diff --git a/.github/workflows/validate-pr.yml b/.github/workflows/validate-pr.yml index 5ac62f70b..04bde731f 100644 --- a/.github/workflows/validate-pr.yml +++ b/.github/workflows/validate-pr.yml @@ -11,7 +11,7 @@ jobs: runs-on: ubuntu-latest steps: - - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1 - uses: actions/setup-python@f677139bbe7f9c59b41e40162b753c062f5d49a3 # v5.2.0 with: python-version: "3.12" diff --git a/CHANGELOG.md b/CHANGELOG.md index 94bd59dbd..9831a2320 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,6 +1,6 @@ # Change Log -## 3.0.1 (under development - last update 2024-08-14) +## 3.0.1 (Unrelease - under development - last update 2024-09-25) ### Changes since 3.0 @@ -23,11 +23,24 @@ - **Added:** `adler32` entry to `Core/HashAlgorithm` - [#826](https://github.com/spdx/spdx-3-model/pull/826) - The Adler-32 checksum, previously available in SPDX 2.3, has been reintroduced. -- **Clarified:** `AI/autonomyType` property - [#741](https://github.com/spdx/spdx-3-model/pull/741) +- **Added:** `Core/SpdxOrganization` - [#880](https://github.com/spdx/spdx-3-model/pull/880) + - An `SpdxOrganization` individual, an Organization representing the SPDX + Project, is added. It is by definition the creator of all Element type individuals + defined by the SPDX Project. +- **Clarified:** `AI/autonomyType` - [#741](https://github.com/spdx/spdx-3-model/pull/741) - Specified the meaning of `yes`, `no`, and `noAssertion` values in the `AI/autonomyType` property description. +- **Clarified:** `Build/buildType` - [#875](https://github.com/spdx/spdx-3-model/pull/875) + - Its intent is added: "The buildType is used to interpret the meaning of + other build parameters by defining the "type" of build...". +- **Clarified:** `hasData` entry in `Core/RelationshipType` - [#815](https://github.com/spdx/spdx-3-model/pull/815) - **Improved:** JSON-LD examples. - All JSON-LD examples in the "Syntax" section of class descriptions are now - validated. + validated - [#794](https://github.com/spdx/spdx-3-model/pull/794) - Added JSON-LD examples for `AI/EnergyConsumption` and - `AI/EnergyConsumptionDescription`. + `AI/EnergyConsumptionDescription` - [#780](https://github.com/spdx/spdx-3-model/pull/780) +- **Updated:** Model diagrams. + - Use updated names + - Specify XSD data types + - All named individuals are removed - [#884](https://github.com/spdx/spdx-3-model/pull/884) +- General typos and formatting fixes diff --git a/Glossary.md b/Glossary.md index f4d54a493..5a24827cd 100644 --- a/Glossary.md +++ b/Glossary.md @@ -11,7 +11,7 @@ A process that takes data in any valid form (e.g., various serializations of SPD ## Class -A represention of a scope/set of individual instances of a particular “concept” (e.g., File, Person, ExternalReference, etc.). +A representation of a scope/set of individual instances of a particular “concept” (e.g., File, Person, ExternalReference, etc.). Each individual instance of a class has an Internationalized Resource Identifier (IRI) and is asserted as a member of a particular class via a type statement. @@ -25,7 +25,7 @@ One example could be the requirement of a specific hash algorithm to be present. ## Core -The namespace which contains definitions and constraints for all concpet classes and properties which are common to all other domains within the targeted scope of SPDX. +The namespace which contains definitions and constraints for all concept classes and properties which are common to all other domains within the targeted scope of SPDX. ## Datatype property diff --git a/images/model-core-software.png b/images/model-core-software.png index f278054dd..5f6c2f038 100644 Binary files a/images/model-core-software.png and b/images/model-core-software.png differ diff --git a/images/model-core-software.svg b/images/model-core-software.svg index 3b92c8fcc..073d1d0c4 100644 --- a/images/model-core-software.svg +++ b/images/model-core-software.svg @@ -1,4 +1,4 @@ -
profile Core
profile Core
Element Classes
Element Classes
Enumerations
Enumerations
Simple Data Types
Simple Data Types
profile Software
profile SoftwareElement+ spdxId: xsd:anyURI[1]+ name: xsd:string[0..1]+ summary: xsd:string[0..1]+ description: xsd:string[0..1]+ comment: xsd:string[0..1]+ creationInfo: CreationInfo[1]+ verifiedUsing: IntegrityMethod[0..*]+ externalRef: ExternalRef[0..*]+ externalIdentifier: ExternalIdentifier[0..*]+ extension: /Extension/Extension[0..1]Artifact+ originatedBy: Agent[0..*]
+ suppliedBy: Agent[0..1]
+ suppliedBy: Agent[0..1]
+ builtTime: DateTime[0..1]
+ builtTime: DateTime[0..1]
+ releaseTime: DateTime[0..1]
+ releaseTime: DateTime[0..1]
+ validUntilTime: DateTime[0..1]
+ validUntilTime: DateTime[0..1]
+ standardName: xsd:string[0..*]
+ standardName: xsd:string[0..*]
+ supportLevel: SupportType[0..*]
+ supportLevel: SupportType[0..*]Annotation+ annotationType: AnnotationType[1]+ statement: xsd:string[0..1]+ contentType: MediaType[0..1]Relationship+ relationshipType: RelationshipType[1]+ completeness: RelationshipCompleteness[0..1]
+ startTime: DateTime[0..1]
+ startTime: DateTime[0..1]
+ endTime: DateTime[0..1]
+ endTime: DateTime[0..1]ElementCollection
+ profileConformance: ProfileIdentifierType[0..*]
+ profileConformance: ProfileIdentifierType[...
 
 
1
1
from
from
*
*
1..*
1..*
to
to
*
*
*
*
*
*
rootElement
rootElementSnippet+ byteRange: PositiveIntegerRange[0..1]+ lineRange: PositiveIntegerRange[0..1]
+ snippetFromFile: File[1]
+ snippetFromFile: File[1]File+ /Core/contentType: MediaType[0..1]+ name: xsd:string[1]
+ fileKind: FileKindType[0..1]
+ fileKind: FileKindType[0..1]Package+ packageVersion: xsd:string[0..1]+ downloadLocation: xsd:anyURI[0..1]+ packageUrl: xsd:anyURI[0..1]+ homePage: xsd:anyURI[0..1]+ sourceInfo: xsd:string[0..1]
*
*
1
1
subject
subjectBomSbom
+ sbomType: SbomType[0..*]
+ sbomType: SbomType[0..*]
*
*
element
element
*
*Legend
Italics - abstract, you must use a subclass
Italics - abstract, you must...Bundle+ context: xsd:string[0..1]SpdxDocument
+ import: ExternalMap[0..*]
+ import: ExternalMap[0..*]+ dataLicense: /SimpleLicensing/AnyLicenseInfo[0..1]
+ namespaceMap: NamespaceMap[0..*]
+ namespaceMap: NamespaceMap[0..*]ToolAgentPersonOrganization
Non-Element Classes
Non-Element ClassesNamespaceMap+ prefix: xsd:string[1]+ namespace: xsd:anyURI[1]

ExternalRefType

altDownloadLocation

altWebPage

binaryArtifact

bower

buildMeta

buildSystem

certificationReport

chat

componentAnalysisReport

documentation

dynamicAnalysisReport

eolNotice

exportControlAssessment

funding

issueTracker

license

mailingList

mavenCentral

metrics

npm

nuget

other

privacyAssessment

productMetadata

purchaseOrder

qualityAssessmentReport

releaseHistory

releaseNotes

riskAssessment

runtimeAnalysisReport

secureSoftwareAttestation

securityAdvisory

securityAdversaryModel

securityFix

securityOther

securityPenTestReport

securityPolicy

securityThreatModel

socialMedia

sourceArtifact

staticAnalysisReport

support

vcs

vulnerabilityDisclosureReport

vulnerabilityExploitabilityAssessment


ExternalRefType...

AnnotationType

other

review

AnnotationType...

HashAlgorithm

adler32

blake2b256

blake2b384

blake2b512

blake3

crystalsDilithium

crystalsKyber

falcon

md2

md4

md5

md6

other

sha1

sha224

sha256 [default]

sha384

sha512

sha3_224

sha3_256

sha3_384

sha3_512

HashAlgorithm...

SoftwarePurpose

application

archive

bom

configuration

container

data

device

diskImage

deviceDriver

documentation

evidence

executable

file

filesystemImage

firmware

framework

install

library

manifest

model

module

operatingSystem

other

patch

platform

requirement

source

specification

test

SoftwarePurpose...

RelationshipType

Meta

amendedBy                    [Element -> Element]

describes                    [Element -> Element]

modifiedBy                   [Element -> Element]

other                        [Element -> Element] (comment)


Structure

contains                     [Element -> Element]


Behavioral

configures                   [Element -> Element]

delegatedTo                  [Element -> Element]

dependsOn                    [Element -> Element]


Pedigree

copiedTo                     [Element -> Element]

expandsTo                   [Artifact -> Artifact]

generates                   [Artifact -> Artifact]

hasAddedfile                 [Element -> Element]

hasDatafile                  [Element -> Element]

hasDeletedfile               [Element -> Element]


Provenance

ancestorOf                   [Element -> Element]

availableFrom                [Element -> Element]

descendantOf                 [Element -> Element]

variant                     [Artifact -> Artifact]


Serialization

serializedInArtifact    [SpdxDocument -> Artifact]


Build

hasDependencyManifest        [Element -> Element]

hasDistributionArtifact      [Element -> Element]

hasDocumentation             [Element -> Element]

hasDynamicLink               [Element -> Element]

hasExample                   [Element -> Element]

hasHost                        [Build -> Element]

hasInput                       [Build -> Element]

hasMetadata                  [Element -> Element]

hasOptionalComponent         [Element -> Element]

hasOptionalDependency        [Element -> Element]

hasOutput                      [Build -> Element]

hasPrerequisite              [Element -> Element]

hasProvidedDependency        [Element -> Element]

hasRequirement               [Element -> Element]

hasSpecification             [Element -> Element]

hasStaticLink                [Element -> Element]

hasTest                      [Element -> Element]

hasTestCase                  [Element -> Element]

hasVariant                   [Element -> Element]

invokedBy                    [Element -> Agent]

packagedBy                   [Element -> Element]

patchedBy                    [Element -> Element]

usesTool                     [Element -> Element]


Licensing

hasConcludedLicense [SoftwareArtifact -> AnyLicenseInfo]

hasDeclaredLicense  [SoftwareArtifact -> AnyLicenseInfo]


Security

affects                [Vulnerability -> Element]

doesNotAffect          [Vulnerability -> Element]

exploitCreatedBy       [Vulnerability -> Agent]

fixedBy                [Vulnerability -> Agent]

foundBy                [Vulnerability -> Agent]

hasAssessmentFor       [Vulnerability -> Element]

hasAssociatedVulnerability  [Artifact -> Vulnerability]

publishedBy            [Vulnerability -> Agent]

reportedBy             [Vulnerability -> Agent]

republishedBy          [Vulnerability -> Agent]

underInvestigationFor  [Vulnerability -> Element]


AI/Dataset

hasEvidence                  [Element -> Element]

testedOn                     [Element -> Element]

trainedOn                    [Element -> Element]


RelationshipType...

