diff --git a/.gitignore b/.gitignore
index d82f5bc0d..65ae0fc39 100644
--- a/.gitignore
+++ b/.gitignore
@@ -41,3 +41,4 @@ pip-log.txt
.coverage.*
nosetests.xml
htmlcov
+dummy_path
diff --git a/CHANGELOG.md b/CHANGELOG.md
index f17ee022c..86247b2d7 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,5 +1,9 @@
# Changelog
+## v0.8.x (not yet released)
+
+* spdx3: Update model to v3.0.1
+
## v0.8.3 (2024-09-27)
### New features and changes
diff --git a/src/spdx_tools/spdx3/__init__.py b/src/spdx_tools/spdx3/__init__.py
index e69de29bb..131ab7732 100644
--- a/src/spdx_tools/spdx3/__init__.py
+++ b/src/spdx_tools/spdx3/__init__.py
@@ -0,0 +1,2 @@
+# SPDX-License-Identifier: Apache-2.0
+# SPDX-FileCopyrightText: 2024 The SPDX Contributors
diff --git a/src/spdx_tools/spdx3/bump_from_spdx2/__init__.py b/src/spdx_tools/spdx3/bump_from_spdx2/__init__.py
index e69de29bb..07daa1c35 100644
--- a/src/spdx_tools/spdx3/bump_from_spdx2/__init__.py
+++ b/src/spdx_tools/spdx3/bump_from_spdx2/__init__.py
@@ -0,0 +1,42 @@
+# SPDX-License-Identifier: Apache-2.0
+# SPDX-FileCopyrightText: 2024 The SPDX Contributors
+
+from .actor import bump_actor
+from .annotation import bump_annotation
+from .bump_utils import handle_no_assertion_or_none
+from .checksum import bump_checksum, convert_checksum_algorithm_to_hash_algorithm
+from .creation_info import bump_creation_info
+from .external_document_ref import bump_external_document_ref
+from .file import bump_file
+from .license_expression import (
+ bump_license_exception,
+ bump_license_expression,
+ bump_license_expression_or_none_or_no_assertion,
+)
+from .message import print_missing_conversion
+from .package import bump_package
+from .positive_integer_range import bump_positive_integer_range
+from .relationship import bump_relationship, bump_relationships
+from .snippet import bump_snippet
+from .spdx_document import bump_spdx_document
+
+__all__ = [
+ "convert_checksum_algorithm_to_hash_algorithm",
+ "bump_actor",
+ "bump_annotation",
+ "bump_checksum",
+ "bump_creation_info",
+ "bump_external_document_ref",
+ "bump_file",
+ "bump_license_exception",
+ "bump_license_expression",
+ "bump_license_expression_or_none_or_no_assertion",
+ "bump_package",
+ "bump_positive_integer_range",
+ "bump_relationship",
+ "bump_relationships",
+ "bump_snippet",
+ "bump_spdx_document",
+ "handle_no_assertion_or_none",
+ "print_missing_conversion",
+]
diff --git a/src/spdx_tools/spdx3/bump_from_spdx2/actor.py b/src/spdx_tools/spdx3/bump_from_spdx2/actor.py
index 3283bf11a..a11911072 100644
--- a/src/spdx_tools/spdx3/bump_from_spdx2/actor.py
+++ b/src/spdx_tools/spdx3/bump_from_spdx2/actor.py
@@ -5,26 +5,34 @@
from beartype.typing import List
-from spdx_tools.spdx3.model import CreationInfo, ExternalIdentifier, ExternalIdentifierType, Organization, Person, Tool
-from spdx_tools.spdx3.payload import Payload
from spdx_tools.spdx.model.actor import Actor as Spdx2_Actor
from spdx_tools.spdx.model.actor import ActorType
+from spdx_tools.spdx3.model.core import (
+ CreationInfo,
+ ExternalIdentifier,
+ ExternalIdentifierType,
+ Organization,
+ Person,
+ Tool,
+)
+from spdx_tools.spdx3.payload import Payload
def bump_actor(
spdx2_actor: Spdx2_Actor, payload: Payload, document_namespace: str, creation_info: Optional[CreationInfo] = None
) -> str:
+ spdx_id: str
name: str = spdx2_actor.name
- email: str = spdx2_actor.email
+ email: str = spdx2_actor.email if spdx2_actor.email is not None else ""
actor_type: ActorType = spdx2_actor.actor_type
external_identifiers: List[ExternalIdentifier] = []
name_without_whitespace = "".join(name.split())
if email:
external_identifiers.append(ExternalIdentifier(ExternalIdentifierType.EMAIL, email))
- spdx_id: str = f"{document_namespace}#SPDXRef-Actor-{name_without_whitespace}-{email}"
+ spdx_id = f"{document_namespace}#SPDXRef-Actor-{name_without_whitespace}-{email}"
else:
- spdx_id: str = f"{document_namespace}#SPDXRef-Actor-{name_without_whitespace}"
+ spdx_id = f"{document_namespace}#SPDXRef-Actor-{name_without_whitespace}"
if spdx_id in payload.get_full_map(): # the agent/tool already exists, so we don't need to create a new one
return spdx_id
diff --git a/src/spdx_tools/spdx3/bump_from_spdx2/annotation.py b/src/spdx_tools/spdx3/bump_from_spdx2/annotation.py
index bae61160c..fd831fcd3 100644
--- a/src/spdx_tools/spdx3/bump_from_spdx2/annotation.py
+++ b/src/spdx_tools/spdx3/bump_from_spdx2/annotation.py
@@ -3,12 +3,12 @@
# SPDX-License-Identifier: Apache-2.0
from copy import deepcopy
+from spdx_tools.spdx.model.actor import ActorType
+from spdx_tools.spdx.model.annotation import Annotation as Spdx2_Annotation
from spdx_tools.spdx3.bump_from_spdx2.actor import bump_actor
from spdx_tools.spdx3.bump_from_spdx2.message import print_missing_conversion
-from spdx_tools.spdx3.model import Annotation, AnnotationType, CreationInfo
+from spdx_tools.spdx3.model.core import Annotation, AnnotationType, CreationInfo
from spdx_tools.spdx3.payload import Payload
-from spdx_tools.spdx.model.actor import ActorType
-from spdx_tools.spdx.model.annotation import Annotation as Spdx2_Annotation
def bump_annotation(
diff --git a/src/spdx_tools/spdx3/bump_from_spdx2/bump_utils.py b/src/spdx_tools/spdx3/bump_from_spdx2/bump_utils.py
index f4b6a4bf9..1924b9f5b 100644
--- a/src/spdx_tools/spdx3/bump_from_spdx2/bump_utils.py
+++ b/src/spdx_tools/spdx3/bump_from_spdx2/bump_utils.py
@@ -15,3 +15,5 @@ def handle_no_assertion_or_none(field: Union[SpdxNone, SpdxNoAssertion, str], fi
return None
if isinstance(field, str):
return field
+
+ return None
diff --git a/src/spdx_tools/spdx3/bump_from_spdx2/checksum.py b/src/spdx_tools/spdx3/bump_from_spdx2/checksum.py
index ae056081f..d49953741 100644
--- a/src/spdx_tools/spdx3/bump_from_spdx2/checksum.py
+++ b/src/spdx_tools/spdx3/bump_from_spdx2/checksum.py
@@ -1,9 +1,9 @@
# SPDX-FileCopyrightText: 2023 spdx contributors
#
# SPDX-License-Identifier: Apache-2.0
-from spdx_tools.spdx3.model import Hash, HashAlgorithm
from spdx_tools.spdx.model.checksum import Checksum as Spdx2_Checksum
from spdx_tools.spdx.model.checksum import ChecksumAlgorithm
+from spdx_tools.spdx3.model.core import Hash, HashAlgorithm
def bump_checksum(spdx2_checksum: Spdx2_Checksum) -> Hash:
@@ -16,6 +16,4 @@ def bump_checksum(spdx2_checksum: Spdx2_Checksum) -> Hash:
def convert_checksum_algorithm_to_hash_algorithm(checksum_algorithm: ChecksumAlgorithm) -> HashAlgorithm:
if checksum_algorithm.name.startswith("BLAKE"):
return HashAlgorithm[checksum_algorithm.name.replace("_", "")]
- if checksum_algorithm == ChecksumAlgorithm.ADLER32:
- return HashAlgorithm.OTHER
return HashAlgorithm[checksum_algorithm.name]
diff --git a/src/spdx_tools/spdx3/bump_from_spdx2/creation_info.py b/src/spdx_tools/spdx3/bump_from_spdx2/creation_info.py
index 914d12226..fed5be87a 100644
--- a/src/spdx_tools/spdx3/bump_from_spdx2/creation_info.py
+++ b/src/spdx_tools/spdx3/bump_from_spdx2/creation_info.py
@@ -4,13 +4,17 @@
from beartype.typing import List
from semantic_version import Version
+from spdx_tools.spdx.model.actor import ActorType
+from spdx_tools.spdx.model.document import CreationInfo as Spdx2_CreationInfo
from spdx_tools.spdx3.bump_from_spdx2.actor import bump_actor
from spdx_tools.spdx3.bump_from_spdx2.external_document_ref import bump_external_document_ref
from spdx_tools.spdx3.bump_from_spdx2.message import print_missing_conversion
-from spdx_tools.spdx3.model import CreationInfo, ProfileIdentifierType, SpdxDocument
+from spdx_tools.spdx3.model.core import (
+ CreationInfo,
+ ProfileIdentifierType,
+ SpdxDocument,
+)
from spdx_tools.spdx3.payload import Payload
-from spdx_tools.spdx.model.actor import ActorType
-from spdx_tools.spdx.model.document import CreationInfo as Spdx2_CreationInfo
def bump_creation_info(spdx2_creation_info: Spdx2_CreationInfo, payload: Payload) -> SpdxDocument:
@@ -29,15 +33,15 @@ def bump_creation_info(spdx2_creation_info: Spdx2_CreationInfo, payload: Payload
if spdx2_creation_info.external_document_refs
else ([], [])
)
- namespaces = list(namespaces)
- imports = list(imports)
+ namespaces = list(namespaces) # namespaces from spdx2
+ imports = list(imports) # imports from spdx2
print_missing_conversion(
"creation_info.license_list_version",
0,
"part of licensing profile, " "https://github.com/spdx/spdx-3-model/issues/131",
)
creation_info = CreationInfo(
- spec_version=Version("3.0.0"),
+ spec_version=Version(major=3, minor=0, patch=1),
created=spdx2_creation_info.created,
created_by=[],
profile=[ProfileIdentifierType.CORE, ProfileIdentifierType.SOFTWARE, ProfileIdentifierType.LICENSING],
@@ -74,6 +78,6 @@ def bump_creation_info(spdx2_creation_info: Spdx2_CreationInfo, payload: Payload
comment=spdx2_creation_info.document_comment,
element=[],
root_element=[],
- imports=imports,
- namespaces=namespaces,
+ import_=imports,
+ namespace=namespaces,
)
diff --git a/src/spdx_tools/spdx3/bump_from_spdx2/external_document_ref.py b/src/spdx_tools/spdx3/bump_from_spdx2/external_document_ref.py
index 41360ffa4..3fd5df4c0 100644
--- a/src/spdx_tools/spdx3/bump_from_spdx2/external_document_ref.py
+++ b/src/spdx_tools/spdx3/bump_from_spdx2/external_document_ref.py
@@ -3,9 +3,9 @@
# SPDX-License-Identifier: Apache-2.0
from beartype.typing import List, Tuple
-from spdx_tools.spdx3.bump_from_spdx2.checksum import bump_checksum
-from spdx_tools.spdx3.model import ExternalMap, Hash, NamespaceMap
from spdx_tools.spdx.model.external_document_ref import ExternalDocumentRef
+from spdx_tools.spdx3.bump_from_spdx2.checksum import bump_checksum
+from spdx_tools.spdx3.model.core import ExternalMap, Hash, NamespaceMap
def bump_external_document_ref(external_document_ref: ExternalDocumentRef) -> Tuple[NamespaceMap, ExternalMap]:
diff --git a/src/spdx_tools/spdx3/bump_from_spdx2/file.py b/src/spdx_tools/spdx3/bump_from_spdx2/file.py
index 824f95a1f..eb7b6b1d1 100644
--- a/src/spdx_tools/spdx3/bump_from_spdx2/file.py
+++ b/src/spdx_tools/spdx3/bump_from_spdx2/file.py
@@ -3,14 +3,14 @@
# SPDX-License-Identifier: Apache-2.0
from beartype.typing import List
+from spdx_tools.spdx.model import ExternalDocumentRef, SpdxNoAssertion
+from spdx_tools.spdx.model.file import File as Spdx2_File
+from spdx_tools.spdx.spdx_element_utils import get_full_element_spdx_id
from spdx_tools.spdx3.bump_from_spdx2.checksum import bump_checksum
from spdx_tools.spdx3.bump_from_spdx2.message import print_missing_conversion
-from spdx_tools.spdx3.model import ExternalMap
+from spdx_tools.spdx3.model.core import ExternalMap
from spdx_tools.spdx3.model.software import File
from spdx_tools.spdx3.payload import Payload
-from spdx_tools.spdx.model import ExternalDocumentRef, SpdxNoAssertion
-from spdx_tools.spdx.model.file import File as Spdx2_File
-from spdx_tools.spdx.spdx_element_utils import get_full_element_spdx_id
def bump_file(
@@ -18,11 +18,11 @@ def bump_file(
payload: Payload,
document_namespace: str,
external_document_refs: List[ExternalDocumentRef],
- imports: List[ExternalMap],
+ import_: List[ExternalMap],
):
spdx_id = get_full_element_spdx_id(spdx2_file, document_namespace, external_document_refs)
if ":" in spdx2_file.spdx_id:
- imports.append(
+ import_.append(
ExternalMap(
external_id=spdx2_file.spdx_id,
defining_document=f"{spdx2_file.spdx_id.split(':')[0]}:SPDXRef-DOCUMENT",
diff --git a/src/spdx_tools/spdx3/bump_from_spdx2/license_expression.py b/src/spdx_tools/spdx3/bump_from_spdx2/license_expression.py
index de5f006d3..bdc4f3fa2 100644
--- a/src/spdx_tools/spdx3/bump_from_spdx2/license_expression.py
+++ b/src/spdx_tools/spdx3/bump_from_spdx2/license_expression.py
@@ -5,6 +5,7 @@
from license_expression import AND, OR, LicenseExpression, LicenseSymbol, LicenseWithExceptionSymbol
from spdx_tools.common.spdx_licensing import spdx_licensing
+from spdx_tools.spdx.model import ExtractedLicensingInfo, SpdxNoAssertion, SpdxNone
from spdx_tools.spdx3.model.licensing import (
AnyLicenseInfo,
ConjunctiveLicenseSet,
@@ -20,7 +21,6 @@
NoneLicense,
WithAdditionOperator,
)
-from spdx_tools.spdx.model import ExtractedLicensingInfo, SpdxNoAssertion, SpdxNone
def bump_license_expression_or_none_or_no_assertion(
diff --git a/src/spdx_tools/spdx3/bump_from_spdx2/package.py b/src/spdx_tools/spdx3/bump_from_spdx2/package.py
index 3d358babd..3f66523f8 100644
--- a/src/spdx_tools/spdx3/bump_from_spdx2/package.py
+++ b/src/spdx_tools/spdx3/bump_from_spdx2/package.py
@@ -3,24 +3,24 @@
# SPDX-License-Identifier: Apache-2.0
from beartype.typing import List, Optional, Union
+from spdx_tools.spdx.model import Actor as Spdx2_Actor
+from spdx_tools.spdx.model import ExternalDocumentRef, SpdxNoAssertion
+from spdx_tools.spdx.model.package import ExternalPackageRef
+from spdx_tools.spdx.model.package import Package as Spdx2_Package
+from spdx_tools.spdx.spdx_element_utils import get_full_element_spdx_id
from spdx_tools.spdx3.bump_from_spdx2.actor import bump_actor
from spdx_tools.spdx3.bump_from_spdx2.bump_utils import handle_no_assertion_or_none
from spdx_tools.spdx3.bump_from_spdx2.checksum import bump_checksum
from spdx_tools.spdx3.bump_from_spdx2.message import print_missing_conversion
-from spdx_tools.spdx3.model import (
+from spdx_tools.spdx3.model.core import (
ExternalIdentifier,
ExternalIdentifierType,
ExternalMap,
- ExternalReference,
- ExternalReferenceType,
+ ExternalRef,
+ ExternalRefType,
)
from spdx_tools.spdx3.model.software import Package, SoftwarePurpose
from spdx_tools.spdx3.payload import Payload
-from spdx_tools.spdx.model import Actor as Spdx2_Actor
-from spdx_tools.spdx.model import ExternalDocumentRef, SpdxNoAssertion
-from spdx_tools.spdx.model.package import ExternalPackageRef
-from spdx_tools.spdx.model.package import Package as Spdx2_Package
-from spdx_tools.spdx.spdx_element_utils import get_full_element_spdx_id
def bump_package(
@@ -28,11 +28,11 @@ def bump_package(
payload: Payload,
document_namespace: str,
external_document_refs: List[ExternalDocumentRef],
- imports: List[ExternalMap],
+ import_: List[ExternalMap],
):
spdx_id = get_full_element_spdx_id(spdx2_package, document_namespace, external_document_refs)
if ":" in spdx2_package.spdx_id:
- imports.append(
+ import_.append(
ExternalMap(
external_id=spdx2_package.spdx_id,
defining_document=f"{spdx2_package.spdx_id.split(':')[0]}:SPDXRef-DOCUMENT",
@@ -44,11 +44,11 @@ def bump_package(
if isinstance(spdx2_package.supplier, Spdx2_Actor):
supplied_by_spdx_id = [bump_actor(spdx2_package.supplier, payload, document_namespace)]
else:
- supplied_by_spdx_id = None
+ supplied_by_spdx_id = []
if isinstance(spdx2_package.originator, Spdx2_Actor):
originated_by_spdx_id = [bump_actor(spdx2_package.originator, payload, document_namespace)]
else:
- originated_by_spdx_id = None
+ originated_by_spdx_id = []
print_missing_conversion("package2.files_analyzed", 0, "https://github.com/spdx/spdx-3-model/issues/84")
print_missing_conversion(
"package2.verification_code", 1, "of IntegrityMethod, https://github.com/spdx/spdx-3-model/issues/85"
@@ -65,10 +65,10 @@ def bump_package(
"and missing definition of license profile",
)
- external_reference = []
+ external_ref = []
external_identifier = []
purl_refs = [
- external_ref for external_ref in spdx2_package.external_references if external_ref.reference_type == "purl"
+ purl_ref for purl_ref in spdx2_package.external_references if purl_ref.reference_type == "purl"
]
exactly_one_purl_without_comment = len(purl_refs) == 1 and purl_refs[0].comment is None
package_url = None
@@ -78,8 +78,8 @@ def bump_package(
if exactly_one_purl_without_comment and spdx2_external_ref.reference_type == "purl":
continue
id_or_ref = bump_external_package_ref(spdx2_external_ref)
- if isinstance(id_or_ref, ExternalReference):
- external_reference.append(id_or_ref)
+ if isinstance(id_or_ref, ExternalRef):
+ external_ref.append(id_or_ref)
elif isinstance(id_or_ref, ExternalIdentifier):
external_identifier.append(id_or_ref)
@@ -94,8 +94,8 @@ def bump_package(
summary=spdx2_package.summary,
description=spdx2_package.description,
comment=spdx2_package.comment,
- verified_using=integrity_methods,
- external_reference=external_reference,
+ verified_using=integrity_methods, # need SPDX 2 Hash -> SPDX 3 IntegrityMethod conversion here
+ external_ref=external_ref,
external_identifier=external_identifier,
originated_by=originated_by_spdx_id,
supplied_by=supplied_by_spdx_id,
@@ -106,7 +106,7 @@ def bump_package(
package_version=spdx2_package.version,
download_location=download_location,
package_url=package_url,
- homepage=spdx2_package.homepage,
+ home_page=spdx2_package.homepage,
source_info=spdx2_package.source_info,
copyright_text=copyright_text,
attribution_text=", ".join(spdx2_package.attribution_texts),
@@ -115,25 +115,25 @@ def bump_package(
external_ref_type_map = {
+ "advisory": ExternalRefType.SECURITY_ADVISORY,
+ "bower": None,
"cpe22Type": ExternalIdentifierType.CPE22,
"cpe23Type": ExternalIdentifierType.CPE23,
- "advisory": ExternalReferenceType.SECURITY_ADVISORY,
- "fix": ExternalReferenceType.SECURITY_FIX,
- "url": None,
- "swid": ExternalIdentifierType.SWID,
+ "fix": ExternalRefType.SECURITY_FIX,
+ "gitoid": ExternalIdentifierType.GITOID,
"maven-central": None,
"npm": None,
"nuget": None,
- "bower": None,
- "purl": ExternalIdentifierType.PURL,
+ "purl": ExternalIdentifierType.PACKAGE_URL,
"swh": ExternalIdentifierType.SWHID,
- "gitoid": ExternalIdentifierType.GITOID,
+ "swid": ExternalIdentifierType.SWID,
+ "url": ExternalIdentifierType.URL_SCHEME,
}
def bump_external_package_ref(
spdx2_external_ref: ExternalPackageRef,
-) -> Optional[Union[ExternalReference, ExternalIdentifier]]:
+) -> Optional[Union[ExternalRef, ExternalIdentifier]]:
reference_type = spdx2_external_ref.reference_type
locator = spdx2_external_ref.locator
comment = spdx2_external_ref.comment
@@ -149,7 +149,9 @@ def bump_external_package_ref(
id_or_ref_type = external_ref_type_map[reference_type]
- if isinstance(id_or_ref_type, ExternalReferenceType):
- return ExternalReference(id_or_ref_type, [locator], None, comment)
+ if isinstance(id_or_ref_type, ExternalRefType):
+ return ExternalRef(id_or_ref_type, [locator], None, comment)
elif isinstance(id_or_ref_type, ExternalIdentifierType):
return ExternalIdentifier(id_or_ref_type, locator, comment)
+
+ return None
diff --git a/src/spdx_tools/spdx3/bump_from_spdx2/positive_integer_range.py b/src/spdx_tools/spdx3/bump_from_spdx2/positive_integer_range.py
new file mode 100644
index 000000000..0804a6943
--- /dev/null
+++ b/src/spdx_tools/spdx3/bump_from_spdx2/positive_integer_range.py
@@ -0,0 +1,6 @@
+from beartype.typing import Optional, Tuple
+
+from spdx_tools.spdx3.model.core import PositiveIntegerRange
+
+def bump_positive_integer_range(spdx2_range: Optional[Tuple[int, int]]) -> PositiveIntegerRange:
+ return PositiveIntegerRange(spdx2_range[0], spdx2_range[1]) if spdx2_range else None
diff --git a/src/spdx_tools/spdx3/bump_from_spdx2/relationship.py b/src/spdx_tools/spdx3/bump_from_spdx2/relationship.py
index 918cbdafb..854c8a70b 100644
--- a/src/spdx_tools/spdx3/bump_from_spdx2/relationship.py
+++ b/src/spdx_tools/spdx3/bump_from_spdx2/relationship.py
@@ -6,146 +6,279 @@
from beartype.typing import Dict, List, Optional, Tuple, Union
+from spdx_tools.spdx.model.relationship import Relationship as Spdx2_Relationship
+from spdx_tools.spdx.model.relationship import RelationshipType as Spdx2_RelationshipType
+from spdx_tools.spdx.model.spdx_no_assertion import SpdxNoAssertion
+from spdx_tools.spdx.model.spdx_none import SpdxNone
from spdx_tools.spdx3.bump_from_spdx2.message import print_missing_conversion
-from spdx_tools.spdx3.model import LifecycleScopeType, Relationship, RelationshipCompleteness, RelationshipType
+from spdx_tools.spdx3.model.core import (
+ LifecycleScopeType,
+ Relationship,
+ RelationshipCompleteness,
+ RelationshipType,
+)
from spdx_tools.spdx3.model.software import (
DependencyConditionalityType,
SoftwareDependencyLinkType,
SoftwareDependencyRelationship,
)
from spdx_tools.spdx3.payload import Payload
-from spdx_tools.spdx.model.relationship import Relationship as Spdx2_Relationship
-from spdx_tools.spdx.model.relationship import RelationshipType as Spdx2_RelationshipType
-from spdx_tools.spdx.model.spdx_no_assertion import SpdxNoAssertion
-from spdx_tools.spdx.model.spdx_none import SpdxNone
# bump relationship type, map each relationship type to the corresponding class in 3.0,
# the relationship type, other arguments and if swapped
relationship_mapping: Dict[
Spdx2_RelationshipType,
Tuple[
- Union[Relationship, SoftwareDependencyRelationship],
+ Union[type[Relationship], type[SoftwareDependencyRelationship]],
RelationshipType,
- Dict[str, Union[bool, LifecycleScopeType, SoftwareDependencyLinkType, DependencyConditionalityType]],
+ Dict[
+ str,
+ Union[
+ bool,
+ DependencyConditionalityType,
+ LifecycleScopeType,
+ SoftwareDependencyLinkType,
+ ],
+ ],
],
] = {
- Spdx2_RelationshipType.AMENDS: (Relationship, RelationshipType.AMENDS, {}),
- Spdx2_RelationshipType.ANCESTOR_OF: (Relationship, RelationshipType.ANCESTOR, {}),
+ Spdx2_RelationshipType.AMENDS: (
+ Relationship,
+ RelationshipType.AMENDED_BY,
+ {"swap": True},
+ ),
+ Spdx2_RelationshipType.ANCESTOR_OF: (
+ Relationship,
+ RelationshipType.ANCESTOR_OF,
+ {},
+ ),
Spdx2_RelationshipType.BUILD_DEPENDENCY_OF: (
SoftwareDependencyRelationship,
RelationshipType.DEPENDS_ON,
{
+ "swap": True,
"scope": LifecycleScopeType.BUILD,
"linkage": SoftwareDependencyLinkType.TOOL,
},
),
Spdx2_RelationshipType.BUILD_TOOL_OF: (
SoftwareDependencyRelationship,
- RelationshipType.DEPENDS_ON,
- {"scope": LifecycleScopeType.BUILD, "linkage": SoftwareDependencyLinkType.TOOL},
+ RelationshipType.USES_TOOL,
+ {
+ "swap": True,
+ "scope": LifecycleScopeType.BUILD,
+ "linkage": SoftwareDependencyLinkType.TOOL,
+ },
+ ),
+ Spdx2_RelationshipType.CONTAINED_BY: (
+ Relationship,
+ RelationshipType.CONTAINS,
+ {"swap": True},
),
- Spdx2_RelationshipType.CONTAINED_BY: (Relationship, RelationshipType.CONTAINS, {"swap": True}),
Spdx2_RelationshipType.CONTAINS: (
Relationship,
RelationshipType.CONTAINS,
{},
- ), # might be deleted in favor of depends on
- Spdx2_RelationshipType.COPY_OF: (Relationship, RelationshipType.COPY, {}),
- Spdx2_RelationshipType.DATA_FILE_OF: (None, None, {}), # not defined, probably input/ output
+ ),
+ Spdx2_RelationshipType.COPY_OF: (
+ Relationship,
+ RelationshipType.COPIED_TO,
+ {"swap": True},
+ ),
+ Spdx2_RelationshipType.DATA_FILE_OF: (
+ Relationship,
+ RelationshipType.HAS_DATA_FILE,
+ {"swap": True},
+ ),
Spdx2_RelationshipType.DEPENDENCY_MANIFEST_OF: (
SoftwareDependencyRelationship,
- RelationshipType.DEPENDS_ON,
- {},
+ RelationshipType.HAS_DEPENDENCY_MANIFEST,
+ {"swap": True},
), # "expect purpose has been set to manifest"
Spdx2_RelationshipType.DEPENDENCY_OF: (
SoftwareDependencyRelationship,
RelationshipType.DEPENDS_ON,
{"swap": True},
),
- Spdx2_RelationshipType.DEPENDS_ON: (SoftwareDependencyRelationship, RelationshipType.DEPENDS_ON, {}),
- Spdx2_RelationshipType.DESCENDANT_OF: (Relationship, RelationshipType.ANCESTOR, {"swap": True}),
- Spdx2_RelationshipType.DESCRIBED_BY: (Relationship, RelationshipType.DESCRIBES, {"swap": True}),
+ Spdx2_RelationshipType.DEPENDS_ON: (
+ SoftwareDependencyRelationship,
+ RelationshipType.DEPENDS_ON,
+ {},
+ ),
+ Spdx2_RelationshipType.DESCENDANT_OF: (
+ Relationship,
+ RelationshipType.DESCENDANT_OF,
+ {},
+ ),
+ Spdx2_RelationshipType.DESCRIBED_BY: (
+ Relationship,
+ RelationshipType.DESCRIBES,
+ {"swap": True},
+ ),
Spdx2_RelationshipType.DESCRIBES: (
Relationship,
RelationshipType.DESCRIBES,
{},
- ), # might be deleted in favor of root
- # property
+ ),
Spdx2_RelationshipType.DEV_DEPENDENCY_OF: (
SoftwareDependencyRelationship,
RelationshipType.DEPENDS_ON,
- {"scope": LifecycleScopeType.DEVELOPMENT},
+ {"swap": True, "scope": LifecycleScopeType.DEVELOPMENT},
),
Spdx2_RelationshipType.DEV_TOOL_OF: (
SoftwareDependencyRelationship,
- RelationshipType.DEPENDS_ON,
- {"scope": LifecycleScopeType.DEVELOPMENT, "linkage": SoftwareDependencyLinkType.TOOL},
+ RelationshipType.USES_TOOL,
+ {
+ "swap": True,
+ "scope": LifecycleScopeType.DEVELOPMENT,
+ "linkage": SoftwareDependencyLinkType.TOOL,
+ },
+ ),
+ Spdx2_RelationshipType.DISTRIBUTION_ARTIFACT: (
+ Relationship,
+ RelationshipType.HAS_DISTRIBUTION_ARTIFACT,
+ {},
+ ),
+ Spdx2_RelationshipType.DOCUMENTATION_OF: (
+ Relationship,
+ RelationshipType.HAS_DOCUMENTATION,
+ {"swap": True},
),
- Spdx2_RelationshipType.DISTRIBUTION_ARTIFACT: (None, None, {}), # not defined yet, purpose?
- Spdx2_RelationshipType.DOCUMENTATION_OF: (Relationship, RelationshipType.DOCUMENTATION, {}),
Spdx2_RelationshipType.DYNAMIC_LINK: (
SoftwareDependencyRelationship,
- RelationshipType.DEPENDS_ON,
- {"linkage": SoftwareDependencyLinkType.DYNAMIC},
- ),
- Spdx2_RelationshipType.EXAMPLE_OF: (Relationship, RelationshipType.EXAMPLE, {}),
- Spdx2_RelationshipType.EXPANDED_FROM_ARCHIVE: (Relationship, RelationshipType.EXPANDED_FROM_ARCHIVE, {}),
- Spdx2_RelationshipType.FILE_ADDED: (Relationship, RelationshipType.FILE_ADDED, {}),
- Spdx2_RelationshipType.FILE_DELETED: (Relationship, RelationshipType.FILE_DELETED, {}),
- Spdx2_RelationshipType.FILE_MODIFIED: (Relationship, RelationshipType.FILE_MODIFIED, {}),
- Spdx2_RelationshipType.GENERATED_FROM: (Relationship, RelationshipType.GENERATES, {"swap": True}),
+ RelationshipType.HAS_DYNAMIC_LINK,
+ {"swap": True, "linkage": SoftwareDependencyLinkType.DYNAMIC},
+ ),
+ Spdx2_RelationshipType.EXAMPLE_OF: (
+ Relationship,
+ RelationshipType.HAS_EXAMPLE,
+ {"swap": True},
+ ),
+ Spdx2_RelationshipType.EXPANDED_FROM_ARCHIVE: (
+ Relationship,
+ RelationshipType.EXPANDS_TO,
+ {"swap": True},
+ ),
+ Spdx2_RelationshipType.FILE_ADDED: (
+ Relationship,
+ RelationshipType.HAS_ADDED_FILE,
+ {"swap": True},
+ ),
+ Spdx2_RelationshipType.FILE_DELETED: (
+ Relationship,
+ RelationshipType.HAS_DELETED_FILE,
+ {"swap": True},
+ ),
+ Spdx2_RelationshipType.FILE_MODIFIED: (
+ Relationship,
+ RelationshipType.MODIFIED_BY,
+ {},
+ ),
+ Spdx2_RelationshipType.GENERATED_FROM: (
+ Relationship,
+ RelationshipType.GENERATES,
+ {"swap": True},
+ ),
Spdx2_RelationshipType.GENERATES: (Relationship, RelationshipType.GENERATES, {}),
Spdx2_RelationshipType.HAS_PREREQUISITE: (
SoftwareDependencyRelationship,
- RelationshipType.DEPENDS_ON,
+ RelationshipType.HAS_PREREQUISITE,
{"conditionality": DependencyConditionalityType.PREREQUISITE},
),
- Spdx2_RelationshipType.METAFILE_OF: (Relationship, RelationshipType.METAFILE, {}),
- Spdx2_RelationshipType.OPTIONAL_COMPONENT_OF: (None, None, {}), # converted to depends on and purpose? not clear
+ Spdx2_RelationshipType.METAFILE_OF: (
+ Relationship,
+ RelationshipType.HAS_METADATA,
+ {"swap": True},
+ ),
+ Spdx2_RelationshipType.OPTIONAL_COMPONENT_OF: (
+ Relationship,
+ RelationshipType.HAS_OPTIONAL_COMPONENT,
+ {"swap": True},
+ ),
Spdx2_RelationshipType.OPTIONAL_DEPENDENCY_OF: (
SoftwareDependencyRelationship,
- RelationshipType.DEPENDS_ON,
- {"conditionality": DependencyConditionalityType.OPTIONAL},
+ RelationshipType.HAS_OPTIONAL_DEPENDENCY,
+ {"swap": True, "conditionality": DependencyConditionalityType.OPTIONAL},
),
Spdx2_RelationshipType.OTHER: (Relationship, RelationshipType.OTHER, {}),
- Spdx2_RelationshipType.PACKAGE_OF: (SoftwareDependencyRelationship, RelationshipType.DEPENDS_ON, {}),
- Spdx2_RelationshipType.PATCH_APPLIED: (Relationship, RelationshipType.PATCH, {"swap": True}),
- Spdx2_RelationshipType.PATCH_FOR: (Relationship, RelationshipType.PATCH, {}),
+ Spdx2_RelationshipType.PACKAGE_OF: (
+ SoftwareDependencyRelationship,
+ RelationshipType.PACKAGED_BY,
+ {"swap": True},
+ ),
+ Spdx2_RelationshipType.PATCH_APPLIED: (
+ Relationship,
+ RelationshipType.PATCHED_BY,
+ {"swap": True},
+ ),
+ Spdx2_RelationshipType.PATCH_FOR: (
+ Relationship,
+ RelationshipType.PATCHED_BY,
+ {"swap": True},
+ ),
Spdx2_RelationshipType.PREREQUISITE_FOR: (
SoftwareDependencyRelationship,
- RelationshipType.DEPENDS_ON,
- {"conditionality": DependencyConditionalityType.PREREQUISITE},
+ RelationshipType.HAS_PREREQUISITE,
+ {"swap": True, "conditionality": DependencyConditionalityType.PREREQUISITE},
),
Spdx2_RelationshipType.PROVIDED_DEPENDENCY_OF: (
SoftwareDependencyRelationship,
- RelationshipType.DEPENDS_ON,
- {"scope": LifecycleScopeType.BUILD, "conditionality": DependencyConditionalityType.PROVIDED},
+ RelationshipType.HAS_PROVIDED_DEPENDENCY,
+ {
+ "swap": True,
+ "scope": LifecycleScopeType.BUILD,
+ "conditionality": DependencyConditionalityType.PROVIDED,
+ },
+ ),
+ Spdx2_RelationshipType.REQUIREMENT_DESCRIPTION_FOR: (
+ Relationship,
+ RelationshipType.HAS_REQUIREMENT,
+ {"swap": True},
),
Spdx2_RelationshipType.RUNTIME_DEPENDENCY_OF: (
SoftwareDependencyRelationship,
RelationshipType.DEPENDS_ON,
- {"scope": LifecycleScopeType.RUNTIME},
+ {"swap": True, "scope": LifecycleScopeType.RUNTIME},
+ ),
+ Spdx2_RelationshipType.SPECIFICATION_FOR: (
+ Relationship,
+ RelationshipType.HAS_SPECIFICATION,
+ {"swap": True},
),
Spdx2_RelationshipType.STATIC_LINK: (
SoftwareDependencyRelationship,
- RelationshipType.DEPENDS_ON,
+ RelationshipType.HAS_STATIC_LINK,
{"linkage": SoftwareDependencyLinkType.STATIC},
),
- Spdx2_RelationshipType.TEST_CASE_OF: (Relationship, RelationshipType.TEST_CASE, {}),
+ Spdx2_RelationshipType.TEST_CASE_OF: (
+ Relationship,
+ RelationshipType.HAS_TEST_CASE,
+ {"swap": True},
+ ),
Spdx2_RelationshipType.TEST_DEPENDENCY_OF: (
SoftwareDependencyRelationship,
RelationshipType.DEPENDS_ON,
- {"scope": LifecycleScopeType.TEST},
+ {"swap": True, "scope": LifecycleScopeType.TEST},
+ ),
+ Spdx2_RelationshipType.TEST_OF: (
+ Relationship,
+ RelationshipType.HAS_TEST,
+ {"swap": True},
),
- Spdx2_RelationshipType.TEST_OF: (Relationship, RelationshipType.TEST, {}),
Spdx2_RelationshipType.TEST_TOOL_OF: (
SoftwareDependencyRelationship,
- RelationshipType.DEPENDS_ON,
- {"scope": LifecycleScopeType.TEST, "linkage": SoftwareDependencyLinkType.TOOL},
+ RelationshipType.USES_TOOL,
+ {
+ "swap": True,
+ "scope": LifecycleScopeType.TEST,
+ "linkage": SoftwareDependencyLinkType.TOOL,
+ },
+ ),
+ Spdx2_RelationshipType.VARIANT_OF: (
+ Relationship,
+ RelationshipType.HAS_VARIANT,
+ {"swap": True},
),
- Spdx2_RelationshipType.VARIANT_OF: (Relationship, RelationshipType.VARIANT, {}),
- Spdx2_RelationshipType.REQUIREMENT_DESCRIPTION_FOR: (Relationship, RelationshipType.REQUIREMENT_FOR, {}),
- Spdx2_RelationshipType.SPECIFICATION_FOR: (Relationship, RelationshipType.SPECIFICATION_FOR, {}),
}
@@ -156,7 +289,9 @@ def bump_relationships(
):
generated_relationships: Dict[Tuple[str, str], List[Relationship]] = {}
for counter, spdx2_relationship in enumerate(spdx2_relationships):
- relationship = bump_relationship(spdx2_relationship, document_namespace, counter)
+ relationship = bump_relationship(
+ spdx2_relationship, document_namespace, counter
+ )
if relationship:
generated_relationships.setdefault(
(relationship.from_element, relationship.relationship_type.name), []
@@ -174,9 +309,13 @@ def bump_relationship(
document_namespace: str,
counter: int,
) -> Optional[Union[Relationship, SoftwareDependencyRelationship]]:
- completeness, to = determine_completeness_and_to(spdx2_relationship.related_spdx_element_id)
+ completeness, to = determine_completeness_and_to(
+ spdx2_relationship.related_spdx_element_id
+ )
spdx_id = "#".join([document_namespace, f"SPDXRef-Relationship-{counter}"])
- relationship_class, relationship_type, parameters = relationship_mapping[spdx2_relationship.relationship_type]
+ relationship_class, relationship_type, parameters = relationship_mapping[
+ spdx2_relationship.relationship_type
+ ]
if relationship_class is None:
print_missing_conversion(spdx2_relationship.relationship_type.name, 0)
return
@@ -195,6 +334,16 @@ def bump_relationship(
if relationship_class == SoftwareDependencyRelationship:
from_element = spdx2_relationship.spdx_element_id
+ software_linkage = (
+ SoftwareDependencyLinkType(parameters.get("linkage"))
+ if parameters.get("linkage")
+ else None
+ )
+ conditionality = (
+ DependencyConditionalityType(parameters.get("conditionality"))
+ if parameters.get("conditionality")
+ else None
+ )
return SoftwareDependencyRelationship(
spdx_id,
f"{document_namespace}#{from_element}",
@@ -203,8 +352,8 @@ def bump_relationship(
comment=spdx2_relationship.comment,
completeness=completeness,
scope=parameters.get("scope"),
- software_linkage=parameters.get("linkage"),
- conditionality=parameters.get("conditionality"),
+ software_linkage=software_linkage,
+ conditionality=conditionality,
)
return Relationship(
@@ -218,11 +367,11 @@ def bump_relationship(
def determine_completeness_and_to(
- related_spdx_element_id: Union[str, SpdxNone, SpdxNoAssertion]
+ related_spdx_element_id: Union[str, SpdxNone, SpdxNoAssertion],
) -> Tuple[Optional[RelationshipCompleteness], List[str]]:
if isinstance(related_spdx_element_id, SpdxNoAssertion):
- completeness = RelationshipCompleteness.NOASSERTION
- to = []
+ completeness = RelationshipCompleteness.NO_ASSERTION
+ to: List[str] = []
elif isinstance(related_spdx_element_id, SpdxNone):
completeness = RelationshipCompleteness.COMPLETE
to = []
@@ -232,7 +381,9 @@ def determine_completeness_and_to(
return completeness, to
-def _merge_relationships_and_add_to_payload(relationships: List[Relationship], payload: Payload):
+def _merge_relationships_and_add_to_payload(
+ relationships: List[Relationship], payload: Payload
+):
to = []
completeness = None
spdx_id = None
@@ -244,7 +395,8 @@ def _merge_relationships_and_add_to_payload(relationships: List[Relationship], p
if merged_relationship.completeness:
if completeness and completeness != merged_relationship.completeness:
logging.warning(
- f"Contradicting information about completeness of relationship: {merged_relationship}", sys.stderr
+ f"Contradicting information about completeness of relationship: {merged_relationship}",
+ sys.stderr,
)
else:
completeness = merged_relationship.completeness
diff --git a/src/spdx_tools/spdx3/bump_from_spdx2/snippet.py b/src/spdx_tools/spdx3/bump_from_spdx2/snippet.py
index b052511c1..ecf0e185e 100644
--- a/src/spdx_tools/spdx3/bump_from_spdx2/snippet.py
+++ b/src/spdx_tools/spdx3/bump_from_spdx2/snippet.py
@@ -1,20 +1,16 @@
# SPDX-FileCopyrightText: 2023 spdx contributors
#
# SPDX-License-Identifier: Apache-2.0
-from beartype.typing import List, Optional, Tuple
+from beartype.typing import List
-from spdx_tools.spdx3.bump_from_spdx2.message import print_missing_conversion
-from spdx_tools.spdx3.model import ExternalMap
-from spdx_tools.spdx3.model.positive_integer_range import PositiveIntegerRange
-from spdx_tools.spdx3.model.software import Snippet
-from spdx_tools.spdx3.payload import Payload
from spdx_tools.spdx.model import ExternalDocumentRef, SpdxNoAssertion
from spdx_tools.spdx.model.snippet import Snippet as Spdx2_Snippet
from spdx_tools.spdx.spdx_element_utils import get_full_element_spdx_id
-
-
-def bump_integer_range(spdx2_range: Optional[Tuple[int, int]]) -> PositiveIntegerRange:
- return PositiveIntegerRange(spdx2_range[0], spdx2_range[1]) if spdx2_range else None
+from spdx_tools.spdx3.bump_from_spdx2.message import print_missing_conversion
+from spdx_tools.spdx3.bump_from_spdx2.positive_integer_range import bump_positive_integer_range
+from spdx_tools.spdx3.model.core import ExternalMap
+from spdx_tools.spdx3.model.software import Snippet
+from spdx_tools.spdx3.payload import Payload
def bump_snippet(
@@ -22,11 +18,11 @@ def bump_snippet(
payload: Payload,
document_namespace: str,
external_document_refs: List[ExternalDocumentRef],
- imports: List[ExternalMap],
+ import_: List[ExternalMap],
):
spdx_id = get_full_element_spdx_id(spdx2_snippet, document_namespace, external_document_refs)
if ":" in spdx2_snippet.spdx_id:
- imports.append(
+ import_.append(
ExternalMap(
external_id=spdx2_snippet.spdx_id,
defining_document=f"{spdx2_snippet.spdx_id.split(':')[0]}:SPDXRef-DOCUMENT",
@@ -50,8 +46,8 @@ def bump_snippet(
spdx_id=spdx_id,
name=spdx2_snippet.name,
comment=spdx2_snippet.comment,
- byte_range=bump_integer_range(spdx2_snippet.byte_range),
- line_range=bump_integer_range(spdx2_snippet.line_range),
+ byte_range=bump_positive_integer_range(spdx2_snippet.byte_range),
+ line_range=bump_positive_integer_range(spdx2_snippet.line_range),
copyright_text=copyright_text,
attribution_text=", ".join(spdx2_snippet.attribution_texts),
)
diff --git a/src/spdx_tools/spdx3/bump_from_spdx2/spdx_document.py b/src/spdx_tools/spdx3/bump_from_spdx2/spdx_document.py
index 0257c403f..ee43a059a 100644
--- a/src/spdx_tools/spdx3/bump_from_spdx2/spdx_document.py
+++ b/src/spdx_tools/spdx3/bump_from_spdx2/spdx_document.py
@@ -1,17 +1,19 @@
# SPDX-FileCopyrightText: 2023 spdx contributors
#
# SPDX-License-Identifier: Apache-2.0
-from spdx_tools.spdx3.bump_from_spdx2.annotation import bump_annotation
-from spdx_tools.spdx3.bump_from_spdx2.creation_info import bump_creation_info
-from spdx_tools.spdx3.bump_from_spdx2.file import bump_file
-from spdx_tools.spdx3.bump_from_spdx2.package import bump_package
-from spdx_tools.spdx3.bump_from_spdx2.relationship import bump_relationships
-from spdx_tools.spdx3.bump_from_spdx2.snippet import bump_snippet
-from spdx_tools.spdx3.model import CreationInfo, SpdxDocument
-from spdx_tools.spdx3.payload import Payload
from spdx_tools.spdx.model import RelationshipType
from spdx_tools.spdx.model.document import Document as Spdx2_Document
from spdx_tools.spdx.model.relationship_filters import filter_by_type_and_origin
+from spdx_tools.spdx3.bump_from_spdx2 import (
+ bump_annotation,
+ bump_creation_info,
+ bump_file,
+ bump_package,
+ bump_relationships,
+ bump_snippet,
+)
+from spdx_tools.spdx3.model.core import CreationInfo, SpdxDocument
+from spdx_tools.spdx3.payload import Payload
""" We want to implement a bump_from_spdx2 from the data model in src.spdx to the data model in src.spdx3.
As there are many fundamental differences between these version we want each bump_from_spdx2 method to take
@@ -39,7 +41,7 @@ def bump_spdx_document(document: Spdx2_Document) -> Payload:
payload,
document_namespace,
document.creation_info.external_document_refs,
- spdx_document.imports,
+ spdx_document.import_,
)
for spdx2_file in document.files:
@@ -48,7 +50,7 @@ def bump_spdx_document(document: Spdx2_Document) -> Payload:
payload,
document_namespace,
document.creation_info.external_document_refs,
- spdx_document.imports,
+ spdx_document.import_,
)
for spdx2_snippet in document.snippets:
@@ -57,14 +59,20 @@ def bump_spdx_document(document: Spdx2_Document) -> Payload:
payload,
document_namespace,
document.creation_info.external_document_refs,
- spdx_document.imports,
+ spdx_document.import_,
)
bump_relationships(document.relationships, payload, document_namespace)
for counter, spdx2_annotation in enumerate(document.annotations):
- bump_annotation(spdx2_annotation, payload, creation_info, document_namespace, counter)
+ bump_annotation(
+ spdx2_annotation, payload, creation_info, document_namespace, counter
+ )
- spdx_document.element = [spdx_id for spdx_id in payload.get_full_map() if spdx_id != spdx_document.spdx_id]
+ spdx_document.element = [
+ spdx_id
+ for spdx_id in payload.get_full_map()
+ if spdx_id != spdx_document.spdx_id
+ ]
return payload
diff --git a/src/spdx_tools/spdx3/clitools/__init__.py b/src/spdx_tools/spdx3/clitools/__init__.py
index e69de29bb..131ab7732 100644
--- a/src/spdx_tools/spdx3/clitools/__init__.py
+++ b/src/spdx_tools/spdx3/clitools/__init__.py
@@ -0,0 +1,2 @@
+# SPDX-License-Identifier: Apache-2.0
+# SPDX-FileCopyrightText: 2024 The SPDX Contributors
diff --git a/src/spdx_tools/spdx3/clitools/pyspdxtools3.py b/src/spdx_tools/spdx3/clitools/pyspdxtools3.py
index 9dd21a5d1..07b93226b 100644
--- a/src/spdx_tools/spdx3/clitools/pyspdxtools3.py
+++ b/src/spdx_tools/spdx3/clitools/pyspdxtools3.py
@@ -6,14 +6,14 @@
import click
from beartype.typing import List
-from spdx_tools.spdx3.bump_from_spdx2.spdx_document import bump_spdx_document
-from spdx_tools.spdx3.payload import Payload
-from spdx_tools.spdx3.writer.console.payload_writer import write_payload as write_payload_to_console
-from spdx_tools.spdx3.writer.json_ld.json_ld_writer import write_payload
from spdx_tools.spdx.model.document import Document
from spdx_tools.spdx.parser.parse_anything import parse_file
from spdx_tools.spdx.validation.document_validator import validate_full_spdx_document
from spdx_tools.spdx.validation.validation_message import ValidationMessage
+from spdx_tools.spdx3.bump_from_spdx2.spdx_document import bump_spdx_document
+from spdx_tools.spdx3.payload import Payload
+from spdx_tools.spdx3.writer.console.payload_writer import write_payload as write_payload_to_console
+from spdx_tools.spdx3.writer.json_ld.json_ld_writer import write_payload
@click.command()
diff --git a/src/spdx_tools/spdx3/model/__init__.py b/src/spdx_tools/spdx3/model/__init__.py
index 8fab45e9e..3667b20e6 100644
--- a/src/spdx_tools/spdx3/model/__init__.py
+++ b/src/spdx_tools/spdx3/model/__init__.py
@@ -1,25 +1,3 @@
# SPDX-FileCopyrightText: 2023 spdx contributors
#
# SPDX-License-Identifier: Apache-2.0
-from spdx_tools.spdx3.model.profile_identifier import ProfileIdentifierType
-from spdx_tools.spdx3.model.creation_info import CreationInfo
-from spdx_tools.spdx3.model.integrity_method import IntegrityMethod
-from spdx_tools.spdx3.model.hash import Hash, HashAlgorithm
-from spdx_tools.spdx3.model.external_reference import ExternalReference, ExternalReferenceType
-from spdx_tools.spdx3.model.external_identifier import ExternalIdentifier, ExternalIdentifierType
-from spdx_tools.spdx3.model.external_map import ExternalMap
-from spdx_tools.spdx3.model.namespace_map import NamespaceMap
-from spdx_tools.spdx3.model.element import Element
-from spdx_tools.spdx3.model.agent import Agent
-from spdx_tools.spdx3.model.person import Person
-from spdx_tools.spdx3.model.organization import Organization
-from spdx_tools.spdx3.model.software_agent import SoftwareAgent
-from spdx_tools.spdx3.model.tool import Tool
-from spdx_tools.spdx3.model.spdx_collection import ElementCollection
-from spdx_tools.spdx3.model.bundle import Bundle
-from spdx_tools.spdx3.model.bom import Bom
-from spdx_tools.spdx3.model.spdx_document import SpdxDocument
-from spdx_tools.spdx3.model.annotation import Annotation, AnnotationType
-from spdx_tools.spdx3.model.relationship import Relationship, RelationshipType, RelationshipCompleteness
-from spdx_tools.spdx3.model.lifecycle_scoped_relationship import LifecycleScopedRelationship, LifecycleScopeType
-from spdx_tools.spdx3.model.artifact import Artifact
diff --git a/src/spdx_tools/spdx3/model/ai/__init__.py b/src/spdx_tools/spdx3/model/ai/__init__.py
index 1f711abf6..af8388d2e 100644
--- a/src/spdx_tools/spdx3/model/ai/__init__.py
+++ b/src/spdx_tools/spdx3/model/ai/__init__.py
@@ -1,4 +1,9 @@
# SPDX-FileCopyrightText: 2023 spdx contributors
#
# SPDX-License-Identifier: Apache-2.0
-from spdx_tools.spdx3.model.ai.ai_package import AIPackage
+from .ai_package import AIPackage, SafetyRiskAssessmentType
+
+__all__ = [
+ "AIPackage",
+ "SafetyRiskAssessmentType",
+]
diff --git a/src/spdx_tools/spdx3/model/ai/ai_package.py b/src/spdx_tools/spdx3/model/ai/ai_package.py
index b297385e3..ea818889c 100644
--- a/src/spdx_tools/spdx3/model/ai/ai_package.py
+++ b/src/spdx_tools/spdx3/model/ai/ai_package.py
@@ -9,9 +9,14 @@
from spdx_tools.common.typing.dataclass_with_properties import dataclass_with_properties
from spdx_tools.common.typing.type_checks import check_types_and_set_values
-from spdx_tools.spdx3.model import CreationInfo, ExternalIdentifier, ExternalReference, IntegrityMethod
-from spdx_tools.spdx3.model.licensing import LicenseField
-from spdx_tools.spdx3.model.software import Package, SoftwarePurpose
+
+from ..core.creation_info import CreationInfo
+from ..core.external_identifier import ExternalIdentifier
+from ..core.external_ref import ExternalRef
+from ..core.integrity_method import IntegrityMethod
+from ..licensing.license_field import LicenseField
+from ..software.package import Package
+from ..software.software_purpose import SoftwarePurpose
class SafetyRiskAssessmentType(Enum):
@@ -32,7 +37,7 @@ class AIPackage(Package):
hyperparameter: Dict[str, Optional[str]] = field(default_factory=dict)
model_data_preprocessing: List[str] = field(default_factory=list)
model_explainability: List[str] = field(default_factory=list)
- sensitive_personal_information: Optional[bool] = None
+ use_sensitive_personal_information: Optional[bool] = None
metric_decision_threshold: Dict[str, Optional[str]] = field(default_factory=dict)
metric: Dict[str, Optional[str]] = field(default_factory=dict)
domain: List[str] = field(default_factory=list)
@@ -52,51 +57,51 @@ def __init__(
summary: Optional[str] = None,
description: Optional[str] = None,
comment: Optional[str] = None,
- verified_using: List[IntegrityMethod] = None,
- external_reference: List[ExternalReference] = None,
- external_identifier: List[ExternalIdentifier] = None,
+ verified_using: List[IntegrityMethod] = [],
+ external_ref: List[ExternalRef] = [],
+ external_identifier: List[ExternalIdentifier] = [],
extension: Optional[str] = None,
- originated_by: List[str] = None,
+ originated_by: List[str] = [],
built_time: Optional[datetime] = None,
valid_until_time: Optional[datetime] = None,
- standard: List[str] = None,
+ standard: List[str] = [],
content_identifier: Optional[str] = None,
- additional_purpose: List[SoftwarePurpose] = None,
+ additional_purpose: List[SoftwarePurpose] = [],
concluded_license: Optional[LicenseField] = None,
declared_license: Optional[LicenseField] = None,
copyright_text: Optional[str] = None,
attribution_text: Optional[str] = None,
package_url: Optional[str] = None,
- homepage: Optional[str] = None,
+ home_page: Optional[str] = None,
source_info: Optional[str] = None,
energy_consumption: Optional[str] = None,
- standard_compliance: List[str] = None,
+ standard_compliance: List[str] = [],
limitation: Optional[str] = None,
- type_of_model: List[str] = None,
+ type_of_model: List[str] = [],
information_about_training: Optional[str] = None,
information_about_application: Optional[str] = None,
- hyperparameter: Dict[str, Optional[str]] = None,
- model_data_preprocessing: List[str] = None,
- model_explainability: List[str] = None,
- sensitive_personal_information: Optional[bool] = None,
- metric_decision_threshold: Dict[str, Optional[str]] = None,
- metric: Dict[str, Optional[str]] = None,
- domain: List[str] = None,
+ hyperparameter: Dict[str, Optional[str]] = {},
+ model_data_preprocessing: List[str] = [],
+ model_explainability: List[str] = [],
+ use_sensitive_personal_information: Optional[bool] = None,
+ metric_decision_threshold: Dict[str, Optional[str]] = {},
+ metric: Dict[str, Optional[str]] = {},
+ domain: List[str] = [],
autonomy_type: Optional[bool] = None,
safety_risk_assessment: Optional[SafetyRiskAssessmentType] = None,
):
- verified_using = [] if verified_using is None else verified_using
- external_reference = [] if external_reference is None else external_reference
- external_identifier = [] if external_identifier is None else external_identifier
- originated_by = [] if originated_by is None else originated_by
- additional_purpose = [] if additional_purpose is None else additional_purpose
- standard = [] if standard is None else standard
- standard_compliance = [] if standard_compliance is None else standard_compliance
- type_of_model = [] if type_of_model is None else type_of_model
- hyperparameter = {} if hyperparameter is None else hyperparameter
- model_data_preprocessing = [] if model_data_preprocessing is None else model_data_preprocessing
- model_explainability = [] if model_explainability is None else model_explainability
- metric_decision_threshold = {} if metric_decision_threshold is None else metric_decision_threshold
- metric = {} if metric is None else metric
- domain = [] if domain is None else domain
+ verified_using = [] if not verified_using else verified_using
+ external_ref = [] if not external_ref else external_ref
+ external_identifier = [] if not external_identifier else external_identifier
+ originated_by = [] if not originated_by else originated_by
+ additional_purpose = [] if not additional_purpose else additional_purpose
+ standard = [] if not standard else standard
+ standard_compliance = [] if not standard_compliance else standard_compliance
+ type_of_model = [] if not type_of_model else type_of_model
+ hyperparameter = {} if not hyperparameter else hyperparameter
+ model_data_preprocessing = [] if not model_data_preprocessing else model_data_preprocessing
+ model_explainability = [] if not model_explainability else model_explainability
+ metric_decision_threshold = {} if not metric_decision_threshold else metric_decision_threshold
+ metric = {} if not metric else metric
+ domain = [] if not domain else domain
check_types_and_set_values(self, locals())
diff --git a/src/spdx_tools/spdx3/model/bom.py b/src/spdx_tools/spdx3/model/bom.py
deleted file mode 100644
index a9ad7d57e..000000000
--- a/src/spdx_tools/spdx3/model/bom.py
+++ /dev/null
@@ -1,47 +0,0 @@
-# SPDX-FileCopyrightText: 2023 spdx contributors
-#
-# SPDX-License-Identifier: Apache-2.0
-from beartype.typing import List, Optional
-
-from spdx_tools.common.typing.dataclass_with_properties import dataclass_with_properties
-from spdx_tools.common.typing.type_checks import check_types_and_set_values
-from spdx_tools.spdx3.model import (
- Bundle,
- CreationInfo,
- ExternalIdentifier,
- ExternalMap,
- ExternalReference,
- IntegrityMethod,
- NamespaceMap,
-)
-
-
-@dataclass_with_properties
-class Bom(Bundle):
- # We overwrite the super-__init__ as check_types_and_set_values()
- # takes care of all fields (including inherited ones).
-
- def __init__(
- self,
- spdx_id: str,
- element: List[str],
- root_element: List[str],
- creation_info: Optional[CreationInfo] = None,
- name: Optional[str] = None,
- summary: Optional[str] = None,
- description: Optional[str] = None,
- comment: Optional[str] = None,
- verified_using: List[IntegrityMethod] = None,
- external_reference: List[ExternalReference] = None,
- external_identifier: List[ExternalIdentifier] = None,
- extension: Optional[str] = None,
- namespaces: List[NamespaceMap] = None,
- imports: List[ExternalMap] = None,
- context: Optional[str] = None,
- ):
- verified_using = [] if verified_using is None else verified_using
- external_reference = [] if external_reference is None else external_reference
- external_identifier = [] if external_identifier is None else external_identifier
- namespaces = [] if namespaces is None else namespaces
- imports = [] if imports is None else imports
- check_types_and_set_values(self, locals())
diff --git a/src/spdx_tools/spdx3/model/build/__init__.py b/src/spdx_tools/spdx3/model/build/__init__.py
index 765cf3c2a..e95e90ef7 100644
--- a/src/spdx_tools/spdx3/model/build/__init__.py
+++ b/src/spdx_tools/spdx3/model/build/__init__.py
@@ -1,4 +1,8 @@
# SPDX-FileCopyrightText: 2023 spdx contributors
#
# SPDX-License-Identifier: Apache-2.0
-from spdx_tools.spdx3.model.build.build import Build
+from .build import Build
+
+__all__ = [
+ "Build"
+]
diff --git a/src/spdx_tools/spdx3/model/build/build.py b/src/spdx_tools/spdx3/model/build/build.py
index c6662ccce..9942b0ab7 100644
--- a/src/spdx_tools/spdx3/model/build/build.py
+++ b/src/spdx_tools/spdx3/model/build/build.py
@@ -8,17 +8,23 @@
from spdx_tools.common.typing.dataclass_with_properties import dataclass_with_properties
from spdx_tools.common.typing.type_checks import check_types_and_set_values
-from spdx_tools.spdx3.model import CreationInfo, Element, ExternalIdentifier, ExternalReference, Hash, IntegrityMethod
+
+from ..core.creation_info import CreationInfo
+from ..core.element import Element
+from ..core.external_identifier import ExternalIdentifier
+from ..core.external_ref import ExternalRef
+from ..core.hash import Hash
+from ..core.integrity_method import IntegrityMethod
@dataclass_with_properties
class Build(Element):
- build_type: str = None
+ build_type: str = ""
build_id: Optional[str] = None
config_source_entrypoint: List[str] = field(default_factory=list)
config_source_uri: List[str] = field(default_factory=list)
config_source_digest: List[Hash] = field(default_factory=list)
- parameters: Dict[str, str] = field(default_factory=dict)
+ parameter: Dict[str, str] = field(default_factory=dict)
build_start_time: Optional[datetime] = None
build_end_time: Optional[datetime] = None
environment: Dict[str, str] = field(default_factory=dict)
@@ -32,26 +38,26 @@ def __init__(
summary: Optional[str] = None,
description: Optional[str] = None,
comment: Optional[str] = None,
- verified_using: List[IntegrityMethod] = None,
- external_reference: List[ExternalReference] = None,
- external_identifier: List[ExternalIdentifier] = None,
+ verified_using: List[IntegrityMethod] = [],
+ external_ref: List[ExternalRef] = [],
+ external_identifier: List[ExternalIdentifier] = [],
extension: Optional[str] = None,
build_id: Optional[str] = None,
- config_source_entrypoint: List[str] = None,
- config_source_uri: List[str] = None,
- config_source_digest: List[Hash] = None,
- parameters: Dict[str, str] = None,
+ config_source_entrypoint: List[str] = [],
+ config_source_uri: List[str] = [],
+ config_source_digest: List[Hash] = [],
+ parameter: Dict[str, str] = {},
build_start_time: Optional[datetime] = None,
build_end_time: Optional[datetime] = None,
- environment: Dict[str, str] = None,
+ environment: Dict[str, str] = {},
):
- verified_using = [] if verified_using is None else verified_using
- external_reference = [] if external_reference is None else external_reference
- external_identifier = [] if external_identifier is None else external_identifier
- config_source_entrypoint = [] if config_source_entrypoint is None else config_source_entrypoint
- config_source_uri = [] if config_source_uri is None else config_source_uri
- config_source_digest = [] if config_source_digest is None else config_source_digest
- parameters = {} if parameters is None else parameters
- environment = {} if environment is None else environment
+ verified_using = [] if not verified_using else verified_using
+ external_ref = [] if not external_ref else external_ref
+ external_identifier = [] if not external_identifier else external_identifier
+ config_source_entrypoint = [] if not config_source_entrypoint else config_source_entrypoint
+ config_source_uri = [] if not config_source_uri else config_source_uri
+ config_source_digest = [] if not config_source_digest else config_source_digest
+ parameter = {} if not parameter else parameter
+ environment = {} if not environment else environment
check_types_and_set_values(self, locals())
diff --git a/src/spdx_tools/spdx3/model/bundle.py b/src/spdx_tools/spdx3/model/bundle.py
deleted file mode 100644
index 63640f845..000000000
--- a/src/spdx_tools/spdx3/model/bundle.py
+++ /dev/null
@@ -1,46 +0,0 @@
-# SPDX-FileCopyrightText: 2023 spdx contributors
-#
-# SPDX-License-Identifier: Apache-2.0
-from beartype.typing import List, Optional
-
-from spdx_tools.common.typing.dataclass_with_properties import dataclass_with_properties
-from spdx_tools.common.typing.type_checks import check_types_and_set_values
-from spdx_tools.spdx3.model import (
- CreationInfo,
- ElementCollection,
- ExternalIdentifier,
- ExternalMap,
- ExternalReference,
- IntegrityMethod,
- NamespaceMap,
-)
-
-
-@dataclass_with_properties
-class Bundle(ElementCollection):
- context: Optional[str] = None
-
- def __init__(
- self,
- spdx_id: str,
- element: List[str],
- root_element: List[str],
- creation_info: Optional[CreationInfo] = None,
- name: Optional[str] = None,
- summary: Optional[str] = None,
- description: Optional[str] = None,
- comment: Optional[str] = None,
- verified_using: List[IntegrityMethod] = None,
- external_reference: List[ExternalReference] = None,
- external_identifier: List[ExternalIdentifier] = None,
- extension: Optional[str] = None,
- namespaces: List[NamespaceMap] = None,
- imports: List[ExternalMap] = None,
- context: Optional[str] = None,
- ):
- verified_using = [] if verified_using is None else verified_using
- external_reference = [] if external_reference is None else external_reference
- external_identifier = [] if external_identifier is None else external_identifier
- namespaces = [] if namespaces is None else namespaces
- imports = [] if imports is None else imports
- check_types_and_set_values(self, locals())
diff --git a/src/spdx_tools/spdx3/model/core/__init__.py b/src/spdx_tools/spdx3/model/core/__init__.py
new file mode 100644
index 000000000..f14eb4cf3
--- /dev/null
+++ b/src/spdx_tools/spdx3/model/core/__init__.py
@@ -0,0 +1,76 @@
+# SPDX-License-Identifier: Apache-2.0
+# SPDX-FileCopyrightText: 2024 The SPDX Contributors
+
+from .agent import Agent
+from .annotation import Annotation, AnnotationType
+from .artifact import Artifact
+from .bom import Bom
+from .bundle import Bundle
+from .creation_info import CreationInfo
+from .element import Element
+from .element_collection import ElementCollection
+from .external_identifier import (
+ ExternalIdentifier,
+ ExternalIdentifierType,
+)
+from .external_map import ExternalMap
+from .external_ref import (
+ ExternalRef,
+ ExternalRefType,
+)
+from .hash import Hash, HashAlgorithm
+from .integrity_method import IntegrityMethod
+from .lifecycle_scoped_relationship import (
+ LifecycleScopedRelationship,
+ LifecycleScopeType,
+)
+from .namespace_map import NamespaceMap
+from .organization import Organization
+from .person import Person
+from .positive_integer_range import PositiveIntegerRange
+from .presence_type import PresenceType
+from .profile_identifier import ProfileIdentifierType
+from .relationship import (
+ Relationship,
+ RelationshipCompleteness,
+ RelationshipType,
+)
+from .software_agent import SoftwareAgent
+from .spdx_document import SpdxDocument
+from .support_type import SupportType
+from .tool import Tool
+
+__all__ = [
+ "Agent",
+ "Annotation",
+ "AnnotationType",
+ "Artifact",
+ "Bom",
+ "Bundle",
+ "CreationInfo",
+ "Element",
+ "ElementCollection",
+ "ExternalIdentifier",
+ "ExternalIdentifierType",
+ "ExternalMap",
+ "ExternalRef",
+ "ExternalRefType",
+ "Hash",
+ "HashAlgorithm",
+ "IntegrityMethod",
+ "LifecycleScopedRelationship",
+ "LifecycleScopeType",
+ "NamespaceMap",
+ "Organization",
+ "Person",
+ "PositiveIntegerRange",
+ "PresenceType",
+ "ProfileIdentifierType",
+ "Relationship",
+ "RelationshipCompleteness",
+ "RelationshipType",
+ "SoftwareAgent",
+ "SpdxDocument",
+ "SupportType",
+ "Tool",
+]
diff --git a/src/spdx_tools/spdx3/model/agent.py b/src/spdx_tools/spdx3/model/core/agent.py
similarity index 55%
rename from src/spdx_tools/spdx3/model/agent.py
rename to src/spdx_tools/spdx3/model/core/agent.py
index 9aa326e22..7bbfff50a 100644
--- a/src/spdx_tools/spdx3/model/agent.py
+++ b/src/spdx_tools/spdx3/model/core/agent.py
@@ -5,7 +5,12 @@
from spdx_tools.common.typing.dataclass_with_properties import dataclass_with_properties
from spdx_tools.common.typing.type_checks import check_types_and_set_values
-from spdx_tools.spdx3.model import CreationInfo, Element, ExternalIdentifier, ExternalReference, IntegrityMethod
+
+from .creation_info import CreationInfo
+from .element import Element
+from .external_identifier import ExternalIdentifier
+from .external_ref import ExternalRef
+from .integrity_method import IntegrityMethod
@dataclass_with_properties
@@ -18,12 +23,12 @@ def __init__(
summary: Optional[str] = None,
description: Optional[str] = None,
comment: Optional[str] = None,
- verified_using: List[IntegrityMethod] = None,
- external_reference: List[ExternalReference] = None,
- external_identifier: List[ExternalIdentifier] = None,
+ verified_using: List[IntegrityMethod] = [],
+ external_ref: List[ExternalRef] = [],
+ external_identifier: List[ExternalIdentifier] = [],
extension: Optional[str] = None,
):
- verified_using = [] if verified_using is None else verified_using
- external_reference = [] if external_reference is None else external_reference
- external_identifier = [] if external_identifier is None else external_identifier
+ verified_using = [] if not verified_using else verified_using
+ external_ref = [] if not external_ref else external_ref
+ external_identifier = [] if not external_identifier else external_identifier
check_types_and_set_values(self, locals())
diff --git a/src/spdx_tools/spdx3/model/annotation.py b/src/spdx_tools/spdx3/model/core/annotation.py
similarity index 61%
rename from src/spdx_tools/spdx3/model/annotation.py
rename to src/spdx_tools/spdx3/model/core/annotation.py
index e74d9d578..37b0681ec 100644
--- a/src/spdx_tools/spdx3/model/annotation.py
+++ b/src/spdx_tools/spdx3/model/core/annotation.py
@@ -8,18 +8,23 @@
from spdx_tools.common.typing.dataclass_with_properties import dataclass_with_properties
from spdx_tools.common.typing.type_checks import check_types_and_set_values
-from spdx_tools.spdx3.model import CreationInfo, Element, ExternalIdentifier, ExternalReference, IntegrityMethod
+
+from .creation_info import CreationInfo
+from .element import Element
+from .external_identifier import ExternalIdentifier
+from .external_ref import ExternalRef
+from .integrity_method import IntegrityMethod
class AnnotationType(Enum):
- REVIEW = auto()
OTHER = auto()
+ REVIEW = auto()
@dataclass_with_properties
class Annotation(Element):
annotation_type: AnnotationType = None
- subject: str = None
+ subject: str = ""
content_type: List[str] = field(default_factory=list) # placeholder for MediaType
statement: Optional[str] = None
@@ -33,15 +38,15 @@ def __init__(
summary: Optional[str] = None,
description: Optional[str] = None,
comment: Optional[str] = None,
- verified_using: List[IntegrityMethod] = None,
- external_reference: List[ExternalReference] = None,
- external_identifier: List[ExternalIdentifier] = None,
+ verified_using: List[IntegrityMethod] = [],
+ external_ref: List[ExternalRef] = [],
+ external_identifier: List[ExternalIdentifier] = [],
extension: Optional[str] = None,
- content_type: List[str] = None,
+ content_type: List[str] = [],
statement: Optional[str] = None,
):
- verified_using = [] if verified_using is None else verified_using
- external_reference = [] if external_reference is None else external_reference
- external_identifier = [] if external_identifier is None else external_identifier
- content_type = [] if content_type is None else content_type
+ verified_using = [] if not verified_using else verified_using
+ external_ref = [] if not external_ref else external_ref
+ external_identifier = [] if not external_identifier else external_identifier
+ content_type = [] if not content_type else content_type
check_types_and_set_values(self, locals())
diff --git a/src/spdx_tools/spdx3/model/artifact.py b/src/spdx_tools/spdx3/model/core/artifact.py
similarity index 94%
rename from src/spdx_tools/spdx3/model/artifact.py
rename to src/spdx_tools/spdx3/model/core/artifact.py
index 0fccec89c..9f3501b0a 100644
--- a/src/spdx_tools/spdx3/model/artifact.py
+++ b/src/spdx_tools/spdx3/model/core/artifact.py
@@ -8,17 +8,18 @@
from beartype.typing import List, Optional
from spdx_tools.common.typing.dataclass_with_properties import dataclass_with_properties
-from spdx_tools.spdx3.model import Element
+
+from .element import Element
@dataclass_with_properties
class Artifact(Element):
- originated_by: List[str] = field(default_factory=list) # SPDXID of the Agent/Tool
- supplied_by: List[str] = field(default_factory=list) # SPDXID of the Agent/Tool
built_time: Optional[datetime] = None
+ originated_by: List[str] = field(default_factory=list) # SPDXID of the Agent/Tool
release_time: Optional[datetime] = None
- valid_until_time: Optional[datetime] = None
standard: List[str] = field(default_factory=list)
+ supplied_by: List[str] = field(default_factory=list) # SPDXID of the Agent/Tool
+ valid_until_time: Optional[datetime] = None
@abstractmethod
def __init__(self):
diff --git a/src/spdx_tools/spdx3/model/core/bom.py b/src/spdx_tools/spdx3/model/core/bom.py
new file mode 100644
index 000000000..b0279e5aa
--- /dev/null
+++ b/src/spdx_tools/spdx3/model/core/bom.py
@@ -0,0 +1,48 @@
+# SPDX-FileCopyrightText: 2023 spdx contributors
+#
+# SPDX-License-Identifier: Apache-2.0
+from beartype.typing import List, Optional
+
+from spdx_tools.common.typing.dataclass_with_properties import dataclass_with_properties
+from spdx_tools.common.typing.type_checks import check_types_and_set_values
+
+from .bundle import Bundle
+from .creation_info import CreationInfo
+from .external_identifier import ExternalIdentifier
+from .external_map import ExternalMap
+from .external_ref import ExternalRef
+from .integrity_method import IntegrityMethod
+from .namespace_map import NamespaceMap
+from .profile_identifier import ProfileIdentifierType
+
+
+@dataclass_with_properties
+class Bom(Bundle):
+ # We overwrite the super-__init__ as check_types_and_set_values()
+ # takes care of all fields (including inherited ones).
