendant, or variant. Patches may be complimentary to commits or may be used in place of commits.",
+              "description": ">A list of zero or more patches describing how the component deviates from an ancestor, descendant, or variant. Patches may be complementary to commits or may be used in place of commits.",
               "items": {"$ref": "#/definitions/patch"}
             },
             "notes": {
@@ -1728,7 +1728,7 @@
             "certification-report": "Industry, regulatory, or other certification from an accredited (if applicable) certification body.",
             "codified-infrastructure": "Code or configuration that defines and provisions virtualized infrastructure, commonly referred to as Infrastructure as Code (IaC).",
             "quality-metrics": "Report or system in which quality metrics can be obtained.",
-            "poam": "Plans of Action and Milestones (POAM) compliment an \"attestation\" external reference. POAM is defined by NIST as a \"document that identifies tasks needing to be accomplished. It details resources required to accomplish the elements of the plan, any milestones in meeting the tasks and scheduled completion dates for the milestones\".",
+            "poam": "Plans of Action and Milestones (POAM) complement an \"attestation\" external reference. POAM is defined by NIST as a \"document that identifies tasks needing to be accomplished. It details resources required to accomplish the elements of the plan, any milestones in meeting the tasks and scheduled completion dates for the milestones\".",
             "electronic-signature": "An e-signature is commonly a scanned representation of a written signature or a stylized script of the persons name.",
             "digital-signature": "A signature that leverages cryptography, typically public/private key pairs, which provides strong authenticity verification.",
             "other": "Use this if no other types accurately describe the purpose of the external reference."
diff --git a/schema/bom-1.6.xsd b/schema/bom-1.6.xsd
@@ -1421,7 +1421,7 @@ limitations under the License.
             </xs:enumeration>
             <xs:enumeration value="poam">
                 <xs:annotation>
-                    <xs:documentation>Plans of Action and Milestones (POAM) compliment an "attestation" external reference. POAM is defined by NIST as a "document that identifies tasks needing to be accomplished. It details resources required to accomplish the elements of the plan, any milestones in meeting the tasks and scheduled completion dates for the milestones".</xs:documentation>
+                    <xs:documentation>Plans of Action and Milestones (POAM) complement an "attestation" external reference. POAM is defined by NIST as a "document that identifies tasks needing to be accomplished. It details resources required to accomplish the elements of the plan, any milestones in meeting the tasks and scheduled completion dates for the milestones".</xs:documentation>
                 </xs:annotation>
             </xs:enumeration>
             <xs:enumeration value="electronic-signature">
@@ -1828,7 +1828,7 @@ limitations under the License.
             <xs:element name="patches" type="bom:patchesType" minOccurs="0" maxOccurs="1">
                 <xs:annotation>
                     <xs:documentation xml:lang="en">A list of zero or more patches describing how the component
-                        deviates from an ancestor, descendant, or variant. Patches may be complimentary to commits
+                        deviates from an ancestor, descendant, or variant. Patches may be complementary to commits
                         or may be used in place of commits.</xs:documentation>
                 </xs:annotation>
             </xs:element>