RelationshipCompleteness

complete [default]

incomplete

noAssertion


RelationshipCompleteness...Hash+ algorithm: HashAlgorithm[1]+ hashValue: xsd:string[1]ExternalRef+ externalRefType: ExternalRefType[1]+ locator: xsd:string[0..*]+ contentType: MediaType[0..1]+ comment: xsd:string[0..1]SemVer: xsd:string
String constrained to SemVer 2.0.0 specification.
String constrained to SemVer 2.0.0...MediaType: xsd:string
String constrained to RFC 2046  specification.
String constrained to RFC 2046  spe...IntegrityMethod+ comment: xsd:string[0..1]CreationInfo+ specVersion: SemVer[1]+ created: DateTime[1]+ createdBy: Agent[1..*]+ createdUsing: Tool[0..*]+ comment: xsd:string[0..1]

ExternalIdentifierType

cpe22

cpe23

cve

email

getoid

other

packageUrl

securityOther

swhid

swid

urlScheme

ExternalIdentifierType...ExternalMap+ externalSpdxId: xsd:anyURI[1]+ locationHint: xsd:anyURI[0..1]+ verifiedUsing: IntegrityMethod[0..*]
+ definingArtifact: Artifact[0..1]
+ definingArtifact: Artifact[0..1]ExternalIdentifier+ externalIdentifierType: ExternalIdentifierType[1]+ identifier: xsd:string[1]+ comment: xsd:string[0..1]
+ identifierLocator: xsd:anyURI[0..*]
+ identifierLocator: xsd:anyURI[0..*]
+ issuingAuthority: xsd:string[0..1]
+ issuingAuthority: xsd:string[0..1]PositiveIntegerRange+ beginIntegerRange: xsd:positiveInteger[1]+ endIntegerRange: xsd:positiveInteger[1]SoftwareAgent

SbomType

analyzed

build

deployed

design

runtime

source

SbomType...
SoftwareArtifact
SoftwareArtifact+ contentIdentifier: ContentIdentifier[0..*]+ primaryPurpose: SoftwarePurpose[0..1]
+ additionalPurpose: SoftwarePurpose[0..*]
+ additionalPurpose: SoftwarePurpose[0.....
+ copyrightText: xsd:string[0..1]
+ copyrightText: xsd:string[0..1]
+ attributionText: xsd:string[0..*]
+ attributionText: xsd:string[0..*]
LifecycleScopedRelationship
LifecycleScopedRelationship+ scope: LifecycleScopeType[0..1]
NOT
NOT
*
*
*
*
NOT
NOT
Instances of these classes exist only to adorn single instances of Element classes through properties on those Element classes and cannot exist independent of such an Element class. Instances of these classes MUST always accompany their associated Element class in any serialization document. Serialization formats MAY enable de-duplication within a single document.
Instances of these classes exist only to adorn single instances of Element classes through prop...DictionaryEntry+ key: xsd:string[1]+ value: xsd:string[0..1]DateTime: xsd:dateTimeStamp
dateTimeStamp constrained to a ISO-8601 format, with resolution of seconds and UTC time zone.
dateTimeStamp constrained to a ISO-...

ProfileIdentifierType

ai

build

core

dataset

expandedLicensing

extension

lite

security

simpleLicensing

software

ProfileIdentifierType...

LifecycleScopeType

build

design

development

other

runtime

test

LifecycleScopeType...

PresenceType

no

noAssertion

yes

PresenceType...PackageVerificationCode
+ algorithm: HashAlgorithm[1]
+ algorithm: HashAlgorithm[1]+ hashValue: xsd:string[1]+ packageVerificationCodeExcludedFile: xsd:string[0..*]

SupportType

development

endOfSupport

limitedSupport

noSupport

noAssertion

support

SupportType...
Individuals
Individuals

FileKindType

directory

file

FileKindType...<<Individual>>NoAssertionElement : Element
https://spdx.org/rdf/3.0.1/terms/Core/NoAssertion
https://spdx.org/rdf/3.0.1/terms/Core/NoAssertion<<Individual>>NoneElement : Element
https://spdx.org/rdf/3.0.1/terms/Core/None
https://spdx.org/rdf/3.0.1/terms/Core/None

ContentIdentifierType

gitoid

swhid

ContentIdentifierType...ContentIdentifier+ contentIdentifierType: ContentIdentifierType[1]+ contentIdentifierValue: xsd:anyURI[1] \ No newline at end of file +
profile Core
profile Core
Element Classes
Element Classes
Enumerations
Enumerations
Simple Data Types
Simple Data Types
profile Software
profile SoftwareElement+ spdxId: xsd:anyURI[1]+ name: xsd:string[0..1]+ summary: xsd:string[0..1]+ description: xsd:string[0..1]+ comment: xsd:string[0..1]+ creationInfo: CreationInfo[1]+ verifiedUsing: IntegrityMethod[0..*]+ externalRef: ExternalRef[0..*]+ externalIdentifier: ExternalIdentifier[0..*]+ extension: /Extension/Extension[0..1]Artifact+ originatedBy: Agent[0..*]
+ suppliedBy: Agent[0..1]
+ suppliedBy: Agent[0..1]
+ builtTime: DateTime[0..1]
+ builtTime: DateTime[0..1]
+ releaseTime: DateTime[0..1]
+ releaseTime: DateTime[0..1]
+ validUntilTime: DateTime[0..1]
+ validUntilTime: DateTime[0..1]
+ standardName: xsd:string[0..*]
+ standardName: xsd:string[0..*]
+ supportLevel: SupportType[0..*]
+ supportLevel: SupportType[0..*]Annotation+ annotationType: AnnotationType[1]+ statement: xsd:string[0..1]+ contentType: MediaType[0..1]Relationship+ relationshipType: RelationshipType[1]+ completeness: RelationshipCompleteness[0..1]
+ startTime: DateTime[0..1]
+ startTime: DateTime[0..1]
+ endTime: DateTime[0..1]
+ endTime: DateTime[0..1]ElementCollection
+ profileConformance: ProfileIdentifierType[0..*]
+ profileConformance: ProfileIdentifierType[...
 
 
1
1
from
from
*
*
1..*
1..*
to
to
*
*
*
*
*
*
rootElement
roo...Snippet+ byteRange: PositiveIntegerRange[0..1]+ lineRange: PositiveIntegerRange[0..1]
+ snippetFromFile: File[1]
+ snippetFromFile: File[1]File+ /Core/contentType: MediaType[0..1]+ name: xsd:string[1]
+ fileKind: FileKindType[0..1]
+ fileKind: FileKindType[0..1]Package+ packageVersion: xsd:string[0..1]+ downloadLocation: xsd:anyURI[0..1]+ packageUrl: xsd:anyURI[0..1]+ homePage: xsd:anyURI[0..1]+ sourceInfo: xsd:string[0..1]
*
*
1
1
subject
sub...BomSbom
+ sbomType: SbomType[0..*]
+ sbomType: SbomType[0..*]
*
*
element
ele...
*
*Legend
Italics - abstract, you must use a subclass
Italics - abstract, you must...Bundle+ context: xsd:string[0..1]SpdxDocument
+ import: ExternalMap[0..*]
+ import: ExternalMap[0..*]+ dataLicense: /SimpleLicensing/AnyLicenseInfo[0..1]
+ namespaceMap: NamespaceMap[0..*]
+ namespaceMap: NamespaceMap[0..*]ToolAgentPersonOrganization
Non-Element Classes
Non-Element ClassesNamespaceMap+ prefix: xsd:string[1]+ namespace: xsd:anyURI[1]

ExternalRefType

altDownloadLocation

altWebPage

binaryArtifact

bower

buildMeta

buildSystem

certificationReport

chat

componentAnalysisReport

documentation

dynamicAnalysisReport

eolNotice

exportControlAssessment

funding

issueTracker

license

mailingList

mavenCentral

metrics

npm

nuget

other

privacyAssessment

productMetadata

purchaseOrder

qualityAssessmentReport

releaseHistory

releaseNotes

riskAssessment

runtimeAnalysisReport

secureSoftwareAttestation

securityAdvisory

securityAdversaryModel

securityFix

securityOther

securityPenTestReport

securityPolicy

securityThreatModel

socialMedia

sourceArtifact

staticAnalysisReport

support

vcs

vulnerabilityDisclosureReport

vulnerabilityExploitabilityAssessment


ExternalRefType...

AnnotationType

other

review

AnnotationType...

HashAlgorithm

adler32

blake2b256

blake2b384

blake2b512

blake3

crystalsDilithium

crystalsKyber

falcon

md2

md4

md5

md6

other

sha1

sha224

sha256 [default]

sha384

sha512

sha3_224

sha3_256

sha3_384

sha3_512

HashAlgorithm...

SoftwarePurpose

application

archive

bom

configuration

container

data

device

diskImage

deviceDriver

documentation

evidence

executable

file

filesystemImage

firmware

framework

install

library

manifest

model

module

operatingSystem

other

patch

platform

requirement

source

specification

test

SoftwarePurpose...

RelationshipType

Meta

amendedBy                    [Element -> Element]

describes                    [Element -> Element]

modifiedBy                   [Element -> Element]

other                        [Element -> Element] (comment)


Structure

contains                     [Element -> Element]


Behavioral

configures                   [Element -> Element]

delegatedTo                  [Element -> Element]

dependsOn                    [Element -> Element]


Pedigree

copiedTo                     [Element -> Element]

expandsTo                   [Artifact -> Artifact]

generates                   [Artifact -> Artifact]

hasAddedfile                 [Element -> Element]

hasDatafile                  [Element -> Element]

hasDeletedfile               [Element -> Element]


Provenance

ancestorOf                   [Element -> Element]

availableFrom                [Element -> Element]

descendantOf                 [Element -> Element]

variant                     [Artifact -> Artifact]


Serialization

serializedInArtifact    [SpdxDocument -> Artifact]


Build

hasDependencyManifest        [Element -> Element]

hasDistributionArtifact      [Element -> Element]

hasDocumentation             [Element -> Element]

hasDynamicLink               [Element -> Element]

hasExample                   [Element -> Element]

hasHost                        [Build -> Element]

hasInput                       [Build -> Element]

hasMetadata                  [Element -> Element]

hasOptionalComponent         [Element -> Element]

hasOptionalDependency        [Element -> Element]

hasOutput                      [Build -> Element]

hasPrerequisite              [Element -> Element]

hasProvidedDependency        [Element -> Element]

hasRequirement               [Element -> Element]

hasSpecification             [Element -> Element]

hasStaticLink                [Element -> Element]

hasTest                      [Element -> Element]

hasTestCase                  [Element -> Element]

hasVariant                   [Element -> Element]

invokedBy                    [Element -> Agent]

packagedBy                   [Element -> Element]

patchedBy                    [Element -> Element]

usesTool                     [Element -> Element]


Licensing

hasConcludedLicense [SoftwareArtifact -> AnyLicenseInfo]

hasDeclaredLicense  [SoftwareArtifact -> AnyLicenseInfo]


Security

affects                [Vulnerability -> Element]

doesNotAffect          [Vulnerability -> Element]

exploitCreatedBy       [Vulnerability -> Agent]

fixedBy                [Vulnerability -> Agent]

foundBy                [Vulnerability -> Agent]

hasAssessmentFor       [Vulnerability -> Element]

hasAssociatedVulnerability  [Artifact -> Vulnerability]

publishedBy            [Vulnerability -> Agent]

reportedBy             [Vulnerability -> Agent]

republishedBy          [Vulnerability -> Agent]

underInvestigationFor  [Vulnerability -> Element]


AI/Dataset

hasEvidence                  [Element -> Element]

testedOn                     [Element -> Element]

trainedOn                    [Element -> Element]


RelationshipType...