+
+ def __init__(
+ self,
+ spdx_id: str,
+ element: List[str],
+ root_element: List[str],
+ creation_info: Optional[CreationInfo] = None,
+ name: Optional[str] = None,
+ summary: Optional[str] = None,
+ description: Optional[str] = None,
+ comment: Optional[str] = None,
+ verified_using: List[IntegrityMethod] = [],
+ external_ref: List[ExternalRef] = [],
+ external_identifier: List[ExternalIdentifier] = [],
+ extension: Optional[str] = None,
+ namespace: List[NamespaceMap] = [],
+ import_: List[ExternalMap] = [],
+ context: Optional[str] = None,
+ profile_conformance: List[ProfileIdentifierType] = [],
+ ):
+ verified_using = [] if not verified_using else verified_using
+ external_ref = [] if not external_ref else external_ref
+ external_identifier = [] if not external_identifier else external_identifier
+ namespace = [] if not namespace else namespace
+ import_ = [] if not import_ else import_
+ check_types_and_set_values(self, locals())
diff --git a/src/spdx_tools/spdx3/model/core/bundle.py b/src/spdx_tools/spdx3/model/core/bundle.py
new file mode 100644
index 000000000..9544e27e3
--- /dev/null
+++ b/src/spdx_tools/spdx3/model/core/bundle.py
@@ -0,0 +1,47 @@
+# SPDX-FileCopyrightText: 2023 spdx contributors
+#
+# SPDX-License-Identifier: Apache-2.0
+from beartype.typing import List, Optional
+
+from spdx_tools.common.typing.dataclass_with_properties import dataclass_with_properties
+from spdx_tools.common.typing.type_checks import check_types_and_set_values
+
+from .creation_info import CreationInfo
+from .element_collection import ElementCollection
+from .external_identifier import ExternalIdentifier
+from .external_map import ExternalMap
+from .external_ref import ExternalRef
+from .integrity_method import IntegrityMethod
+from .namespace_map import NamespaceMap
+from .profile_identifier import ProfileIdentifierType
+
+
+@dataclass_with_properties
+class Bundle(ElementCollection):
+ context: Optional[str] = None
+
+ def __init__(
+ self,
+ spdx_id: str,
+ element: List[str],
+ root_element: List[str],
+ creation_info: Optional[CreationInfo] = None,
+ name: Optional[str] = None,
+ summary: Optional[str] = None,
+ description: Optional[str] = None,
+ comment: Optional[str] = None,
+ verified_using: List[IntegrityMethod] = [],
+ external_ref: List[ExternalRef] = [],
+ external_identifier: List[ExternalIdentifier] = [],
+ extension: Optional[str] = None,
+ namespace: List[NamespaceMap] = [],
+ import_: List[ExternalMap] = [],
+ context: Optional[str] = None,
+ profile_conformance: List[ProfileIdentifierType] = [],
+ ):
+ verified_using = [] if not verified_using else verified_using
+ external_ref = [] if not external_ref else external_ref
+ external_identifier = [] if not external_identifier else external_identifier
+ namespace = [] if not namespace else namespace
+ import_ = [] if not import_ else import_
+ check_types_and_set_values(self, locals())
diff --git a/src/spdx_tools/spdx3/model/creation_info.py b/src/spdx_tools/spdx3/model/core/creation_info.py
similarity index 86%
rename from src/spdx_tools/spdx3/model/creation_info.py
rename to src/spdx_tools/spdx3/model/core/creation_info.py
index 125d4d30d..96610b334 100644
--- a/src/spdx_tools/spdx3/model/creation_info.py
+++ b/src/spdx_tools/spdx3/model/core/creation_info.py
@@ -9,7 +9,8 @@
from spdx_tools.common.typing.dataclass_with_properties import dataclass_with_properties
from spdx_tools.common.typing.type_checks import check_types_and_set_values
-from spdx_tools.spdx3.model import ProfileIdentifierType
+
+from .profile_identifier import ProfileIdentifierType
@dataclass_with_properties
@@ -29,8 +30,8 @@ def __init__(
created_by: List[str],
profile: List[ProfileIdentifierType],
data_license: Optional[str] = "CC0-1.0",
- created_using: List[str] = None,
+ created_using: List[str] = [],
comment: Optional[str] = None,
):
- created_using = [] if created_using is None else created_using
+ created_using = [] if not created_using else created_using
check_types_and_set_values(self, locals())
diff --git a/src/spdx_tools/spdx3/model/element.py b/src/spdx_tools/spdx3/model/core/element.py
similarity index 77%
rename from src/spdx_tools/spdx3/model/element.py
rename to src/spdx_tools/spdx3/model/core/element.py
index 08f2d7b85..fc8008dd9 100644
--- a/src/spdx_tools/spdx3/model/element.py
+++ b/src/spdx_tools/spdx3/model/core/element.py
@@ -7,7 +7,11 @@
from beartype.typing import List, Optional
from spdx_tools.common.typing.dataclass_with_properties import dataclass_with_properties
-from spdx_tools.spdx3.model import CreationInfo, ExternalIdentifier, ExternalReference, IntegrityMethod
+
+from .creation_info import CreationInfo
+from .external_identifier import ExternalIdentifier
+from .external_ref import ExternalRef
+from .integrity_method import IntegrityMethod
@dataclass_with_properties
@@ -19,7 +23,7 @@ class Element(ABC):
description: Optional[str] = None
comment: Optional[str] = None
verified_using: List[IntegrityMethod] = field(default_factory=list)
- external_reference: List[ExternalReference] = field(default_factory=list)
+ external_ref: List[ExternalRef] = field(default_factory=list)
external_identifier: List[ExternalIdentifier] = field(default_factory=list)
extension: Optional[str] = None # placeholder for extension
diff --git a/src/spdx_tools/spdx3/model/spdx_collection.py b/src/spdx_tools/spdx3/model/core/element_collection.py
similarity index 74%
rename from src/spdx_tools/spdx3/model/spdx_collection.py
rename to src/spdx_tools/spdx3/model/core/element_collection.py
index 65c28951a..a7ce4c144 100644
--- a/src/spdx_tools/spdx3/model/spdx_collection.py
+++ b/src/spdx_tools/spdx3/model/core/element_collection.py
@@ -7,7 +7,10 @@
from beartype.typing import List
from spdx_tools.common.typing.dataclass_with_properties import dataclass_with_properties
-from spdx_tools.spdx3.model import Element, ExternalMap, NamespaceMap
+
+from .element import Element
+from .external_map import ExternalMap
+from .namespace_map import NamespaceMap
@dataclass_with_properties
@@ -16,8 +19,8 @@ class ElementCollection(Element):
# the __init__ method still raises an error if required fields are not set
element: List[str] = field(default_factory=list)
root_element: List[str] = field(default_factory=list)
- namespaces: List[NamespaceMap] = field(default_factory=list)
- imports: List[ExternalMap] = field(default_factory=list)
+ namespace: List[NamespaceMap] = field(default_factory=list)
+ import_: List[ExternalMap] = field(default_factory=list)
@abstractmethod
def __init__(self):
diff --git a/src/spdx_tools/spdx3/model/external_identifier.py b/src/spdx_tools/spdx3/model/core/external_identifier.py
similarity index 88%
rename from src/spdx_tools/spdx3/model/external_identifier.py
rename to src/spdx_tools/spdx3/model/core/external_identifier.py
index ee458151e..ba5770386 100644
--- a/src/spdx_tools/spdx3/model/external_identifier.py
+++ b/src/spdx_tools/spdx3/model/core/external_identifier.py
@@ -16,12 +16,12 @@ class ExternalIdentifierType(Enum):
CVE = auto()
EMAIL = auto()
GITOID = auto()
- PURL = auto()
+ OTHER = auto()
+ PACKAGE_URL = auto()
SECURITY_OTHER = auto()
SWHID = auto()
SWID = auto()
URL_SCHEME = auto()
- OTHER = auto()
@dataclass_with_properties
@@ -37,8 +37,8 @@ def __init__(
external_identifier_type: ExternalIdentifierType,
identifier: str,
comment: Optional[str] = None,
- identifier_locator: List[str] = None,
+ identifier_locator: List[str] = [],
issuing_authority: Optional[str] = None,
):
- identifier_locator = [] if identifier_locator is None else identifier_locator
+ identifier_locator = [] if not identifier_locator else identifier_locator
check_types_and_set_values(self, locals())
diff --git a/src/spdx_tools/spdx3/model/external_map.py b/src/spdx_tools/spdx3/model/core/external_map.py
similarity index 81%
rename from src/spdx_tools/spdx3/model/external_map.py
rename to src/spdx_tools/spdx3/model/core/external_map.py
index ab88a49e2..508401533 100644
--- a/src/spdx_tools/spdx3/model/external_map.py
+++ b/src/spdx_tools/spdx3/model/core/external_map.py
@@ -7,7 +7,8 @@
from spdx_tools.common.typing.dataclass_with_properties import dataclass_with_properties
from spdx_tools.common.typing.type_checks import check_types_and_set_values
-from spdx_tools.spdx3.model import IntegrityMethod
+
+from .integrity_method import IntegrityMethod
@dataclass_with_properties
@@ -20,9 +21,9 @@ class ExternalMap:
def __init__(
self,
external_id: str,
- verified_using: List[IntegrityMethod] = None,
+ verified_using: List[IntegrityMethod] = [],
location_hint: Optional[str] = None,
defining_document: Optional[str] = None,
):
- verified_using = [] if verified_using is None else verified_using
+ verified_using = [] if not verified_using else verified_using
check_types_and_set_values(self, locals())
diff --git a/src/spdx_tools/spdx3/model/external_reference.py b/src/spdx_tools/spdx3/model/core/external_ref.py
similarity index 82%
rename from src/spdx_tools/spdx3/model/external_reference.py
rename to src/spdx_tools/spdx3/model/core/external_ref.py
index 2f44a54d6..e025be41a 100644
--- a/src/spdx_tools/spdx3/model/external_reference.py
+++ b/src/spdx_tools/spdx3/model/core/external_ref.py
@@ -10,15 +10,17 @@
from spdx_tools.common.typing.type_checks import check_types_and_set_values
-class ExternalReferenceType(Enum):
+class ExternalRefType(Enum):
ALT_DOWNLOAD_LOCATION = auto()
ALT_WEB_PAGE = auto()
BINARY_ARTIFACT = auto()
+ BOWER = auto()
BUILD_META = auto()
BUILD_SYSTEM = auto()
CERTIFICATION_REPORT = auto()
CHAT = auto()
COMPONENT_ANALYSIS_REPORT = auto()
+ CWE = auto()
DOCUMENTATION = auto()
DYNAMIC_ANALYSIS_REPORT = auto()
EOL_NOTICE = auto()
@@ -26,9 +28,14 @@ class ExternalReferenceType(Enum):
ISSUE_TRACKER = auto()
LICENSE = auto()
MAILING_LIST = auto()
+ MAVEN_CENTRAL = auto()
METRICS = auto()
+ NPM = auto()
+ NUGET = auto()
OTHER = auto()
+ PRIVACY_ASSESSMENT = auto()
PRODUCT_METADATA = auto()
+ PURCHASES_ORDER = auto()
QUALITY_ASSESSMENT_REPORT = auto()
RELEASE_HISTORY = auto()
RELEASE_NOTES = auto()
@@ -52,18 +59,18 @@ class ExternalReferenceType(Enum):
@dataclass_with_properties
-class ExternalReference:
- external_reference_type: Optional[ExternalReferenceType] = None
+class ExternalRef:
+ external_ref_type: Optional[ExternalRefType] = None
locator: List[str] = field(default_factory=list)
content_type: Optional[str] = None # placeholder for MediaType
comment: Optional[str] = None
def __init__(
self,
- external_reference_type: Optional[ExternalReferenceType] = None,
- locator: List[str] = None,
+ external_ref_type: Optional[ExternalRefType] = None,
+ locator: List[str] = [],
content_type: Optional[str] = None,
comment: Optional[str] = None,
):
- locator = [] if locator is None else locator
+ locator = [] if not locator else locator
check_types_and_set_values(self, locals())
diff --git a/src/spdx_tools/spdx3/model/hash.py b/src/spdx_tools/spdx3/model/core/hash.py
similarity index 80%
rename from src/spdx_tools/spdx3/model/hash.py
rename to src/spdx_tools/spdx3/model/core/hash.py
index 42ef4ff4d..388b40292 100644
--- a/src/spdx_tools/spdx3/model/hash.py
+++ b/src/spdx_tools/spdx3/model/core/hash.py
@@ -7,16 +7,18 @@
from spdx_tools.common.typing.dataclass_with_properties import dataclass_with_properties
from spdx_tools.common.typing.type_checks import check_types_and_set_values
-from spdx_tools.spdx3.model import IntegrityMethod
+
+from .integrity_method import IntegrityMethod
class HashAlgorithm(Enum):
+ ADLER32 = auto()
BLAKE2B256 = auto()
BLAKE2B384 = auto()
BLAKE2B512 = auto()
BLAKE3 = auto()
- CRYSTALS_KYBER = auto()
CRYSTALS_DILITHIUM = auto()
+ CRYSTALS_KYBER = auto()
FALCON = auto()
MD2 = auto()
MD4 = auto()
@@ -26,21 +28,21 @@ class HashAlgorithm(Enum):
SHA1 = auto()
SHA224 = auto()
SHA256 = auto()
+ SHA384 = auto()
SHA3_224 = auto()
SHA3_256 = auto()
SHA3_384 = auto()
SHA3_512 = auto()
- SHA384 = auto()
SHA512 = auto()
- SPDXPVCSHA1 = auto()
- SPDXPVCSHA256 = auto()
- SPHINCS_PLUS = auto()
+ SPDXPVCSHA1 = auto() # Not present in v3.0.1
+ SPDXPVCSHA256 = auto() # Not present in v3.0.1
+ SPHINCS_PLUS = auto() # Not present in v3.0.1
@dataclass_with_properties
class Hash(IntegrityMethod):
algorithm: HashAlgorithm = None
- hash_value: str = None
+ hash_value: str = ""
def __init__(self, algorithm: HashAlgorithm, hash_value: str, comment: Optional[str] = None):
check_types_and_set_values(self, locals())
diff --git a/src/spdx_tools/spdx3/model/integrity_method.py b/src/spdx_tools/spdx3/model/core/integrity_method.py
similarity index 100%
rename from src/spdx_tools/spdx3/model/integrity_method.py
rename to src/spdx_tools/spdx3/model/core/integrity_method.py
diff --git a/src/spdx_tools/spdx3/model/lifecycle_scoped_relationship.py b/src/spdx_tools/spdx3/model/core/lifecycle_scoped_relationship.py
similarity index 64%
rename from src/spdx_tools/spdx3/model/lifecycle_scoped_relationship.py
rename to src/spdx_tools/spdx3/model/core/lifecycle_scoped_relationship.py
index a06e108ce..c6c06af57 100644
--- a/src/spdx_tools/spdx3/model/lifecycle_scoped_relationship.py
+++ b/src/spdx_tools/spdx3/model/core/lifecycle_scoped_relationship.py
@@ -8,24 +8,21 @@
from spdx_tools.common.typing.dataclass_with_properties import dataclass_with_properties
from spdx_tools.common.typing.type_checks import check_types_and_set_values
-from spdx_tools.spdx3.model import (
- CreationInfo,
- ExternalIdentifier,
- ExternalReference,
- IntegrityMethod,
- Relationship,
- RelationshipCompleteness,
- RelationshipType,
-)
+
+from .creation_info import CreationInfo
+from .external_identifier import ExternalIdentifier
+from .external_ref import ExternalRef
+from .integrity_method import IntegrityMethod
+from .relationship import Relationship, RelationshipCompleteness, RelationshipType
class LifecycleScopeType(Enum):
- DESIGN = auto()
BUILD = auto()
+ DESIGN = auto()
DEVELOPMENT = auto()
- TEST = auto()
- RUNTIME = auto()
OTHER = auto()
+ RUNTIME = auto()
+ TEST = auto()
@dataclass_with_properties
@@ -37,23 +34,23 @@ def __init__(
spdx_id: str,
from_element: str,
relationship_type: RelationshipType,
- to: List[str] = None,
+ to: List[str] = [],
creation_info: Optional[CreationInfo] = None,
name: Optional[str] = None,
summary: Optional[str] = None,
description: Optional[str] = None,
comment: Optional[str] = None,
- verified_using: List[IntegrityMethod] = None,
- external_reference: List[ExternalReference] = None,
- external_identifier: List[ExternalIdentifier] = None,
+ verified_using: List[IntegrityMethod] = [],
+ external_ref: List[ExternalRef] = [],
+ external_identifier: List[ExternalIdentifier] = [],
extension: Optional[str] = None,
completeness: Optional[RelationshipCompleteness] = None,
start_time: Optional[datetime] = None,
end_time: Optional[datetime] = None,
scope: Optional[LifecycleScopeType] = None,
):
- to = [] if to is None else to
- verified_using = [] if verified_using is None else verified_using
- external_reference = [] if external_reference is None else external_reference
- external_identifier = [] if external_identifier is None else external_identifier
+ to = [] if not to else to
+ verified_using = [] if not verified_using else verified_using
+ external_ref = [] if not external_ref else external_ref
+ external_identifier = [] if not external_identifier else external_identifier
check_types_and_set_values(self, locals())
diff --git a/src/spdx_tools/spdx3/model/namespace_map.py b/src/spdx_tools/spdx3/model/core/namespace_map.py
similarity index 100%
rename from src/spdx_tools/spdx3/model/namespace_map.py
rename to src/spdx_tools/spdx3/model/core/namespace_map.py
diff --git a/src/spdx_tools/spdx3/model/organization.py b/src/spdx_tools/spdx3/model/core/organization.py
similarity index 55%
rename from src/spdx_tools/spdx3/model/organization.py
rename to src/spdx_tools/spdx3/model/core/organization.py
index c297b24b3..1364d969a 100644
--- a/src/spdx_tools/spdx3/model/organization.py
+++ b/src/spdx_tools/spdx3/model/core/organization.py
@@ -5,7 +5,12 @@
from spdx_tools.common.typing.dataclass_with_properties import dataclass_with_properties
from spdx_tools.common.typing.type_checks import check_types_and_set_values
-from spdx_tools.spdx3.model import Agent, CreationInfo, ExternalIdentifier, ExternalReference, IntegrityMethod
+
+from .agent import Agent
+from .creation_info import CreationInfo
+from .external_identifier import ExternalIdentifier
+from .external_ref import ExternalRef
+from .integrity_method import IntegrityMethod
@dataclass_with_properties
@@ -18,12 +23,12 @@ def __init__(
summary: Optional[str] = None,
description: Optional[str] = None,
comment: Optional[str] = None,
- verified_using: List[IntegrityMethod] = None,
- external_reference: List[ExternalReference] = None,
- external_identifier: List[ExternalIdentifier] = None,
+ verified_using: List[IntegrityMethod] = [],
+ external_ref: List[ExternalRef] = [],
+ external_identifier: List[ExternalIdentifier] = [],
extension: Optional[str] = None,
):
- verified_using = [] if verified_using is None else verified_using
- external_reference = [] if external_reference is None else external_reference
- external_identifier = [] if external_identifier is None else external_identifier
+ verified_using = [] if not verified_using else verified_using
+ external_ref = [] if not external_ref else external_ref
+ external_identifier = [] if not external_identifier else external_identifier
check_types_and_set_values(self, locals())
diff --git a/src/spdx_tools/spdx3/model/person.py b/src/spdx_tools/spdx3/model/core/person.py
similarity index 55%
rename from src/spdx_tools/spdx3/model/person.py
rename to src/spdx_tools/spdx3/model/core/person.py
index 782e5a366..326027ccd 100644
--- a/src/spdx_tools/spdx3/model/person.py
+++ b/src/spdx_tools/spdx3/model/core/person.py
@@ -5,7 +5,12 @@
from spdx_tools.common.typing.dataclass_with_properties import dataclass_with_properties
from spdx_tools.common.typing.type_checks import check_types_and_set_values
-from spdx_tools.spdx3.model import Agent, CreationInfo, ExternalIdentifier, ExternalReference, IntegrityMethod
+
+from .agent import Agent
+from .creation_info import CreationInfo
+from .external_identifier import ExternalIdentifier
+from .external_ref import ExternalRef
+from .integrity_method import IntegrityMethod
@dataclass_with_properties
@@ -18,12 +23,12 @@ def __init__(
summary: Optional[str] = None,
description: Optional[str] = None,
comment: Optional[str] = None,
- verified_using: List[IntegrityMethod] = None,
- external_reference: List[ExternalReference] = None,
- external_identifier: List[ExternalIdentifier] = None,
+ verified_using: List[IntegrityMethod] = [],
+ external_ref: List[ExternalRef] = [],
+ external_identifier: List[ExternalIdentifier] = [],
extension: Optional[str] = None,
):
- verified_using = [] if verified_using is None else verified_using
- external_reference = [] if external_reference is None else external_reference
- external_identifier = [] if external_identifier is None else external_identifier
+ verified_using = [] if not verified_using else verified_using
+ external_ref = [] if not external_ref else external_ref
+ external_identifier = [] if not external_identifier else external_identifier
check_types_and_set_values(self, locals())
diff --git a/src/spdx_tools/spdx3/model/positive_integer_range.py b/src/spdx_tools/spdx3/model/core/positive_integer_range.py
similarity index 100%
rename from src/spdx_tools/spdx3/model/positive_integer_range.py
rename to src/spdx_tools/spdx3/model/core/positive_integer_range.py
diff --git a/src/spdx_tools/spdx3/model/core/presence_type.py b/src/spdx_tools/spdx3/model/core/presence_type.py
new file mode 100644
index 000000000..265e67312
--- /dev/null
+++ b/src/spdx_tools/spdx3/model/core/presence_type.py
@@ -0,0 +1,10 @@
+# SPDX-License-Identifier: Apache-2.0
+# SPDX-FileCopyrightText: 2024 The SPDX Contributors
+
+from enum import Enum, auto
+
+
+class PresenceType(Enum):
+ NO = auto()
+ NO_ASSERTION = auto()
+ YES = auto()
diff --git a/src/spdx_tools/spdx3/model/profile_identifier.py b/src/spdx_tools/spdx3/model/core/profile_identifier.py
similarity index 87%
rename from src/spdx_tools/spdx3/model/profile_identifier.py
rename to src/spdx_tools/spdx3/model/core/profile_identifier.py
index 40fe7ac41..35ecd7b22 100644
--- a/src/spdx_tools/spdx3/model/profile_identifier.py
+++ b/src/spdx_tools/spdx3/model/core/profile_identifier.py
@@ -5,12 +5,12 @@
class ProfileIdentifierType(Enum):
- CORE = auto()
- SOFTWARE = auto()
- LICENSING = auto()
- SECURITY = auto()
- BUILD = auto()
AI = auto()
+ BUILD = auto()
+ CORE = auto()
DATASET = auto()
- USAGE = auto()
EXTENSION = auto()
+ LICENSING = auto()
+ SECURITY = auto()
+ SOFTWARE = auto()
+ USAGE = auto() # Not present in v3.0.1
diff --git a/src/spdx_tools/spdx3/model/relationship.py b/src/spdx_tools/spdx3/model/core/relationship.py
similarity index 54%
rename from src/spdx_tools/spdx3/model/relationship.py
rename to src/spdx_tools/spdx3/model/core/relationship.py
index 873559460..ba991c1d5 100644
--- a/src/spdx_tools/spdx3/model/relationship.py
+++ b/src/spdx_tools/spdx3/model/core/relationship.py
@@ -9,85 +9,88 @@
from spdx_tools.common.typing.dataclass_with_properties import dataclass_with_properties
from spdx_tools.common.typing.type_checks import check_types_and_set_values
-from spdx_tools.spdx3.model import CreationInfo, Element, ExternalIdentifier, ExternalReference, IntegrityMethod
+
+from .creation_info import CreationInfo
+from .element import Element
+from .external_identifier import ExternalIdentifier
+from .external_ref import ExternalRef
+from .integrity_method import IntegrityMethod
class RelationshipType(Enum):
AFFECTS = auto()
- AMENDS = auto()
- ANCESTOR = auto()
+ AMENDED_BY = auto()
+ ANCESTOR_OF = auto()
AVAILABLE_FROM = auto()
- BUILD_DEPENDENCY = auto()
- BUILD_TOOL = auto()
- COORDINATED_BY = auto()
+ CONFIGURES = auto()
CONTAINS = auto()
- CONFIG_OF = auto()
- COPY = auto()
+ COORDINATED_BY = auto()
+ COPIED_TO = auto()
DATA_FILE = auto()
- DEPENDENCY_MANIFEST = auto()
+ DELEGATED_TO = auto()
DEPENDS_ON = auto()
- DESCENDANT = auto()
+ DESCENDANT_OF = auto()
DESCRIBES = auto()
- DEV_DEPENDENCY = auto()
- DEV_TOOL = auto()
- DISTRIBUTION_ARTIFACT = auto()
- DOCUMENTATION = auto()
DOES_NOT_AFFECT = auto()
- DYNAMIC_LINK = auto()
- EXAMPLE = auto()
- EVIDENCE_FOR = auto()
- EXPANDED_FROM_ARCHIVE = auto()
+ EXPANDS_TO = auto()
EXPLOIT_CREATED_BY = auto()
- FILE_ADDED = auto()
- FILE_DELETED = auto()
- FILE_MODIFIED = auto()
FIXED_BY = auto()
FIXED_IN = auto()
FOUND_BY = auto()
- GENERATES = auto()
+ GENERATES = auto()
+ HAS_ADDED_FILE = auto()
HAS_ASSESSMENT_FOR = auto()
HAS_ASSOCIATED_VULNERABILITY = auto()
- HOST_OF = auto()
- INPUT_OF = auto()
+ HAS_CONCLUDED_LICENSE = auto()
+ HAS_DATA_FILE = auto()
+ HAS_DECLARED_LICENSE = auto()
+ HAS_DELETED_FILE = auto()
+ HAS_DEPENDENCY_MANIFEST = auto()
+ HAS_DISTRIBUTION_ARTIFACT = auto()
+ HAS_DOCUMENTATION = auto()
+ HAS_DYNAMIC_LINK = auto()
+ HAS_EVIDENCE = auto()
+ HAS_EXAMPLE = auto()
+ HAS_HOST = auto()
+ HAS_INPUT = auto()
+ HAS_METADATA = auto()
+ HAS_OPTIONAL_COMPONENT = auto()
+ HAS_OPTIONAL_DEPENDENCY = auto()
+ HAS_OUTPUT = auto()
+ HAS_PREREQUISITE = auto()
+ HAS_PROVIDED_DEPENDENCY = auto()
+ HAS_REQUIREMENT = auto()
+ HAS_SPECIFICATION = auto()
+ HAS_STATIC_LINK = auto()
+ HAS_TEST = auto()
+ HAS_TEST_CASE = auto()
+ HAS_VARIANT = auto()
INVOKED_BY = auto()
- METAFILE = auto()
- ON_BEHALF_OF = auto()
- OPTIONAL_COMPONENT = auto()
- OPTIONAL_DEPENDENCY = auto()
+ MODIFIED_BY = auto()
OTHER = auto()
- OUTPUT_OF = auto()
- PACKAGES = auto()
- PATCH = auto()
- PREREQUISITE = auto()
- PROVIDED_DEPENDENCY = auto()
+ PACKAGED_BY = auto()
+ PATCHED_BY = auto()
PUBLISHED_BY = auto()
REPORTED_BY = auto()
REPUBLISHED_BY = auto()
- REQUIREMENT_FOR = auto()
- RUNTIME_DEPENDENCY = auto()
- SPECIFICATION_FOR = auto()
- STATIC_LINK = auto()
- TEST = auto()
- TEST_CASE = auto()
- TEST_DEPENDENCY = auto()
- TEST_TOOL = auto()
+ SERIALIZED_IN_ARTIFACT = auto()
TESTED_ON = auto()
TRAINED_ON = auto()
UNDER_INVESTIGATION_FOR = auto()
- VARIANT = auto()
+ USES_TOOL = auto()
class RelationshipCompleteness(Enum):
- INCOMPLETE = auto()
COMPLETE = auto()
- NOASSERTION = auto()
+ INCOMPLETE = auto()
+ NO_ASSERTION = auto()
@dataclass_with_properties
class Relationship(Element):
# due to the inheritance we need to make all fields non-default in the __annotation__,
# the __init__ method still raises an error if required fields are not set
- from_element: str = None
+ from_element: str = ""
to: List[str] = field(default_factory=list)
relationship_type: RelationshipType = None
completeness: Optional[RelationshipCompleteness] = None
@@ -99,22 +102,22 @@ def __init__(
spdx_id: str,
from_element: str,
relationship_type: RelationshipType,
- to: List[str] = None,
+ to: List[str] = [],
creation_info: Optional[CreationInfo] = None,
name: Optional[str] = None,
summary: Optional[str] = None,
description: Optional[str] = None,
comment: Optional[str] = None,
- verified_using: List[IntegrityMethod] = None,
- external_reference: List[ExternalReference] = None,
- external_identifier: List[ExternalIdentifier] = None,
+ verified_using: List[IntegrityMethod] = [],
+ external_ref: List[ExternalRef] = [],
+ external_identifier: List[ExternalIdentifier] = [],
extension: Optional[str] = None,
completeness: Optional[RelationshipCompleteness] = None,
start_time: Optional[datetime] = None,
end_time: Optional[datetime] = None,
):
- to = [] if to is None else to
- verified_using = [] if verified_using is None else verified_using
- external_reference = [] if external_reference is None else external_reference
- external_identifier = [] if external_identifier is None else external_identifier
+ to = [] if not to else to
+ verified_using = [] if not verified_using else verified_using
+ external_ref = [] if not external_ref else external_ref
+ external_identifier = [] if not external_identifier else external_identifier
check_types_and_set_values(self, locals())
diff --git a/src/spdx_tools/spdx3/model/software_agent.py b/src/spdx_tools/spdx3/model/core/software_agent.py
similarity index 55%
rename from src/spdx_tools/spdx3/model/software_agent.py
rename to src/spdx_tools/spdx3/model/core/software_agent.py
index 28e4b33a2..106eca5e4 100644
--- a/src/spdx_tools/spdx3/model/software_agent.py
+++ b/src/spdx_tools/spdx3/model/core/software_agent.py
@@ -5,7 +5,12 @@
from spdx_tools.common.typing.dataclass_with_properties import dataclass_with_properties
from spdx_tools.common.typing.type_checks import check_types_and_set_values
-from spdx_tools.spdx3.model import Agent, CreationInfo, ExternalIdentifier, ExternalReference, IntegrityMethod
+
+from .agent import Agent
+from .creation_info import CreationInfo
+from .external_identifier import ExternalIdentifier
+from .external_ref import ExternalRef
+from .integrity_method import IntegrityMethod
@dataclass_with_properties
@@ -18,12 +23,12 @@ def __init__(
summary: Optional[str] = None,
description: Optional[str] = None,
comment: Optional[str] = None,
- verified_using: List[IntegrityMethod] = None,
- external_reference: List[ExternalReference] = None,
- external_identifier: List[ExternalIdentifier] = None,
+ verified_using: List[IntegrityMethod] = [],
+ external_ref: List[ExternalRef] = [],
+ external_identifier: List[ExternalIdentifier] = [],
extension: Optional[str] = None,
):
- verified_using = [] if verified_using is None else verified_using
- external_reference = [] if external_reference is None else external_reference
- external_identifier = [] if external_identifier is None else external_identifier
+ verified_using = [] if not verified_using else verified_using
+ external_ref = [] if not external_ref else external_ref
+ external_identifier = [] if not external_identifier else external_identifier
check_types_and_set_values(self, locals())
diff --git a/src/spdx_tools/spdx3/model/spdx_document.py b/src/spdx_tools/spdx3/model/core/spdx_document.py
similarity index 51%
rename from src/spdx_tools/spdx3/model/spdx_document.py
rename to src/spdx_tools/spdx3/model/core/spdx_document.py
index d9c70401c..1fc5e4835 100644
--- a/src/spdx_tools/spdx3/model/spdx_document.py
+++ b/src/spdx_tools/spdx3/model/core/spdx_document.py
@@ -5,15 +5,15 @@
from spdx_tools.common.typing.dataclass_with_properties import dataclass_with_properties
from spdx_tools.common.typing.type_checks import check_types_and_set_values
-from spdx_tools.spdx3.model import (
- Bundle,
- CreationInfo,
- ExternalIdentifier,
- ExternalMap,
- ExternalReference,
- IntegrityMethod,
- NamespaceMap,
-)
+
+from .bundle import Bundle
+from .creation_info import CreationInfo
+from .external_identifier import ExternalIdentifier
+from .external_map import ExternalMap
+from .external_ref import ExternalRef
+from .integrity_method import IntegrityMethod
+from .namespace_map import NamespaceMap
+from .profile_identifier import ProfileIdentifierType
@dataclass_with_properties
@@ -31,17 +31,18 @@ def __init__(
summary: Optional[str] = None,
description: Optional[str] = None,
comment: Optional[str] = None,
- verified_using: List[IntegrityMethod] = None,
- external_reference: List[ExternalReference] = None,
- external_identifier: List[ExternalIdentifier] = None,
+ verified_using: List[IntegrityMethod] = [],
+ external_ref: List[ExternalRef] = [],
+ external_identifier: List[ExternalIdentifier] = [],
extension: Optional[str] = None,
- namespaces: List[NamespaceMap] = None,
- imports: List[ExternalMap] = None,
+ namespace: List[NamespaceMap] = [],
+ import_: List[ExternalMap] = [],
context: Optional[str] = None,
+ profile_conformance: List[ProfileIdentifierType] = [],
):
- verified_using = [] if verified_using is None else verified_using
- external_reference = [] if external_reference is None else external_reference
- external_identifier = [] if external_identifier is None else external_identifier
- namespaces = [] if namespaces is None else namespaces
- imports = [] if imports is None else imports
+ verified_using = [] if not verified_using else verified_using
+ external_ref = [] if not external_ref else external_ref
+ external_identifier = [] if not external_identifier else external_identifier
+ namespace = [] if not namespace else namespace
+ import_ = [] if not import_ else import_
check_types_and_set_values(self, locals())
diff --git a/src/spdx_tools/spdx3/model/core/support_type.py b/src/spdx_tools/spdx3/model/core/support_type.py
new file mode 100644
index 000000000..70456a621
--- /dev/null
+++ b/src/spdx_tools/spdx3/model/core/support_type.py
@@ -0,0 +1,14 @@
+# SPDX-License-Identifier: Apache-2.0
+# SPDX-FileCopyrightText: 2024 The SPDX Contributors
+
+from enum import Enum, auto
+
+
+class SupportType(Enum):
+ DEPLOYED = auto()
+ DEVELOPMENT = auto()
+ END_OF_SUPPORT = auto()
+ LIMITED_SUPPORT = auto()
+ NO_ASSERTION = auto()
+ NO_SUPPORT = auto()
+ SUPPORT = auto()
diff --git a/src/spdx_tools/spdx3/model/tool.py b/src/spdx_tools/spdx3/model/core/tool.py
similarity index 54%
rename from src/spdx_tools/spdx3/model/tool.py
rename to src/spdx_tools/spdx3/model/core/tool.py
index b4ba72cf3..b1b5d7449 100644
--- a/src/spdx_tools/spdx3/model/tool.py
+++ b/src/spdx_tools/spdx3/model/core/tool.py
@@ -5,7 +5,12 @@
from spdx_tools.common.typing.dataclass_with_properties import dataclass_with_properties
from spdx_tools.common.typing.type_checks import check_types_and_set_values
-from spdx_tools.spdx3.model import CreationInfo, Element, ExternalIdentifier, ExternalReference, IntegrityMethod
+
+from .creation_info import CreationInfo
+from .element import Element
+from .external_identifier import ExternalIdentifier
+from .external_ref import ExternalRef
+from .integrity_method import IntegrityMethod
@dataclass_with_properties
@@ -18,12 +23,12 @@ def __init__(
summary: Optional[str] = None,
description: Optional[str] = None,
comment: Optional[str] = None,
- verified_using: List[IntegrityMethod] = None,
- external_reference: List[ExternalReference] = None,
- external_identifier: List[ExternalIdentifier] = None,
+ verified_using: List[IntegrityMethod] = [],
+ external_ref: List[ExternalRef] = [],
+ external_identifier: List[ExternalIdentifier] = [],
extension: Optional[str] = None,
):
- verified_using = [] if verified_using is None else verified_using
- external_reference = [] if external_reference is None else external_reference
- external_identifier = [] if external_identifier is None else external_identifier
+ verified_using = [] if not verified_using else verified_using
+ external_ref = [] if not external_ref else external_ref
+ external_identifier = [] if not external_identifier else external_identifier
check_types_and_set_values(self, locals())
diff --git a/src/spdx_tools/spdx3/model/dataset/__init__.py b/src/spdx_tools/spdx3/model/dataset/__init__.py
index 5e2b4e153..1f206567b 100644
--- a/src/spdx_tools/spdx3/model/dataset/__init__.py
+++ b/src/spdx_tools/spdx3/model/dataset/__init__.py
@@ -1,4 +1,16 @@
# SPDX-FileCopyrightText: 2023 spdx contributors
#
# SPDX-License-Identifier: Apache-2.0
-from spdx_tools.spdx3.model.dataset.dataset import Dataset, DatasetAvailabilityType, ConfidentialityLevelType
+from .dataset_package import (
+ ConfidentialityLevelType,
+ DatasetAvailabilityType,
+ DatasetPackage,
+ DatasetType,
+)
+
+__all__ = [
+ "ConfidentialityLevelType",
+ "DatasetAvailabilityType",
+ "DatasetPackage",
+ "DatasetType",
+]
diff --git a/src/spdx_tools/spdx3/model/dataset/dataset.py b/src/spdx_tools/spdx3/model/dataset/dataset_package.py
similarity index 61%
rename from src/spdx_tools/spdx3/model/dataset/dataset.py
rename to src/spdx_tools/spdx3/model/dataset/dataset_package.py
index bbb82cc3a..bd2b5e286 100644
--- a/src/spdx_tools/spdx3/model/dataset/dataset.py
+++ b/src/spdx_tools/spdx3/model/dataset/dataset_package.py
@@ -9,26 +9,31 @@
from spdx_tools.common.typing.dataclass_with_properties import dataclass_with_properties
from spdx_tools.common.typing.type_checks import check_types_and_set_values
-from spdx_tools.spdx3.model import CreationInfo, ExternalIdentifier, ExternalReference, IntegrityMethod
-from spdx_tools.spdx3.model.licensing import LicenseField
-from spdx_tools.spdx3.model.software import Package, SoftwarePurpose
+
+from ..core.creation_info import CreationInfo
+from ..core.external_identifier import ExternalIdentifier
+from ..core.external_ref import ExternalRef
+from ..core.integrity_method import IntegrityMethod
+from ..licensing.license_field import LicenseField
+from ..software.package import Package
+from ..software.software_purpose import SoftwarePurpose
class DatasetType(Enum):
- STRUCTURED = auto()
- NUMERIC = auto()
- TEXT = auto()
+ AUDIO = auto()
CATEGORICAL = auto()
GRAPH = auto()
- TIMESERIES = auto()
- TIMESTAMP = auto()
- SENSOR = auto()
IMAGE = auto()
+ NO_ASSERTION = auto()
+ NUMERIC = auto()
+ OTHER = auto()
+ SENSOR = auto()
+ STRUCTURED = auto()
SYNTACTIC = auto()
- AUDIO = auto()
+ TEXT = auto()
+ TIMESERIES = auto()
+ TIMESTAMP = auto()
VIDEO = auto()
- OTHER = auto()
- NO_ASSERTION = auto()
class ConfidentialityLevelType(Enum):
@@ -39,16 +44,16 @@ class ConfidentialityLevelType(Enum):
class DatasetAvailabilityType(Enum):
+ CLICKTHROUGH = auto()
DIRECT_DOWNLOAD = auto()
- SCRAPING_SCRIPT = auto()
QUERY = auto()
- CLICKTHROUGH = auto()
REGISTRATION = auto()
+ SCRAPING_SCRIPT = auto()
@dataclass_with_properties
-class Dataset(Package):
- dataset_type: List[DatasetType] = None
+class DatasetPackage(Package):
+ dataset_type: List[DatasetType] = field(default_factory=list)
data_collection_process: Optional[str] = None
intended_use: Optional[str] = None
dataset_size: Optional[int] = None
@@ -56,7 +61,7 @@ class Dataset(Package):
data_preprocessing: List[str] = field(default_factory=list)
sensor: Dict[str, Optional[str]] = field(default_factory=dict)
known_bias: List[str] = field(default_factory=list)
- sensitive_personal_information: Optional[bool] = None
+ has_sensitive_personal_information: Optional[bool] = None
anonymization_method_used: List[str] = field(default_factory=list)
confidentiality_level: Optional[ConfidentialityLevelType] = None
dataset_update_mechanism: Optional[str] = None
@@ -76,45 +81,47 @@ def __init__(
summary: Optional[str] = None,
description: Optional[str] = None,
comment: Optional[str] = None,
- verified_using: List[IntegrityMethod] = None,
- external_reference: List[ExternalReference] = None,
- external_identifier: List[ExternalIdentifier] = None,
+ verified_using: List[IntegrityMethod] = [],
+ external_ref: List[ExternalRef] = [],
+ external_identifier: List[ExternalIdentifier] = [],
extension: Optional[str] = None,
- supplied_by: List[str] = None,
+ supplied_by: List[str] = [],
valid_until_time: Optional[datetime] = None,
- standard: List[str] = None,
+ standard: List[str] = [],
content_identifier: Optional[str] = None,
- additional_purpose: List[SoftwarePurpose] = None,
+ additional_purpose: List[SoftwarePurpose] = [],
concluded_license: Optional[LicenseField] = None,
declared_license: Optional[LicenseField] = None,
copyright_text: Optional[str] = None,
attribution_text: Optional[str] = None,
package_version: Optional[str] = None,
package_url: Optional[str] = None,
- homepage: Optional[str] = None,
+ home_page: Optional[str] = None,
source_info: Optional[str] = None,
data_collection_process: Optional[str] = None,
intended_use: Optional[str] = None,
dataset_size: Optional[int] = None,
dataset_noise: Optional[str] = None,
- data_preprocessing: List[str] = None,
- sensor: Dict[str, Optional[str]] = None,
- known_bias: List[str] = None,
- sensitive_personal_information: Optional[bool] = None,
- anonymization_method_used: List[str] = None,
+ data_preprocessing: List[str] = [],
+ sensor: Dict[str, Optional[str]] = {},
+ known_bias: List[str] = [],
+ has_sensitive_personal_information: Optional[bool] = None,
+ anonymization_method_used: List[str] = [],
confidentiality_level: Optional[ConfidentialityLevelType] = None,
dataset_update_mechanism: Optional[str] = None,
dataset_availability: Optional[DatasetAvailabilityType] = None,
):
- verified_using = [] if verified_using is None else verified_using
- external_reference = [] if external_reference is None else external_reference
- external_identifier = [] if external_identifier is None else external_identifier
- originated_by = [] if originated_by is None else originated_by
- additional_purpose = [] if additional_purpose is None else additional_purpose
- supplied_by = [] if supplied_by is None else supplied_by
- standard = [] if standard is None else standard
- data_preprocessing = [] if data_preprocessing is None else data_preprocessing
- sensor = {} if sensor is None else sensor
- known_bias = [] if known_bias is None else known_bias
- anonymization_method_used = [] if anonymization_method_used is None else anonymization_method_used
+ verified_using = [] if not verified_using else verified_using
+ external_ref = [] if not external_ref else external_ref
+ external_identifier = [] if not external_identifier else external_identifier
+ originated_by = [] if not originated_by else originated_by
+ additional_purpose = [] if not additional_purpose else additional_purpose
+ supplied_by = [] if not supplied_by else supplied_by
+ standard = [] if not standard else standard
+ data_preprocessing = [] if not data_preprocessing else data_preprocessing
+ sensor = {} if not sensor else sensor
+ known_bias = [] if not known_bias else known_bias
+ anonymization_method_used = (
+ [] if not anonymization_method_used else anonymization_method_used
+ )
check_types_and_set_values(self, locals())
diff --git a/src/spdx_tools/spdx3/model/expanded_licensing/__init__.py b/src/spdx_tools/spdx3/model/expanded_licensing/__init__.py
new file mode 100644
index 000000000..131ab7732
--- /dev/null
+++ b/src/spdx_tools/spdx3/model/expanded_licensing/__init__.py
@@ -0,0 +1,2 @@
+# SPDX-License-Identifier: Apache-2.0
+# SPDX-FileCopyrightText: 2024 The SPDX Contributors
diff --git a/src/spdx_tools/spdx3/model/extension/__init__.py b/src/spdx_tools/spdx3/model/extension/__init__.py
new file mode 100644
index 000000000..131ab7732
--- /dev/null
+++ b/src/spdx_tools/spdx3/model/extension/__init__.py
@@ -0,0 +1,2 @@
+# SPDX-License-Identifier: Apache-2.0
+# SPDX-FileCopyrightText: 2024 The SPDX Contributors
diff --git a/src/spdx_tools/spdx3/model/licensing/__init__.py b/src/spdx_tools/spdx3/model/licensing/__init__.py
index 8d9b9c6af..945012aed 100644
--- a/src/spdx_tools/spdx3/model/licensing/__init__.py
+++ b/src/spdx_tools/spdx3/model/licensing/__init__.py
@@ -15,3 +15,20 @@
from .none_license import NoneLicense
from .or_later_operator import OrLaterOperator
from .with_addition_operator import WithAdditionOperator
+
+__all__ = [
+ "AnyLicenseInfo",
+ "ConjunctiveLicenseSet",
+ "CustomLicense",
+ "CustomLicenseAddition",
+ "DisjunctiveLicenseSet",
+ "License",
+ "LicenseAddition",
+ "LicenseField",
+ "ListedLicense",
+ "ListedLicenseException",
+ "NoAssertionLicense",
+ "NoneLicense",
+ "OrLaterOperator",
+ "WithAdditionOperator",
+]
diff --git a/src/spdx_tools/spdx3/model/licensing/any_license_info.py b/src/spdx_tools/spdx3/model/licensing/any_license_info.py
index 1f1402427..19b99ce03 100644
--- a/src/spdx_tools/spdx3/model/licensing/any_license_info.py
+++ b/src/spdx_tools/spdx3/model/licensing/any_license_info.py
@@ -3,7 +3,7 @@
# SPDX-License-Identifier: Apache-2.0
from abc import abstractmethod
-from spdx_tools.spdx3.model.licensing.license_field import LicenseField
+from .license_field import LicenseField
class AnyLicenseInfo(LicenseField):
diff --git a/src/spdx_tools/spdx3/model/licensing/conjunctive_license_set.py b/src/spdx_tools/spdx3/model/licensing/conjunctive_license_set.py
index fe5605761..9951464e6 100644
--- a/src/spdx_tools/spdx3/model/licensing/conjunctive_license_set.py
+++ b/src/spdx_tools/spdx3/model/licensing/conjunctive_license_set.py
@@ -5,7 +5,8 @@
from spdx_tools.common.typing.dataclass_with_properties import dataclass_with_properties
from spdx_tools.common.typing.type_checks import check_types_and_set_values
-from spdx_tools.spdx3.model.licensing.any_license_info import AnyLicenseInfo
+
+from .any_license_info import AnyLicenseInfo
@dataclass_with_properties
diff --git a/src/spdx_tools/spdx3/model/licensing/custom_license.py b/src/spdx_tools/spdx3/model/licensing/custom_license.py
index 4617a18db..6d9efa374 100644
--- a/src/spdx_tools/spdx3/model/licensing/custom_license.py
+++ b/src/spdx_tools/spdx3/model/licensing/custom_license.py
@@ -5,7 +5,8 @@
from spdx_tools.common.typing.dataclass_with_properties import dataclass_with_properties
from spdx_tools.common.typing.type_checks import check_types_and_set_values
-from spdx_tools.spdx3.model.licensing.license import License
+
+from .license import License
@dataclass_with_properties
@@ -16,7 +17,7 @@ def __init__(
license_name: str,
license_text: str,
license_comment: Optional[str] = None,
- see_also: List[str] = None,
+ see_also: List[str] = [],
is_osi_approved: Optional[bool] = None,
is_fsf_libre: Optional[bool] = None,
standard_license_header: Optional[str] = None,
@@ -24,5 +25,5 @@ def __init__(
is_deprecated_license_id: Optional[bool] = None,
obsoleted_by: Optional[str] = None,
):
- see_also = [] if see_also is None else see_also
+ see_also = [] if not see_also else see_also
check_types_and_set_values(self, locals())
diff --git a/src/spdx_tools/spdx3/model/licensing/custom_license_addition.py b/src/spdx_tools/spdx3/model/licensing/custom_license_addition.py
index b50d27770..3fd5bdd00 100644
--- a/src/spdx_tools/spdx3/model/licensing/custom_license_addition.py
+++ b/src/spdx_tools/spdx3/model/licensing/custom_license_addition.py
@@ -5,7 +5,8 @@
from spdx_tools.common.typing.dataclass_with_properties import dataclass_with_properties
from spdx_tools.common.typing.type_checks import check_types_and_set_values
-from spdx_tools.spdx3.model.licensing.license_addition import LicenseAddition
+
+from .license_addition import LicenseAddition
@dataclass_with_properties
@@ -16,10 +17,10 @@ def __init__(
addition_name: str,
addition_text: str,
addition_comment: Optional[str] = None,
- see_also: List[str] = None,
+ see_also: List[str] = [],
standard_addition_template: Optional[str] = None,
is_deprecated_addition_id: Optional[bool] = None,
obsoleted_by: Optional[str] = None,
):
- see_also = [] if see_also is None else see_also
+ see_also = [] if not see_also else see_also
check_types_and_set_values(self, locals())
diff --git a/src/spdx_tools/spdx3/model/licensing/disjunctive_license_set.py b/src/spdx_tools/spdx3/model/licensing/disjunctive_license_set.py
index a5ac3bdc8..d5cd348fb 100644
--- a/src/spdx_tools/spdx3/model/licensing/disjunctive_license_set.py
+++ b/src/spdx_tools/spdx3/model/licensing/disjunctive_license_set.py
@@ -5,7 +5,8 @@
from spdx_tools.common.typing.dataclass_with_properties import dataclass_with_properties
from spdx_tools.common.typing.type_checks import check_types_and_set_values
-from spdx_tools.spdx3.model.licensing.any_license_info import AnyLicenseInfo
+
+from .any_license_info import AnyLicenseInfo
@dataclass_with_properties
diff --git a/src/spdx_tools/spdx3/model/licensing/license.py b/src/spdx_tools/spdx3/model/licensing/license.py
index e2fd625ff..21dbfe650 100644
--- a/src/spdx_tools/spdx3/model/licensing/license.py
+++ b/src/spdx_tools/spdx3/model/licensing/license.py
@@ -7,7 +7,8 @@
from beartype.typing import List, Optional
from spdx_tools.common.typing.dataclass_with_properties import dataclass_with_properties
-from spdx_tools.spdx3.model.licensing.any_license_info import AnyLicenseInfo
+
+from .any_license_info import AnyLicenseInfo
@dataclass_with_properties
diff --git a/src/spdx_tools/spdx3/model/licensing/listed_license.py b/src/spdx_tools/spdx3/model/licensing/listed_license.py
index 2c0b02b3d..e9c1521c9 100644
--- a/src/spdx_tools/spdx3/model/licensing/listed_license.py
+++ b/src/spdx_tools/spdx3/model/licensing/listed_license.py
@@ -5,7 +5,8 @@
from spdx_tools.common.typing.dataclass_with_properties import dataclass_with_properties
from spdx_tools.common.typing.type_checks import check_types_and_set_values
-from spdx_tools.spdx3.model.licensing.license import License
+
+from .license import License
@dataclass_with_properties
@@ -19,7 +20,7 @@ def __init__(
license_name: str,
license_text: str,
license_comment: Optional[str] = None,
- see_also: List[str] = None,
+ see_also: List[str] = [],
is_osi_approved: Optional[bool] = None,
is_fsf_libre: Optional[bool] = None,
standard_license_header: Optional[str] = None,
@@ -29,5 +30,5 @@ def __init__(
list_version_added: Optional[str] = None,
deprecated_version: Optional[str] = None,
):
- see_also = [] if see_also is None else see_also
+ see_also = [] if not see_also else see_also
check_types_and_set_values(self, locals())
diff --git a/src/spdx_tools/spdx3/model/licensing/listed_license_exception.py b/src/spdx_tools/spdx3/model/licensing/listed_license_exception.py
index 799fcedae..0afc534e6 100644
--- a/src/spdx_tools/spdx3/model/licensing/listed_license_exception.py
+++ b/src/spdx_tools/spdx3/model/licensing/listed_license_exception.py
@@ -5,7 +5,8 @@
from spdx_tools.common.typing.dataclass_with_properties import dataclass_with_properties
from spdx_tools.common.typing.type_checks import check_types_and_set_values
-from spdx_tools.spdx3.model.licensing.license_addition import LicenseAddition
+
+from .license_addition import LicenseAddition
@dataclass_with_properties
@@ -19,12 +20,12 @@ def __init__(
addition_name: str,
addition_text: str,
addition_comment: Optional[str] = None,
- see_also: List[str] = None,
+ see_also: List[str] = [],
standard_addition_template: Optional[str] = None,
is_deprecated_addition_id: Optional[bool] = None,
obsoleted_by: Optional[str] = None,
list_version_added: Optional[str] = None,
deprecated_version: Optional[str] = None,
):
- see_also = [] if see_also is None else see_also
+ see_also = [] if not see_also else see_also
check_types_and_set_values(self, locals())
diff --git a/src/spdx_tools/spdx3/model/licensing/no_assertion_license.py b/src/spdx_tools/spdx3/model/licensing/no_assertion_license.py
index 66a00b261..63790ebb2 100644
--- a/src/spdx_tools/spdx3/model/licensing/no_assertion_license.py
+++ b/src/spdx_tools/spdx3/model/licensing/no_assertion_license.py
@@ -1,7 +1,7 @@
# SPDX-FileCopyrightText: 2023 spdx contributors
#
# SPDX-License-Identifier: Apache-2.0
-from spdx_tools.spdx3.model.licensing.license_field import LicenseField
+from .license_field import LicenseField
class NoAssertionLicense(LicenseField):
diff --git a/src/spdx_tools/spdx3/model/licensing/none_license.py b/src/spdx_tools/spdx3/model/licensing/none_license.py
index e34253608..d7115da69 100644
--- a/src/spdx_tools/spdx3/model/licensing/none_license.py
+++ b/src/spdx_tools/spdx3/model/licensing/none_license.py
@@ -1,7 +1,7 @@
# SPDX-FileCopyrightText: 2023 spdx contributors
#
# SPDX-License-Identifier: Apache-2.0
-from spdx_tools.spdx3.model.licensing.license_field import LicenseField
+from .license_field import LicenseField
class NoneLicense(LicenseField):
diff --git a/src/spdx_tools/spdx3/model/licensing/or_later_operator.py b/src/spdx_tools/spdx3/model/licensing/or_later_operator.py
index 2aa204b98..ef4c103fb 100644
--- a/src/spdx_tools/spdx3/model/licensing/or_later_operator.py
+++ b/src/spdx_tools/spdx3/model/licensing/or_later_operator.py
@@ -3,9 +3,9 @@
# SPDX-License-Identifier: Apache-2.0
from spdx_tools.common.typing.dataclass_with_properties import dataclass_with_properties
from spdx_tools.common.typing.type_checks import check_types_and_set_values
-from spdx_tools.spdx3.model.licensing.any_license_info import AnyLicenseInfo
-from spdx_tools.spdx3.model.licensing.license import License
+from .any_license_info import AnyLicenseInfo
+from .license import License
@dataclass_with_properties
class OrLaterOperator(AnyLicenseInfo):
diff --git a/src/spdx_tools/spdx3/model/licensing/with_addition_operator.py b/src/spdx_tools/spdx3/model/licensing/with_addition_operator.py
index 9e79f8d98..3bef4c046 100644
--- a/src/spdx_tools/spdx3/model/licensing/with_addition_operator.py
+++ b/src/spdx_tools/spdx3/model/licensing/with_addition_operator.py
@@ -3,9 +3,10 @@
# SPDX-License-Identifier: Apache-2.0
from spdx_tools.common.typing.dataclass_with_properties import dataclass_with_properties
from spdx_tools.common.typing.type_checks import check_types_and_set_values
-from spdx_tools.spdx3.model.licensing.any_license_info import AnyLicenseInfo
-from spdx_tools.spdx3.model.licensing.license import License
-from spdx_tools.spdx3.model.licensing.license_addition import LicenseAddition
+
+from .any_license_info import AnyLicenseInfo
+from .license import License
+from .license_addition import LicenseAddition
@dataclass_with_properties
diff --git a/src/spdx_tools/spdx3/model/security/__init__.py b/src/spdx_tools/spdx3/model/security/__init__.py
index 3407981c8..6322feba6 100644
--- a/src/spdx_tools/spdx3/model/security/__init__.py
+++ b/src/spdx_tools/spdx3/model/security/__init__.py
@@ -4,15 +4,43 @@
from .cvss_v2_vuln_assessment_relationship import CvssV2VulnAssessmentRelationship
from .cvss_v3_vuln_assessment_relationship import CvssV3VulnAssessmentRelationship
from .epss_vuln_assessment_relationship import EpssVulnAssessmentRelationship
-from .exploit_catalog_vuln_assessment_relationship import ExploitCatalogVulnAssessmentRelationship, ExploitCatalogType
-from .ssvc_vuln_assessment_relationship import SsvcVulnAssessmentRelationship, SsvcDecisionType
-from .vex_affected_vuln_assessment_relationship import VexAffectedVulnAssessmentRelationship
+from .exploit_catalog_vuln_assessment_relationship import (
+ ExploitCatalogType,
+ ExploitCatalogVulnAssessmentRelationship,
+)
+from .ssvc_vuln_assessment_relationship import (
+ SsvcDecisionType,
+ SsvcVulnAssessmentRelationship,
+)
+from .vex_affected_vuln_assessment_relationship import (
+ VexAffectedVulnAssessmentRelationship,
+)
from .vex_fixed_vuln_assessment_relationship import VexFixedVulnAssessmentRelationship
from .vex_not_affected_vuln_assessment_relationship import (
VexNotAffectedVulnAssessmentRelationship,
VexJustificationType,
)
-from .vex_under_investigation_vuln_assessment_relationship import VexUnderInvestigationVulnAssessmentRelationship
+from .vex_under_investigation_vuln_assessment_relationship import (
+ VexUnderInvestigationVulnAssessmentRelationship,
+)
from .vex_vuln_assessment_relationship import VexVulnAssessmentRelationship
from .vuln_assessment_relationship import VulnAssessmentRelationship
from .vulnerability import Vulnerability
+
+__all__ = [
+ "CvssV2VulnAssessmentRelationship",
+ "CvssV3VulnAssessmentRelationship",
+ "EpssVulnAssessmentRelationship",
+ "ExploitCatalogType",
+ "ExploitCatalogVulnAssessmentRelationship",
+ "SsvcDecisionType",
+ "SsvcVulnAssessmentRelationship",
+ "VexAffectedVulnAssessmentRelationship",
+ "VexFixedVulnAssessmentRelationship",
+ "VexNotAffectedVulnAssessmentRelationship",
+ "VexJustificationType",
+ "VexUnderInvestigationVulnAssessmentRelationship",
+ "VexVulnAssessmentRelationship",
+ "VulnAssessmentRelationship",
+ "Vulnerability",
+]
diff --git a/src/spdx_tools/spdx3/model/security/cvss_v2_vuln_assessment_relationship.py b/src/spdx_tools/spdx3/model/security/cvss_v2_vuln_assessment_relationship.py
index c686f9dfc..c66048637 100644
--- a/src/spdx_tools/spdx3/model/security/cvss_v2_vuln_assessment_relationship.py
+++ b/src/spdx_tools/spdx3/model/security/cvss_v2_vuln_assessment_relationship.py
@@ -7,20 +7,19 @@
from spdx_tools.common.typing.dataclass_with_properties import dataclass_with_properties
from spdx_tools.common.typing.type_checks import check_types_and_set_values
-from spdx_tools.spdx3.model import (
- CreationInfo,
- ExternalIdentifier,
- ExternalReference,
- IntegrityMethod,
- RelationshipCompleteness,
-)
-from spdx_tools.spdx3.model.security.vuln_assessment_relationship import VulnAssessmentRelationship
from spdx_tools.spdx.model import RelationshipType
+from ..core.creation_info import CreationInfo
+from ..core.external_identifier import ExternalIdentifier
+from ..core.external_ref import ExternalRef
+from ..core.integrity_method import IntegrityMethod
+from ..core.relationship import RelationshipCompleteness
+from ..security.vuln_assessment_relationship import VulnAssessmentRelationship
+
@dataclass_with_properties
class CvssV2VulnAssessmentRelationship(VulnAssessmentRelationship):
- score: str = None
+ score: str = ""
severity: Optional[str] = None
vector: Optional[str] = None
@@ -36,9 +35,9 @@ def __init__(
summary: Optional[str] = None,
description: Optional[str] = None,
comment: Optional[str] = None,
- verified_using: List[IntegrityMethod] = None,
- external_reference: List[ExternalReference] = None,
- external_identifier: List[ExternalIdentifier] = None,
+ verified_using: List[IntegrityMethod] = [],
+ external_ref: List[ExternalRef] = [],
+ external_identifier: List[ExternalIdentifier] = [],
extension: Optional[str] = None,
completeness: Optional[RelationshipCompleteness] = None,
start_time: Optional[datetime] = None,
@@ -51,7 +50,7 @@ def __init__(
severity: Optional[str] = None,
vector: Optional[str] = None,
):
- verified_using = [] if verified_using is None else verified_using
- external_reference = [] if external_reference is None else external_reference
- external_identifier = [] if external_identifier is None else external_identifier
+ verified_using = [] if not verified_using else verified_using
+ external_ref = [] if not external_ref else external_ref
+ external_identifier = [] if not external_identifier else external_identifier
check_types_and_set_values(self, locals())
diff --git a/src/spdx_tools/spdx3/model/security/cvss_v3_vuln_assessment_relationship.py b/src/spdx_tools/spdx3/model/security/cvss_v3_vuln_assessment_relationship.py
index ab8a803af..771a7b3ab 100644
--- a/src/spdx_tools/spdx3/model/security/cvss_v3_vuln_assessment_relationship.py
+++ b/src/spdx_tools/spdx3/model/security/cvss_v3_vuln_assessment_relationship.py
@@ -7,20 +7,18 @@
from spdx_tools.common.typing.dataclass_with_properties import dataclass_with_properties
from spdx_tools.common.typing.type_checks import check_types_and_set_values
-from spdx_tools.spdx3.model import (
- CreationInfo,
- ExternalIdentifier,
- ExternalReference,
- IntegrityMethod,
- RelationshipCompleteness,
-)
-from spdx_tools.spdx3.model.security.vuln_assessment_relationship import VulnAssessmentRelationship
from spdx_tools.spdx.model import RelationshipType
+from ..core.creation_info import CreationInfo
+from ..core.external_identifier import ExternalIdentifier
+from ..core.external_ref import ExternalRef
+from ..core.integrity_method import IntegrityMethod
+from ..core.relationship import RelationshipCompleteness
+from ..security.vuln_assessment_relationship import VulnAssessmentRelationship
@dataclass_with_properties
class CvssV3VulnAssessmentRelationship(VulnAssessmentRelationship):
- score: str = None
+ score: str = ""
severity: Optional[str] = None
vector: Optional[str] = None
@@ -36,9 +34,9 @@ def __init__(
summary: Optional[str] = None,
description: Optional[str] = None,
comment: Optional[str] = None,
- verified_using: List[IntegrityMethod] = None,
- external_reference: List[ExternalReference] = None,
- external_identifier: List[ExternalIdentifier] = None,
+ verified_using: List[IntegrityMethod] = [],
+ external_ref: List[ExternalRef] = [],
+ external_identifier: List[ExternalIdentifier] = [],
extension: Optional[str] = None,
completeness: Optional[RelationshipCompleteness] = None,
start_time: Optional[datetime] = None,
@@ -51,7 +49,7 @@ def __init__(
severity: Optional[str] = None,
vector: Optional[str] = None,
):
- verified_using = [] if verified_using is None else verified_using
- external_reference = [] if external_reference is None else external_reference
- external_identifier = [] if external_identifier is None else external_identifier
+ verified_using = [] if not verified_using else verified_using
+ external_ref = [] if not external_ref else external_ref
+ external_identifier = [] if not external_identifier else external_identifier
check_types_and_set_values(self, locals())
diff --git a/src/spdx_tools/spdx3/model/security/epss_vuln_assessment_relationship.py b/src/spdx_tools/spdx3/model/security/epss_vuln_assessment_relationship.py
index f5001a92d..81846e0ef 100644
--- a/src/spdx_tools/spdx3/model/security/epss_vuln_assessment_relationship.py
+++ b/src/spdx_tools/spdx3/model/security/epss_vuln_assessment_relationship.py
@@ -7,16 +7,14 @@
from spdx_tools.common.typing.dataclass_with_properties import dataclass_with_properties
from spdx_tools.common.typing.type_checks import check_types_and_set_values
-from spdx_tools.spdx3.model import (
- CreationInfo,
- ExternalIdentifier,
- ExternalReference,
- IntegrityMethod,
- RelationshipCompleteness,
-)
-from spdx_tools.spdx3.model.security.vuln_assessment_relationship import VulnAssessmentRelationship
from spdx_tools.spdx.model import RelationshipType
+from ..core.creation_info import CreationInfo
+from ..core.external_identifier import ExternalIdentifier
+from ..core.external_ref import ExternalRef
+from ..core.integrity_method import IntegrityMethod
+from ..core.relationship import RelationshipCompleteness
+from ..security.vuln_assessment_relationship import VulnAssessmentRelationship
@dataclass_with_properties
class EpssVulnAssessmentRelationship(VulnAssessmentRelationship):
@@ -35,9 +33,9 @@ def __init__(
summary: Optional[str] = None,
description: Optional[str] = None,
comment: Optional[str] = None,
- verified_using: List[IntegrityMethod] = None,
- external_reference: List[ExternalReference] = None,
- external_identifier: List[ExternalIdentifier] = None,
+ verified_using: List[IntegrityMethod] = [],
+ external_ref: List[ExternalRef] = [],
+ external_identifier: List[ExternalIdentifier] = [],
extension: Optional[str] = None,
completeness: Optional[RelationshipCompleteness] = None,
start_time: Optional[datetime] = None,
@@ -49,7 +47,7 @@ def __init__(
withdrawn_time: Optional[datetime] = None,
severity: Optional[str] = None,
):
- verified_using = [] if verified_using is None else verified_using
- external_reference = [] if external_reference is None else external_reference
- external_identifier = [] if external_identifier is None else external_identifier
+ verified_using = [] if not verified_using else verified_using
+ external_ref = [] if not external_ref else external_ref
+ external_identifier = [] if not external_identifier else external_identifier
check_types_and_set_values(self, locals())
diff --git a/src/spdx_tools/spdx3/model/security/exploit_catalog_vuln_assessment_relationship.py b/src/spdx_tools/spdx3/model/security/exploit_catalog_vuln_assessment_relationship.py
index a7a67ac68..51afd03ed 100644
--- a/src/spdx_tools/spdx3/model/security/exploit_catalog_vuln_assessment_relationship.py
+++ b/src/spdx_tools/spdx3/model/security/exploit_catalog_vuln_assessment_relationship.py
@@ -8,16 +8,15 @@
from spdx_tools.common.typing.dataclass_with_properties import dataclass_with_properties
from spdx_tools.common.typing.type_checks import check_types_and_set_values
-from spdx_tools.spdx3.model import (
- CreationInfo,
- ExternalIdentifier,
- ExternalReference,
- IntegrityMethod,
- RelationshipCompleteness,
-)
-from spdx_tools.spdx3.model.security.vuln_assessment_relationship import VulnAssessmentRelationship
from spdx_tools.spdx.model import RelationshipType
+from ..core.creation_info import CreationInfo
+from ..core.external_identifier import ExternalIdentifier
+from ..core.external_ref import ExternalRef
+from ..core.integrity_method import IntegrityMethod
+from ..core.relationship import RelationshipCompleteness
+from ..security.vuln_assessment_relationship import VulnAssessmentRelationship
+
class ExploitCatalogType(Enum):
KEV = auto()
@@ -28,7 +27,7 @@ class ExploitCatalogType(Enum):
class ExploitCatalogVulnAssessmentRelationship(VulnAssessmentRelationship):
catalog_type: ExploitCatalogType = None
exploited: bool = None
- locator: str = None
+ locator: str = ""
def __init__(
self,
@@ -44,9 +43,9 @@ def __init__(
summary: Optional[str] = None,
description: Optional[str] = None,
comment: Optional[str] = None,
- verified_using: List[IntegrityMethod] = None,
- external_reference: List[ExternalReference] = None,
- external_identifier: List[ExternalIdentifier] = None,
+ verified_using: List[IntegrityMethod] = [],
+ external_ref: List[ExternalRef] = [],
+ external_identifier: List[ExternalIdentifier] = [],
extension: Optional[str] = None,
completeness: Optional[RelationshipCompleteness] = None,
start_time: Optional[datetime] = None,
@@ -57,7 +56,7 @@ def __init__(
modified_time: Optional[datetime] = None,
withdrawn_time: Optional[datetime] = None,
):
- verified_using = [] if verified_using is None else verified_using
- external_reference = [] if external_reference is None else external_reference
- external_identifier = [] if external_identifier is None else external_identifier
+ verified_using = [] if not verified_using else verified_using
+ external_ref = [] if not external_ref else external_ref
+ external_identifier = [] if not external_identifier else external_identifier
check_types_and_set_values(self, locals())
diff --git a/src/spdx_tools/spdx3/model/security/ssvc_vuln_assessment_relationship.py b/src/spdx_tools/spdx3/model/security/ssvc_vuln_assessment_relationship.py
index d98803874..5fafa5d7e 100644
--- a/src/spdx_tools/spdx3/model/security/ssvc_vuln_assessment_relationship.py
+++ b/src/spdx_tools/spdx3/model/security/ssvc_vuln_assessment_relationship.py
@@ -8,16 +8,14 @@
from spdx_tools.common.typing.dataclass_with_properties import dataclass_with_properties
from spdx_tools.common.typing.type_checks import check_types_and_set_values
-from spdx_tools.spdx3.model import (
- CreationInfo,
- ExternalIdentifier,
- ExternalReference,
- IntegrityMethod,
- RelationshipCompleteness,
-)
-from spdx_tools.spdx3.model.security.vuln_assessment_relationship import VulnAssessmentRelationship
from spdx_tools.spdx.model import RelationshipType
+from ..core.creation_info import CreationInfo
+from ..core.external_identifier import ExternalIdentifier
+from ..core.external_ref import ExternalRef
+from ..core.integrity_method import IntegrityMethod
+from ..core.relationship import RelationshipCompleteness
+from ..security.vuln_assessment_relationship import VulnAssessmentRelationship
class SsvcDecisionType(Enum):
ACT = auto()
@@ -28,8 +26,6 @@ class SsvcDecisionType(Enum):
@dataclass_with_properties
class SsvcVulnAssessmentRelationship(VulnAssessmentRelationship):
- decision_type: SsvcDecisionType = None
-
def __init__(
self,
spdx_id: str,
@@ -42,9 +38,9 @@ def __init__(
summary: Optional[str] = None,
description: Optional[str] = None,
comment: Optional[str] = None,
- verified_using: List[IntegrityMethod] = None,
- external_reference: List[ExternalReference] = None,
- external_identifier: List[ExternalIdentifier] = None,
+ verified_using: List[IntegrityMethod] = [],
+ external_ref: List[ExternalRef] = [],
+ external_identifier: List[ExternalIdentifier] = [],
extension: Optional[str] = None,
completeness: Optional[RelationshipCompleteness] = None,
start_time: Optional[datetime] = None,
@@ -55,7 +51,7 @@ def __init__(
modified_time: Optional[datetime] = None,
withdrawn_time: Optional[datetime] = None,
):
- verified_using = [] if verified_using is None else verified_using
- external_reference = [] if external_reference is None else external_reference
- external_identifier = [] if external_identifier is None else external_identifier
+ verified_using = [] if not verified_using else verified_using
+ external_ref = [] if not external_ref else external_ref
+ external_identifier = [] if not external_identifier else external_identifier
check_types_and_set_values(self, locals())
diff --git a/src/spdx_tools/spdx3/model/security/vex_affected_vuln_assessment_relationship.py b/src/spdx_tools/spdx3/model/security/vex_affected_vuln_assessment_relationship.py
index 2dc242273..f9a52a3bc 100644
--- a/src/spdx_tools/spdx3/model/security/vex_affected_vuln_assessment_relationship.py
+++ b/src/spdx_tools/spdx3/model/security/vex_affected_vuln_assessment_relationship.py
@@ -8,16 +8,14 @@
from spdx_tools.common.typing.dataclass_with_properties import dataclass_with_properties
from spdx_tools.common.typing.type_checks import check_types_and_set_values
-from spdx_tools.spdx3.model import (
- CreationInfo,
- ExternalIdentifier,
- ExternalReference,
- IntegrityMethod,
- RelationshipCompleteness,
-)
-from spdx_tools.spdx3.model.security.vex_vuln_assessment_relationship import VexVulnAssessmentRelationship
from spdx_tools.spdx.model import RelationshipType
+from ..core.creation_info import CreationInfo
+from ..core.external_identifier import ExternalIdentifier
+from ..core.external_ref import ExternalRef
+from ..core.integrity_method import IntegrityMethod
+from ..core.relationship import RelationshipCompleteness
+from ..security.vex_vuln_assessment_relationship import VexVulnAssessmentRelationship
@dataclass_with_properties
class VexAffectedVulnAssessmentRelationship(VexVulnAssessmentRelationship):
@@ -35,9 +33,9 @@ def __init__(
summary: Optional[str] = None,
description: Optional[str] = None,
comment: Optional[str] = None,
- verified_using: List[IntegrityMethod] = None,
- external_reference: List[ExternalReference] = None,
- external_identifier: List[ExternalIdentifier] = None,
+ verified_using: List[IntegrityMethod] = [],
+ external_ref: List[ExternalRef] = [],
+ external_identifier: List[ExternalIdentifier] = [],
extension: Optional[str] = None,
completeness: Optional[RelationshipCompleteness] = None,
start_time: Optional[datetime] = None,
@@ -50,10 +48,10 @@ def __init__(
vex_version: Optional[str] = None,
status_notes: Optional[str] = None,
action_statement: Optional[str] = None,
- action_statement_time: List[datetime] = None,
+ action_statement_time: List[datetime] = [],
):
- verified_using = [] if verified_using is None else verified_using
- external_reference = [] if external_reference is None else external_reference
- external_identifier = [] if external_identifier is None else external_identifier
- action_statement_time = [] if action_statement_time is None else action_statement_time
+ verified_using = [] if not verified_using else verified_using
+ external_ref = [] if not external_ref else external_ref
+ external_identifier = [] if not external_identifier else external_identifier
+ action_statement_time = [] if not action_statement_time else action_statement_time
check_types_and_set_values(self, locals())
diff --git a/src/spdx_tools/spdx3/model/security/vex_fixed_vuln_assessment_relationship.py b/src/spdx_tools/spdx3/model/security/vex_fixed_vuln_assessment_relationship.py
index c8bdc2b38..ba699ad54 100644
--- a/src/spdx_tools/spdx3/model/security/vex_fixed_vuln_assessment_relationship.py
+++ b/src/spdx_tools/spdx3/model/security/vex_fixed_vuln_assessment_relationship.py
@@ -7,16 +7,15 @@
from spdx_tools.common.typing.dataclass_with_properties import dataclass_with_properties
from spdx_tools.common.typing.type_checks import check_types_and_set_values
-from spdx_tools.spdx3.model import (
- CreationInfo,
- ExternalIdentifier,
- ExternalReference,
- IntegrityMethod,
- RelationshipCompleteness,
-)
-from spdx_tools.spdx3.model.security.vex_vuln_assessment_relationship import VexVulnAssessmentRelationship
from spdx_tools.spdx.model import RelationshipType
+from ..core.creation_info import CreationInfo
+from ..core.external_identifier import ExternalIdentifier
+from ..core.external_ref import ExternalRef
+from ..core.integrity_method import IntegrityMethod
+from ..core.relationship import RelationshipCompleteness
+from ..security.vex_vuln_assessment_relationship import VexVulnAssessmentRelationship
+
@dataclass_with_properties
class VexFixedVulnAssessmentRelationship(VexVulnAssessmentRelationship):
@@ -31,9 +30,9 @@ def __init__(
summary: Optional[str] = None,
description: Optional[str] = None,
comment: Optional[str] = None,
- verified_using: List[IntegrityMethod] = None,
- external_reference: List[ExternalReference] = None,
- external_identifier: List[ExternalIdentifier] = None,
+ verified_using: List[IntegrityMethod] = [],
+ external_ref: List[ExternalRef] = [],
+ external_identifier: List[ExternalIdentifier] = [],
extension: Optional[str] = None,
completeness: Optional[RelationshipCompleteness] = None,
start_time: Optional[datetime] = None,
@@ -46,7 +45,7 @@ def __init__(
vex_version: Optional[str] = None,
status_notes: Optional[str] = None,
):
- verified_using = [] if verified_using is None else verified_using
- external_reference = [] if external_reference is None else external_reference
- external_identifier = [] if external_identifier is None else external_identifier
+ verified_using = [] if not verified_using else verified_using
+ external_ref = [] if not external_ref else external_ref
+ external_identifier = [] if not external_identifier else external_identifier
check_types_and_set_values(self, locals())
diff --git a/src/spdx_tools/spdx3/model/security/vex_not_affected_vuln_assessment_relationship.py b/src/spdx_tools/spdx3/model/security/vex_not_affected_vuln_assessment_relationship.py
index 4c019a973..188f34241 100644
--- a/src/spdx_tools/spdx3/model/security/vex_not_affected_vuln_assessment_relationship.py
+++ b/src/spdx_tools/spdx3/model/security/vex_not_affected_vuln_assessment_relationship.py
@@ -8,16 +8,15 @@
from spdx_tools.common.typing.dataclass_with_properties import dataclass_with_properties
from spdx_tools.common.typing.type_checks import check_types_and_set_values
-from spdx_tools.spdx3.model import (
- CreationInfo,
- ExternalIdentifier,
- ExternalReference,
- IntegrityMethod,
- RelationshipCompleteness,
-)
-from spdx_tools.spdx3.model.security.vex_vuln_assessment_relationship import VexVulnAssessmentRelationship
from spdx_tools.spdx.model import RelationshipType
+from ..core.creation_info import CreationInfo
+from ..core.external_identifier import ExternalIdentifier
+from ..core.external_ref import ExternalRef
+from ..core.integrity_method import IntegrityMethod
+from ..core.relationship import RelationshipCompleteness
+from ..security.vex_vuln_assessment_relationship import VexVulnAssessmentRelationship
+
class VexJustificationType(Enum):
COMPONENT_NOT_PRESENT = auto()
@@ -44,9 +43,9 @@ def __init__(
summary: Optional[str] = None,
description: Optional[str] = None,
comment: Optional[str] = None,
- verified_using: List[IntegrityMethod] = None,
- external_reference: List[ExternalReference] = None,
- external_identifier: List[ExternalIdentifier] = None,
+ verified_using: List[IntegrityMethod] = [],
+ external_ref: List[ExternalRef] = [],
+ external_identifier: List[ExternalIdentifier] = [],
extension: Optional[str] = None,
completeness: Optional[RelationshipCompleteness] = None,
start_time: Optional[datetime] = None,
@@ -62,7 +61,7 @@ def __init__(
impact_statement: Optional[str] = None,
impact_statement_time: Optional[datetime] = None,
):
- verified_using = [] if verified_using is None else verified_using
- external_reference = [] if external_reference is None else external_reference
- external_identifier = [] if external_identifier is None else external_identifier
+ verified_using = [] if not verified_using else verified_using
+ external_ref = [] if not external_ref else external_ref
+ external_identifier = [] if not external_identifier else external_identifier
check_types_and_set_values(self, locals())
diff --git a/src/spdx_tools/spdx3/model/security/vex_under_investigation_vuln_assessment_relationship.py b/src/spdx_tools/spdx3/model/security/vex_under_investigation_vuln_assessment_relationship.py
index ba63480bc..8618c99f3 100644
--- a/src/spdx_tools/spdx3/model/security/vex_under_investigation_vuln_assessment_relationship.py
+++ b/src/spdx_tools/spdx3/model/security/vex_under_investigation_vuln_assessment_relationship.py
@@ -7,16 +7,15 @@
from spdx_tools.common.typing.dataclass_with_properties import dataclass_with_properties
from spdx_tools.common.typing.type_checks import check_types_and_set_values
-from spdx_tools.spdx3.model import (
- CreationInfo,
- ExternalIdentifier,
- ExternalReference,
- IntegrityMethod,
- RelationshipCompleteness,
-)
-from spdx_tools.spdx3.model.security.vex_vuln_assessment_relationship import VexVulnAssessmentRelationship
from spdx_tools.spdx.model import RelationshipType
+from ..core.creation_info import CreationInfo
+from ..core.external_identifier import ExternalIdentifier
+from ..core.external_ref import ExternalRef
+from ..core.integrity_method import IntegrityMethod
+from ..core.relationship import RelationshipCompleteness
+from ..security.vex_vuln_assessment_relationship import VexVulnAssessmentRelationship
+
@dataclass_with_properties
class VexUnderInvestigationVulnAssessmentRelationship(VexVulnAssessmentRelationship):
@@ -31,9 +30,9 @@ def __init__(
summary: Optional[str] = None,
description: Optional[str] = None,
comment: Optional[str] = None,
- verified_using: List[IntegrityMethod] = None,
- external_reference: List[ExternalReference] = None,
- external_identifier: List[ExternalIdentifier] = None,
+ verified_using: List[IntegrityMethod] = [],
+ external_ref: List[ExternalRef] = [],
+ external_identifier: List[ExternalIdentifier] = [],
extension: Optional[str] = None,
completeness: Optional[RelationshipCompleteness] = None,
start_time: Optional[datetime] = None,
@@ -46,7 +45,7 @@ def __init__(
vex_version: Optional[str] = None,
status_notes: Optional[str] = None,
):
- verified_using = [] if verified_using is None else verified_using
- external_reference = [] if external_reference is None else external_reference
- external_identifier = [] if external_identifier is None else external_identifier
+ verified_using = [] if not verified_using else verified_using
+ external_ref = [] if not external_ref else external_ref
+ external_identifier = [] if not external_identifier else external_identifier
check_types_and_set_values(self, locals())
diff --git a/src/spdx_tools/spdx3/model/security/vex_vuln_assessment_relationship.py b/src/spdx_tools/spdx3/model/security/vex_vuln_assessment_relationship.py
index 8b5c0fc68..c255a69ef 100644
--- a/src/spdx_tools/spdx3/model/security/vex_vuln_assessment_relationship.py
+++ b/src/spdx_tools/spdx3/model/security/vex_vuln_assessment_relationship.py
@@ -6,8 +6,8 @@
from beartype.typing import Optional
from spdx_tools.common.typing.dataclass_with_properties import dataclass_with_properties
-from spdx_tools.spdx3.model.security.vuln_assessment_relationship import VulnAssessmentRelationship
+from ..security.vuln_assessment_relationship import VulnAssessmentRelationship
@dataclass_with_properties
class VexVulnAssessmentRelationship(VulnAssessmentRelationship):
diff --git a/src/spdx_tools/spdx3/model/security/vuln_assessment_relationship.py b/src/spdx_tools/spdx3/model/security/vuln_assessment_relationship.py
index f20303743..12d71521d 100644
--- a/src/spdx_tools/spdx3/model/security/vuln_assessment_relationship.py
+++ b/src/spdx_tools/spdx3/model/security/vuln_assessment_relationship.py
@@ -7,8 +7,8 @@
from beartype.typing import Optional
from spdx_tools.common.typing.dataclass_with_properties import dataclass_with_properties
-from spdx_tools.spdx3.model import Relationship
+from ..core.relationship import Relationship
@dataclass_with_properties
class VulnAssessmentRelationship(Relationship):
diff --git a/src/spdx_tools/spdx3/model/security/vulnerability.py b/src/spdx_tools/spdx3/model/security/vulnerability.py
index a137b1cb7..6d9f583ec 100644
--- a/src/spdx_tools/spdx3/model/security/vulnerability.py
+++ b/src/spdx_tools/spdx3/model/security/vulnerability.py
@@ -7,7 +7,12 @@
from spdx_tools.common.typing.dataclass_with_properties import dataclass_with_properties
from spdx_tools.common.typing.type_checks import check_types_and_set_values
-from spdx_tools.spdx3.model import CreationInfo, Element, ExternalIdentifier, ExternalReference, IntegrityMethod
+
+from ..core.creation_info import CreationInfo
+from ..core.element import Element
+from ..core.external_identifier import ExternalIdentifier
+from ..core.external_ref import ExternalRef
+from ..core.integrity_method import IntegrityMethod
@dataclass_with_properties
@@ -24,15 +29,15 @@ def __init__(
summary: Optional[str] = None,
description: Optional[str] = None,
comment: Optional[str] = None,
- verified_using: List[IntegrityMethod] = None,
- external_reference: List[ExternalReference] = None,
- external_identifier: List[ExternalIdentifier] = None,
+ verified_using: List[IntegrityMethod] = [],
+ external_ref: List[ExternalRef] = [],
+ external_identifier: List[ExternalIdentifier] = [],
extension: Optional[str] = None,
published_time: Optional[datetime] = None,
modified_time: Optional[datetime] = None,
withdrawn_time: Optional[datetime] = None,
):
- verified_using = [] if verified_using is None else verified_using
- external_reference = [] if external_reference is None else external_reference
- external_identifier = [] if external_identifier is None else external_identifier
+ verified_using = [] if not verified_using else verified_using
+ external_ref = [] if not external_ref else external_ref
+ external_identifier = [] if not external_identifier else external_identifier
check_types_and_set_values(self, locals())
diff --git a/src/spdx_tools/spdx3/model/simple_licensing/__init__.py b/src/spdx_tools/spdx3/model/simple_licensing/__init__.py
new file mode 100644
index 000000000..131ab7732
--- /dev/null
+++ b/src/spdx_tools/spdx3/model/simple_licensing/__init__.py
@@ -0,0 +1,2 @@
+# SPDX-License-Identifier: Apache-2.0
+# SPDX-FileCopyrightText: 2024 The SPDX Contributors
diff --git a/src/spdx_tools/spdx3/model/software/__init__.py b/src/spdx_tools/spdx3/model/software/__init__.py
index f3b157024..510187e57 100644
--- a/src/spdx_tools/spdx3/model/software/__init__.py
+++ b/src/spdx_tools/spdx3/model/software/__init__.py
@@ -1,13 +1,28 @@
# SPDX-FileCopyrightText: 2023 spdx contributors
#
# SPDX-License-Identifier: Apache-2.0
-from spdx_tools.spdx3.model.software.software_purpose import SoftwarePurpose
-from spdx_tools.spdx3.model.software.file import File
-from spdx_tools.spdx3.model.software.package import Package
-from spdx_tools.spdx3.model.software.snippet import Snippet
-from spdx_tools.spdx3.model.software.sbom import Sbom, SBOMType
-from spdx_tools.spdx3.model.software.software_dependency_relationship import (
- SoftwareDependencyRelationship,
- SoftwareDependencyLinkType,
+from .file import File, FileKindType
+from .package import Package
+from .sbom import Sbom, SbomType
+from .snippet import Snippet
+from .software_artifact import SoftwareArtifact
+from .software_dependency_relationship import (
DependencyConditionalityType,
+ SoftwareDependencyLinkType,
+ SoftwareDependencyRelationship,
)
+from .software_purpose import SoftwarePurpose
+
+__all__ = [
+ "DependencyConditionalityType",
+ "File",
+ "FileKindType",
+ "Package",
+ "Sbom",
+ "SbomType",
+ "Snippet",
+ "SoftwareArtifact",
+ "SoftwareDependencyLinkType",
+ "SoftwareDependencyRelationship",
+ "SoftwarePurpose",
+]
diff --git a/src/spdx_tools/spdx3/model/software/file.py b/src/spdx_tools/spdx3/model/software/file.py
index c962b4dbd..441e61d0b 100644
--- a/src/spdx_tools/spdx3/model/software/file.py
+++ b/src/spdx_tools/spdx3/model/software/file.py
@@ -2,16 +2,25 @@
#
# SPDX-License-Identifier: Apache-2.0
from datetime import datetime
+from enum import Enum, auto
from beartype.typing import List, Optional
from spdx_tools.common.typing.dataclass_with_properties import dataclass_with_properties
from spdx_tools.common.typing.type_checks import check_types_and_set_values
-from spdx_tools.spdx3.model import CreationInfo, ExternalIdentifier, ExternalReference, IntegrityMethod
-from spdx_tools.spdx3.model.licensing import LicenseField
-from spdx_tools.spdx3.model.software import SoftwarePurpose
-from spdx_tools.spdx3.model.software.software_artifact import SoftwareArtifact
+from ..core.creation_info import CreationInfo
+from ..core.external_identifier import ExternalIdentifier
+from ..core.external_ref import ExternalRef
+from ..core.integrity_method import IntegrityMethod
+from ..licensing.license_field import LicenseField
+from .software_artifact import SoftwareArtifact
+from .software_purpose import SoftwarePurpose
+
+
+class FileKindType(Enum):
+ DIRECTORY = auto()
+ FILE = auto()
@dataclass_with_properties
class File(SoftwareArtifact):
@@ -25,30 +34,31 @@ def __init__(
summary: Optional[str] = None,
description: Optional[str] = None,
comment: Optional[str] = None,
- verified_using: List[IntegrityMethod] = None,
- external_reference: List[ExternalReference] = None,
- external_identifier: List[ExternalIdentifier] = None,
+ verified_using: List[IntegrityMethod] = [],
+ external_ref: List[ExternalRef] = [],
+ external_identifier: List[ExternalIdentifier] = [],
extension: Optional[str] = None,
- originated_by: List[str] = None,
- supplied_by: List[str] = None,
+ originated_by: List[str] = [],
+ supplied_by: List[str] = [],
built_time: Optional[datetime] = None,
release_time: Optional[datetime] = None,
valid_until_time: Optional[datetime] = None,
- standard: List[str] = None,
+ standard: List[str] = [],
content_identifier: Optional[str] = None,
primary_purpose: Optional[SoftwarePurpose] = None,
- additional_purpose: List[SoftwarePurpose] = None,
+ additional_purpose: List[SoftwarePurpose] = [],
concluded_license: Optional[LicenseField] = None,
declared_license: Optional[LicenseField] = None,
copyright_text: Optional[str] = None,
attribution_text: Optional[str] = None,
content_type: Optional[str] = None,
+ file_kind: Optional[FileKindType] = None,
):
- verified_using = [] if verified_using is None else verified_using
- external_reference = [] if external_reference is None else external_reference
- external_identifier = [] if external_identifier is None else external_identifier
- originated_by = [] if originated_by is None else originated_by
- supplied_by = [] if supplied_by is None else supplied_by
- standard = [] if standard is None else standard
- additional_purpose = [] if additional_purpose is None else additional_purpose
+ verified_using = [] if not verified_using else verified_using
+ external_ref = [] if not external_ref else external_ref
+ external_identifier = [] if not external_identifier else external_identifier
+ originated_by = [] if not originated_by else originated_by
+ supplied_by = [] if not supplied_by else supplied_by
+ standard = [] if not standard else standard
+ additional_purpose = [] if not additional_purpose else additional_purpose
check_types_and_set_values(self, locals())
diff --git a/src/spdx_tools/spdx3/model/software/package.py b/src/spdx_tools/spdx3/model/software/package.py
index 0c249cc1b..f244a8604 100644
--- a/src/spdx_tools/spdx3/model/software/package.py
+++ b/src/spdx_tools/spdx3/model/software/package.py
@@ -7,10 +7,14 @@
from spdx_tools.common.typing.dataclass_with_properties import dataclass_with_properties
from spdx_tools.common.typing.type_checks import check_types_and_set_values
-from spdx_tools.spdx3.model import CreationInfo, ExternalIdentifier, ExternalReference, IntegrityMethod
-from spdx_tools.spdx3.model.licensing import LicenseField
-from spdx_tools.spdx3.model.software import SoftwarePurpose
-from spdx_tools.spdx3.model.software.software_artifact import SoftwareArtifact
+
+from ..core.creation_info import CreationInfo
+from ..core.external_identifier import ExternalIdentifier
+from ..core.external_ref import ExternalRef
+from ..core.integrity_method import IntegrityMethod
+from ..licensing.license_field import LicenseField
+from .software_artifact import SoftwareArtifact
+from .software_purpose import SoftwarePurpose
@dataclass_with_properties
@@ -18,7 +22,7 @@ class Package(SoftwareArtifact):
package_version: Optional[str] = None
download_location: Optional[str] = None # anyURI
package_url: Optional[str] = None # anyURI
- homepage: Optional[str] = None # anyURI
+ home_page: Optional[str] = None # anyURI
source_info: Optional[str] = None
def __init__(
@@ -29,19 +33,19 @@ def __init__(
summary: Optional[str] = None,
description: Optional[str] = None,
comment: Optional[str] = None,
- verified_using: List[IntegrityMethod] = None,
- external_reference: List[ExternalReference] = None,
- external_identifier: List[ExternalIdentifier] = None,
+ verified_using: List[IntegrityMethod] = [],
+ external_ref: List[ExternalRef] = [],
+ external_identifier: List[ExternalIdentifier] = [],
extension: Optional[str] = None,
- originated_by: List[str] = None,
- supplied_by: List[str] = None,
+ originated_by: List[str] = [],
+ supplied_by: List[str] = [],
built_time: Optional[datetime] = None,
release_time: Optional[datetime] = None,
valid_until_time: Optional[datetime] = None,
- standard: List[str] = None,
+ standard: List[str] = [],
content_identifier: Optional[str] = None,
primary_purpose: Optional[SoftwarePurpose] = None,
- additional_purpose: List[SoftwarePurpose] = None,
+ additional_purpose: List[SoftwarePurpose] = [],
concluded_license: Optional[LicenseField] = None,
declared_license: Optional[LicenseField] = None,
copyright_text: Optional[str] = None,
@@ -49,14 +53,14 @@ def __init__(
package_version: Optional[str] = None,
download_location: Optional[str] = None,
package_url: Optional[str] = None,
- homepage: Optional[str] = None,
+ home_page: Optional[str] = None,
source_info: Optional[str] = None,
):
- verified_using = [] if verified_using is None else verified_using
- external_reference = [] if external_reference is None else external_reference
- external_identifier = [] if external_identifier is None else external_identifier
- originated_by = [] if originated_by is None else originated_by
- supplied_by = [] if supplied_by is None else supplied_by
- standard = [] if standard is None else standard
- additional_purpose = [] if additional_purpose is None else additional_purpose
+ verified_using = [] if not verified_using else verified_using
+ external_ref = [] if not external_ref else external_ref
+ external_identifier = [] if not external_identifier else external_identifier
+ originated_by = [] if not originated_by else originated_by
+ supplied_by = [] if not supplied_by else supplied_by
+ standard = [] if not standard else standard
+ additional_purpose = [] if not additional_purpose else additional_purpose
check_types_and_set_values(self, locals())
diff --git a/src/spdx_tools/spdx3/model/software/sbom.py b/src/spdx_tools/spdx3/model/software/sbom.py
index 1fb06f615..4a7d3a412 100644
--- a/src/spdx_tools/spdx3/model/software/sbom.py
+++ b/src/spdx_tools/spdx3/model/software/sbom.py
@@ -8,29 +8,29 @@
from spdx_tools.common.typing.dataclass_with_properties import dataclass_with_properties
from spdx_tools.common.typing.type_checks import check_types_and_set_values
-from spdx_tools.spdx3.model import (
- Bom,
- CreationInfo,
- ExternalIdentifier,
- ExternalMap,
- ExternalReference,
- IntegrityMethod,
- NamespaceMap,
-)
-
-
-class SBOMType(Enum):
- DESIGN = auto()
- SOURCE = auto()
+
+from ..core.bom import Bom
+from ..core.creation_info import CreationInfo
+from ..core.external_identifier import ExternalIdentifier
+from ..core.external_map import ExternalMap
+from ..core.external_ref import ExternalRef
+from ..core.integrity_method import IntegrityMethod
+from ..core.namespace_map import NamespaceMap
+from ..core.profile_identifier import ProfileIdentifierType
+
+
+class SbomType(Enum):
+ ANALYZED = auto()
BUILD = auto()
DEPLOYED = auto()
+ DESIGN = auto()
RUNTIME = auto()
- ANALYZED = auto()
+ SOURCE = auto()
@dataclass_with_properties
class Sbom(Bom):
- sbom_type: List[SBOMType] = field(default_factory=list)
+ sbom_type: List[SbomType] = field(default_factory=list)
# We overwrite the super-__init__ as check_types_and_set_values()
# takes care of all fields (including inherited ones).
@@ -44,19 +44,20 @@ def __init__(
summary: Optional[str] = None,
description: Optional[str] = None,
comment: Optional[str] = None,
- verified_using: List[IntegrityMethod] = None,
- external_reference: List[ExternalReference] = None,
- external_identifier: List[ExternalIdentifier] = None,
+ verified_using: List[IntegrityMethod] = [],
+ external_ref: List[ExternalRef] = [],
+ external_identifier: List[ExternalIdentifier] = [],
extension: Optional[str] = None,
- namespaces: List[NamespaceMap] = None,
- imports: List[ExternalMap] = None,
+ namespace: List[NamespaceMap] = [],
+ import_: List[ExternalMap] = [],
context: Optional[str] = None,
- sbom_type: List[SBOMType] = None,
+ sbom_type: List[SbomType] = [],
+ profile_conformance: List[ProfileIdentifierType] = [],
):
- verified_using = [] if verified_using is None else verified_using
- external_reference = [] if external_reference is None else external_reference
- external_identifier = [] if external_identifier is None else external_identifier
- namespaces = [] if namespaces is None else namespaces
- imports = [] if imports is None else imports
- sbom_type = [] if sbom_type is None else sbom_type
+ verified_using = [] if not verified_using else verified_using
+ external_ref = [] if not external_ref else external_ref
+ external_identifier = [] if not external_identifier else external_identifier
+ namespace = [] if not namespace else namespace
+ import_ = [] if not import_ else import_
+ sbom_type = [] if not sbom_type else sbom_type
check_types_and_set_values(self, locals())
diff --git a/src/spdx_tools/spdx3/model/software/snippet.py b/src/spdx_tools/spdx3/model/software/snippet.py
index b3ab61396..1da9dc5ad 100644
--- a/src/spdx_tools/spdx3/model/software/snippet.py
+++ b/src/spdx_tools/spdx3/model/software/snippet.py
@@ -7,11 +7,15 @@
from spdx_tools.common.typing.dataclass_with_properties import dataclass_with_properties
from spdx_tools.common.typing.type_checks import check_types_and_set_values
-from spdx_tools.spdx3.model import CreationInfo, ExternalIdentifier, ExternalReference, IntegrityMethod
-from spdx_tools.spdx3.model.licensing import LicenseField
-from spdx_tools.spdx3.model.positive_integer_range import PositiveIntegerRange
-from spdx_tools.spdx3.model.software import SoftwarePurpose
-from spdx_tools.spdx3.model.software.software_artifact import SoftwareArtifact
+
+from ..core.creation_info import CreationInfo
+from ..core.external_identifier import ExternalIdentifier
+from ..core.external_ref import ExternalRef
+from ..core.integrity_method import IntegrityMethod
+from ..core.positive_integer_range import PositiveIntegerRange
+from ..licensing.license_field import LicenseField
+from .software_artifact import SoftwareArtifact
+from .software_purpose import SoftwarePurpose
@dataclass_with_properties
@@ -27,19 +31,19 @@ def __init__(
summary: Optional[str] = None,
description: Optional[str] = None,
comment: Optional[str] = None,
- verified_using: List[IntegrityMethod] = None,
- external_reference: List[ExternalReference] = None,
- external_identifier: List[ExternalIdentifier] = None,
+ verified_using: List[IntegrityMethod] = [],
+ external_ref: List[ExternalRef] = [],
+ external_identifier: List[ExternalIdentifier] = [],
extension: Optional[str] = None,
- originated_by: List[str] = None,
- supplied_by: List[str] = None,
+ originated_by: List[str] = [],
+ supplied_by: List[str] = [],
built_time: Optional[datetime] = None,
release_time: Optional[datetime] = None,
valid_until_time: Optional[datetime] = None,
- standard: List[str] = None,
+ standard: List[str] = [],
content_identifier: Optional[str] = None,
primary_purpose: Optional[SoftwarePurpose] = None,
- additional_purpose: List[SoftwarePurpose] = None,
+ additional_purpose: List[SoftwarePurpose] = [],
concluded_license: Optional[LicenseField] = None,
declared_license: Optional[LicenseField] = None,
copyright_text: Optional[str] = None,
@@ -47,11 +51,11 @@ def __init__(
byte_range: Optional[PositiveIntegerRange] = None,
line_range: Optional[PositiveIntegerRange] = None,
):
- verified_using = [] if verified_using is None else verified_using
- external_reference = [] if external_reference is None else external_reference
- external_identifier = [] if external_identifier is None else external_identifier
- originated_by = [] if originated_by is None else originated_by
- supplied_by = [] if supplied_by is None else supplied_by
- standard = [] if standard is None else standard
- additional_purpose = [] if additional_purpose is None else additional_purpose
+ verified_using = [] if not verified_using else verified_using
+ external_ref = [] if not external_ref else external_ref
+ external_identifier = [] if not external_identifier else external_identifier
+ originated_by = [] if not originated_by else originated_by
+ supplied_by = [] if not supplied_by else supplied_by
+ standard = [] if not standard else standard
+ additional_purpose = [] if not additional_purpose else additional_purpose
check_types_and_set_values(self, locals())
diff --git a/src/spdx_tools/spdx3/model/software/software_artifact.py b/src/spdx_tools/spdx3/model/software/software_artifact.py
index afc2b7ff3..0756101b5 100644
--- a/src/spdx_tools/spdx3/model/software/software_artifact.py
+++ b/src/spdx_tools/spdx3/model/software/software_artifact.py
@@ -7,9 +7,10 @@
from beartype.typing import List, Optional
from spdx_tools.common.typing.dataclass_with_properties import dataclass_with_properties
-from spdx_tools.spdx3.model import Artifact
-from spdx_tools.spdx3.model.licensing import LicenseField
-from spdx_tools.spdx3.model.software import SoftwarePurpose
+
+from ..core.artifact import Artifact
+from ..licensing.license_field import LicenseField
+from .software_purpose import SoftwarePurpose
@dataclass_with_properties
diff --git a/src/spdx_tools/spdx3/model/software/software_dependency_relationship.py b/src/spdx_tools/spdx3/model/software/software_dependency_relationship.py
index c6751ecaa..e9e66901b 100644
--- a/src/spdx_tools/spdx3/model/software/software_dependency_relationship.py
+++ b/src/spdx_tools/spdx3/model/software/software_dependency_relationship.py
@@ -8,16 +8,13 @@
from spdx_tools.common.typing.dataclass_with_properties import dataclass_with_properties
from spdx_tools.common.typing.type_checks import check_types_and_set_values
-from spdx_tools.spdx3.model import (
- CreationInfo,
- ExternalIdentifier,
- ExternalReference,
- IntegrityMethod,
- LifecycleScopedRelationship,
- LifecycleScopeType,
- RelationshipCompleteness,
- RelationshipType,
-)
+
+from ..core.creation_info import CreationInfo
+from ..core.external_identifier import ExternalIdentifier
+from ..core.external_ref import ExternalRef
+from ..core.integrity_method import IntegrityMethod
+from ..core.lifecycle_scoped_relationship import LifecycleScopedRelationship, LifecycleScopeType
+from ..core.relationship import RelationshipCompleteness, RelationshipType
class SoftwareDependencyLinkType(Enum):
@@ -45,15 +42,15 @@ def __init__(
spdx_id: str,
from_element: str,
relationship_type: RelationshipType,
- to: List[str] = None,
+ to: List[str] = [],
creation_info: Optional[CreationInfo] = None,
name: Optional[str] = None,
summary: Optional[str] = None,
description: Optional[str] = None,
comment: Optional[str] = None,
- verified_using: List[IntegrityMethod] = None,
- external_reference: List[ExternalReference] = None,
- external_identifier: List[ExternalIdentifier] = None,
+ verified_using: List[IntegrityMethod] = [],
+ external_ref: List[ExternalRef] = [],
+ external_identifier: List[ExternalIdentifier] = [],
extension: Optional[str] = None,
completeness: Optional[RelationshipCompleteness] = None,
start_time: Optional[datetime] = None,
@@ -62,8 +59,8 @@ def __init__(
software_linkage: Optional[SoftwareDependencyLinkType] = None,
conditionality: Optional[DependencyConditionalityType] = None,
):
- to = [] if to is None else to
- verified_using = [] if verified_using is None else verified_using
- external_reference = [] if external_reference is None else external_reference
- external_identifier = [] if external_identifier is None else external_identifier
+ to = [] if not to else to
+ verified_using = [] if not verified_using else verified_using
+ external_ref = [] if not external_ref else external_ref
+ external_identifier = [] if not external_identifier else external_identifier
check_types_and_set_values(self, locals())
diff --git a/src/spdx_tools/spdx3/model/software/software_purpose.py b/src/spdx_tools/spdx3/model/software/software_purpose.py
index e3a4d48cf..622e2cd8c 100644
--- a/src/spdx_tools/spdx3/model/software/software_purpose.py
+++ b/src/spdx_tools/spdx3/model/software/software_purpose.py
@@ -12,18 +12,25 @@ class SoftwarePurpose(Enum):
CONTAINER = auto()
DATA = auto()
DEVICE = auto()
+ DEVICE_DRIVER = auto()
+ DISK_IMAGE = auto()
DOCUMENTATION = auto()
+ EVIDENCE = auto()
EXECUTABLE = auto()
FILE = auto()
+ FILESYSTEM_IMAGE = auto()
FIRMWARE = auto()
FRAMEWORK = auto()
INSTALL = auto()
LIBRARY = auto()
+ MANIFEST = auto()
MODEL = auto()
MODULE = auto()
OPERATING_SYSTEM = auto()
OTHER = auto()
PATCH = auto()
+ PLATFORM = auto()
REQUIREMENT = auto()
SOURCE = auto()
+ SPECIFICATION = auto()
TEST = auto()
diff --git a/src/spdx_tools/spdx3/payload.py b/src/spdx_tools/spdx3/payload.py
index 17bc78c91..7f85031d0 100644
--- a/src/spdx_tools/spdx3/payload.py
+++ b/src/spdx_tools/spdx3/payload.py
@@ -3,7 +3,7 @@
# SPDX-License-Identifier: Apache-2.0
from beartype.typing import Dict
-from spdx_tools.spdx3.model import Element
+from spdx_tools.spdx3.model.core import Element
class Payload:
diff --git a/src/spdx_tools/spdx3/writer/__init__.py b/src/spdx_tools/spdx3/writer/__init__.py
index e69de29bb..131ab7732 100644
--- a/src/spdx_tools/spdx3/writer/__init__.py
+++ b/src/spdx_tools/spdx3/writer/__init__.py
@@ -0,0 +1,2 @@
+# SPDX-License-Identifier: Apache-2.0
+# SPDX-FileCopyrightText: 2024 The SPDX Contributors
diff --git a/src/spdx_tools/spdx3/writer/console/ai/__init__.py b/src/spdx_tools/spdx3/writer/console/ai/__init__.py
index e69de29bb..5529b92e0 100644
--- a/src/spdx_tools/spdx3/writer/console/ai/__init__.py
+++ b/src/spdx_tools/spdx3/writer/console/ai/__init__.py
@@ -0,0 +1,8 @@
+# SPDX-License-Identifier: Apache-2.0
+# SPDX-FileCopyrightText: 2024 The SPDX Contributors
+
+from .ai_package_writer import write_ai_package
+
+__all__ = [
+ "write_ai_package",
+]
diff --git a/src/spdx_tools/spdx3/writer/console/ai/ai_package_writer.py b/src/spdx_tools/spdx3/writer/console/ai/ai_package_writer.py
index 025ae613a..0ce98aca5 100644
--- a/src/spdx_tools/spdx3/writer/console/ai/ai_package_writer.py
+++ b/src/spdx_tools/spdx3/writer/console/ai/ai_package_writer.py
@@ -5,7 +5,7 @@
from spdx_tools.spdx3.model.ai import AIPackage
from spdx_tools.spdx3.writer.console.console import write_value
-from spdx_tools.spdx3.writer.console.software.package_writer import write_package
+from spdx_tools.spdx3.writer.console.software import write_package
def write_ai_package(ai_package: AIPackage, text_output: TextIO):
diff --git a/src/spdx_tools/spdx3/writer/console/build/__init__.py b/src/spdx_tools/spdx3/writer/console/build/__init__.py
index e69de29bb..b57cb23e9 100644
--- a/src/spdx_tools/spdx3/writer/console/build/__init__.py
+++ b/src/spdx_tools/spdx3/writer/console/build/__init__.py
@@ -0,0 +1,8 @@
+# SPDX-License-Identifier: Apache-2.0
+# SPDX-FileCopyrightText: 2024 The SPDX Contributors
+
+from .build_writer import write_build
+
+__all__ = [
+ "write_build",
+]
diff --git a/src/spdx_tools/spdx3/writer/console/build/build_writer.py b/src/spdx_tools/spdx3/writer/console/build/build_writer.py
index 3edc9c6fb..b5ca5a3f6 100644
--- a/src/spdx_tools/spdx3/writer/console/build/build_writer.py
+++ b/src/spdx_tools/spdx3/writer/console/build/build_writer.py
@@ -5,8 +5,7 @@
from spdx_tools.spdx3.model.build import Build
from spdx_tools.spdx3.writer.console.console import write_value
-from spdx_tools.spdx3.writer.console.element_writer import write_element_properties
-from spdx_tools.spdx3.writer.console.hash_writer import write_hash
+from spdx_tools.spdx3.writer.console.core.element_writer import write_element_properties, write_hash
from spdx_tools.spdx.writer.tagvalue.tagvalue_writer_helper_functions import write_optional_heading
diff --git a/src/spdx_tools/spdx3/writer/console/console.py b/src/spdx_tools/spdx3/writer/console/console.py
index 28b5f9cfa..07d06f6d5 100644
--- a/src/spdx_tools/spdx3/writer/console/console.py
+++ b/src/spdx_tools/spdx3/writer/console/console.py
@@ -6,7 +6,12 @@
from beartype.typing import Optional, TextIO, Union
-def write_value(tag: str, value: Optional[Union[bool, str, dict, list, Enum]], out: TextIO, indent: bool = False):
+def write_value(
+ tag: str,
+ value: Optional[Union[bool, str, dict, list, Enum]],
+ out: TextIO,
+ indent: bool = False,
+):
"""This function is duplicated from spdx_tools.spdx.writer.tagvalue.tag_value_writer_helper_functions
and slightly adapted to make indentation of output possible."""
if not value:
diff --git a/src/spdx_tools/spdx3/writer/console/core/__init__.py b/src/spdx_tools/spdx3/writer/console/core/__init__.py
new file mode 100644
index 000000000..fae3eb4ca
--- /dev/null
+++ b/src/spdx_tools/spdx3/writer/console/core/__init__.py
@@ -0,0 +1,43 @@
+# SPDX-License-Identifier: Apache-2.0
+# SPDX-FileCopyrightText: 2024 The SPDX Contributors
+
+from .agent_writer import write_agent
+from .annotation_writer import write_annotation
+from .artifact_writer import write_artifact_properties
+from .bom_writer import write_bom
+from .bundle_writer import write_bundle
+from .creation_info_writer import write_creation_info
+from .element_writer import write_element_properties
+from .external_identifier_writer import write_external_identifier
+from .external_map_writer import write_external_map
+from .external_ref_writer import write_external_ref
+from .hash_writer import write_hash
+from .integrity_method_writer import write_integrity_method
+from .lifecycle_scoped_relationship_writer import write_lifecycle_scoped_relationship
+from .namespace_map_writer import write_namespace_map
+from .relationship_writer import write_relationship
+from .spdx_collection_writer import write_collection
+from .spdx_document_writer import write_spdx_document
+from .tool_writer import write_tool
+
+
+__all__ = [
+ "write_agent",
+ "write_annotation",
+ "write_artifact_properties",
+ "write_bom",
+ "write_bundle",
+ "write_creation_info",
+ "write_element_properties",
+ "write_external_identifier",
+ "write_external_map",
+ "write_external_ref",
+ "write_hash",
+ "write_integrity_method",
+ "write_lifecycle_scoped_relationship",
+ "write_namespace_map",
+ "write_relationship",
+ "write_collection",
+ "write_spdx_document",
+ "write_tool",
+]
diff --git a/src/spdx_tools/spdx3/writer/console/agent_writer.py b/src/spdx_tools/spdx3/writer/console/core/agent_writer.py
similarity index 75%
rename from src/spdx_tools/spdx3/writer/console/agent_writer.py
rename to src/spdx_tools/spdx3/writer/console/core/agent_writer.py
index a1c12a9e0..fb0e5b749 100644
--- a/src/spdx_tools/spdx3/writer/console/agent_writer.py
+++ b/src/spdx_tools/spdx3/writer/console/core/agent_writer.py
@@ -3,8 +3,8 @@
# SPDX-License-Identifier: Apache-2.0
from beartype.typing import TextIO
-from spdx_tools.spdx3.model import Agent, Organization, Person, SoftwareAgent
-from spdx_tools.spdx3.writer.console.element_writer import write_element_properties
+from spdx_tools.spdx3.model.core import Agent, Organization, Person, SoftwareAgent
+from spdx_tools.spdx3.writer.console.core.element_writer import write_element_properties
def write_agent(agent: Agent, text_output: TextIO, heading: bool = True):
diff --git a/src/spdx_tools/spdx3/writer/console/annotation_writer.py b/src/spdx_tools/spdx3/writer/console/core/annotation_writer.py
similarity index 78%
rename from src/spdx_tools/spdx3/writer/console/annotation_writer.py
rename to src/spdx_tools/spdx3/writer/console/core/annotation_writer.py
index 3261a69bd..3177b84d0 100644
--- a/src/spdx_tools/spdx3/writer/console/annotation_writer.py
+++ b/src/spdx_tools/spdx3/writer/console/core/annotation_writer.py
@@ -3,9 +3,9 @@
# SPDX-License-Identifier: Apache-2.0
from beartype.typing import TextIO
-from spdx_tools.spdx3.model import Annotation
+from spdx_tools.spdx3.model.core import Annotation
from spdx_tools.spdx3.writer.console.console import write_value
-from spdx_tools.spdx3.writer.console.element_writer import write_element_properties
+from spdx_tools.spdx3.writer.console.core.element_writer import write_element_properties
def write_annotation(annotation: Annotation, text_output: TextIO):
diff --git a/src/spdx_tools/spdx3/writer/console/artifact_writer.py b/src/spdx_tools/spdx3/writer/console/core/artifact_writer.py
similarity index 76%
rename from src/spdx_tools/spdx3/writer/console/artifact_writer.py
rename to src/spdx_tools/spdx3/writer/console/core/artifact_writer.py
index f55d29e05..315b4574b 100644
--- a/src/spdx_tools/spdx3/writer/console/artifact_writer.py
+++ b/src/spdx_tools/spdx3/writer/console/core/artifact_writer.py
@@ -3,9 +3,9 @@
# SPDX-License-Identifier: Apache-2.0
from beartype.typing import TextIO
-from spdx_tools.spdx3.model import Artifact
+from spdx_tools.spdx3.model.core import Artifact
from spdx_tools.spdx3.writer.console.console import write_value
-from spdx_tools.spdx3.writer.console.element_writer import write_element_properties
+from spdx_tools.spdx3.writer.console.core.element_writer import write_element_properties
def write_artifact_properties(artifact: Artifact, text_output: TextIO):
diff --git a/src/spdx_tools/spdx3/writer/console/bom_writer.py b/src/spdx_tools/spdx3/writer/console/core/bom_writer.py
similarity index 70%
rename from src/spdx_tools/spdx3/writer/console/bom_writer.py
rename to src/spdx_tools/spdx3/writer/console/core/bom_writer.py
index 04fcb283d..bca82c96c 100644
--- a/src/spdx_tools/spdx3/writer/console/bom_writer.py
+++ b/src/spdx_tools/spdx3/writer/console/core/bom_writer.py
@@ -3,8 +3,8 @@
# SPDX-License-Identifier: Apache-2.0
from beartype.typing import TextIO
-from spdx_tools.spdx3.model import Bom
-from spdx_tools.spdx3.writer.console.bundle_writer import write_bundle
+from spdx_tools.spdx3.model.core import Bom
+from spdx_tools.spdx3.writer.console.core.bundle_writer import write_bundle
def write_bom(bom: Bom, text_output: TextIO, heading: bool = True):
diff --git a/src/spdx_tools/spdx3/writer/console/bundle_writer.py b/src/spdx_tools/spdx3/writer/console/core/bundle_writer.py
similarity index 75%
rename from src/spdx_tools/spdx3/writer/console/bundle_writer.py
rename to src/spdx_tools/spdx3/writer/console/core/bundle_writer.py
index 5930db5ee..2dbea5f71 100644
--- a/src/spdx_tools/spdx3/writer/console/bundle_writer.py
+++ b/src/spdx_tools/spdx3/writer/console/core/bundle_writer.py
@@ -3,9 +3,9 @@
# SPDX-License-Identifier: Apache-2.0
from beartype.typing import TextIO
-from spdx_tools.spdx3.model import Bundle
+from spdx_tools.spdx3.model.core import Bundle
from spdx_tools.spdx3.writer.console.console import write_value
-from spdx_tools.spdx3.writer.console.spdx_collection_writer import write_collection
+from spdx_tools.spdx3.writer.console.core.spdx_collection_writer import write_collection
def write_bundle(bundle: Bundle, text_output: TextIO, heading: bool = True):
diff --git a/src/spdx_tools/spdx3/writer/console/creation_info_writer.py b/src/spdx_tools/spdx3/writer/console/core/creation_info_writer.py
similarity index 95%
rename from src/spdx_tools/spdx3/writer/console/creation_info_writer.py
rename to src/spdx_tools/spdx3/writer/console/core/creation_info_writer.py
index c91e6781d..31f593f62 100644
--- a/src/spdx_tools/spdx3/writer/console/creation_info_writer.py
+++ b/src/spdx_tools/spdx3/writer/console/core/creation_info_writer.py
@@ -3,7 +3,7 @@
# SPDX-License-Identifier: Apache-2.0
from beartype.typing import TextIO
-from spdx_tools.spdx3.model import CreationInfo
+from spdx_tools.spdx3.model.core import CreationInfo
from spdx_tools.spdx3.writer.console.console import write_value
from spdx_tools.spdx.datetime_conversions import datetime_to_iso_string
diff --git a/src/spdx_tools/spdx3/writer/console/element_writer.py b/src/spdx_tools/spdx3/writer/console/core/element_writer.py
similarity index 70%
rename from src/spdx_tools/spdx3/writer/console/element_writer.py
rename to src/spdx_tools/spdx3/writer/console/core/element_writer.py
index 61eb72ecd..a2a42bca9 100644
--- a/src/spdx_tools/spdx3/writer/console/element_writer.py
+++ b/src/spdx_tools/spdx3/writer/console/core/element_writer.py
@@ -3,14 +3,16 @@
# SPDX-License-Identifier: Apache-2.0
from beartype.typing import TextIO
-from spdx_tools.spdx3.model import Element
+from spdx_tools.spdx3.model.core import Element
from spdx_tools.spdx3.writer.console.console import write_value
-from spdx_tools.spdx3.writer.console.creation_info_writer import write_creation_info
-from spdx_tools.spdx3.writer.console.external_identifier_writer import write_external_identifier
-from spdx_tools.spdx3.writer.console.external_reference_writer import write_external_reference
-from spdx_tools.spdx3.writer.console.hash_writer import write_hash
+
from spdx_tools.spdx.writer.tagvalue.tagvalue_writer_helper_functions import write_optional_heading
+from .creation_info_writer import write_creation_info
+from .external_identifier_writer import write_external_identifier
+from .external_ref_writer import write_external_ref
+from .hash_writer import write_hash
+
def write_element_properties(element: Element, text_output: TextIO):
write_value("SPDXID", element.spdx_id, text_output)
@@ -26,9 +28,9 @@ def write_element_properties(element: Element, text_output: TextIO):
# as soon as there are more inherited classes we need to implement a logic
# that determines the correct write function for the "integrity_method" object
write_hash(integrity_method, text_output, heading=False)
- write_optional_heading(element.external_reference, "External Reference\n", text_output)
- for external_reference in element.external_reference:
- write_external_reference(external_reference, text_output)
+ write_optional_heading(element.external_ref, "External Reference\n", text_output)
+ for external_ref in element.external_ref:
+ write_external_ref(external_ref, text_output)
write_optional_heading(element.external_identifier, "External Identifier\n", text_output)
for external_identifier in element.external_identifier:
write_external_identifier(external_identifier, text_output)
diff --git a/src/spdx_tools/spdx3/writer/console/external_identifier_writer.py b/src/spdx_tools/spdx3/writer/console/core/external_identifier_writer.py
similarity index 88%
rename from src/spdx_tools/spdx3/writer/console/external_identifier_writer.py
rename to src/spdx_tools/spdx3/writer/console/core/external_identifier_writer.py
index 40f2d0e97..d046dd3b8 100644
--- a/src/spdx_tools/spdx3/writer/console/external_identifier_writer.py
+++ b/src/spdx_tools/spdx3/writer/console/core/external_identifier_writer.py
@@ -3,7 +3,7 @@
# SPDX-License-Identifier: Apache-2.0
from beartype.typing import TextIO
-from spdx_tools.spdx3.model import ExternalIdentifier
+from spdx_tools.spdx3.model.core import ExternalIdentifier
from spdx_tools.spdx3.writer.console.console import write_value
diff --git a/src/spdx_tools/spdx3/writer/console/external_map_writer.py b/src/spdx_tools/spdx3/writer/console/core/external_map_writer.py
similarity index 88%
rename from src/spdx_tools/spdx3/writer/console/external_map_writer.py
rename to src/spdx_tools/spdx3/writer/console/core/external_map_writer.py
index 41f59dc5d..a929133d3 100644
--- a/src/spdx_tools/spdx3/writer/console/external_map_writer.py
+++ b/src/spdx_tools/spdx3/writer/console/core/external_map_writer.py
@@ -3,9 +3,9 @@
# SPDX-License-Identifier: Apache-2.0
from beartype.typing import TextIO
-from spdx_tools.spdx3.model import ExternalMap
+from spdx_tools.spdx3.model.core import ExternalMap
from spdx_tools.spdx3.writer.console.console import write_value
-from spdx_tools.spdx3.writer.console.hash_writer import write_hash
+from spdx_tools.spdx3.writer.console.core.hash_writer import write_hash
from spdx_tools.spdx.writer.tagvalue.tagvalue_writer_helper_functions import write_optional_heading
diff --git a/src/spdx_tools/spdx3/writer/console/core/external_ref_writer.py b/src/spdx_tools/spdx3/writer/console/core/external_ref_writer.py
new file mode 100644
index 000000000..be112f82f
--- /dev/null
+++ b/src/spdx_tools/spdx3/writer/console/core/external_ref_writer.py
@@ -0,0 +1,12 @@
+# SPDX-FileCopyrightText: 2023 spdx contributors
+#
+# SPDX-License-Identifier: Apache-2.0
+from beartype.typing import TextIO
+
+from spdx_tools.spdx3.model.core import ExternalRef
+from spdx_tools.spdx3.writer.console.console import write_value
+
+
+def write_external_ref(external_ref: ExternalRef, text_output: TextIO):
+ for property_name in ExternalRef.__annotations__.keys():
+ write_value(property_name, getattr(external_ref, property_name), text_output)
diff --git a/src/spdx_tools/spdx3/writer/console/hash_writer.py b/src/spdx_tools/spdx3/writer/console/core/hash_writer.py
similarity index 79%
rename from src/spdx_tools/spdx3/writer/console/hash_writer.py
rename to src/spdx_tools/spdx3/writer/console/core/hash_writer.py
index 970a49b56..6a66b3c0a 100644
--- a/src/spdx_tools/spdx3/writer/console/hash_writer.py
+++ b/src/spdx_tools/spdx3/writer/console/core/hash_writer.py
@@ -3,9 +3,9 @@
# SPDX-License-Identifier: Apache-2.0
from beartype.typing import TextIO
-from spdx_tools.spdx3.model import Hash
+from spdx_tools.spdx3.model.core import Hash
from spdx_tools.spdx3.writer.console.console import write_value
-from spdx_tools.spdx3.writer.console.integrity_method_writer import write_integrity_method
+from spdx_tools.spdx3.writer.console.core.integrity_method_writer import write_integrity_method
def write_hash(hash_object: Hash, text_output: TextIO, heading: bool, indent: bool = True):
diff --git a/src/spdx_tools/spdx3/writer/console/integrity_method_writer.py b/src/spdx_tools/spdx3/writer/console/core/integrity_method_writer.py
similarity index 86%
rename from src/spdx_tools/spdx3/writer/console/integrity_method_writer.py
rename to src/spdx_tools/spdx3/writer/console/core/integrity_method_writer.py
index df233c997..d3d80992b 100644
--- a/src/spdx_tools/spdx3/writer/console/integrity_method_writer.py
+++ b/src/spdx_tools/spdx3/writer/console/core/integrity_method_writer.py
@@ -3,7 +3,7 @@
# SPDX-License-Identifier: Apache-2.0
from beartype.typing import TextIO
-from spdx_tools.spdx3.model import IntegrityMethod
+from spdx_tools.spdx3.model.core import IntegrityMethod
from spdx_tools.spdx3.writer.console.console import write_value
diff --git a/src/spdx_tools/spdx3/writer/console/lifecycle_scoped_relationship_writer.py b/src/spdx_tools/spdx3/writer/console/core/lifecycle_scoped_relationship_writer.py
similarity index 80%
rename from src/spdx_tools/spdx3/writer/console/lifecycle_scoped_relationship_writer.py
rename to src/spdx_tools/spdx3/writer/console/core/lifecycle_scoped_relationship_writer.py
index 5710ae6e8..820d4dc47 100644
--- a/src/spdx_tools/spdx3/writer/console/lifecycle_scoped_relationship_writer.py
+++ b/src/spdx_tools/spdx3/writer/console/core/lifecycle_scoped_relationship_writer.py
@@ -4,9 +4,9 @@
from beartype.typing import TextIO
-from spdx_tools.spdx3.model import LifecycleScopedRelationship
+from spdx_tools.spdx3.model.core import LifecycleScopedRelationship
from spdx_tools.spdx3.writer.console.console import write_value
-from spdx_tools.spdx3.writer.console.relationship_writer import write_relationship
+from spdx_tools.spdx3.writer.console.core.relationship_writer import write_relationship
def write_lifecycle_scoped_relationship(
diff --git a/src/spdx_tools/spdx3/writer/console/namespace_map_writer.py b/src/spdx_tools/spdx3/writer/console/core/namespace_map_writer.py
similarity index 88%
rename from src/spdx_tools/spdx3/writer/console/namespace_map_writer.py
rename to src/spdx_tools/spdx3/writer/console/core/namespace_map_writer.py
index d83ccb05a..a72165b4b 100644
--- a/src/spdx_tools/spdx3/writer/console/namespace_map_writer.py
+++ b/src/spdx_tools/spdx3/writer/console/core/namespace_map_writer.py
@@ -3,7 +3,7 @@
# SPDX-License-Identifier: Apache-2.0
from beartype.typing import TextIO
-from spdx_tools.spdx3.model import NamespaceMap
+from spdx_tools.spdx3.model.core import NamespaceMap
from spdx_tools.spdx3.writer.console.console import write_value
diff --git a/src/spdx_tools/spdx3/writer/console/relationship_writer.py b/src/spdx_tools/spdx3/writer/console/core/relationship_writer.py
similarity index 79%
rename from src/spdx_tools/spdx3/writer/console/relationship_writer.py
rename to src/spdx_tools/spdx3/writer/console/core/relationship_writer.py
index 1a8b16a3e..9a6bfccec 100644
--- a/src/spdx_tools/spdx3/writer/console/relationship_writer.py
+++ b/src/spdx_tools/spdx3/writer/console/core/relationship_writer.py
@@ -3,9 +3,9 @@
# SPDX-License-Identifier: Apache-2.0
from beartype.typing import TextIO
-from spdx_tools.spdx3.model import Relationship
+from spdx_tools.spdx3.model.core import Relationship
from spdx_tools.spdx3.writer.console.console import write_value
-from spdx_tools.spdx3.writer.console.element_writer import write_element_properties
+from spdx_tools.spdx3.writer.console.core.element_writer import write_element_properties
def write_relationship(relationship: Relationship, text_output: TextIO, heading: bool = True):
diff --git a/src/spdx_tools/spdx3/writer/console/core/spdx_collection_writer.py b/src/spdx_tools/spdx3/writer/console/core/spdx_collection_writer.py
new file mode 100644
index 000000000..13e1a7d80
--- /dev/null
+++ b/src/spdx_tools/spdx3/writer/console/core/spdx_collection_writer.py
@@ -0,0 +1,22 @@
+# SPDX-FileCopyrightText: 2023 spdx contributors
+#
+# SPDX-License-Identifier: Apache-2.0
+from beartype.typing import TextIO
+
+from spdx_tools.spdx3.model.core import ElementCollection
+from spdx_tools.spdx.writer.tagvalue.tagvalue_writer_helper_functions import write_optional_heading
+
+from .element_writer import write_element_properties
+from .external_map_writer import write_external_map
+from .namespace_map_writer import write_namespace_map
+
+
+def write_collection(collection: ElementCollection, text_output: TextIO):
+ write_element_properties(collection, text_output)
+ text_output.write(f"elements: {', '.join(collection.element)}\n")
+ write_optional_heading(collection.namespace, "# Namespace\n", text_output)
+ for namespace_map in collection.namespace:
+ write_namespace_map(namespace_map, text_output)
+ write_optional_heading(collection.import_, "# Import\n", text_output)
+ for external_map in collection.import_:
+ write_external_map(external_map, text_output)
diff --git a/src/spdx_tools/spdx3/writer/console/spdx_document_writer.py b/src/spdx_tools/spdx3/writer/console/core/spdx_document_writer.py
similarity index 69%
rename from src/spdx_tools/spdx3/writer/console/spdx_document_writer.py
rename to src/spdx_tools/spdx3/writer/console/core/spdx_document_writer.py
index 8c2cdf649..69f3651c0 100644
--- a/src/spdx_tools/spdx3/writer/console/spdx_document_writer.py
+++ b/src/spdx_tools/spdx3/writer/console/core/spdx_document_writer.py
@@ -3,8 +3,8 @@
# SPDX-License-Identifier: Apache-2.0
from beartype.typing import TextIO
-from spdx_tools.spdx3.model import SpdxDocument
-from spdx_tools.spdx3.writer.console.bundle_writer import write_bundle
+from spdx_tools.spdx3.model.core import SpdxDocument
+from spdx_tools.spdx3.writer.console.core.bundle_writer import write_bundle
def write_spdx_document(spdx_document: SpdxDocument, text_output: TextIO):
diff --git a/src/spdx_tools/spdx3/writer/console/tool_writer.py b/src/spdx_tools/spdx3/writer/console/core/tool_writer.py