RelationshipCompleteness

complete [default]

incomplete

noAssertion


RelationshipCompleteness...Hash+ algorithm: HashAlgorithm[1]+ hashValue: xsd:string[1]ExternalRef+ externalRefType: ExternalRefType[1]+ locator: xsd:string[0..*]+ contentType: MediaType[0..1]+ comment: xsd:string[0..1]SemVer: xsd:string
String constrained to SemVer 2.0.0 specification.
String constrained to SemVer 2.0.0...MediaType: xsd:string
String constrained to RFC 2046  specification.
String constrained to RFC 2046  spe...IntegrityMethod+ comment: xsd:string[0..1]CreationInfo+ specVersion: SemVer[1]+ created: DateTime[1]+ createdBy: Agent[1..*]+ createdUsing: Tool[0..*]+ comment: xsd:string[0..1]

ExternalIdentifierType

cpe22

cpe23

cve

email

getoid

other

packageUrl

securityOther

swhid

swid

urlScheme

ExternalIdentifierType...ExternalMap+ externalSpdxId: xsd:anyURI[1]+ locationHint: xsd:anyURI[0..1]+ verifiedUsing: IntegrityMethod[0..*]
+ definingArtifact: Artifact[0..1]
+ definingArtifact: Artifact[0..1]ExternalIdentifier+ externalIdentifierType: ExternalIdentifierType[1]+ identifier: xsd:string[1]+ comment: xsd:string[0..1]
+ identifierLocator: xsd:anyURI[0..*]
+ identifierLocator: xsd:anyURI[0..*]
+ issuingAuthority: xsd:string[0..1]
+ issuingAuthority: xsd:string[0..1]PositiveIntegerRange+ beginIntegerRange: xsd:positiveInteger[1]+ endIntegerRange: xsd:positiveInteger[1]SoftwareAgent

SbomType

analyzed

build

deployed

design

runtime

source

SbomType...
SoftwareArtifact
SoftwareArtifact+ contentIdentifier: ContentIdentifier[0..*]+ primaryPurpose: SoftwarePurpose[0..1]
+ additionalPurpose: SoftwarePurpose[0..*]
+ additionalPurpose: SoftwarePurpose[0.....
+ copyrightText: xsd:string[0..1]
+ copyrightText: xsd:string[0..1]
+ attributionText: xsd:string[0..*]
+ attributionText: xsd:string[0..*]
LifecycleScopedRelationship
LifecycleScopedRelationship+ scope: LifecycleScopeType[0..1]
NOT
NOT
*
*
*
*
NOT
NOT
Instances of these classes exist only to adorn single instances of Element classes through properties on those Element classes and cannot exist independent of such an Element class. Instances of these classes MUST always accompany their associated Element class in any serialization document. Serialization formats MAY enable de-duplication within a single document.
Instances of these classes exist only to adorn single instances of Element classes through prop...DictionaryEntry+ key: xsd:string[1]+ value: xsd:string[0..1]DateTime: xsd:dateTimeStamp
dateTimeStamp constrained to a ISO-8601 format, with resolution of seconds and UTC time zone.
dateTimeStamp constrained to a ISO-...

ProfileIdentifierType

ai

build

core

dataset

expandedLicensing

extension

lite

security

simpleLicensing

software

ProfileIdentifierType...

LifecycleScopeType

build

design

development

other

runtime

test

LifecycleScopeType...

PresenceType

no

noAssertion

yes

PresenceType...PackageVerificationCode
+ algorithm: HashAlgorithm[1]
+ algorithm: HashAlgorithm[1]+ hashValue: xsd:string[1]+ packageVerificationCodeExcludedFile: xsd:string[0..*]

SupportType

development

endOfSupport

limitedSupport

noSupport

noAssertion

support

SupportType...

FileKindType

directory

file

FileKindType...

ContentIdentifierType

gitoid

swhid

ContentIdentifierType...ContentIdentifier+ contentIdentifierType: ContentIdentifierType[1]+ contentIdentifierValue: xsd:anyURI[1] \ No newline at end of file diff --git a/images/model-core.png b/images/model-core.png index 89ec41c87..d99b0a1b7 100644 Binary files a/images/model-core.png and b/images/model-core.png differ diff --git a/images/model-core.svg b/images/model-core.svg index 40a0dbb76..7f0c222af 100644 --- a/images/model-core.svg +++ b/images/model-core.svg @@ -1,4 +1,4 @@ -
profile Core
profile Core
Element Classes
Element Classes
Simple Data Types
Simple Data TypesElement+ spdxId: xsd:anyURI[1]+ name: xsd:string[0..1]+ summary: xsd:string[0..1]+ description: xsd:string[0..1]+ comment: xsd:string[0..1]+ creationInfo: CreationInfo[1]+ verifiedUsing: IntegrityMethod[0..*]+ externalRef: ExternalRef[0..*]+ externalIdentifier: ExternalIdentifier[0..*]+ extension: /Extension/Extension[0..1]Artifact+ originatedBy: Agent[0..*]
+ suppliedBy: Agent[0..1]
+ suppliedBy: Agent[0..1]
+ builtTime: DateTime[0..1]
+ builtTime: DateTime[0..1]
+ releaseTime: DateTime[0..1]
+ releaseTime: DateTime[0..1]
+ validUntilTime: DateTime[0..1]
+ validUntilTime: DateTime[0..1]
+ standardName: xsd:string[0..*]
+ standardName: xsd:string[0..*]
+ supportLevel: SupportType[0..*]
+ supportLevel: SupportType[0..*]Annotation+ annotationType: AnnotationType[1]+ statement: xsd:string[0..1]+ contentType: MediaType[0..1]Relationship+ relationshipType: RelationshipType[1]+ completeness: RelationshipCompleteness[0..1]
+ startTime: DateTime[0..1]
+ startTime: DateTime[0..1]
+ endTime: DateTime[0..1]
+ endTime: DateTime[0..1]ElementCollection
+ profileConformance: ProfileIdentifierType[0..*]
+ profileConformance: ProfileIdentifierType[...
 
 
1
1
from
from
*
*
1..*
1..*
to
to
*
*
*
*
*
*
rootElement
rootElement
*
*
1
1
subject
subjectBom
*
*
*
*
element
elementLegend
Italics - abstract, you must use a subclass
Italics - abstract, you must...Bundle+ context: xsd:string[0..1]SpdxDocument
+ import: ExternalMap[0..*]
+ import: ExternalMap[0..*]+ dataLicense: /SimpleLicensing/AnyLicenseInfo[0..1]
+ namespaceMap: NamespaceMap[0..*]
+ namespaceMap: NamespaceMap[0..*]ToolAgentPersonOrganization
Non-Element Classes
Non-Element ClassesNamespaceMap+ prefix: xsd:string[1]+ namespace: xsd:anyURI[1]Hash+ algorithm: HashAlgorithm[1]+ hashValue: xsd:string[1]ExternalRef+ externalRefType: ExternalRefType[1]+ locator: xsd:string[0..*]+ contentType: MediaType[0..1]+ comment: xsd:string[0..1]SemVer: xsd:string
String constrained to SemVer 2.0.0 specification.
String constrained to SemVer 2.0.0...MediaType: xsd:string
String constrained to RFC 2046  specification.
String constrained to RFC 2046  spe...IntegrityMethod+ comment: xsd:string[0..1]CreationInfo+ specVersion: SemVer[1]+ created: DateTime[1]+ createdBy: Agent[1..*]+ createdUsing: Tool[0..*]+ comment: xsd:string[0..1]ExternalMap+ externalSpdxId: xsd:anyURI[1]+ locationHint: xsd:anyURI[0..1]+ verifiedUsing: IntegrityMethod[0..*]
+ definingArtifact: Artifact[0..1]
+ definingArtifact: Artifact[0..1]ExternalIdentifier+ externalIdentifierType: ExternalIdentifierType[1]+ identifier: xsd:string[1]+ comment: xsd:string[0..1]
+ identifierLocator: xsd:anyURI[0..*]
+ identifierLocator: xsd:anyURI[0..*]
+ issuingAuthority: xsd:string[0..1]
+ issuingAuthority: xsd:string[0..1]PositiveIntegerRange+ beginIntegerRange: xsd:positiveInteger[1]+ endIntegerRange: xsd:positiveInteger[1]SoftwareAgent
LifecycleScopedRelationship
LifecycleScopedRelationship+ scope: LifecycleScopeType[0..1]
NOT
NOT
*
*
*
*
NOT
NOT
Instances of these classes exist only to adorn single instances of Element classes through properties on those Element classes and cannot exist independent of such an Element class. Instances of these classes MUST always accompany their associated Element class in any serialization document. Serialization formats MAY enable de-duplication within a single document.
Instances of these classes exist only to adorn single instances of Element classes through prop...DictionaryEntry+ key: xsd:string[1]+ value: xsd:string[0..1]DateTime: xsd:dateTimeStamp
dateTimeStamp constrained to a ISO-8601 format, with resolution of seconds and UTC time zone.
dateTimeStamp constrained to a ISO-...PackageVerificationCode
+ algorithm: HashAlgorithm[1]
+ algorithm: HashAlgorithm[1]+ hashValue: xsd:string[1]+ packageVerificationCodeExcludedFile: xsd:string[0..*]
Individuals
Individuals<<Individual>>NoAssertionElement : Element
https://spdx.org/rdf/3.0.1/terms/Core/NoAssertion
https://spdx.org/rdf/3.0.1/terms/Core/NoAssertion<<Individual>>NoneElement : Element
https://spdx.org/rdf/3.0.1/terms/Core/None
https://spdx.org/rdf/3.0.1/terms/Core/None \ No newline at end of file +
profile Core
profile Core
Element Classes
Element Classes
Simple Data Types
Simple Data TypesElement+ spdxId: xsd:anyURI[1]+ name: xsd:string[0..1]+ summary: xsd:string[0..1]+ description: xsd:string[0..1]+ comment: xsd:string[0..1]+ creationInfo: CreationInfo[1]+ verifiedUsing: IntegrityMethod[0..*]+ externalRef: ExternalRef[0..*]+ externalIdentifier: ExternalIdentifier[0..*]+ extension: /Extension/Extension[0..1]Artifact+ originatedBy: Agent[0..*]
+ suppliedBy: Agent[0..1]
+ suppliedBy: Agent[0..1]
+ builtTime: DateTime[0..1]
+ builtTime: DateTime[0..1]
+ releaseTime: DateTime[0..1]
+ releaseTime: DateTime[0..1]
+ validUntilTime: DateTime[0..1]
+ validUntilTime: DateTime[0..1]
+ standardName: xsd:string[0..*]
+ standardName: xsd:string[0..*]
+ supportLevel: SupportType[0..*]
+ supportLevel: SupportType[0..*]Annotation+ annotationType: AnnotationType[1]+ statement: xsd:string[0..1]+ contentType: MediaType[0..1]Relationship+ relationshipType: RelationshipType[1]+ completeness: RelationshipCompleteness[0..1]
+ startTime: DateTime[0..1]
+ startTime: DateTime[0..1]
+ endTime: DateTime[0..1]
+ endTime: DateTime[0..1]ElementCollection
+ profileConformance: ProfileIdentifierType[0..*]
+ profileConformance: ProfileIdentifierType[...
 
 
1
1
from
from
*
*
1..*
1..*
to
to
*
*
*
*
*
*
rootElement
rootElement
*
*
1
1
subject
subjectBom
*
*
*
*
element
elementLegend
Italics - abstract, you must use a subclass
Italics - abstract, you must...Bundle+ context: xsd:string[0..1]SpdxDocument
+ import: ExternalMap[0..*]
+ import: ExternalMap[0..*]+ dataLicense: /SimpleLicensing/AnyLicenseInfo[0..1]
+ namespaceMap: NamespaceMap[0..*]
+ namespaceMap: NamespaceMap[0..*]ToolAgentPersonOrganization
Non-Element Classes
Non-Element ClassesNamespaceMap+ prefix: xsd:string[1]+ namespace: xsd:anyURI[1]Hash+ algorithm: HashAlgorithm[1]+ hashValue: xsd:string[1]ExternalRef+ externalRefType: ExternalRefType[1]+ locator: xsd:string[0..*]+ contentType: MediaType[0..1]+ comment: xsd:string[0..1]SemVer: xsd:string
String constrained to SemVer 2.0.0 specification.
String constrained to SemVer 2.0.0...MediaType: xsd:string
String constrained to RFC 2046  specification.
String constrained to RFC 2046  spe...IntegrityMethod+ comment: xsd:string[0..1]CreationInfo+ specVersion: SemVer[1]+ created: DateTime[1]+ createdBy: Agent[1..*]+ createdUsing: Tool[0..*]+ comment: xsd:string[0..1]ExternalMap+ externalSpdxId: xsd:anyURI[1]+ locationHint: xsd:anyURI[0..1]+ verifiedUsing: IntegrityMethod[0..*]
+ definingArtifact: Artifact[0..1]
+ definingArtifact: Artifact[0..1]ExternalIdentifier+ externalIdentifierType: ExternalIdentifierType[1]+ identifier: xsd:string[1]+ comment: xsd:string[0..1]
+ identifierLocator: xsd:anyURI[0..*]
+ identifierLocator: xsd:anyURI[0..*]
+ issuingAuthority: xsd:string[0..1]
+ issuingAuthority: xsd:string[0..1]PositiveIntegerRange+ beginIntegerRange: xsd:positiveInteger[1]+ endIntegerRange: xsd:positiveInteger[1]SoftwareAgent
LifecycleScopedRelationship
LifecycleScopedRelationship+ scope: LifecycleScopeType[0..1]
NOT
NOT
*
*
*
*
NOT
NOT
Instances of these classes exist only to adorn single instances of Element classes through properties on those Element classes and cannot exist independent of such an Element class. Instances of these classes MUST always accompany their associated Element class in any serialization document. Serialization formats MAY enable de-duplication within a single document.
Instances of these classes exist only to adorn single instances of Element classes through prop...DictionaryEntry+ key: xsd:string[1]+ value: xsd:string[0..1]DateTime: xsd:dateTimeStamp
dateTimeStamp constrained to a ISO-8601 format, with resolution of seconds and UTC time zone.
dateTimeStamp constrained to a ISO-...PackageVerificationCode
+ algorithm: HashAlgorithm[1]
+ algorithm: HashAlgorithm[1]+ hashValue: xsd:string[1]+ packageVerificationCodeExcludedFile: xsd:string[0..*] \ No newline at end of file diff --git a/images/model-licensing.png b/images/model-licensing.png index f80381e54..eb23d211a 100644 Binary files a/images/model-licensing.png and b/images/model-licensing.png differ diff --git a/images/model-licensing.svg b/images/model-licensing.svg index 440114a79..51a7af41d 100644 --- a/images/model-licensing.svg +++ b/images/model-licensing.svg @@ -1,4 +1,4 @@ -
profile Expanded Licensing
profile Expanded...
member
member
*
*
2..*
2..*DisjunctiveLicenseSet
profile Simple Licensing
profile Simple L...
profile Core
profile CoreElement+ spdxId: xsd:anyURI[1]+ name: xsd:string[0..1]+ summary: xsd:string[0..1]+ description: xsd:string[0..1]+ comment: xsd:string[0..1]+ creationInfo: CreationInfo[1]+ verifiedUsing: IntegrityMethod[0..*]+ externalRef: ExternalRef[0..*]+ externalIdentifier: ExternalIdentifier[0..*]+ extension: /Extension/Extension[0..1]AnyLicenseInfoLicenseExpression
+ customIdToUri: DictionaryEntry[0..*]
+ customIdToUri: DictionaryEntry[0...+ licenseExpression: xsd:string[1]+ licenseListVersion: SemVer[0..1]
member
member
*
*
2..*
2..*ConjunctiveLicenseSetLicense
+ /SimpleLicensing/licenseText: xsd:string[1]
+ /SimpleLicensing/licenseText: xsd:stri...
+ isDeprecatedLicenseId: xsd:boolean[0..1]
+ isDeprecatedLicenseId: xsd:boolean[0.....
+ isFsfLibre: xsd:boolean[0..1]
+ isFsfLibre: xsd:boolean[0..1]
+ isOsiApproved: xsd:boolean[0..1]
+ isOsiApproved: xsd:boolean[0..1]
+ licenseXml: xsd:string[0..1]
+ licenseXml: xsd:string[0..1]
+ obsoletedBy: xsd:string[0..1]
+ obsoletedBy: xsd:string[0..1]
+ seeAlso: xsd:anyURI[0..*]
+ seeAlso: xsd:anyURI[0..*]
+ standardLicenseHeader: xsd:string[0..1]
+ standardLicenseHeader: xsd:string[0..1]
+ standardLicenseTemplate: xsd:string[0..1]
+ standardLicenseTemplate: xsd:string[0....ExtendableLicenseCustomLicenseLicenseAddition
+ additionText: xsd:string[1]
+ additionText: xsd:string[1]
+ isDeprecatedAdditionId: xsd:boolean[0..1]
+ isDeprecatedAdditionId: xsd:boolean[0....
+ licenseXml: xsd:string[0..1]
+ licenseXml: xsd:string[0..1]
+ obsoletedBy: xsd:string[0..1]
+ obsoletedBy: xsd:string[0..1]
+ seeAlso: xsd:anyURI[0..*]
+ seeAlso: xsd:anyURI[0..*]
+ standardAdditionTemplate: xsd:string[0..1]
+ standardAdditionTemplate: xsd:string[0...CustomLicenseAdditionListedLicense
+ deprecatedVersion: xsd:string[0..1]
+ deprecatedVersion: xsd:string[0....
+ listVersionAdded: xsd:string[0..1]
+ listVersionAdded: xsd:string[0.....ListedLicenseException
+ deprecatedVersion: xsd:string[0..1]
+ deprecatedVersion: xsd:string[0....
+ listVersionAdded: xsd:string[0..1]
+ listVersionAdded: xsd:string[0.....OrLaterOperator
+ subjectLicense: License[1]
+ subjectLicense: License[1]WithAdditionOperator
+ subjectExtendableLicense: ExtendableLicense[1]
+ subjectExtendableLicense: ExtendableLicense[1]
subjectAddition
subjectAddition
1
1
*
*SimpleLicensingText
+ licenseText: xsd:string[1]
+ licenseText: xsd:string[1]IndividualLicensingInfo<<Individual>>NoAssertionLicense : IndividualLicensingInfo
https://spdx.org/rdf/3.0.1/terms/Licensing/NoAssertion
https://spdx.org/rdf/3.0.1/terms/Licensing/NoAssertion<<Individual>>NoneLicense : IndividualLicensingInfo
https://spdx.org/rdf/3.0.1/terms/Licensing/None
https://spdx.org/rdf/3.0.1/terms/Licensing/None \ No newline at end of file +
profile Expanded Licensing
profile Expanded...
member
member
*
*
2..*
2..*DisjunctiveLicenseSet
profile Simple Licensing
profile Simple L...
profile Core
profile CoreElement+ spdxId: xsd:anyURI[1]+ name: xsd:string[0..1]+ summary: xsd:string[0..1]+ description: xsd:string[0..1]+ comment: xsd:string[0..1]+ creationInfo: CreationInfo[1]+ verifiedUsing: IntegrityMethod[0..*]+ externalRef: ExternalRef[0..*]+ externalIdentifier: ExternalIdentifier[0..*]+ extension: /Extension/Extension[0..1]AnyLicenseInfoLicenseExpression
+ customIdToUri: DictionaryEntry[0..*]
+ customIdToUri: DictionaryEntry[0...+ licenseExpression: xsd:string[1]+ licenseListVersion: SemVer[0..1]
member
member
*
*
2..*
2..*ConjunctiveLicenseSetLicense
+ /SimpleLicensing/licenseText: xsd:string[1]
+ /SimpleLicensing/licenseText: xsd:stri...
+ isDeprecatedLicenseId: xsd:boolean[0..1]
+ isDeprecatedLicenseId: xsd:boolean[0.....
+ isFsfLibre: xsd:boolean[0..1]
+ isFsfLibre: xsd:boolean[0..1]
+ isOsiApproved: xsd:boolean[0..1]
+ isOsiApproved: xsd:boolean[0..1]
+ licenseXml: xsd:string[0..1]
+ licenseXml: xsd:string[0..1]
+ obsoletedBy: xsd:string[0..1]
+ obsoletedBy: xsd:string[0..1]
+ seeAlso: xsd:anyURI[0..*]
+ seeAlso: xsd:anyURI[0..*]
+ standardLicenseHeader: xsd:string[0..1]
+ standardLicenseHeader: xsd:string[0..1]
+ standardLicenseTemplate: xsd:string[0..1]
+ standardLicenseTemplate: xsd:string[0....ExtendableLicenseCustomLicenseLicenseAddition
+ additionText: xsd:string[1]
+ additionText: xsd:string[1]
+ isDeprecatedAdditionId: xsd:boolean[0..1]
+ isDeprecatedAdditionId: xsd:boolean[0....
+ licenseXml: xsd:string[0..1]
+ licenseXml: xsd:string[0..1]
+ obsoletedBy: xsd:string[0..1]
+ obsoletedBy: xsd:string[0..1]
+ seeAlso: xsd:anyURI[0..*]
+ seeAlso: xsd:anyURI[0..*]
+ standardAdditionTemplate: xsd:string[0..1]
+ standardAdditionTemplate: xsd:string[0...CustomLicenseAdditionListedLicense
+ deprecatedVersion: xsd:string[0..1]
+ deprecatedVersion: xsd:string[0...
+ listVersionAdded: xsd:string[0..1]
+ listVersionAdded: xsd:string[0....ListedLicenseException
+ deprecatedVersion: xsd:string[0..1]
+ deprecatedVersion: xsd:string[0...
+ listVersionAdded: xsd:string[0..1]
+ listVersionAdded: xsd:string[0....OrLaterOperator
+ subjectLicense: License[1]
+ subjectLicense: License[1]WithAdditionOperator
+ subjectExtendableLicense: ExtendableLicense[1]
+ subjectExtendableLicense: ExtendableLicense[1]
subjectAddition
subjectAddition
1
1
*
*SimpleLicensingText
+ licenseText: xsd:string[1]
+ licenseText: xsd:string[1]IndividualLicensingInfo \ No newline at end of file diff --git a/model.drawio b/model.drawio index 2984a72ab..4212a045b 100644 --- a/model.drawio +++ b/model.drawio @@ -1,17 +1,17 @@ - + - + - + - + @@ -278,10 +278,10 @@ - + - + @@ -405,13 +405,13 @@ - + - + @@ -561,7 +561,7 @@ - + @@ -588,43 +588,6 @@ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - @@ -1083,7 +1046,7 @@ - + @@ -1411,18 +1374,6 @@ - - - - - - - - - - - - @@ -2163,12 +2114,12 @@ - + - + @@ -2177,7 +2128,7 @@ - + @@ -2638,10 +2589,10 @@ - + - + @@ -2784,13 +2735,13 @@ - + - + @@ -2984,7 +2935,7 @@ - + @@ -3023,46 +2974,9 @@ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - diff --git a/model/AI/AI.md b/model/AI/AI.md index 75b1449ee..eba7882eb 100644 --- a/model/AI/AI.md +++ b/model/AI/AI.md @@ -25,8 +25,7 @@ the following has to hold: 1. for every `/AI/AIPackage` there MUST exist exactly one `/Core/Relationship` of type `hasConcludedLicense` having that element as its `from` property - and an `/SimpleLicensing/AnyLicenseInfo` as its `to` property. + and a `/SimpleLicensing/AnyLicenseInfo` as its `to` property. 2. for every `/AI/AIPackage` there MUST exist exactly one `/Core/Relationship` of type `hasDeclaredLicense` having that element as its `from` property - and an `/SimpleLicensing/AnyLicenseInfo` as its `to` property. - + and a `/SimpleLicensing/AnyLicenseInfo` as its `to` property. diff --git a/model/Build/Build.md b/model/Build/Build.md index d7fe16f82..5b421d4c0 100644 --- a/model/Build/Build.md +++ b/model/Build/Build.md @@ -31,9 +31,9 @@ In addition, the following Relationship Types may be used to describe a Build. or host. - configures: Describes the relationship from a configuration to the Build element. -- ancestorOf: Describes a relationship from a Build element to Build eelements +- ancestorOf: Describes a relationship from a Build element to Build elements that describe its child builds. -- decendentOf: Describes a relationship from a child Build element to its +- descendantOf: Describes a relationship from a child Build element to its parent. - usesTool: Describes a relationship from a Build element to a build tool. diff --git a/model/Build/Properties/buildType.md b/model/Build/Properties/buildType.md index 4d731d113..24c796b0e 100644 --- a/model/Build/Properties/buildType.md +++ b/model/Build/Properties/buildType.md @@ -18,7 +18,7 @@ elements, it means they are the same kind of build, but difference instances and possible with different configurations. If you are not using a well-known buildType, it should be namespaced to a -domain you own to prevent conflicts with other builtType IRIs. +domain you own to prevent conflicts with other buildType IRIs. Examples of a buildType might be: diff --git a/model/Core/Datatypes/MediaType.md b/model/Core/Datatypes/MediaType.md index 294bc7774..d7ffc249f 100644 --- a/model/Core/Datatypes/MediaType.md +++ b/model/Core/Datatypes/MediaType.md @@ -5,7 +5,7 @@ SPDX-License-Identifier: Community-Spec-1.0 ## Summary Standardized way of indicating the type of content of