similarity index 86%
rename from src/spdx_tools/spdx3/writer/console/tool_writer.py
rename to src/spdx_tools/spdx3/writer/console/core/tool_writer.py
index 1873263bc..075405a54 100644
--- a/src/spdx_tools/spdx3/writer/console/tool_writer.py
+++ b/src/spdx_tools/spdx3/writer/console/core/tool_writer.py
@@ -11,8 +11,8 @@
# limitations under the License.
from beartype.typing import TextIO
-from spdx_tools.spdx3.model import Tool
-from spdx_tools.spdx3.writer.console.element_writer import write_element_properties
+from spdx_tools.spdx3.model.core import Tool
+from spdx_tools.spdx3.writer.console.core.element_writer import write_element_properties
def write_tool(tool: Tool, text_output: TextIO, heading: bool = True):
diff --git a/src/spdx_tools/spdx3/writer/console/dataset/__init__.py b/src/spdx_tools/spdx3/writer/console/dataset/__init__.py
index e69de29bb..0d0121eec 100644
--- a/src/spdx_tools/spdx3/writer/console/dataset/__init__.py
+++ b/src/spdx_tools/spdx3/writer/console/dataset/__init__.py
@@ -0,0 +1,8 @@
+# SPDX-License-Identifier: Apache-2.0
+# SPDX-FileCopyrightText: 2024 The SPDX Contributors
+
+from .dataset_package_writer import write_dataset_package
+
+__all__ = [
+ "write_dataset_package",
+]
diff --git a/src/spdx_tools/spdx3/writer/console/dataset/dataset_package_writer.py b/src/spdx_tools/spdx3/writer/console/dataset/dataset_package_writer.py
new file mode 100644
index 000000000..4b2a0deae
--- /dev/null
+++ b/src/spdx_tools/spdx3/writer/console/dataset/dataset_package_writer.py
@@ -0,0 +1,16 @@
+# SPDX-FileCopyrightText: 2023 spdx contributors
+#
+# SPDX-License-Identifier: Apache-2.0
+from beartype.typing import TextIO
+
+from spdx_tools.spdx3.model.dataset import DatasetPackage
+from spdx_tools.spdx3.writer.console.console import write_value
+from spdx_tools.spdx3.writer.console.software.package_writer import write_package
+
+
+def write_dataset_package(datasetPackage: DatasetPackage, text_output: TextIO):
+ text_output.write("## Dataset\n")
+ write_package(datasetPackage, text_output, False)
+
+ for property_name in DatasetPackage.__annotations__.keys():
+ write_value(property_name, getattr(datasetPackage, property_name), text_output)
diff --git a/src/spdx_tools/spdx3/writer/console/dataset/dataset_writer.py b/src/spdx_tools/spdx3/writer/console/dataset/dataset_writer.py
deleted file mode 100644
index 91131240a..000000000
--- a/src/spdx_tools/spdx3/writer/console/dataset/dataset_writer.py
+++ /dev/null
@@ -1,16 +0,0 @@
-# SPDX-FileCopyrightText: 2023 spdx contributors
-#
-# SPDX-License-Identifier: Apache-2.0
-from beartype.typing import TextIO
-
-from spdx_tools.spdx3.model.dataset import Dataset
-from spdx_tools.spdx3.writer.console.console import write_value
-from spdx_tools.spdx3.writer.console.software.package_writer import write_package
-
-
-def write_dataset(dataset: Dataset, text_output: TextIO):
- text_output.write("## Dataset\n")
- write_package(dataset, text_output, False)
-
- for property_name in Dataset.__annotations__.keys():
- write_value(property_name, getattr(dataset, property_name), text_output)
diff --git a/src/spdx_tools/spdx3/writer/console/external_reference_writer.py b/src/spdx_tools/spdx3/writer/console/external_reference_writer.py
deleted file mode 100644
index fa6cc79eb..000000000
--- a/src/spdx_tools/spdx3/writer/console/external_reference_writer.py
+++ /dev/null
@@ -1,12 +0,0 @@
-# SPDX-FileCopyrightText: 2023 spdx contributors
-#
-# SPDX-License-Identifier: Apache-2.0
-from beartype.typing import TextIO
-
-from spdx_tools.spdx3.model import ExternalReference
-from spdx_tools.spdx3.writer.console.console import write_value
-
-
-def write_external_reference(external_reference: ExternalReference, text_output: TextIO):
- for property_name in ExternalReference.__annotations__.keys():
- write_value(property_name, getattr(external_reference, property_name), text_output)
diff --git a/src/spdx_tools/spdx3/writer/console/payload_writer.py b/src/spdx_tools/spdx3/writer/console/payload_writer.py
index 34532f364..2a4f03eb3 100644
--- a/src/spdx_tools/spdx3/writer/console/payload_writer.py
+++ b/src/spdx_tools/spdx3/writer/console/payload_writer.py
@@ -3,7 +3,10 @@
# SPDX-License-Identifier: Apache-2.0
from beartype.typing import TextIO
-from spdx_tools.spdx3.model import (
+from spdx_tools.spdx3.model.ai import AIPackage
+from spdx_tools.spdx3.model.build import Build
+from spdx_tools.spdx3.model.dataset import DatasetPackage
+from spdx_tools.spdx3.model.core import (
Annotation,
Bom,
Bundle,
@@ -14,47 +17,54 @@
SpdxDocument,
Tool,
)
-from spdx_tools.spdx3.model.ai import AIPackage
-from spdx_tools.spdx3.model.build import Build
-from spdx_tools.spdx3.model.dataset import Dataset
-from spdx_tools.spdx3.model.software import File, Package, Sbom, Snippet, SoftwareDependencyRelationship
+from spdx_tools.spdx3.model.software import (
+ File,
+ Package,
+ Sbom,
+ Snippet,
+ SoftwareDependencyRelationship,
+)
from spdx_tools.spdx3.payload import Payload
-from spdx_tools.spdx3.writer.console.agent_writer import write_agent
-from spdx_tools.spdx3.writer.console.ai.ai_package_writer import write_ai_package
-from spdx_tools.spdx3.writer.console.annotation_writer import write_annotation
-from spdx_tools.spdx3.writer.console.bom_writer import write_bom
-from spdx_tools.spdx3.writer.console.build.build_writer import write_build
-from spdx_tools.spdx3.writer.console.bundle_writer import write_bundle
-from spdx_tools.spdx3.writer.console.dataset.dataset_writer import write_dataset
-from spdx_tools.spdx3.writer.console.relationship_writer import write_relationship
-from spdx_tools.spdx3.writer.console.software.file_writer import write_file
-from spdx_tools.spdx3.writer.console.software.package_writer import write_package
-from spdx_tools.spdx3.writer.console.software.sbom_writer import write_sbom
-from spdx_tools.spdx3.writer.console.software.snippet_writer import write_snippet
-from spdx_tools.spdx3.writer.console.software.software_dependency_relationship_writer import (
+from spdx_tools.spdx3.writer.console.ai import write_ai_package
+from spdx_tools.spdx3.writer.console.build import write_build
+from spdx_tools.spdx3.writer.console.core import (
+ write_agent,
+ write_annotation,
+ write_bom,
+ write_bundle,
+ write_relationship,
+ write_spdx_document,
+ write_tool,
+)
+from spdx_tools.spdx3.writer.console.dataset import (
+ write_dataset_package,
+)
+from spdx_tools.spdx3.writer.console.software import (
+ write_file,
+ write_package,
+ write_sbom,
+ write_snippet,
write_software_dependency_relationship,
)
-from spdx_tools.spdx3.writer.console.spdx_document_writer import write_spdx_document
-from spdx_tools.spdx3.writer.console.tool_writer import write_tool
MAP_CLASS_TO_WRITE_METHOD = {
+ AIPackage: write_ai_package,
Annotation: write_annotation,
- Relationship: write_relationship,
- SoftwareDependencyRelationship: write_software_dependency_relationship,
- Bundle: write_bundle,
- SpdxDocument: write_spdx_document,
Bom: write_bom,
+ Build: write_build,
+ Bundle: write_bundle,
+ DatasetPackage: write_dataset_package,
File: write_file,
+ Organization: write_agent,
Package: write_package,
- Snippet: write_snippet,
- Sbom: write_sbom,
Person: write_agent,
- Organization: write_agent,
+ Relationship: write_relationship,
+ Sbom: write_sbom,
+ Snippet: write_snippet,
SoftwareAgent: write_agent,
+ SoftwareDependencyRelationship: write_software_dependency_relationship,
+ SpdxDocument: write_spdx_document,
Tool: write_tool,
- AIPackage: write_ai_package,
- Dataset: write_dataset,
- Build: write_build,
}
diff --git a/src/spdx_tools/spdx3/writer/console/software/__init__.py b/src/spdx_tools/spdx3/writer/console/software/__init__.py
index e69de29bb..804b17185 100644
--- a/src/spdx_tools/spdx3/writer/console/software/__init__.py
+++ b/src/spdx_tools/spdx3/writer/console/software/__init__.py
@@ -0,0 +1,18 @@
+# SPDX-License-Identifier: Apache-2.0
+# SPDX-FileCopyrightText: 2024 The SPDX Contributors
+
+from .file_writer import write_file
+from .package_writer import write_package
+from .sbom_writer import write_sbom
+from .snippet_writer import write_snippet
+from .software_dependency_relationship_writer import (
+ write_software_dependency_relationship,
+)
+
+__all__ = [
+ "write_file",
+ "write_package",
+ "write_sbom",
+ "write_snippet",
+ "write_software_dependency_relationship",
+]
diff --git a/src/spdx_tools/spdx3/writer/console/software/file_writer.py b/src/spdx_tools/spdx3/writer/console/software/file_writer.py
index ec631f024..9ef966926 100644
--- a/src/spdx_tools/spdx3/writer/console/software/file_writer.py
+++ b/src/spdx_tools/spdx3/writer/console/software/file_writer.py
@@ -4,8 +4,8 @@
from beartype.typing import TextIO
from spdx_tools.spdx3.model.software import File
-from spdx_tools.spdx3.writer.console.artifact_writer import write_artifact_properties
from spdx_tools.spdx3.writer.console.console import write_value
+from spdx_tools.spdx3.writer.console.core.artifact_writer import write_artifact_properties
def write_file(file: File, text_output: TextIO):
diff --git a/src/spdx_tools/spdx3/writer/console/software/package_writer.py b/src/spdx_tools/spdx3/writer/console/software/package_writer.py
index 1f66f989b..b1cb9ef02 100644
--- a/src/spdx_tools/spdx3/writer/console/software/package_writer.py
+++ b/src/spdx_tools/spdx3/writer/console/software/package_writer.py
@@ -4,8 +4,8 @@
from beartype.typing import TextIO
from spdx_tools.spdx3.model.software import Package
-from spdx_tools.spdx3.writer.console.artifact_writer import write_artifact_properties
from spdx_tools.spdx3.writer.console.console import write_value
+from spdx_tools.spdx3.writer.console.core.artifact_writer import write_artifact_properties
def write_package(package: Package, text_output: TextIO, heading: bool = True):
diff --git a/src/spdx_tools/spdx3/writer/console/software/sbom_writer.py b/src/spdx_tools/spdx3/writer/console/software/sbom_writer.py
index 2e34a6b00..eef924a31 100644
--- a/src/spdx_tools/spdx3/writer/console/software/sbom_writer.py
+++ b/src/spdx_tools/spdx3/writer/console/software/sbom_writer.py
@@ -4,7 +4,7 @@
from beartype.typing import TextIO
from spdx_tools.spdx3.model.software import Sbom
-from spdx_tools.spdx3.writer.console.bom_writer import write_bom
+from spdx_tools.spdx3.writer.console.core.bom_writer import write_bom
def write_sbom(sbom: Sbom, text_output: TextIO):
diff --git a/src/spdx_tools/spdx3/writer/console/software/snippet_writer.py b/src/spdx_tools/spdx3/writer/console/software/snippet_writer.py
index b0ea7bbc7..5515f1c36 100644
--- a/src/spdx_tools/spdx3/writer/console/software/snippet_writer.py
+++ b/src/spdx_tools/spdx3/writer/console/software/snippet_writer.py
@@ -4,8 +4,8 @@
from beartype.typing import TextIO
from spdx_tools.spdx3.model.software import Snippet
-from spdx_tools.spdx3.writer.console.artifact_writer import write_artifact_properties
from spdx_tools.spdx3.writer.console.console import write_value
+from spdx_tools.spdx3.writer.console.core.artifact_writer import write_artifact_properties
def write_snippet(snippet: Snippet, text_output: TextIO):
diff --git a/src/spdx_tools/spdx3/writer/console/software/software_dependency_relationship_writer.py b/src/spdx_tools/spdx3/writer/console/software/software_dependency_relationship_writer.py
index 8064c76a1..102b158c5 100644
--- a/src/spdx_tools/spdx3/writer/console/software/software_dependency_relationship_writer.py
+++ b/src/spdx_tools/spdx3/writer/console/software/software_dependency_relationship_writer.py
@@ -6,7 +6,7 @@
from spdx_tools.spdx3.model.software import SoftwareDependencyRelationship
from spdx_tools.spdx3.writer.console.console import write_value
-from spdx_tools.spdx3.writer.console.lifecycle_scoped_relationship_writer import write_lifecycle_scoped_relationship
+from spdx_tools.spdx3.writer.console.core.lifecycle_scoped_relationship_writer import write_lifecycle_scoped_relationship
def write_software_dependency_relationship(
diff --git a/src/spdx_tools/spdx3/writer/console/spdx_collection_writer.py b/src/spdx_tools/spdx3/writer/console/spdx_collection_writer.py
deleted file mode 100644
index 7654329b2..000000000
--- a/src/spdx_tools/spdx3/writer/console/spdx_collection_writer.py
+++ /dev/null
@@ -1,21 +0,0 @@
-# SPDX-FileCopyrightText: 2023 spdx contributors
-#
-# SPDX-License-Identifier: Apache-2.0
-from beartype.typing import TextIO
-
-from spdx_tools.spdx3.model import ElementCollection
-from spdx_tools.spdx3.writer.console.element_writer import write_element_properties
-from spdx_tools.spdx3.writer.console.external_map_writer import write_external_map
-from spdx_tools.spdx3.writer.console.namespace_map_writer import write_namespace_map
-from spdx_tools.spdx.writer.tagvalue.tagvalue_writer_helper_functions import write_optional_heading
-
-
-def write_collection(collection: ElementCollection, text_output: TextIO):
- write_element_properties(collection, text_output)
- text_output.write(f"elements: {', '.join(collection.element)}\n")
- write_optional_heading(collection.namespaces, "# Namespaces\n", text_output)
- for namespace_map in collection.namespaces:
- write_namespace_map(namespace_map, text_output)
- write_optional_heading(collection.imports, "# Imports\n", text_output)
- for external_map in collection.imports:
- write_external_map(external_map, text_output)
diff --git a/src/spdx_tools/spdx3/writer/json_ld/SPDX_OWL.json b/src/spdx_tools/spdx3/writer/json_ld/SPDX_OWL.json
index 96e744e79..86343b7a1 100644
--- a/src/spdx_tools/spdx3/writer/json_ld/SPDX_OWL.json
+++ b/src/spdx_tools/spdx3/writer/json_ld/SPDX_OWL.json
@@ -1,252 +1,294 @@
{
"@context": {
- "ai": "https://spdx.org/rdf/AI/",
- "build": "https://spdx.org/rdf/Build/",
- "core": "https://spdx.org/rdf/Core/",
- "dataset": "https://spdx.org/rdf/Dataset/",
- "licensing": "https://spdx.org/rdf/Licensing/",
- "ns0": "http://www.w3.org/2003/06/sw-vocab-status/ns#",
+ "dcterms": "http://purl.org/dc/terms/",
+ "ns1": "https://spdx.org/rdf/3.0.1/terms/Core/",
+ "ns2": "https://spdx.org/rdf/3.0.1/terms/Software/",
+ "ns3": "https://spdx.org/rdf/3.0.1/terms/Dataset/",
+ "ns4": "https://spdx.org/rdf/3.0.1/terms/AI/",
+ "ns5": "https://spdx.org/rdf/3.0.1/terms/Security/",
+ "ns6": "https://spdx.org/rdf/3.0.1/terms/ExpandedLicensing/",
+ "ns7": "http://spdx.invalid./",
+ "omg-ann": "https://www.omg.org/spec/Commons/AnnotationVocabulary/",
"owl": "http://www.w3.org/2002/07/owl#",
+ "rdf": "http://www.w3.org/1999/02/22-rdf-syntax-ns#",
"rdfs": "http://www.w3.org/2000/01/rdf-schema#",
- "security": "https://spdx.org/rdf/Security/",
"sh": "http://www.w3.org/ns/shacl#",
- "software": "https://spdx.org/rdf/Software/",
+ "spdx": "https://spdx.org/rdf/3.0.1/terms/",
"xsd": "http://www.w3.org/2001/XMLSchema#"
},
"@graph": [
{
- "@id": "ai:AIPackage",
+ "@id": "ns4:AIPackage",
"@type": [
"owl:Class",
"sh:NodeShape"
],
- "rdfs:comment": "Metadata information that can be added to a package to describe an AI application or trained AI model.\nExternal property restriction on /Core/Artifact/suppliedBy: minCount: 1\nExternal property restriction on /Software/Package/downloadLocation: minCount: 1\nExternal property restriction on /Software/Package/packageVersion: minCount: 1\nExternal property restriction on /Software/SoftwareArtifact/purpose: minCount: 1\nExternal property restriction on /Core/Artifact/releaseTime: minCount: 1",
+ "rdfs:comment": {
+ "@value": "Specifies an AI package and its associated information.",
+ "@language": "en"
+ },
"rdfs:subClassOf": {
- "@id": "software:Package"
+ "@id": "ns2:Package"
+ },
+ "sh:nodeKind": {
+ "@id": "sh:IRI"
},
- "ns0:term_status": "Stable",
"sh:property": [
{
"sh:class": {
- "@id": "core:DictionaryEntry"
+ "@id": "ns1:DictionaryEntry"
+ },
+ "sh:nodeKind": {
+ "@id": "sh:BlankNodeOrIRI"
},
- "sh:name": "metric",
"sh:path": {
- "@id": "ai:metric"
+ "@id": "ns4:metricDecisionThreshold"
}
},
{
- "sh:datatype": {
- "@id": "xsd:string"
+ "sh:class": {
+ "@id": "ns1:DictionaryEntry"
+ },
+ "sh:nodeKind": {
+ "@id": "sh:BlankNodeOrIRI"
},
- "sh:name": "modelExplainability",
"sh:path": {
- "@id": "ai:modelExplainability"
+ "@id": "ns4:metric"
}
},
{
"sh:datatype": {
"@id": "xsd:string"
},
- "sh:name": "domain",
+ "sh:nodeKind": {
+ "@id": "sh:Literal"
+ },
"sh:path": {
- "@id": "ai:domain"
+ "@id": "ns4:modelExplainability"
}
},
{
- "sh:datatype": {
- "@id": "xsd:string"
+ "sh:class": {
+ "@id": "ns1:DictionaryEntry"
+ },
+ "sh:nodeKind": {
+ "@id": "sh:BlankNodeOrIRI"
},
- "sh:name": "standardCompliance",
"sh:path": {
- "@id": "ai:standardCompliance"
+ "@id": "ns4:hyperparameter"
}
},
{
- "sh:class": {
- "@id": "core:DictionaryEntry"
+ "sh:datatype": {
+ "@id": "xsd:string"
+ },
+ "sh:maxCount": 1,
+ "sh:nodeKind": {
+ "@id": "sh:Literal"
},
- "sh:name": "hyperparameter",
"sh:path": {
- "@id": "ai:hyperparameter"
+ "@id": "ns4:informationAboutTraining"
}
},
{
"sh:datatype": {
"@id": "xsd:string"
},
- "sh:maxCount": 1,
- "sh:name": "energyConsumption",
+ "sh:nodeKind": {
+ "@id": "sh:Literal"
+ },
"sh:path": {
- "@id": "ai:energyConsumption"
+ "@id": "ns4:modelDataPreprocessing"
}
},
{
"sh:datatype": {
"@id": "xsd:string"
},
- "sh:maxCount": 1,
- "sh:name": "limitation",
+ "sh:nodeKind": {
+ "@id": "sh:Literal"
+ },
"sh:path": {
- "@id": "ai:limitation"
+ "@id": "ns4:typeOfModel"
}
},
{
- "sh:class": {
- "@id": "ai:SafetyRiskAssessmentType"
+ "sh:datatype": {
+ "@id": "xsd:string"
+ },
+ "sh:nodeKind": {
+ "@id": "sh:Literal"
},
- "sh:maxCount": 1,
- "sh:name": "safetyRiskAssessment",
"sh:path": {
- "@id": "ai:safetyRiskAssessment"
+ "@id": "ns4:standardCompliance"
}
},
{
"sh:datatype": {
"@id": "xsd:string"
},
- "sh:name": "modelDataPreprocessing",
+ "sh:maxCount": 1,
+ "sh:nodeKind": {
+ "@id": "sh:Literal"
+ },
"sh:path": {
- "@id": "ai:modelDataPreprocessing"
+ "@id": "ns4:limitation"
}
},
{
"sh:class": {
- "@id": "ai:PresenceType"
+ "@id": "ns1:PresenceType"
+ },
+ "sh:in": {
+ "@list": [
+ {
+ "@id": "https://spdx.org/rdf/3.0.1/terms/Core/PresenceType/yes"
+ },
+ {
+ "@id": "https://spdx.org/rdf/3.0.1/terms/Core/PresenceType/no"
+ },
+ {
+ "@id": "https://spdx.org/rdf/3.0.1/terms/Core/PresenceType/noAssertion"
+ }
+ ]
},
"sh:maxCount": 1,
- "sh:name": "sensitivePersonalInformation",
+ "sh:nodeKind": {
+ "@id": "sh:IRI"
+ },
"sh:path": {
- "@id": "ai:sensitivePersonalInformation"
+ "@id": "ns4:autonomyType"
}
},
{
"sh:datatype": {
"@id": "xsd:string"
},
- "sh:maxCount": 1,
- "sh:name": "informationAboutTraining",
+ "sh:nodeKind": {
+ "@id": "sh:Literal"
+ },
"sh:path": {
- "@id": "ai:informationAboutTraining"
+ "@id": "ns4:domain"
}
},
{
- "sh:datatype": {
- "@id": "xsd:string"
+ "sh:class": {
+ "@id": "ns4:SafetyRiskAssessmentType"
+ },
+ "sh:in": {
+ "@list": [
+ {
+ "@id": "https://spdx.org/rdf/3.0.1/terms/AI/SafetyRiskAssessmentType/serious"
+ },
+ {
+ "@id": "https://spdx.org/rdf/3.0.1/terms/AI/SafetyRiskAssessmentType/high"
+ },
+ {
+ "@id": "https://spdx.org/rdf/3.0.1/terms/AI/SafetyRiskAssessmentType/medium"
+ },
+ {
+ "@id": "https://spdx.org/rdf/3.0.1/terms/AI/SafetyRiskAssessmentType/low"
+ }
+ ]
},
"sh:maxCount": 1,
- "sh:name": "informationAboutApplication",
+ "sh:nodeKind": {
+ "@id": "sh:IRI"
+ },
"sh:path": {
- "@id": "ai:informationAboutApplication"
+ "@id": "ns4:safetyRiskAssessment"
}
},
{
- "sh:datatype": {
- "@id": "xsd:string"
+ "sh:class": {
+ "@id": "ns1:PresenceType"
+ },
+ "sh:in": {
+ "@list": [
+ {
+ "@id": "https://spdx.org/rdf/3.0.1/terms/Core/PresenceType/yes"
+ },
+ {
+ "@id": "https://spdx.org/rdf/3.0.1/terms/Core/PresenceType/no"
+ },
+ {
+ "@id": "https://spdx.org/rdf/3.0.1/terms/Core/PresenceType/noAssertion"
+ }
+ ]
+ },
+ "sh:maxCount": 1,
+ "sh:nodeKind": {
+ "@id": "sh:IRI"
},
- "sh:name": "typeOfModel",
"sh:path": {
- "@id": "ai:typeOfModel"
+ "@id": "ns4:useSensitivePersonalInformation"
}
},
{
- "sh:class": {
- "@id": "ai:PresenceType"
+ "sh:datatype": {
+ "@id": "xsd:string"
},
"sh:maxCount": 1,
- "sh:name": "autonomyType",
+ "sh:nodeKind": {
+ "@id": "sh:Literal"
+ },
"sh:path": {
- "@id": "ai:autonomyType"
+ "@id": "ns4:informationAboutApplication"
}
},
{
"sh:class": {
- "@id": "core:DictionaryEntry"
+ "@id": "ns4:EnergyConsumption"
+ },
+ "sh:maxCount": 1,
+ "sh:nodeKind": {
+ "@id": "sh:BlankNodeOrIRI"
},
- "sh:name": "metricDecisionThreshold",
"sh:path": {
- "@id": "ai:metricDecisionThreshold"
+ "@id": "ns4:energyConsumption"
}
}
]
},
{
- "@id": "https://spdx.org/rdf/AI/PresenceType/no",
- "@type": [
- "owl:NamedIndividual",
- "ai:PresenceType"
- ]
- },
- {
- "@id": "https://spdx.org/rdf/AI/PresenceType/noAssertion",
- "@type": [
- "owl:NamedIndividual",
- "ai:PresenceType"
- ]
- },
- {
- "@id": "https://spdx.org/rdf/AI/PresenceType/yes",
- "@type": [
- "owl:NamedIndividual",
- "ai:PresenceType"
- ]
- },
- {
- "@id": "https://spdx.org/rdf/AI/SafetyRiskAssessmentType/high",
- "@type": [
- "owl:NamedIndividual",
- "ai:SafetyRiskAssessmentType"
- ]
- },
- {
- "@id": "https://spdx.org/rdf/AI/SafetyRiskAssessmentType/low",
- "@type": [
- "owl:NamedIndividual",
- "ai:SafetyRiskAssessmentType"
- ]
- },
- {
- "@id": "https://spdx.org/rdf/AI/SafetyRiskAssessmentType/medium",
- "@type": [
- "owl:NamedIndividual",
- "ai:SafetyRiskAssessmentType"
- ]
- },
- {
- "@id": "https://spdx.org/rdf/AI/SafetyRiskAssessmentType/serious",
- "@type": [
- "owl:NamedIndividual",
- "ai:SafetyRiskAssessmentType"
- ]
- },
- {
- "@id": "build:Build",
+ "@id": "https://spdx.org/rdf/3.0.1/terms/Build/Build",
"@type": [
"owl:Class",
"sh:NodeShape"
],
- "rdfs:comment": "A build is a representation of the process in which a piece of software or artifact is built. It encapsulates information related to a build process and\nprovides an element from which relationships can be created to describe the build's inputs, outputs, and related entities (e.g. builders, identities, etc.).\n\nDefinitions of \"BuildType\", \"ConfigSource\", \"Parameters\" and \"Environment\" follow\nthose defined in [SLSA provenance](https://slsa.dev/provenance/v0.2).\n\nExternalIdentifier of type \"urlScheme\" may be used to identify build logs. In this case, the comment of the ExternalIdentifier should be \"LogReference\".\n\nNote that buildStart and buildEnd are optional, and may be omitted to simplify creating reproducible builds.",
+ "rdfs:comment": {
+ "@value": "Class that describes a build instance of software/artifacts.",
+ "@language": "en"
+ },
"rdfs:subClassOf": {
- "@id": "core:Element"
+ "@id": "ns1:Element"
+ },
+ "sh:nodeKind": {
+ "@id": "sh:IRI"
},
- "ns0:term_status": "Stable",
"sh:property": [
{
- "sh:class": {
- "@id": "core:Hash"
+ "sh:datatype": {
+ "@id": "xsd:anyURI"
+ },
+ "sh:maxCount": 1,
+ "sh:minCount": 1,
+ "sh:nodeKind": {
+ "@id": "sh:Literal"
},
- "sh:name": "configSourceDigest",
"sh:path": {
- "@id": "build:configSourceDigest"
+ "@id": "https://spdx.org/rdf/3.0.1/terms/Build/buildType"
}
},
{
- "sh:datatype": {
- "@id": "xsd:anyURI"
+ "sh:class": {
+ "@id": "ns1:DictionaryEntry"
+ },
+ "sh:nodeKind": {
+ "@id": "sh:BlankNodeOrIRI"
},
- "sh:name": "configSourceUri",
"sh:path": {
- "@id": "build:configSourceUri"
+ "@id": "https://spdx.org/rdf/3.0.1/terms/Build/environment"
}
},
{
@@ -254,3892 +296,7451 @@
"@id": "xsd:string"
},
"sh:maxCount": 1,
- "sh:name": "buildId",
+ "sh:nodeKind": {
+ "@id": "sh:Literal"
+ },
"sh:path": {
- "@id": "build:buildId"
+ "@id": "https://spdx.org/rdf/3.0.1/terms/Build/buildId"
}
},
{
- "sh:class": {
- "@id": "core:DictionaryEntry"
+ "sh:datatype": {
+ "@id": "xsd:dateTimeStamp"
+ },
+ "sh:maxCount": 1,
+ "sh:nodeKind": {
+ "@id": "sh:Literal"
},
- "sh:name": "parameters",
"sh:path": {
- "@id": "build:parameters"
- }
+ "@id": "https://spdx.org/rdf/3.0.1/terms/Build/buildStartTime"
+ },
+ "sh:pattern": "^\\d\\d\\d\\d-\\d\\d-\\d\\dT\\d\\d:\\d\\d:\\d\\dZ$"
},
{
"sh:datatype": {
- "@id": "core:DateTime"
+ "@id": "xsd:anyURI"
+ },
+ "sh:nodeKind": {
+ "@id": "sh:Literal"
},
- "sh:maxCount": 1,
- "sh:name": "buildEndTime",
"sh:path": {
- "@id": "build:buildEndTime"
+ "@id": "https://spdx.org/rdf/3.0.1/terms/Build/configSourceUri"
}
},
{
"sh:datatype": {
- "@id": "core:DateTime"
+ "@id": "xsd:string"
+ },
+ "sh:nodeKind": {
+ "@id": "sh:Literal"
},
- "sh:maxCount": 1,
- "sh:name": "buildStartTime",
"sh:path": {
- "@id": "build:buildStartTime"
+ "@id": "https://spdx.org/rdf/3.0.1/terms/Build/configSourceEntrypoint"
}
},
{
"sh:class": {
- "@id": "core:DictionaryEntry"
+ "@id": "ns1:Hash"
+ },
+ "sh:nodeKind": {
+ "@id": "sh:BlankNodeOrIRI"
},
- "sh:name": "environment",
"sh:path": {
- "@id": "build:environment"
+ "@id": "https://spdx.org/rdf/3.0.1/terms/Build/configSourceDigest"
}
},
{
"sh:datatype": {
- "@id": "xsd:anyURI"
+ "@id": "xsd:dateTimeStamp"
},
"sh:maxCount": 1,
- "sh:minCount": 1,
- "sh:name": "buildType",
+ "sh:nodeKind": {
+ "@id": "sh:Literal"
+ },
"sh:path": {
- "@id": "build:buildType"
- }
+ "@id": "https://spdx.org/rdf/3.0.1/terms/Build/buildEndTime"
+ },
+ "sh:pattern": "^\\d\\d\\d\\d-\\d\\d-\\d\\dT\\d\\d:\\d\\d:\\d\\dZ$"
},
{
- "sh:datatype": {
- "@id": "xsd:string"
+ "sh:class": {
+ "@id": "ns1:DictionaryEntry"
+ },
+ "sh:nodeKind": {
+ "@id": "sh:BlankNodeOrIRI"
},
- "sh:name": "configSourceEntrypoint",
"sh:path": {
- "@id": "build:configSourceEntrypoint"
+ "@id": "https://spdx.org/rdf/3.0.1/terms/Build/parameter"
}
}
]
},
{
- "@id": "core:Annotation",
+ "@id": "ns1:Annotation",
"@type": [
"owl:Class",
"sh:NodeShape"
],
- "rdfs:comment": "An Annotation is an assertion made in relation to one or more elements.",
+ "rdfs:comment": {
+ "@value": "An assertion made in relation to one or more elements.",
+ "@language": "en"
+ },
"rdfs:subClassOf": {
- "@id": "core:Element"
+ "@id": "ns1:Element"
+ },
+ "sh:nodeKind": {
+ "@id": "sh:IRI"
},
- "ns0:term_status": "Stable",
"sh:property": [
{
"sh:datatype": {
"@id": "xsd:string"
},
"sh:maxCount": 1,
- "sh:name": "statement",
+ "sh:nodeKind": {
+ "@id": "sh:Literal"
+ },
"sh:path": {
- "@id": "core:statement"
+ "@id": "ns1:statement"
}
},
{
"sh:class": {
- "@id": "core:Element"
+ "@id": "ns1:Element"
},
"sh:maxCount": 1,
"sh:minCount": 1,
- "sh:name": "subject",
+ "sh:nodeKind": {
+ "@id": "sh:IRI"
+ },
"sh:path": {
- "@id": "core:subject"
+ "@id": "ns1:subject"
}
},
{
"sh:datatype": {
- "@id": "core:MediaType"
+ "@id": "xsd:string"
+ },
+ "sh:maxCount": 1,
+ "sh:nodeKind": {
+ "@id": "sh:Literal"
},
- "sh:name": "contentType",
"sh:path": {
- "@id": "core:contentType"
- }
+ "@id": "ns1:contentType"
+ },
+ "sh:pattern": "^[^\\/]+\\/[^\\/]+$"
},
{
"sh:class": {
- "@id": "core:AnnotationType"
+ "@id": "ns1:AnnotationType"
+ },
+ "sh:in": {
+ "@list": [
+ {
+ "@id": "https://spdx.org/rdf/3.0.1/terms/Core/AnnotationType/other"
+ },
+ {
+ "@id": "https://spdx.org/rdf/3.0.1/terms/Core/AnnotationType/review"
+ }
+ ]
},
"sh:maxCount": 1,
"sh:minCount": 1,
- "sh:name": "annotationType",
+ "sh:nodeKind": {
+ "@id": "sh:IRI"
+ },
"sh:path": {
- "@id": "core:annotationType"
+ "@id": "ns1:annotationType"
}
}
]
},
{
- "@id": "https://spdx.org/rdf/Core/AnnotationType/other",
+ "@id": "ns1:LifecycleScopedRelationship",
+ "@type": [
+ "owl:Class",
+ "sh:NodeShape"
+ ],
+ "rdfs:comment": {
+ "@value": "Provide context for a relationship that occurs in the lifecycle.",
+ "@language": "en"
+ },
+ "rdfs:subClassOf": {
+ "@id": "ns1:Relationship"
+ },
+ "sh:nodeKind": {
+ "@id": "sh:IRI"
+ },
+ "sh:property": {
+ "sh:class": {
+ "@id": "ns1:LifecycleScopeType"
+ },
+ "sh:in": {
+ "@list": [
+ {
+ "@id": "https://spdx.org/rdf/3.0.1/terms/Core/LifecycleScopeType/design"
+ },
+ {
+ "@id": "https://spdx.org/rdf/3.0.1/terms/Core/LifecycleScopeType/development"
+ },
+ {
+ "@id": "https://spdx.org/rdf/3.0.1/terms/Core/LifecycleScopeType/build"
+ },
+ {
+ "@id": "https://spdx.org/rdf/3.0.1/terms/Core/LifecycleScopeType/test"
+ },
+ {
+ "@id": "https://spdx.org/rdf/3.0.1/terms/Core/LifecycleScopeType/runtime"
+ },
+ {
+ "@id": "https://spdx.org/rdf/3.0.1/terms/Core/LifecycleScopeType/other"
+ }
+ ]
+ },
+ "sh:maxCount": 1,
+ "sh:nodeKind": {
+ "@id": "sh:IRI"
+ },
+ "sh:path": {
+ "@id": "ns1:scope"
+ }
+ }
+ },
+ {
+ "@id": "ns1:NoAssertionElement",
"@type": [
"owl:NamedIndividual",
- "core:AnnotationType"
- ]
+ "ns1:Element"
+ ],
+ "rdfs:comment": {
+ "@value": "An Individual Value for Element representing a set of Elements of unknown\nidentify or cardinality (number).",
+ "@language": "en"
+ }
},
{
- "@id": "https://spdx.org/rdf/Core/AnnotationType/review",
+ "@id": "ns1:NoneElement",
"@type": [
"owl:NamedIndividual",
- "core:AnnotationType"
- ]
+ "ns1:Element"
+ ],
+ "rdfs:comment": {
+ "@value": "An Individual Value for Element representing a set of Elements with\ncardinality (number/count) of zero.",
+ "@language": "en"
+ }
},
{
- "@id": "core:AnonymousPayload",
+ "@id": "ns1:PackageVerificationCode",
"@type": [
"owl:Class",
"sh:NodeShape"
],
- "rdfs:comment": "TODO",
+ "rdfs:comment": {
+ "@value": "An SPDX version 2.X compatible verification method for software packages.",
+ "@language": "en"
+ },
"rdfs:subClassOf": {
- "@id": "core:Payload"
+ "@id": "ns1:IntegrityMethod"
+ },
+ "sh:nodeKind": {
+ "@id": "sh:BlankNode"
},
- "ns0:term_status": "Stable",
"sh:property": [
{
- "sh:class": {
- "@id": "core:CreationInfo"
+ "sh:datatype": {
+ "@id": "xsd:string"
+ },
+ "sh:nodeKind": {
+ "@id": "sh:Literal"
},
- "sh:maxCount": 1,
- "sh:name": "creationInfo",
"sh:path": {
- "@id": "core:creationInfo"
+ "@id": "ns1:packageVerificationCodeExcludedFile"
}
},
{
- "sh:class": {
- "@id": "core:NamespaceMap"
+ "sh:datatype": {
+ "@id": "xsd:string"
+ },
+ "sh:maxCount": 1,
+ "sh:minCount": 1,
+ "sh:nodeKind": {
+ "@id": "sh:Literal"
},
- "sh:name": "namespaces",
"sh:path": {
- "@id": "core:namespaces"
+ "@id": "ns1:hashValue"
}
},
{
"sh:class": {
- "@id": "core:ExternalMap"
+ "@id": "ns1:HashAlgorithm"
+ },
+ "sh:in": {
+ "@list": [
+ {
+ "@id": "https://spdx.org/rdf/3.0.1/terms/Core/HashAlgorithm/adler32"
+ },
+ {
+ "@id": "https://spdx.org/rdf/3.0.1/terms/Core/HashAlgorithm/blake2b256"
+ },
+ {
+ "@id": "https://spdx.org/rdf/3.0.1/terms/Core/HashAlgorithm/blake2b384"
+ },
+ {
+ "@id": "https://spdx.org/rdf/3.0.1/terms/Core/HashAlgorithm/blake2b512"
+ },
+ {
+ "@id": "https://spdx.org/rdf/3.0.1/terms/Core/HashAlgorithm/blake3"
+ },
+ {
+ "@id": "https://spdx.org/rdf/3.0.1/terms/Core/HashAlgorithm/crystalsDilithium"
+ },
+ {
+ "@id": "https://spdx.org/rdf/3.0.1/terms/Core/HashAlgorithm/crystalsKyber"
+ },
+ {
+ "@id": "https://spdx.org/rdf/3.0.1/terms/Core/HashAlgorithm/falcon"
+ },
+ {
+ "@id": "https://spdx.org/rdf/3.0.1/terms/Core/HashAlgorithm/md2"
+ },
+ {
+ "@id": "https://spdx.org/rdf/3.0.1/terms/Core/HashAlgorithm/md4"
+ },
+ {
+ "@id": "https://spdx.org/rdf/3.0.1/terms/Core/HashAlgorithm/md5"
+ },
+ {
+ "@id": "https://spdx.org/rdf/3.0.1/terms/Core/HashAlgorithm/md6"
+ },
+ {
+ "@id": "https://spdx.org/rdf/3.0.1/terms/Core/HashAlgorithm/other"
+ },
+ {
+ "@id": "https://spdx.org/rdf/3.0.1/terms/Core/HashAlgorithm/sha1"
+ },
+ {
+ "@id": "https://spdx.org/rdf/3.0.1/terms/Core/HashAlgorithm/sha224"
+ },
+ {
+ "@id": "https://spdx.org/rdf/3.0.1/terms/Core/HashAlgorithm/sha256"
+ },
+ {
+ "@id": "https://spdx.org/rdf/3.0.1/terms/Core/HashAlgorithm/sha384"
+ },
+ {
+ "@id": "https://spdx.org/rdf/3.0.1/terms/Core/HashAlgorithm/sha512"
+ },
+ {
+ "@id": "https://spdx.org/rdf/3.0.1/terms/Core/HashAlgorithm/sha3_224"
+ },
+ {
+ "@id": "https://spdx.org/rdf/3.0.1/terms/Core/HashAlgorithm/sha3_256"
+ },
+ {
+ "@id": "https://spdx.org/rdf/3.0.1/terms/Core/HashAlgorithm/sha3_384"
+ },
+ {
+ "@id": "https://spdx.org/rdf/3.0.1/terms/Core/HashAlgorithm/sha3_512"
+ }
+ ]
+ },
+ "sh:maxCount": 1,
+ "sh:minCount": 1,
+ "sh:nodeKind": {
+ "@id": "sh:IRI"
},
- "sh:name": "imports",
"sh:path": {
- "@id": "core:imports"
+ "@id": "ns1:algorithm"
}
}
]
},
{
- "@id": "https://spdx.org/rdf/Core/ExternalIdentifierType/cpe22",
- "@type": [
- "owl:NamedIndividual",
- "core:ExternalIdentifierType"
- ]
- },
- {
- "@id": "https://spdx.org/rdf/Core/ExternalIdentifierType/cpe23",
- "@type": [
- "owl:NamedIndividual",
- "core:ExternalIdentifierType"
- ]
- },
- {
- "@id": "https://spdx.org/rdf/Core/ExternalIdentifierType/cve",
- "@type": [
- "owl:NamedIndividual",
- "core:ExternalIdentifierType"
- ]
- },
- {
- "@id": "https://spdx.org/rdf/Core/ExternalIdentifierType/email",
- "@type": [
- "owl:NamedIndividual",
- "core:ExternalIdentifierType"
- ]
- },
- {
- "@id": "https://spdx.org/rdf/Core/ExternalIdentifierType/gitoid",
- "@type": [
- "owl:NamedIndividual",
- "core:ExternalIdentifierType"
- ]
- },
- {
- "@id": "https://spdx.org/rdf/Core/ExternalIdentifierType/other",
- "@type": [
- "owl:NamedIndividual",
- "core:ExternalIdentifierType"
- ]
- },
- {
- "@id": "https://spdx.org/rdf/Core/ExternalIdentifierType/pkgUrl",
- "@type": [
- "owl:NamedIndividual",
- "core:ExternalIdentifierType"
- ]
- },
- {
- "@id": "https://spdx.org/rdf/Core/ExternalIdentifierType/securityOther",
- "@type": [
- "owl:NamedIndividual",
- "core:ExternalIdentifierType"
- ]
+ "@id": "ns1:Person",
+ "@type": "owl:Class",
+ "rdfs:comment": {
+ "@value": "An individual human being.",
+ "@language": "en"
+ },
+ "rdfs:subClassOf": {
+ "@id": "ns1:Agent"
+ },
+ "sh:nodeKind": {
+ "@id": "sh:IRI"
+ }
},
{
- "@id": "https://spdx.org/rdf/Core/ExternalIdentifierType/swhid",
- "@type": [
- "owl:NamedIndividual",
- "core:ExternalIdentifierType"
- ]
+ "@id": "ns1:SoftwareAgent",
+ "@type": "owl:Class",
+ "rdfs:comment": {
+ "@value": "A software agent.",
+ "@language": "en"
+ },
+ "rdfs:subClassOf": {
+ "@id": "ns1:Agent"
+ },
+ "sh:nodeKind": {
+ "@id": "sh:IRI"
+ }
},
{
- "@id": "https://spdx.org/rdf/Core/ExternalIdentifierType/swid",
+ "@id": "ns1:SpdxDocument",
"@type": [
- "owl:NamedIndividual",
- "core:ExternalIdentifierType"
+ "owl:Class",
+ "sh:NodeShape"
+ ],
+ "rdfs:comment": {
+ "@value": "A collection of SPDX Elements that could potentially be serialized.",
+ "@language": "en"
+ },
+ "rdfs:subClassOf": {
+ "@id": "ns1:ElementCollection"
+ },
+ "sh:nodeKind": {
+ "@id": "sh:IRI"
+ },
+ "sh:property": [
+ {
+ "sh:class": {
+ "@id": "ns1:ExternalMap"
+ },
+ "sh:nodeKind": {
+ "@id": "sh:BlankNodeOrIRI"
+ },
+ "sh:path": {
+ "@id": "ns1:import"
+ }
+ },
+ {
+ "sh:class": {
+ "@id": "https://spdx.org/rdf/3.0.1/terms/SimpleLicensing/AnyLicenseInfo"
+ },
+ "sh:maxCount": 1,
+ "sh:nodeKind": {
+ "@id": "sh:IRI"
+ },
+ "sh:path": {
+ "@id": "ns1:dataLicense"
+ }
+ },
+ {
+ "sh:class": {
+ "@id": "ns1:NamespaceMap"
+ },
+ "sh:nodeKind": {
+ "@id": "sh:BlankNodeOrIRI"
+ },
+ "sh:path": {
+ "@id": "ns1:namespaceMap"
+ }
+ }
]
},
{
- "@id": "https://spdx.org/rdf/Core/ExternalIdentifierType/urlScheme",
+ "@id": "ns1:SpdxOrganization",
"@type": [
"owl:NamedIndividual",
- "core:ExternalIdentifierType"
- ]
+ "ns1:Organization"
+ ],
+ "rdfs:comment": {
+ "@value": "An Organization representing the SPDX Project.",
+ "@language": "en"
+ },
+ "owl:sameAs": {
+ "@id": "https://spdx.org/"
+ }
},
{
- "@id": "https://spdx.org/rdf/Core/ExternalReferenceType/altDownloadLocation",
+ "@id": "ns3:DatasetPackage",
"@type": [
- "owl:NamedIndividual",
- "core:ExternalReferenceType"
- ]
- },
- {
- "@id": "https://spdx.org/rdf/Core/ExternalReferenceType/altWebPage",
- "@type": [
- "owl:NamedIndividual",
- "core:ExternalReferenceType"
- ]
- },
- {
- "@id": "https://spdx.org/rdf/Core/ExternalReferenceType/binaryArtifact",
- "@type": [
- "owl:NamedIndividual",
- "core:ExternalReferenceType"
+ "owl:Class",
+ "sh:NodeShape"
+ ],
+ "rdfs:comment": {
+ "@value": "Specifies a data package and its associated information.",
+ "@language": "en"
+ },
+ "rdfs:subClassOf": {
+ "@id": "ns2:Package"
+ },
+ "sh:nodeKind": {
+ "@id": "sh:IRI"
+ },
+ "sh:property": [
+ {
+ "sh:datatype": {
+ "@id": "xsd:string"
+ },
+ "sh:nodeKind": {
+ "@id": "sh:Literal"
+ },
+ "sh:path": {
+ "@id": "ns3:dataPreprocessing"
+ }
+ },
+ {
+ "sh:datatype": {
+ "@id": "xsd:string"
+ },
+ "sh:maxCount": 1,
+ "sh:nodeKind": {
+ "@id": "sh:Literal"
+ },
+ "sh:path": {
+ "@id": "ns3:datasetNoise"
+ }
+ },
+ {
+ "sh:datatype": {
+ "@id": "xsd:nonNegativeInteger"
+ },
+ "sh:maxCount": 1,
+ "sh:nodeKind": {
+ "@id": "sh:Literal"
+ },
+ "sh:path": {
+ "@id": "ns3:datasetSize"
+ }
+ },
+ {
+ "sh:class": {
+ "@id": "ns3:DatasetAvailabilityType"
+ },
+ "sh:in": {
+ "@list": [
+ {
+ "@id": "https://spdx.org/rdf/3.0.1/terms/Dataset/DatasetAvailabilityType/clickthrough"
+ },
+ {
+ "@id": "https://spdx.org/rdf/3.0.1/terms/Dataset/DatasetAvailabilityType/directDownload"
+ },
+ {
+ "@id": "https://spdx.org/rdf/3.0.1/terms/Dataset/DatasetAvailabilityType/query"
+ },
+ {
+ "@id": "https://spdx.org/rdf/3.0.1/terms/Dataset/DatasetAvailabilityType/registration"
+ },
+ {
+ "@id": "https://spdx.org/rdf/3.0.1/terms/Dataset/DatasetAvailabilityType/scrapingScript"
+ }
+ ]
+ },
+ "sh:maxCount": 1,
+ "sh:nodeKind": {
+ "@id": "sh:IRI"
+ },
+ "sh:path": {
+ "@id": "ns3:datasetAvailability"
+ }
+ },
+ {
+ "sh:class": {
+ "@id": "ns1:DictionaryEntry"
+ },
+ "sh:nodeKind": {
+ "@id": "sh:BlankNodeOrIRI"
+ },
+ "sh:path": {
+ "@id": "ns3:sensor"
+ }
+ },
+ {
+ "sh:datatype": {
+ "@id": "xsd:string"
+ },
+ "sh:nodeKind": {
+ "@id": "sh:Literal"
+ },
+ "sh:path": {
+ "@id": "ns3:knownBias"
+ }
+ },
+ {
+ "sh:class": {
+ "@id": "ns3:ConfidentialityLevelType"
+ },
+ "sh:in": {
+ "@list": [
+ {
+ "@id": "https://spdx.org/rdf/3.0.1/terms/Dataset/ConfidentialityLevelType/red"
+ },
+ {
+ "@id": "https://spdx.org/rdf/3.0.1/terms/Dataset/ConfidentialityLevelType/amber"
+ },
+ {
+ "@id": "https://spdx.org/rdf/3.0.1/terms/Dataset/ConfidentialityLevelType/green"
+ },
+ {
+ "@id": "https://spdx.org/rdf/3.0.1/terms/Dataset/ConfidentialityLevelType/clear"
+ }
+ ]
+ },
+ "sh:maxCount": 1,
+ "sh:nodeKind": {
+ "@id": "sh:IRI"
+ },
+ "sh:path": {
+ "@id": "ns3:confidentialityLevel"
+ }
+ },
+ {
+ "sh:datatype": {
+ "@id": "xsd:string"
+ },
+ "sh:maxCount": 1,
+ "sh:nodeKind": {
+ "@id": "sh:Literal"
+ },
+ "sh:path": {
+ "@id": "ns3:datasetUpdateMechanism"
+ }
+ },
+ {
+ "sh:datatype": {
+ "@id": "xsd:string"
+ },
+ "sh:maxCount": 1,
+ "sh:nodeKind": {
+ "@id": "sh:Literal"
+ },
+ "sh:path": {
+ "@id": "ns3:intendedUse"
+ }
+ },
+ {
+ "sh:class": {
+ "@id": "ns1:PresenceType"
+ },
+ "sh:in": {
+ "@list": [
+ {
+ "@id": "https://spdx.org/rdf/3.0.1/terms/Core/PresenceType/yes"
+ },
+ {
+ "@id": "https://spdx.org/rdf/3.0.1/terms/Core/PresenceType/no"
+ },
+ {
+ "@id": "https://spdx.org/rdf/3.0.1/terms/Core/PresenceType/noAssertion"
+ }
+ ]
+ },
+ "sh:maxCount": 1,
+ "sh:nodeKind": {
+ "@id": "sh:IRI"
+ },
+ "sh:path": {
+ "@id": "ns3:hasSensitivePersonalInformation"
+ }
+ },
+ {
+ "sh:class": {
+ "@id": "ns3:DatasetType"
+ },
+ "sh:in": {
+ "@list": [
+ {
+ "@id": "https://spdx.org/rdf/3.0.1/terms/Dataset/DatasetType/audio"
+ },
+ {
+ "@id": "https://spdx.org/rdf/3.0.1/terms/Dataset/DatasetType/categorical"
+ },
+ {
+ "@id": "https://spdx.org/rdf/3.0.1/terms/Dataset/DatasetType/graph"
+ },
+ {
+ "@id": "https://spdx.org/rdf/3.0.1/terms/Dataset/DatasetType/image"
+ },
+ {
+ "@id": "https://spdx.org/rdf/3.0.1/terms/Dataset/DatasetType/noAssertion"
+ },
+ {
+ "@id": "https://spdx.org/rdf/3.0.1/terms/Dataset/DatasetType/numeric"
+ },
+ {
+ "@id": "https://spdx.org/rdf/3.0.1/terms/Dataset/DatasetType/other"
+ },
+ {
+ "@id": "https://spdx.org/rdf/3.0.1/terms/Dataset/DatasetType/sensor"
+ },
+ {
+ "@id": "https://spdx.org/rdf/3.0.1/terms/Dataset/DatasetType/structured"
+ },
+ {
+ "@id": "https://spdx.org/rdf/3.0.1/terms/Dataset/DatasetType/syntactic"
+ },
+ {
+ "@id": "https://spdx.org/rdf/3.0.1/terms/Dataset/DatasetType/text"
+ },
+ {
+ "@id": "https://spdx.org/rdf/3.0.1/terms/Dataset/DatasetType/timeseries"
+ },
+ {
+ "@id": "https://spdx.org/rdf/3.0.1/terms/Dataset/DatasetType/timestamp"
+ },
+ {
+ "@id": "https://spdx.org/rdf/3.0.1/terms/Dataset/DatasetType/video"
+ }
+ ]
+ },
+ "sh:minCount": 1,
+ "sh:nodeKind": {
+ "@id": "sh:IRI"
+ },
+ "sh:path": {
+ "@id": "ns3:datasetType"
+ }
+ },
+ {
+ "sh:datatype": {
+ "@id": "xsd:string"
+ },
+ "sh:maxCount": 1,
+ "sh:nodeKind": {
+ "@id": "sh:Literal"
+ },
+ "sh:path": {
+ "@id": "ns3:dataCollectionProcess"
+ }
+ },
+ {
+ "sh:datatype": {
+ "@id": "xsd:string"
+ },
+ "sh:nodeKind": {
+ "@id": "sh:Literal"
+ },
+ "sh:path": {
+ "@id": "ns3:anonymizationMethodUsed"
+ }
+ }
]
},
{
- "@id": "https://spdx.org/rdf/Core/ExternalReferenceType/buildMeta",
+ "@id": "ns6:ConjunctiveLicenseSet",
"@type": [
- "owl:NamedIndividual",
- "core:ExternalReferenceType"
- ]
+ "owl:Class",
+ "sh:NodeShape"
+ ],
+ "rdfs:comment": {
+ "@value": "Portion of an AnyLicenseInfo representing a set of licensing information\nwhere all elements apply.",
+ "@language": "en"
+ },
+ "rdfs:subClassOf": {
+ "@id": "https://spdx.org/rdf/3.0.1/terms/SimpleLicensing/AnyLicenseInfo"
+ },
+ "sh:nodeKind": {
+ "@id": "sh:IRI"
+ },
+ "sh:property": {
+ "sh:class": {
+ "@id": "https://spdx.org/rdf/3.0.1/terms/SimpleLicensing/AnyLicenseInfo"
+ },
+ "sh:minCount": 2,
+ "sh:nodeKind": {
+ "@id": "sh:IRI"
+ },
+ "sh:path": {
+ "@id": "ns6:member"
+ }
+ }
},
{
- "@id": "https://spdx.org/rdf/Core/ExternalReferenceType/buildSystem",
- "@type": [
- "owl:NamedIndividual",
- "core:ExternalReferenceType"
- ]
+ "@id": "ns6:CustomLicense",
+ "@type": "owl:Class",
+ "rdfs:comment": {
+ "@value": "A license that is not listed on the SPDX License List.",
+ "@language": "en"
+ },
+ "rdfs:subClassOf": {
+ "@id": "ns6:License"
+ },
+ "sh:nodeKind": {
+ "@id": "sh:IRI"
+ }
},
{
- "@id": "https://spdx.org/rdf/Core/ExternalReferenceType/chat",
- "@type": [
- "owl:NamedIndividual",
- "core:ExternalReferenceType"
- ]
+ "@id": "ns6:CustomLicenseAddition",
+ "@type": "owl:Class",
+ "rdfs:comment": {
+ "@value": "A license addition that is not listed on the SPDX Exceptions List.",
+ "@language": "en"
+ },
+ "rdfs:subClassOf": {
+ "@id": "ns6:LicenseAddition"
+ },
+ "sh:nodeKind": {
+ "@id": "sh:IRI"
+ }
},
{
- "@id": "https://spdx.org/rdf/Core/ExternalReferenceType/documentation",
+ "@id": "ns6:DisjunctiveLicenseSet",
"@type": [
- "owl:NamedIndividual",
- "core:ExternalReferenceType"
- ]
+ "owl:Class",
+ "sh:NodeShape"
+ ],
+ "rdfs:comment": {
+ "@value": "Portion of an AnyLicenseInfo representing a set of licensing information where\nonly one of the elements applies.",
+ "@language": "en"
+ },
+ "rdfs:subClassOf": {
+ "@id": "https://spdx.org/rdf/3.0.1/terms/SimpleLicensing/AnyLicenseInfo"
+ },
+ "sh:nodeKind": {
+ "@id": "sh:IRI"
+ },
+ "sh:property": {
+ "sh:class": {
+ "@id": "https://spdx.org/rdf/3.0.1/terms/SimpleLicensing/AnyLicenseInfo"
+ },
+ "sh:minCount": 2,
+ "sh:nodeKind": {
+ "@id": "sh:IRI"
+ },
+ "sh:path": {
+ "@id": "ns6:member"
+ }
+ }
},
{
- "@id": "https://spdx.org/rdf/Core/ExternalReferenceType/funding",
+ "@id": "ns6:ListedLicense",
"@type": [
- "owl:NamedIndividual",
- "core:ExternalReferenceType"
+ "owl:Class",
+ "sh:NodeShape"
+ ],
+ "rdfs:comment": {
+ "@value": "A license that is listed on the SPDX License List.",
+ "@language": "en"
+ },
+ "rdfs:subClassOf": {
+ "@id": "ns6:License"
+ },
+ "sh:nodeKind": {
+ "@id": "sh:IRI"
+ },
+ "sh:property": [
+ {
+ "sh:datatype": {
+ "@id": "xsd:string"
+ },
+ "sh:maxCount": 1,
+ "sh:nodeKind": {
+ "@id": "sh:Literal"
+ },
+ "sh:path": {
+ "@id": "ns6:deprecatedVersion"
+ }
+ },
+ {
+ "sh:datatype": {
+ "@id": "xsd:string"
+ },
+ "sh:maxCount": 1,
+ "sh:nodeKind": {
+ "@id": "sh:Literal"
+ },
+ "sh:path": {
+ "@id": "ns6:listVersionAdded"
+ }
+ }
]
},
{
- "@id": "https://spdx.org/rdf/Core/ExternalReferenceType/issueTracker",
+ "@id": "ns6:ListedLicenseException",
"@type": [
- "owl:NamedIndividual",
- "core:ExternalReferenceType"
+ "owl:Class",
+ "sh:NodeShape"
+ ],
+ "rdfs:comment": {
+ "@value": "A license exception that is listed on the SPDX Exceptions list.",
+ "@language": "en"
+ },
+ "rdfs:subClassOf": {
+ "@id": "ns6:LicenseAddition"
+ },
+ "sh:nodeKind": {
+ "@id": "sh:IRI"
+ },
+ "sh:property": [
+ {
+ "sh:datatype": {
+ "@id": "xsd:string"
+ },
+ "sh:maxCount": 1,
+ "sh:nodeKind": {
+ "@id": "sh:Literal"
+ },
+ "sh:path": {
+ "@id": "ns6:deprecatedVersion"
+ }
+ },
+ {
+ "sh:datatype": {
+ "@id": "xsd:string"
+ },
+ "sh:maxCount": 1,
+ "sh:nodeKind": {
+ "@id": "sh:Literal"
+ },
+ "sh:path": {
+ "@id": "ns6:listVersionAdded"
+ }
+ }
]
},
{
- "@id": "https://spdx.org/rdf/Core/ExternalReferenceType/license",
+ "@id": "ns6:NoAssertionLicense",
"@type": [
"owl:NamedIndividual",
- "core:ExternalReferenceType"
- ]
+ "ns6:IndividualLicensingInfo"
+ ],
+ "rdfs:comment": {
+ "@value": "An Individual Value for License when no assertion can be made about its actual\nvalue.",
+ "@language": "en"
+ },
+ "owl:sameAs": {
+ "@id": "https://spdx.org/rdf/3.0.1/terms/Licensing/NoAssertion"
+ }
},
{
- "@id": "https://spdx.org/rdf/Core/ExternalReferenceType/mailingList",
+ "@id": "ns6:NoneLicense",
"@type": [
"owl:NamedIndividual",
- "core:ExternalReferenceType"
- ]
+ "ns6:IndividualLicensingInfo"
+ ],
+ "rdfs:comment": {
+ "@value": "An Individual Value for License where the SPDX data creator determines that no\nlicense is present.",
+ "@language": "en"
+ },
+ "owl:sameAs": {
+ "@id": "https://spdx.org/rdf/3.0.1/terms/Licensing/None"
+ }
},
{
- "@id": "https://spdx.org/rdf/Core/ExternalReferenceType/metrics",
+ "@id": "ns6:OrLaterOperator",
"@type": [
- "owl:NamedIndividual",
- "core:ExternalReferenceType"
- ]
+ "owl:Class",
+ "sh:NodeShape"
+ ],
+ "rdfs:comment": {
+ "@value": "Portion of an AnyLicenseInfo representing this version, or any later version,\nof the indicated License.",
+ "@language": "en"
+ },
+ "rdfs:subClassOf": {
+ "@id": "ns6:ExtendableLicense"
+ },
+ "sh:nodeKind": {
+ "@id": "sh:IRI"
+ },
+ "sh:property": {
+ "sh:class": {
+ "@id": "ns6:License"
+ },
+ "sh:maxCount": 1,
+ "sh:minCount": 1,
+ "sh:nodeKind": {
+ "@id": "sh:IRI"
+ },
+ "sh:path": {
+ "@id": "ns6:subjectLicense"
+ }
+ }
},
{
- "@id": "https://spdx.org/rdf/Core/ExternalReferenceType/other",
+ "@id": "ns6:WithAdditionOperator",
"@type": [
- "owl:NamedIndividual",
- "core:ExternalReferenceType"
- ]
- },
- {
- "@id": "https://spdx.org/rdf/Core/ExternalReferenceType/releaseHistory",
- "@type": [
- "owl:NamedIndividual",
- "core:ExternalReferenceType"
- ]
- },
- {
- "@id": "https://spdx.org/rdf/Core/ExternalReferenceType/releaseNotes",
- "@type": [
- "owl:NamedIndividual",
- "core:ExternalReferenceType"
- ]
- },
- {
- "@id": "https://spdx.org/rdf/Core/ExternalReferenceType/securityAdvisory",
- "@type": [
- "owl:NamedIndividual",
- "core:ExternalReferenceType"
- ]
- },
- {
- "@id": "https://spdx.org/rdf/Core/ExternalReferenceType/securityFix",
- "@type": [
- "owl:NamedIndividual",
- "core:ExternalReferenceType"
- ]
- },
- {
- "@id": "https://spdx.org/rdf/Core/ExternalReferenceType/securityOther",
- "@type": [
- "owl:NamedIndividual",
- "core:ExternalReferenceType"
+ "owl:Class",
+ "sh:NodeShape"
+ ],
+ "rdfs:comment": {
+ "@value": "Portion of an AnyLicenseInfo representing a License which has additional\ntext applied to it.",
+ "@language": "en"
+ },
+ "rdfs:subClassOf": {
+ "@id": "https://spdx.org/rdf/3.0.1/terms/SimpleLicensing/AnyLicenseInfo"
+ },
+ "sh:nodeKind": {
+ "@id": "sh:IRI"
+ },
+ "sh:property": [
+ {
+ "sh:class": {
+ "@id": "ns6:ExtendableLicense"
+ },
+ "sh:maxCount": 1,
+ "sh:minCount": 1,
+ "sh:nodeKind": {
+ "@id": "sh:IRI"
+ },
+ "sh:path": {
+ "@id": "ns6:subjectExtendableLicense"
+ }
+ },
+ {
+ "sh:class": {
+ "@id": "ns6:LicenseAddition"
+ },
+ "sh:maxCount": 1,
+ "sh:minCount": 1,
+ "sh:nodeKind": {
+ "@id": "sh:IRI"
+ },
+ "sh:path": {
+ "@id": "ns6:subjectAddition"
+ }
+ }
]
},
{
- "@id": "https://spdx.org/rdf/Core/ExternalReferenceType/socialMedia",
+ "@id": "https://spdx.org/rdf/3.0.1/terms/Extension/CdxPropertiesExtension",
"@type": [
- "owl:NamedIndividual",
- "core:ExternalReferenceType"
- ]
+ "owl:Class",
+ "sh:NodeShape"
+ ],
+ "rdfs:comment": {
+ "@value": "A type of extension consisting of a list of name value pairs.",
+ "@language": "en"
+ },
+ "rdfs:subClassOf": {
+ "@id": "https://spdx.org/rdf/3.0.1/terms/Extension/Extension"
+ },
+ "sh:nodeKind": {
+ "@id": "sh:BlankNode"
+ },
+ "sh:property": {
+ "sh:class": {
+ "@id": "https://spdx.org/rdf/3.0.1/terms/Extension/CdxPropertyEntry"
+ },
+ "sh:minCount": 1,
+ "sh:nodeKind": {
+ "@id": "sh:BlankNodeOrIRI"
+ },
+ "sh:path": {
+ "@id": "https://spdx.org/rdf/3.0.1/terms/Extension/cdxProperty"
+ }
+ }
},
{
- "@id": "https://spdx.org/rdf/Core/ExternalReferenceType/sourceArtifact",
+ "@id": "ns5:CvssV2VulnAssessmentRelationship",
"@type": [
- "owl:NamedIndividual",
- "core:ExternalReferenceType"
+ "owl:Class",
+ "sh:NodeShape"
+ ],
+ "rdfs:comment": {
+ "@value": "Provides a CVSS version 2.0 assessment for a vulnerability.",
+ "@language": "en"
+ },
+ "rdfs:subClassOf": {
+ "@id": "ns5:VulnAssessmentRelationship"
+ },
+ "sh:nodeKind": {
+ "@id": "sh:IRI"
+ },
+ "sh:property": [
+ {
+ "sh:datatype": {
+ "@id": "xsd:decimal"
+ },
+ "sh:maxCount": 1,
+ "sh:minCount": 1,
+ "sh:nodeKind": {
+ "@id": "sh:Literal"
+ },
+ "sh:path": {
+ "@id": "ns5:score"
+ }
+ },
+ {
+ "sh:datatype": {
+ "@id": "xsd:string"
+ },
+ "sh:maxCount": 1,
+ "sh:minCount": 1,
+ "sh:nodeKind": {
+ "@id": "sh:Literal"
+ },
+ "sh:path": {
+ "@id": "ns5:vectorString"
+ }
+ }
]
},
{
- "@id": "https://spdx.org/rdf/Core/ExternalReferenceType/support",
+ "@id": "ns5:CvssV3VulnAssessmentRelationship",
"@type": [
- "owl:NamedIndividual",
- "core:ExternalReferenceType"
+ "owl:Class",
+ "sh:NodeShape"
+ ],
+ "rdfs:comment": {
+ "@value": "Provides a CVSS version 3 assessment for a vulnerability.",
+ "@language": "en"
+ },
+ "rdfs:subClassOf": {
+ "@id": "ns5:VulnAssessmentRelationship"
+ },
+ "sh:nodeKind": {
+ "@id": "sh:IRI"
+ },
+ "sh:property": [
+ {
+ "sh:class": {
+ "@id": "ns5:CvssSeverityType"
+ },
+ "sh:in": {
+ "@list": [
+ {
+ "@id": "https://spdx.org/rdf/3.0.1/terms/Security/CvssSeverityType/critical"
+ },
+ {
+ "@id": "https://spdx.org/rdf/3.0.1/terms/Security/CvssSeverityType/high"
+ },
+ {
+ "@id": "https://spdx.org/rdf/3.0.1/terms/Security/CvssSeverityType/medium"
+ },
+ {
+ "@id": "https://spdx.org/rdf/3.0.1/terms/Security/CvssSeverityType/low"
+ },
+ {
+ "@id": "https://spdx.org/rdf/3.0.1/terms/Security/CvssSeverityType/none"
+ }
+ ]
+ },
+ "sh:maxCount": 1,
+ "sh:minCount": 1,
+ "sh:nodeKind": {
+ "@id": "sh:IRI"
+ },
+ "sh:path": {
+ "@id": "ns5:severity"
+ }
+ },
+ {
+ "sh:datatype": {
+ "@id": "xsd:decimal"
+ },
+ "sh:maxCount": 1,
+ "sh:minCount": 1,
+ "sh:nodeKind": {
+ "@id": "sh:Literal"
+ },
+ "sh:path": {
+ "@id": "ns5:score"
+ }
+ },
+ {
+ "sh:datatype": {
+ "@id": "xsd:string"
+ },
+ "sh:maxCount": 1,
+ "sh:minCount": 1,
+ "sh:nodeKind": {
+ "@id": "sh:Literal"
+ },
+ "sh:path": {
+ "@id": "ns5:vectorString"
+ }
+ }
]
},
{
- "@id": "https://spdx.org/rdf/Core/ExternalReferenceType/vcs",
+ "@id": "ns5:CvssV4VulnAssessmentRelationship",
"@type": [
- "owl:NamedIndividual",
- "core:ExternalReferenceType"
+ "owl:Class",
+ "sh:NodeShape"
+ ],
+ "rdfs:comment": {
+ "@value": "Provides a CVSS version 4 assessment for a vulnerability.",
+ "@language": "en"
+ },
+ "rdfs:subClassOf": {
+ "@id": "ns5:VulnAssessmentRelationship"
+ },
+ "sh:nodeKind": {
+ "@id": "sh:IRI"
+ },
+ "sh:property": [
+ {
+ "sh:datatype": {
+ "@id": "xsd:decimal"
+ },
+ "sh:maxCount": 1,
+ "sh:minCount": 1,
+ "sh:nodeKind": {
+ "@id": "sh:Literal"
+ },
+ "sh:path": {
+ "@id": "ns5:score"
+ }
+ },
+ {
+ "sh:datatype": {
+ "@id": "xsd:string"
+ },
+ "sh:maxCount": 1,
+ "sh:minCount": 1,
+ "sh:nodeKind": {
+ "@id": "sh:Literal"
+ },
+ "sh:path": {
+ "@id": "ns5:vectorString"
+ }
+ },
+ {
+ "sh:class": {
+ "@id": "ns5:CvssSeverityType"
+ },
+ "sh:in": {
+ "@list": [
+ {
+ "@id": "https://spdx.org/rdf/3.0.1/terms/Security/CvssSeverityType/critical"
+ },
+ {
+ "@id": "https://spdx.org/rdf/3.0.1/terms/Security/CvssSeverityType/high"
+ },
+ {
+ "@id": "https://spdx.org/rdf/3.0.1/terms/Security/CvssSeverityType/medium"
+ },
+ {
+ "@id": "https://spdx.org/rdf/3.0.1/terms/Security/CvssSeverityType/low"
+ },
+ {
+ "@id": "https://spdx.org/rdf/3.0.1/terms/Security/CvssSeverityType/none"
+ }
+ ]
+ },
+ "sh:maxCount": 1,
+ "sh:minCount": 1,
+ "sh:nodeKind": {
+ "@id": "sh:IRI"
+ },
+ "sh:path": {
+ "@id": "ns5:severity"
+ }
+ }
]
},
{
- "@id": "https://spdx.org/rdf/Core/HashAlgorithm/blake2b256",
+ "@id": "ns5:EpssVulnAssessmentRelationship",
"@type": [
- "owl:NamedIndividual",
- "core:HashAlgorithm"
+ "owl:Class",
+ "sh:NodeShape"
+ ],
+ "rdfs:comment": {
+ "@value": "Provides an EPSS assessment for a vulnerability.",
+ "@language": "en"
+ },
+ "rdfs:subClassOf": {
+ "@id": "ns5:VulnAssessmentRelationship"
+ },
+ "sh:nodeKind": {
+ "@id": "sh:IRI"
+ },
+ "sh:property": [
+ {
+ "sh:datatype": {
+ "@id": "xsd:decimal"
+ },
+ "sh:maxCount": 1,
+ "sh:minCount": 1,
+ "sh:nodeKind": {
+ "@id": "sh:Literal"
+ },
+ "sh:path": {
+ "@id": "ns5:percentile"
+ }
+ },
+ {
+ "sh:datatype": {
+ "@id": "xsd:decimal"
+ },
+ "sh:maxCount": 1,
+ "sh:minCount": 1,
+ "sh:nodeKind": {
+ "@id": "sh:Literal"
+ },
+ "sh:path": {
+ "@id": "ns5:probability"
+ }
+ }
]
},
{
- "@id": "https://spdx.org/rdf/Core/HashAlgorithm/blake2b384",
+ "@id": "ns5:ExploitCatalogVulnAssessmentRelationship",
"@type": [
- "owl:NamedIndividual",
- "core:HashAlgorithm"
+ "owl:Class",
+ "sh:NodeShape"
+ ],
+ "rdfs:comment": {
+ "@value": "Provides an exploit assessment of a vulnerability.",
+ "@language": "en"
+ },
+ "rdfs:subClassOf": {
+ "@id": "ns5:VulnAssessmentRelationship"
+ },
+ "sh:nodeKind": {
+ "@id": "sh:IRI"
+ },
+ "sh:property": [
+ {
+ "sh:datatype": {
+ "@id": "xsd:anyURI"
+ },
+ "sh:maxCount": 1,
+ "sh:minCount": 1,
+ "sh:nodeKind": {
+ "@id": "sh:Literal"
+ },
+ "sh:path": {
+ "@id": "ns5:locator"
+ }
+ },
+ {
+ "sh:datatype": {
+ "@id": "xsd:boolean"
+ },
+ "sh:maxCount": 1,
+ "sh:minCount": 1,
+ "sh:nodeKind": {
+ "@id": "sh:Literal"
+ },
+ "sh:path": {
+ "@id": "ns5:exploited"
+ }
+ },
+ {
+ "sh:class": {
+ "@id": "ns5:ExploitCatalogType"
+ },
+ "sh:in": {
+ "@list": [
+ {
+ "@id": "https://spdx.org/rdf/3.0.1/terms/Security/ExploitCatalogType/kev"
+ },
+ {
+ "@id": "https://spdx.org/rdf/3.0.1/terms/Security/ExploitCatalogType/other"
+ }
+ ]
+ },
+ "sh:maxCount": 1,
+ "sh:minCount": 1,
+ "sh:nodeKind": {
+ "@id": "sh:IRI"
+ },
+ "sh:path": {
+ "@id": "ns5:catalogType"
+ }
+ }
]
},
{
- "@id": "https://spdx.org/rdf/Core/HashAlgorithm/blake2b512",
+ "@id": "ns5:SsvcVulnAssessmentRelationship",
"@type": [
- "owl:NamedIndividual",
- "core:HashAlgorithm"
- ]
+ "owl:Class",
+ "sh:NodeShape"
+ ],
+ "rdfs:comment": {
+ "@value": "Provides an SSVC assessment for a vulnerability.",
+ "@language": "en"
+ },
+ "rdfs:subClassOf": {
+ "@id": "ns5:VulnAssessmentRelationship"
+ },
+ "sh:nodeKind": {
+ "@id": "sh:IRI"
+ },
+ "sh:property": {
+ "sh:class": {
+ "@id": "ns5:SsvcDecisionType"
+ },
+ "sh:in": {
+ "@list": [
+ {
+ "@id": "https://spdx.org/rdf/3.0.1/terms/Security/SsvcDecisionType/act"
+ },
+ {
+ "@id": "https://spdx.org/rdf/3.0.1/terms/Security/SsvcDecisionType/attend"
+ },
+ {
+ "@id": "https://spdx.org/rdf/3.0.1/terms/Security/SsvcDecisionType/track"
+ },
+ {
+ "@id": "https://spdx.org/rdf/3.0.1/terms/Security/SsvcDecisionType/trackStar"
+ }
+ ]
+ },
+ "sh:maxCount": 1,
+ "sh:minCount": 1,
+ "sh:nodeKind": {
+ "@id": "sh:IRI"
+ },
+ "sh:path": {
+ "@id": "ns5:decisionType"
+ }
+ }
},
{
- "@id": "https://spdx.org/rdf/Core/HashAlgorithm/blake3",
+ "@id": "ns5:VexAffectedVulnAssessmentRelationship",
"@type": [
- "owl:NamedIndividual",
- "core:HashAlgorithm"
- ]
- },
- {
- "@id": "https://spdx.org/rdf/Core/HashAlgorithm/crystalsDilithium",
- "@type": [
- "owl:NamedIndividual",
- "core:HashAlgorithm"
+ "owl:Class",
+ "sh:NodeShape"
+ ],
+ "rdfs:comment": {
+ "@value": "Connects a vulnerability and an element designating the element as a product\naffected by the vulnerability.",
+ "@language": "en"
+ },
+ "rdfs:subClassOf": {
+ "@id": "ns5:VexVulnAssessmentRelationship"
+ },
+ "sh:nodeKind": {
+ "@id": "sh:IRI"
+ },
+ "sh:property": [
+ {
+ "sh:datatype": {
+ "@id": "xsd:string"
+ },
+ "sh:maxCount": 1,
+ "sh:nodeKind": {
+ "@id": "sh:Literal"
+ },
+ "sh:path": {
+ "@id": "ns5:actionStatement"
+ }
+ },
+ {
+ "sh:datatype": {
+ "@id": "xsd:dateTimeStamp"
+ },
+ "sh:nodeKind": {
+ "@id": "sh:Literal"
+ },
+ "sh:path": {
+ "@id": "ns5:actionStatementTime"
+ },
+ "sh:pattern": "^\\d\\d\\d\\d-\\d\\d-\\d\\dT\\d\\d:\\d\\d:\\d\\dZ$"
+ }
]
},
{
- "@id": "https://spdx.org/rdf/Core/HashAlgorithm/crystalsKyber",
- "@type": [
- "owl:NamedIndividual",
- "core:HashAlgorithm"
- ]
+ "@id": "ns5:VexFixedVulnAssessmentRelationship",
+ "@type": "owl:Class",
+ "rdfs:comment": {
+ "@value": "Links a vulnerability and elements representing products (in the VEX sense) where\na fix has been applied and are no longer affected.",
+ "@language": "en"
+ },
+ "rdfs:subClassOf": {
+ "@id": "ns5:VexVulnAssessmentRelationship"
+ },
+ "sh:nodeKind": {
+ "@id": "sh:IRI"
+ }
},
{
- "@id": "https://spdx.org/rdf/Core/HashAlgorithm/falcon",
+ "@id": "ns5:VexNotAffectedVulnAssessmentRelationship",
"@type": [
- "owl:NamedIndividual",
- "core:HashAlgorithm"
+ "owl:Class",
+ "sh:NodeShape"
+ ],
+ "rdfs:comment": {
+ "@value": "Links a vulnerability and one or more elements designating the latter as products\nnot affected by the vulnerability.",
+ "@language": "en"
+ },
+ "rdfs:subClassOf": {
+ "@id": "ns5:VexVulnAssessmentRelationship"
+ },
+ "sh:nodeKind": {
+ "@id": "sh:IRI"
+ },
+ "sh:property": [
+ {
+ "sh:datatype": {
+ "@id": "xsd:dateTimeStamp"
+ },
+ "sh:maxCount": 1,
+ "sh:nodeKind": {
+ "@id": "sh:Literal"
+ },
+ "sh:path": {
+ "@id": "ns5:impactStatementTime"
+ },
+ "sh:pattern": "^\\d\\d\\d\\d-\\d\\d-\\d\\dT\\d\\d:\\d\\d:\\d\\dZ$"
+ },
+ {
+ "sh:datatype": {
+ "@id": "xsd:string"
+ },
+ "sh:maxCount": 1,
+ "sh:nodeKind": {
+ "@id": "sh:Literal"
+ },
+ "sh:path": {
+ "@id": "ns5:impactStatement"
+ }
+ },
+ {
+ "sh:class": {
+ "@id": "ns5:VexJustificationType"
+ },
+ "sh:in": {
+ "@list": [
+ {
+ "@id": "https://spdx.org/rdf/3.0.1/terms/Security/VexJustificationType/componentNotPresent"
+ },
+ {
+ "@id": "https://spdx.org/rdf/3.0.1/terms/Security/VexJustificationType/vulnerableCodeNotPresent"
+ },
+ {
+ "@id": "https://spdx.org/rdf/3.0.1/terms/Security/VexJustificationType/vulnerableCodeCannotBeControlledByAdversary"
+ },
+ {
+ "@id": "https://spdx.org/rdf/3.0.1/terms/Security/VexJustificationType/vulnerableCodeNotInExecutePath"
+ },
+ {
+ "@id": "https://spdx.org/rdf/3.0.1/terms/Security/VexJustificationType/inlineMitigationsAlreadyExist"
+ }
+ ]
+ },
+ "sh:maxCount": 1,
+ "sh:nodeKind": {
+ "@id": "sh:IRI"
+ },
+ "sh:path": {
+ "@id": "ns5:justificationType"
+ }
+ }
]
},
{
- "@id": "https://spdx.org/rdf/Core/HashAlgorithm/md2",
- "@type": [
- "owl:NamedIndividual",
- "core:HashAlgorithm"
- ]
+ "@id": "ns5:VexUnderInvestigationVulnAssessmentRelationship",
+ "@type": "owl:Class",
+ "rdfs:comment": {
+ "@value": "Designates elements as products where the impact of a vulnerability is being\ninvestigated.",
+ "@language": "en"
+ },
+ "rdfs:subClassOf": {
+ "@id": "ns5:VexVulnAssessmentRelationship"
+ },
+ "sh:nodeKind": {
+ "@id": "sh:IRI"
+ }
},
{
- "@id": "https://spdx.org/rdf/Core/HashAlgorithm/md4",
+ "@id": "ns5:Vulnerability",
"@type": [
- "owl:NamedIndividual",
- "core:HashAlgorithm"
+ "owl:Class",
+ "sh:NodeShape"
+ ],
+ "rdfs:comment": {
+ "@value": "Specifies a vulnerability and its associated information.",
+ "@language": "en"
+ },
+ "rdfs:subClassOf": {
+ "@id": "ns1:Artifact"
+ },
+ "sh:nodeKind": {
+ "@id": "sh:IRI"
+ },
+ "sh:property": [
+ {
+ "sh:datatype": {
+ "@id": "xsd:dateTimeStamp"
+ },
+ "sh:maxCount": 1,
+ "sh:nodeKind": {
+ "@id": "sh:Literal"
+ },
+ "sh:path": {
+ "@id": "ns5:publishedTime"
+ },
+ "sh:pattern": "^\\d\\d\\d\\d-\\d\\d-\\d\\dT\\d\\d:\\d\\d:\\d\\dZ$"
+ },
+ {
+ "sh:datatype": {
+ "@id": "xsd:dateTimeStamp"
+ },
+ "sh:maxCount": 1,
+ "sh:nodeKind": {
+ "@id": "sh:Literal"
+ },
+ "sh:path": {
+ "@id": "ns5:withdrawnTime"
+ },
+ "sh:pattern": "^\\d\\d\\d\\d-\\d\\d-\\d\\dT\\d\\d:\\d\\d:\\d\\dZ$"
+ },
+ {
+ "sh:datatype": {
+ "@id": "xsd:dateTimeStamp"
+ },
+ "sh:maxCount": 1,
+ "sh:nodeKind": {
+ "@id": "sh:Literal"
+ },
+ "sh:path": {
+ "@id": "ns5:modifiedTime"
+ },
+ "sh:pattern": "^\\d\\d\\d\\d-\\d\\d-\\d\\dT\\d\\d:\\d\\d:\\d\\dZ$"
+ }
]
},
{
- "@id": "https://spdx.org/rdf/Core/HashAlgorithm/md5",
+ "@id": "https://spdx.org/rdf/3.0.1/terms/SimpleLicensing/LicenseExpression",
"@type": [
- "owl:NamedIndividual",
- "core:HashAlgorithm"
+ "owl:Class",
+ "sh:NodeShape"
+ ],
+ "rdfs:comment": {
+ "@value": "An SPDX Element containing an SPDX license expression string.",
+ "@language": "en"
+ },
+ "rdfs:subClassOf": {
+ "@id": "https://spdx.org/rdf/3.0.1/terms/SimpleLicensing/AnyLicenseInfo"
+ },
+ "sh:nodeKind": {
+ "@id": "sh:IRI"
+ },
+ "sh:property": [
+ {
+ "sh:datatype": {
+ "@id": "xsd:string"
+ },
+ "sh:maxCount": 1,
+ "sh:nodeKind": {
+ "@id": "sh:Literal"
+ },
+ "sh:path": {
+ "@id": "https://spdx.org/rdf/3.0.1/terms/SimpleLicensing/licenseListVersion"
+ },
+ "sh:pattern": "^(0|[1-9]\\d*)\\.(0|[1-9]\\d*)\\.(0|[1-9]\\d*)(?:-((?:0|[1-9]\\d*|\\d*[a-zA-Z-][0-9a-zA-Z-]*)(?:\\.(?:0|[1-9]\\d*|\\d*[a-zA-Z-][0-9a-zA-Z-]*))*))?(?:\\+([0-9a-zA-Z-]+(?:\\.[0-9a-zA-Z-]+)*))?$"
+ },
+ {
+ "sh:class": {
+ "@id": "ns1:DictionaryEntry"
+ },
+ "sh:nodeKind": {
+ "@id": "sh:BlankNodeOrIRI"
+ },
+ "sh:path": {
+ "@id": "https://spdx.org/rdf/3.0.1/terms/SimpleLicensing/customIdToUri"
+ }
+ },
+ {
+ "sh:datatype": {
+ "@id": "xsd:string"
+ },
+ "sh:maxCount": 1,
+ "sh:minCount": 1,
+ "sh:nodeKind": {
+ "@id": "sh:Literal"
+ },
+ "sh:path": {
+ "@id": "https://spdx.org/rdf/3.0.1/terms/SimpleLicensing/licenseExpression"
+ }
+ }
]
},
{
- "@id": "https://spdx.org/rdf/Core/HashAlgorithm/md6",
+ "@id": "https://spdx.org/rdf/3.0.1/terms/SimpleLicensing/SimpleLicensingText",
"@type": [
- "owl:NamedIndividual",
- "core:HashAlgorithm"
- ]
+ "owl:Class",
+ "sh:NodeShape"
+ ],
+ "rdfs:comment": {
+ "@value": "A license or addition that is not listed on the SPDX License List.",
+ "@language": "en"
+ },
+ "rdfs:subClassOf": {
+ "@id": "ns1:Element"
+ },
+ "sh:nodeKind": {
+ "@id": "sh:IRI"
+ },
+ "sh:property": {
+ "sh:datatype": {
+ "@id": "xsd:string"
+ },
+ "sh:maxCount": 1,
+ "sh:minCount": 1,
+ "sh:nodeKind": {
+ "@id": "sh:Literal"
+ },
+ "sh:path": {
+ "@id": "https://spdx.org/rdf/3.0.1/terms/SimpleLicensing/licenseText"
+ }
+ }
},
{
- "@id": "https://spdx.org/rdf/Core/HashAlgorithm/other",
+ "@id": "ns2:Sbom",
"@type": [
- "owl:NamedIndividual",
- "core:HashAlgorithm"
- ]
+ "owl:Class",
+ "sh:NodeShape"
+ ],
+ "rdfs:comment": {
+ "@value": "A collection of SPDX Elements describing a single package.",
+ "@language": "en"
+ },
+ "rdfs:subClassOf": {
+ "@id": "ns1:Bom"
+ },
+ "sh:nodeKind": {
+ "@id": "sh:IRI"
+ },
+ "sh:property": {
+ "sh:class": {
+ "@id": "ns2:SbomType"
+ },
+ "sh:in": {
+ "@list": [
+ {
+ "@id": "https://spdx.org/rdf/3.0.1/terms/Software/SbomType/design"
+ },
+ {
+ "@id": "https://spdx.org/rdf/3.0.1/terms/Software/SbomType/source"
+ },
+ {
+ "@id": "https://spdx.org/rdf/3.0.1/terms/Software/SbomType/build"
+ },
+ {
+ "@id": "https://spdx.org/rdf/3.0.1/terms/Software/SbomType/deployed"
+ },
+ {
+ "@id": "https://spdx.org/rdf/3.0.1/terms/Software/SbomType/runtime"
+ },
+ {
+ "@id": "https://spdx.org/rdf/3.0.1/terms/Software/SbomType/analyzed"
+ }
+ ]
+ },
+ "sh:nodeKind": {
+ "@id": "sh:IRI"
+ },
+ "sh:path": {
+ "@id": "ns2:sbomType"
+ }
+ }
},
{
- "@id": "https://spdx.org/rdf/Core/HashAlgorithm/sha1",
+ "@id": "ns2:Snippet",
"@type": [
- "owl:NamedIndividual",
- "core:HashAlgorithm"
+ "owl:Class",
+ "sh:NodeShape"
+ ],
+ "rdfs:comment": {
+ "@value": "Describes a certain part of a file.",
+ "@language": "en"
+ },
+ "rdfs:subClassOf": {
+ "@id": "ns2:SoftwareArtifact"
+ },
+ "sh:nodeKind": {
+ "@id": "sh:IRI"
+ },
+ "sh:property": [
+ {
+ "sh:class": {
+ "@id": "ns1:PositiveIntegerRange"
+ },
+ "sh:maxCount": 1,
+ "sh:nodeKind": {
+ "@id": "sh:BlankNodeOrIRI"
+ },
+ "sh:path": {
+ "@id": "ns2:lineRange"
+ }
+ },
+ {
+ "sh:class": {
+ "@id": "ns2:File"
+ },
+ "sh:maxCount": 1,
+ "sh:minCount": 1,
+ "sh:nodeKind": {
+ "@id": "sh:IRI"
+ },
+ "sh:path": {
+ "@id": "ns2:snippetFromFile"
+ }
+ },
+ {
+ "sh:class": {
+ "@id": "ns1:PositiveIntegerRange"
+ },
+ "sh:maxCount": 1,
+ "sh:nodeKind": {
+ "@id": "sh:BlankNodeOrIRI"
+ },
+ "sh:path": {
+ "@id": "ns2:byteRange"
+ }
+ }
]
},
{
- "@id": "https://spdx.org/rdf/Core/HashAlgorithm/sha224",
- "@type": [
- "owl:NamedIndividual",
- "core:HashAlgorithm"
- ]
+ "@id": "spdx:",
+ "@type": "owl:Ontology",
+ "rdfs:label": {
+ "@value": "System Package Data Exchange (SPDX) Ontology",
+ "@language": "en"
+ },
+ "dcterms:abstract": {
+ "@value": "This ontology defines the terms and relationships used in the SPDX specification to describe system packages",
+ "@language": "en"
+ },
+ "dcterms:created": {
+ "@value": "2024-04-05",
+ "@type": "xsd:date"
+ },
+ "dcterms:creator": {
+ "@value": "SPDX Project",
+ "@language": "en"
+ },
+ "dcterms:license": {
+ "@id": "https://spdx.org/licenses/Community-Spec-1.0.html"
+ },
+ "dcterms:references": {
+ "@id": "https://spdx.dev/specifications/"
+ },
+ "dcterms:title": {
+ "@value": "System Package Data Exchange (SPDX) Ontology",
+ "@language": "en"
+ },
+ "owl:versionIRI": {
+ "@id": "spdx:"
+ },
+ "omg-ann:copyright": {
+ "@value": "Copyright (C) 2024 SPDX Project",
+ "@language": "en"
+ }
},
{
- "@id": "https://spdx.org/rdf/Core/HashAlgorithm/sha256",
+ "@id": "https://spdx.org/rdf/3.0.1/terms/AI/EnergyUnitType/kilowattHour",
"@type": [
"owl:NamedIndividual",
- "core:HashAlgorithm"
- ]
+ "ns4:EnergyUnitType"
+ ],
+ "rdfs:label": "kilowattHour",
+ "rdfs:comment": {
+ "@value": "Kilowatt-hour.",
+ "@language": "en"
+ }
},
{
- "@id": "https://spdx.org/rdf/Core/HashAlgorithm/sha384",