an Element or a Property. -A String constrained to the RFC 2046 specificiation. +A String constrained to the RFC 2046 specification. ## Description diff --git a/model/Core/Individuals/NoAssertionElement.md b/model/Core/Individuals/NoAssertionElement.md index bc7609f61..901348641 100644 --- a/model/Core/Individuals/NoAssertionElement.md +++ b/model/Core/Individuals/NoAssertionElement.md @@ -23,7 +23,7 @@ For example, a Relationship with and `to`=NoAssertionElement is explicitly expressing that -no assertion is being made about any potential descendents of Element1. +no assertion is being made about any potential descendants of Element1. ## Metadata diff --git a/model/Core/Individuals/NoneElement.md b/model/Core/Individuals/NoneElement.md index 0872c6845..d0764863e 100644 --- a/model/Core/Individuals/NoneElement.md +++ b/model/Core/Individuals/NoneElement.md @@ -17,7 +17,7 @@ For example, a Relationship with `from`=Element1, and `to`=NoneElement is explicitly expressing an assertion that -Element1 has no descendents. +Element1 has no descendants. ## Metadata diff --git a/model/Core/Individuals/SpdxOrganization.md b/model/Core/Individuals/SpdxOrganization.md index 42c880444..3d0d5a689 100644 --- a/model/Core/Individuals/SpdxOrganization.md +++ b/model/Core/Individuals/SpdxOrganization.md @@ -9,7 +9,8 @@ An Organization representing the SPDX Project. ## Description SpdxOrganization is an Organization representing the SPDX Project. -It is by definition the creator of all individuals defined by the SPDX Project. +It is by definition the creator of all Element type individuals defined by +the SPDX Project. These individuals include licences and exceptions defined in the SPDX License List, as well as individuals defined in the specification. diff --git a/model/Core/Properties/dataLicense.md b/model/Core/Properties/dataLicense.md index b23bcf78d..7197d9e6f 100644 --- a/model/Core/Properties/dataLicense.md +++ b/model/Core/Properties/dataLicense.md @@ -23,7 +23,6 @@ and the identification of the supplier of SPDX files. Compliance with this document includes populating the SPDX fields therein with data related to such fields ("SPDX-Metadata"). - This document contains numerous fields where an SPDX file creator may provide relevant explanatory text in SPDX-Metadata. Without opining on the lawfulness of "database rights" (in jurisdictions where applicable), diff --git a/model/Core/Properties/externalSpdxId.md b/model/Core/Properties/externalSpdxId.md index a669c1ba3..4c9148e6e 100644 --- a/model/Core/Properties/externalSpdxId.md +++ b/model/Core/Properties/externalSpdxId.md @@ -9,7 +9,7 @@ external to that SpdxDocument. ## Description -ExternalSpdxId identifies an external Element used within an SpdxDocument but +An externalSpdxId identifies an external Element used within an SpdxDocument but defined external to that SpdxDocument. ## Metadata diff --git a/model/Core/Properties/hashValue.md b/model/Core/Properties/hashValue.md index 02e3e1e7c..9bb688691 100644 --- a/model/Core/Properties/hashValue.md +++ b/model/Core/Properties/hashValue.md @@ -8,7 +8,7 @@ The result of applying a hash algorithm to an Element. ## Description -HashValue is the result of applying a hash algorithm to an Element. +A hashValue is the result of applying a hash algorithm to an Element. ## Metadata diff --git a/model/Core/Properties/import.md b/model/Core/Properties/import.md index c86c9c4a1..67e380d68 100644 --- a/model/Core/Properties/import.md +++ b/model/Core/Properties/import.md @@ -8,7 +8,7 @@ Provides an ExternalMap of Element identifiers. ## Description -Import provides an ExternalMap of an Element identifier that is used within a +An import provides an ExternalMap of an Element identifier that is used within a document but defined external to that document. ## Metadata diff --git a/model/Core/Properties/originatedBy.md b/model/Core/Properties/originatedBy.md index 84cb40b3d..c679dd504 100644 --- a/model/Core/Properties/originatedBy.md +++ b/model/Core/Properties/originatedBy.md @@ -8,7 +8,7 @@ Identifies from where or whom the Element originally came. ## Description -OriginatedBy identifies from where or whom the Element originally came. +An originatedBy identifies from where or whom the Element originally came. ## Metadata diff --git a/model/Core/Properties/spdxId.md b/model/Core/Properties/spdxId.md index 4ede652b5..fa3209411 100644 --- a/model/Core/Properties/spdxId.md +++ b/model/Core/Properties/spdxId.md @@ -8,7 +8,7 @@ Identifies an Element to be referenced by other Elements. ## Description -SpdxId uniquely identifies an Element which may thereby be referenced by other Elements. +An spdxId uniquely identifies an Element which may thereby be referenced by other Elements. These references may be internal or external. While there may be several versions of the same Element, each one needs to be able to be referred to uniquely so that relationships between Elements can be clearly articulated. diff --git a/model/Core/Properties/verifiedUsing.md b/model/Core/Properties/verifiedUsing.md index be95575f3..a8215c566 100644 --- a/model/Core/Properties/verifiedUsing.md +++ b/model/Core/Properties/verifiedUsing.md @@ -9,7 +9,7 @@ asserted. ## Description -VerifiedUsing provides an IntegrityMethod with which the integrity of an +A verifiedUsing provides an IntegrityMethod with which the integrity of an Element can be asserted. Please note that different profiles may also provide additional methods for diff --git a/model/Core/Vocabularies/AnnotationType.md b/model/Core/Vocabularies/AnnotationType.md index 942b2c979..59e08a80e 100644 --- a/model/Core/Vocabularies/AnnotationType.md +++ b/model/Core/Vocabularies/AnnotationType.md @@ -16,5 +16,5 @@ AnnotationType specifies the type of an annotation. ## Entries -- other: Used to store extra information about an Element which is not part of a Review (e.g. extra information provided during the creation of the Element). +- other: Used to store extra information about an Element which is not part of a review (e.g. extra information provided during the creation of the Element). - review: Used when someone reviews the Element. diff --git a/model/Core/Vocabularies/ExternalIdentifierType.md b/model/Core/Vocabularies/ExternalIdentifierType.md index e7bc8a2c9..ba77d8996 100644 --- a/model/Core/Vocabularies/ExternalIdentifierType.md +++ b/model/Core/Vocabularies/ExternalIdentifierType.md @@ -8,7 +8,7 @@ Specifies the type of an external identifier. ## Description -ExteralIdentifierType specifies the type of an external identifier. +ExternalIdentifierType specifies the type of an external identifier. ## Metadata diff --git a/model/Core/Vocabularies/RelationshipType.md b/model/Core/Vocabularies/RelationshipType.md index 2d7019ba4..21c0f60e0 100644 --- a/model/Core/Vocabularies/RelationshipType.md +++ b/model/Core/Vocabularies/RelationshipType.md @@ -73,7 +73,7 @@ name completes the sentence: - hasVariant: Every `to` Element is a variant the `from` Element (`from` hasVariant `to`). - invokedBy: The `from` Element was invoked by the `to` Agent, during a LifecycleScopeType period (for example, a Build element that describes a build step). - modifiedBy: The `from` Element is modified by each `to` Element. -- other: Every `to` Element is related to the `from` Element where the relationship type is not described by any of the SPDX relationhip types (this relationship is directionless). +- other: Every `to` Element is related to the `from` Element where the relationship type is not described by any of the SPDX relationship types (this relationship is directionless). - packagedBy: Every `to` Element is a packaged instance of the `from` Element (`from` packagedBy `to`). - patchedBy: Every `to` Element is a patch for the `from` Element (`from` patchedBy `to`). - publishedBy: Designates a `from` Vulnerability was made available for public use or reference by each `to` Agent. diff --git a/model/Dataset/Dataset.md b/model/Dataset/Dataset.md index f1f3e77e1..6585cae6a 100644 --- a/model/Dataset/Dataset.md +++ b/model/Dataset/Dataset.md @@ -24,9 +24,9 @@ the following has to hold: 1. for every `/Dataset/DatasetPackage` there MUST exist exactly one `/Core/Relationship` of type `hasConcludedLicense` having that element as its - `from` property and an `/SimpleLicensing/AnyLicenseInfo` as its `to` + `from` property and a `/SimpleLicensing/AnyLicenseInfo` as its `to` property. 2. for every `/Dataset/DatasetPackage` there MUST exist exactly one `/Core/Relationship` of type `hasDeclaredLicense` having that element as its - `from` property and an `/SimpleLicensing/AnyLicenseInfo` as its `to` + `from` property and a `/SimpleLicensing/AnyLicenseInfo` as its `to` property. diff --git a/model/Licensing/Licensing.md b/model/Licensing/Licensing.md index 21bf84991..701159077 100644 --- a/model/Licensing/Licensing.md +++ b/model/Licensing/Licensing.md @@ -119,5 +119,5 @@ the following has to hold: 1. for every `/Software/SoftwareArtifact` there MUST exist exactly one `/Core/Relationship` of type `hasConcludedLicense` having that element as - its `from` property and an `/SimpleLicensing/AnyLicenseInfo` as its `to` + its `from` property and a `/SimpleLicensing/AnyLicenseInfo` as its `to` property. diff --git a/model/Lite/Lite.md b/model/Lite/Lite.md index aa345bacd..327a2b32c 100644 --- a/model/Lite/Lite.md +++ b/model/Lite/Lite.md @@ -40,11 +40,11 @@ Additionally: 1. for every `/Software/Package` there MUST exist exactly one `/Core/Relationship` of type `hasConcludedLicense` having that element as - its `from` property and an `/SimpleLicensing/AnyLicenseInfo` as its `to` + its `from` property and a `/SimpleLicensing/AnyLicenseInfo` as its `to` property. 2. for every `/Software/Package` there MUST exist exactly one `/Core/Relationship` of type `hasDeclaredLicense` having that element as its - `from` property and an `/SimpleLicensing/AnyLicenseInfo` as its `to` + `from` property and a `/SimpleLicensing/AnyLicenseInfo` as its `to` property. For a `/Core/SpdxDocument` to be conformant with this profile, the following has to hold: diff --git a/model/Operations/Classes/ApplicationFacts.md b/model/Operations/Classes/ApplicationFacts.md new file mode 100644 index 000000000..3abc0c72e --- /dev/null +++ b/model/Operations/Classes/ApplicationFacts.md @@ -0,0 +1,100 @@ +SPDX-License-Identifier: Community-Spec-1.0 + +# ApplicationFacts + +## Summary + +The Application facts summarize the business context metadata of an application. An application may consist of one to n deliverables. + +## Description + +The Application Facts are collected all along the product lifecyle and contents may be updated when the product reaches a new phase. +``` + +## Metadata + +- name: ApplicationFacts +- SubclassOf: tbd +- Instantiability: Concrete + +## Properties + +- productOwner + - type: tbd + - minCount: 1 + - maxCount: 1 + +- documentationLink + - type: tbd + - minCount: 1 + - maxCount: 1 + +- productAccessURL + - type: tbd + - minCount: 1 + - maxCount: 1 + +- commentComment + - type: tbd + - minCount: 1 + - maxCount: 1 + +- distributedDeliverables + - type: tbd + - minCount: 1 + - maxCount: n + +- technicalDeploymnent + - type: tbd + - minCount: 1 + - maxCount: 1 + +- contact + - type: tbd + - minCount: 1 + - maxCount: 1 + +- scope + - type: tbd + - minCount: 1 + - maxCount: 1 + +- relationType + - type: tbd + - minCount: 1 + - maxCount: 1 + +- supplyChainContext + - type: tbd + - minCount: 1 + - maxCount: 1 + +- releaseCycles + - type: tbd + - minCount: 1 + - maxCount: 1 + +- fossComplianceBundelProvision + - type: tbd + - minCount: 1 + - maxCount: 1 + +- contractSetup + - type: tbd + - minCount: 1 + - maxCount: 1 + +- fossTermsTowardsCustomer + - type: tbd + - minCount: 1 + - maxCount: 1 + +- distributionTermsTowardsCustomer + - type: tbd + - minCount: 1 + - maxCount: 1 + +- customerFossContact + - type: tbd + - minCount: 1 + - maxCount: 1 \ No newline at end of file diff --git a/model/Operations/Classes/DeliverableFacts.md b/model/Operations/Classes/DeliverableFacts.md new file mode 100644 index 000000000..835ebf7db --- /dev/null +++ b/model/Operations/Classes/DeliverableFacts.md @@ -0,0 +1,136 @@ +SPDX-License-Identifier: Community-Spec-1.0 + +# DeliverableFacts + +## Summary + +A deliverable is a part of a product. The deliverable facts shall collect metadata that typically cannot be derived from the repository content. + +## Description + +The deliverable facts are collected and update in all deliverable lifecycle phases. So data could already collected in the architecture/design phase and then be updated along the furter development. The data might be needed to take design decisions and configure the environment. By having the structured explicit documentation, unnecessary iterations may be avoided. + +## Metadata + +- name: DeliverableFacts +- SubclassOf: tbd +- Instantiability: Concrete + +## Properties + +- programmingLanguage + - type: tbd + - minCount: 1 + - maxCount: n + +- dependencyManager + - type: tbd + - minCount: 1 + - maxCount: n + +- packageManager + - type: tbd + - minCount: 1 + - maxCount: n + +- environmentFramework + - type: tbd + - minCount: 1 + - maxCount: n + +- applicationCategory + - type: tbd + - minCount: 1 + - maxCount: 1 + +- applicationType + - type: tbd + - minCount: 1 + - maxCount: 1 + +- distributionMethod + - type: tbd + - minCount: 1 + - maxCount: 1 + +- operatingSystem + - type: tbd + - minCount: 1 + - maxCount: 1 + +- consistsOf + - type: tbd + - minCount: 1 + - maxCount: n + +- developedBy + - type: tbd + - minCount: 1 + - maxCount: n + +- contact + - type: tbd + - minCount: 1 + - maxCount: n + +- linkToArchitecture + - type: tbd + - minCount: 1 + - maxCount: 1 + +- osmConcept + - type: tbd + - minCount: 1 + - maxCount: 1 + +- fossComplianceBundleStorage + - type: tbd + - minCount: 1 + - maxCount: 1 + +- reviews + - type: tbd + - minCount: 1 + - maxCount: n + +- comment + - type: tbd + - minCount: 1 + - maxCount: n + +[//]: the parts below should be a class that can be instantiated 0:n + +- supplierDeliverableFacts + - type: tbd + - minCount: 1 + - maxCount: n + +- supplierName + - type: tbd + - minCount: 1 + - maxCount: n + +- deliverableFromSupplier + - type: tbd + - minCount: 1 + - maxCount: n + +- fossTermsTowardsSupplier + - type: tbd + - minCount: 1 + - maxCount: n + +- distributionTermsFromSupplier + - type: tbd + - minCount: 1 + - maxCount: n + +- fossComplianceBundleConsumption + - type: tbd + - minCount: 1 + - maxCount: n + +- supplierFossContact + - type: tbd + - minCount: 1 + - maxCount: n \ No newline at end of file diff --git a/model/Operations/Classes/Delivery.md b/model/Operations/Classes/Delivery.md new file mode 100644 index 000000000..c1dd870f7 --- /dev/null +++ b/model/Operations/Classes/Delivery.md @@ -0,0 +1,21 @@ +SPDX-License-Identifier: Community-Spec-1.0 + +# Delivery + +## Summary + +A Delivery consists of an application that may consist of one or several deliverables in a defined point of time (e.g. release) + +## Description + +tbd + +## Metadata + +- name: Delivery +- SubclassOf: tbd +- Instantiability: Concrete + +## Properties + +tbd diff --git a/model/Operations/Classes/SupplierDeliverableFacts.md b/model/Operations/Classes/SupplierDeliverableFacts.md new file mode 100644 index 000000000..c5b97c610 --- /dev/null +++ b/model/Operations/Classes/SupplierDeliverableFacts.md @@ -0,0 +1,21 @@ +SPDX-License-Identifier: Community-Spec-1.0 + +# SupplierDeliverableFacts + +## Summary + +tbd + +## Description + +tbd + +## Metadata + +- name: SupplierDeliverableFacts +- SubclassOf: tbd +- Instantiability: Concrete + +## Properties + +tbd \ No newline at end of file diff --git a/model/Operations/Properties/applicationCategory.md b/model/Operations/Properties/applicationCategory.md new file mode 100644 index 000000000..169dcc373 --- /dev/null +++ b/model/Operations/Properties/applicationCategory.md @@ -0,0 +1,17 @@ +SPDX-License-Identifier: Community-Spec-1.0 + +# applicationCategory + +## Summary + +intended way to distribute / deploy the application while development + +## Description + +intended way to distribute / deploy the application while development (e.g. hosted, distributed,...) + +## Metadata + +- name: applicationCategory +- Nature: DataProperty +- Range: xsd:string diff --git a/model/Operations/Properties/applicationFactsComment.md b/model/Operations/Properties/applicationFactsComment.md new file mode 100644 index 000000000..5fc1ecdf9 --- /dev/null +++ b/model/Operations/Properties/applicationFactsComment.md @@ -0,0 +1,17 @@ +SPDX-License-Identifier: Community-Spec-1.0 + +# applicationFactsComment + +## Summary + +Free comment about the application / service + +## Description + +... + +## Metadata + +- name: applicationFactsComment +- Nature: DataProperty +- Range: xsd:string diff --git a/model/Operations/Properties/applicationType.md b/model/Operations/Properties/applicationType.md new file mode 100644 index 000000000..2e6081063 --- /dev/null +++ b/model/Operations/Properties/applicationType.md @@ -0,0 +1,17 @@ +SPDX-License-Identifier: Community-Spec-1.0 + +# applicationType + +## Summary + +intended business case the application is developed for + +## Description + +intended business case the application is developed for (e.g. fat client, cloud service, ...) + +## Metadata + +- name: applicationType +- Nature: DataProperty +- Range: xsd:string diff --git a/model/Operations/Properties/consistsOf.md b/model/Operations/Properties/consistsOf.md new file mode 100644 index 000000000..d63324381 --- /dev/null +++ b/model/Operations/Properties/consistsOf.md @@ -0,0 +1,20 @@ +SPDX-License-Identifier: Community-Spec-1.0 + +# consistsOf + +## Summary + +high level list of components, the application (shall) consists of + +## Description + +at least the URL to the source code repository, if necessary +list intended additional external components and components from +third party suppliers (hint: this field is meant to be populated +in early or pre-development phase) + +## Metadata + +- name: consistsOf +- Nature: DataProperty +- Range: xsd:string diff --git a/model/Operations/Properties/contact.md b/model/Operations/Properties/contact.md new file mode 100644 index 000000000..379875748 --- /dev/null +++ b/model/Operations/Properties/contact.md @@ -0,0 +1,17 @@ +SPDX-License-Identifier: Community-Spec-1.0 + +# contact + +## Summary + +contact person of contact details for urgent incidents + +## Description + +... + +## Metadata + +- name: contact +- Nature: DataProperty +- Range: xsd:string diff --git a/model/Operations/Properties/contractSetup.md b/model/Operations/Properties/contractSetup.md new file mode 100644 index 000000000..9a976da40 --- /dev/null +++ b/model/Operations/Properties/contractSetup.md @@ -0,0 +1,17 @@ +SPDX-License-Identifier: Community-Spec-1.0 + +# contractSetup + +## Summary + +Setup of the application contract + +## Description + +This field describes the setup of the contract that is used to make the application available e.g. B2B, B2C, … + +## Metadata + +- name: contractSetup +- Nature: DataProperty +- Range: xsd:string diff --git a/model/Operations/Properties/deliverableComment.md b/model/Operations/Properties/deliverableComment.md new file mode 100644 index 000000000..ca672ce8f --- /dev/null +++ b/model/Operations/Properties/deliverableComment.md @@ -0,0 +1,17 @@ +SPDX-License-Identifier: Community-Spec-1.0 + +# deliverableComment + +## Summary + +Free comment about the deliverable + +## Description + +... + +## Metadata + +- name: deliverableComment +- Nature: DataProperty +- Range: xsd:string diff --git a/model/Operations/Properties/deliverableFromSupplier.md b/model/Operations/Properties/deliverableFromSupplier.md new file mode 100644 index 000000000..e55ffca10 --- /dev/null +++ b/model/Operations/Properties/deliverableFromSupplier.md @@ -0,0 +1,17 @@ +SPDX-License-Identifier: Community-Spec-1.0 + +# deliverableFromSupplier + +## Summary + +name or identifier of the deliverable provided by the supplier + +## Description + +... + +## Metadata + +- name: deliverableFromSupplier +- Nature: DataProperty +- Range: xsd:string diff --git a/model/Operations/Properties/deliverableReview.md b/model/Operations/Properties/deliverableReview.md new file mode 100644 index 000000000..eeb796211 --- /dev/null +++ b/model/Operations/Properties/deliverableReview.md @@ -0,0 +1,18 @@ +SPDX-License-Identifier: Community-Spec-1.0 + +# deliverableReview + +## Summary + +link to the latest reviews + +## Description + +link to the latest reviews (e.g. Open Source dependency review, snippet review, security review ,… ) +each different review may be added as separate item + +## Metadata + +- name: deliverableReview +- Nature: DataProperty +- Range: xsd:string diff --git a/model/Operations/Properties/dependencyManager.md b/model/Operations/Properties/dependencyManager.md new file mode 100644 index 000000000..6e8395305 --- /dev/null +++ b/model/Operations/Properties/dependencyManager.md @@ -0,0 +1,17 @@ +SPDX-License-Identifier: Community-Spec-1.0 + +# dependencyManager + +## Summary + +dependency manager used to build the deliverable + +## Description + +dependency manager used to build the deliverable (e.g. Maven, Gradle, …) + +## Metadata + +- name: dependencyManager +- Nature: DataProperty +- Range: xsd:string diff --git a/model/Operations/Properties/developedBy.md b/model/Operations/Properties/developedBy.md new file mode 100644 index 000000000..0ecb666fd --- /dev/null +++ b/model/Operations/Properties/developedBy.md @@ -0,0 +1,18 @@ +SPDX-License-Identifier: Community-Spec-1.0 + +# developedBy + +## Summary + +Entities that took part in the development of the deliverable + +## Description + +Entities that took part in the development of the deliverable +(e.g. development team or external third party) + +## Metadata + +- name: developedBy +- Nature: DataProperty +- Range: xsd:string diff --git a/model/Operations/Properties/distributedDeliverables.md b/model/Operations/Properties/distributedDeliverables.md new file mode 100644 index 000000000..bc081e090 --- /dev/null +++ b/model/Operations/Properties/distributedDeliverables.md @@ -0,0 +1,17 @@ +SPDX-License-Identifier: Community-Spec-1.0 + +# distributedDeliverables + +## Summary + +Overview list of the software deliverables that the "product" consists of + +## Description + +Overview list of the software deliverables that the "product" consists of (e.g. frontend + microservices etc.) + +## Metadata + +- name: distributedDeliverables +- Nature: DataProperty +- Range: xsd:string diff --git a/model/Operations/Properties/distributionMethod.md b/model/Operations/Properties/distributionMethod.md new file mode 100644 index 000000000..a39654173 --- /dev/null +++ b/model/Operations/Properties/distributionMethod.md @@ -0,0 +1,17 @@ +SPDX-License-Identifier: Community-Spec-1.0 + +# distributionMethod + +## Summary + +method how the developed deliverable is made available + +## Description + +method how the developed deliverable is made available (e.g. docker container, ...) + +## Metadata + +- name: distributionMethod +- Nature: DataProperty +- Range: xsd:string diff --git a/model/Operations/Properties/distributionTarget.md b/model/Operations/Properties/distributionTarget.md new file mode 100644 index 000000000..e5d4cbebe --- /dev/null +++ b/model/Operations/Properties/distributionTarget.md @@ -0,0 +1,17 @@ +SPDX-License-Identifier: Community-Spec-1.0 + +# distributionTarget + +## Summary + +Specification where the application/service is distributed to / deployed + +## Description + +Specification where the application/service is distributed to / deployed. E.g. in the cloud or shipped as device. + +## Metadata + +- name: distributionTarget +- Nature: DataProperty +- Range: xsd:string diff --git a/model/Operations/Properties/distributionTermsFromSupplier.md b/model/Operations/Properties/distributionTermsFromSupplier.md new file mode 100644 index 000000000..3bd7fca8d --- /dev/null +++ b/model/Operations/Properties/distributionTermsFromSupplier.md @@ -0,0 +1,18 @@ +SPDX-License-Identifier: Community-Spec-1.0 + +# distributionTermsFromSupplier + +## Summary + +Distribution Terms for Open Source Components agreed with the supplier + +## Description + +in case there are special project specific distribution conditions +agreed that may impact the Open Source Components, please provide here + +## Metadata + +- name: distributionTermsFromSupplier +- Nature: DataProperty +- Range: xsd:string diff --git a/model/Operations/Properties/distributionTermsTowardsCustomer.md b/model/Operations/Properties/distributionTermsTowardsCustomer.md new file mode 100644 index 000000000..f705d13ea --- /dev/null +++ b/model/Operations/Properties/distributionTermsTowardsCustomer.md @@ -0,0 +1,17 @@ +SPDX-License-Identifier: Community-Spec-1.0 + +# distributionTermsTowardsCustomer + +## Summary + +Distribution Terms for the provision of the application towards the customer + +## Description + +This field describes specific boundaries that are agreed with the customer for the provision of the application e.g. weekly deliveries + +## Metadata + +- name: distributionTermsTowardsCustomer +- Nature: DataProperty +- Range: xsd:string diff --git a/model/Operations/Properties/documentationLink.md b/model/Operations/Properties/documentationLink.md new file mode 100644 index 000000000..feca986c8 --- /dev/null +++ b/model/Operations/Properties/documentationLink.md @@ -0,0 +1,17 @@ +SPDX-License-Identifier: Community-Spec-1.0 + +# documentationLink + +## Summary + +URL of existing product documentation + +## Description + +... + +## Metadata + +- name: documentationLink +- Nature: DataProperty +- Range: xsd:string diff --git a/model/Operations/Properties/environmentFramework.md b/model/Operations/Properties/environmentFramework.md new file mode 100644 index 000000000..6fa5c3c79 --- /dev/null +++ b/model/Operations/Properties/environmentFramework.md @@ -0,0 +1,17 @@ +SPDX-License-Identifier: Community-Spec-1.0 + +# environmentFramework + +## Summary + +environment or framework used to implement the deliverable + +## Description + +environment or framework used to implement the deliverable (e.g. NodeJS,…) + +## Metadata + +- name: environmentFramework +- Nature: DataProperty +- Range: xsd:string diff --git a/model/Operations/Properties/fossComplianceBundleConsumption.md b/model/Operations/Properties/fossComplianceBundleConsumption.md new file mode 100644 index 000000000..9e796bdeb --- /dev/null +++ b/model/Operations/Properties/fossComplianceBundleConsumption.md @@ -0,0 +1,18 @@ +SPDX-License-Identifier: Community-Spec-1.0 + +# fossComplianceBundleConsumption + +## Summary + +Description how the FOSS Compliance Bundle is made available from the supplier + +## Description + +Description how the FOSS Compliance Bundle is made available from the supplier +e.g. 'FOSS Compliance Bundle included in Installation File' + +## Metadata + +- name: fossComplianceBundleConsumption +- Nature: DataProperty +- Range: xsd:string diff --git a/model/Operations/Properties/fossComplianceBundleProvision.md b/model/Operations/Properties/fossComplianceBundleProvision.md new file mode 100644 index 000000000..8e652c6c6 --- /dev/null +++ b/model/Operations/Properties/fossComplianceBundleProvision.md @@ -0,0 +1,17 @@ +SPDX-License-Identifier: Community-Spec-1.0 + +# fossComplianceBundleProvision + +## Summary + +Short summary in what way the FOSS Compliance Bundle is handed over downstream in the supply chain + +## Description + +... + +## Metadata + +- name: fossComplianceBundleProvision +- Nature: DataProperty +- Range: xsd:string diff --git a/model/Operations/Properties/fossTermsTowardsCustomer.md b/model/Operations/Properties/fossTermsTowardsCustomer.md new file mode 100644 index 000000000..62acb14e4 --- /dev/null +++ b/model/Operations/Properties/fossTermsTowardsCustomer.md @@ -0,0 +1,18 @@ +SPDX-License-Identifier: Community-Spec-1.0 + +# fossTermsTowardsCustomer + +## Summary + +FOSS Terms Towards Customer + +## Description + +This field describes additional boundaries for the provision of the application to the customer +e.g. special deny or allow lists + +## Metadata + +- name: fossTermsTowardsCustomer +- Nature: DataProperty +- Range: xsd:string diff --git a/model/Operations/Properties/fossTermsTowardsSupplier.md b/model/Operations/Properties/fossTermsTowardsSupplier.md new file mode 100644 index 000000000..fd80d81d0 --- /dev/null +++ b/model/Operations/Properties/fossTermsTowardsSupplier.md @@ -0,0 +1,18 @@ +SPDX-License-Identifier: Community-Spec-1.0 + +# fossTermsTowardsSupplier + +## Summary + +FOSS Terms agreed with the supplier + +## Description + +FOSS Terms agreed with the supplier +e.g. special deny or allow lists + +## Metadata + +- name: fossTermsTowardsSupplier +- Nature: DataProperty +- Range: xsd:string diff --git a/model/Operations/Properties/linkToArchitecture.md b/model/Operations/Properties/linkToArchitecture.md new file mode 100644 index 000000000..e515e2548 --- /dev/null +++ b/model/Operations/Properties/linkToArchitecture.md @@ -0,0 +1,17 @@ +SPDX-License-Identifier: Community-Spec-1.0 + +# linkToArchitecture + +## Summary + +link to architecture, if available + +## Description + +... + +## Metadata + +- name: linkToArchitecture +- Nature: DataProperty +- Range: xsd:string diff --git a/model/Operations/Properties/operatingSystem.md b/model/Operations/Properties/operatingSystem.md new file mode 100644 index 000000000..cebda22d3 --- /dev/null +++ b/model/Operations/Properties/operatingSystem.md @@ -0,0 +1,17 @@ +SPDX-License-Identifier: Community-Spec-1.0 + +# operatingSystem + +## Summary + +operating system that is used or the application is designed for + +## Description + +operating system that is used or the application is designed for + +## Metadata + +- name: operatingSystem +- Nature: DataProperty +- Range: xsd:string diff --git a/model/Operations/Properties/osmConcept.md b/model/Operations/Properties/osmConcept.md new file mode 100644 index 000000000..d3fc836cd --- /dev/null +++ b/model/Operations/Properties/osmConcept.md @@ -0,0 +1,17 @@ +SPDX-License-Identifier: Community-Spec-1.0 + +# osmConcept + +## Summary + +link to the used open source management concept or standard reference used while development + +## Description + +... + +## Metadata + +- name: osmConcept +- Nature: DataProperty +- Range: xsd:string diff --git a/model/Operations/Properties/packageManager.md b/model/Operations/Properties/packageManager.md new file mode 100644 index 000000000..3c8c70b95 --- /dev/null +++ b/model/Operations/Properties/packageManager.md @@ -0,0 +1,17 @@ +SPDX-License-Identifier: Community-Spec-1.0 + +# packageManager + +## Summary + +package manager used with or to build the deliverable + +## Description + +package manager used with or to build the deliverable (e.g. dpkg, …) + +## Metadata + +- name: packageManager +- Nature: DataProperty +- Range: xsd:string diff --git a/model/Operations/Properties/productAccessURL.md b/model/Operations/Properties/productAccessURL.md new file mode 100644 index 000000000..d436db2d4 --- /dev/null +++ b/model/Operations/Properties/productAccessURL.md @@ -0,0 +1,20 @@ +SPDX-License-Identifier: Community-Spec-1.0 + +# productAccessURL + +## Summary + +URL to access the product + +## Description + +URL to the Download-Location or to the Web-Access +in case the application is available in the network. +Field may be used to link to marketing product website +in case of a device. + +## Metadata + +- name: productAccessURL +- Nature: DataProperty +- Range: xsd:string diff --git a/model/Operations/Properties/productOwner.md b/model/Operations/Properties/productOwner.md new file mode 100644 index 000000000..382b0682b --- /dev/null +++ b/model/Operations/Properties/productOwner.md @@ -0,0 +1,17 @@ +SPDX-License-Identifier: Community-Spec-1.0 + +# productOwner + +## Summary + +Name of the application or service owner + +## Description + +... + +## Metadata + +- name: productOwner +- Nature: DataProperty +- Range: xsd:string diff --git a/model/Operations/Properties/programmingLanguage.md b/model/Operations/Properties/programmingLanguage.md new file mode 100644 index 000000000..7c19aa95a --- /dev/null +++ b/model/Operations/Properties/programmingLanguage.md @@ -0,0 +1,17 @@ +SPDX-License-Identifier: Community-Spec-1.0 + +# programmingLanguage + +## Summary + +programming language used to implement the deliverable + +## Description + +... + +## Metadata + +- name: programmingLanguage +- Nature: DataProperty +- Range: xsd:string diff --git a/model/Operations/Properties/relationType.md b/model/Operations/Properties/relationType.md new file mode 100644 index 000000000..598c4093f --- /dev/null +++ b/model/Operations/Properties/relationType.md @@ -0,0 +1,18 @@ +SPDX-License-Identifier: Community-Spec-1.0 + +# relationType + +## Summary + +Type of relation of the application towards (potential) users + +## Description + +This field describes if the application is only available to a single user or if it is available to several +e.g. one-to-one or one-to-many + +## Metadata + +- name: relationType +- Nature: DataProperty +- Range: xsd:string diff --git a/model/Operations/Properties/releaseCycles.md b/model/Operations/Properties/releaseCycles.md new file mode 100644 index 000000000..6535f7a01 --- /dev/null +++ b/model/Operations/Properties/releaseCycles.md @@ -0,0 +1,18 @@ +SPDX-License-Identifier: Community-Spec-1.0 + +# releaseCycles + +## Summary + +Release Cycles of the application + +## Description + +This field describes how often the application is released +e.g. nightly, weekly,… + +## Metadata + +- name: releaseCycles +- Nature: DataProperty +- Range: xsd:string diff --git a/model/Operations/Properties/scope.md b/model/Operations/Properties/scope.md new file mode 100644 index 000000000..845c14a92 --- /dev/null +++ b/model/Operations/Properties/scope.md @@ -0,0 +1,17 @@ +SPDX-License-Identifier: Community-Spec-1.0 + +# scope + +## Summary + +Scope of the application + +## Description + +This field describes if the application is used organization internal or external distribution/deployment + +## Metadata + +- name: scope +- Nature: DataProperty +- Range: xsd:string diff --git a/model/Operations/Properties/supplierDeliverableFactsComment.md b/model/Operations/Properties/supplierDeliverableFactsComment.md new file mode 100644 index 000000000..578dba62f --- /dev/null +++ b/model/Operations/Properties/supplierDeliverableFactsComment.md @@ -0,0 +1,17 @@ +SPDX-License-Identifier: Community-Spec-1.0 + +# supplierDeliverableFactsComment + +## Summary + +... + +## Description + +... + +## Metadata + +- name: supplierDeliverableFactsComment +- Nature: DataProperty +- Range: xsd:string diff --git a/model/Operations/Properties/supplierFossContact.md b/model/Operations/Properties/supplierFossContact.md new file mode 100644 index 000000000..627c2c9a3 --- /dev/null +++ b/model/Operations/Properties/supplierFossContact.md @@ -0,0 +1,17 @@ +SPDX-License-Identifier: Community-Spec-1.0 + +# supplierFossContact + +## Summary + +Contact person on supplier side in case urgent measures need to be taken + +## Description + +... + +## Metadata + +- name: supplierFossContact +- Nature: DataProperty +- Range: xsd:string diff --git a/model/Operations/Properties/supplierName.md b/model/Operations/Properties/supplierName.md new file mode 100644 index 000000000..45071f418 --- /dev/null +++ b/model/Operations/Properties/supplierName.md @@ -0,0 +1,17 @@ +SPDX-License-Identifier: Community-Spec-1.0 + +# supplierName + +## Summary + +name of the supplier + +## Description + +... + +## Metadata + +- name: supplierName +- Nature: DataProperty +- Range: xsd:string diff --git a/model/Operations/Properties/supplyChainContext.md b/model/Operations/Properties/supplyChainContext.md new file mode 100644 index 000000000..5c232cc53 --- /dev/null +++ b/model/Operations/Properties/supplyChainContext.md @@ -0,0 +1,18 @@ +SPDX-License-Identifier: Community-Spec-1.0 + +# supplyChainContext + +## Summary + +Context of the application in the supply chain + +## Description + +This field describes the nature of the application / application development +e.g. upstream/steward, tier2, tier1, OEM/manufacturer , … + +## Metadata + +- name: supplyChainContext +- Nature: DataProperty +- Range: xsd:string diff --git a/model/Operations/Properties/technicalDeployment.md b/model/Operations/Properties/technicalDeployment.md new file mode 100644 index 000000000..07fe6b27d --- /dev/null +++ b/model/Operations/Properties/technicalDeployment.md @@ -0,0 +1,17 @@ +SPDX-License-Identifier: Community-Spec-1.0 + +# technicalDeployment + +## Summary + +Entity in the supplychain that is technically deploying the application / distributing the software or the device containing the software + +## Description + +... + +## Metadata + +- name: technicalDeployment +- Nature: DataProperty +- Range: xsd:string diff --git a/model/Operations/Vocabularies/applicationType.md b/model/Operations/Vocabularies/applicationType.md new file mode 100644 index 000000000..e9304c59e --- /dev/null +++ b/model/Operations/Vocabularies/applicationType.md @@ -0,0 +1,31 @@ +SPDX-License-Identifier: Community-Spec-1.0 + +# applicationType + +## Summary + +The applicationType defines a list of known distribution/deployment contexts as central reference. + +## Description + +The field can be used to document the base, temporal, threat, or environmental +severity. + +## Metadata + +- name: applicationType + +## Entries + +- BT01 Embedded system and or application software in mass production: tbd +- BT02 Embedded application software in mass production with FOTA: tbd +- BT03 Embedded system software on smart devices with FOTA: tbd +- BT04 Embedded application software on smart devices with FOTA: tbd +- BT05 Client Application: tbd +- BT06 Web Application: The Software is typically provided on a web-server and is interacting with the user via a browser. +- BT07 Server-based system software: tbd +- BT08 Server-based application software: tbd +- BT09 Cloud Service on customer premise: tbd +- BT10 Cloud Service in the internet: tbd +- BT11 Open Source Development Services: tbd +- BT12 Source Code Sharing: tbd \ No newline at end of file diff --git a/model/Security/Classes/VexVulnAssessmentRelationship.md b/model/Security/Classes/VexVulnAssessmentRelationship.md index 9e76cfe4c..49644fb24 100644 --- a/model/Security/Classes/VexVulnAssessmentRelationship.md +++ b/model/Security/Classes/VexVulnAssessmentRelationship.md @@ -4,7 +4,7 @@ SPDX-License-Identifier: Community-Spec-1.0 ## Summary -Asbtract ancestor class for all VEX relationships +Abstract ancestor class for all VEX relationships ## Description @@ -17,10 +17,10 @@ When linking elements using a VexVulnAssessmentRelationship, the following requirements must be observed: - The from: end must be a /Security/Vulnerability classed element -- The to: end must point to elements representing the VEX _products_. +- The to: end must point to elements representing the VEX *products*. To specify a different element where the vulnerability was detected, the VEX -relationship can optionally specify _subcomponents_ using the assessedElement +relationship can optionally specify *subcomponents* using the assessedElement property. VEX inherits information from the document level down to its statements. When a diff --git a/model/Security/Properties/impactStatement.md b/model/Security/Properties/impactStatement.md index 7cb902190..89426a33c 100644 --- a/model/Security/Properties/impactStatement.md +++ b/model/Security/Properties/impactStatement.md @@ -12,7 +12,7 @@ justification label. When a VEX product element is related with a VexNotAffectedVulnAssessmentRelationship and a machine readable justification label is not provided, then an impactStatement -that further explains how or why the prouct(s) are not affected by the vulnerability +that further explains how or why the product(s) are not affected by the vulnerability must be provided. ## Metadata diff --git a/model/Software/Properties/additionalPurpose.md b/model/Software/Properties/additionalPurpose.md index f6debd276..3e6e94431 100644 --- a/model/Software/Properties/additionalPurpose.md +++ b/model/Software/Properties/additionalPurpose.md @@ -8,7 +8,7 @@ Provides additional purpose information of the software artifact. ## Description -Additional purpose provides information about the additional purposes of the +An additionalPurpose provides information about the additional purpose of the software artifact in addition to the primaryPurpose. ## Metadata diff --git a/model/Software/Properties/sourceInfo.md b/model/Software/Properties/sourceInfo.md index 620e54fd8..3b2284d24 100644 --- a/model/Software/Properties/sourceInfo.md +++ b/model/Software/Properties/sourceInfo.md @@ -9,7 +9,7 @@ about the origin of the package. ## Description -SourceInfo records any relevant background information or additional comments +A sourceInfo records any relevant background information or additional comments about the origin of the package. For example, this field might include comments indicating whether the package diff --git a/model/Software/Vocabularies/SoftwarePurpose.md b/model/Software/Vocabularies/SoftwarePurpose.md index 617b1adc7..ac495161e 100644 --- a/model/Software/Vocabularies/SoftwarePurpose.md +++ b/model/Software/Vocabularies/SoftwarePurpose.md @@ -23,32 +23,32 @@ conclusions about the context in which the Element exists. ## Entries -- application: the Element is a software application -- archive: the Element is an archived collection of one or more files (.tar, .zip, etc) -- bom: Element is a bill of materials -- configuration: Element is configuration data -- container: the Element is a container image which can be used by a container runtime application -- data: Element is data -- device: the Element refers to a chipset, processor, or electronic board -- diskImage: the Element refers to a disk image that can be written to a disk, booted in a VM, etc. A disk image typically contains most or all of the components necessary to boot, such as bootloaders, kernels, firmware, userspace, etc. -- deviceDriver: Element represents software that controls hardware devices -- documentation: Element is documentation -- evidence: the Element is the evidence that a specification or requirement has been fulfilled -- executable: Element is an Artifact that can be run on a computer -- file: the Element is a single file which can be independently distributed (configuration file, statically linked binary, Kubernetes deployment, etc) -- filesystemImage: the Element is a file system image that can be written to a disk (or virtual) partition -- firmware: the Element provides low level control over a device's hardware -- framework: the Element is a software framework -- install: the Element is used to install software on disk -- library: the Element is a software library -- manifest: the Element is a software manifest -- model: the Element is a machine learning or artificial intelligence model -- module: the Element is a module of a piece of software -- operatingSystem: the Element is an operating system -- other: the Element doesn't fit into any of the other categories -- patch: Element contains a set of changes to update, fix, or improve another Element -- platform: Element represents a runtime environment -- requirement: the Element provides a requirement needed as input for another Element -- source: the Element is a single or a collection of source files -- specification: the Element is a plan, guideline or strategy how to create, perform or analyse an application -- test: The Element is a test used to verify functionality on an software element +- application: The Element is a software application. +- archive: The Element is an archived collection of one or more files (.tar, .zip, etc.). +- bom: The Element is a bill of materials. +- configuration: The Element is configuration data. +- container: The Element is a container image which can be used by a container runtime application. +- data: The Element is data. +- device: The Element refers to a chipset, processor, or electronic board. +- diskImage: The Element refers to a disk image that can be written to a disk, booted in a VM, etc. A disk image typically contains most or all of the components necessary to boot, such as bootloaders, kernels, firmware, userspace, etc. +- deviceDriver: The Element represents software that controls hardware devices. +- documentation: The Element is documentation. +- evidence: The Element is the evidence that a specification or requirement has been fulfilled. +- executable: The Element is an Artifact that can be run on a computer. +- file: The Element is a single file which can be independently distributed (configuration file, statically linked binary, Kubernetes deployment, etc.). +- filesystemImage: The Element is a file system image that can be written to a disk (or virtual) partition. +- firmware: The Element provides low level control over a device's hardware. +- framework: The Element is a software framework. +- install: The Element is used to install software on disk. +- library: The Element is a software library. +- manifest: The Element is a software manifest. +- model: The Element is a machine learning or artificial intelligence model. +- module: The Element is a module of a piece of software. +- operatingSystem: The Element is an operating system. +- other: The Element doesn't fit into any of the other categories. +- patch: The Element contains a set of changes to update, fix, or improve another Element. +- platform: The Element represents a runtime environment. +- requirement: The Element provides a requirement needed as input for another Element. +- source: The Element is a single or a collection of source files. +- specification: The Element is a plan, guideline or strategy how to create, perform or analyze an application. +- test: The Element is a test used to verify functionality on an software element.