+ "@id": "https://spdx.org/rdf/3.0.1/terms/AI/EnergyUnitType/megajoule",
"@type": [
"owl:NamedIndividual",
- "core:HashAlgorithm"
- ]
+ "ns4:EnergyUnitType"
+ ],
+ "rdfs:label": "megajoule",
+ "rdfs:comment": {
+ "@value": "Megajoule.",
+ "@language": "en"
+ }
},
{
- "@id": "https://spdx.org/rdf/Core/HashAlgorithm/sha3_224",
+ "@id": "https://spdx.org/rdf/3.0.1/terms/AI/EnergyUnitType/other",
"@type": [
"owl:NamedIndividual",
- "core:HashAlgorithm"
- ]
+ "ns4:EnergyUnitType"
+ ],
+ "rdfs:label": "other",
+ "rdfs:comment": {
+ "@value": "Any other units of energy measurement.",
+ "@language": "en"
+ }
},
{
- "@id": "https://spdx.org/rdf/Core/HashAlgorithm/sha3_256",
+ "@id": "https://spdx.org/rdf/3.0.1/terms/AI/SafetyRiskAssessmentType/high",
"@type": [
"owl:NamedIndividual",
- "core:HashAlgorithm"
- ]
+ "ns4:SafetyRiskAssessmentType"
+ ],
+ "rdfs:label": "high",
+ "rdfs:comment": {
+ "@value": "The second-highest level of risk posed by an AI system.",
+ "@language": "en"
+ }
},
{
- "@id": "https://spdx.org/rdf/Core/HashAlgorithm/sha3_384",
+ "@id": "https://spdx.org/rdf/3.0.1/terms/AI/SafetyRiskAssessmentType/low",
"@type": [
"owl:NamedIndividual",
- "core:HashAlgorithm"
- ]
+ "ns4:SafetyRiskAssessmentType"
+ ],
+ "rdfs:label": "low",
+ "rdfs:comment": {
+ "@value": "Low/no risk is posed by an AI system.",
+ "@language": "en"
+ }
},
{
- "@id": "https://spdx.org/rdf/Core/HashAlgorithm/sha3_512",
+ "@id": "https://spdx.org/rdf/3.0.1/terms/AI/SafetyRiskAssessmentType/medium",
"@type": [
"owl:NamedIndividual",
- "core:HashAlgorithm"
- ]
+ "ns4:SafetyRiskAssessmentType"
+ ],
+ "rdfs:label": "medium",
+ "rdfs:comment": {
+ "@value": "The third-highest level of risk posed by an AI system.",
+ "@language": "en"
+ }
},
{
- "@id": "https://spdx.org/rdf/Core/HashAlgorithm/sha512",
+ "@id": "https://spdx.org/rdf/3.0.1/terms/AI/SafetyRiskAssessmentType/serious",
"@type": [
"owl:NamedIndividual",
- "core:HashAlgorithm"
- ]
+ "ns4:SafetyRiskAssessmentType"
+ ],
+ "rdfs:label": "serious",
+ "rdfs:comment": {
+ "@value": "The highest level of risk posed by an AI system.",
+ "@language": "en"
+ }
},
{
- "@id": "https://spdx.org/rdf/Core/HashAlgorithm/spdxPvcSha1",
- "@type": [
- "owl:NamedIndividual",
- "core:HashAlgorithm"
- ]
+ "@id": "ns4:autonomyType",
+ "@type": "owl:ObjectProperty",
+ "rdfs:comment": {
+ "@value": "Indicates whether the system can perform a decision or action without human\ninvolvement or guidance.",
+ "@language": "en"
+ },
+ "rdfs:range": {
+ "@id": "ns1:PresenceType"
+ }
},
{
- "@id": "https://spdx.org/rdf/Core/HashAlgorithm/spdxPvcSha256",
- "@type": [
- "owl:NamedIndividual",
- "core:HashAlgorithm"
- ]
+ "@id": "ns4:domain",
+ "@type": "owl:DatatypeProperty",
+ "rdfs:comment": {
+ "@value": "Captures the domain in which the AI package can be used.",
+ "@language": "en"
+ },
+ "rdfs:range": {
+ "@id": "xsd:string"
+ }
},
{
- "@id": "https://spdx.org/rdf/Core/HashAlgorithm/sphincsPlus",
- "@type": [
- "owl:NamedIndividual",
- "core:HashAlgorithm"
- ]
+ "@id": "ns4:energyConsumption",
+ "@type": "owl:ObjectProperty",
+ "rdfs:comment": {
+ "@value": "Indicates the amount of energy consumption incurred by an AI model.",
+ "@language": "en"
+ },
+ "rdfs:range": {
+ "@id": "ns4:EnergyConsumption"
+ }
},
{
- "@id": "https://spdx.org/rdf/Core/LifecycleScopeType/build",
- "@type": [
- "owl:NamedIndividual",
- "core:LifecycleScopeType"
- ]
+ "@id": "ns4:energyQuantity",
+ "@type": "owl:DatatypeProperty",
+ "rdfs:comment": {
+ "@value": "Represents the energy quantity.",
+ "@language": "en"
+ },
+ "rdfs:range": {
+ "@id": "xsd:decimal"
+ }
},
{
- "@id": "https://spdx.org/rdf/Core/LifecycleScopeType/design",
- "@type": [
- "owl:NamedIndividual",
- "core:LifecycleScopeType"
- ]
+ "@id": "ns4:energyUnit",
+ "@type": "owl:ObjectProperty",
+ "rdfs:comment": {
+ "@value": "Specifies the unit in which energy is measured.",
+ "@language": "en"
+ },
+ "rdfs:range": {
+ "@id": "ns4:EnergyUnitType"
+ }
},
{
- "@id": "https://spdx.org/rdf/Core/LifecycleScopeType/development",
- "@type": [
- "owl:NamedIndividual",
- "core:LifecycleScopeType"
- ]
+ "@id": "ns4:finetuningEnergyConsumption",
+ "@type": "owl:ObjectProperty",
+ "rdfs:comment": {
+ "@value": "Specifies the amount of energy consumed when finetuning the AI model that is\nbeing used in the AI system.",
+ "@language": "en"
+ },
+ "rdfs:range": {
+ "@id": "ns4:EnergyConsumptionDescription"
+ }
},
{
- "@id": "https://spdx.org/rdf/Core/LifecycleScopeType/other",
- "@type": [
- "owl:NamedIndividual",
- "core:LifecycleScopeType"
- ]
+ "@id": "ns4:hyperparameter",
+ "@type": "owl:ObjectProperty",
+ "rdfs:comment": {
+ "@value": "Records a hyperparameter used to build the AI model contained in the AI\npackage.",
+ "@language": "en"
+ },
+ "rdfs:range": {
+ "@id": "ns1:DictionaryEntry"
+ }
},
{
- "@id": "https://spdx.org/rdf/Core/LifecycleScopeType/runtime",
- "@type": [
- "owl:NamedIndividual",
- "core:LifecycleScopeType"
- ]
+ "@id": "ns4:inferenceEnergyConsumption",
+ "@type": "owl:ObjectProperty",
+ "rdfs:comment": {
+ "@value": "Specifies the amount of energy consumed during inference time by an AI model\nthat is being used in the AI system.",
+ "@language": "en"
+ },
+ "rdfs:range": {
+ "@id": "ns4:EnergyConsumptionDescription"
+ }
+ },
+ {
+ "@id": "ns4:informationAboutApplication",
+ "@type": "owl:DatatypeProperty",
+ "rdfs:comment": {
+ "@value": "Provides relevant information about the AI software, not including the model\ndescription.",
+ "@language": "en"
+ },
+ "rdfs:range": {
+ "@id": "xsd:string"
+ }
+ },
+ {
+ "@id": "ns4:informationAboutTraining",
+ "@type": "owl:DatatypeProperty",
+ "rdfs:comment": {
+ "@value": "Describes relevant information about different steps of the training process.",
+ "@language": "en"
+ },
+ "rdfs:range": {
+ "@id": "xsd:string"
+ }
+ },
+ {
+ "@id": "ns4:limitation",
+ "@type": "owl:DatatypeProperty",
+ "rdfs:comment": {
+ "@value": "Captures a limitation of the AI software.",
+ "@language": "en"
+ },
+ "rdfs:range": {
+ "@id": "xsd:string"
+ }
+ },
+ {
+ "@id": "ns4:metric",
+ "@type": "owl:ObjectProperty",
+ "rdfs:comment": {
+ "@value": "Records the measurement of prediction quality of the AI model.",
+ "@language": "en"
+ },
+ "rdfs:range": {
+ "@id": "ns1:DictionaryEntry"
+ }
+ },
+ {
+ "@id": "ns4:metricDecisionThreshold",
+ "@type": "owl:ObjectProperty",
+ "rdfs:comment": {
+ "@value": "Captures the threshold that was used for computation of a metric described in\nthe metric field.",
+ "@language": "en"
+ },
+ "rdfs:range": {
+ "@id": "ns1:DictionaryEntry"
+ }
+ },
+ {
+ "@id": "ns4:modelDataPreprocessing",
+ "@type": "owl:DatatypeProperty",
+ "rdfs:comment": {
+ "@value": "Describes all the preprocessing steps applied to the training data before the\nmodel training.",
+ "@language": "en"
+ },
+ "rdfs:range": {
+ "@id": "xsd:string"
+ }
+ },
+ {
+ "@id": "ns4:modelExplainability",
+ "@type": "owl:DatatypeProperty",
+ "rdfs:comment": {
+ "@value": "Describes methods that can be used to explain the results from the AI model.",
+ "@language": "en"
+ },
+ "rdfs:range": {
+ "@id": "xsd:string"
+ }
+ },
+ {
+ "@id": "ns4:safetyRiskAssessment",
+ "@type": "owl:ObjectProperty",
+ "rdfs:comment": {
+ "@value": "Records the results of general safety risk assessment of the AI system.",
+ "@language": "en"
+ },
+ "rdfs:range": {
+ "@id": "ns4:SafetyRiskAssessmentType"
+ }
+ },
+ {
+ "@id": "ns4:standardCompliance",
+ "@type": "owl:DatatypeProperty",
+ "rdfs:comment": {
+ "@value": "Captures a standard that is being complied with.",
+ "@language": "en"
+ },
+ "rdfs:range": {
+ "@id": "xsd:string"
+ }
+ },
+ {
+ "@id": "ns4:trainingEnergyConsumption",
+ "@type": "owl:ObjectProperty",
+ "rdfs:comment": {
+ "@value": "Specifies the amount of energy consumed when training the AI model that is\nbeing used in the AI system.",
+ "@language": "en"
+ },
+ "rdfs:range": {
+ "@id": "ns4:EnergyConsumptionDescription"
+ }
+ },
+ {
+ "@id": "ns4:typeOfModel",
+ "@type": "owl:DatatypeProperty",
+ "rdfs:comment": {
+ "@value": "Records the type of the model used in the AI software.",
+ "@language": "en"
+ },
+ "rdfs:range": {
+ "@id": "xsd:string"
+ }
+ },
+ {
+ "@id": "ns4:useSensitivePersonalInformation",
+ "@type": "owl:ObjectProperty",
+ "rdfs:comment": {
+ "@value": "Records if sensitive personal information is used during model training or\ncould be used during the inference.",
+ "@language": "en"
+ },
+ "rdfs:range": {
+ "@id": "ns1:PresenceType"
+ }
+ },
+ {
+ "@id": "https://spdx.org/rdf/3.0.1/terms/Build/buildEndTime",
+ "@type": "owl:DatatypeProperty",
+ "rdfs:comment": {
+ "@value": "Property that describes the time at which a build stops.",
+ "@language": "en"
+ },
+ "rdfs:range": {
+ "@id": "xsd:dateTimeStamp"
+ }
+ },
+ {
+ "@id": "https://spdx.org/rdf/3.0.1/terms/Build/buildId",
+ "@type": "owl:DatatypeProperty",
+ "rdfs:comment": {
+ "@value": "A buildId is a locally unique identifier used by a builder to identify a unique\ninstance of a build produced by it.",
+ "@language": "en"
+ },
+ "rdfs:range": {
+ "@id": "xsd:string"
+ }
+ },
+ {
+ "@id": "https://spdx.org/rdf/3.0.1/terms/Build/buildStartTime",
+ "@type": "owl:DatatypeProperty",
+ "rdfs:comment": {
+ "@value": "Property describing the start time of a build.",
+ "@language": "en"
+ },
+ "rdfs:range": {
+ "@id": "xsd:dateTimeStamp"
+ }
+ },
+ {
+ "@id": "https://spdx.org/rdf/3.0.1/terms/Build/buildType",
+ "@type": "owl:DatatypeProperty",
+ "rdfs:comment": {
+ "@value": "A buildType is a hint that is used to indicate the toolchain, platform, or\ninfrastructure that the build was invoked on.",
+ "@language": "en"
+ },
+ "rdfs:range": {
+ "@id": "xsd:anyURI"
+ }
+ },
+ {
+ "@id": "https://spdx.org/rdf/3.0.1/terms/Build/configSourceDigest",
+ "@type": "owl:ObjectProperty",
+ "rdfs:comment": {
+ "@value": "Property that describes the digest of the build configuration file used to\ninvoke a build.",
+ "@language": "en"
+ },
+ "rdfs:range": {
+ "@id": "ns1:Hash"
+ }
+ },
+ {
+ "@id": "https://spdx.org/rdf/3.0.1/terms/Build/configSourceEntrypoint",
+ "@type": "owl:DatatypeProperty",
+ "rdfs:comment": {
+ "@value": "Property describes the invocation entrypoint of a build.",
+ "@language": "en"
+ },
+ "rdfs:range": {
+ "@id": "xsd:string"
+ }
+ },
+ {
+ "@id": "https://spdx.org/rdf/3.0.1/terms/Build/configSourceUri",
+ "@type": "owl:DatatypeProperty",
+ "rdfs:comment": {
+ "@value": "Property that describes the URI of the build configuration source file.",
+ "@language": "en"
+ },
+ "rdfs:range": {
+ "@id": "xsd:anyURI"
+ }
},
{
- "@id": "https://spdx.org/rdf/Core/LifecycleScopeType/test",
+ "@id": "https://spdx.org/rdf/3.0.1/terms/Build/environment",
+ "@type": "owl:ObjectProperty",
+ "rdfs:comment": {
+ "@value": "Property describing the session in which a build is invoked.",
+ "@language": "en"
+ },
+ "rdfs:range": {
+ "@id": "ns1:DictionaryEntry"
+ }
+ },
+ {
+ "@id": "https://spdx.org/rdf/3.0.1/terms/Build/parameter",
+ "@type": "owl:ObjectProperty",
+ "rdfs:comment": {
+ "@value": "Property describing a parameter used in an instance of a build.",
+ "@language": "en"
+ },
+ "rdfs:range": {
+ "@id": "ns1:DictionaryEntry"
+ }
+ },
+ {
+ "@id": "https://spdx.org/rdf/3.0.1/terms/Core/AnnotationType/other",
"@type": [
"owl:NamedIndividual",
- "core:LifecycleScopeType"
- ]
+ "ns1:AnnotationType"
+ ],
+ "rdfs:label": "other",
+ "rdfs:comment": {
+ "@value": "Used to store extra information about an Element which is not part of a review (e.g. extra information provided during the creation of the Element).",
+ "@language": "en"
+ }
},
{
- "@id": "core:Organization",
+ "@id": "https://spdx.org/rdf/3.0.1/terms/Core/AnnotationType/review",
"@type": [
- "owl:Class",
- "sh:NodeShape"
+ "owl:NamedIndividual",
+ "ns1:AnnotationType"
],
- "rdfs:comment": "An Organization is a group of people who work together in an organized way for a shared purpose.",
+ "rdfs:label": "review",
+ "rdfs:comment": {
+ "@value": "Used when someone reviews the Element.",
+ "@language": "en"
+ }
+ },
+ {
+ "@id": "ns1:Bom",
+ "@type": "owl:Class",
+ "rdfs:comment": {
+ "@value": "A container for a grouping of SPDX-3.0 content characterizing details\n(provenence, composition, licensing, etc.) about a product.",
+ "@language": "en"
+ },
"rdfs:subClassOf": {
- "@id": "core:Agent"
+ "@id": "ns1:Bundle"
},
- "ns0:term_status": "Stable"
+ "sh:nodeKind": {
+ "@id": "sh:IRI"
+ }
},
{
- "@id": "core:Person",
+ "@id": "ns1:Bundle",
"@type": [
"owl:Class",
"sh:NodeShape"
],
- "rdfs:comment": "A Person is an individual human being.",
+ "rdfs:comment": {
+ "@value": "A collection of Elements that have a shared context.",
+ "@language": "en"
+ },
"rdfs:subClassOf": {
- "@id": "core:Agent"
+ "@id": "ns1:ElementCollection"
+ },
+ "sh:nodeKind": {
+ "@id": "sh:IRI"
},
- "ns0:term_status": "Stable"
+ "sh:property": {
+ "sh:datatype": {
+ "@id": "xsd:string"
+ },
+ "sh:maxCount": 1,
+ "sh:nodeKind": {
+ "@id": "sh:Literal"
+ },
+ "sh:path": {
+ "@id": "ns1:context"
+ }
+ }
},
{
- "@id": "https://spdx.org/rdf/Core/ProfileIdentifierType/ai",
+ "@id": "https://spdx.org/rdf/3.0.1/terms/Core/ExternalIdentifierType/cpe22",
"@type": [
"owl:NamedIndividual",
- "core:ProfileIdentifierType"
- ]
+ "ns1:ExternalIdentifierType"
+ ],
+ "rdfs:label": "cpe22",
+ "rdfs:comment": {
+ "@value": "[Common Platform Enumeration Specification 2.2](https://cpe.mitre.org/files/cpe-specification_2.2.pdf)",
+ "@language": "en"
+ }
},
{
- "@id": "https://spdx.org/rdf/Core/ProfileIdentifierType/build",
+ "@id": "https://spdx.org/rdf/3.0.1/terms/Core/ExternalIdentifierType/cpe23",
"@type": [
"owl:NamedIndividual",
- "core:ProfileIdentifierType"
- ]
+ "ns1:ExternalIdentifierType"
+ ],
+ "rdfs:label": "cpe23",
+ "rdfs:comment": {
+ "@value": "[Common Platform Enumeration: Naming Specification Version 2.3](https://csrc.nist.gov/publications/detail/nistir/7695/final)",
+ "@language": "en"
+ }
},
{
- "@id": "https://spdx.org/rdf/Core/ProfileIdentifierType/core",
+ "@id": "https://spdx.org/rdf/3.0.1/terms/Core/ExternalIdentifierType/cve",
"@type": [
"owl:NamedIndividual",
- "core:ProfileIdentifierType"
- ]
+ "ns1:ExternalIdentifierType"
+ ],
+ "rdfs:label": "cve",
+ "rdfs:comment": {
+ "@value": "Common Vulnerabilities and Exposures identifiers, an identifier for a specific software flaw defined within the official CVE Dictionary and that conforms to the [CVE specification](https://csrc.nist.gov/glossary/term/cve_id).",
+ "@language": "en"
+ }
},
{
- "@id": "https://spdx.org/rdf/Core/ProfileIdentifierType/dataset",
+ "@id": "https://spdx.org/rdf/3.0.1/terms/Core/ExternalIdentifierType/email",
"@type": [
"owl:NamedIndividual",
- "core:ProfileIdentifierType"
- ]
+ "ns1:ExternalIdentifierType"
+ ],
+ "rdfs:label": "email",
+ "rdfs:comment": {
+ "@value": "Email address, as defined in [RFC 3696](https://datatracker.ietf.org/doc/rfc3986/) Section 3.",
+ "@language": "en"
+ }
},
{
- "@id": "https://spdx.org/rdf/Core/ProfileIdentifierType/extension",
+ "@id": "https://spdx.org/rdf/3.0.1/terms/Core/ExternalIdentifierType/gitoid",
"@type": [
"owl:NamedIndividual",
- "core:ProfileIdentifierType"
- ]
+ "ns1:ExternalIdentifierType"
+ ],
+ "rdfs:label": "gitoid",
+ "rdfs:comment": {
+ "@value": "[Gitoid](https://www.iana.org/assignments/uri-schemes/prov/gitoid), stands for [Git Object ID](https://git-scm.com/book/en/v2/Git-Internals-Git-Objects). A gitoid of type blob is a unique hash of a binary artifact. A gitoid may represent either an [Artifact Identifier](https://github.com/omnibor/spec/blob/eb1ee5c961c16215eb8709b2975d193a2007a35d/spec/SPEC.md#artifact-identifier-types) for the software artifact or an [Input Manifest Identifier](https://github.com/omnibor/spec/blob/eb1ee5c961c16215eb8709b2975d193a2007a35d/spec/SPEC.md#input-manifest-identifier) for the software artifact's associated [Artifact Input Manifest](https://github.com/omnibor/spec/blob/eb1ee5c961c16215eb8709b2975d193a2007a35d/spec/SPEC.md#artifact-input-manifest); this ambiguity exists because the Artifact Input Manifest is itself an artifact, and the gitoid of that artifact is its valid identifier. Gitoids calculated on software artifacts (Snippet, File, or Package Elements) should be recorded in the SPDX 3.0 SoftwareArtifact's contentIdentifier property. Gitoids calculated on the Artifact Input Manifest (Input Manifest Identifier) should be recorded in the SPDX 3.0 Element's externalIdentifier property. See [OmniBOR Specification](https://github.com/omnibor/spec/), a minimalistic specification for describing software [Artifact Dependency Graphs](https://github.com/omnibor/spec/blob/eb1ee5c961c16215eb8709b2975d193a2007a35d/spec/SPEC.md#artifact-dependency-graph-adg).",
+ "@language": "en"
+ }
},
{
- "@id": "https://spdx.org/rdf/Core/ProfileIdentifierType/licensing",
+ "@id": "https://spdx.org/rdf/3.0.1/terms/Core/ExternalIdentifierType/other",
"@type": [
"owl:NamedIndividual",
- "core:ProfileIdentifierType"
- ]
+ "ns1:ExternalIdentifierType"
+ ],
+ "rdfs:label": "other",
+ "rdfs:comment": {
+ "@value": "Used when the type does not match any of the other options.",
+ "@language": "en"
+ }
},
{
- "@id": "https://spdx.org/rdf/Core/ProfileIdentifierType/security",
+ "@id": "https://spdx.org/rdf/3.0.1/terms/Core/ExternalIdentifierType/packageUrl",
"@type": [
"owl:NamedIndividual",
- "core:ProfileIdentifierType"
- ]
+ "ns1:ExternalIdentifierType"
+ ],
+ "rdfs:label": "packageUrl",
+ "rdfs:comment": {
+ "@value": "Package URL, as defined in the corresponding [Annex](../../../annexes/pkg-url-specification.md) of this specification.",
+ "@language": "en"
+ }
},
{
- "@id": "https://spdx.org/rdf/Core/ProfileIdentifierType/software",
+ "@id": "https://spdx.org/rdf/3.0.1/terms/Core/ExternalIdentifierType/securityOther",
"@type": [
"owl:NamedIndividual",
- "core:ProfileIdentifierType"
- ]
+ "ns1:ExternalIdentifierType"
+ ],
+ "rdfs:label": "securityOther",
+ "rdfs:comment": {
+ "@value": "Used when there is a security related identifier of unspecified type.",
+ "@language": "en"
+ }
},
{
- "@id": "https://spdx.org/rdf/Core/ProfileIdentifierType/usage",
+ "@id": "https://spdx.org/rdf/3.0.1/terms/Core/ExternalIdentifierType/swhid",
"@type": [
"owl:NamedIndividual",
- "core:ProfileIdentifierType"
- ]
+ "ns1:ExternalIdentifierType"
+ ],
+ "rdfs:label": "swhid",
+ "rdfs:comment": {
+ "@value": "SoftWare Hash IDentifier, a persistent intrinsic identifier for digital artifacts, such as files, trees (also known as directories or folders), commits, and other objects typically found in version control systems. The format of the identifiers is defined in the [SWHID specification](https://www.swhid.org/specification/v1.1/4.Syntax) (ISO/IEC DIS 18670). They typically look like `swh:1:cnt:94a9ed024d3859793618152ea559a168bbcbb5e2`.",
+ "@language": "en"
+ }
},
{
- "@id": "https://spdx.org/rdf/Core/RelationshipCompleteness/complete",
+ "@id": "https://spdx.org/rdf/3.0.1/terms/Core/ExternalIdentifierType/swid",
"@type": [
"owl:NamedIndividual",
- "core:RelationshipCompleteness"
- ]
+ "ns1:ExternalIdentifierType"
+ ],
+ "rdfs:label": "swid",
+ "rdfs:comment": {
+ "@value": "Concise Software Identification (CoSWID) tag, as defined in [RFC 9393](https://datatracker.ietf.org/doc/rfc9393/) Section 2.3.",
+ "@language": "en"
+ }
},
{
- "@id": "https://spdx.org/rdf/Core/RelationshipCompleteness/incomplete",
+ "@id": "https://spdx.org/rdf/3.0.1/terms/Core/ExternalIdentifierType/urlScheme",
"@type": [
"owl:NamedIndividual",
- "core:RelationshipCompleteness"
- ]
+ "ns1:ExternalIdentifierType"
+ ],
+ "rdfs:label": "urlScheme",
+ "rdfs:comment": {
+ "@value": "[Uniform Resource Identifier (URI) Schemes](https://www.iana.org/assignments/uri-schemes/uri-schemes.xhtml). The scheme used in order to locate a resource.",
+ "@language": "en"
+ }
},
{
- "@id": "https://spdx.org/rdf/Core/RelationshipCompleteness/noAssertion",
+ "@id": "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/altDownloadLocation",
"@type": [
"owl:NamedIndividual",
- "core:RelationshipCompleteness"
- ]
+ "ns1:ExternalRefType"
+ ],
+ "rdfs:label": "altDownloadLocation",
+ "rdfs:comment": {
+ "@value": "A reference to an alternative download location.",
+ "@language": "en"
+ }
},
{
- "@id": "https://spdx.org/rdf/Core/RelationshipType/affects",
+ "@id": "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/altWebPage",
"@type": [
"owl:NamedIndividual",
- "core:RelationshipType"
- ]
+ "ns1:ExternalRefType"
+ ],
+ "rdfs:label": "altWebPage",
+ "rdfs:comment": {
+ "@value": "A reference to an alternative web page.",
+ "@language": "en"
+ }
},
{
- "@id": "https://spdx.org/rdf/Core/RelationshipType/amends",
+ "@id": "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/binaryArtifact",
"@type": [
"owl:NamedIndividual",
- "core:RelationshipType"
- ]
+ "ns1:ExternalRefType"
+ ],
+ "rdfs:label": "binaryArtifact",
+ "rdfs:comment": {
+ "@value": "A reference to binary artifacts related to a package.",
+ "@language": "en"
+ }
},
{
- "@id": "https://spdx.org/rdf/Core/RelationshipType/ancestor",
+ "@id": "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/bower",
"@type": [
"owl:NamedIndividual",
- "core:RelationshipType"
- ]
+ "ns1:ExternalRefType"
+ ],
+ "rdfs:label": "bower",
+ "rdfs:comment": {
+ "@value": "A reference to a Bower package. The package locator format, looks like `package#version`, is defined in the \"install\" section of [Bower API documentation](https://bower.io/docs/api/#install).",
+ "@language": "en"
+ }
},
{
- "@id": "https://spdx.org/rdf/Core/RelationshipType/availableFrom",
+ "@id": "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/buildMeta",
"@type": [
"owl:NamedIndividual",
- "core:RelationshipType"
- ]
+ "ns1:ExternalRefType"
+ ],
+ "rdfs:label": "buildMeta",
+ "rdfs:comment": {
+ "@value": "A reference build metadata related to a published package.",
+ "@language": "en"
+ }
},
{
- "@id": "https://spdx.org/rdf/Core/RelationshipType/buildConfigOf",
+ "@id": "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/buildSystem",
"@type": [
"owl:NamedIndividual",
- "core:RelationshipType"
- ]
+ "ns1:ExternalRefType"
+ ],
+ "rdfs:label": "buildSystem",
+ "rdfs:comment": {
+ "@value": "A reference build system used to create or publish the package.",
+ "@language": "en"
+ }
},
{
- "@id": "https://spdx.org/rdf/Core/RelationshipType/buildDependency",
+ "@id": "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/certificationReport",
"@type": [
"owl:NamedIndividual",
- "core:RelationshipType"
- ]
+ "ns1:ExternalRefType"
+ ],
+ "rdfs:label": "certificationReport",
+ "rdfs:comment": {
+ "@value": "A reference to a certification report for a package from an accredited/independent body.",
+ "@language": "en"
+ }
},
{
- "@id": "https://spdx.org/rdf/Core/RelationshipType/buildHostOf",
+ "@id": "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/chat",
"@type": [
"owl:NamedIndividual",
- "core:RelationshipType"
- ]
+ "ns1:ExternalRefType"
+ ],
+ "rdfs:label": "chat",
+ "rdfs:comment": {
+ "@value": "A reference to the instant messaging system used by the maintainer for a package.",
+ "@language": "en"
+ }
},
{
- "@id": "https://spdx.org/rdf/Core/RelationshipType/buildInputOf",
+ "@id": "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/componentAnalysisReport",
"@type": [
"owl:NamedIndividual",
- "core:RelationshipType"
- ]
+ "ns1:ExternalRefType"
+ ],
+ "rdfs:label": "componentAnalysisReport",
+ "rdfs:comment": {
+ "@value": "A reference to a Software Composition Analysis (SCA) report.",
+ "@language": "en"
+ }
},
{
- "@id": "https://spdx.org/rdf/Core/RelationshipType/buildInvokedBy",
+ "@id": "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/cwe",
"@type": [
"owl:NamedIndividual",
- "core:RelationshipType"
- ]
+ "ns1:ExternalRefType"
+ ],
+ "rdfs:label": "cwe",
+ "rdfs:comment": {
+ "@value": "[Common Weakness Enumeration](https://csrc.nist.gov/glossary/term/common_weakness_enumeration). A reference to a source of software flaw defined within the official [CWE List](https://cwe.mitre.org/data/) that conforms to the [CWE specification](https://cwe.mitre.org/).",
+ "@language": "en"
+ }
},
{
- "@id": "https://spdx.org/rdf/Core/RelationshipType/buildOnBehalfOf",
+ "@id": "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/documentation",
"@type": [
"owl:NamedIndividual",
- "core:RelationshipType"
- ]
+ "ns1:ExternalRefType"
+ ],
+ "rdfs:label": "documentation",
+ "rdfs:comment": {
+ "@value": "A reference to the documentation for a package.",
+ "@language": "en"
+ }
},
{
- "@id": "https://spdx.org/rdf/Core/RelationshipType/buildOutputOf",
+ "@id": "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/dynamicAnalysisReport",
"@type": [
"owl:NamedIndividual",
- "core:RelationshipType"
- ]
+ "ns1:ExternalRefType"
+ ],
+ "rdfs:label": "dynamicAnalysisReport",
+ "rdfs:comment": {
+ "@value": "A reference to a dynamic analysis report for a package.",
+ "@language": "en"
+ }
},
{
- "@id": "https://spdx.org/rdf/Core/RelationshipType/buildTool",
+ "@id": "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/eolNotice",
"@type": [
"owl:NamedIndividual",
- "core:RelationshipType"
- ]
+ "ns1:ExternalRefType"
+ ],
+ "rdfs:label": "eolNotice",
+ "rdfs:comment": {
+ "@value": "A reference to the End Of Sale (EOS) and/or End Of Life (EOL) information related to a package.",
+ "@language": "en"
+ }
},
{
- "@id": "https://spdx.org/rdf/Core/RelationshipType/contains",
+ "@id": "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/exportControlAssessment",
"@type": [
"owl:NamedIndividual",
- "core:RelationshipType"
- ]
+ "ns1:ExternalRefType"
+ ],
+ "rdfs:label": "exportControlAssessment",
+ "rdfs:comment": {
+ "@value": "A reference to a export control assessment for a package.",
+ "@language": "en"
+ }
},
{
- "@id": "https://spdx.org/rdf/Core/RelationshipType/coordinatedBy",
+ "@id": "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/funding",
"@type": [
"owl:NamedIndividual",
- "core:RelationshipType"
- ]
+ "ns1:ExternalRefType"
+ ],
+ "rdfs:label": "funding",
+ "rdfs:comment": {
+ "@value": "A reference to funding information related to a package.",
+ "@language": "en"
+ }
},
{
- "@id": "https://spdx.org/rdf/Core/RelationshipType/copy",
+ "@id": "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/issueTracker",
"@type": [
"owl:NamedIndividual",
- "core:RelationshipType"
- ]
+ "ns1:ExternalRefType"
+ ],
+ "rdfs:label": "issueTracker",
+ "rdfs:comment": {
+ "@value": "A reference to the issue tracker for a package.",
+ "@language": "en"
+ }
},
{
- "@id": "https://spdx.org/rdf/Core/RelationshipType/dataFile",
+ "@id": "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/license",
"@type": [
"owl:NamedIndividual",
- "core:RelationshipType"
- ]
+ "ns1:ExternalRefType"
+ ],
+ "rdfs:label": "license",
+ "rdfs:comment": {
+ "@value": "A reference to additional license information related to an artifact.",
+ "@language": "en"
+ }
},
{
- "@id": "https://spdx.org/rdf/Core/RelationshipType/dependencyManifest",
+ "@id": "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/mailingList",
"@type": [
"owl:NamedIndividual",
- "core:RelationshipType"
- ]
+ "ns1:ExternalRefType"
+ ],
+ "rdfs:label": "mailingList",
+ "rdfs:comment": {
+ "@value": "A reference to the mailing list used by the maintainer for a package.",
+ "@language": "en"
+ }
},
{
- "@id": "https://spdx.org/rdf/Core/RelationshipType/dependsOn",
+ "@id": "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/mavenCentral",
"@type": [
"owl:NamedIndividual",
- "core:RelationshipType"
- ]
+ "ns1:ExternalRefType"
+ ],
+ "rdfs:label": "mavenCentral",
+ "rdfs:comment": {
+ "@value": "A reference to a Maven repository artifact. The artifact locator format is defined in the [Maven documentation](https://maven.apache.org/guides/mini/guide-naming-conventions.html) and looks like `groupId:artifactId[:version]`.",
+ "@language": "en"
+ }
},
{
- "@id": "https://spdx.org/rdf/Core/RelationshipType/descendant",
+ "@id": "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/metrics",
"@type": [
"owl:NamedIndividual",
- "core:RelationshipType"
- ]
+ "ns1:ExternalRefType"
+ ],
+ "rdfs:label": "metrics",
+ "rdfs:comment": {
+ "@value": "A reference to metrics related to package such as OpenSSF scorecards.",
+ "@language": "en"
+ }
},
{
- "@id": "https://spdx.org/rdf/Core/RelationshipType/describes",
+ "@id": "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/npm",
"@type": [
"owl:NamedIndividual",
- "core:RelationshipType"
- ]
+ "ns1:ExternalRefType"
+ ],
+ "rdfs:label": "npm",
+ "rdfs:comment": {
+ "@value": "A reference to an npm package. The package locator format is defined in the [npm documentation](https://docs.npmjs.com/cli/v10/configuring-npm/package-json) and looks like `package@version`.",
+ "@language": "en"
+ }
},
{
- "@id": "https://spdx.org/rdf/Core/RelationshipType/devDependency",
+ "@id": "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/nuget",
"@type": [
"owl:NamedIndividual",
- "core:RelationshipType"
- ]
+ "ns1:ExternalRefType"
+ ],
+ "rdfs:label": "nuget",
+ "rdfs:comment": {
+ "@value": "A reference to a NuGet package. The package locator format is defined in the [NuGet documentation](https://docs.nuget.org) and looks like `package/version`.",
+ "@language": "en"
+ }
},
{
- "@id": "https://spdx.org/rdf/Core/RelationshipType/devTool",
+ "@id": "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/other",
"@type": [
"owl:NamedIndividual",
- "core:RelationshipType"
- ]
+ "ns1:ExternalRefType"
+ ],
+ "rdfs:label": "other",
+ "rdfs:comment": {
+ "@value": "Used when the type does not match any of the other options.",
+ "@language": "en"
+ }
},
{
- "@id": "https://spdx.org/rdf/Core/RelationshipType/distributionArtifact",
+ "@id": "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/privacyAssessment",
"@type": [
"owl:NamedIndividual",
- "core:RelationshipType"
- ]
+ "ns1:ExternalRefType"
+ ],
+ "rdfs:label": "privacyAssessment",
+ "rdfs:comment": {
+ "@value": "A reference to a privacy assessment for a package.",
+ "@language": "en"
+ }
},
{
- "@id": "https://spdx.org/rdf/Core/RelationshipType/documentation",
+ "@id": "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/productMetadata",
"@type": [
"owl:NamedIndividual",
- "core:RelationshipType"
- ]
+ "ns1:ExternalRefType"
+ ],
+ "rdfs:label": "productMetadata",
+ "rdfs:comment": {
+ "@value": "A reference to additional product metadata such as reference within organization's product catalog.",
+ "@language": "en"
+ }
},
{
- "@id": "https://spdx.org/rdf/Core/RelationshipType/doesNotAffect",
+ "@id": "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/purchaseOrder",
"@type": [
"owl:NamedIndividual",
- "core:RelationshipType"
- ]
+ "ns1:ExternalRefType"
+ ],
+ "rdfs:label": "purchaseOrder",
+ "rdfs:comment": {
+ "@value": "A reference to a purchase order for a package.",
+ "@language": "en"
+ }
},
{
- "@id": "https://spdx.org/rdf/Core/RelationshipType/dynamicLink",
+ "@id": "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/qualityAssessmentReport",
"@type": [
"owl:NamedIndividual",
- "core:RelationshipType"
- ]
+ "ns1:ExternalRefType"
+ ],
+ "rdfs:label": "qualityAssessmentReport",
+ "rdfs:comment": {
+ "@value": "A reference to a quality assessment for a package.",
+ "@language": "en"
+ }
},
{
- "@id": "https://spdx.org/rdf/Core/RelationshipType/example",
+ "@id": "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/releaseHistory",
"@type": [
"owl:NamedIndividual",
- "core:RelationshipType"
- ]
+ "ns1:ExternalRefType"
+ ],
+ "rdfs:label": "releaseHistory",
+ "rdfs:comment": {
+ "@value": "A reference to a published list of releases for a package.",
+ "@language": "en"
+ }
},
{
- "@id": "https://spdx.org/rdf/Core/RelationshipType/expandedFromArchive",
+ "@id": "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/releaseNotes",
"@type": [
"owl:NamedIndividual",
- "core:RelationshipType"
- ]
+ "ns1:ExternalRefType"
+ ],
+ "rdfs:label": "releaseNotes",
+ "rdfs:comment": {
+ "@value": "A reference to the release notes for a package.",
+ "@language": "en"
+ }
},
{
- "@id": "https://spdx.org/rdf/Core/RelationshipType/exploitCreatedBy",
+ "@id": "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/riskAssessment",
"@type": [
"owl:NamedIndividual",
- "core:RelationshipType"
- ]
+ "ns1:ExternalRefType"
+ ],
+ "rdfs:label": "riskAssessment",
+ "rdfs:comment": {
+ "@value": "A reference to a risk assessment for a package.",
+ "@language": "en"
+ }
},
{
- "@id": "https://spdx.org/rdf/Core/RelationshipType/fileAdded",
+ "@id": "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/runtimeAnalysisReport",
"@type": [
"owl:NamedIndividual",
- "core:RelationshipType"
- ]
+ "ns1:ExternalRefType"
+ ],
+ "rdfs:label": "runtimeAnalysisReport",
+ "rdfs:comment": {
+ "@value": "A reference to a runtime analysis report for a package.",
+ "@language": "en"
+ }
},
{
- "@id": "https://spdx.org/rdf/Core/RelationshipType/fileDeleted",
+ "@id": "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/secureSoftwareAttestation",
"@type": [
"owl:NamedIndividual",
- "core:RelationshipType"
- ]
+ "ns1:ExternalRefType"
+ ],
+ "rdfs:label": "secureSoftwareAttestation",
+ "rdfs:comment": {
+ "@value": "A reference to information assuring that the software is developed using security practices as defined by [NIST SP 800-218 Secure Software Development Framework (SSDF) Version 1.1](https://csrc.nist.gov/pubs/sp/800/218/final) or [CISA Secure Software Development Attestation Form](https://www.cisa.gov/resources-tools/resources/secure-software-development-attestation-form).",
+ "@language": "en"
+ }
},
{
- "@id": "https://spdx.org/rdf/Core/RelationshipType/fileModified",
+ "@id": "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/securityAdversaryModel",
"@type": [
"owl:NamedIndividual",
- "core:RelationshipType"
- ]
+ "ns1:ExternalRefType"
+ ],
+ "rdfs:label": "securityAdversaryModel",
+ "rdfs:comment": {
+ "@value": "A reference to the security adversary model for a package.",
+ "@language": "en"
+ }
},
{
- "@id": "https://spdx.org/rdf/Core/RelationshipType/fixedBy",
+ "@id": "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/securityAdvisory",
"@type": [
"owl:NamedIndividual",
- "core:RelationshipType"
- ]
+ "ns1:ExternalRefType"
+ ],
+ "rdfs:label": "securityAdvisory",
+ "rdfs:comment": {
+ "@value": "A reference to a published security advisory (where advisory as defined per [ISO 29147:2018](https://www.iso.org/standard/72311.html)) that may affect one or more elements, e.g., vendor advisories or specific NVD entries.",
+ "@language": "en"
+ }
},
{
- "@id": "https://spdx.org/rdf/Core/RelationshipType/fixedIn",
+ "@id": "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/securityFix",
"@type": [
"owl:NamedIndividual",
- "core:RelationshipType"
- ]
+ "ns1:ExternalRefType"
+ ],
+ "rdfs:label": "securityFix",
+ "rdfs:comment": {
+ "@value": "A reference to the patch or source code that fixes a vulnerability.",
+ "@language": "en"
+ }
},
{
- "@id": "https://spdx.org/rdf/Core/RelationshipType/foundBy",
+ "@id": "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/securityOther",
"@type": [
"owl:NamedIndividual",
- "core:RelationshipType"
- ]
+ "ns1:ExternalRefType"
+ ],
+ "rdfs:label": "securityOther",
+ "rdfs:comment": {
+ "@value": "A reference to related security information of unspecified type.",
+ "@language": "en"
+ }
},
{
- "@id": "https://spdx.org/rdf/Core/RelationshipType/generates",
+ "@id": "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/securityPenTestReport",
"@type": [
"owl:NamedIndividual",
- "core:RelationshipType"
- ]
+ "ns1:ExternalRefType"
+ ],
+ "rdfs:label": "securityPenTestReport",
+ "rdfs:comment": {
+ "@value": "A reference to a [penetration test](https://en.wikipedia.org/wiki/Penetration_test) report for a package.",
+ "@language": "en"
+ }
},
{
- "@id": "https://spdx.org/rdf/Core/RelationshipType/hasAssessmentFor",
+ "@id": "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/securityPolicy",
"@type": [
"owl:NamedIndividual",
- "core:RelationshipType"
- ]
+ "ns1:ExternalRefType"
+ ],
+ "rdfs:label": "securityPolicy",
+ "rdfs:comment": {
+ "@value": "A reference to instructions for reporting newly discovered security vulnerabilities for a package.",
+ "@language": "en"
+ }
},
{
- "@id": "https://spdx.org/rdf/Core/RelationshipType/hasAssociatedVulnerability",
+ "@id": "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/securityThreatModel",
"@type": [
"owl:NamedIndividual",
- "core:RelationshipType"
- ]
+ "ns1:ExternalRefType"
+ ],
+ "rdfs:label": "securityThreatModel",
+ "rdfs:comment": {
+ "@value": "A reference the [security threat model](https://en.wikipedia.org/wiki/Threat_model) for a package.",
+ "@language": "en"
+ }
},
{
- "@id": "https://spdx.org/rdf/Core/RelationshipType/metafile",
+ "@id": "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/socialMedia",
"@type": [
"owl:NamedIndividual",
- "core:RelationshipType"
- ]
+ "ns1:ExternalRefType"
+ ],
+ "rdfs:label": "socialMedia",
+ "rdfs:comment": {
+ "@value": "A reference to a social media channel for a package.",
+ "@language": "en"
+ }
},
{
- "@id": "https://spdx.org/rdf/Core/RelationshipType/optionalComponent",
+ "@id": "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/sourceArtifact",
"@type": [
"owl:NamedIndividual",
- "core:RelationshipType"
- ]
+ "ns1:ExternalRefType"
+ ],
+ "rdfs:label": "sourceArtifact",
+ "rdfs:comment": {
+ "@value": "A reference to an artifact containing the sources for a package.",
+ "@language": "en"
+ }
},
{
- "@id": "https://spdx.org/rdf/Core/RelationshipType/optionalDependency",
+ "@id": "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/staticAnalysisReport",
"@type": [
"owl:NamedIndividual",
- "core:RelationshipType"
- ]
+ "ns1:ExternalRefType"
+ ],
+ "rdfs:label": "staticAnalysisReport",
+ "rdfs:comment": {
+ "@value": "A reference to a static analysis report for a package.",
+ "@language": "en"
+ }
},
{
- "@id": "https://spdx.org/rdf/Core/RelationshipType/other",
+ "@id": "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/support",
"@type": [
"owl:NamedIndividual",
- "core:RelationshipType"
- ]
+ "ns1:ExternalRefType"
+ ],
+ "rdfs:label": "support",
+ "rdfs:comment": {
+ "@value": "A reference to the software support channel or other support information for a package.",
+ "@language": "en"
+ }
},
{
- "@id": "https://spdx.org/rdf/Core/RelationshipType/packages",
+ "@id": "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/vcs",
"@type": [
"owl:NamedIndividual",
- "core:RelationshipType"
- ]
+ "ns1:ExternalRefType"
+ ],
+ "rdfs:label": "vcs",
+ "rdfs:comment": {
+ "@value": "A reference to a version control system related to a software artifact.",
+ "@language": "en"
+ }
},
{
- "@id": "https://spdx.org/rdf/Core/RelationshipType/patch",
+ "@id": "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/vulnerabilityDisclosureReport",
"@type": [
"owl:NamedIndividual",
- "core:RelationshipType"
- ]
+ "ns1:ExternalRefType"
+ ],
+ "rdfs:label": "vulnerabilityDisclosureReport",
+ "rdfs:comment": {
+ "@value": "A reference to a Vulnerability Disclosure Report (VDR) which provides the software supplier's analysis and findings describing the impact (or lack of impact) that reported vulnerabilities have on packages or products in the supplier's SBOM as defined in [NIST SP 800-161 Cybersecurity Supply Chain Risk Management Practices for Systems and Organizations](https://csrc.nist.gov/pubs/sp/800/161/r1/final).",
+ "@language": "en"
+ }
},
{
- "@id": "https://spdx.org/rdf/Core/RelationshipType/prerequisite",
+ "@id": "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/vulnerabilityExploitabilityAssessment",
"@type": [
"owl:NamedIndividual",
- "core:RelationshipType"
- ]
+ "ns1:ExternalRefType"
+ ],
+ "rdfs:label": "vulnerabilityExploitabilityAssessment",
+ "rdfs:comment": {
+ "@value": "A reference to a Vulnerability Exploitability eXchange (VEX) statement which provides information on whether a product is impacted by a specific vulnerability in an included package and, if affected, whether there are actions recommended to remediate. See also [NTIA VEX one-page summary](https://ntia.gov/files/ntia/publications/vex_one-page_summary.pdf).",
+ "@language": "en"
+ }
},
{
- "@id": "https://spdx.org/rdf/Core/RelationshipType/providedDependency",
+ "@id": "https://spdx.org/rdf/3.0.1/terms/Core/LifecycleScopeType/build",
"@type": [
"owl:NamedIndividual",
- "core:RelationshipType"
- ]
+ "ns1:LifecycleScopeType"
+ ],
+ "rdfs:label": "build",
+ "rdfs:comment": {
+ "@value": "A relationship has specific context implications during an element's build phase, during development.",
+ "@language": "en"
+ }
},
{
- "@id": "https://spdx.org/rdf/Core/RelationshipType/publishedBy",
+ "@id": "https://spdx.org/rdf/3.0.1/terms/Core/LifecycleScopeType/design",
"@type": [
"owl:NamedIndividual",
- "core:RelationshipType"
- ]
+ "ns1:LifecycleScopeType"
+ ],
+ "rdfs:label": "design",
+ "rdfs:comment": {
+ "@value": "A relationship has specific context implications during an element's design.",
+ "@language": "en"
+ }
},
{
- "@id": "https://spdx.org/rdf/Core/RelationshipType/reportedBy",
+ "@id": "https://spdx.org/rdf/3.0.1/terms/Core/LifecycleScopeType/development",
"@type": [
"owl:NamedIndividual",
- "core:RelationshipType"
- ]
+ "ns1:LifecycleScopeType"
+ ],
+ "rdfs:label": "development",
+ "rdfs:comment": {
+ "@value": "A relationship has specific context implications during development phase of an element.",
+ "@language": "en"
+ }
},
{
- "@id": "https://spdx.org/rdf/Core/RelationshipType/republishedBy",
+ "@id": "https://spdx.org/rdf/3.0.1/terms/Core/LifecycleScopeType/other",
"@type": [
"owl:NamedIndividual",
- "core:RelationshipType"
- ]
+ "ns1:LifecycleScopeType"
+ ],
+ "rdfs:label": "other",
+ "rdfs:comment": {
+ "@value": "A relationship has other specific context information necessary to capture that the above set of enumerations does not handle.",
+ "@language": "en"
+ }
},
{
- "@id": "https://spdx.org/rdf/Core/RelationshipType/requirementFor",
+ "@id": "https://spdx.org/rdf/3.0.1/terms/Core/LifecycleScopeType/runtime",
"@type": [
"owl:NamedIndividual",
- "core:RelationshipType"
- ]
+ "ns1:LifecycleScopeType"
+ ],
+ "rdfs:label": "runtime",
+ "rdfs:comment": {
+ "@value": "A relationship has specific context implications during the execution phase of an element.",
+ "@language": "en"
+ }
},
{
- "@id": "https://spdx.org/rdf/Core/RelationshipType/runtimeDependency",
+ "@id": "https://spdx.org/rdf/3.0.1/terms/Core/LifecycleScopeType/test",
"@type": [
"owl:NamedIndividual",
- "core:RelationshipType"
- ]
+ "ns1:LifecycleScopeType"
+ ],
+ "rdfs:label": "test",
+ "rdfs:comment": {
+ "@value": "A relationship has specific context implications during an element's testing phase, during development.",
+ "@language": "en"
+ }
},
{
- "@id": "https://spdx.org/rdf/Core/RelationshipType/specificationFor",
+ "@id": "ns1:Organization",
+ "@type": "owl:Class",
+ "rdfs:comment": {
+ "@value": "A group of people who work together in an organized way for a shared purpose.",
+ "@language": "en"
+ },
+ "rdfs:subClassOf": {
+ "@id": "ns1:Agent"
+ },
+ "sh:nodeKind": {
+ "@id": "sh:IRI"
+ }
+ },
+ {
+ "@id": "https://spdx.org/rdf/3.0.1/terms/Core/ProfileIdentifierType/ai",
"@type": [
"owl:NamedIndividual",
- "core:RelationshipType"
- ]
+ "ns1:ProfileIdentifierType"
+ ],
+ "rdfs:label": "ai",
+ "rdfs:comment": {
+ "@value": "the element follows the AI profile specification",
+ "@language": "en"
+ }
},
{
- "@id": "https://spdx.org/rdf/Core/RelationshipType/staticLink",
+ "@id": "https://spdx.org/rdf/3.0.1/terms/Core/ProfileIdentifierType/build",
"@type": [
"owl:NamedIndividual",
- "core:RelationshipType"
- ]
+ "ns1:ProfileIdentifierType"
+ ],
+ "rdfs:label": "build",
+ "rdfs:comment": {
+ "@value": "the element follows the Build profile specification",
+ "@language": "en"
+ }
},
{
- "@id": "https://spdx.org/rdf/Core/RelationshipType/test",
+ "@id": "https://spdx.org/rdf/3.0.1/terms/Core/ProfileIdentifierType/core",
"@type": [
"owl:NamedIndividual",
- "core:RelationshipType"
- ]
+ "ns1:ProfileIdentifierType"
+ ],
+ "rdfs:label": "core",
+ "rdfs:comment": {
+ "@value": "the element follows the Core profile specification",
+ "@language": "en"
+ }
},
{
- "@id": "https://spdx.org/rdf/Core/RelationshipType/testCase",
+ "@id": "https://spdx.org/rdf/3.0.1/terms/Core/ProfileIdentifierType/dataset",
"@type": [
"owl:NamedIndividual",
- "core:RelationshipType"
- ]
+ "ns1:ProfileIdentifierType"
+ ],
+ "rdfs:label": "dataset",
+ "rdfs:comment": {
+ "@value": "the element follows the Dataset profile specification",
+ "@language": "en"
+ }
},
{
- "@id": "https://spdx.org/rdf/Core/RelationshipType/testDependency",
+ "@id": "https://spdx.org/rdf/3.0.1/terms/Core/ProfileIdentifierType/expandedLicensing",
"@type": [
"owl:NamedIndividual",
- "core:RelationshipType"
- ]
+ "ns1:ProfileIdentifierType"
+ ],
+ "rdfs:label": "expandedLicensing",
+ "rdfs:comment": {
+ "@value": "the element follows the expanded Licensing profile specification",
+ "@language": "en"
+ }
},
{
- "@id": "https://spdx.org/rdf/Core/RelationshipType/testTool",
+ "@id": "https://spdx.org/rdf/3.0.1/terms/Core/ProfileIdentifierType/extension",
"@type": [
"owl:NamedIndividual",
- "core:RelationshipType"
- ]
+ "ns1:ProfileIdentifierType"
+ ],
+ "rdfs:label": "extension",
+ "rdfs:comment": {
+ "@value": "the element follows the Extension profile specification",
+ "@language": "en"
+ }
},
{
- "@id": "https://spdx.org/rdf/Core/RelationshipType/underInvestigationFor",
+ "@id": "https://spdx.org/rdf/3.0.1/terms/Core/ProfileIdentifierType/lite",
"@type": [
"owl:NamedIndividual",
- "core:RelationshipType"
- ]
+ "ns1:ProfileIdentifierType"
+ ],
+ "rdfs:label": "lite",
+ "rdfs:comment": {
+ "@value": "the element follows the Lite profile specification",
+ "@language": "en"
+ }
},
{
- "@id": "https://spdx.org/rdf/Core/RelationshipType/variant",
+ "@id": "https://spdx.org/rdf/3.0.1/terms/Core/ProfileIdentifierType/security",
"@type": [
"owl:NamedIndividual",
- "core:RelationshipType"
- ]
+ "ns1:ProfileIdentifierType"
+ ],
+ "rdfs:label": "security",
+ "rdfs:comment": {
+ "@value": "the element follows the Security profile specification",
+ "@language": "en"
+ }
},
{
- "@id": "core:SoftwareAgent",
+ "@id": "https://spdx.org/rdf/3.0.1/terms/Core/ProfileIdentifierType/simpleLicensing",
"@type": [
- "owl:Class",
- "sh:NodeShape"
+ "owl:NamedIndividual",
+ "ns1:ProfileIdentifierType"
],
- "rdfs:comment": "A SoftwareAgent is a software program that is given the authority (similar to a user's authority) to act on a system.",
- "rdfs:subClassOf": {
- "@id": "core:Agent"
- },
- "ns0:term_status": "Stable"
+ "rdfs:label": "simpleLicensing",
+ "rdfs:comment": {
+ "@value": "the element follows the simple Licensing profile specification",
+ "@language": "en"
+ }
},
{
- "@id": "core:SpdxDocument",
+ "@id": "https://spdx.org/rdf/3.0.1/terms/Core/ProfileIdentifierType/software",
"@type": [
- "owl:Class",
- "sh:NodeShape"
+ "owl:NamedIndividual",
+ "ns1:ProfileIdentifierType"
],
- "rdfs:comment": "An SpdxDocument assembles a collection of Elements under a common string, the name of the document.\nCommonly used when representing a unit of transfer of SPDX Elements.\nExternal property restriction on /Core/Element/name: minCount: 1",
- "rdfs:subClassOf": {
- "@id": "core:Bundle"
- },
- "ns0:term_status": "Stable",
- "sh:property": {
- "sh:datatype": {
- "@id": "xsd:string"
- },
- "sh:maxCount": 1,
- "sh:minCount": 1,
- "sh:name": "name",
- "sh:path": {
- "@id": "core:name"
- }
+ "rdfs:label": "software",
+ "rdfs:comment": {
+ "@value": "the element follows the Software profile specification",
+ "@language": "en"
}
},
{
- "@id": "https://spdx.org/rdf/Dataset/ConfidentialityLevelType/Amber",
+ "@id": "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipCompleteness/complete",
"@type": [
"owl:NamedIndividual",
- "dataset:ConfidentialityLevelType"
- ]
+ "ns1:RelationshipCompleteness"
+ ],
+ "rdfs:label": "complete",
+ "rdfs:comment": {
+ "@value": "The relationship is known to be exhaustive.",
+ "@language": "en"
+ }
},
{
- "@id": "https://spdx.org/rdf/Dataset/ConfidentialityLevelType/Clear",
+ "@id": "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipCompleteness/incomplete",
"@type": [
"owl:NamedIndividual",
- "dataset:ConfidentialityLevelType"
- ]
+ "ns1:RelationshipCompleteness"
+ ],
+ "rdfs:label": "incomplete",
+ "rdfs:comment": {
+ "@value": "The relationship is known not to be exhaustive.",
+ "@language": "en"
+ }
},
{
- "@id": "https://spdx.org/rdf/Dataset/ConfidentialityLevelType/Green",
+ "@id": "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipCompleteness/noAssertion",
"@type": [
"owl:NamedIndividual",
- "dataset:ConfidentialityLevelType"
- ]
+ "ns1:RelationshipCompleteness"
+ ],
+ "rdfs:label": "noAssertion",
+ "rdfs:comment": {
+ "@value": "No assertion can be made about the completeness of the relationship.",
+ "@language": "en"
+ }
},
{
- "@id": "https://spdx.org/rdf/Dataset/ConfidentialityLevelType/Red",
+ "@id": "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/affects",
"@type": [
"owl:NamedIndividual",
- "dataset:ConfidentialityLevelType"
- ]
+ "ns1:RelationshipType"
+ ],
+ "rdfs:label": "affects",
+ "rdfs:comment": {
+ "@value": "The `from` Vulnerability affects each `to` Element. The use of the `affects` type is constrained to `VexAffectedVulnAssessmentRelationship` classed relationships.",
+ "@language": "en"
+ }
},
{
- "@id": "dataset:Dataset",
+ "@id": "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/amendedBy",
"@type": [
- "owl:Class",
- "sh:NodeShape"
+ "owl:NamedIndividual",
+ "ns1:RelationshipType"
],
- "rdfs:comment": "Metadata information that can be added to a dataset that may be used in a software or to train/test an AI package.\nExternal property restriction on /Core/Artifact/originatedBy: minCount: 1\nExternal property restriction on /Software/Package/downloadLocation: minCount: 1\nExternal property restriction on /Software/SoftwareArtifact/purpose: minCount: 1\nExternal property restriction on /Core/Artifact/releaseTime: minCount: 1\nExternal property restriction on /Core/Artifact/builtTime: minCount: 1",
- "rdfs:subClassOf": {
- "@id": "software:Package"
- },
- "ns0:term_status": "Stable",
- "sh:property": [
- {
- "sh:class": {
- "@id": "dataset:DatasetAvailabilityType"
- },
- "sh:maxCount": 1,
- "sh:name": "datasetAvailability",
- "sh:path": {
- "@id": "dataset:datasetAvailability"
- }
- },
- {
- "sh:class": {
- "@id": "dataset:ConfidentialityLevelType"
- },
- "sh:maxCount": 1,
- "sh:name": "confidentialityLevel",
- "sh:path": {
- "@id": "dataset:confidentialityLevel"
- }
- },
- {
- "sh:datatype": {
- "@id": "xsd:string"
- },
- "sh:maxCount": 1,
- "sh:name": "dataCollectionProcess",
- "sh:path": {
- "@id": "dataset:dataCollectionProcess"
- }
- },
- {
- "sh:datatype": {
- "@id": "xsd:string"
- },
- "sh:maxCount": 1,
- "sh:name": "datasetUpdateMechanism",
- "sh:path": {
- "@id": "dataset:datasetUpdateMechanism"
- }
- },
- {
- "sh:datatype": {
- "@id": "xsd:string"
- },
- "sh:name": "knownBias",
- "sh:path": {
- "@id": "dataset:knownBias"
- }
- },
- {
- "sh:datatype": {
- "@id": "xsd:nonNegativeInteger"
- },
- "sh:maxCount": 1,
- "sh:name": "datasetSize",
- "sh:path": {
- "@id": "dataset:datasetSize"
- }
- },
- {
- "sh:datatype": {
- "@id": "xsd:string"
- },
- "sh:maxCount": 1,
- "sh:name": "intendedUse",
- "sh:path": {
- "@id": "dataset:intendedUse"
- }
- },
- {
- "sh:datatype": {
- "@id": "dataset:PresenceType"
- },
- "sh:maxCount": 1,
- "sh:name": "sensitivePersonalInformation",
- "sh:path": {
- "@id": "dataset:sensitivePersonalInformation"
- }
- },
- {
- "sh:datatype": {
- "@id": "xsd:string"
- },
- "sh:name": "dataPreprocessing",
- "sh:path": {
- "@id": "dataset:dataPreprocessing"
- }
- },
- {
- "sh:datatype": {
- "@id": "xsd:string"
- },
- "sh:maxCount": 1,
- "sh:name": "datasetNoise",
- "sh:path": {
- "@id": "dataset:datasetNoise"
- }
- },
- {
- "sh:class": {
- "@id": "core:DictionaryEntry"
- },
- "sh:name": "sensor",
- "sh:path": {
- "@id": "dataset:sensor"
- }
- },
- {
- "sh:datatype": {
- "@id": "xsd:string"
- },
- "sh:maxCount": 1,
- "sh:minCount": 1,
- "sh:name": "datasetType",
- "sh:path": {
- "@id": "dataset:datasetType"
- }
- },
- {
- "sh:datatype": {
- "@id": "xsd:string"
- },
- "sh:name": "anonymizationMethodUsed",
- "sh:path": {
- "@id": "dataset:anonymizationMethodUsed"
- }
- }
- ]
+ "rdfs:label": "amendedBy",
+ "rdfs:comment": {
+ "@value": "The `from` Element is amended by each `to` Element.",
+ "@language": "en"
+ }
},
{
- "@id": "https://spdx.org/rdf/Dataset/DatasetAvailabilityType/Clickthrough",
+ "@id": "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/ancestorOf",
"@type": [
"owl:NamedIndividual",
- "dataset:DatasetAvailabilityType"
- ]
+ "ns1:RelationshipType"
+ ],
+ "rdfs:label": "ancestorOf",
+ "rdfs:comment": {
+ "@value": "The `from` Element is an ancestor of each `to` Element.",
+ "@language": "en"
+ }
},
{
- "@id": "https://spdx.org/rdf/Dataset/DatasetAvailabilityType/Direct-Download",
+ "@id": "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/availableFrom",
"@type": [
"owl:NamedIndividual",
- "dataset:DatasetAvailabilityType"
- ]
+ "ns1:RelationshipType"
+ ],
+ "rdfs:label": "availableFrom",
+ "rdfs:comment": {
+ "@value": "The `from` Element is available from the additional supplier described by each `to` Element.",
+ "@language": "en"
+ }
},
{
- "@id": "https://spdx.org/rdf/Dataset/DatasetAvailabilityType/Query",
+ "@id": "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/configures",
"@type": [
"owl:NamedIndividual",
- "dataset:DatasetAvailabilityType"
- ]
+ "ns1:RelationshipType"
+ ],
+ "rdfs:label": "configures",
+ "rdfs:comment": {
+ "@value": "The `from` Element is a configuration applied to each `to` Element, during a LifecycleScopeType period.",
+ "@language": "en"
+ }
},
{
- "@id": "https://spdx.org/rdf/Dataset/DatasetAvailabilityType/Registration",
+ "@id": "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/contains",
"@type": [
"owl:NamedIndividual",
- "dataset:DatasetAvailabilityType"
- ]
+ "ns1:RelationshipType"
+ ],
+ "rdfs:label": "contains",
+ "rdfs:comment": {
+ "@value": "The `from` Element contains each `to` Element.",
+ "@language": "en"
+ }
},
{
- "@id": "https://spdx.org/rdf/Dataset/DatasetAvailabilityType/Scraping-Script",
+ "@id": "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/coordinatedBy",
"@type": [
"owl:NamedIndividual",
- "dataset:DatasetAvailabilityType"
- ]
+ "ns1:RelationshipType"
+ ],
+ "rdfs:label": "coordinatedBy",
+ "rdfs:comment": {
+ "@value": "The `from` Vulnerability is coordinatedBy the `to` Agent(s) (vendor, researcher, or consumer agent).",
+ "@language": "en"
+ }
},
{
- "@id": "licensing:ConjunctiveLicenseSet",
+ "@id": "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/copiedTo",
"@type": [
- "owl:Class",
- "sh:NodeShape"
+ "owl:NamedIndividual",
+ "ns1:RelationshipType"
],
- "rdfs:comment": "A ConjunctiveLicenseSet indicates that _each_ of its subsidiary\nAnyLicenseInfos apply. In other words, a ConjunctiveLicenseSet of two or\nmore licenses represents a licensing situation where _all_ of the specified\nlicenses are to be complied with. It is represented in the SPDX License\nExpression Syntax by the `AND` operator.\n\nIt is syntactically correct to specify a ConjunctiveLicenseSet where the\nsubsidiary AnyLicenseInfos may be \"incompatible\" according to a particular\ninterpretation of the corresponding Licenses. The SPDX License Expression\nSyntax does not take into account interpretation of license texts, which is\nleft to the consumer of SPDX data to determine for themselves.",
- "rdfs:subClassOf": {
- "@id": "licensing:AnyLicenseInfo"
- },
- "ns0:term_status": "Stable",
- "sh:property": {
- "sh:class": {
- "@id": "licensing:AnyLicenseInfo"
- },
- "sh:minCount": 2,
- "sh:name": "member",
- "sh:path": {
- "@id": "licensing:member"
- }
+ "rdfs:label": "copiedTo",
+ "rdfs:comment": {
+ "@value": "The `from` Element has been copied to each `to` Element.",
+ "@language": "en"
}
},
{
- "@id": "licensing:CustomLicense",
+ "@id": "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/delegatedTo",
"@type": [
- "owl:Class",
- "sh:NodeShape"
+ "owl:NamedIndividual",
+ "ns1:RelationshipType"
],
- "rdfs:comment": "A CustomLicense represents a License that is not listed on the SPDX License\nList at https://spdx.org/licenses, and is therefore defined by an SPDX data\ncreator.",
- "rdfs:subClassOf": {
- "@id": "licensing:License"
- },
- "ns0:term_status": "Stable"
+ "rdfs:label": "delegatedTo",
+ "rdfs:comment": {
+ "@value": "The `from` Agent is delegating an action to the Agent of the `to` Relationship (which must be of type invokedBy), during a LifecycleScopeType (e.g. the `to` invokedBy Relationship is being done on behalf of `from`).",
+ "@language": "en"
+ }
},
{
- "@id": "licensing:CustomLicenseAddition",
+ "@id": "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/dependsOn",
"@type": [
- "owl:Class",
- "sh:NodeShape"
+ "owl:NamedIndividual",
+ "ns1:RelationshipType"
],
- "rdfs:comment": "A CustomLicenseAddition represents an addition to a License that is not listed\non the SPDX Exceptions List at https://spdx.org/licenses/exceptions-index.html,\nand is therefore defined by an SPDX data creator.\n\nIt is intended to represent additional language which is meant to be added to\na License, but which is not itself a standalone License.",
- "rdfs:subClassOf": {
- "@id": "licensing:LicenseAddition"
- },
- "ns0:term_status": "Stable"
+ "rdfs:label": "dependsOn",
+ "rdfs:comment": {
+ "@value": "The `from` Element depends on each `to` Element, during a LifecycleScopeType period.",
+ "@language": "en"
+ }
},
{
- "@id": "licensing:DisjunctiveLicenseSet",
+ "@id": "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/descendantOf",
"@type": [
- "owl:Class",
- "sh:NodeShape"
+ "owl:NamedIndividual",
+ "ns1:RelationshipType"
],
- "rdfs:comment": "A DisjunctiveLicenseSet indicates that _only one_ of its subsidiary\nAnyLicenseInfos is required to apply. In other words, a\nDisjunctiveLicenseSet of two or more licenses represents a licensing\nsituation where _only one_ of the specified licenses are to be complied with.\nA consumer of SPDX data would typically understand this to permit the recipient\nof the licensed content to choose which of the corresponding license they\nwould prefer to use. It is represented in the SPDX License Expression Syntax\nby the `OR` operator.",
- "rdfs:subClassOf": {
- "@id": "licensing:AnyLicenseInfo"
- },
- "ns0:term_status": "Stable",
- "sh:property": {
- "sh:class": {
- "@id": "licensing:AnyLicenseInfo"
- },
- "sh:minCount": 2,
- "sh:name": "member",
- "sh:path": {
- "@id": "licensing:member"
- }
+ "rdfs:label": "descendantOf",
+ "rdfs:comment": {
+ "@value": "The `from` Element is a descendant of each `to` Element.",
+ "@language": "en"
}
},
{
- "@id": "licensing:ListedLicense",
+ "@id": "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/describes",
"@type": [
- "owl:Class",
- "sh:NodeShape"
+ "owl:NamedIndividual",
+ "ns1:RelationshipType"
],
- "rdfs:comment": "A ListedLicense represents a License that is listed on the SPDX License List\nat https://spdx.org/licenses.",
- "rdfs:subClassOf": {
- "@id": "licensing:License"
- },
- "ns0:term_status": "Stable",
- "sh:property": [
- {
- "sh:datatype": {
- "@id": "xsd:string"
- },
- "sh:maxCount": 1,
- "sh:name": "deprecatedVersion",
- "sh:path": {
- "@id": "licensing:deprecatedVersion"
- }
- },
- {
- "sh:datatype": {
- "@id": "xsd:string"
- },
- "sh:maxCount": 1,
- "sh:name": "listVersionAdded",
- "sh:path": {
- "@id": "licensing:listVersionAdded"
- }
- }
- ]
+ "rdfs:label": "describes",
+ "rdfs:comment": {
+ "@value": "The `from` Element describes each `to` Element. To denote the root(s) of a tree of elements in a collection, the rootElement property should be used.",
+ "@language": "en"
+ }
},
{
- "@id": "licensing:ListedLicenseException",
+ "@id": "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/doesNotAffect",
"@type": [
- "owl:Class",
- "sh:NodeShape"
+ "owl:NamedIndividual",
+ "ns1:RelationshipType"
],
- "rdfs:comment": "A ListedLicenseException represents an exception to a License (in other words,\nan exception to a license condition or an additional permission beyond those\ngranted in a License) which is listed on the SPDX Exceptions List at\nhttps://spdx.org/licenses/exceptions-index.html.",
- "rdfs:subClassOf": {
- "@id": "licensing:LicenseAddition"
- },
- "ns0:term_status": "Stable",
- "sh:property": [
- {
- "sh:datatype": {
- "@id": "xsd:string"
- },
- "sh:maxCount": 1,
- "sh:name": "deprecatedVersion",
- "sh:path": {
- "@id": "licensing:deprecatedVersion"
- }
- },
- {
- "sh:datatype": {
- "@id": "xsd:string"
- },
- "sh:maxCount": 1,
- "sh:name": "listVersionAdded",
- "sh:path": {
- "@id": "licensing:listVersionAdded"
- }
- }
- ]
+ "rdfs:label": "doesNotAffect",
+ "rdfs:comment": {
+ "@value": "The `from` Vulnerability has no impact on each `to` Element. The use of the `doesNotAffect` is constrained to `VexNotAffectedVulnAssessmentRelationship` classed relationships.",
+ "@language": "en"
+ }
},
{
- "@id": "licensing:NoAssertionLicense",
+ "@id": "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/expandsTo",
"@type": [
- "owl:Class",
- "sh:NodeShape"
+ "owl:NamedIndividual",
+ "ns1:RelationshipType"
],
- "rdfs:comment": "A NoAssertionLicense is the primary value that is used by a concludedLicense\nor declaredLicense field that indicates that the SPDX data creator is making\nno assertion about the license information for the corresponding software\nPackage, File or Snippet.\n\nThe specific meaning of NoAssertionLicense in the context of a\nconcludedLicense or declaredLicense field is more fully set forth in the\nProperty definitions for those fields.",
- "rdfs:subClassOf": {
- "@id": "licensing:LicenseField"
- },
- "ns0:term_status": "Stable"
+ "rdfs:label": "expandsTo",
+ "rdfs:comment": {
+ "@value": "The `from` archive expands out as an artifact described by each `to` Element.",
+ "@language": "en"
+ }
},
{
- "@id": "licensing:NoneLicense",
+ "@id": "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/exploitCreatedBy",
"@type": [
- "owl:Class",
- "sh:NodeShape"
+ "owl:NamedIndividual",
+ "ns1:RelationshipType"
],
- "rdfs:comment": "A NoneLicense is the primary value that is used by a concludedLicense or\ndeclaredLicense field that indicates the absence of license information from\nthe corresponding software Package, File or Snippet.\n\nThe specific meaning of NoneLicense in the context of a concludedLicense or\ndeclaredLicense field is more fully set forth in the Property definitions for\nthose fields.",
- "rdfs:subClassOf": {
- "@id": "licensing:LicenseField"
- },
- "ns0:term_status": "Stable"
+ "rdfs:label": "exploitCreatedBy",
+ "rdfs:comment": {
+ "@value": "The `from` Vulnerability has had an exploit created against it by each `to` Agent.",
+ "@language": "en"
+ }
},
{
- "@id": "licensing:OrLaterOperator",
+ "@id": "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/fixedBy",
"@type": [
- "owl:Class",
- "sh:NodeShape"
+ "owl:NamedIndividual",
+ "ns1:RelationshipType"
],
- "rdfs:comment": "An OrLaterOperator indicates that this portion of the AnyLicenseInfo\nrepresents either (1) the specified version of the corresponding License, or\n(2) any later version of that License. It is represented in the SPDX License\nExpression Syntax by the `+` operator.\n\nIt is context-dependent, and unspecified by SPDX, as to what constitutes a\n\"later version\" of any particular License. Some Licenses may not be versioned,\nor may not have clearly-defined ordering for versions. The consumer of SPDX\ndata will need to determine for themselves what meaning to attribute to a\n\"later version\" operator for a particular License.",
- "rdfs:subClassOf": {
- "@id": "licensing:AnyLicenseInfo"
- },
- "ns0:term_status": "Stable",
- "sh:property": {
- "sh:class": {
- "@id": "licensing:License"
- },
- "sh:maxCount": 1,
- "sh:minCount": 1,
- "sh:name": "subjectLicense",
- "sh:path": {
- "@id": "licensing:subjectLicense"
- }
+ "rdfs:label": "fixedBy",
+ "rdfs:comment": {
+ "@value": "Designates a `from` Vulnerability has been fixed by the `to` Agent(s).",
+ "@language": "en"
}
},
{
- "@id": "licensing:WithAdditionOperator",
+ "@id": "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/fixedIn",
"@type": [
- "owl:Class",
- "sh:NodeShape"
+ "owl:NamedIndividual",
+ "ns1:RelationshipType"
],
- "rdfs:comment": "A WithAdditionOperator indicates that the designated License is subject to the\ndesignated LicenseAddition, which might be a license exception on the SPDX\nExceptions List (ListedLicenseException) or may be other additional text\n(CustomLicenseAddition). It is represented in the SPDX License Expression\nSyntax by the `WITH` operator.",
- "rdfs:subClassOf": {
- "@id": "licensing:AnyLicenseInfo"
- },
- "ns0:term_status": "Stable",
- "sh:property": [
- {
- "sh:class": {
- "@id": "licensing:License"
- },
- "sh:maxCount": 1,
- "sh:minCount": 1,
- "sh:name": "subjectLicense",
- "sh:path": {
- "@id": "licensing:subjectLicense"
- }
- },
- {
- "sh:class": {
- "@id": "licensing:LicenseAddition"
- },
- "sh:maxCount": 1,
- "sh:minCount": 1,
- "sh:name": "subjectAddition",
- "sh:path": {
- "@id": "licensing:subjectAddition"
- }
- }
- ]
+ "rdfs:label": "fixedIn",
+ "rdfs:comment": {
+ "@value": "A `from` Vulnerability has been fixed in each `to` Element. The use of the `fixedIn` type is constrained to `VexFixedVulnAssessmentRelationship` classed relationships.",
+ "@language": "en"
+ }
},
{
- "@id": "security:CvssV2VulnAssessmentRelationship",
+ "@id": "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/foundBy",
"@type": [
- "owl:Class",
- "sh:NodeShape"
+ "owl:NamedIndividual",
+ "ns1:RelationshipType"
],
- "rdfs:comment": "A CvssV2VulnAssessmentRelationship relationship describes the determined score and vector of a vulnerability using version 2.0 of the Common Vulnerability Scoring System\n(CVSS) as defined on [https://www.first.org/cvss/v2/guide](https://www.first.org/cvss/v2/guide). It is intented to communicate the results of using a CVSS calculator.\n\n**Constraints**\n\n- The value of severity must be one of 'low', 'medium' or 'high'\n- The relationship type must be set to hasAssessmentFor.\n\n**Syntax**\n\n```json\n{\n \"@type\": \"CvssV2VulnAssessmentRelationship\",\n \"@id\": \"urn:spdx.dev:cvssv2-cve-2020-28498\",\n \"relationshipType\": \"hasAssessmentFor\",\n \"score\": 4.3,\n \"vector\": \"(AV:N/AC:M/Au:N/C:P/I:N/A:N)\",\n \"severity\": \"low\",\n \"from\": \"urn:spdx.dev:vuln-cve-2020-28498\",\n \"to\": [\"urn:product-acme-application-1.3\"],\n \"assessedElement\": \"urn:npm-elliptic-6.5.2\",\n \"externalReferences\": [\n {\n \"@type\": \"ExternalReference\",\n \"externalReferenceType\": \"securityAdvisory\",\n \"locator\": \"https://nvd.nist.gov/vuln/detail/CVE-2020-28498\"\n },\n {\n \"@type\": \"ExternalReference\",\n \"externalReferenceType\": \"securityAdvisory\",\n \"locator\": \"https://snyk.io/vuln/SNYK-JS-ELLIPTIC-1064899\"\n },\n {\n \"@type\": \"ExternalReference\",\n \"externalReferenceType\": \"securityFix\",\n \"locator\": \"https://github.com/indutny/elliptic/commit/441b742\"\n }\n ],\n \"suppliedBy\": [\"urn:spdx.dev:agent-my-security-vendor\"],\n \"publishedTime\": \"2023-05-06T10:06:13Z\"\n},\n{\n \"@type\": \"Relationship\",\n \"@id\": \"urn:spdx.dev:vulnAgentRel-1\", \n \"relationshipType\": \"publishedBy\", \n \"from\": \"urn:spdx.dev:cvssv2-cve-2020-28498\",\n \"to\": [\"urn:spdx.dev:agent-snyk\"],\n \"startTime\": \"2021-03-08T16:06:50Z\"\n}\n```",
- "rdfs:subClassOf": {
- "@id": "security:VulnAssessmentRelationship"
- },
- "ns0:term_status": "Stable",
- "sh:property": [
- {
- "sh:datatype": {
- "@id": "xsd:decimal"
- },
- "sh:maxCount": 1,
- "sh:minCount": 1,
- "sh:name": "score",
- "sh:path": {
- "@id": "security:score"
- }
- },
- {
- "sh:datatype": {
- "@id": "xsd:string"
- },
- "sh:maxCount": 1,
- "sh:name": "severity",
- "sh:path": {
- "@id": "security:severity"
- }
- },
- {
- "sh:datatype": {
- "@id": "xsd:string"
- },
- "sh:maxCount": 1,
- "sh:name": "vector",
- "sh:path": {
- "@id": "security:vector"
- }
- }
- ]
+ "rdfs:label": "foundBy",
+ "rdfs:comment": {
+ "@value": "Designates a `from` Vulnerability was originally discovered by the `to` Agent(s).",
+ "@language": "en"
+ }
},
{
- "@id": "security:CvssV3VulnAssessmentRelationship",
+ "@id": "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/generates",
"@type": [
- "owl:Class",
- "sh:NodeShape"
+ "owl:NamedIndividual",
+ "ns1:RelationshipType"
],
- "rdfs:comment": "A CvssV3VulnAssessmentRelationship relationship describes the determined score,\nseverity, and vector of a vulnerability using version 3.1 of the Common\nVulnerability Scoring System (CVSS) as defined on \n[https://www.first.org/cvss/v3.1/specification-document](https://www.first.org/cvss/v3.1/specification-document). It is intented to communicate the results of using a CVSS calculator.\n\n**Constraints**\n\n- The value of severity must be one of 'none', 'low', 'medium', 'high' or 'critical'.\n- Absence of the property shall be interpreted as 'none'.\n- The relationship type must be set to hasAssessmentFor.\n\n**Syntax**\n\n```json\n{\n \"@type\": \"CvssV3VulnAssessmentRelationship\",\n \"@id\": \"urn:spdx.dev:cvssv3-cve-2020-28498\",\n \"relationshipType\": \"hasAssessmentFor\",\n \"severity\": \"medium\",\n \"score\": 6.8,\n \"vector\": \"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N\",\n \"from\": \"urn:spdx.dev:vuln-cve-2020-28498\",\n \"to\": [\"urn:product-acme-application-1.3\"],\n \"assessedElement\": \"urn:npm-elliptic-6.5.2\",\n \"externalReferences\": [\n {\n \"@type\": \"ExternalReference\",\n \"externalReferenceType\": \"securityAdvisory\",\n \"locator\": \"https://nvd.nist.gov/vuln/detail/CVE-2020-28498\"\n },\n {\n \"@type\": \"ExternalReference\",\n \"externalReferenceType\": \"securityAdvisory\",\n \"locator\": \"https://snyk.io/vuln/SNYK-JS-ELLIPTIC-1064899\"\n },\n {\n \"@type\": \"ExternalReference\",\n \"externalReferenceType\": \"securityFix\",\n \"locator\": \"https://github.com/indutny/elliptic/commit/441b742\"\n }\n ],\n \"suppliedBy\": [\"urn:spdx.dev:agent-my-security-vendor\"],\n \"publishedTime\": \"2023-05-06T10:06:13Z\"\n},\n{\n \"@type\": \"Relationship\",\n \"@id\": \"urn:spdx.dev:vulnAgentRel-1\",\n \"relationshipType\": \"publishedBy\",\n \"from\": \"urn:spdx.dev:cvssv3-cve-2020-28498\",\n \"to\": \"urn:spdx.dev:agent-snyk\",\n \"startTime\": \"2021-03-08T16:06:50Z\"\n}\n```",
- "rdfs:subClassOf": {
- "@id": "security:VulnAssessmentRelationship"
- },
- "ns0:term_status": "Stable",
- "sh:property": [
- {
- "sh:datatype": {
- "@id": "xsd:decimal"
- },
- "sh:maxCount": 1,
- "sh:minCount": 1,
- "sh:name": "score",
- "sh:path": {
- "@id": "security:score"
- }
- },
- {
- "sh:datatype": {
- "@id": "xsd:string"
- },
- "sh:maxCount": 1,
- "sh:name": "vector",
- "sh:path": {
- "@id": "security:vector"
- }
- },
- {
- "sh:datatype": {
- "@id": "xsd:string"
- },
- "sh:maxCount": 1,
- "sh:name": "severity",
- "sh:path": {
- "@id": "security:severity"
- }
- }
- ]
+ "rdfs:label": "generates",
+ "rdfs:comment": {
+ "@value": "The `from` Element generates each `to` Element.",
+ "@language": "en"
+ }
},
{
- "@id": "security:EpssVulnAssessmentRelationship",
+ "@id": "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/hasAddedFile",
"@type": [
- "owl:Class",
- "sh:NodeShape"
+ "owl:NamedIndividual",
+ "ns1:RelationshipType"
],
- "rdfs:comment": "An EpssVulnAssessmentRelationship relationship describes the likelihood or\nprobability that a vulnerability will be exploited in the wild using the Exploit\nPrediction Scoring System (EPSS) as defined on \n[https://www.first.org/epss/model](https://www.first.org/epss/model).\n\n**Constraints**\n\n- The relationship type must be set to hasAssessmentFor.\n\n**Syntax**\n\n```json\n{\n \"@type\": \"EpssVulnAssessmentRelationship\",\n \"@id\": \"urn:spdx.dev:epss-1\",\n \"relationshipType\": \"hasAssessmentFor\",\n \"probability\": 80,\n \"from\": \"urn:spdx.dev:vuln-cve-2020-28498\",\n \"to\": [\"urn:product-acme-application-1.3\"],\n \"suppliedBy\": [\"urn:spdx.dev:agent-jane-doe\"],\n \"publishedTime\": \"2021-03-09T11:04:53Z\"\n}\n```",
- "rdfs:subClassOf": {
- "@id": "security:VulnAssessmentRelationship"
- },
- "ns0:term_status": "Stable",
- "sh:property": [
- {
- "sh:datatype": {
- "@id": "xsd:nonNegativeInteger"
- },
- "sh:maxCount": 1,
- "sh:minCount": 1,
- "sh:name": "probability",
- "sh:path": {
- "@id": "security:probability"
- }
- },
- {
- "sh:datatype": {
- "@id": "xsd:string"
- },
- "sh:maxCount": 1,
- "sh:name": "severity",
- "sh:path": {
- "@id": "security:severity"
- }
- }
- ]
+ "rdfs:label": "hasAddedFile",
+ "rdfs:comment": {
+ "@value": "Every `to` Element is a file added to the `from` Element (`from` hasAddedFile `to`).",
+ "@language": "en"
+ }
},
{
- "@id": "https://spdx.org/rdf/Security/ExploitCatalogType/kev",
+ "@id": "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/hasAssessmentFor",
"@type": [
"owl:NamedIndividual",
- "security:ExploitCatalogType"
- ]
+ "ns1:RelationshipType"
+ ],
+ "rdfs:label": "hasAssessmentFor",
+ "rdfs:comment": {
+ "@value": "Relates a `from` Vulnerability and each `to` Element with a security assessment. To be used with `VulnAssessmentRelationship` types.",
+ "@language": "en"
+ }
},
{
- "@id": "https://spdx.org/rdf/Security/ExploitCatalogType/other",
+ "@id": "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/hasAssociatedVulnerability",
"@type": [
"owl:NamedIndividual",
- "security:ExploitCatalogType"
- ]
+ "ns1:RelationshipType"
+ ],
+ "rdfs:label": "hasAssociatedVulnerability",
+ "rdfs:comment": {
+ "@value": "Used to associate a `from` Artifact with each `to` Vulnerability.",
+ "@language": "en"
+ }
},
{
- "@id": "security:ExploitCatalogVulnAssessmentRelationship",
+ "@id": "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/hasConcludedLicense",
"@type": [
- "owl:Class",
- "sh:NodeShape"
+ "owl:NamedIndividual",
+ "ns1:RelationshipType"
],
- "rdfs:comment": "An ExploitCatalogVulnAssessmentRelationship describes if a vulnerability is\nlisted in any exploit catalog such as the CISA Known Exploited Vulnerabilities\nCatalog (KEV) \n[https://www.cisa.gov/known-exploited-vulnerabilities-catalog](https://www.cisa.gov/known-exploited-vulnerabilities-catalog).\n\n**Constraints**\n\n- The relationship type must be set to hasAssessmentFor.\n\n**Syntax**\n\n```json\n{\n \"@type\": \"ExploitCatalogVulnAssessmentRelationship\",\n \"@id\": \"urn:spdx.dev:exploit-catalog-1\",\n \"relationshipType\": \"hasAssessmentFor\",\n \"catalogType\": \"kev\",\n \"locator\": \"https://www.cisa.gov/known-exploited-vulnerabilities-catalog\",\n \"exploited\": \"true\",\n \"from\": \"urn:spdx.dev:vuln-cve-2023-2136\",\n \"to\": [\"urn:product-google-chrome-112.0.5615.136\"],\n \"suppliedBy\": [\"urn:spdx.dev:agent-jane-doe\"],\n \"publishedTime\": \"2021-03-09T11:04:53Z\"\n}\n```",
- "rdfs:subClassOf": {
- "@id": "security:VulnAssessmentRelationship"
- },
- "ns0:term_status": "Stable",
- "sh:property": [
- {
- "sh:datatype": {
- "@id": "xsd:anyURI"
- },
- "sh:maxCount": 1,
- "sh:minCount": 1,
- "sh:name": "locator",
- "sh:path": {
- "@id": "security:locator"
- }
- },
- {
- "sh:class": {
- "@id": "security:ExploitCatalogType"
- },
- "sh:maxCount": 1,
- "sh:minCount": 1,
- "sh:name": "catalogType",
- "sh:path": {
- "@id": "security:catalogType"
- }
- },
- {
- "sh:datatype": {
- "@id": "xsd:boolean"
- },
- "sh:maxCount": 1,
- "sh:minCount": 1,
- "sh:name": "exploited",
- "sh:path": {
- "@id": "security:exploited"
- }
- }
- ]
+ "rdfs:label": "hasConcludedLicense",
+ "rdfs:comment": {
+ "@value": "The `from` SoftwareArtifact is concluded by the SPDX data creator to be governed by each `to` license.",
+ "@language": "en"
+ }
},
{
- "@id": "https://spdx.org/rdf/Security/SsvcDecisionType/act",
+ "@id": "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/hasDataFile",
"@type": [
"owl:NamedIndividual",
- "security:SsvcDecisionType"
- ]
+ "ns1:RelationshipType"
+ ],
+ "rdfs:label": "hasDataFile",
+ "rdfs:comment": {
+ "@value": "The `from` Element treats each `to` Element as a data file. A data file is an artifact that stores data required or optional for the `from` Element's functionality. A data file can be a database file, an index file, a log file, an AI model file, a calibration data file, a temporary file, a backup file, and more. For AI training dataset, test dataset, test artifact, configuration data, build input data, and build output data, please consider using the more specific relationship types: `trainedOn`, `testedOn`, `hasTest`, `configures`, `hasInput`, and `hasOutput`, respectively. This relationship does not imply dependency.",
+ "@language": "en"
+ }
},
{
- "@id": "https://spdx.org/rdf/Security/SsvcDecisionType/attend",
+ "@id": "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/hasDeclaredLicense",
"@type": [
"owl:NamedIndividual",
- "security:SsvcDecisionType"
- ]
+ "ns1:RelationshipType"
+ ],
+ "rdfs:label": "hasDeclaredLicense",
+ "rdfs:comment": {
+ "@value": "The `from` SoftwareArtifact was discovered to actually contain each `to` license, for example as detected by use of automated tooling.",
+ "@language": "en"
+ }
},
{
- "@id": "https://spdx.org/rdf/Security/SsvcDecisionType/track",
+ "@id": "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/hasDeletedFile",
"@type": [
"owl:NamedIndividual",
- "security:SsvcDecisionType"
- ]
+ "ns1:RelationshipType"
+ ],
+ "rdfs:label": "hasDeletedFile",
+ "rdfs:comment": {
+ "@value": "Every `to` Element is a file deleted from the `from` Element (`from` hasDeletedFile `to`).",
+ "@language": "en"
+ }
},
{
- "@id": "https://spdx.org/rdf/Security/SsvcDecisionType/trackStar",
+ "@id": "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/hasDependencyManifest",
"@type": [
"owl:NamedIndividual",
- "security:SsvcDecisionType"
- ]
+ "ns1:RelationshipType"
+ ],
+ "rdfs:label": "hasDependencyManifest",
+ "rdfs:comment": {
+ "@value": "The `from` Element has manifest files that contain dependency information in each `to` Element.",
+ "@language": "en"
+ }
},
{
- "@id": "security:SsvcVulnAssessmentRelationship",
+ "@id": "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/hasDistributionArtifact",
"@type": [
- "owl:Class",
- "sh:NodeShape"
+ "owl:NamedIndividual",
+ "ns1:RelationshipType"
],
- "rdfs:comment": "An SsvcVulnAssessmentRelationship describes the decision made using the\nStakeholder-Specific Vulnerability Categorization (SSVC) decision tree as\ndefined on [https://www.cisa.gov/stakeholder-specific-vulnerability-categorization-ssvc](https://www.cisa.gov/stakeholder-specific-vulnerability-categorization-ssvc).\nIt is intended to communicate the results of using the CISA SSVC Calculator.\n\n**Constraints**\n\n- The relationship type must be set to hasAssessmentFor.\n\n**Syntax**\n\n```json\n{\n \"@type\": \"SsvcVulnAssessmentRelationship\",\n \"@id\": \"urn:spdx.dev:ssvc-1\",\n \"relationshipType\": \"hasAssessmentFor\",\n \"decisionType\": \"act\",\n \"from\": \"urn:spdx.dev:vuln-cve-2020-28498\",\n \"to\": [\"urn:product-acme-application-1.3\"],\n \"assessedElement\": \"urn:npm-elliptic-6.5.2\",\n \"suppliedBy\": [\"urn:spdx.dev:agent-jane-doe\"],\n \"publishedTime\": \"2021-03-09T11:04:53Z\"\n}\n```",
- "rdfs:subClassOf": {
- "@id": "security:VulnAssessmentRelationship"
- },
- "ns0:term_status": "Stable",
- "sh:property": {
- "sh:class": {
- "@id": "security:SsvcDecisionType"
- },
- "sh:maxCount": 1,
- "sh:minCount": 1,
- "sh:name": "decisionType",
- "sh:path": {
- "@id": "security:decisionType"
- }
+ "rdfs:label": "hasDistributionArtifact",
+ "rdfs:comment": {
+ "@value": "The `from` Element is distributed as an artifact in each `to` Element (e.g. an RPM or archive file).",
+ "@language": "en"
}
},
{
- "@id": "security:VexAffectedVulnAssessmentRelationship",
+ "@id": "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/hasDocumentation",
"@type": [
- "owl:Class",
- "sh:NodeShape"
+ "owl:NamedIndividual",
+ "ns1:RelationshipType"
],
- "rdfs:comment": "VexAffectedVulnAssessmentRelationship connects a vulnerability and a number\nof elements. The relationship marks these elements as products affected by the\nvulnerability. This relationship corresponds to the VEX affected status.\n\n**Constraints**\n\nWhen linking elements using a VexAffectedVulnAssessmentRelationship, the\nfollowing requirements must be observed:\n\n- Elements linked with a VulnVexAffectedAssessmentRelationship are constrained\nto the affects relationship type.\n\n**Syntax**\n\n```json\n{\n \"@type\": \"VexAffectedVulnAssessmentRelationship\",\n \"@id\": \"urn:spdx.dev:vex-affected-1\",\n \"relationshipType\": \"affects\",\n \"from\": \"urn:spdx.dev:vuln-cve-2020-28498\",\n \"to\": [\"urn:product-acme-application-1.3\"],\n \"assessedElement\": \"urn:npm-elliptic-6.5.2\",\n \"actionStatement\": \"Upgrade to version 1.4 of ACME application.\",\n \"suppliedBy\": [\"urn:spdx.dev:agent-jane-doe\"],\n \"publishedTime\": \"2021-03-09T11:04:53Z\"\n}\n```",
- "rdfs:subClassOf": {
- "@id": "security:VexVulnAssessmentRelationship"
- },
- "ns0:term_status": "Stable",
- "sh:property": [
- {
- "sh:datatype": {
- "@id": "core:DateTime"
- },
- "sh:name": "actionStatementTime",
- "sh:path": {
- "@id": "security:actionStatementTime"
- }
- },
- {
- "sh:datatype": {
- "@id": "xsd:string"
- },
- "sh:maxCount": 1,
- "sh:name": "actionStatement",
- "sh:path": {
- "@id": "security:actionStatement"
- }
- }
- ]
+ "rdfs:label": "hasDocumentation",
+ "rdfs:comment": {
+ "@value": "The `from` Element is documented by each `to` Element.",
+ "@language": "en"
+ }
},
{
- "@id": "security:VexFixedVulnAssessmentRelationship",
+ "@id": "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/hasDynamicLink",
"@type": [
- "owl:Class",
- "sh:NodeShape"
+ "owl:NamedIndividual",
+ "ns1:RelationshipType"
],
- "rdfs:comment": "VexFixedVulnAssessmentRelationship links a vulnerability to a number of elements\nrepresenting VEX products where a vulnerability has been fixed and are no longer\naffected. It represents the VEX fixed status.\n\n**Constraints**\n\nWhen linking elements using a VexFixedVulnAssessmentRelationship, the following\nrequirements must be observed:\n\n- Elements linked with a VulnVexFixedAssessmentRelationship are constrained to\nusing the fixedIn relationship type.\n- The from: end of the relationship must ve a /Security/Vulnerability classed\nelement.\n\n**Syntax**\n\n```json\n{\n \"@type\": \"VexFixedVulnAssessmentRelationship\",\n \"@id\": \"urn:spdx.dev:vex-fixed-in-1\",\n \"relationshipType\": \"fixedIn\",\n \"from\": \"urn:spdx.dev:vuln-cve-2020-28498\",\n \"to\": [\"urn:product-acme-application-1.3\"],\n \"assessedElement\": \"urn:npm-elliptic-6.5.4\",\n \"suppliedBy\": [\"urn:spdx.dev:agent-jane-doe\"],\n \"publishedTime\": \"2021-03-09T11:04:53Z\"\n}\n```",
- "rdfs:subClassOf": {
- "@id": "security:VexVulnAssessmentRelationship"
- },
- "ns0:term_status": "Stable"
+ "rdfs:label": "hasDynamicLink",
+ "rdfs:comment": {
+ "@value": "The `from` Element dynamically links in each `to` Element, during a LifecycleScopeType period.",
+ "@language": "en"
+ }
},
{
- "@id": "https://spdx.org/rdf/Security/VexJustificationType/componentNotPresent",
+ "@id": "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/hasEvidence",
"@type": [
"owl:NamedIndividual",
- "security:VexJustificationType"
- ]
+ "ns1:RelationshipType"
+ ],
+ "rdfs:label": "hasEvidence",
+ "rdfs:comment": {
+ "@value": "Every `to` Element is considered as evidence for the `from` Element (`from` hasEvidence `to`).",
+ "@language": "en"
+ }
},
{
- "@id": "https://spdx.org/rdf/Security/VexJustificationType/inlineMitigationsAlreadyExist",
+ "@id": "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/hasExample",
"@type": [
"owl:NamedIndividual",
- "security:VexJustificationType"
- ]
+ "ns1:RelationshipType"
+ ],
+ "rdfs:label": "hasExample",
+ "rdfs:comment": {
+ "@value": "Every `to` Element is an example for the `from` Element (`from` hasExample `to`).",
+ "@language": "en"
+ }
},
{
- "@id": "https://spdx.org/rdf/Security/VexJustificationType/vulnerableCodeCannotBeControlledByAdversary",
+ "@id": "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/hasHost",
"@type": [
"owl:NamedIndividual",
- "security:VexJustificationType"
- ]
+ "ns1:RelationshipType"
+ ],
+ "rdfs:label": "hasHost",
+ "rdfs:comment": {
+ "@value": "The `from` Build was run on the `to` Element during a LifecycleScopeType period (e.g. the host that the build runs on).",
+ "@language": "en"
+ }
},
{
- "@id": "https://spdx.org/rdf/Security/VexJustificationType/vulnerableCodeNotInExecutePath",
+ "@id": "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/hasInput",
"@type": [
"owl:NamedIndividual",
- "security:VexJustificationType"
- ]
+ "ns1:RelationshipType"
+ ],
+ "rdfs:label": "hasInput",
+ "rdfs:comment": {
+ "@value": "The `from` Build has each `to` Element as an input, during a LifecycleScopeType period.",
+ "@language": "en"
+ }
},
{
- "@id": "https://spdx.org/rdf/Security/VexJustificationType/vulnerableCodeNotPresent",
+ "@id": "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/hasMetadata",
"@type": [
"owl:NamedIndividual",
- "security:VexJustificationType"
- ]
+ "ns1:RelationshipType"
+ ],
+ "rdfs:label": "hasMetadata",
+ "rdfs:comment": {
+ "@value": "Every `to` Element is metadata about the `from` Element (`from` hasMetadata `to`).",
+ "@language": "en"
+ }
},
{
- "@id": "security:VexNotAffectedVulnAssessmentRelationship",
+ "@id": "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/hasOptionalComponent",
"@type": [
- "owl:Class",
- "sh:NodeShape"
+ "owl:NamedIndividual",
+ "ns1:RelationshipType"
],
- "rdfs:comment": "VexNotAffectedVulnAssessmentRelationship connects a vulnerability and a number\nof elements designating them as products not affected by the vulnerability.\nThis relationship corresponds to the VEX not_affected status.\n\n**Constraints**\n\nWhen linking elements using a VexNotVulnAffectedAssessmentRelationship, the\nfollowing requirements must be observed:\n\n* Relating elements with a VexNotAffectedVulnAssessmentRelationship is restricted\nto the doesNotAffect relationship type.\n* The from: end of the relationship must be a /Security/Vulnerability classed\nelement.\n* Both impactStatement and justificationType properties have a cardinality of\n0..1 making them optional. Nevertheless, to produce a valid VEX not_affected\nstatement, one of them MUST be defined. This is specified in the Minimum Elements\nfor VEX.\n\n**Syntax**\n\n```json\n{\n \"@type\": \"VexNotAffectedVulnAssessmentRelationship\",\n \"@id\": \"urn:spdx.dev:vex-not-affected-1\",\n \"relationshipType\": \"doesNotAffect\",\n \"from\": \"urn:spdx.dev:vuln-cve-2020-28498\",\n \"to\": [\"urn:product-acme-application-1.3\"],\n \"assessedElement\": \"urn:npm-elliptic-6.5.2\",\n \"justificationType\": \"componentNotPresent\",\n \"impactStatement\": \"Not using this vulnerable part of this library.\",\n \"suppliedBy\": [\"urn:spdx.dev:agent-jane-doe\"],\n \"publishedTime\": \"2021-03-09T11:04:53Z\"\n}\n```",
- "rdfs:subClassOf": {
- "@id": "security:VexVulnAssessmentRelationship"
- },
- "ns0:term_status": "Stable",
- "sh:property": [
- {
- "sh:datatype": {
- "@id": "core:DateTime"
- },
- "sh:maxCount": 1,
- "sh:name": "impactStatementTime",
- "sh:path": {
- "@id": "security:impactStatementTime"
- }
- },
- {
- "sh:class": {
- "@id": "security:VexJustificationType"
- },
- "sh:maxCount": 1,
- "sh:name": "justificationType",
- "sh:path": {
- "@id": "security:justificationType"
- }
- },
- {
- "sh:datatype": {
- "@id": "xsd:string"
- },
- "sh:maxCount": 1,
- "sh:name": "impactStatement",
- "sh:path": {
- "@id": "security:impactStatement"
- }
- }
- ]
+ "rdfs:label": "hasOptionalComponent",
+ "rdfs:comment": {
+ "@value": "Every `to` Element is an optional component of the `from` Element (`from` hasOptionalComponent `to`).",
+ "@language": "en"
+ }
},
{
- "@id": "security:VexUnderInvestigationVulnAssessmentRelationship",
+ "@id": "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/hasOptionalDependency",
"@type": [
- "owl:Class",
- "sh:NodeShape"
+ "owl:NamedIndividual",
+ "ns1:RelationshipType"
],
- "rdfs:comment": "VexUnderInvestigationVulnAssessmentRelationship links a vulnerability to a\nnumber of products stating the vulnerability's impact on them is being\ninvestigated. It represents the VEX under_investigation status.\n\n**Constraints**\n\nWhen linking elements using a VexUnderInvestigationVulnAssessmentRelationship\nthe following requirements must be observed:\n\n- Elements linked with a VexUnderInvestigationVulnAssessmentRelationship are\nconstrained to using the underInvestigationFor relationship type.\n- The from: end of the relationship must ve a /Security/Vulnerability classed\nelement.\n\n**Syntax**\n\n```json\n{\n \"@type\": \"VexUnderInvestigationVulnAssessmentRelationship\",\n \"@id\": \"urn:spdx.dev:vex-underInvestigation-1\",\n \"relationshipType\": \"underInvestigationFor\",\n \"from\": \"urn:spdx.dev:vuln-cve-2020-28498\",\n \"to\": [\"urn:product-acme-application-1.3\"],\n \"assessedElement\": \"urn:npm-elliptic-6.5.2\",\n \"suppliedBy\": [\"urn:spdx.dev:agent-jane-doe\"],\n \"publishedTime\": \"2021-03-09T11:04:53Z\"\n}\n```",
- "rdfs:subClassOf": {
- "@id": "security:VexVulnAssessmentRelationship"
- },
- "ns0:term_status": "Stable"
+ "rdfs:label": "hasOptionalDependency",
+ "rdfs:comment": {
+ "@value": "The `from` Element optionally depends on each `to` Element, during a LifecycleScopeType period.",
+ "@language": "en"
+ }
},
{
- "@id": "security:Vulnerability",
+ "@id": "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/hasOutput",
"@type": [
- "owl:Class",
- "sh:NodeShape"
+ "owl:NamedIndividual",
+ "ns1:RelationshipType"
],
- "rdfs:comment": "Specifies a vulnerability and its associated information.\n\n**Syntax**\n\n```json\n{\n \"@type\": \"Vulnerability\",\n \"@id\": \"urn:spdx.dev:vuln-1\",\n \"summary\": \"Use of a Broken or Risky Cryptographic Algorithm\",\n \"description\": \"The npm package `elliptic` before version 6.5.4 are vulnerable to Cryptographic Issues via the secp256k1 implementation in elliptic/ec/key.js. There is no check to confirm that the public key point passed into the derive function actually exists on the secp256k1 curve. This results in the potential for the private key used in this implementation to be revealed after a number of ECDH operations are performed.\", \n \"modified\": \"2021-03-08T16:02:43Z\",\n \"published\": \"2021-03-08T16:06:50Z\",\n \"externalIdentifiers\": [\n {\n \"@type\": \"ExternalIdentifier\",\n \"externalIdentifierType\": \"cve\",\n \"identifier\": \"CVE-2020-2849\",\n \"identifierLocator\": [\n \"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28498\",\n \"https://www.cve.org/CVERecord?id=CVE-2020-28498\"\n ],\n \"issuingAuthority\": \"urn:spdx.dev:agent-cve.org\"\n },\n {\n \"type\": \"ExternalIdentifier\",\n \"externalIdentifierType\": \"securityOther\",\n \"identifier\": \"GHSA-r9p9-mrjm-926w\",\n \"identifierLocator\": \"https://github.com/advisories/GHSA-r9p9-mrjm-926w\"\n },\n {\n \"type\": \"ExternalIdentifier\",\n \"externalIdentifierType\": \"securityOther\",\n \"identifier\": \"SNYK-JS-ELLIPTIC-1064899\",\n \"identifierLocator\": \"https://security.snyk.io/vuln/SNYK-JS-ELLIPTIC-1064899\"\n }\n ],\n \"externalReferences\": [\n {\n \"@type\": \"ExternalReference\",\n \"externalReferenceType\": \"securityAdvisory\",\n \"locator\": \"https://nvd.nist.gov/vuln/detail/CVE-2020-28498\"\n },\n {\n \"@type\": \"ExternalReference\",\n \"externalReferenceType\": \"securityAdvisory\",\n \"locator\": \"https://ubuntu.com/security/CVE-2020-28498\"\n },\n {\n \"@type\": \"ExternalReference\",\n \"externalReferenceType\": \"securityOther\",\n \"locator\": \"https://github.com/indutny/elliptic/pull/244/commits\"\n },\n {\n \"@type\": \"ExternalReference\",\n \"externalReferenceType\": \"securityOther\",\n \"locator\": \"https://github.com/christianlundkvist/blog/blob/master/2020_05_26_secp256k1_twist_attacks/secp256k1_twist_attacks.md\"\n }\n ]\n},\n{\n \"@type\": \"Relationship\",\n \"@id\": \"urn:spdx.dev:vulnRelationship-1\",\n \"relationshipType\": \"hasAssociatedVulnerability\",\n \"from\": \"urn:npm-elliptic-6.5.2\",\n \"to\": [\"urn:spdx.dev:vuln-1\"],\n \"startTime\": \"2021-03-08T16:06:50Z\"\n},\n{\n \"@type\": \"Relationship\",\n \"@id\": \"urn:spdx.dev:vulnAgentRel-1\", \n \"relationshipType\": \"publishedBy\", \n \"from\": \"urn:spdx.dev:vuln-1\",\n \"to\": [\"urn:spdx.dev:agent-snyk\"],\n \"startTime\": \"2021-03-08T16:06:50Z\"\n}\n```",
- "rdfs:subClassOf": {
- "@id": "core:Element"
- },
- "ns0:term_status": "Stable",
- "sh:property": [
- {
- "sh:datatype": {
- "@id": "core:DateTime"
- },
- "sh:maxCount": 1,
- "sh:name": "publishedTime",
- "sh:path": {
- "@id": "security:publishedTime"
- }
- },
- {
- "sh:datatype": {
- "@id": "core:DateTime"
- },
- "sh:maxCount": 1,
- "sh:name": "modifiedTime",
- "sh:path": {
- "@id": "security:modifiedTime"
- }
- },
- {
- "sh:datatype": {
- "@id": "core:DateTime"
- },
- "sh:maxCount": 1,
- "sh:name": "withdrawnTime",
- "sh:path": {
- "@id": "security:withdrawnTime"
- }
- }
- ]
+ "rdfs:label": "hasOutput",
+ "rdfs:comment": {
+ "@value": "The `from` Build element generates each `to` Element as an output, during a LifecycleScopeType period.",
+ "@language": "en"
+ }
},
{
- "@id": "https://spdx.org/rdf/Software/DependencyConditionalityType/optional",
+ "@id": "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/hasPrerequisite",
"@type": [
"owl:NamedIndividual",
- "software:DependencyConditionalityType"
- ]
+ "ns1:RelationshipType"
+ ],
+ "rdfs:label": "hasPrerequisite",
+ "rdfs:comment": {
+ "@value": "The `from` Element has a prerequisite on each `to` Element, during a LifecycleScopeType period.",
+ "@language": "en"
+ }
},
{
- "@id": "https://spdx.org/rdf/Software/DependencyConditionalityType/other",
+ "@id": "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/hasProvidedDependency",
"@type": [
"owl:NamedIndividual",
- "software:DependencyConditionalityType"
- ]
+ "ns1:RelationshipType"
+ ],
+ "rdfs:label": "hasProvidedDependency",
+ "rdfs:comment": {
+ "@value": "The `from` Element has a dependency on each `to` Element, dependency is not in the distributed artifact, but assumed to be provided, during a LifecycleScopeType period.",
+ "@language": "en"
+ }
},
{
- "@id": "https://spdx.org/rdf/Software/DependencyConditionalityType/prerequisite",
+ "@id": "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/hasRequirement",
"@type": [
"owl:NamedIndividual",
- "software:DependencyConditionalityType"
- ]
+ "ns1:RelationshipType"
+ ],
+ "rdfs:label": "hasRequirement",
+ "rdfs:comment": {
+ "@value": "The `from` Element has a requirement on each `to` Element, during a LifecycleScopeType period.",
+ "@language": "en"
+ }
},
{
- "@id": "https://spdx.org/rdf/Software/DependencyConditionalityType/provided",
+ "@id": "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/hasSpecification",
"@type": [
"owl:NamedIndividual",
- "software:DependencyConditionalityType"
- ]
+ "ns1:RelationshipType"
+ ],
+ "rdfs:label": "hasSpecification",
+ "rdfs:comment": {
+ "@value": "Every `to` Element is a specification for the `from` Element (`from` hasSpecification `to`), during a LifecycleScopeType period.",
+ "@language": "en"
+ }
},
{
- "@id": "https://spdx.org/rdf/Software/DependencyConditionalityType/required",
+ "@id": "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/hasStaticLink",
"@type": [
"owl:NamedIndividual",
- "software:DependencyConditionalityType"
- ]
+ "ns1:RelationshipType"
+ ],
+ "rdfs:label": "hasStaticLink",
+ "rdfs:comment": {
+ "@value": "The `from` Element statically links in each `to` Element, during a LifecycleScopeType period.",
+ "@language": "en"
+ }
},
{
- "@id": "software:File",
+ "@id": "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/hasTest",
"@type": [
- "owl:Class",
- "sh:NodeShape"
+ "owl:NamedIndividual",
+ "ns1:RelationshipType"
],
- "rdfs:comment": "Refers to any object that stores content on a computer.\nThe type of content can optionally be provided in the contentType property.\nExternal property restriction on /Core/Element/name: minCount: 1",
- "rdfs:subClassOf": {
- "@id": "software:SoftwareArtifact"
- },
- "ns0:term_status": "Stable",
- "sh:property": {
- "sh:datatype": {
- "@id": "core:MediaType"
- },
- "sh:maxCount": 1,
- "sh:name": "contentType",
- "sh:path": {
- "@id": "software:contentType"
- }
+ "rdfs:label": "hasTest",
+ "rdfs:comment": {
+ "@value": "Every `to` Element is a test artifact for the `from` Element (`from` hasTest `to`), during a LifecycleScopeType period.",
+ "@language": "en"
}
},
{
- "@id": "https://spdx.org/rdf/Software/SBOMType/analyzed",
+ "@id": "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/hasTestCase",
"@type": [
"owl:NamedIndividual",
- "software:SBOMType"
- ]
+ "ns1:RelationshipType"
+ ],
+ "rdfs:label": "hasTestCase",
+ "rdfs:comment": {
+ "@value": "Every `to` Element is a test case for the `from` Element (`from` hasTestCase `to`).",
+ "@language": "en"
+ }
},
{
- "@id": "https://spdx.org/rdf/Software/SBOMType/build",
+ "@id": "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/hasVariant",
"@type": [
"owl:NamedIndividual",
- "software:SBOMType"
- ]
+ "ns1:RelationshipType"
+ ],
+ "rdfs:label": "hasVariant",
+ "rdfs:comment": {
+ "@value": "Every `to` Element is a variant the `from` Element (`from` hasVariant `to`).",
+ "@language": "en"
+ }
},
{
- "@id": "https://spdx.org/rdf/Software/SBOMType/deployed",
+ "@id": "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/invokedBy",
"@type": [
"owl:NamedIndividual",
- "software:SBOMType"
- ]
+ "ns1:RelationshipType"
+ ],
+ "rdfs:label": "invokedBy",
+ "rdfs:comment": {
+ "@value": "The `from` Element was invoked by the `to` Agent, during a LifecycleScopeType period (for example, a Build element that describes a build step).",
+ "@language": "en"
+ }
},
{
- "@id": "https://spdx.org/rdf/Software/SBOMType/design",
+ "@id": "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/modifiedBy",
"@type": [
"owl:NamedIndividual",
- "software:SBOMType"
- ]
+ "ns1:RelationshipType"
+ ],
+ "rdfs:label": "modifiedBy",
+ "rdfs:comment": {
+ "@value": "The `from` Element is modified by each `to` Element.",
+ "@language": "en"
+ }
},
{
- "@id": "https://spdx.org/rdf/Software/SBOMType/runtime",
+ "@id": "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/other",
"@type": [
"owl:NamedIndividual",
- "software:SBOMType"
- ]
+ "ns1:RelationshipType"
+ ],
+ "rdfs:label": "other",
+ "rdfs:comment": {
+ "@value": "Every `to` Element is related to the `from` Element where the relationship type is not described by any of the SPDX relationship types (this relationship is directionless).",
+ "@language": "en"
+ }
},
{
- "@id": "https://spdx.org/rdf/Software/SBOMType/source",
+ "@id": "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/packagedBy",
"@type": [
"owl:NamedIndividual",
- "software:SBOMType"
- ]
+ "ns1:RelationshipType"
+ ],
+ "rdfs:label": "packagedBy",
+ "rdfs:comment": {
+ "@value": "Every `to` Element is a packaged instance of the `from` Element (`from` packagedBy `to`).",
+ "@language": "en"
+ }
},
{
- "@id": "software:Sbom",
+ "@id": "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/patchedBy",
"@type": [
- "owl:Class",
- "sh:NodeShape"
+ "owl:NamedIndividual",
+ "ns1:RelationshipType"
],
- "rdfs:comment": "A Software Bill of Materials (SBOM) is a collection of SPDX Elements describing a single package.\nThis could include details of the content and composition of the product,\nprovenance details of the product and/or\nits composition, licensing information, known quality or security issues, etc.",
- "rdfs:subClassOf": {
- "@id": "core:Bom"
- },
- "ns0:term_status": "Stable",
- "sh:property": {
- "sh:class": {
- "@id": "software:SBOMType"
- },
- "sh:name": "sbomType",
- "sh:path": {
- "@id": "software:sbomType"
- }
+ "rdfs:label": "patchedBy",
+ "rdfs:comment": {
+ "@value": "Every `to` Element is a patch for the `from` Element (`from` patchedBy `to`).",
+ "@language": "en"
}
},
{
- "@id": "software:Snippet",
+ "@id": "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/publishedBy",
"@type": [
- "owl:Class",
- "sh:NodeShape"
+ "owl:NamedIndividual",
+ "ns1:RelationshipType"
],
- "rdfs:comment": "A Snippet describes a certain part of a file and can be used when the file is known to have some content\nthat has been included from another original source. Snippets are useful for denoting when part of a file\nmay have been originally created under another license or copied from a place with a known vulnerability.",
- "rdfs:subClassOf": {
- "@id": "software:SoftwareArtifact"
- },
- "ns0:term_status": "Stable",
- "sh:property": [
- {
- "sh:class": {
- "@id": "core:PositiveIntegerRange"
- },
- "sh:maxCount": 1,
- "sh:name": "byteRange",
- "sh:path": {
- "@id": "software:byteRange"
- }
- },
- {
- "sh:class": {
- "@id": "core:PositiveIntegerRange"
- },
- "sh:maxCount": 1,
- "sh:name": "lineRange",
- "sh:path": {
- "@id": "software:lineRange"
- }
- }
- ]
+ "rdfs:label": "publishedBy",
+ "rdfs:comment": {
+ "@value": "Designates a `from` Vulnerability was made available for public use or reference by each `to` Agent.",
+ "@language": "en"
+ }
},
{
- "@id": "https://spdx.org/rdf/Software/SoftwareDependencyLinkType/dynamic",
+ "@id": "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/reportedBy",
"@type": [
"owl:NamedIndividual",
- "software:SoftwareDependencyLinkType"
- ]
+ "ns1:RelationshipType"
+ ],
+ "rdfs:label": "reportedBy",
+ "rdfs:comment": {
+ "@value": "Designates a `from` Vulnerability was first reported to a project, vendor, or tracking database for formal identification by each `to` Agent.",
+ "@language": "en"
+ }
},
{
- "@id": "https://spdx.org/rdf/Software/SoftwareDependencyLinkType/other",
+ "@id": "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/republishedBy",
"@type": [
"owl:NamedIndividual",
- "software:SoftwareDependencyLinkType"
- ]
+ "ns1:RelationshipType"
+ ],
+ "rdfs:label": "republishedBy",
+ "rdfs:comment": {
+ "@value": "Designates a `from` Vulnerability's details were tracked, aggregated, and/or enriched to improve context (i.e. NVD) by each `to` Agent.",
+ "@language": "en"
+ }
},
{
- "@id": "https://spdx.org/rdf/Software/SoftwareDependencyLinkType/static",
+ "@id": "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/serializedInArtifact",
"@type": [
"owl:NamedIndividual",
- "software:SoftwareDependencyLinkType"
- ]
+ "ns1:RelationshipType"
+ ],
+ "rdfs:label": "serializedInArtifact",
+ "rdfs:comment": {
+ "@value": "The `from` SpdxDocument can be found in a serialized form in each `to` Artifact.",
+ "@language": "en"
+ }
},
{
- "@id": "https://spdx.org/rdf/Software/SoftwareDependencyLinkType/tool",
+ "@id": "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/testedOn",
"@type": [
"owl:NamedIndividual",
- "software:SoftwareDependencyLinkType"
- ]
- },
- {
- "@id": "software:SoftwareDependencyRelationship",
- "@type": [
- "owl:Class",
- "sh:NodeShape"
+ "ns1:RelationshipType"
],
- "rdfs:comment": "TODO",
- "rdfs:subClassOf": {
- "@id": "core:LifecycleScopedRelationship"
- },
- "ns0:term_status": "Stable",
- "sh:property": [
- {
- "sh:class": {
- "@id": "software:SoftwareDependencyLinkType"
- },
- "sh:maxCount": 1,
- "sh:name": "softwareLinkage",
- "sh:path": {
- "@id": "software:softwareLinkage"
- }
- },
- {
- "sh:class": {
- "@id": "software:DependencyConditionalityType"
- },
- "sh:maxCount": 1,
- "sh:name": "conditionality",
- "sh:path": {
- "@id": "software:conditionality"
- }
- }
- ]
+ "rdfs:label": "testedOn",
+ "rdfs:comment": {
+ "@value": "The `from` Element has been tested on the `to` Element(s).",
+ "@language": "en"
+ }
},
{
- "@id": "https://spdx.org/rdf/Software/SoftwarePurpose/application",
+ "@id": "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/trainedOn",
"@type": [
"owl:NamedIndividual",
- "software:SoftwarePurpose"
- ]
+ "ns1:RelationshipType"
+ ],
+ "rdfs:label": "trainedOn",
+ "rdfs:comment": {
+ "@value": "The `from` Element has been trained on the `to` Element(s).",
+ "@language": "en"
+ }
},
{
- "@id": "https://spdx.org/rdf/Software/SoftwarePurpose/archive",
+ "@id": "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/underInvestigationFor",
"@type": [
"owl:NamedIndividual",
- "software:SoftwarePurpose"
- ]
+ "ns1:RelationshipType"
+ ],
+ "rdfs:label": "underInvestigationFor",
+ "rdfs:comment": {
+ "@value": "The `from` Vulnerability impact is being investigated for each `to` Element. The use of the `underInvestigationFor` type is constrained to `VexUnderInvestigationVulnAssessmentRelationship` classed relationships.",
+ "@language": "en"
+ }
},
{
- "@id": "https://spdx.org/rdf/Software/SoftwarePurpose/bom",
+ "@id": "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/usesTool",
"@type": [
"owl:NamedIndividual",
- "software:SoftwarePurpose"
- ]
+ "ns1:RelationshipType"
+ ],
+ "rdfs:label": "usesTool",
+ "rdfs:comment": {
+ "@value": "The `from` Element uses each `to` Element as a tool, during a LifecycleScopeType period.",
+ "@language": "en"
+ }
},
{
- "@id": "https://spdx.org/rdf/Software/SoftwarePurpose/configuration",
+ "@id": "https://spdx.org/rdf/3.0.1/terms/Core/SupportType/deployed",
"@type": [
"owl:NamedIndividual",
- "software:SoftwarePurpose"
- ]
+ "ns1:SupportType"
+ ],
+ "rdfs:label": "deployed",
+ "rdfs:comment": {
+ "@value": "in addition to being supported by the supplier, the software is known to have been deployed and is in use. For a software as a service provider, this implies the software is now available as a service.",
+ "@language": "en"
+ }
},
{
- "@id": "https://spdx.org/rdf/Software/SoftwarePurpose/container",
+ "@id": "https://spdx.org/rdf/3.0.1/terms/Core/SupportType/development",
"@type": [
"owl:NamedIndividual",
- "software:SoftwarePurpose"
- ]
+ "ns1:SupportType"
+ ],
+ "rdfs:label": "development",
+ "rdfs:comment": {
+ "@value": "the artifact is in active development and is not considered ready for formal support from the supplier.",
+ "@language": "en"
+ }
},
{
- "@id": "https://spdx.org/rdf/Software/SoftwarePurpose/data",
+ "@id": "https://spdx.org/rdf/3.0.1/terms/Core/SupportType/endOfSupport",
"@type": [
"owl:NamedIndividual",
- "software:SoftwarePurpose"
- ]
+ "ns1:SupportType"
+ ],
+ "rdfs:label": "endOfSupport",
+ "rdfs:comment": {
+ "@value": "there is a defined end of support for the artifact from the supplier. This may also be referred to as end of life. There is a validUntilDate that can be used to signal when support ends for the artifact.",
+ "@language": "en"
+ }
},
{
- "@id": "https://spdx.org/rdf/Software/SoftwarePurpose/device",
+ "@id": "https://spdx.org/rdf/3.0.1/terms/Core/SupportType/limitedSupport",
"@type": [
"owl:NamedIndividual",
- "software:SoftwarePurpose"
- ]
+ "ns1:SupportType"
+ ],
+ "rdfs:label": "limitedSupport",
+ "rdfs:comment": {
+ "@value": "the artifact has been released, and there is limited support available from the supplier. There is a validUntilDate that can provide additional information about the duration of support.",
+ "@language": "en"
+ }
},
{
- "@id": "https://spdx.org/rdf/Software/SoftwarePurpose/documentation",
+ "@id": "https://spdx.org/rdf/3.0.1/terms/Core/SupportType/noAssertion",
"@type": [
"owl:NamedIndividual",
- "software:SoftwarePurpose"
- ]
+ "ns1:SupportType"
+ ],
+ "rdfs:label": "noAssertion",
+ "rdfs:comment": {
+ "@value": "no assertion about the type of support is made. This is considered the default if no other support type is used.",
+ "@language": "en"
+ }
},
{
- "@id": "https://spdx.org/rdf/Software/SoftwarePurpose/evidence",
+ "@id": "https://spdx.org/rdf/3.0.1/terms/Core/SupportType/noSupport",
"@type": [
"owl:NamedIndividual",
- "software:SoftwarePurpose"
- ]
+ "ns1:SupportType"
+ ],
+ "rdfs:label": "noSupport",
+ "rdfs:comment": {
+ "@value": "there is no support for the artifact from the supplier, consumer assumes any support obligations.",
+ "@language": "en"
+ }
},
{
- "@id": "https://spdx.org/rdf/Software/SoftwarePurpose/executable",
+ "@id": "https://spdx.org/rdf/3.0.1/terms/Core/SupportType/support",
"@type": [
"owl:NamedIndividual",
- "software:SoftwarePurpose"
- ]
+ "ns1:SupportType"
+ ],
+ "rdfs:label": "support",
+ "rdfs:comment": {
+ "@value": "the artifact has been released, and is supported from the supplier. There is a validUntilDate that can provide additional information about the duration of support.",
+ "@language": "en"
+ }
},
{
- "@id": "https://spdx.org/rdf/Software/SoftwarePurpose/file",
- "@type": [
- "owl:NamedIndividual",
- "software:SoftwarePurpose"
- ]
+ "@id": "ns1:annotationType",
+ "@type": "owl:ObjectProperty",
+ "rdfs:comment": {
+ "@value": "Describes the type of annotation.",
+ "@language": "en"
+ },
+ "rdfs:range": {
+ "@id": "ns1:AnnotationType"
+ }
},
{
- "@id": "https://spdx.org/rdf/Software/SoftwarePurpose/firmware",
- "@type": [
- "owl:NamedIndividual",
- "software:SoftwarePurpose"
- ]
+ "@id": "ns1:beginIntegerRange",
+ "@type": "owl:DatatypeProperty",
+ "rdfs:comment": {
+ "@value": "Defines the beginning of a range.",
+ "@language": "en"
+ },
+ "rdfs:range": {
+ "@id": "xsd:positiveInteger"
+ }
},
{
- "@id": "https://spdx.org/rdf/Software/SoftwarePurpose/framework",
- "@type": [
- "owl:NamedIndividual",
- "software:SoftwarePurpose"
- ]
+ "@id": "ns1:builtTime",
+ "@type": "owl:DatatypeProperty",
+ "rdfs:comment": {
+ "@value": "Specifies the time an artifact was built.",
+ "@language": "en"
+ },
+ "rdfs:range": {
+ "@id": "xsd:dateTimeStamp"
+ }
},
{
- "@id": "https://spdx.org/rdf/Software/SoftwarePurpose/install",
- "@type": [
- "owl:NamedIndividual",
- "software:SoftwarePurpose"
- ]
+ "@id": "ns1:completeness",
+ "@type": "owl:ObjectProperty",
+ "rdfs:comment": {
+ "@value": "Provides information about the completeness of relationships.",
+ "@language": "en"
+ },
+ "rdfs:range": {
+ "@id": "ns1:RelationshipCompleteness"
+ }
},
{
- "@id": "https://spdx.org/rdf/Software/SoftwarePurpose/library",
- "@type": [
- "owl:NamedIndividual",
- "software:SoftwarePurpose"
- ]
+ "@id": "ns1:context",
+ "@type": "owl:DatatypeProperty",
+ "rdfs:comment": {
+ "@value": "Gives information about the circumstances or unifying properties\nthat Elements of the bundle have been assembled under.",
+ "@language": "en"
+ },
+ "rdfs:range": {
+ "@id": "xsd:string"
+ }
},
{
- "@id": "https://spdx.org/rdf/Software/SoftwarePurpose/manifest",
- "@type": [
- "owl:NamedIndividual",
- "software:SoftwarePurpose"
- ]
+ "@id": "ns1:created",
+ "@type": "owl:DatatypeProperty",
+ "rdfs:comment": {
+ "@value": "Identifies when the Element was originally created.",
+ "@language": "en"
+ },
+ "rdfs:range": {
+ "@id": "xsd:dateTimeStamp"
+ }
},
{
- "@id": "https://spdx.org/rdf/Software/SoftwarePurpose/module",
- "@type": [
- "owl:NamedIndividual",
- "software:SoftwarePurpose"
- ]
+ "@id": "ns1:createdBy",
+ "@type": "owl:ObjectProperty",
+ "rdfs:comment": {
+ "@value": "Identifies who or what created the Element.",
+ "@language": "en"
+ },
+ "rdfs:range": {
+ "@id": "ns1:Agent"
+ }
},
{
- "@id": "https://spdx.org/rdf/Software/SoftwarePurpose/operatingSystem",
- "@type": [
- "owl:NamedIndividual",
- "software:SoftwarePurpose"
- ]
+ "@id": "ns1:createdUsing",
+ "@type": "owl:ObjectProperty",
+ "rdfs:comment": {
+ "@value": "Identifies the tooling that was used during the creation of the Element.",
+ "@language": "en"
+ },
+ "rdfs:range": {
+ "@id": "ns1:Tool"
+ }
},
{
- "@id": "https://spdx.org/rdf/Software/SoftwarePurpose/other",
- "@type": [
- "owl:NamedIndividual",
- "software:SoftwarePurpose"
- ]
+ "@id": "ns1:creationInfo",
+ "@type": "owl:ObjectProperty",
+ "rdfs:comment": {
+ "@value": "Provides information about the creation of the Element.",
+ "@language": "en"
+ },
+ "rdfs:range": {
+ "@id": "ns1:CreationInfo"
+ }
},
{
- "@id": "https://spdx.org/rdf/Software/SoftwarePurpose/patch",
- "@type": [
- "owl:NamedIndividual",
- "software:SoftwarePurpose"
- ]
+ "@id": "ns1:dataLicense",
+ "@type": "owl:ObjectProperty",
+ "rdfs:comment": {
+ "@value": "Provides the license under which the SPDX documentation of the Element can be\nused.",
+ "@language": "en"
+ },
+ "rdfs:range": {
+ "@id": "https://spdx.org/rdf/3.0.1/terms/SimpleLicensing/AnyLicenseInfo"
+ }
},
{
- "@id": "https://spdx.org/rdf/Software/SoftwarePurpose/requirement",
- "@type": [
- "owl:NamedIndividual",
- "software:SoftwarePurpose"
- ]
+ "@id": "ns1:definingArtifact",
+ "@type": "owl:ObjectProperty",
+ "rdfs:comment": {
+ "@value": "Artifact representing a serialization instance of SPDX data containing the\ndefinition of a particular Element.",
+ "@language": "en"
+ },
+ "rdfs:range": {
+ "@id": "ns1:Artifact"
+ }
},
{
- "@id": "https://spdx.org/rdf/Software/SoftwarePurpose/source",
- "@type": [
- "owl:NamedIndividual",
- "software:SoftwarePurpose"
- ]
+ "@id": "ns1:description",
+ "@type": "owl:DatatypeProperty",
+ "rdfs:comment": {
+ "@value": "Provides a detailed description of the Element.",
+ "@language": "en"
+ },
+ "rdfs:range": {
+ "@id": "xsd:string"
+ }
},
{
- "@id": "https://spdx.org/rdf/Software/SoftwarePurpose/specification",
- "@type": [
- "owl:NamedIndividual",
- "software:SoftwarePurpose"
- ]
+ "@id": "ns1:element",
+ "@type": "owl:ObjectProperty",
+ "rdfs:comment": {
+ "@value": "Refers to one or more Elements that are part of an ElementCollection.",
+ "@language": "en"
+ },
+ "rdfs:range": {
+ "@id": "ns1:Element"
+ }
},
{
- "@id": "ai:autonomyType",
+ "@id": "ns1:endIntegerRange",
"@type": "owl:DatatypeProperty",
- "rdfs:comment": "AutonomyType indicates if a human is involved in any of the decisions of the AI software\nor if that software is fully automatic.",
- "rdfs:range": {
- "@id": "ai:PresenceType"
+ "rdfs:comment": {
+ "@value": "Defines the end of a range.",
+ "@language": "en"
},
- "ns0:term_status": "Stable"
+ "rdfs:range": {
+ "@id": "xsd:positiveInteger"
+ }
},
{
- "@id": "ai:domain",
+ "@id": "ns1:endTime",
"@type": "owl:DatatypeProperty",
- "rdfs:comment": "Domain describes the domain in which the AI model contained in the AI software\ncan be expected to operate successfully. Examples include computer vision, natural language etc.",
- "rdfs:range": {
- "@id": "xsd:string"
+ "rdfs:comment": {
+ "@value": "Specifies the time from which an element is no longer applicable / valid.",
+ "@language": "en"
},
- "ns0:term_status": "Stable"
+ "rdfs:range": {
+ "@id": "xsd:dateTimeStamp"
+ }
},
{
- "@id": "ai:energyConsumption",
- "@type": "owl:DatatypeProperty",
- "rdfs:comment": "EnergyConsumption captures the amount of energy needed to train and operate the AI model. \nThis value is also known as training energy consumption or inference energy consumption.",
- "rdfs:range": {
- "@id": "xsd:string"
+ "@id": "ns1:extension",
+ "@type": "owl:ObjectProperty",
+ "rdfs:comment": {
+ "@value": "Specifies an Extension characterization of some aspect of an Element.",
+ "@language": "en"
},
- "ns0:term_status": "Stable"
+ "rdfs:range": {
+ "@id": "https://spdx.org/rdf/3.0.1/terms/Extension/Extension"
+ }
},
{
- "@id": "ai:hyperparameter",
- "@type": "owl:DatatypeProperty",
- "rdfs:comment": "This field records a hyperparameter value.\nHyperparameters are parameters of the machine learning model that are used to control the learning process,\nfor example the optimization and learning rate used during the training of the model.",
+ "@id": "ns1:externalIdentifier",
+ "@type": "owl:ObjectProperty",
+ "rdfs:comment": {
+ "@value": "Provides a reference to a resource outside the scope of SPDX-3.0 content\nthat uniquely identifies an Element.",
+ "@language": "en"
+ },
"rdfs:range": {
- "@id": "core:DictionaryEntry"
+ "@id": "ns1:ExternalIdentifier"
+ }
+ },
+ {
+ "@id": "ns1:externalIdentifierType",
+ "@type": "owl:ObjectProperty",
+ "rdfs:comment": {
+ "@value": "Specifies the type of the external identifier.",
+ "@language": "en"
},
- "ns0:term_status": "Stable"
+ "rdfs:range": {
+ "@id": "ns1:ExternalIdentifierType"
+ }
},
{
- "@id": "ai:informationAboutApplication",
- "@type": "owl:DatatypeProperty",
- "rdfs:comment": "InformationAboutApplication describes any relevant information in free form text about \nhow the AI model is used inside the software, as well as any relevant pre-processing steps, third party APIs etc.",
+ "@id": "ns1:externalRef",
+ "@type": "owl:ObjectProperty",
+ "rdfs:comment": {
+ "@value": "Points to a resource outside the scope of the SPDX-3.0 content\nthat provides additional characteristics of an Element.",
+ "@language": "en"
+ },
"rdfs:range": {
- "@id": "xsd:string"
+ "@id": "ns1:ExternalRef"
+ }
+ },
+ {
+ "@id": "ns1:externalRefType",
+ "@type": "owl:ObjectProperty",
+ "rdfs:comment": {
+ "@value": "Specifies the type of the external reference.",
+ "@language": "en"
},
- "ns0:term_status": "Stable"
+ "rdfs:range": {
+ "@id": "ns1:ExternalRefType"
+ }
},
{
- "@id": "ai:informationAboutTraining",
+ "@id": "ns1:externalSpdxId",
"@type": "owl:DatatypeProperty",
- "rdfs:comment": "InformationAboutTraining describes the specific steps involved in the training of the AI model.\nFor example, it can be specified whether supervised fine-tuning \nor active learning is used as part of training the model.",
+ "rdfs:comment": {
+ "@value": "Identifies an external Element used within an SpdxDocument but defined\nexternal to that SpdxDocument.",
+ "@language": "en"
+ },
"rdfs:range": {
- "@id": "xsd:string"
+ "@id": "xsd:anyURI"
+ }
+ },
+ {
+ "@id": "ns1:from",
+ "@type": "owl:ObjectProperty",
+ "rdfs:comment": {
+ "@value": "References the Element on the left-hand side of a relationship.",
+ "@language": "en"
},
- "ns0:term_status": "Stable"
+ "rdfs:range": {
+ "@id": "ns1:Element"
+ }
},
{
- "@id": "ai:limitation",
+ "@id": "ns1:identifier",
"@type": "owl:DatatypeProperty",
- "rdfs:comment": "Limitation captures a limitation of the AI Package (or of the AI models present in the AI package),\nexpressed as free form text. Note that this is not guaranteed to be exhaustive.\nFor instance, a limitation might be that the AI package cannot be used on datasets from a certain demography.",
+ "rdfs:comment": {
+ "@value": "Uniquely identifies an external element.",
+ "@language": "en"
+ },
"rdfs:range": {
"@id": "xsd:string"
- },
- "ns0:term_status": "Stable"
+ }
},
{
- "@id": "ai:metric",
+ "@id": "ns1:identifierLocator",
"@type": "owl:DatatypeProperty",
- "rdfs:comment": "Metric records the measurement with which the AI model was evaluated. \nThis makes statements about the prediction quality including uncertainty,\naccuracy, characteristics of the tested population, quality, fairness, explainability, robustness etc.",
- "rdfs:range": {
- "@id": "core:DictionaryEntry"
+ "rdfs:comment": {
+ "@value": "Provides the location for more information regarding an external identifier.",
+ "@language": "en"
},
- "ns0:term_status": "Stable"
+ "rdfs:range": {
+ "@id": "xsd:anyURI"
+ }
},
{
- "@id": "ai:metricDecisionThreshold",
- "@type": "owl:DatatypeProperty",
- "rdfs:comment": "Each metric might be computed based on a decision threshold. \nFor instance, precision or recall is typically computed by checking\nif the probability of the outcome is larger than 0.5.\nEach decision threshold should match with a metric field defined in the AI Package.",
- "rdfs:range": {
- "@id": "core:DictionaryEntry"
+ "@id": "ns1:import",
+ "@type": "owl:ObjectProperty",
+ "rdfs:comment": {
+ "@value": "Provides an ExternalMap of Element identifiers.",
+ "@language": "en"
},
- "ns0:term_status": "Stable"
+ "rdfs:range": {
+ "@id": "ns1:ExternalMap"
+ }
},
{
- "@id": "ai:modelDataPreprocessing",
+ "@id": "ns1:issuingAuthority",
"@type": "owl:DatatypeProperty",
- "rdfs:comment": "ModelDataPreprocessing is a free form text that describes the preprocessing steps\napplied to the training data before training of the model(s) contained in the AI software.",
+ "rdfs:comment": {
+ "@value": "An entity that is authorized to issue identification credentials.",
+ "@language": "en"
+ },
"rdfs:range": {
"@id": "xsd:string"
- },
- "ns0:term_status": "Stable"
+ }
},
{
- "@id": "ai:modelExplainability",
+ "@id": "ns1:key",
"@type": "owl:DatatypeProperty",
- "rdfs:comment": "ModelExplainability is a free form text that lists the different explainability mechanisms\n(such as SHAP, or other model specific explainability mechanisms) that can be used to explain the model.",
+ "rdfs:comment": {
+ "@value": "A key used in a generic key-value pair.",
+ "@language": "en"
+ },
"rdfs:range": {
"@id": "xsd:string"
- },
- "ns0:term_status": "Stable"
+ }
},
{
- "@id": "ai:safetyRiskAssessment",
+ "@id": "ns1:locationHint",
"@type": "owl:DatatypeProperty",
- "rdfs:comment": "SafetyRiskAssessment categorizes the safety risk impact of the AI software\nin accordance with Article 20 of [EC Regulation No 765/2008](https://ec.europa.eu/docsroom/documents/17107/attachments/1/translations/en/renditions/pdf).",
- "rdfs:range": {
- "@id": "ai:SafetyRiskAssessmentType"
+ "rdfs:comment": {
+ "@value": "Provides an indication of where to retrieve an external Element.",
+ "@language": "en"
},
- "ns0:term_status": "Stable"
+ "rdfs:range": {
+ "@id": "xsd:anyURI"
+ }
},
{
- "@id": "ai:sensitivePersonalInformation",
+ "@id": "ns1:locator",
"@type": "owl:DatatypeProperty",
- "rdfs:comment": "SensitivePersonalInformation notes if sensitive personal information\nis used in the training or inference of the AI models.\nThis might include biometric data, addresses or other data that can be used to infer a person's identity.",
- "rdfs:range": {
- "@id": "ai:PresenceType"
+ "rdfs:comment": {
+ "@value": "Provides the location of an external reference.",
+ "@language": "en"
},
- "ns0:term_status": "Stable"
+ "rdfs:range": {
+ "@id": "xsd:string"
+ }
},
{
- "@id": "ai:standardCompliance",
+ "@id": "ns1:name",
"@type": "owl:DatatypeProperty",
- "rdfs:comment": "StandardCompliance captures a standard that the AI software complies with. \nThis includes both published and unpublished standards, for example ISO, IEEE, ETSI etc. \nThe standard could (but not necessarily have to) be used to satisfy a legal or regulatory requirement.",
+ "rdfs:comment": {
+ "@value": "Identifies the name of an Element as designated by the creator.",
+ "@language": "en"
+ },
"rdfs:range": {
"@id": "xsd:string"
- },
- "ns0:term_status": "Stable"
+ }
},
{
- "@id": "ai:typeOfModel",
+ "@id": "ns1:namespace",
"@type": "owl:DatatypeProperty",
- "rdfs:comment": "TypeOfModel records the type of the AI model(s) used in the software. \nFor instance, if it is a supervised model, unsupervised model, reinforcement learning model or a combination of those.",
- "rdfs:range": {
- "@id": "xsd:string"
+ "rdfs:comment": {
+ "@value": "Provides an unambiguous mechanism for conveying a URI fragment portion of an\nElement ID.",
+ "@language": "en"
},
- "ns0:term_status": "Stable"
- },
- {
- "@id": "build:buildEndTime",
- "@type": "owl:DatatypeProperty",
- "rdfs:comment": "buildEndTime describes the time at which a build stops or finishes. This value is typically recorded by the builder.",
"rdfs:range": {
- "@id": "core:DateTime"
- },
- "ns0:term_status": "Stable"
+ "@id": "xsd:anyURI"
+ }
},
{
- "@id": "build:buildId",
- "@type": "owl:DatatypeProperty",
- "rdfs:comment": "A buildId is a locally unique identifier to identify a unique instance of a build. This identifier differs based on build toolchain, platform, or naming convention used by an organization or standard.",
- "rdfs:range": {
- "@id": "xsd:string"
+ "@id": "ns1:namespaceMap",
+ "@type": "owl:ObjectProperty",
+ "rdfs:comment": {
+ "@value": "Provides a NamespaceMap of prefixes and associated namespace partial URIs applicable to an SpdxDocument and independent of any specific serialization format or instance.",
+ "@language": "en"
},
- "ns0:term_status": "Stable"
- },
- {
- "@id": "build:buildStartTime",
- "@type": "owl:DatatypeProperty",
- "rdfs:comment": "buildStartTime is the time at which a build is triggered. The builder typically records this value.",
"rdfs:range": {
- "@id": "core:DateTime"
- },
- "ns0:term_status": "Stable"
+ "@id": "ns1:NamespaceMap"
+ }
},
{
- "@id": "build:buildType",
- "@type": "owl:DatatypeProperty",
- "rdfs:comment": "A buildType is a URI expressing the toolchain, platform, or infrastructure that the build was invoked on. For example, if the build was invoked on GitHub's CI platform using github actions, the buildType can be expressed as `https://github.com/actions`. In contrast, if the build was invoked on a local machine, the buildType can be expressed as `file://username@host/path/to/build`.",
- "rdfs:range": {
- "@id": "xsd:anyURI"
+ "@id": "ns1:originatedBy",
+ "@type": "owl:ObjectProperty",
+ "rdfs:comment": {
+ "@value": "Identifies from where or whom the Element originally came.",
+ "@language": "en"
},
- "ns0:term_status": "Stable"
- },
- {
- "@id": "build:configSourceDigest",
- "@type": "owl:DatatypeProperty",
- "rdfs:comment": "configSourceDigest is the checksum of the build configuration file used by a builder to execute a build. This Property uses the Core model's [Hash](../../Core/Classes/Hash.md) class.",
"rdfs:range": {
- "@id": "core:Hash"
- },
- "ns0:term_status": "Stable"
+ "@id": "ns1:Agent"
+ }
},
{
- "@id": "build:configSourceEntrypoint",
+ "@id": "ns1:packageVerificationCodeExcludedFile",
"@type": "owl:DatatypeProperty",
- "rdfs:comment": "A build entrypoint is the invoked executable of a build which always runs when the build is triggered. For example, when a build is triggered by running a shell script, the entrypoint is `script.sh`. In terms of a declared build, the entrypoint is the position in a configuration file or a build declaration which is always run when the build is triggered. For example, in the following configuration file, the entrypoint of the build is `publish`.\n\n```\nname: Publish packages to PyPI\n\non:\ncreate:\ntags: \"*\"\n\njobs:\npublish:\nruns-on: ubuntu-latest\nif: startsWith(github.ref, 'refs/tags/')\nsteps:\n\n...\n```",
+ "rdfs:comment": {
+ "@value": "The relative file name of a file to be excluded from the\n`PackageVerificationCode`.",
+ "@language": "en"
+ },
"rdfs:range": {
"@id": "xsd:string"
- },
- "ns0:term_status": "Stable"
+ }
},
{
- "@id": "build:configSourceUri",
+ "@id": "ns1:prefix",
"@type": "owl:DatatypeProperty",
- "rdfs:comment": "If a build configuration exists for the toolchain or platform performing the build, the configSourceUri of a build is the URI of that build configuration. For example, a build triggered by a GitHub action is defined by a build configuration YAML file. In this case, the configSourceUri is the URL of that YAML file. \nm",
- "rdfs:range": {
- "@id": "xsd:anyURI"
+ "rdfs:comment": {
+ "@value": "A substitute for a URI.",
+ "@language": "en"
},
- "ns0:term_status": "Stable"
- },
- {
- "@id": "build:environment",
- "@type": "owl:DatatypeProperty",
- "rdfs:comment": "environment is a map of environment variables and values that are set during a build session. This is different from the [parameters](parameters.md) property in that it describes the environment variables set before a build is invoked rather than the variables provided to the builder.",
"rdfs:range": {
- "@id": "core:DictionaryEntry"
- },
- "ns0:term_status": "Stable"
+ "@id": "xsd:string"
+ }
},
{
- "@id": "build:parameters",
- "@type": "owl:DatatypeProperty",
- "rdfs:comment": "parameters is a key-value map of all build parameters and their values that were provided to the builder for a build instance. This is different from the [environment](environment.md) property in that the keys and values are provided as command line arguments or a configuration file to the builder.",
- "rdfs:range": {
- "@id": "core:DictionaryEntry"
+ "@id": "ns1:profileConformance",
+ "@type": "owl:ObjectProperty",
+ "rdfs:comment": {
+ "@value": "Describes one a profile which the creator of this ElementCollection intends to\nconform to.",
+ "@language": "en"
},
- "ns0:term_status": "Stable"
+ "rdfs:range": {
+ "@id": "ns1:ProfileIdentifierType"
+ }
},
{
- "@id": "core:Artifact",
- "@type": [
- "owl:Class",
- "sh:NodeShape"
- ],
- "rdfs:comment": "An artifact is a distinct article or unit within the digital domain,\nsuch as an electronic file, a software package, a device or an element of data.",
- "rdfs:subClassOf": {
- "@id": "core:Element"
+ "@id": "ns1:relationshipType",
+ "@type": "owl:ObjectProperty",
+ "rdfs:comment": {
+ "@value": "Information about the relationship between two Elements.",
+ "@language": "en"
},
- "ns0:term_status": "Stable",
- "sh:property": [
- {
- "sh:datatype": {
- "@id": "core:DateTime"
- },
- "sh:maxCount": 1,
- "sh:name": "validUntilTime",
- "sh:path": {
- "@id": "core:validUntilTime"
- }
- },
- {
- "sh:class": {
- "@id": "core:Agent"
- },
- "sh:name": "originatedBy",
- "sh:path": {
- "@id": "core:originatedBy"
- }
- },
- {
- "sh:class": {
- "@id": "core:Agent"
- },
- "sh:name": "suppliedBy",
- "sh:path": {
- "@id": "core:suppliedBy"
- }
- },
- {
- "sh:datatype": {
- "@id": "core:DateTime"
- },
- "sh:maxCount": 1,
- "sh:name": "builtTime",
- "sh:path": {
- "@id": "core:builtTime"
- }
- },
- {
- "sh:datatype": {
- "@id": "core:DateTime"
- },
- "sh:maxCount": 1,
- "sh:name": "releaseTime",
- "sh:path": {
- "@id": "core:releaseTime"
- }
- },
- {
- "sh:datatype": {
- "@id": "xsd:string"
- },
- "sh:name": "standard",
- "sh:path": {
- "@id": "core:standard"
- }
- }
- ]
+ "rdfs:range": {
+ "@id": "ns1:RelationshipType"
+ }
},
{
- "@id": "core:Bom",
- "@type": [
- "owl:Class",
- "sh:NodeShape"
- ],
- "rdfs:comment": "A Bill Of Materials (BOM) is a container for a grouping of SPDX-3.0 content\ncharacterizing details about a product.\nThis could include details of the content and composition of the product,\nprovenence details of the product and/or\nits composition, licensing information, known quality or security issues, etc.",
- "rdfs:subClassOf": {
- "@id": "core:Bundle"
+ "@id": "ns1:releaseTime",
+ "@type": "owl:DatatypeProperty",
+ "rdfs:comment": {
+ "@value": "Specifies the time an artifact was released.",
+ "@language": "en"
},
- "ns0:term_status": "Stable"
+ "rdfs:range": {
+ "@id": "xsd:dateTimeStamp"
+ }
},
{
- "@id": "core:ElementCollection",
- "@type": [
- "owl:Class",
- "sh:NodeShape"
- ],
- "rdfs:comment": "An SpdxCollection is a collection of Elements, not necessarily with unifying context.",
- "rdfs:subClassOf": {
- "@id": "core:Element"
+ "@id": "ns1:rootElement",
+ "@type": "owl:ObjectProperty",
+ "rdfs:comment": {
+ "@value": "This property is used to denote the root Element(s) of a tree of elements contained in a BOM.",
+ "@language": "en"
},
- "ns0:term_status": "Stable",
- "sh:property": [
- {
- "sh:class": {
- "@id": "core:ExternalMap"
- },
- "sh:name": "imports",
- "sh:path": {
- "@id": "core:imports"
- }
- },
- {
- "sh:class": {
- "@id": "core:Element"
- },
- "sh:minCount": 1,
- "sh:name": "rootElement",
- "sh:path": {
- "@id": "core:rootElement"
- }
- },
- {
- "sh:class": {
- "@id": "core:NamespaceMap"
- },
- "sh:name": "namespaces",
- "sh:path": {
- "@id": "core:namespaces"
- }
- },
- {
- "sh:class": {
- "@id": "core:Element"
- },
- "sh:minCount": 1,
- "sh:name": "element",
- "sh:path": {
- "@id": "core:element"
- }
- }
- ]
+ "rdfs:range": {
+ "@id": "ns1:Element"
+ }
},
{
- "@id": "core:LifecycleScopedRelationship",
- "@type": [
- "owl:Class",
- "sh:NodeShape"
- ],
- "rdfs:comment": "TODO",
- "rdfs:subClassOf": {
- "@id": "core:Relationship"
+ "@id": "ns1:scope",
+ "@type": "owl:ObjectProperty",
+ "rdfs:comment": {
+ "@value": "Capture the scope of information about a specific relationship between elements.",
+ "@language": "en"
},
- "ns0:term_status": "Stable",
- "sh:property": {
- "sh:class": {
- "@id": "core:LifecycleScopeType"
- },
- "sh:maxCount": 1,
- "sh:name": "scope",
- "sh:path": {
- "@id": "core:scope"
- }
+ "rdfs:range": {
+ "@id": "ns1:LifecycleScopeType"
}
},
{
- "@id": "core:algorithm",
+ "@id": "ns1:specVersion",
"@type": "owl:DatatypeProperty",
- "rdfs:comment": "An algorithm specifies the algorithm that was used for calculating the hash value.",
- "rdfs:range": {
- "@id": "core:HashAlgorithm"
+ "rdfs:comment": {
+ "@value": "Provides a reference number that can be used to understand how to parse and\ninterpret an Element.",
+ "@language": "en"
},
- "ns0:term_status": "Stable"
- },
- {
- "@id": "core:annotationType",
- "@type": "owl:DatatypeProperty",
- "rdfs:comment": "An annotationType describes the type of an annotation.",
"rdfs:range": {
- "@id": "core:AnnotationType"
- },
- "ns0:term_status": "Stable"
+ "@id": "xsd:string"
+ }
},
{
- "@id": "core:begin",
+ "@id": "ns1:standardName",
"@type": "owl:DatatypeProperty",
- "rdfs:comment": "begin is a positive integer that defines the beginning of a range.",
- "rdfs:range": {
- "@id": "xsd:positiveInteger"
+ "rdfs:comment": {
+ "@value": "The name of a relevant standard that may apply to an artifact.",
+ "@language": "en"
},
- "ns0:term_status": "Stable"
- },
- {
- "@id": "core:builtTime",
- "@type": "owl:DatatypeProperty",
- "rdfs:comment": "A builtTime specifies the time an artifact was built.",
"rdfs:range": {
- "@id": "core:DateTime"
- },
- "ns0:term_status": "Stable"
+ "@id": "xsd:string"
+ }
},
{
- "@id": "core:completeness",
+ "@id": "ns1:startTime",
"@type": "owl:DatatypeProperty",
- "rdfs:comment": "Completeness gives information about whether the provided relationships are\ncomplete, known to be incomplete or if no assertion is made either way.",
- "rdfs:range": {
- "@id": "core:RelationshipCompleteness"
+ "rdfs:comment": {
+ "@value": "Specifies the time from which an element is applicable / valid.",
+ "@language": "en"
},
- "ns0:term_status": "Stable"
- },
- {
- "@id": "core:context",
- "@type": "owl:DatatypeProperty",
- "rdfs:comment": "A context gives information about the circumstances or unifying properties\nthat Elements of the bundle have been assembled under.",
"rdfs:range": {
- "@id": "xsd:string"
- },
- "ns0:term_status": "Stable"
+ "@id": "xsd:dateTimeStamp"
+ }
},
{
- "@id": "core:created",
+ "@id": "ns1:statement",
"@type": "owl:DatatypeProperty",
- "rdfs:comment": "Created is a date that identifies when the Element was originally created.\nThe time stamp can serve as an indication as to whether the analysis needs to be updated. This is often the date of last change (e.g., a git commit date), not the date when the SPDX data was created, as doing so supports reproducible builds.",
- "rdfs:range": {
- "@id": "core:DateTime"
+ "rdfs:comment": {
+ "@value": "Commentary on an assertion that an annotator has made.",
+ "@language": "en"
},
- "ns0:term_status": "Stable"
- },
- {
- "@id": "core:createdBy",
- "@type": "owl:ObjectProperty",
- "rdfs:comment": "CreatedBy identifies who or what created the Element.\nThe generation method will assist the recipient of the Element in assessing\nthe general reliability/accuracy of the analysis information.",
"rdfs:range": {
- "@id": "core:Agent"
- },
- "ns0:term_status": "Stable"
+ "@id": "xsd:string"
+ }
},
{
- "@id": "core:createdUsing",
+ "@id": "ns1:subject",
"@type": "owl:ObjectProperty",
- "rdfs:comment": "CreatedUsing identifies the tooling that was used during the creation of the Element.\nThe generation method will assist the recipient of the Element in assessing\nthe general reliability/accuracy of the analysis information.",
- "rdfs:range": {
- "@id": "core:Tool"
+ "rdfs:comment": {
+ "@value": "An Element an annotator has made an assertion about.",
+ "@language": "en"
},
- "ns0:term_status": "Stable"
+ "rdfs:range": {
+ "@id": "ns1:Element"
+ }
},
{
- "@id": "core:dataLicense",
+ "@id": "ns1:summary",
"@type": "owl:DatatypeProperty",
- "rdfs:comment": "The data license provides the license under which the SPDX documentation of the Element can be used.\nThis is to alleviate any concern that content (the data or database) in an SPDX file\nis subject to any form of intellectual property right that could restrict the re-use\nof the information or the creation of another SPDX file for the same project(s).\nThis approach avoids intellectual property and related restrictions over the SPDX file,\nhowever individuals can still contract with each other to restrict release\nof specific collections of SPDX files (which map to software bill of materials)\nand the identification of the supplier of SPDX files.\nCompliance with this document includes populating the SPDX fields therein\nwith data related to such fields (\"SPDX-Metadata\"). \nThis document contains numerous fields where an SPDX file creator may provide\nrelevant explanatory text in SPDX-Metadata. Without opining on the lawfulness\nof \"database rights\" (in jurisdictions where applicable),\nsuch explanatory text is copyrightable subject matter in most Berne Convention countries.\nBy using the SPDX specification, or any portion hereof,\nyou hereby agree that any copyright rights (as determined by your jurisdiction)\nin any SPDX-Metadata, including without limitation explanatory text,\nshall be subject to the terms of the Creative Commons CC0 1.0 Universal license. \nFor SPDX-Metadata not containing any copyright rights, \nyou hereby agree and acknowledge that the SPDX-Metadata is provided to you “as-is”\nand without any representations or warranties of any kind concerning the SPDX-Metadata,\nexpress, implied, statutory or otherwise, including without limitation warranties\nof title, merchantability, fitness for a particular purpose, non-infringement,\nor the absence of latent or other defects, accuracy, or the presence or absence of errors,\nwhether or not discoverable, all to the greatest extent permissible under applicable law.",
+ "rdfs:comment": {
+ "@value": "A short description of an Element.",
+ "@language": "en"
+ },
"rdfs:range": {
"@id": "xsd:string"
- },
- "ns0:term_status": "Stable"
+ }
},
{
- "@id": "core:definingDocument",
- "@type": "owl:DatatypeProperty",
- "rdfs:comment": "A definingDocument property is used to link an Element identifier to an SpdxDocument which contains the definition for the Element.",
- "rdfs:range": {
- "@id": "xsd:anyURI"
+ "@id": "ns1:supportLevel",
+ "@type": "owl:ObjectProperty",
+ "rdfs:comment": {
+ "@value": "Specifies the level of support associated with an artifact.",
+ "@language": "en"
},
- "ns0:term_status": "Stable"
- },
- {
- "@id": "core:description",
- "@type": "owl:DatatypeProperty",
- "rdfs:comment": "This field is a detailed description of the Element. It may also be extracted from the Element itself.\nThe intent is to provide recipients of the SPDX file with a detailed technical explanation\nof the functionality, anticipated use, and anticipated implementation of the Element.\nThis field may also include a description of improvements over prior versions of the Element.",
"rdfs:range": {
- "@id": "xsd:string"
- },
- "ns0:term_status": "Stable"
+ "@id": "ns1:SupportType"
+ }
},
{
- "@id": "core:element",
+ "@id": "ns1:to",
"@type": "owl:ObjectProperty",
- "rdfs:comment": "This field refers to one or more Elements that are part of an ElementCollection.",
- "rdfs:range": {
- "@id": "core:Element"
+ "rdfs:comment": {
+ "@value": "References an Element on the right-hand side of a relationship.",
+ "@language": "en"
},
- "ns0:term_status": "Stable"
+ "rdfs:range": {
+ "@id": "ns1:Element"
+ }
},
{
- "@id": "core:end",
+ "@id": "ns1:validUntilTime",
"@type": "owl:DatatypeProperty",
- "rdfs:comment": "end is a positive integer that defines the end of a range.",
- "rdfs:range": {
- "@id": "xsd:positiveInteger"
+ "rdfs:comment": {
+ "@value": "Specifies until when the artifact can be used before its usage needs to be\nreassessed.",
+ "@language": "en"
},
- "ns0:term_status": "Stable"
+ "rdfs:range": {
+ "@id": "xsd:dateTimeStamp"
+ }
},
{
- "@id": "core:endTime",
+ "@id": "ns1:value",
"@type": "owl:DatatypeProperty",
- "rdfs:comment": "A endTime specifies the time from which element is no applicable / valid.",
- "rdfs:range": {
- "@id": "core:DateTime"
+ "rdfs:comment": {
+ "@value": "A value used in a generic key-value pair.",
+ "@language": "en"
},
- "ns0:term_status": "Stable"
+ "rdfs:range": {
+ "@id": "xsd:string"
+ }
},
{
- "@id": "core:extension",
- "rdfs:comment": "TODO",
- "ns0:term_status": "Stable"
+ "@id": "https://spdx.org/rdf/3.0.1/terms/Dataset/ConfidentialityLevelType/amber",
+ "@type": [
+ "owl:NamedIndividual",
+ "ns3:ConfidentialityLevelType"
+ ],
+ "rdfs:label": "amber",
+ "rdfs:comment": {
+ "@value": "Data points in the dataset can be shared only with specific organizations and their clients on a need to know basis.",
+ "@language": "en"
+ }
},
{
- "@id": "core:externalId",
- "@type": "owl:DatatypeProperty",
- "rdfs:comment": "ExternalId identifies an external Element used within a Document but defined external to that Document.",
- "rdfs:range": {
- "@id": "xsd:anyURI"
- },
- "ns0:term_status": "Stable"
+ "@id": "https://spdx.org/rdf/3.0.1/terms/Dataset/ConfidentialityLevelType/clear",
+ "@type": [
+ "owl:NamedIndividual",
+ "ns3:ConfidentialityLevelType"
+ ],
+ "rdfs:label": "clear",
+ "rdfs:comment": {
+ "@value": "Dataset may be distributed freely, without restriction.",
+ "@language": "en"
+ }
},
{
- "@id": "core:externalIdentifier",
- "@type": "owl:ObjectProperty",
- "rdfs:comment": "ExternalIdentifier points to a resource outside the scope of SPDX-3.0 content\nthat uniquely identifies an Element.",
- "rdfs:range": {
- "@id": "core:ExternalIdentifier"
- },
- "ns0:term_status": "Stable"
+ "@id": "https://spdx.org/rdf/3.0.1/terms/Dataset/ConfidentialityLevelType/green",
+ "@type": [
+ "owl:NamedIndividual",
+ "ns3:ConfidentialityLevelType"
+ ],
+ "rdfs:label": "green",
+ "rdfs:comment": {
+ "@value": "Dataset can be shared within a community of peers and partners.",
+ "@language": "en"
+ }
},
{
- "@id": "core:externalIdentifierType",
- "@type": "owl:DatatypeProperty",
- "rdfs:comment": "An externalIdentifierType specifies the type of the external identifier.",
- "rdfs:range": {
- "@id": "core:ExternalIdentifierType"
- },
- "ns0:term_status": "Stable"
+ "@id": "https://spdx.org/rdf/3.0.1/terms/Dataset/ConfidentialityLevelType/red",
+ "@type": [
+ "owl:NamedIndividual",
+ "ns3:ConfidentialityLevelType"
+ ],
+ "rdfs:label": "red",
+ "rdfs:comment": {
+ "@value": "Data points in the dataset are highly confidential and can only be shared with named recipients.",
+ "@language": "en"
+ }
},
{
- "@id": "core:externalReference",
- "@type": "owl:ObjectProperty",
- "rdfs:comment": "This field points to a resource outside the scope of the SPDX-3.0 content\nthat provides additional characteristics of an Element.",
- "rdfs:range": {
- "@id": "core:ExternalReference"
- },
- "ns0:term_status": "Stable"
+ "@id": "https://spdx.org/rdf/3.0.1/terms/Dataset/DatasetAvailabilityType/clickthrough",
+ "@type": [
+ "owl:NamedIndividual",
+ "ns3:DatasetAvailabilityType"
+ ],
+ "rdfs:label": "clickthrough",
+ "rdfs:comment": {
+ "@value": "the dataset is not publicly available and can only be accessed after affirmatively accepting terms on a clickthrough webpage.",
+ "@language": "en"
+ }
},
{
- "@id": "core:externalReferenceType",
- "@type": "owl:DatatypeProperty",
- "rdfs:comment": "An externalReferenceType specifies the type of the external reference.",
- "rdfs:range": {
- "@id": "core:ExternalReferenceType"
- },
- "ns0:term_status": "Stable"
+ "@id": "https://spdx.org/rdf/3.0.1/terms/Dataset/DatasetAvailabilityType/directDownload",
+ "@type": [
+ "owl:NamedIndividual",
+ "ns3:DatasetAvailabilityType"
+ ],
+ "rdfs:label": "directDownload",
+ "rdfs:comment": {
+ "@value": "the dataset is publicly available and can be downloaded directly.",
+ "@language": "en"
+ }
},
{
- "@id": "core:from",
- "@type": "owl:ObjectProperty",
- "rdfs:comment": "This field references the Element on the left-hand side of a relationship.",
- "rdfs:range": {
- "@id": "core:Element"
- },
- "ns0:term_status": "Stable"
+ "@id": "https://spdx.org/rdf/3.0.1/terms/Dataset/DatasetAvailabilityType/query",
+ "@type": [
+ "owl:NamedIndividual",
+ "ns3:DatasetAvailabilityType"
+ ],
+ "rdfs:label": "query",
+ "rdfs:comment": {
+ "@value": "the dataset is publicly available, but not all at once, and can only be accessed through queries which return parts of the dataset.",
+ "@language": "en"
+ }
},
{
- "@id": "core:hashValue",
- "@type": "owl:DatatypeProperty",
- "rdfs:comment": "HashValue is the result of applying a hash algorithm to an Element.",
- "rdfs:range": {
- "@id": "xsd:string"
- },
- "ns0:term_status": "Stable"
+ "@id": "https://spdx.org/rdf/3.0.1/terms/Dataset/DatasetAvailabilityType/registration",
+ "@type": [
+ "owl:NamedIndividual",
+ "ns3:DatasetAvailabilityType"
+ ],
+ "rdfs:label": "registration",
+ "rdfs:comment": {
+ "@value": "the dataset is not publicly available and an email registration is required before accessing the dataset, although without an affirmative acceptance of terms.",
+ "@language": "en"
+ }
+ },
+ {
+ "@id": "https://spdx.org/rdf/3.0.1/terms/Dataset/DatasetAvailabilityType/scrapingScript",
+ "@type": [
+ "owl:NamedIndividual",
+ "ns3:DatasetAvailabilityType"
+ ],
+ "rdfs:label": "scrapingScript",
+ "rdfs:comment": {
+ "@value": "the dataset provider is not making available the underlying data and the dataset must be reassembled, typically using the provided script for scraping the data.",
+ "@language": "en"
+ }
+ },
+ {
+ "@id": "https://spdx.org/rdf/3.0.1/terms/Dataset/DatasetType/audio",
+ "@type": [
+ "owl:NamedIndividual",
+ "ns3:DatasetType"
+ ],
+ "rdfs:label": "audio",
+ "rdfs:comment": {
+ "@value": "data is audio based, such as a collection of music from the 80s.",
+ "@language": "en"
+ }
+ },
+ {
+ "@id": "https://spdx.org/rdf/3.0.1/terms/Dataset/DatasetType/categorical",
+ "@type": [
+ "owl:NamedIndividual",
+ "ns3:DatasetType"
+ ],
+ "rdfs:label": "categorical",
+ "rdfs:comment": {
+ "@value": "data that is classified into a discrete number of categories, such as the eye color of a population of people.",
+ "@language": "en"
+ }
+ },
+ {
+ "@id": "https://spdx.org/rdf/3.0.1/terms/Dataset/DatasetType/graph",
+ "@type": [
+ "owl:NamedIndividual",
+ "ns3:DatasetType"
+ ],
+ "rdfs:label": "graph",
+ "rdfs:comment": {
+ "@value": "data is in the form of a graph where entries are somehow related to each other through edges, such a social network of friends.",
+ "@language": "en"
+ }
+ },
+ {
+ "@id": "https://spdx.org/rdf/3.0.1/terms/Dataset/DatasetType/image",
+ "@type": [
+ "owl:NamedIndividual",
+ "ns3:DatasetType"
+ ],
+ "rdfs:label": "image",
+ "rdfs:comment": {
+ "@value": "data is a collection of images such as pictures of animals.",
+ "@language": "en"
+ }
+ },
+ {
+ "@id": "https://spdx.org/rdf/3.0.1/terms/Dataset/DatasetType/noAssertion",
+ "@type": [
+ "owl:NamedIndividual",
+ "ns3:DatasetType"
+ ],
+ "rdfs:label": "noAssertion",
+ "rdfs:comment": {
+ "@value": "data type is not known.",
+ "@language": "en"
+ }
+ },
+ {
+ "@id": "https://spdx.org/rdf/3.0.1/terms/Dataset/DatasetType/numeric",
+ "@type": [
+ "owl:NamedIndividual",
+ "ns3:DatasetType"
+ ],
+ "rdfs:label": "numeric",
+ "rdfs:comment": {
+ "@value": "data consists only of numeric entries.",
+ "@language": "en"
+ }
+ },
+ {
+ "@id": "https://spdx.org/rdf/3.0.1/terms/Dataset/DatasetType/other",
+ "@type": [
+ "owl:NamedIndividual",
+ "ns3:DatasetType"
+ ],
+ "rdfs:label": "other",
+ "rdfs:comment": {
+ "@value": "data is of a type not included in this list.",
+ "@language": "en"
+ }
+ },
+ {
+ "@id": "https://spdx.org/rdf/3.0.1/terms/Dataset/DatasetType/sensor",
+ "@type": [
+ "owl:NamedIndividual",
+ "ns3:DatasetType"
+ ],
+ "rdfs:label": "sensor",
+ "rdfs:comment": {
+ "@value": "data is recorded from a physical sensor, such as a thermometer reading or biometric device.",
+ "@language": "en"
+ }
+ },
+ {
+ "@id": "https://spdx.org/rdf/3.0.1/terms/Dataset/DatasetType/structured",
+ "@type": [
+ "owl:NamedIndividual",
+ "ns3:DatasetType"
+ ],
+ "rdfs:label": "structured",
+ "rdfs:comment": {
+ "@value": "data is stored in tabular format or retrieved from a relational database.",
+ "@language": "en"
+ }
},
{
- "@id": "core:identifier",
+ "@id": "https://spdx.org/rdf/3.0.1/terms/Dataset/DatasetType/syntactic",
+ "@type": [
+ "owl:NamedIndividual",
+ "ns3:DatasetType"
+ ],
+ "rdfs:label": "syntactic",
+ "rdfs:comment": {
+ "@value": "data describes the syntax or semantics of a language or text, such as a parse tree used for natural language processing.",
+ "@language": "en"
+ }
+ },
+ {
+ "@id": "https://spdx.org/rdf/3.0.1/terms/Dataset/DatasetType/text",
+ "@type": [
+ "owl:NamedIndividual",
+ "ns3:DatasetType"
+ ],
+ "rdfs:label": "text",
+ "rdfs:comment": {
+ "@value": "data consists of unstructured text, such as a book, Wikipedia article (without images), or transcript.",
+ "@language": "en"
+ }
+ },
+ {
+ "@id": "https://spdx.org/rdf/3.0.1/terms/Dataset/DatasetType/timeseries",
+ "@type": [
+ "owl:NamedIndividual",
+ "ns3:DatasetType"
+ ],
+ "rdfs:label": "timeseries",
+ "rdfs:comment": {
+ "@value": "data is recorded in an ordered sequence of timestamped entries, such as the price of a stock over the course of a day.",
+ "@language": "en"
+ }
+ },
+ {
+ "@id": "https://spdx.org/rdf/3.0.1/terms/Dataset/DatasetType/timestamp",
+ "@type": [
+ "owl:NamedIndividual",
+ "ns3:DatasetType"
+ ],
+ "rdfs:label": "timestamp",
+ "rdfs:comment": {
+ "@value": "data is recorded with a timestamp for each entry, but not necessarily ordered or at specific intervals, such as when a taxi ride starts and ends.",
+ "@language": "en"
+ }
+ },
+ {
+ "@id": "https://spdx.org/rdf/3.0.1/terms/Dataset/DatasetType/video",
+ "@type": [
+ "owl:NamedIndividual",
+ "ns3:DatasetType"
+ ],
+ "rdfs:label": "video",
+ "rdfs:comment": {
+ "@value": "data is video based, such as a collection of movie clips featuring Tom Hanks.",
+ "@language": "en"
+ }
+ },
+ {
+ "@id": "ns3:anonymizationMethodUsed",
"@type": "owl:DatatypeProperty",
- "rdfs:comment": "An identifier uniquely identifies an external element.",
+ "rdfs:comment": {
+ "@value": "Describes the anonymization methods used.",
+ "@language": "en"
+ },
"rdfs:range": {
"@id": "xsd:string"
- },
- "ns0:term_status": "Stable"
+ }
},
{
- "@id": "core:identifierLocator",
- "@type": "owl:DatatypeProperty",
- "rdfs:comment": "A identifierLocator is TODO",
- "rdfs:range": {
- "@id": "xsd:anyURI"
+ "@id": "ns3:confidentialityLevel",
+ "@type": "owl:ObjectProperty",
+ "rdfs:comment": {
+ "@value": "Describes the confidentiality level of the data points contained in the dataset.",
+ "@language": "en"
},
- "ns0:term_status": "Stable"
+ "rdfs:range": {
+ "@id": "ns3:ConfidentialityLevelType"
+ }
},
{
- "@id": "core:issuingAuthority",
+ "@id": "ns3:dataCollectionProcess",
"@type": "owl:DatatypeProperty",
- "rdfs:comment": "A issuingAuthority is TODO",
- "rdfs:range": {
- "@id": "xsd:anyURI"
+ "rdfs:comment": {
+ "@value": "Describes how the dataset was collected.",
+ "@language": "en"
},
- "ns0:term_status": "Stable"
+ "rdfs:range": {
+ "@id": "xsd:string"
+ }
},
{
- "@id": "core:key",
+ "@id": "ns3:dataPreprocessing",
"@type": "owl:DatatypeProperty",
- "rdfs:comment": "A key used in generic a key-value pair.\nA key-value pair can be used to implement a dictionary which associates a key with a value.",
+ "rdfs:comment": {
+ "@value": "Describes the preprocessing steps that were applied to the raw data to create the given dataset.",
+ "@language": "en"
+ },
"rdfs:range": {
"@id": "xsd:string"
+ }
+ },
+ {
+ "@id": "ns3:datasetAvailability",
+ "@type": "owl:ObjectProperty",
+ "rdfs:comment": {
+ "@value": "The field describes the availability of a dataset.",
+ "@language": "en"
},
- "ns0:term_status": "Stable"
+ "rdfs:range": {
+ "@id": "ns3:DatasetAvailabilityType"
+ }
},
{
- "@id": "core:locationHint",
+ "@id": "ns3:datasetNoise",
"@type": "owl:DatatypeProperty",
- "rdfs:comment": "A locationHint provides an indication of where to retrieve an external Element.",
- "rdfs:range": {
- "@id": "xsd:anyURI"
+ "rdfs:comment": {
+ "@value": "Describes potentially noisy elements of the dataset.",
+ "@language": "en"
},
- "ns0:term_status": "Stable"
+ "rdfs:range": {
+ "@id": "xsd:string"
+ }
},
{
- "@id": "core:locator",
+ "@id": "ns3:datasetSize",
"@type": "owl:DatatypeProperty",
- "rdfs:comment": "A locator provides the location of an external reference.",
+ "rdfs:comment": {
+ "@value": "Captures the size of the dataset.",
+ "@language": "en"
+ },
"rdfs:range": {
- "@id": "xsd:anyURI"
+ "@id": "xsd:nonNegativeInteger"
+ }
+ },
+ {
+ "@id": "ns3:datasetType",
+ "@type": "owl:ObjectProperty",
+ "rdfs:comment": {
+ "@value": "Describes the type of the given dataset.",
+ "@language": "en"
},
- "ns0:term_status": "Stable"
+ "rdfs:range": {
+ "@id": "ns3:DatasetType"
+ }
},
{
- "@id": "core:namespace",
+ "@id": "ns3:datasetUpdateMechanism",
"@type": "owl:DatatypeProperty",
- "rdfs:comment": "A namespace provides an unambiguous mechanism for other documents to reference Elements within this document.",
- "rdfs:range": {
- "@id": "xsd:anyURI"
+ "rdfs:comment": {
+ "@value": "Describes a mechanism to update the dataset.",
+ "@language": "en"
},
- "ns0:term_status": "Stable"
+ "rdfs:range": {
+ "@id": "xsd:string"
+ }
},
{
- "@id": "core:originatedBy",
+ "@id": "ns3:hasSensitivePersonalInformation",
"@type": "owl:ObjectProperty",
- "rdfs:comment": "OriginatedBy identifies from where or whom the Element originally came.",
- "rdfs:range": {
- "@id": "core:Agent"
+ "rdfs:comment": {
+ "@value": "Describes if any sensitive personal information is present in the dataset.",
+ "@language": "en"
},
- "ns0:term_status": "Stable"
+ "rdfs:range": {
+ "@id": "ns1:PresenceType"
+ }
},
{
- "@id": "core:prefix",
+ "@id": "ns3:intendedUse",
"@type": "owl:DatatypeProperty",
- "rdfs:comment": "A prefix is a substitute for a URI.",
+ "rdfs:comment": {
+ "@value": "Describes what the given dataset should be used for.",
+ "@language": "en"
+ },
"rdfs:range": {
"@id": "xsd:string"
- },
- "ns0:term_status": "Stable"
+ }
},
{
- "@id": "core:profile",
+ "@id": "ns3:knownBias",
"@type": "owl:DatatypeProperty",
- "rdfs:comment": "This field provides information about which profiles the Element belongs to.",
+ "rdfs:comment": {
+ "@value": "Records the biases that the dataset is known to encompass.",
+ "@language": "en"
+ },
"rdfs:range": {
- "@id": "core:ProfileIdentifierType"
+ "@id": "xsd:string"
+ }
+ },
+ {
+ "@id": "ns3:sensor",
+ "@type": "owl:ObjectProperty",
+ "rdfs:comment": {
+ "@value": "Describes a sensor used for collecting the data.",
+ "@language": "en"
},
- "ns0:term_status": "Stable"
+ "rdfs:range": {
+ "@id": "ns1:DictionaryEntry"
+ }
},
{
- "@id": "core:relationshipType",
+ "@id": "ns6:additionText",
"@type": "owl:DatatypeProperty",
- "rdfs:comment": "This field provides information about the relationship between two Elements.\nFor example, you can represent a relationship between two different Files,\nbetween a Package and a File, between two Packages, or between one SPDXDocument and another SPDXDocument.",
- "rdfs:range": {
- "@id": "core:RelationshipType"
+ "rdfs:comment": {
+ "@value": "Identifies the full text of a LicenseAddition.",
+ "@language": "en"
},
- "ns0:term_status": "Stable"
+ "rdfs:range": {
+ "@id": "xsd:string"
+ }
},
{
- "@id": "core:releaseTime",
+ "@id": "ns6:isDeprecatedAdditionId",
"@type": "owl:DatatypeProperty",
- "rdfs:comment": "A releaseTime specifies the time an artifact was released.",
- "rdfs:range": {
- "@id": "core:DateTime"
+ "rdfs:comment": {
+ "@value": "Specifies whether an additional text identifier has been marked as deprecated.",
+ "@language": "en"
},
- "ns0:term_status": "Stable"
+ "rdfs:range": {
+ "@id": "xsd:boolean"
+ }
},
{
- "@id": "core:rootElement",
- "@type": "owl:ObjectProperty",
- "rdfs:comment": "A rootElement of a collection is the top level Element from which all other Elements are reached via relationships.",
- "rdfs:range": {
- "@id": "core:Element"
+ "@id": "ns6:isDeprecatedLicenseId",
+ "@type": "owl:DatatypeProperty",
+ "rdfs:comment": {
+ "@value": "Specifies whether a license or additional text identifier has been marked as\ndeprecated.",
+ "@language": "en"
},
- "ns0:term_status": "Stable"
+ "rdfs:range": {
+ "@id": "xsd:boolean"
+ }
},
{
- "@id": "core:scope",
+ "@id": "ns6:isFsfLibre",
"@type": "owl:DatatypeProperty",
- "rdfs:comment": "A scope is TODO",
- "rdfs:range": {
- "@id": "core:LifecycleScopeType"
+ "rdfs:comment": {
+ "@value": "Specifies whether the License is listed as free by the\nFree Software Foundation (FSF).",
+ "@language": "en"
},
- "ns0:term_status": "Stable"
+ "rdfs:range": {
+ "@id": "xsd:boolean"
+ }
},
{
- "@id": "core:specVersion",
+ "@id": "ns6:isOsiApproved",
"@type": "owl:DatatypeProperty",
- "rdfs:comment": "The specVersion provides a reference number that can be used to understand how to parse and interpret an Element.\nIt will enable both future changes to the specification and to support backward compatibility.\nThe major version number shall be incremented when incompatible changes between versions are made\n(one or more sections are created, modified or deleted).\nThe minor version number shall be incremented when backwards compatible changes are made.\n\nHere, parties exchanging information in accordance with the SPDX specification need to provide \n100% transparency as to which SPDX specification version such information is conforming to.",
- "rdfs:range": {
- "@id": "core:SemVer"
+ "rdfs:comment": {
+ "@value": "Specifies whether the License is listed as approved by the\nOpen Source Initiative (OSI).",
+ "@language": "en"
},
- "ns0:term_status": "Stable"
+ "rdfs:range": {
+ "@id": "xsd:boolean"
+ }
},
{
- "@id": "core:standard",
+ "@id": "ns6:standardAdditionTemplate",
"@type": "owl:DatatypeProperty",
- "rdfs:comment": "Various standards may be relevant to useful to capture for specific artifacts.",
+ "rdfs:comment": {
+ "@value": "Identifies the full text of a LicenseAddition, in SPDX templating format.",
+ "@language": "en"
+ },
"rdfs:range": {
"@id": "xsd:string"
- },
- "ns0:term_status": "Stable"
+ }
},
{
- "@id": "core:startTime",
+ "@id": "ns6:standardLicenseHeader",
"@type": "owl:DatatypeProperty",
- "rdfs:comment": "A startTime specifies the time from which element is applicable / valid.",
- "rdfs:range": {
- "@id": "core:DateTime"
+ "rdfs:comment": {
+ "@value": "Provides a License author's preferred text to indicate that a file is covered\nby the License.",
+ "@language": "en"
},
- "ns0:term_status": "Stable"
+ "rdfs:range": {
+ "@id": "xsd:string"
+ }
},
{
- "@id": "core:statement",
+ "@id": "ns6:standardLicenseTemplate",
"@type": "owl:DatatypeProperty",
- "rdfs:comment": "A statement is a commentary on an assertion that an annotator has made.",
+ "rdfs:comment": {
+ "@value": "Identifies the full text of a License, in SPDX templating format.",
+ "@language": "en"
+ },
"rdfs:range": {
"@id": "xsd:string"
+ }
+ },
+ {
+ "@id": "ns6:subjectAddition",
+ "@type": "owl:ObjectProperty",
+ "rdfs:comment": {
+ "@value": "A LicenseAddition participating in a 'with addition' model.",
+ "@language": "en"
},
- "ns0:term_status": "Stable"
+ "rdfs:range": {
+ "@id": "ns6:LicenseAddition"
+ }
},
{
- "@id": "core:subject",
+ "@id": "ns6:subjectExtendableLicense",
"@type": "owl:ObjectProperty",
- "rdfs:comment": "A subject is an Element an annotator has made an assertion about.",
+ "rdfs:comment": {
+ "@value": "A License participating in a 'with addition' model.",
+ "@language": "en"
+ },
"rdfs:range": {
- "@id": "core:Element"
+ "@id": "ns6:ExtendableLicense"
+ }
+ },
+ {
+ "@id": "ns6:subjectLicense",
+ "@type": "owl:ObjectProperty",
+ "rdfs:comment": {
+ "@value": "A License participating in an 'or later' model.",
+ "@language": "en"
},
- "ns0:term_status": "Stable"
+ "rdfs:range": {
+ "@id": "ns6:License"
+ }
},
{
- "@id": "core:summary",
+ "@id": "https://spdx.org/rdf/3.0.1/terms/Extension/cdxPropName",
"@type": "owl:DatatypeProperty",
- "rdfs:comment": "A summary is a short description of an Element. Here, the intent is to allow the Element creator to \nprovide concise information about the function or use of the Element.",
+ "rdfs:comment": {
+ "@value": "A name used in a CdxPropertyEntry name-value pair.",
+ "@language": "en"
+ },
"rdfs:range": {
"@id": "xsd:string"
+ }
+ },
+ {
+ "@id": "https://spdx.org/rdf/3.0.1/terms/Extension/cdxPropValue",
+ "@type": "owl:DatatypeProperty",
+ "rdfs:comment": {
+ "@value": "A value used in a CdxPropertyEntry name-value pair.",
+ "@language": "en"
},
- "ns0:term_status": "Stable"
+ "rdfs:range": {
+ "@id": "xsd:string"
+ }
},
{
- "@id": "core:suppliedBy",
+ "@id": "https://spdx.org/rdf/3.0.1/terms/Extension/cdxProperty",
"@type": "owl:ObjectProperty",
- "rdfs:comment": "Identify the actual distribution source for the Artifact being referenced.\nThis might or might not be different from the originating distribution source for the artifact.",
- "rdfs:range": {
- "@id": "core:Agent"
+ "rdfs:comment": {
+ "@value": "Provides a map of a property names to a values.",
+ "@language": "en"
},
- "ns0:term_status": "Stable"
+ "rdfs:range": {
+ "@id": "https://spdx.org/rdf/3.0.1/terms/Extension/CdxPropertyEntry"
+ }
+ },
+ {
+ "@id": "https://spdx.org/rdf/3.0.1/terms/Security/ExploitCatalogType/kev",
+ "@type": [
+ "owl:NamedIndividual",
+ "ns5:ExploitCatalogType"
+ ],
+ "rdfs:label": "kev",
+ "rdfs:comment": {
+ "@value": "CISA's Known Exploited Vulnerability (KEV) Catalog",
+ "@language": "en"
+ }
+ },
+ {
+ "@id": "https://spdx.org/rdf/3.0.1/terms/Security/ExploitCatalogType/other",
+ "@type": [
+ "owl:NamedIndividual",
+ "ns5:ExploitCatalogType"
+ ],
+ "rdfs:label": "other",
+ "rdfs:comment": {
+ "@value": "Other exploit catalogs",
+ "@language": "en"
+ }
+ },
+ {
+ "@id": "https://spdx.org/rdf/3.0.1/terms/Security/SsvcDecisionType/act",
+ "@type": [
+ "owl:NamedIndividual",
+ "ns5:SsvcDecisionType"
+ ],
+ "rdfs:label": "act",
+ "rdfs:comment": {
+ "@value": "The vulnerability requires attention from the organization's internal, supervisory-level and leadership-level individuals. Necessary actions include requesting assistance or information about the vulnerability, as well as publishing a notification either internally and/or externally. Typically, internal groups would meet to determine the overall response and then execute agreed upon actions. CISA recommends remediating Act vulnerabilities as soon as possible.",
+ "@language": "en"
+ }
+ },
+ {
+ "@id": "https://spdx.org/rdf/3.0.1/terms/Security/SsvcDecisionType/attend",
+ "@type": [
+ "owl:NamedIndividual",
+ "ns5:SsvcDecisionType"
+ ],
+ "rdfs:label": "attend",
+ "rdfs:comment": {
+ "@value": "The vulnerability requires attention from the organization's internal, supervisory-level individuals. Necessary actions include requesting assistance or information about the vulnerability, and may involve publishing a notification either internally and/or externally. CISA recommends remediating Attend vulnerabilities sooner than standard update timelines.",
+ "@language": "en"
+ }
+ },
+ {
+ "@id": "https://spdx.org/rdf/3.0.1/terms/Security/SsvcDecisionType/track",
+ "@type": [
+ "owl:NamedIndividual",
+ "ns5:SsvcDecisionType"
+ ],
+ "rdfs:label": "track",
+ "rdfs:comment": {
+ "@value": "The vulnerability does not require action at this time. The organization would continue to track the vulnerability and reassess it if new information becomes available. CISA recommends remediating Track vulnerabilities within standard update timelines.",
+ "@language": "en"
+ }
+ },
+ {
+ "@id": "https://spdx.org/rdf/3.0.1/terms/Security/SsvcDecisionType/trackStar",
+ "@type": [
+ "owl:NamedIndividual",
+ "ns5:SsvcDecisionType"
+ ],
+ "rdfs:label": "trackStar",
+ "rdfs:comment": {
+ "@value": "(\"Track\\*\" in the SSVC spec) The vulnerability contains specific characteristics that may require closer monitoring for changes. CISA recommends remediating Track\\* vulnerabilities within standard update timelines.",
+ "@language": "en"
+ }
+ },
+ {
+ "@id": "https://spdx.org/rdf/3.0.1/terms/Security/VexJustificationType/componentNotPresent",
+ "@type": [
+ "owl:NamedIndividual",
+ "ns5:VexJustificationType"
+ ],
+ "rdfs:label": "componentNotPresent",
+ "rdfs:comment": {
+ "@value": "The software is not affected because the vulnerable component is not in the product.",
+ "@language": "en"
+ }
+ },
+ {
+ "@id": "https://spdx.org/rdf/3.0.1/terms/Security/VexJustificationType/inlineMitigationsAlreadyExist",
+ "@type": [
+ "owl:NamedIndividual",
+ "ns5:VexJustificationType"
+ ],
+ "rdfs:label": "inlineMitigationsAlreadyExist",
+ "rdfs:comment": {
+ "@value": "Built-in inline controls or mitigations prevent an adversary from leveraging the vulnerability.",
+ "@language": "en"
+ }
+ },
+ {
+ "@id": "https://spdx.org/rdf/3.0.1/terms/Security/VexJustificationType/vulnerableCodeCannotBeControlledByAdversary",
+ "@type": [
+ "owl:NamedIndividual",
+ "ns5:VexJustificationType"
+ ],
+ "rdfs:label": "vulnerableCodeCannotBeControlledByAdversary",
+ "rdfs:comment": {
+ "@value": "The vulnerable component is present, and the component contains the vulnerable code. However, vulnerable code is used in such a way that an attacker cannot mount any anticipated attack.",
+ "@language": "en"
+ }
+ },
+ {
+ "@id": "https://spdx.org/rdf/3.0.1/terms/Security/VexJustificationType/vulnerableCodeNotInExecutePath",
+ "@type": [
+ "owl:NamedIndividual",
+ "ns5:VexJustificationType"
+ ],
+ "rdfs:label": "vulnerableCodeNotInExecutePath",
+ "rdfs:comment": {
+ "@value": "The affected code is not reachable through the execution of the code, including non-anticipated states of the product.",
+ "@language": "en"
+ }
+ },
+ {
+ "@id": "https://spdx.org/rdf/3.0.1/terms/Security/VexJustificationType/vulnerableCodeNotPresent",
+ "@type": [
+ "owl:NamedIndividual",
+ "ns5:VexJustificationType"
+ ],
+ "rdfs:label": "vulnerableCodeNotPresent",
+ "rdfs:comment": {
+ "@value": "The product is not affected because the code underlying the vulnerability is not present in the product.",
+ "@language": "en"
+ }
+ },
+ {
+ "@id": "ns5:actionStatement",
+ "@type": "owl:DatatypeProperty",
+ "rdfs:comment": {
+ "@value": "Provides advise on how to mitigate or remediate a vulnerability when a VEX product\nis affected by it.",
+ "@language": "en"
+ },
+ "rdfs:range": {
+ "@id": "xsd:string"
+ }
+ },
+ {
+ "@id": "ns5:actionStatementTime",
+ "@type": "owl:DatatypeProperty",
+ "rdfs:comment": {
+ "@value": "Records the time when a recommended action was communicated in a VEX statement\nto mitigate a vulnerability.",
+ "@language": "en"
+ },
+ "rdfs:range": {
+ "@id": "xsd:dateTimeStamp"
+ }
+ },
+ {
+ "@id": "ns5:assessedElement",
+ "@type": "owl:ObjectProperty",
+ "rdfs:comment": {
+ "@value": "Specifies an Element contained in a piece of software where a vulnerability was\nfound.",
+ "@language": "en"
+ },
+ "rdfs:range": {
+ "@id": "ns1:Element"
+ }
+ },
+ {
+ "@id": "ns5:catalogType",
+ "@type": "owl:ObjectProperty",
+ "rdfs:comment": {
+ "@value": "Specifies the exploit catalog type.",
+ "@language": "en"
+ },
+ "rdfs:range": {
+ "@id": "ns5:ExploitCatalogType"
+ }
+ },
+ {
+ "@id": "ns5:decisionType",
+ "@type": "owl:ObjectProperty",
+ "rdfs:comment": {
+ "@value": "Provide the enumeration of possible decisions in the\n[Stakeholder-Specific Vulnerability Categorization (SSVC) decision tree](https://www.cisa.gov/stakeholder-specific-vulnerability-categorization-ssvc).",
+ "@language": "en"
+ },
+ "rdfs:range": {
+ "@id": "ns5:SsvcDecisionType"
+ }
+ },
+ {
+ "@id": "ns5:exploited",
+ "@type": "owl:DatatypeProperty",
+ "rdfs:comment": {
+ "@value": "Describe that a CVE is known to have an exploit because it's been listed in an exploit catalog.",
+ "@language": "en"
+ },
+ "rdfs:range": {
+ "@id": "xsd:boolean"
+ }
+ },
+ {
+ "@id": "ns5:impactStatement",
+ "@type": "owl:DatatypeProperty",
+ "rdfs:comment": {
+ "@value": "Explains why a VEX product is not affected by a vulnerability. It is an\nalternative in VexNotAffectedVulnAssessmentRelationship to the machine-readable\njustification label.",
+ "@language": "en"
+ },
+ "rdfs:range": {
+ "@id": "xsd:string"
+ }
+ },
+ {
+ "@id": "ns5:impactStatementTime",
+ "@type": "owl:DatatypeProperty",
+ "rdfs:comment": {
+ "@value": "Timestamp of impact statement.",
+ "@language": "en"
+ },
+ "rdfs:range": {
+ "@id": "xsd:dateTimeStamp"
+ }
+ },
+ {
+ "@id": "ns5:justificationType",
+ "@type": "owl:ObjectProperty",
+ "rdfs:comment": {
+ "@value": "Impact justification label to be used when linking a vulnerability to an element\nrepresenting a VEX product with a VexNotAffectedVulnAssessmentRelationship\nrelationship.",
+ "@language": "en"
+ },
+ "rdfs:range": {
+ "@id": "ns5:VexJustificationType"
+ }
+ },
+ {
+ "@id": "ns5:locator",
+ "@type": "owl:DatatypeProperty",
+ "rdfs:comment": {
+ "@value": "Provides the location of an exploit catalog.",
+ "@language": "en"
+ },
+ "rdfs:range": {
+ "@id": "xsd:anyURI"
+ }
+ },
+ {
+ "@id": "ns5:percentile",
+ "@type": "owl:DatatypeProperty",
+ "rdfs:comment": {
+ "@value": "The percentile of the current probability score.",
+ "@language": "en"
+ },
+ "rdfs:range": {
+ "@id": "xsd:decimal"
+ }
+ },
+ {
+ "@id": "ns5:probability",
+ "@type": "owl:DatatypeProperty",
+ "rdfs:comment": {
+ "@value": "A probability score between 0 and 1 of a vulnerability being exploited.",
+ "@language": "en"
+ },
+ "rdfs:range": {
+ "@id": "xsd:decimal"
+ }
+ },
+ {
+ "@id": "ns5:statusNotes",
+ "@type": "owl:DatatypeProperty",
+ "rdfs:comment": {
+ "@value": "Conveys information about how VEX status was determined.",
+ "@language": "en"
+ },
+ "rdfs:range": {
+ "@id": "xsd:string"
+ }
+ },
+ {
+ "@id": "ns5:vexVersion",
+ "@type": "owl:DatatypeProperty",
+ "rdfs:comment": {
+ "@value": "Specifies the version of a VEX statement.",
+ "@language": "en"
+ },
+ "rdfs:range": {
+ "@id": "xsd:string"
+ }
+ },
+ {
+ "@id": "https://spdx.org/rdf/3.0.1/terms/SimpleLicensing/customIdToUri",
+ "@type": "owl:ObjectProperty",
+ "rdfs:comment": {
+ "@value": "Maps a LicenseRef or AdditionRef string for a Custom License or a Custom\nLicense Addition to its URI ID.",
+ "@language": "en"
+ },
+ "rdfs:range": {
+ "@id": "ns1:DictionaryEntry"
+ }
+ },
+ {
+ "@id": "https://spdx.org/rdf/3.0.1/terms/SimpleLicensing/licenseExpression",
+ "@type": "owl:DatatypeProperty",
+ "rdfs:comment": {
+ "@value": "A string in the license expression format.",
+ "@language": "en"
+ },
+ "rdfs:range": {
+ "@id": "xsd:string"
+ }
+ },
+ {
+ "@id": "https://spdx.org/rdf/3.0.1/terms/SimpleLicensing/licenseListVersion",
+ "@type": "owl:DatatypeProperty",
+ "rdfs:comment": {
+ "@value": "The version of the SPDX License List used in the license expression.",
+ "@language": "en"
+ },
+ "rdfs:range": {
+ "@id": "xsd:string"
+ }
+ },
+ {
+ "@id": "https://spdx.org/rdf/3.0.1/terms/Software/ContentIdentifierType/gitoid",
+ "@type": [
+ "owl:NamedIndividual",
+ "ns2:ContentIdentifierType"
+ ],
+ "rdfs:label": "gitoid",
+ "rdfs:comment": {
+ "@value": "[Gitoid](https://www.iana.org/assignments/uri-schemes/prov/gitoid), stands for [Git Object ID](https://git-scm.com/book/en/v2/Git-Internals-Git-Objects). A gitoid of type blob is a unique hash of a binary artifact. A gitoid may represent either an [Artifact Identifier](https://github.com/omnibor/spec/blob/eb1ee5c961c16215eb8709b2975d193a2007a35d/spec/SPEC.md#artifact-identifier-types) for the software artifact or an [Input Manifest Identifier](https://github.com/omnibor/spec/blob/eb1ee5c961c16215eb8709b2975d193a2007a35d/spec/SPEC.md#input-manifest-identifier) for the software artifact's associated [Artifact Input Manifest](https://github.com/omnibor/spec/blob/eb1ee5c961c16215eb8709b2975d193a2007a35d/spec/SPEC.md#artifact-input-manifest); this ambiguity exists because the Artifact Input Manifest is itself an artifact, and the gitoid of that artifact is its valid identifier. Gitoids calculated on software artifacts (Snippet, File, or Package Elements) should be recorded in the SPDX 3.0 SoftwareArtifact's contentIdentifier property. Gitoids calculated on the Artifact Input Manifest (Input Manifest Identifier) should be recorded in the SPDX 3.0 Element's externalIdentifier property. See [OmniBOR Specification](https://github.com/omnibor/spec/), a minimalistic specification for describing software [Artifact Dependency Graphs](https://github.com/omnibor/spec/blob/eb1ee5c961c16215eb8709b2975d193a2007a35d/spec/SPEC.md#artifact-dependency-graph-adg).",
+ "@language": "en"
+ }
+ },
+ {
+ "@id": "https://spdx.org/rdf/3.0.1/terms/Software/ContentIdentifierType/swhid",
+ "@type": [
+ "owl:NamedIndividual",
+ "ns2:ContentIdentifierType"
+ ],
+ "rdfs:label": "swhid",
+ "rdfs:comment": {
+ "@value": "SoftWare Hash IDentifier, a persistent intrinsic identifier for digital artifacts, such as files, trees (also known as directories or folders), commits, and other objects typically found in version control systems. The format of the identifiers is defined in the [SWHID specification](https://www.swhid.org/specification/v1.1/4.Syntax) (ISO/IEC DIS 18670). They typically look like `swh:1:cnt:94a9ed024d3859793618152ea559a168bbcbb5e2`.",
+ "@language": "en"
+ }
+ },
+ {
+ "@id": "https://spdx.org/rdf/3.0.1/terms/Software/FileKindType/directory",
+ "@type": [
+ "owl:NamedIndividual",
+ "ns2:FileKindType"
+ ],
+ "rdfs:label": "directory",
+ "rdfs:comment": {
+ "@value": "The file represents a directory and all content stored in that directory.",
+ "@language": "en"
+ }
+ },
+ {
+ "@id": "https://spdx.org/rdf/3.0.1/terms/Software/FileKindType/file",
+ "@type": [
+ "owl:NamedIndividual",
+ "ns2:FileKindType"
+ ],
+ "rdfs:label": "file",
+ "rdfs:comment": {
+ "@value": "The file represents a single file (default).",
+ "@language": "en"
+ }
+ },
+ {
+ "@id": "https://spdx.org/rdf/3.0.1/terms/Software/SbomType/analyzed",
+ "@type": [
+ "owl:NamedIndividual",
+ "ns2:SbomType"
+ ],
+ "rdfs:label": "analyzed",
+ "rdfs:comment": {
+ "@value": "SBOM generated through analysis of artifacts (e.g., executables, packages, containers, and virtual machine images) after its build. Such analysis generally requires a variety of heuristics. In some contexts, this may also be referred to as a \"3rd party\" SBOM.",
+ "@language": "en"
+ }
+ },
+ {
+ "@id": "https://spdx.org/rdf/3.0.1/terms/Software/SbomType/build",
+ "@type": [
+ "owl:NamedIndividual",
+ "ns2:SbomType"
+ ],
+ "rdfs:label": "build",
+ "rdfs:comment": {
+ "@value": "SBOM generated as part of the process of building the software to create a releasable artifact (e.g., executable or package) from data such as source files, dependencies, built components, build process ephemeral data, and other SBOMs.",
+ "@language": "en"
+ }
+ },
+ {
+ "@id": "https://spdx.org/rdf/3.0.1/terms/Software/SbomType/deployed",
+ "@type": [
+ "owl:NamedIndividual",
+ "ns2:SbomType"
+ ],
+ "rdfs:label": "deployed",
+ "rdfs:comment": {
+ "@value": "SBOM provides an inventory of software that is present on a system. This may be an assembly of other SBOMs that combines analysis of configuration options, and examination of execution behavior in a (potentially simulated) deployment environment.",
+ "@language": "en"
+ }
+ },
+ {
+ "@id": "https://spdx.org/rdf/3.0.1/terms/Software/SbomType/design",
+ "@type": [
+ "owl:NamedIndividual",
+ "ns2:SbomType"
+ ],
+ "rdfs:label": "design",
+ "rdfs:comment": {
+ "@value": "SBOM of intended, planned software project or product with included components (some of which may not yet exist) for a new software artifact.",
+ "@language": "en"
+ }
+ },
+ {
+ "@id": "https://spdx.org/rdf/3.0.1/terms/Software/SbomType/runtime",
+ "@type": [
+ "owl:NamedIndividual",
+ "ns2:SbomType"
+ ],
+ "rdfs:label": "runtime",
+ "rdfs:comment": {
+ "@value": "SBOM generated through instrumenting the system running the software, to capture only components present in the system, as well as external call-outs or dynamically loaded components. In some contexts, this may also be referred to as an \"Instrumented\" or \"Dynamic\" SBOM.",
+ "@language": "en"
+ }
+ },
+ {
+ "@id": "https://spdx.org/rdf/3.0.1/terms/Software/SbomType/source",
+ "@type": [
+ "owl:NamedIndividual",
+ "ns2:SbomType"
+ ],
+ "rdfs:label": "source",
+ "rdfs:comment": {
+ "@value": "SBOM created directly from the development environment, source files, and included dependencies used to build an product artifact.",
+ "@language": "en"
+ }
+ },
+ {
+ "@id": "ns2:additionalPurpose",
+ "@type": "owl:ObjectProperty",
+ "rdfs:comment": {
+ "@value": "Provides additional purpose information of the software artifact.",
+ "@language": "en"
+ },
+ "rdfs:range": {
+ "@id": "ns2:SoftwarePurpose"
+ }
+ },
+ {
+ "@id": "ns2:attributionText",
+ "@type": "owl:DatatypeProperty",
+ "rdfs:comment": {
+ "@value": "Provides a place for the SPDX data creator to record acknowledgement text for\na software Package, File or Snippet.",
+ "@language": "en"
+ },
+ "rdfs:range": {
+ "@id": "xsd:string"
+ }
+ },
+ {
+ "@id": "ns2:byteRange",
+ "@type": "owl:DatatypeProperty",
+ "rdfs:comment": {
+ "@value": "Defines the byte range in the original host file that the snippet information\napplies to.",
+ "@language": "en"
+ },
+ "rdfs:range": {
+ "@id": "ns1:PositiveIntegerRange"
+ }
+ },
+ {
+ "@id": "ns2:contentIdentifier",
+ "@type": "owl:DatatypeProperty",
+ "rdfs:comment": {
+ "@value": "A canonical, unique, immutable identifier of the artifact content, that may be\nused for verifying its identity and/or integrity.",
+ "@language": "en"
+ },
+ "rdfs:range": {
+ "@id": "ns2:ContentIdentifier"
+ }
+ },
+ {
+ "@id": "ns2:contentIdentifierType",
+ "@type": "owl:ObjectProperty",
+ "rdfs:comment": {
+ "@value": "Specifies the type of the content identifier.",
+ "@language": "en"
+ },
+ "rdfs:range": {
+ "@id": "ns2:ContentIdentifierType"
+ }
+ },
+ {
+ "@id": "ns2:contentIdentifierValue",
+ "@type": "owl:DatatypeProperty",
+ "rdfs:comment": {
+ "@value": "Specifies the value of the content identifier.",
+ "@language": "en"
+ },
+ "rdfs:range": {
+ "@id": "xsd:anyURI"
+ }
+ },
+ {
+ "@id": "ns2:copyrightText",
+ "@type": "owl:DatatypeProperty",
+ "rdfs:comment": {
+ "@value": "Identifies the text of one or more copyright notices for a software Package,\nFile or Snippet, if any.",
+ "@language": "en"
+ },
+ "rdfs:range": {
+ "@id": "xsd:string"
+ }
+ },
+ {
+ "@id": "ns2:downloadLocation",
+ "@type": "owl:DatatypeProperty",
+ "rdfs:comment": {
+ "@value": "Identifies the download Uniform Resource Identifier for the package at the time\nthat the document was created.",
+ "@language": "en"
+ },
+ "rdfs:range": {
+ "@id": "xsd:anyURI"
+ }
+ },
+ {
+ "@id": "ns2:fileKind",
+ "@type": "owl:ObjectProperty",
+ "rdfs:comment": {
+ "@value": "Describes if a given file is a directory or non-directory kind of file.",
+ "@language": "en"
+ },
+ "rdfs:range": {
+ "@id": "ns2:FileKindType"
+ }
+ },
+ {
+ "@id": "ns2:homePage",
+ "@type": "owl:DatatypeProperty",
+ "rdfs:comment": {
+ "@value": "A place for the SPDX document creator to record a website that serves as the\npackage's home page.",
+ "@language": "en"
+ },
+ "rdfs:range": {
+ "@id": "xsd:anyURI"
+ }
+ },
+ {
+ "@id": "ns2:lineRange",
+ "@type": "owl:DatatypeProperty",
+ "rdfs:comment": {
+ "@value": "Defines the line range in the original host file that the snippet information\napplies to.",
+ "@language": "en"
+ },
+ "rdfs:range": {
+ "@id": "ns1:PositiveIntegerRange"
+ }
+ },
+ {
+ "@id": "ns2:packageUrl",
+ "@type": "owl:DatatypeProperty",
+ "rdfs:comment": {
+ "@value": "Provides a place for the SPDX data creator to record the package URL string\n(in accordance with the Package URL specification) for a software Package.",
+ "@language": "en"
+ },
+ "rdfs:range": {
+ "@id": "xsd:anyURI"
+ }
+ },
+ {
+ "@id": "ns2:packageVersion",
+ "@type": "owl:DatatypeProperty",
+ "rdfs:comment": {
+ "@value": "Identify the version of a package.",
+ "@language": "en"
+ },
+ "rdfs:range": {
+ "@id": "xsd:string"
+ }
+ },
+ {
+ "@id": "ns2:primaryPurpose",
+ "@type": "owl:ObjectProperty",
+ "rdfs:comment": {
+ "@value": "Provides information about the primary purpose of the software artifact.",
+ "@language": "en"
+ },
+ "rdfs:range": {
+ "@id": "ns2:SoftwarePurpose"
+ }
+ },
+ {
+ "@id": "ns2:sbomType",
+ "@type": "owl:ObjectProperty",
+ "rdfs:comment": {
+ "@value": "Provides information about the type of an SBOM.",
+ "@language": "en"
+ },
+ "rdfs:range": {
+ "@id": "ns2:SbomType"
+ }
+ },
+ {
+ "@id": "ns2:snippetFromFile",
+ "@type": "owl:ObjectProperty",
+ "rdfs:comment": {
+ "@value": "Defines the original host file that the snippet information applies to.",
+ "@language": "en"
+ },
+ "rdfs:range": {
+ "@id": "ns2:File"
+ }
+ },
+ {
+ "@id": "ns2:sourceInfo",
+ "@type": "owl:DatatypeProperty",
+ "rdfs:comment": {
+ "@value": "Records any relevant background information or additional comments\nabout the origin of the package.",
+ "@language": "en"
+ },
+ "rdfs:range": {
+ "@id": "xsd:string"
+ }
+ },
+ {
+ "@id": "ns4:EnergyConsumption",
+ "@type": [
+ "owl:Class",
+ "sh:NodeShape"
+ ],
+ "rdfs:comment": {
+ "@value": "A class for describing the energy consumption incurred by an AI model in\ndifferent stages of its lifecycle.",
+ "@language": "en"
+ },
+ "sh:nodeKind": {
+ "@id": "sh:BlankNode"
+ },
+ "sh:property": [
+ {
+ "sh:class": {
+ "@id": "ns4:EnergyConsumptionDescription"
+ },
+ "sh:nodeKind": {
+ "@id": "sh:BlankNodeOrIRI"
+ },
+ "sh:path": {
+ "@id": "ns4:inferenceEnergyConsumption"
+ }
+ },
+ {
+ "sh:class": {
+ "@id": "ns4:EnergyConsumptionDescription"
+ },
+ "sh:nodeKind": {
+ "@id": "sh:BlankNodeOrIRI"
+ },
+ "sh:path": {
+ "@id": "ns4:finetuningEnergyConsumption"
+ }
+ },
+ {
+ "sh:class": {
+ "@id": "ns4:EnergyConsumptionDescription"
+ },
+ "sh:nodeKind": {
+ "@id": "sh:BlankNodeOrIRI"
+ },
+ "sh:path": {
+ "@id": "ns4:trainingEnergyConsumption"
+ }
+ }
+ ]
+ },
+ {
+ "@id": "ns1:CreationInfo",
+ "@type": [
+ "owl:Class",
+ "sh:NodeShape"
+ ],
+ "rdfs:comment": {
+ "@value": "Provides information about the creation of the Element.",
+ "@language": "en"
+ },
+ "sh:nodeKind": {
+ "@id": "sh:BlankNode"
+ },
+ "sh:property": [
+ {
+ "sh:datatype": {
+ "@id": "xsd:string"
+ },
+ "sh:maxCount": 1,
+ "sh:nodeKind": {
+ "@id": "sh:Literal"
+ },
+ "sh:path": {
+ "@id": "ns1:comment"
+ }
+ },
+ {
+ "sh:class": {
+ "@id": "ns1:Tool"
+ },
+ "sh:nodeKind": {
+ "@id": "sh:IRI"
+ },
+ "sh:path": {
+ "@id": "ns1:createdUsing"
+ }
+ },
+ {
+ "sh:datatype": {
+ "@id": "xsd:string"
+ },
+ "sh:maxCount": 1,
+ "sh:minCount": 1,
+ "sh:nodeKind": {
+ "@id": "sh:Literal"
+ },
+ "sh:path": {
+ "@id": "ns1:specVersion"
+ },
+ "sh:pattern": "^(0|[1-9]\\d*)\\.(0|[1-9]\\d*)\\.(0|[1-9]\\d*)(?:-((?:0|[1-9]\\d*|\\d*[a-zA-Z-][0-9a-zA-Z-]*)(?:\\.(?:0|[1-9]\\d*|\\d*[a-zA-Z-][0-9a-zA-Z-]*))*))?(?:\\+([0-9a-zA-Z-]+(?:\\.[0-9a-zA-Z-]+)*))?$"
+ },
+ {
+ "sh:datatype": {
+ "@id": "xsd:dateTimeStamp"
+ },
+ "sh:maxCount": 1,
+ "sh:minCount": 1,
+ "sh:nodeKind": {
+ "@id": "sh:Literal"
+ },
+ "sh:path": {
+ "@id": "ns1:created"
+ },
+ "sh:pattern": "^\\d\\d\\d\\d-\\d\\d-\\d\\dT\\d\\d:\\d\\d:\\d\\dZ$"
+ },
+ {
+ "sh:class": {
+ "@id": "ns1:Agent"
+ },
+ "sh:minCount": 1,
+ "sh:nodeKind": {
+ "@id": "sh:IRI"
+ },
+ "sh:path": {
+ "@id": "ns1:createdBy"
+ }
+ }
+ ]
+ },
+ {
+ "@id": "ns1:ElementCollection",
+ "@type": [
+ "ns7:AbstractClass",
+ "owl:Class",
+ "sh:NodeShape"
+ ],
+ "rdfs:comment": {
+ "@value": "A collection of Elements, not necessarily with unifying context.",
+ "@language": "en"
+ },
+ "rdfs:subClassOf": {
+ "@id": "ns1:Element"
+ },
+ "sh:nodeKind": {
+ "@id": "sh:IRI"
+ },
+ "sh:property": [
+ {
+ "sh:class": {
+ "@id": "ns1:ProfileIdentifierType"
+ },
+ "sh:in": {
+ "@list": [
+ {
+ "@id": "https://spdx.org/rdf/3.0.1/terms/Core/ProfileIdentifierType/core"
+ },
+ {
+ "@id": "https://spdx.org/rdf/3.0.1/terms/Core/ProfileIdentifierType/software"
+ },
+ {
+ "@id": "https://spdx.org/rdf/3.0.1/terms/Core/ProfileIdentifierType/simpleLicensing"
+ },
+ {
+ "@id": "https://spdx.org/rdf/3.0.1/terms/Core/ProfileIdentifierType/expandedLicensing"
+ },
+ {
+ "@id": "https://spdx.org/rdf/3.0.1/terms/Core/ProfileIdentifierType/security"
+ },
+ {
+ "@id": "https://spdx.org/rdf/3.0.1/terms/Core/ProfileIdentifierType/build"
+ },
+ {
+ "@id": "https://spdx.org/rdf/3.0.1/terms/Core/ProfileIdentifierType/ai"
+ },
+ {
+ "@id": "https://spdx.org/rdf/3.0.1/terms/Core/ProfileIdentifierType/dataset"
+ },
+ {
+ "@id": "https://spdx.org/rdf/3.0.1/terms/Core/ProfileIdentifierType/extension"
+ },
+ {
+ "@id": "https://spdx.org/rdf/3.0.1/terms/Core/ProfileIdentifierType/lite"
+ }
+ ]
+ },
+ "sh:nodeKind": {
+ "@id": "sh:IRI"
+ },
+ "sh:path": {
+ "@id": "ns1:profileConformance"
+ }
+ },
+ {
+ "sh:class": {
+ "@id": "ns1:Element"
+ },
+ "sh:nodeKind": {
+ "@id": "sh:IRI"
+ },
+ "sh:path": {
+ "@id": "ns1:element"
+ }
+ },
+ {
+ "sh:class": {
+ "@id": "ns1:Element"
+ },
+ "sh:nodeKind": {
+ "@id": "sh:IRI"
+ },
+ "sh:path": {
+ "@id": "ns1:rootElement"
+ }
+ }
+ ]
+ },
+ {
+ "@id": "ns1:ExternalIdentifier",
+ "@type": [
+ "owl:Class",
+ "sh:NodeShape"
+ ],
+ "rdfs:comment": {
+ "@value": "A reference to a resource identifier defined outside the scope of SPDX-3.0 content that uniquely identifies an Element.",
+ "@language": "en"
+ },
+ "sh:nodeKind": {
+ "@id": "sh:BlankNode"
+ },
+ "sh:property": [
+ {
+ "sh:datatype": {
+ "@id": "xsd:string"
+ },
+ "sh:maxCount": 1,
+ "sh:nodeKind": {
+ "@id": "sh:Literal"
+ },
+ "sh:path": {
+ "@id": "ns1:issuingAuthority"
+ }
+ },
+ {
+ "sh:datatype": {
+ "@id": "xsd:string"
+ },
+ "sh:maxCount": 1,
+ "sh:minCount": 1,
+ "sh:nodeKind": {
+ "@id": "sh:Literal"
+ },
+ "sh:path": {
+ "@id": "ns1:identifier"
+ }
+ },
+ {
+ "sh:datatype": {
+ "@id": "xsd:anyURI"
+ },
+ "sh:nodeKind": {
+ "@id": "sh:Literal"
+ },
+ "sh:path": {
+ "@id": "ns1:identifierLocator"
+ }
+ },
+ {
+ "sh:datatype": {
+ "@id": "xsd:string"
+ },
+ "sh:maxCount": 1,
+ "sh:nodeKind": {
+ "@id": "sh:Literal"
+ },
+ "sh:path": {
+ "@id": "ns1:comment"
+ }
+ },
+ {
+ "sh:class": {
+ "@id": "ns1:ExternalIdentifierType"
+ },
+ "sh:in": {
+ "@list": [
+ {
+ "@id": "https://spdx.org/rdf/3.0.1/terms/Core/ExternalIdentifierType/cpe22"
+ },
+ {
+ "@id": "https://spdx.org/rdf/3.0.1/terms/Core/ExternalIdentifierType/cpe23"
+ },
+ {
+ "@id": "https://spdx.org/rdf/3.0.1/terms/Core/ExternalIdentifierType/cve"
+ },
+ {
+ "@id": "https://spdx.org/rdf/3.0.1/terms/Core/ExternalIdentifierType/email"
+ },
+ {
+ "@id": "https://spdx.org/rdf/3.0.1/terms/Core/ExternalIdentifierType/gitoid"
+ },
+ {
+ "@id": "https://spdx.org/rdf/3.0.1/terms/Core/ExternalIdentifierType/other"
+ },
+ {
+ "@id": "https://spdx.org/rdf/3.0.1/terms/Core/ExternalIdentifierType/packageUrl"
+ },
+ {
+ "@id": "https://spdx.org/rdf/3.0.1/terms/Core/ExternalIdentifierType/securityOther"
+ },
+ {
+ "@id": "https://spdx.org/rdf/3.0.1/terms/Core/ExternalIdentifierType/swhid"
+ },
+ {
+ "@id": "https://spdx.org/rdf/3.0.1/terms/Core/ExternalIdentifierType/swid"
+ },
+ {
+ "@id": "https://spdx.org/rdf/3.0.1/terms/Core/ExternalIdentifierType/urlScheme"
+ }
+ ]
+ },
+ "sh:maxCount": 1,
+ "sh:minCount": 1,
+ "sh:nodeKind": {
+ "@id": "sh:IRI"
+ },
+ "sh:path": {
+ "@id": "ns1:externalIdentifierType"
+ }
+ }
+ ]
+ },
+ {
+ "@id": "ns1:ExternalMap",
+ "@type": [
+ "owl:Class",
+ "sh:NodeShape"
+ ],
+ "rdfs:comment": {
+ "@value": "A map of Element identifiers that are used within an SpdxDocument but defined\nexternal to that SpdxDocument.",
+ "@language": "en"
+ },
+ "sh:nodeKind": {
+ "@id": "sh:BlankNode"
+ },
+ "sh:property": [
+ {
+ "sh:datatype": {
+ "@id": "xsd:anyURI"
+ },
+ "sh:maxCount": 1,
+ "sh:minCount": 1,
+ "sh:nodeKind": {
+ "@id": "sh:Literal"
+ },
+ "sh:path": {
+ "@id": "ns1:externalSpdxId"
+ }
+ },
+ {
+ "sh:class": {
+ "@id": "ns1:Artifact"
+ },
+ "sh:maxCount": 1,
+ "sh:nodeKind": {
+ "@id": "sh:IRI"
+ },
+ "sh:path": {
+ "@id": "ns1:definingArtifact"
+ }
+ },
+ {
+ "sh:datatype": {
+ "@id": "xsd:anyURI"
+ },
+ "sh:maxCount": 1,
+ "sh:nodeKind": {
+ "@id": "sh:Literal"
+ },
+ "sh:path": {
+ "@id": "ns1:locationHint"
+ }
+ },
+ {
+ "sh:class": {
+ "@id": "ns1:IntegrityMethod"
+ },
+ "sh:nodeKind": {
+ "@id": "sh:BlankNodeOrIRI"
+ },
+ "sh:path": {
+ "@id": "ns1:verifiedUsing"
+ }
+ }
+ ]
+ },
+ {
+ "@id": "ns1:ExternalRef",
+ "@type": [
+ "owl:Class",
+ "sh:NodeShape"
+ ],
+ "rdfs:comment": {
+ "@value": "A reference to a resource outside the scope of SPDX-3.0 content related to an Element.",
+ "@language": "en"
+ },
+ "sh:nodeKind": {
+ "@id": "sh:BlankNode"
+ },
+ "sh:property": [
+ {
+ "sh:datatype": {
+ "@id": "xsd:string"
+ },
+ "sh:maxCount": 1,
+ "sh:nodeKind": {
+ "@id": "sh:Literal"
+ },
+ "sh:path": {
+ "@id": "ns1:contentType"
+ },
+ "sh:pattern": "^[^\\/]+\\/[^\\/]+$"
+ },
+ {
+ "sh:class": {
+ "@id": "ns1:ExternalRefType"
+ },
+ "sh:in": {
+ "@list": [
+ {
+ "@id": "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/altDownloadLocation"
+ },
+ {
+ "@id": "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/altWebPage"
+ },
+ {
+ "@id": "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/binaryArtifact"
+ },
+ {
+ "@id": "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/bower"
+ },
+ {
+ "@id": "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/buildMeta"
+ },
+ {
+ "@id": "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/buildSystem"
+ },
+ {
+ "@id": "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/chat"
+ },
+ {
+ "@id": "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/certificationReport"
+ },
+ {
+ "@id": "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/componentAnalysisReport"
+ },
+ {
+ "@id": "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/cwe"
+ },
+ {
+ "@id": "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/documentation"
+ },
+ {
+ "@id": "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/dynamicAnalysisReport"
+ },
+ {
+ "@id": "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/eolNotice"
+ },
+ {
+ "@id": "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/exportControlAssessment"
+ },
+ {
+ "@id": "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/funding"
+ },
+ {
+ "@id": "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/issueTracker"
+ },
+ {
+ "@id": "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/mailingList"
+ },
+ {
+ "@id": "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/mavenCentral"
+ },
+ {
+ "@id": "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/metrics"
+ },
+ {
+ "@id": "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/npm"
+ },
+ {
+ "@id": "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/nuget"
+ },
+ {
+ "@id": "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/license"
+ },
+ {
+ "@id": "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/other"
+ },
+ {
+ "@id": "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/privacyAssessment"
+ },
+ {
+ "@id": "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/productMetadata"
+ },
+ {
+ "@id": "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/purchaseOrder"
+ },
+ {
+ "@id": "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/qualityAssessmentReport"
+ },
+ {
+ "@id": "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/releaseNotes"
+ },
+ {
+ "@id": "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/releaseHistory"
+ },
+ {
+ "@id": "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/riskAssessment"
+ },
+ {
+ "@id": "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/runtimeAnalysisReport"
+ },
+ {
+ "@id": "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/secureSoftwareAttestation"
+ },
+ {
+ "@id": "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/securityAdvisory"
+ },
+ {
+ "@id": "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/securityAdversaryModel"
+ },
+ {
+ "@id": "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/securityFix"
+ },
+ {
+ "@id": "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/securityOther"
+ },
+ {
+ "@id": "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/securityPenTestReport"
+ },
+ {
+ "@id": "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/securityPolicy"
+ },
+ {
+ "@id": "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/securityThreatModel"
+ },
+ {
+ "@id": "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/socialMedia"
+ },
+ {
+ "@id": "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/sourceArtifact"
+ },
+ {
+ "@id": "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/staticAnalysisReport"
+ },
+ {
+ "@id": "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/support"
+ },
+ {
+ "@id": "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/vcs"
+ },
+ {
+ "@id": "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/vulnerabilityDisclosureReport"
+ },
+ {
+ "@id": "https://spdx.org/rdf/3.0.1/terms/Core/ExternalRefType/vulnerabilityExploitabilityAssessment"
+ }
+ ]
+ },
+ "sh:maxCount": 1,
+ "sh:nodeKind": {
+ "@id": "sh:IRI"
+ },
+ "sh:path": {
+ "@id": "ns1:externalRefType"
+ }
+ },
+ {
+ "sh:datatype": {
+ "@id": "xsd:string"
+ },
+ "sh:maxCount": 1,
+ "sh:nodeKind": {
+ "@id": "sh:Literal"
+ },
+ "sh:path": {
+ "@id": "ns1:comment"
+ }
+ },
+ {
+ "sh:datatype": {
+ "@id": "xsd:string"
+ },
+ "sh:nodeKind": {
+ "@id": "sh:Literal"
+ },
+ "sh:path": {
+ "@id": "ns1:locator"
+ }
+ }
+ ]
+ },
+ {
+ "@id": "ns1:Hash",
+ "@type": [
+ "owl:Class",
+ "sh:NodeShape"
+ ],
+ "rdfs:comment": {
+ "@value": "A mathematically calculated representation of a grouping of data.",
+ "@language": "en"
+ },
+ "rdfs:subClassOf": {
+ "@id": "ns1:IntegrityMethod"
+ },
+ "sh:nodeKind": {
+ "@id": "sh:BlankNode"
+ },
+ "sh:property": [
+ {
+ "sh:class": {
+ "@id": "ns1:HashAlgorithm"
+ },
+ "sh:in": {
+ "@list": [
+ {
+ "@id": "https://spdx.org/rdf/3.0.1/terms/Core/HashAlgorithm/adler32"
+ },
+ {
+ "@id": "https://spdx.org/rdf/3.0.1/terms/Core/HashAlgorithm/blake2b256"
+ },
+ {
+ "@id": "https://spdx.org/rdf/3.0.1/terms/Core/HashAlgorithm/blake2b384"
+ },
+ {
+ "@id": "https://spdx.org/rdf/3.0.1/terms/Core/HashAlgorithm/blake2b512"
+ },
+ {
+ "@id": "https://spdx.org/rdf/3.0.1/terms/Core/HashAlgorithm/blake3"
+ },
+ {
+ "@id": "https://spdx.org/rdf/3.0.1/terms/Core/HashAlgorithm/crystalsDilithium"
+ },
+ {
+ "@id": "https://spdx.org/rdf/3.0.1/terms/Core/HashAlgorithm/crystalsKyber"
+ },
+ {
+ "@id": "https://spdx.org/rdf/3.0.1/terms/Core/HashAlgorithm/falcon"
+ },
+ {
+ "@id": "https://spdx.org/rdf/3.0.1/terms/Core/HashAlgorithm/md2"
+ },
+ {
+ "@id": "https://spdx.org/rdf/3.0.1/terms/Core/HashAlgorithm/md4"
+ },
+ {
+ "@id": "https://spdx.org/rdf/3.0.1/terms/Core/HashAlgorithm/md5"
+ },
+ {
+ "@id": "https://spdx.org/rdf/3.0.1/terms/Core/HashAlgorithm/md6"
+ },
+ {
+ "@id": "https://spdx.org/rdf/3.0.1/terms/Core/HashAlgorithm/other"
+ },
+ {
+ "@id": "https://spdx.org/rdf/3.0.1/terms/Core/HashAlgorithm/sha1"
+ },
+ {
+ "@id": "https://spdx.org/rdf/3.0.1/terms/Core/HashAlgorithm/sha224"
+ },
+ {
+ "@id": "https://spdx.org/rdf/3.0.1/terms/Core/HashAlgorithm/sha256"
+ },
+ {
+ "@id": "https://spdx.org/rdf/3.0.1/terms/Core/HashAlgorithm/sha384"
+ },
+ {
+ "@id": "https://spdx.org/rdf/3.0.1/terms/Core/HashAlgorithm/sha512"
+ },
+ {
+ "@id": "https://spdx.org/rdf/3.0.1/terms/Core/HashAlgorithm/sha3_224"
+ },
+ {
+ "@id": "https://spdx.org/rdf/3.0.1/terms/Core/HashAlgorithm/sha3_256"
+ },
+ {
+ "@id": "https://spdx.org/rdf/3.0.1/terms/Core/HashAlgorithm/sha3_384"
+ },
+ {
+ "@id": "https://spdx.org/rdf/3.0.1/terms/Core/HashAlgorithm/sha3_512"
+ }
+ ]
+ },
+ "sh:maxCount": 1,
+ "sh:minCount": 1,
+ "sh:nodeKind": {
+ "@id": "sh:IRI"
+ },
+ "sh:path": {
+ "@id": "ns1:algorithm"
+ }
+ },
+ {
+ "sh:datatype": {
+ "@id": "xsd:string"
+ },
+ "sh:maxCount": 1,
+ "sh:minCount": 1,
+ "sh:nodeKind": {
+ "@id": "sh:Literal"
+ },
+ "sh:path": {
+ "@id": "ns1:hashValue"
+ }
+ }
+ ]
+ },
+ {
+ "@id": "https://spdx.org/rdf/3.0.1/terms/Core/HashAlgorithm/adler32",
+ "@type": [
+ "owl:NamedIndividual",
+ "ns1:HashAlgorithm"
+ ],
+ "rdfs:label": "adler32",
+ "rdfs:comment": {
+ "@value": "Adler-32 checksum is part of the widely used zlib compression library as defined in [RFC 1950](https://datatracker.ietf.org/doc/rfc1950/) Section 2.3.",
+ "@language": "en"
+ }
+ },
+ {
+ "@id": "https://spdx.org/rdf/3.0.1/terms/Core/HashAlgorithm/blake2b256",
+ "@type": [
+ "owl:NamedIndividual",
+ "ns1:HashAlgorithm"
+ ],
+ "rdfs:label": "blake2b256",
+ "rdfs:comment": {
+ "@value": "BLAKE2b algorithm with a digest size of 256, as defined in [RFC 7693](https://datatracker.ietf.org/doc/rfc7693/) Section 4.",
+ "@language": "en"
+ }
},
{
- "@id": "core:to",
- "@type": "owl:ObjectProperty",
- "rdfs:comment": "This field references an Element on the right-hand side of a relationship.",
- "rdfs:range": {
- "@id": "core:Element"
- },
- "ns0:term_status": "Stable"
+ "@id": "https://spdx.org/rdf/3.0.1/terms/Core/HashAlgorithm/blake2b384",
+ "@type": [
+ "owl:NamedIndividual",
+ "ns1:HashAlgorithm"
+ ],
+ "rdfs:label": "blake2b384",
+ "rdfs:comment": {
+ "@value": "BLAKE2b algorithm with a digest size of 384, as defined in [RFC 7693](https://datatracker.ietf.org/doc/rfc7693/) Section 4.",
+ "@language": "en"
+ }
},
{
- "@id": "core:validUntilTime",
- "@type": "owl:DatatypeProperty",
- "rdfs:comment": "A validUntilTime specifies until when the artifact can be used before its usage needs to be reassessed.",
- "rdfs:range": {
- "@id": "core:DateTime"
- },
- "ns0:term_status": "Stable"
+ "@id": "https://spdx.org/rdf/3.0.1/terms/Core/HashAlgorithm/blake2b512",
+ "@type": [
+ "owl:NamedIndividual",
+ "ns1:HashAlgorithm"
+ ],
+ "rdfs:label": "blake2b512",
+ "rdfs:comment": {
+ "@value": "BLAKE2b algorithm with a digest size of 512, as defined in [RFC 7693](https://datatracker.ietf.org/doc/rfc7693/) Section 4.",
+ "@language": "en"
+ }
},
{
- "@id": "core:value",
- "@type": "owl:DatatypeProperty",
- "rdfs:comment": "A value used in a generic key-value pair.\nA key-value pair can be used to implement a dictionary which associates a key with a value.",
- "rdfs:range": {
- "@id": "xsd:string"
- },
- "ns0:term_status": "Stable"
+ "@id": "https://spdx.org/rdf/3.0.1/terms/Core/HashAlgorithm/blake3",
+ "@type": [
+ "owl:NamedIndividual",
+ "ns1:HashAlgorithm"
+ ],
+ "rdfs:label": "blake3",
+ "rdfs:comment": {
+ "@value": "[BLAKE3](https://github.com/BLAKE3-team/BLAKE3-specs/blob/master/blake3.pdf)",
+ "@language": "en"
+ }
},
{
- "@id": "dataset:anonymizationMethodUsed",
- "@type": "owl:DatatypeProperty",
- "rdfs:comment": "AnonymizationMethodUsed describes the methods used to anonymize the dataset (of fields in the dataset).",
- "rdfs:range": {
- "@id": "xsd:string"
- },
- "ns0:term_status": "Stable"
+ "@id": "https://spdx.org/rdf/3.0.1/terms/Core/HashAlgorithm/crystalsDilithium",
+ "@type": [
+ "owl:NamedIndividual",
+ "ns1:HashAlgorithm"
+ ],
+ "rdfs:label": "crystalsDilithium",
+ "rdfs:comment": {
+ "@value": "[Dilithium](https://pq-crystals.org/dilithium/)",
+ "@language": "en"
+ }
},
{
- "@id": "dataset:confidentialityLevel",
- "@type": "owl:DatatypeProperty",
- "rdfs:comment": "ConfidentialityLevel describes the levels of confidentiality of the data points contained in the dataset.",
- "rdfs:range": {
- "@id": "dataset:ConfidentialityLevelType"
- },
- "ns0:term_status": "Stable"
+ "@id": "https://spdx.org/rdf/3.0.1/terms/Core/HashAlgorithm/crystalsKyber",
+ "@type": [
+ "owl:NamedIndividual",
+ "ns1:HashAlgorithm"
+ ],
+ "rdfs:label": "crystalsKyber",
+ "rdfs:comment": {
+ "@value": "[Kyber](https://pq-crystals.org/kyber/)",
+ "@language": "en"
+ }
},
{
- "@id": "dataset:dataCollectionProcess",
- "@type": "owl:DatatypeProperty",
- "rdfs:comment": "DataCollectionProcess describes how a dataset was collected.\nExamples include the sources from which a dataset was scrapped or\nthe interview protocol that was used for data collection.",
- "rdfs:range": {
- "@id": "xsd:string"
- },
- "ns0:term_status": "Stable"
+ "@id": "https://spdx.org/rdf/3.0.1/terms/Core/HashAlgorithm/falcon",
+ "@type": [
+ "owl:NamedIndividual",
+ "ns1:HashAlgorithm"
+ ],
+ "rdfs:label": "falcon",
+ "rdfs:comment": {
+ "@value": "[FALCON](https://falcon-sign.info/falcon.pdf)",
+ "@language": "en"
+ }
},
{
- "@id": "dataset:dataPreprocessing",
- "@type": "owl:DatatypeProperty",
- "rdfs:comment": "DataPreprocessing describes the various preprocessing steps\nthat were applied to the raw data to create the dataset.",
- "rdfs:range": {
- "@id": "xsd:string"
- },
- "ns0:term_status": "Stable"
+ "@id": "https://spdx.org/rdf/3.0.1/terms/Core/HashAlgorithm/md2",
+ "@type": [
+ "owl:NamedIndividual",
+ "ns1:HashAlgorithm"
+ ],
+ "rdfs:label": "md2",
+ "rdfs:comment": {
+ "@value": "MD2 message-digest algorithm, as defined in [RFC 1319](https://datatracker.ietf.org/doc/rfc1319/).",
+ "@language": "en"
+ }
},
{
- "@id": "dataset:datasetAvailability",
- "@type": "owl:DatatypeProperty",
- "rdfs:comment": "Some datasets are publicly available and can be downloaded directly. Others are only accessible behind a clickthrough, or after filling a registration form. This field will describe the dataset availability from that perspective.",
- "rdfs:range": {
- "@id": "dataset:DatasetAvailabilityType"
- },
- "ns0:term_status": "Stable"
+ "@id": "https://spdx.org/rdf/3.0.1/terms/Core/HashAlgorithm/md4",
+ "@type": [
+ "owl:NamedIndividual",
+ "ns1:HashAlgorithm"
+ ],
+ "rdfs:label": "md4",
+ "rdfs:comment": {
+ "@value": "MD4 message-digest algorithm, as defined in [RFC 1186](https://datatracker.ietf.org/doc/rfc1186/).",
+ "@language": "en"
+ }
},
{
- "@id": "dataset:datasetNoise",
- "@type": "owl:DatatypeProperty",
- "rdfs:comment": "DatasetNoise describes what kinds of noises a dataset might encompass.\nThe field uses free form text to specify the fields or the samples that might be noisy.\nAlternatively, it can also be used to describe various noises that could impact the whole dataset.",
- "rdfs:range": {
- "@id": "xsd:string"
- },
- "ns0:term_status": "Stable"
+ "@id": "https://spdx.org/rdf/3.0.1/terms/Core/HashAlgorithm/md5",
+ "@type": [
+ "owl:NamedIndividual",
+ "ns1:HashAlgorithm"
+ ],
+ "rdfs:label": "md5",
+ "rdfs:comment": {
+ "@value": "MD5 message-digest algorithm, as defined in [RFC 1321](https://datatracker.ietf.org/doc/rfc1321/).",
+ "@language": "en"
+ }
},
{
- "@id": "dataset:datasetSize",
- "@type": "owl:DatatypeProperty",
- "rdfs:comment": "DatasetSize Captures how large a dataset is.\nThe size is to be measured in bytes.",
- "rdfs:range": {
- "@id": "xsd:nonNegativeInteger"
- },
- "ns0:term_status": "Stable"
+ "@id": "https://spdx.org/rdf/3.0.1/terms/Core/HashAlgorithm/md6",
+ "@type": [
+ "owl:NamedIndividual",
+ "ns1:HashAlgorithm"
+ ],
+ "rdfs:label": "md6",
+ "rdfs:comment": {
+ "@value": "[MD6 hash function](https://people.csail.mit.edu/rivest/pubs/RABCx08.pdf)",
+ "@language": "en"
+ }
},
{
- "@id": "dataset:datasetType",
- "@type": "owl:DatatypeProperty",
- "rdfs:comment": "Type describes the datatype contained in the dataset. For example a dataset can be a image dataset or a text dataset or sometimes a multimodal dataset that contains multiple types of data",
- "rdfs:range": {
- "@id": "xsd:string"
- },
- "ns0:term_status": "Stable"
+ "@id": "https://spdx.org/rdf/3.0.1/terms/Core/HashAlgorithm/other",
+ "@type": [
+ "owl:NamedIndividual",
+ "ns1:HashAlgorithm"
+ ],
+ "rdfs:label": "other",
+ "rdfs:comment": {
+ "@value": "any hashing algorithm that does not exist in this list of entries",
+ "@language": "en"
+ }
},
{
- "@id": "dataset:datasetUpdateMechanism",
- "@type": "owl:DatatypeProperty",
- "rdfs:comment": "DatasetUpdateMechanism describes a mechanism to update the dataset.",
- "rdfs:range": {
- "@id": "xsd:string"
- },
- "ns0:term_status": "Stable"
+ "@id": "https://spdx.org/rdf/3.0.1/terms/Core/HashAlgorithm/sha1",
+ "@type": [
+ "owl:NamedIndividual",
+ "ns1:HashAlgorithm"
+ ],
+ "rdfs:label": "sha1",
+ "rdfs:comment": {
+ "@value": "SHA-1, a secure hashing algorithm, as defined in [RFC 3174](https://datatracker.ietf.org/doc/rfc3174/).",
+ "@language": "en"
+ }
},
{
- "@id": "dataset:intendedUse",
- "@type": "owl:DatatypeProperty",
- "rdfs:comment": "IntendedUse describes what the given dataset should be used for.\nSome datasets are collected to be used only for particular purposes. \nFor example, medical data collected from a specific demography might only be applicable\nfor training machine learning models to make predictions for that demography.\nIn such a case, the intendedUse field would capture this information.\nSimilarly, if a dataset is collected for building a facial recognition model,\nthe intendedUse field would specify that.",
- "rdfs:range": {
- "@id": "xsd:string"
- },
- "ns0:term_status": "Stable"
+ "@id": "https://spdx.org/rdf/3.0.1/terms/Core/HashAlgorithm/sha224",
+ "@type": [
+ "owl:NamedIndividual",
+ "ns1:HashAlgorithm"
+ ],
+ "rdfs:label": "sha224",
+ "rdfs:comment": {
+ "@value": "SHA-2 with a digest length of 224, as defined in [RFC 3874](https://datatracker.ietf.org/doc/rfc3874/).",
+ "@language": "en"
+ }
},
{
- "@id": "dataset:knownBias",
- "@type": "owl:DatatypeProperty",
- "rdfs:comment": "KnownBias is a free form text field that describes the different biases that the dataset encompasses.",
- "rdfs:range": {
- "@id": "xsd:string"
- },
- "ns0:term_status": "Stable"
+ "@id": "https://spdx.org/rdf/3.0.1/terms/Core/HashAlgorithm/sha256",
+ "@type": [
+ "owl:NamedIndividual",
+ "ns1:HashAlgorithm"
+ ],
+ "rdfs:label": "sha256",
+ "rdfs:comment": {
+ "@value": "SHA-2 with a digest length of 256, as defined in [RFC 6234](https://datatracker.ietf.org/doc/rfc6234/).",
+ "@language": "en"
+ }
},
{
- "@id": "dataset:sensitivePersonalInformation",
- "@type": "owl:DatatypeProperty",
- "rdfs:comment": "SensitivePersonalInformation indicates the presence of sensitive personal data\nor information that allows drawing conclusions about a person's identity.",
- "rdfs:range": {
- "@id": "dataset:PresenceType"
- },
- "ns0:term_status": "Stable"
+ "@id": "https://spdx.org/rdf/3.0.1/terms/Core/HashAlgorithm/sha384",
+ "@type": [
+ "owl:NamedIndividual",
+ "ns1:HashAlgorithm"
+ ],
+ "rdfs:label": "sha384",
+ "rdfs:comment": {
+ "@value": "SHA-2 with a digest length of 384, as defined in [RFC 6234](https://datatracker.ietf.org/doc/rfc6234/).",
+ "@language": "en"
+ }
},
{
- "@id": "dataset:sensor",
- "@type": "owl:DatatypeProperty",
- "rdfs:comment": "Sensor describes a sensor that was used for collecting the data\nand its calibration value as a key-value pair.",
- "rdfs:range": {
- "@id": "core:DictionaryEntry"
- },
- "ns0:term_status": "Stable"
+ "@id": "https://spdx.org/rdf/3.0.1/terms/Core/HashAlgorithm/sha3_224",
+ "@type": [
+ "owl:NamedIndividual",
+ "ns1:HashAlgorithm"
+ ],
+ "rdfs:label": "sha3_224",
+ "rdfs:comment": {
+ "@value": "SHA-3 with a digest length of 224, as defined in [FIPS 202](https://csrc.nist.gov/pubs/fips/202/final).",
+ "@language": "en"
+ }
},
{
- "@id": "licensing:additionComment",
- "@type": "owl:DatatypeProperty",
- "rdfs:comment": "An additionComment for a LicenseAddition describes general factual information\nabout the LicenseAddition. It should not contain information (or links to\ninformation) that includes any kind of interpretation about the meaning or\neffect of the License, even if written by the license addition's author.\n\nExamples of information for an additionComment may include the following:\n\n* If the LicenseAddition's identifier is deprecated, it may briefly explain the\n reason for deprecation.\n* It may include the date of release, if identified, for LicenseAdditions with\n multiple versions.\n* It may include links to other official language translations for the\n LicenseAddition.\n* It may include a reference to the License(s) with which this LicenseAddition\n is typically used.",
- "rdfs:range": {
- "@id": "xsd:string"
- },
- "ns0:term_status": "Stable"
+ "@id": "https://spdx.org/rdf/3.0.1/terms/Core/HashAlgorithm/sha3_256",
+ "@type": [
+ "owl:NamedIndividual",
+ "ns1:HashAlgorithm"
+ ],
+ "rdfs:label": "sha3_256",
+ "rdfs:comment": {
+ "@value": "SHA-3 with a digest length of 256, as defined in [FIPS 202](https://csrc.nist.gov/pubs/fips/202/final).",
+ "@language": "en"
+ }
},
{
- "@id": "licensing:additionId",
- "@type": "owl:DatatypeProperty",
- "rdfs:comment": "An additionId contains a human-readable, short-form identifier for a\nLicenseAddition. It may only include letters, numbers, period (\".\") and\nhyphen (\"-\") characters.\n\nFor a ListedLicenseException, the licenseId will be as specified on the\n[SPDX Exceptions List](https://spdx.org/licenses/exceptions-index.html) for the\nparticular exception.\n\nFor a CustomLicenseAddition, the short-form identifier must begin with the\nprefix `AdditionRef-` and must be unique within the applicable SPDX namespace.\nThe short-form identifier may be preceded by an SPDX namespace or a\nfully-qualified URI prefix.",
- "rdfs:range": {
- "@id": "xsd:string"
- },
- "ns0:term_status": "Stable"
+ "@id": "https://spdx.org/rdf/3.0.1/terms/Core/HashAlgorithm/sha3_384",
+ "@type": [
+ "owl:NamedIndividual",
+ "ns1:HashAlgorithm"
+ ],
+ "rdfs:label": "sha3_384",
+ "rdfs:comment": {
+ "@value": "SHA-3 with a digest length of 384, as defined in [FIPS 202](https://csrc.nist.gov/pubs/fips/202/final).",
+ "@language": "en"
+ }
},
{
- "@id": "licensing:additionName",
- "@type": "owl:DatatypeProperty",
- "rdfs:comment": "An additionName contains the full name of a LicenseAddition, preferably using\nthe title found in the applicable license addition text or file, or as\notherwise specified by the LicenseAddition's author or steward.\n\nWhen no such title is specified, using a name from another well-known source or list\nof licenses additions (such as OSI or Fedora) is suggested.\n\nIf no official or common name is known, any name may be used to aid in\ndistinguishing the LicenseAddition from other LicenseAdditions.",
- "rdfs:range": {
- "@id": "xsd:string"
- },
- "ns0:term_status": "Stable"
+ "@id": "https://spdx.org/rdf/3.0.1/terms/Core/HashAlgorithm/sha3_512",
+ "@type": [
+ "owl:NamedIndividual",
+ "ns1:HashAlgorithm"
+ ],
+ "rdfs:label": "sha3_512",
+ "rdfs:comment": {
+ "@value": "SHA-3 with a digest length of 512, as defined in [FIPS 202](https://csrc.nist.gov/pubs/fips/202/final).",
+ "@language": "en"
+ }
},
{
- "@id": "licensing:additionText",
- "@type": "owl:DatatypeProperty",
- "rdfs:comment": "An additionText contains the plain text of the LicenseAddition, without\ntemplating or other similar markup.\n\nUsers of the additionText for a License can apply the SPDX Matching Guidelines\nwhen comparing it to another text for matching purposes.",
- "rdfs:range": {
- "@id": "xsd:string"
- },
- "ns0:term_status": "Stable"
+ "@id": "https://spdx.org/rdf/3.0.1/terms/Core/HashAlgorithm/sha512",
+ "@type": [
+ "owl:NamedIndividual",
+ "ns1:HashAlgorithm"
+ ],
+ "rdfs:label": "sha512",
+ "rdfs:comment": {
+ "@value": "SHA-2 with a digest length of 512, as defined in [RFC 6234](https://datatracker.ietf.org/doc/rfc6234/).",
+ "@language": "en"
+ }
},
{
- "@id": "licensing:isDeprecatedAdditionId",
- "@type": "owl:DatatypeProperty",
- "rdfs:comment": "The isDeprecatedAdditionId property specifies whether an identifier for a\nLicenseAddition has been marked as deprecated. If the property is not defined,\nthen it is presumed to be false (i.e., not deprecated).\n\nIf the LicenseAddition is included on the SPDX Exceptions List, then\nthe `deprecatedVersion` property indicates on which version release of the\nExceptions List it was first marked as deprecated.\n\n\"Deprecated\" in this context refers to deprecating the use of the\n_identifier_, not the underlying license addition. In other words, even if a\nLicenseAddition's author or steward has stated that a particular\nLicenseAddition generally should not be used, that would _not_ mean that the\nLicenseAddition's identifier is \"deprecated.\" Rather, a LicenseAddition\noperator is typically marked as \"deprecated\" when it is determined that use of\nanother identifier is preferable.",
- "rdfs:range": {
- "@id": "xsd:boolean"
+ "@id": "ns1:NamespaceMap",
+ "@type": [
+ "owl:Class",
+ "sh:NodeShape"
+ ],
+ "rdfs:comment": {
+ "@value": "A mapping between prefixes and namespace partial URIs.",
+ "@language": "en"
},
- "ns0:term_status": "Stable"
- },
- {
- "@id": "licensing:isDeprecatedLicenseId",
- "@type": "owl:DatatypeProperty",
- "rdfs:comment": "The isDeprecatedLicenseId property specifies whether an identifier for a\nLicense or LicenseAddition has been marked as deprecated. If the property\nis not defined, then it is presumed to be false (i.e., not deprecated).\n\nIf the License or LicenseAddition is included on the SPDX License List, then\nthe `deprecatedVersion` property indicates on which version release of the\nLicense List it was first marked as deprecated.\n\n\"Deprecated\" in this context refers to deprecating the use of the\n_identifier_, not the underlying license. In other words, even if a License's\nauthor or steward has stated that a particular License generally should not be\nused, that would _not_ mean that the License's identifier is \"deprecated.\"\nRather, a License or LicenseAddition operator is typically marked as\n\"deprecated\" when it is determined that use of another identifier is\npreferable.",
- "rdfs:range": {
- "@id": "xsd:boolean"
+ "sh:nodeKind": {
+ "@id": "sh:BlankNode"
},
- "ns0:term_status": "Stable"
+ "sh:property": [
+ {
+ "sh:datatype": {
+ "@id": "xsd:string"
+ },
+ "sh:maxCount": 1,
+ "sh:minCount": 1,
+ "sh:nodeKind": {
+ "@id": "sh:Literal"
+ },
+ "sh:path": {
+ "@id": "ns1:prefix"
+ }
+ },
+ {
+ "sh:datatype": {
+ "@id": "xsd:anyURI"
+ },
+ "sh:maxCount": 1,
+ "sh:minCount": 1,
+ "sh:nodeKind": {
+ "@id": "sh:Literal"
+ },
+ "sh:path": {
+ "@id": "ns1:namespace"
+ }
+ }
+ ]
},
{
- "@id": "licensing:isFsfLibre",
- "@type": "owl:DatatypeProperty",
- "rdfs:comment": "isFsfLibre specifies whether the [Free Software Foundation FSF](https://fsf.org)\nhas listed this License as \"free\" in their commentary on licenses, located at\nthe time of this writing at https://www.gnu.org/licenses/license-list.en.html.\n\nA value of \"true\" indicates that the FSF has listed this License as _free_.\n\nA value of \"false\" indicates that the FSF has listed this License as _not free_.\n\nIf the isFsfLibre field is not specified, the SPDX data creator makes no\nassertions about whether the License is listed in the FSF's commentary.",
- "rdfs:range": {
- "@id": "xsd:boolean"
+ "@id": "ns1:Relationship",
+ "@type": [
+ "owl:Class",
+ "sh:NodeShape"
+ ],
+ "rdfs:comment": {
+ "@value": "Describes a relationship between one or more elements.",
+ "@language": "en"
},
- "ns0:term_status": "Stable"
- },
- {
- "@id": "licensing:isOsiApproved",
- "@type": "owl:DatatypeProperty",
- "rdfs:comment": "isOsiApproved specifies whether the [Open Source Initiative (OSI)](https://opensource.org)\nhas listed this License as \"approved\" in their list of OSI Approved Licenses,\nlocated at the time of this writing at https://opensource.org/licenses/.\n\nA value of \"true\" indicates that the OSI has listed this License as approved.\n\nA value of \"false\" indicates that the OSI has not listed this License as\napproved.\n\nIf the isOsiApproved field is not specified, the SPDX data creator makes no\nassertions about whether the License is approved by the OSI.",
- "rdfs:range": {
- "@id": "xsd:boolean"
+ "rdfs:subClassOf": {
+ "@id": "ns1:Element"
},
- "ns0:term_status": "Stable"
- },
- {
- "@id": "licensing:licenseComment",
- "@type": "owl:DatatypeProperty",
- "rdfs:comment": "A licenseComment describes general factual information about the License. It\nshould not contain information (or links to information) that includes any kind\nof interpretation about the meaning or effect of the License, even if written\nby the license's author.\n\nExamples of information for a licenseComment may include the following:\n\n* If the License's identifier is deprecated, it may briefly explain the reason\n for deprecation.\n* It may include the date of release, if identified, for Licenses with multiple\n versions.\n* It may include links to other official language translations for the License.\n* For LicenseAdditions, it may include a reference to the License(s) with\n which this additional text is typically used.",
- "rdfs:range": {
- "@id": "xsd:string"
+ "sh:nodeKind": {
+ "@id": "sh:IRI"
},
- "ns0:term_status": "Stable"
+ "sh:property": [
+ {
+ "sh:class": {
+ "@id": "ns1:RelationshipCompleteness"
+ },
+ "sh:in": {
+ "@list": [
+ {
+ "@id": "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipCompleteness/incomplete"
+ },
+ {
+ "@id": "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipCompleteness/complete"
+ },
+ {
+ "@id": "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipCompleteness/noAssertion"
+ }
+ ]
+ },
+ "sh:maxCount": 1,
+ "sh:nodeKind": {
+ "@id": "sh:IRI"
+ },
+ "sh:path": {
+ "@id": "ns1:completeness"
+ }
+ },
+ {
+ "sh:datatype": {
+ "@id": "xsd:dateTimeStamp"
+ },
+ "sh:maxCount": 1,
+ "sh:nodeKind": {
+ "@id": "sh:Literal"
+ },
+ "sh:path": {
+ "@id": "ns1:startTime"
+ },
+ "sh:pattern": "^\\d\\d\\d\\d-\\d\\d-\\d\\dT\\d\\d:\\d\\d:\\d\\dZ$"
+ },
+ {
+ "sh:class": {
+ "@id": "ns1:Element"
+ },
+ "sh:maxCount": 1,
+ "sh:minCount": 1,
+ "sh:nodeKind": {
+ "@id": "sh:IRI"
+ },
+ "sh:path": {
+ "@id": "ns1:from"
+ }
+ },
+ {
+ "sh:class": {
+ "@id": "ns1:Element"
+ },
+ "sh:minCount": 1,
+ "sh:nodeKind": {
+ "@id": "sh:IRI"
+ },
+ "sh:path": {
+ "@id": "ns1:to"
+ }
+ },
+ {
+ "sh:class": {
+ "@id": "ns1:RelationshipType"
+ },
+ "sh:in": {
+ "@list": [
+ {
+ "@id": "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/affects"
+ },
+ {
+ "@id": "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/amendedBy"
+ },
+ {
+ "@id": "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/ancestorOf"
+ },
+ {
+ "@id": "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/availableFrom"
+ },
+ {
+ "@id": "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/configures"
+ },
+ {
+ "@id": "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/contains"
+ },
+ {
+ "@id": "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/coordinatedBy"
+ },
+ {
+ "@id": "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/copiedTo"
+ },
+ {
+ "@id": "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/delegatedTo"
+ },
+ {
+ "@id": "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/dependsOn"
+ },
+ {
+ "@id": "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/descendantOf"
+ },
+ {
+ "@id": "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/describes"
+ },
+ {
+ "@id": "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/doesNotAffect"
+ },
+ {
+ "@id": "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/expandsTo"
+ },
+ {
+ "@id": "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/exploitCreatedBy"
+ },
+ {
+ "@id": "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/fixedBy"
+ },
+ {
+ "@id": "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/fixedIn"
+ },
+ {
+ "@id": "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/foundBy"
+ },
+ {
+ "@id": "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/generates"
+ },
+ {
+ "@id": "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/hasAddedFile"
+ },
+ {
+ "@id": "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/hasAssessmentFor"
+ },
+ {
+ "@id": "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/hasAssociatedVulnerability"
+ },
+ {
+ "@id": "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/hasConcludedLicense"
+ },
+ {
+ "@id": "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/hasDataFile"
+ },
+ {
+ "@id": "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/hasDeclaredLicense"
+ },
+ {
+ "@id": "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/hasDeletedFile"
+ },
+ {
+ "@id": "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/hasDependencyManifest"
+ },
+ {
+ "@id": "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/hasDistributionArtifact"
+ },
+ {
+ "@id": "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/hasDocumentation"
+ },
+ {
+ "@id": "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/hasDynamicLink"
+ },
+ {
+ "@id": "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/hasEvidence"
+ },
+ {
+ "@id": "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/hasExample"
+ },
+ {
+ "@id": "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/hasHost"
+ },
+ {
+ "@id": "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/hasInput"
+ },
+ {
+ "@id": "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/hasMetadata"
+ },
+ {
+ "@id": "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/hasOptionalComponent"
+ },
+ {
+ "@id": "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/hasOptionalDependency"
+ },
+ {
+ "@id": "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/hasOutput"
+ },
+ {
+ "@id": "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/hasPrerequisite"
+ },
+ {
+ "@id": "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/hasProvidedDependency"
+ },
+ {
+ "@id": "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/hasRequirement"
+ },
+ {
+ "@id": "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/hasSpecification"
+ },
+ {
+ "@id": "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/hasStaticLink"
+ },
+ {
+ "@id": "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/hasTest"
+ },
+ {
+ "@id": "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/hasTestCase"
+ },
+ {
+ "@id": "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/hasVariant"
+ },
+ {
+ "@id": "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/invokedBy"
+ },
+ {
+ "@id": "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/modifiedBy"
+ },
+ {
+ "@id": "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/other"
+ },
+ {
+ "@id": "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/packagedBy"
+ },
+ {
+ "@id": "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/patchedBy"
+ },
+ {
+ "@id": "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/publishedBy"
+ },
+ {
+ "@id": "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/reportedBy"
+ },
+ {
+ "@id": "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/republishedBy"
+ },
+ {
+ "@id": "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/serializedInArtifact"
+ },
+ {
+ "@id": "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/testedOn"
+ },
+ {
+ "@id": "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/trainedOn"
+ },
+ {
+ "@id": "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/underInvestigationFor"
+ },
+ {
+ "@id": "https://spdx.org/rdf/3.0.1/terms/Core/RelationshipType/usesTool"
+ }
+ ]
+ },
+ "sh:maxCount": 1,
+ "sh:minCount": 1,
+ "sh:nodeKind": {
+ "@id": "sh:IRI"
+ },
+ "sh:path": {
+ "@id": "ns1:relationshipType"
+ }
+ },
+ {
+ "sh:datatype": {
+ "@id": "xsd:dateTimeStamp"
+ },
+ "sh:maxCount": 1,
+ "sh:nodeKind": {
+ "@id": "sh:Literal"
+ },
+ "sh:path": {
+ "@id": "ns1:endTime"
+ },
+ "sh:pattern": "^\\d\\d\\d\\d-\\d\\d-\\d\\dT\\d\\d:\\d\\d:\\d\\dZ$"
+ }
+ ]
},
{
- "@id": "licensing:licenseId",
- "@type": "owl:DatatypeProperty",
- "rdfs:comment": "A licenseId contains a human-readable, short-form license identifier for a\nLicense. It may only include letters, numbers, period (\".\") and hyphen (\"-\")\ncharacters.\n\nFor a ListedLicense, the licenseId will be as specified on the\n[SPDX License List](https://spdx.org/licenses) for the particular license.\n\nFor a CustomLicense, the short-form license identifer must begin with the\nprefix `LicenseRef-` and must be unique within the applicable SPDX namespace.\nThe short-form license ID may be preceded by an SPDX namespace or a\nfully-qualified URI prefix.",
- "rdfs:range": {
- "@id": "xsd:string"
+ "@id": "ns1:Tool",
+ "@type": "owl:Class",
+ "rdfs:comment": {
+ "@value": "An element of hardware and/or software utilized to carry out a particular function.",
+ "@language": "en"
},
- "ns0:term_status": "Stable"
- },
- {
- "@id": "licensing:licenseName",
- "@type": "owl:DatatypeProperty",
- "rdfs:comment": "A licenseName contains the full name of a License, preferably using the title found\nin the applicable license text or file, or as otherwise specified by the\nLicense's author or steward.\n\nWhen no such title is specified, using a name from another well-known source or list\nof licenses (such as OSI or Fedora) is suggested.\n\nIf no official or common name is known, any name may be used to aid in\ndistinguishing the License from other Licenses.",
- "rdfs:range": {
- "@id": "xsd:string"
+ "rdfs:subClassOf": {
+ "@id": "ns1:Element"
},
- "ns0:term_status": "Stable"
+ "sh:nodeKind": {
+ "@id": "sh:IRI"
+ }
},
{
- "@id": "licensing:licenseText",
- "@type": "owl:DatatypeProperty",
- "rdfs:comment": "A licenseText contains the plain text of the License, without templating\nor other similar markup.\n\nUsers of the licenseText for a License can apply the SPDX Matching Guidelines\nwhen comparing it to another text for matching purposes.",
- "rdfs:range": {
- "@id": "xsd:string"
+ "@id": "ns1:algorithm",
+ "@type": "owl:ObjectProperty",
+ "rdfs:comment": {
+ "@value": "Specifies the algorithm used for calculating the hash value.",
+ "@language": "en"
},
- "ns0:term_status": "Stable"
- },
- {
- "@id": "licensing:standardAdditionTemplate",
- "@type": "owl:DatatypeProperty",
- "rdfs:comment": "A standardAdditionTemplate contains a license addition template which describes\nsections of the LicenseAddition text which can be varied. See the Legacy Text\nTemplate format section of the SPDX specification for format information.",
"rdfs:range": {
- "@id": "xsd:string"
- },
- "ns0:term_status": "Stable"
+ "@id": "ns1:HashAlgorithm"
+ }
},
{
- "@id": "licensing:standardLicenseHeader",
+ "@id": "ns1:hashValue",
"@type": "owl:DatatypeProperty",
- "rdfs:comment": "A standardLicenseHeader contains the plain text of the License author's\npreferred wording to be used, typically in a source code file's header\ncomments or similar location, to indicate that the file is subject to\nthe specified License.",
- "rdfs:range": {
- "@id": "xsd:string"
+ "rdfs:comment": {
+ "@value": "The result of applying a hash algorithm to an Element.",
+ "@language": "en"
},
- "ns0:term_status": "Stable"
- },
- {
- "@id": "licensing:standardLicenseTemplate",
- "@type": "owl:DatatypeProperty",
- "rdfs:comment": "A standardLicenseTemplate contains a license template which describes\nsections of the License text which can be varied. See the Legacy Text Template\nformat section of the SPDX specification for format information.",
"rdfs:range": {
"@id": "xsd:string"
- },
- "ns0:term_status": "Stable"
+ }
},
{
- "@id": "licensing:subjectAddition",
+ "@id": "ns1:suppliedBy",
"@type": "owl:ObjectProperty",
- "rdfs:comment": "A subjectAddition is a LicenseAddition which is subject to a 'with additional\ntext' effect (WithAdditionOperator).",
- "rdfs:range": {
- "@id": "licensing:LicenseAddition"
- },
- "ns0:term_status": "Stable"
- },
- {
- "@id": "security:actionStatement",
- "@type": "owl:DatatypeProperty",
- "rdfs:comment": "When an element is referenced with a VexAffectedVulnAssessmentRelationship,\nthe relationship MUST include one actionStatement that SHOULD describe actions\nto remediate or mitigate the vulnerability.",
- "rdfs:range": {
- "@id": "xsd:string"
+ "rdfs:comment": {
+ "@value": "Identifies who or what supplied the artifact or VulnAssessmentRelationship\nreferenced by the Element.",
+ "@language": "en"
},
- "ns0:term_status": "Stable"
- },
- {
- "@id": "security:actionStatementTime",
- "@type": "owl:DatatypeProperty",
- "rdfs:comment": "TODO",
"rdfs:range": {
- "@id": "core:DateTime"
- },
- "ns0:term_status": "Stable"
+ "@id": "ns1:Agent"
+ }
},
{
- "@id": "security:assessedElement",
+ "@id": "ns1:verifiedUsing",
"@type": "owl:ObjectProperty",
- "rdfs:comment": "Specifies subpackages, files or snippets referenced by a security assessment\nto specify the precise location where a vulnerability was found.",
- "rdfs:range": {
- "@id": "core:Element"
- },
- "ns0:term_status": "Stable"
- },
- {
- "@id": "security:catalogType",
- "@type": "owl:DatatypeProperty",
- "rdfs:comment": "A catalogType is a mandatory value and must select one of the two entries in the `ExploitCatalogType.md` vocabulary.",
- "rdfs:range": {
- "@id": "security:ExploitCatalogType"
- },
- "ns0:term_status": "Stable"
- },
- {
- "@id": "security:decisionType",
- "@type": "owl:DatatypeProperty",
- "rdfs:comment": "A decisionType is a mandatory value and must select one of the four entries in the `SsvcDecisionType.md` vocabulary.",
- "rdfs:range": {
- "@id": "security:SsvcDecisionType"
- },
- "ns0:term_status": "Stable"
- },
- {
- "@id": "security:exploited",
- "@type": "owl:DatatypeProperty",
- "rdfs:comment": "This field is set when a CVE is listed in an exploit catalog.",
- "rdfs:range": {
- "@id": "xsd:boolean"
- },
- "ns0:term_status": "Stable"
- },
- {
- "@id": "security:impactStatement",
- "@type": "owl:DatatypeProperty",
- "rdfs:comment": "When a VEX product element is related with a VexNotAffectedVulnAssessmentRelationship\nand a machine readable justification label is not provided, then an impactStatement\nthat further explains how or why the prouct(s) are not affected by the vulnerability\nmust be provided.",
- "rdfs:range": {
- "@id": "xsd:string"
- },
- "ns0:term_status": "Stable"
- },
- {
- "@id": "security:impactStatementTime",
- "@type": "owl:DatatypeProperty",
- "rdfs:comment": "TODO",
- "rdfs:range": {
- "@id": "core:DateTime"
+ "rdfs:comment": {
+ "@value": "Provides an IntegrityMethod with which the integrity of an Element can be\nasserted.",
+ "@language": "en"
},
- "ns0:term_status": "Stable"
- },
- {
- "@id": "security:justificationType",
- "@type": "owl:DatatypeProperty",
- "rdfs:comment": "When stating that an element is not affected by a vulnerability, the\nVexNotAffectedVulnAssessmentRelationship must include a justification from the\nmachine-readable labels catalog informing the reason the element is not impacted.\n\nimpactStatement which is a string with English prose can be used instead or as\ncomplementary to the justification label, but one of both MUST be defined.",
"rdfs:range": {
- "@id": "security:VexJustificationType"
- },
- "ns0:term_status": "Stable"
+ "@id": "ns1:IntegrityMethod"
+ }
},
{
- "@id": "security:locator",
- "@type": "owl:DatatypeProperty",
- "rdfs:comment": "A locator provides the location of an exploit catalog.",
- "rdfs:range": {
- "@id": "xsd:anyURI"
+ "@id": "ns6:IndividualLicensingInfo",
+ "@type": "owl:Class",
+ "rdfs:comment": {
+ "@value": "A concrete subclass of AnyLicenseInfo used by Individuals in the\nExpandedLicensing profile.",
+ "@language": "en"
},
- "ns0:term_status": "Stable"
- },
- {
- "@id": "security:probability",
- "@type": "owl:DatatypeProperty",
- "rdfs:comment": "The probability score between 0 and 1 (0 and 100%) estimating the likelihood\nthat a vulnerability will be exploited in the next 12 months.",
- "rdfs:range": {
- "@id": "xsd:decimal"
+ "rdfs:subClassOf": {
+ "@id": "https://spdx.org/rdf/3.0.1/terms/SimpleLicensing/AnyLicenseInfo"
},
- "ns0:term_status": "Stable"
+ "sh:nodeKind": {
+ "@id": "sh:IRI"
+ }
},
{
- "@id": "security:statusNotes",
+ "@id": "ns6:deprecatedVersion",
"@type": "owl:DatatypeProperty",
- "rdfs:comment": "TODO",
- "rdfs:range": {
- "@id": "xsd:string"
+ "rdfs:comment": {
+ "@value": "Specifies the SPDX License List version in which this license or exception\nidentifier was deprecated.",
+ "@language": "en"
},
- "ns0:term_status": "Stable"
- },
- {
- "@id": "security:suppliedBy",
- "@type": "owl:ObjectProperty",
- "rdfs:comment": "Identify the actual distribution source for the vulnerability assessment relationship being referenced.",
- "rdfs:range": {
- "@id": "core:Agent"
- },
- "ns0:term_status": "Stable"
- },
- {
- "@id": "security:vexVersion",
- "@type": "owl:DatatypeProperty",
- "rdfs:comment": "TODO",
"rdfs:range": {
"@id": "xsd:string"
- },
- "ns0:term_status": "Stable"
+ }
},
{
- "@id": "software:additionalPurpose",
+ "@id": "ns6:licenseXml",
"@type": "owl:DatatypeProperty",
- "rdfs:comment": "Additional purpose provides information about the additional purposes of the software artifact in addition to the primaryPurpose.",
- "rdfs:range": {
- "@id": "software:SoftwarePurpose"
+ "rdfs:comment": {
+ "@value": "Identifies all the text and metadata associated with a license in the license\nXML format.",
+ "@language": "en"
},
- "ns0:term_status": "Stable"
- },
- {
- "@id": "software:attributionText",
- "@type": "owl:DatatypeProperty",
- "rdfs:comment": "An attributionText for a software Package, File or Snippet provides a consumer\nof SPDX data with acknowledgement content, to assist redistributors of the\nPackage, File or Snippet with reproducing those acknowledgements.\n\nFor example, this field may include a statement that is required by a\nparticular license to be reproduced in end-user documentation, advertising\nmaterials, or another form.\n\nThis field may describe where, or in which contexts, the acknowledgements\nneed to be reproduced, but it is not required to do so. The SPDX data creator\nmay also explain elsewhere (such as in a licenseComment field) how they intend\nfor data in this field to be used.\n\nAn attributionText is is not meant to include the software Package, File or\nSnippet’s actual complete license text (see concludedLicense to identify the\ncorresponding license).",
"rdfs:range": {
"@id": "xsd:string"
- },
- "ns0:term_status": "Stable"
- },
- {
- "@id": "software:byteRange",
- "@type": "owl:DatatypeProperty",
- "rdfs:comment": "This field defines the byte range in the original host file that the snippet information applies to.\nA range of bytes is independent of various formatting concerns, and the most accurate way \nof referring to the differences. The choice was made to start the numbering of \nthe byte range at 1 to be consistent with the W3C pointer method vocabulary.",
- "rdfs:range": {
- "@id": "core:PositiveIntegerRange"
- },
- "ns0:term_status": "Stable"
- },
- {
- "@id": "software:concludedLicense",
- "@type": "owl:ObjectProperty",
- "rdfs:comment": "A concludedLicense is the license identified by the SPDX data creator,\nbased on analyzing the license information in the software Package, File\nor Snippet and other information to arrive at a reasonably objective\nconclusion as to what license governs it.\n\nIf a concludedLicense has a NONE value (NoneLicense), this indicates that the\nSPDX data creator has looked and did not find any license information for this\nsoftware Package, File or Snippet.\n\nIf a concludedLicense has a NOASSERTION value (NoAssertionLicense), this\nindicates that one of the following applies:\n* the SPDX data creator has attempted to but cannot reach a reasonable\n objective determination;\n* the SPDX data creator has made no attempt to determine this field; or\n* the SPDX data creator has intentionally provided no information (no\n meaning should be implied by doing so).\n\nA written explanation of a NOASSERTION value (NoAssertionLicense) MAY be\nprovided in the licenseComment field.\n\nIf the concludedLicense for a software Package, File or Snippet is not the\nsame as its declaredLicense, a written explanation SHOULD be provided in\nthe licenseComment field.\n\nIf the declaredLicense for a software Package, File or Snippet is a choice\nof more than one license (e.g. a license expression combining two licenses\nthrough use of the `OR` operator), then the concludedLicense may either\nretain the license choice or identify which license was chosen.",
- "rdfs:range": {
- "@id": "licensing:LicenseField"
- },
- "ns0:term_status": "Stable"
- },
- {
- "@id": "software:conditionality",
- "@type": "owl:DatatypeProperty",
- "rdfs:comment": "A conditionality is TODO",
- "rdfs:range": {
- "@id": "software:DependencyConditionalityType"
- },
- "ns0:term_status": "Stable"
- },
- {
- "@id": "software:contentIdentifier",
- "@type": "owl:DatatypeProperty",
- "rdfs:comment": "A contentIdentifier is TODO",
- "rdfs:range": {
- "@id": "xsd:anyURI"
- },
- "ns0:term_status": "Stable"
+ }
},
{
- "@id": "software:contentType",
+ "@id": "ns6:listVersionAdded",
"@type": "owl:DatatypeProperty",
- "rdfs:comment": "This field is a reasonable estimation of the content type of the Element, from a creator perspective.\nContent type is intrinsic to the Element, independent of how the Element is being used.",
- "rdfs:range": {
- "@id": "core:MediaType"
+ "rdfs:comment": {
+ "@value": "Specifies the SPDX License List version in which this ListedLicense or\nListedLicenseException identifier was first added.",
+ "@language": "en"
},
- "ns0:term_status": "Stable"
- },
- {
- "@id": "software:copyrightText",
- "@type": "owl:ObjectProperty",
- "rdfs:comment": "A copyrightText consists of the text(s) of the copyright notice(s) found\nfor a software Package, File or Snippet, if any.\n\nIf a copyrightText contains text, then it may contain any text related to\none or more copyright notices (even if not complete) for that software\nPackage, File or Snippet.\n\nIf a copyrightText has a \"NONE\" value, this indicates that the software\nPackage, File or Snippet contains no copyright notice whatsoever.\n\nIf a copyrightText has a \"NOASSERTION\" value, this indicates that one of the\nfollowing applies:\n* the SPDX data creator has attempted to but cannot reach a reasonable\n objective determination;\n* the SPDX data creator has made no attempt to determine this field; or\n* the SPDX data creator has intentionally provided no information (no\n meaning should be implied by doing so).",
"rdfs:range": {
"@id": "xsd:string"
- },
- "ns0:term_status": "Stable"
+ }
},
{
- "@id": "software:declaredLicense",
+ "@id": "ns6:member",
"@type": "owl:ObjectProperty",
- "rdfs:comment": "A declaredLicense is the license identified in text in the software package,\nfile or snippet as the license declared by its authors.\n\nThis field is not intended to capture license information obtained from an\nexternal source, such as a package's website. Such information can be\nincluded, as needed, in a concludedLicense field.\n\nA declaredLicense may be expressed differently in practice for different\ntypes of artifacts. For example:\n\n* for Packages:\n * would include license info describing the license of the Package as a\n whole, when it is found in the Package itself (e.g., LICENSE file,\n README file, metadata in the repository, etc.)\n * would not include any license information that is not in the Package\n itself (e.g., license information from the project’s website or from a\n third party repository or website)\n* for Files:\n * would include license info found in the File itself (e.g., license\n header or notice, comments, SPDX-License-Identifier expression)\n * would not include license info found in a different file (e.g., LICENSE\n file in the top directory of a repository)\n* for Snippets:\n * would include license info found in the Snippet itself (e.g., license\n notice, comments, SPDX-License-Identifier expression)\n * would not include license info found elsewhere in the File or in a\n different File (e.g., comment at top of File if it is not within the\n Snippet, LICENSE file in the top directory of a repository)\n\nIf a declaredLicense has a NONE value (NoneLicense), this indicates that the\ncorresponding Package, File or Snippet contains no license information\nwhatsoever.\n\nIf a declaredLicense has a NOASSERTION value (NoAssertionLicense), this\nindicates that one of the following applies:\n* the SPDX data creator has attempted to but cannot reach a reasonable\n objective determination;\n* the SPDX data creator has made no attempt to determine this field; or\n* the SPDX data creator has intentionally provided no information (no meaning\n should be implied by doing so).",
- "rdfs:range": {
- "@id": "licensing:LicenseField"
- },
- "ns0:term_status": "Stable"
- },
- {
- "@id": "software:downloadLocation",
- "@type": "owl:DatatypeProperty",
- "rdfs:comment": "DownloadLocation identifies the download Uniform Resource Identifier \nfor the package at the time that the document was created.\nWhere and how to download the exact package being referenced \nis critical for verification and tracking data.",
- "rdfs:range": {
- "@id": "xsd:anyURI"
- },
- "ns0:term_status": "Stable"
- },
- {
- "@id": "software:homePage",
- "@type": "owl:DatatypeProperty",
- "rdfs:comment": "HomePage is a place for the SPDX document creator to record a website that serves as the package's home page.\nThis saves the recipient of the SPDX document who is looking for more info from\nhaving to search for and verify a match between the package and the associated project home page.\nThis link can also be used to reference further information about the package\nreferenced by the SPDX document creator.",
- "rdfs:range": {
- "@id": "xsd:anyURI"
+ "rdfs:comment": {
+ "@value": "A license expression participating in a license set.",
+ "@language": "en"
},
- "ns0:term_status": "Stable"
- },
- {
- "@id": "software:lineRange",
- "@type": "owl:DatatypeProperty",
- "rdfs:comment": "This field defines the line range in the original host file that the snippet information applies to.\nIf there is a disagreement between the byte range and line range, the byte range values will take precedence.\nA range of lines is a convenient reference for those files where there is a known line delimiter. \nThe choice was made to start the numbering of the lines at 1 to be consistent with the W3C pointer method vocabulary.",
"rdfs:range": {
- "@id": "core:PositiveIntegerRange"
- },
- "ns0:term_status": "Stable"
+ "@id": "https://spdx.org/rdf/3.0.1/terms/SimpleLicensing/AnyLicenseInfo"
+ }
},
{
- "@id": "software:packageUrl",
+ "@id": "ns6:obsoletedBy",
"@type": "owl:DatatypeProperty",
- "rdfs:comment": "A packageUrl is TODO",
- "rdfs:range": {
- "@id": "xsd:anyURI"
+ "rdfs:comment": {
+ "@value": "Specifies the licenseId that is preferred to be used in place of a deprecated\nLicense or LicenseAddition.",
+ "@language": "en"
},
- "ns0:term_status": "Stable"
- },
- {
- "@id": "software:packageVersion",
- "@type": "owl:DatatypeProperty",
- "rdfs:comment": "A packageVersion is useful for identification purposes and for indicating later changes of the package version.",
"rdfs:range": {
"@id": "xsd:string"
- },
- "ns0:term_status": "Stable"
- },
- {
- "@id": "software:primaryPurpose",
- "@type": "owl:DatatypeProperty",
- "rdfs:comment": "primaryPurpose provides information about the primary purpose of the software artifact.",
- "rdfs:range": {
- "@id": "software:SoftwarePurpose"
- },
- "ns0:term_status": "Stable"
- },
- {
- "@id": "software:sbomType",
- "@type": "owl:DatatypeProperty",
- "rdfs:comment": "This field is a reasonable estimation of the type of SBOM created from a creator perspective.\nIt is intended to be used to give guidance on the elements that may be contained within it.\nAligning with the guidance produced in [Types of Software Bill of Material (SBOM) Documents](https://www.cisa.gov/sites/default/files/2023-04/sbom-types-document-508c.pdf).",
- "rdfs:range": {
- "@id": "software:SBOMType"
- },
- "ns0:term_status": "Stable"
+ }
},
{
- "@id": "software:softwareLinkage",
+ "@id": "ns6:seeAlso",
"@type": "owl:DatatypeProperty",
- "rdfs:comment": "A softwareLinkage is TODO",
- "rdfs:range": {
- "@id": "software:SoftwareDependencyLinkType"
+ "rdfs:comment": {
+ "@value": "Contains a URL where the License or LicenseAddition can be found in use.",
+ "@language": "en"
},
- "ns0:term_status": "Stable"
- },
- {
- "@id": "software:sourceInfo",
- "@type": "owl:DatatypeProperty",
- "rdfs:comment": "SourceInfo records any relevant background information or additional comments\nabout the origin of the package. For example, this field might include comments \nindicating whether the package was pulled from a source code management system \nor has been repackaged. The creator can provide additional information to describe\nany anomalies or discoveries in the determination of the origin of the package.",
"rdfs:range": {
- "@id": "xsd:string"
- },
- "ns0:term_status": "Stable"
- },
- {
- "@id": "core:Bundle",
- "@type": [
- "owl:Class",
- "sh:NodeShape"
- ],
- "rdfs:comment": "A bundle is a collection of Elements that have a shared context.",
- "rdfs:subClassOf": {
- "@id": "core:ElementCollection"
- },
- "ns0:term_status": "Stable",
- "sh:property": {
- "sh:datatype": {
- "@id": "xsd:string"
- },
- "sh:maxCount": 1,
- "sh:name": "context",
- "sh:path": {
- "@id": "core:context"
- }
+ "@id": "xsd:anyURI"
}
},
{
- "@id": "core:ExternalIdentifier",
+ "@id": "https://spdx.org/rdf/3.0.1/terms/Extension/CdxPropertyEntry",
"@type": [
"owl:Class",
"sh:NodeShape"
],
- "rdfs:comment": "An ExternalIdentifier is a reference to a resource outside the scope of SPDX-3.0 content\nthat uniquely identifies an Element.",
- "ns0:term_status": "Stable",
+ "rdfs:comment": {
+ "@value": "A property name with an associated value.",
+ "@language": "en"
+ },
+ "sh:nodeKind": {
+ "@id": "sh:BlankNode"
+ },
"sh:property": [
{
"sh:datatype": {
"@id": "xsd:string"
},
"sh:maxCount": 1,
- "sh:minCount": 1,
- "sh:name": "identifier",
- "sh:path": {
- "@id": "core:identifier"
- }
- },
- {
- "sh:datatype": {
- "@id": "xsd:string"
- },
- "sh:maxCount": 1,
- "sh:name": "comment",
- "sh:path": {
- "@id": "core:comment"
- }
- },
- {
- "sh:datatype": {
- "@id": "xsd:anyURI"
+ "sh:nodeKind": {
+ "@id": "sh:Literal"
},
- "sh:name": "identifierLocator",
"sh:path": {
- "@id": "core:identifierLocator"
+ "@id": "https://spdx.org/rdf/3.0.1/terms/Extension/cdxPropValue"
}
},
{
"sh:datatype": {
- "@id": "xsd:anyURI"
- },
- "sh:maxCount": 1,
- "sh:name": "issuingAuthority",
- "sh:path": {
- "@id": "core:issuingAuthority"
- }
- },
- {
- "sh:class": {
- "@id": "core:ExternalIdentifierType"
+ "@id": "xsd:string"
},
"sh:maxCount": 1,
"sh:minCount": 1,
- "sh:name": "externalIdentifierType",
+ "sh:nodeKind": {
+ "@id": "sh:Literal"
+ },
"sh:path": {
- "@id": "core:externalIdentifierType"
+ "@id": "https://spdx.org/rdf/3.0.1/terms/Extension/cdxPropName"
}
}
]
},
{
- "@id": "core:ExternalReference",
+ "@id": "https://spdx.org/rdf/3.0.1/terms/Security/CvssSeverityType/critical",
+ "@type": [
+ "owl:NamedIndividual",
+ "ns5:CvssSeverityType"
+ ],
+ "rdfs:label": "critical",
+ "rdfs:comment": {
+ "@value": "When a CVSS score is between 9.0 - 10.0",
+ "@language": "en"
+ }
+ },
+ {
+ "@id": "https://spdx.org/rdf/3.0.1/terms/Security/CvssSeverityType/high",
+ "@type": [
+ "owl:NamedIndividual",
+ "ns5:CvssSeverityType"
+ ],
+ "rdfs:label": "high",
+ "rdfs:comment": {
+ "@value": "When a CVSS score is between 7.0 - 8.9",
+ "@language": "en"
+ }
+ },
+ {
+ "@id": "https://spdx.org/rdf/3.0.1/terms/Security/CvssSeverityType/low",
+ "@type": [
+ "owl:NamedIndividual",
+ "ns5:CvssSeverityType"
+ ],
+ "rdfs:label": "low",
+ "rdfs:comment": {
+ "@value": "When a CVSS score is between 0.1 - 3.9",
+ "@language": "en"
+ }
+ },
+ {
+ "@id": "https://spdx.org/rdf/3.0.1/terms/Security/CvssSeverityType/medium",
+ "@type": [
+ "owl:NamedIndividual",
+ "ns5:CvssSeverityType"
+ ],
+ "rdfs:label": "medium",
+ "rdfs:comment": {
+ "@value": "When a CVSS score is between 4.0 - 6.9",
+ "@language": "en"
+ }
+ },
+ {
+ "@id": "https://spdx.org/rdf/3.0.1/terms/Security/CvssSeverityType/none",
+ "@type": [
+ "owl:NamedIndividual",
+ "ns5:CvssSeverityType"
+ ],
+ "rdfs:label": "none",
+ "rdfs:comment": {
+ "@value": "When a CVSS score is 0.0",
+ "@language": "en"
+ }
+ },
+ {
+ "@id": "ns5:modifiedTime",
+ "@type": "owl:DatatypeProperty",
+ "rdfs:comment": {
+ "@value": "Specifies a time when a vulnerability assessment was modified",
+ "@language": "en"
+ },
+ "rdfs:range": {
+ "@id": "xsd:dateTimeStamp"
+ }
+ },
+ {
+ "@id": "ns5:publishedTime",
+ "@type": "owl:DatatypeProperty",
+ "rdfs:comment": {
+ "@value": "Specifies the time when a vulnerability was published.",
+ "@language": "en"
+ },
+ "rdfs:range": {
+ "@id": "xsd:dateTimeStamp"
+ }
+ },
+ {
+ "@id": "ns5:severity",
+ "@type": "owl:ObjectProperty",
+ "rdfs:comment": {
+ "@value": "Specifies the CVSS qualitative severity rating of a vulnerability in relation to a piece of software.",
+ "@language": "en"
+ },
+ "rdfs:range": {
+ "@id": "ns5:CvssSeverityType"
+ }
+ },
+ {
+ "@id": "ns5:withdrawnTime",
+ "@type": "owl:DatatypeProperty",
+ "rdfs:comment": {
+ "@value": "Specified the time and date when a vulnerability was withdrawn.",
+ "@language": "en"
+ },
+ "rdfs:range": {
+ "@id": "xsd:dateTimeStamp"
+ }
+ },
+ {
+ "@id": "https://spdx.org/rdf/3.0.1/terms/SimpleLicensing/licenseText",
+ "@type": "owl:DatatypeProperty",
+ "rdfs:comment": {
+ "@value": "Identifies the full text of a License or Addition.",
+ "@language": "en"
+ },
+ "rdfs:range": {
+ "@id": "xsd:string"
+ }
+ },
+ {
+ "@id": "ns2:ContentIdentifier",
"@type": [
"owl:Class",
"sh:NodeShape"
],
- "rdfs:comment": "An External Reference points to a resource outside the scope of the SPDX-3.0 content\nthat provides additional characteristics of an Element.",
- "ns0:term_status": "Stable",
+ "rdfs:comment": {
+ "@value": "A canonical, unique, immutable identifier",
+ "@language": "en"
+ },
+ "rdfs:subClassOf": {
+ "@id": "ns1:IntegrityMethod"
+ },
+ "sh:nodeKind": {
+ "@id": "sh:BlankNode"
+ },
"sh:property": [
- {
- "sh:class": {
- "@id": "core:ExternalReferenceType"
- },
- "sh:maxCount": 1,
- "sh:name": "externalReferenceType",
- "sh:path": {
- "@id": "core:externalReferenceType"
- }
- },
{
"sh:datatype": {
"@id": "xsd:anyURI"
},
- "sh:name": "locator",
- "sh:path": {
- "@id": "core:locator"
- }
- },
- {
- "sh:datatype": {
- "@id": "xsd:string"
- },
"sh:maxCount": 1,
- "sh:name": "comment",
+ "sh:minCount": 1,
+ "sh:nodeKind": {
+ "@id": "sh:Literal"
+ },
"sh:path": {
- "@id": "core:comment"
+ "@id": "ns2:contentIdentifierValue"
}
},
{
- "sh:datatype": {
- "@id": "core:MediaType"
+ "sh:class": {
+ "@id": "ns2:ContentIdentifierType"
+ },
+ "sh:in": {
+ "@list": [
+ {
+ "@id": "https://spdx.org/rdf/3.0.1/terms/Software/ContentIdentifierType/gitoid"
+ },
+ {
+ "@id": "https://spdx.org/rdf/3.0.1/terms/Software/ContentIdentifierType/swhid"
+ }
+ ]
},
"sh:maxCount": 1,
- "sh:name": "contentType",
+ "sh:minCount": 1,
+ "sh:nodeKind": {
+ "@id": "sh:IRI"
+ },
"sh:path": {
- "@id": "core:contentType"
+ "@id": "ns2:contentIdentifierType"
}
}
]
},
{
- "@id": "core:Hash",
+ "@id": "ns2:File",
"@type": [
"owl:Class",
"sh:NodeShape"
],
- "rdfs:comment": "A hash is a grouping of characteristics unique to the result\nof applying a mathematical algorithm\nthat maps data of arbitrary size to a bit string (the hash)\nand is a one-way function, that is,\na function which is practically infeasible to invert.\nThis is commonly used for integrity checking of data.",
+ "rdfs:comment": {
+ "@value": "Refers to any object that stores content on a computer.",
+ "@language": "en"
+ },
"rdfs:subClassOf": {
- "@id": "core:IntegrityMethod"
+ "@id": "ns2:SoftwareArtifact"
+ },
+ "sh:nodeKind": {
+ "@id": "sh:IRI"
},
- "ns0:term_status": "Stable",
"sh:property": [
{
"sh:class": {
- "@id": "core:HashAlgorithm"
+ "@id": "ns2:FileKindType"
+ },
+ "sh:in": {
+ "@list": [
+ {
+ "@id": "https://spdx.org/rdf/3.0.1/terms/Software/FileKindType/file"
+ },
+ {
+ "@id": "https://spdx.org/rdf/3.0.1/terms/Software/FileKindType/directory"
+ }
+ ]
},
"sh:maxCount": 1,
- "sh:minCount": 1,
- "sh:name": "algorithm",
+ "sh:nodeKind": {
+ "@id": "sh:IRI"
+ },
"sh:path": {
- "@id": "core:algorithm"
+ "@id": "ns2:fileKind"
}
},
{
@@ -4147,708 +7748,1137 @@
"@id": "xsd:string"
},
"sh:maxCount": 1,
- "sh:minCount": 1,
- "sh:name": "hashValue",
- "sh:path": {
- "@id": "core:hashValue"
- }
- }
- ]
- },
- {
- "@id": "core:Payload",
- "@type": [
- "owl:Class",
- "sh:NodeShape"
- ],
- "rdfs:comment": "TODO",
- "ns0:term_status": "Stable",
- "sh:property": [
- {
- "sh:class": {
- "@id": "core:NamespaceMap"
- },
- "sh:name": "namespaces",
- "sh:path": {
- "@id": "core:namespaces"
- }
- },
- {
- "sh:class": {
- "@id": "core:ExternalMap"
+ "sh:nodeKind": {
+ "@id": "sh:Literal"
},
- "sh:name": "imports",
"sh:path": {
- "@id": "core:imports"
- }
- },
- {
- "sh:class": {
- "@id": "core:CreationInfo"
+ "@id": "ns1:contentType"
},
- "sh:maxCount": 1,
- "sh:name": "creationInfo",
- "sh:path": {
- "@id": "core:creationInfo"
- }
+ "sh:pattern": "^[^\\/]+\\/[^\\/]+$"
}
]
},
{
- "@id": "core:Relationship",
+ "@id": "ns2:Package",
"@type": [
"owl:Class",
"sh:NodeShape"
],
- "rdfs:comment": "A Relationship is a grouping of characteristics unique to an assertion\nthat one Element is related to one or more other Elements in some way.",
+ "rdfs:comment": {
+ "@value": "Refers to any unit of content that can be associated with a distribution of\nsoftware.",
+ "@language": "en"
+ },
"rdfs:subClassOf": {
- "@id": "core:Element"
+ "@id": "ns2:SoftwareArtifact"
+ },
+ "sh:nodeKind": {
+ "@id": "sh:IRI"
},
- "ns0:term_status": "Stable",
"sh:property": [
{
"sh:datatype": {
- "@id": "core:DateTime"
+ "@id": "xsd:anyURI"
},
"sh:maxCount": 1,
- "sh:name": "endTime",
+ "sh:nodeKind": {
+ "@id": "sh:Literal"
+ },
"sh:path": {
- "@id": "core:endTime"
+ "@id": "ns2:downloadLocation"
}
},
{
"sh:datatype": {
- "@id": "core:DateTime"
+ "@id": "xsd:anyURI"
},
"sh:maxCount": 1,
- "sh:name": "startTime",
+ "sh:nodeKind": {
+ "@id": "sh:Literal"
+ },
"sh:path": {
- "@id": "core:startTime"
+ "@id": "ns2:homePage"
}
},
{
- "sh:class": {
- "@id": "core:Element"
+ "sh:datatype": {
+ "@id": "xsd:string"
},
"sh:maxCount": 1,
- "sh:minCount": 1,
- "sh:name": "from",
- "sh:path": {
- "@id": "core:from"
- }
- },
- {
- "sh:class": {
- "@id": "core:Element"
+ "sh:nodeKind": {
+ "@id": "sh:Literal"
},
- "sh:name": "to",
"sh:path": {
- "@id": "core:to"
+ "@id": "ns2:packageVersion"
}
},
{
- "sh:class": {
- "@id": "core:RelationshipCompleteness"
+ "sh:datatype": {
+ "@id": "xsd:string"
},
"sh:maxCount": 1,
- "sh:name": "completeness",
+ "sh:nodeKind": {
+ "@id": "sh:Literal"
+ },
"sh:path": {
- "@id": "core:completeness"
+ "@id": "ns2:sourceInfo"
}
},
{
- "sh:class": {
- "@id": "core:RelationshipType"
+ "sh:datatype": {
+ "@id": "xsd:anyURI"
},
"sh:maxCount": 1,
- "sh:minCount": 1,
- "sh:name": "relationshipType",
+ "sh:nodeKind": {
+ "@id": "sh:Literal"
+ },
"sh:path": {
- "@id": "core:relationshipType"
+ "@id": "ns2:packageUrl"
}
}
]
},
{
- "@id": "core:SemVer",
+ "@id": "https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/application",
"@type": [
- "owl:Class",
- "sh:NodeShape"
+ "owl:NamedIndividual",
+ "ns2:SoftwarePurpose"
],
- "rdfs:comment": "The semantic version is a string\nthat is following the specification of [Semantic Versioning 2.0.0](https://semver.org/).\nFormat restriction: pattern: ^(0|[1-9]\\d*)\\.(0|[1-9]\\d*)\\.(0|[1-9]\\d*)(?:-((?:0|[1-9]\\d*|\\d*[a-zA-Z-][0-9a-zA-Z-]*)(?:\\.(?:0|[1-9]\\d*|\\d*[a-zA-Z-][0-9a-zA-Z-]*))*))?(?:\\+([0-9a-zA-Z-]+(?:\\.[0-9a-zA-Z-]+)*))?$",
- "rdfs:subClassOf": {
- "@id": "xsd:string"
- },
- "ns0:term_status": "Stable"
+ "rdfs:label": "application",
+ "rdfs:comment": {
+ "@value": "The Element is a software application.",
+ "@language": "en"
+ }
},
{
- "@id": "core:Tool",
+ "@id": "https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/archive",
"@type": [
- "owl:Class",
- "sh:NodeShape"
+ "owl:NamedIndividual",
+ "ns2:SoftwarePurpose"
],
- "rdfs:comment": "A Tool is an element of hardware and/or software utilized to carry out a particular function.",
- "rdfs:subClassOf": {
- "@id": "core:Element"
- },
- "ns0:term_status": "Stable"
+ "rdfs:label": "archive",
+ "rdfs:comment": {
+ "@value": "The Element is an archived collection of one or more files (.tar, .zip, etc.).",
+ "@language": "en"
+ }
},
{
- "@id": "core:contentType",
- "@type": "owl:DatatypeProperty",
- "rdfs:comment": "ContentType specifies the media type of an Element.",
- "rdfs:range": {
- "@id": "core:MediaType"
- },
- "ns0:term_status": "Stable"
+ "@id": "https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/bom",
+ "@type": [
+ "owl:NamedIndividual",
+ "ns2:SoftwarePurpose"
+ ],
+ "rdfs:label": "bom",
+ "rdfs:comment": {
+ "@value": "The Element is a bill of materials.",
+ "@language": "en"
+ }
},
{
- "@id": "core:name",
- "@type": "owl:DatatypeProperty",
- "rdfs:comment": "This field identifies the name of an Element as designated by the creator. \nThe name of an Element is an important convention and easier to refer to than the URI.",
- "rdfs:range": {
- "@id": "xsd:string"
- },
- "ns0:term_status": "Stable"
+ "@id": "https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/configuration",
+ "@type": [
+ "owl:NamedIndividual",
+ "ns2:SoftwarePurpose"
+ ],
+ "rdfs:label": "configuration",
+ "rdfs:comment": {
+ "@value": "The Element is configuration data.",
+ "@language": "en"
+ }
},
{
- "@id": "core:verifiedUsing",
- "@type": "owl:ObjectProperty",
- "rdfs:comment": "VerifiedUsing provides an IntegrityMethod with which the integrity of an Element can be asserted.",
- "rdfs:range": {
- "@id": "core:IntegrityMethod"
- },
- "ns0:term_status": "Stable"
+ "@id": "https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/container",
+ "@type": [
+ "owl:NamedIndividual",
+ "ns2:SoftwarePurpose"
+ ],
+ "rdfs:label": "container",
+ "rdfs:comment": {
+ "@value": "The Element is a container image which can be used by a container runtime application.",
+ "@language": "en"
+ }
},
{
- "@id": "licensing:deprecatedVersion",
- "@type": "owl:DatatypeProperty",
- "rdfs:comment": "A deprecatedVersion for a ListedLicense or ListedLicenseException on the SPDX\nLicense List specifies which version release of the License List was the first\none in which it was marked as deprecated.",
- "rdfs:range": {
- "@id": "xsd:string"
- },
- "ns0:term_status": "Stable"
+ "@id": "https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/data",
+ "@type": [
+ "owl:NamedIndividual",
+ "ns2:SoftwarePurpose"
+ ],
+ "rdfs:label": "data",
+ "rdfs:comment": {
+ "@value": "The Element is data.",
+ "@language": "en"
+ }
+ },
+ {
+ "@id": "https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/device",
+ "@type": [
+ "owl:NamedIndividual",
+ "ns2:SoftwarePurpose"
+ ],
+ "rdfs:label": "device",
+ "rdfs:comment": {
+ "@value": "The Element refers to a chipset, processor, or electronic board.",
+ "@language": "en"
+ }
+ },
+ {
+ "@id": "https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/deviceDriver",
+ "@type": [
+ "owl:NamedIndividual",
+ "ns2:SoftwarePurpose"
+ ],
+ "rdfs:label": "deviceDriver",
+ "rdfs:comment": {
+ "@value": "The Element represents software that controls hardware devices.",
+ "@language": "en"
+ }
+ },
+ {
+ "@id": "https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/diskImage",
+ "@type": [
+ "owl:NamedIndividual",
+ "ns2:SoftwarePurpose"
+ ],
+ "rdfs:label": "diskImage",
+ "rdfs:comment": {
+ "@value": "The Element refers to a disk image that can be written to a disk, booted in a VM, etc. A disk image typically contains most or all of the components necessary to boot, such as bootloaders, kernels, firmware, userspace, etc.",
+ "@language": "en"
+ }
+ },
+ {
+ "@id": "https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/documentation",
+ "@type": [
+ "owl:NamedIndividual",
+ "ns2:SoftwarePurpose"
+ ],
+ "rdfs:label": "documentation",
+ "rdfs:comment": {
+ "@value": "The Element is documentation.",
+ "@language": "en"
+ }
+ },
+ {
+ "@id": "https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/evidence",
+ "@type": [
+ "owl:NamedIndividual",
+ "ns2:SoftwarePurpose"
+ ],
+ "rdfs:label": "evidence",
+ "rdfs:comment": {
+ "@value": "The Element is the evidence that a specification or requirement has been fulfilled.",
+ "@language": "en"
+ }
+ },
+ {
+ "@id": "https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/executable",
+ "@type": [
+ "owl:NamedIndividual",
+ "ns2:SoftwarePurpose"
+ ],
+ "rdfs:label": "executable",
+ "rdfs:comment": {
+ "@value": "The Element is an Artifact that can be run on a computer.",
+ "@language": "en"
+ }
+ },
+ {
+ "@id": "https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/file",
+ "@type": [
+ "owl:NamedIndividual",
+ "ns2:SoftwarePurpose"
+ ],
+ "rdfs:label": "file",
+ "rdfs:comment": {
+ "@value": "The Element is a single file which can be independently distributed (configuration file, statically linked binary, Kubernetes deployment, etc.).",
+ "@language": "en"
+ }
+ },
+ {
+ "@id": "https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/filesystemImage",
+ "@type": [
+ "owl:NamedIndividual",
+ "ns2:SoftwarePurpose"
+ ],
+ "rdfs:label": "filesystemImage",
+ "rdfs:comment": {
+ "@value": "The Element is a file system image that can be written to a disk (or virtual) partition.",
+ "@language": "en"
+ }
+ },
+ {
+ "@id": "https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/firmware",
+ "@type": [
+ "owl:NamedIndividual",
+ "ns2:SoftwarePurpose"
+ ],
+ "rdfs:label": "firmware",
+ "rdfs:comment": {
+ "@value": "The Element provides low level control over a device's hardware.",
+ "@language": "en"
+ }
+ },
+ {
+ "@id": "https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/framework",
+ "@type": [
+ "owl:NamedIndividual",
+ "ns2:SoftwarePurpose"
+ ],
+ "rdfs:label": "framework",
+ "rdfs:comment": {
+ "@value": "The Element is a software framework.",
+ "@language": "en"
+ }
+ },
+ {
+ "@id": "https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/install",
+ "@type": [
+ "owl:NamedIndividual",
+ "ns2:SoftwarePurpose"
+ ],
+ "rdfs:label": "install",
+ "rdfs:comment": {
+ "@value": "The Element is used to install software on disk.",
+ "@language": "en"
+ }
+ },
+ {
+ "@id": "https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/library",
+ "@type": [
+ "owl:NamedIndividual",
+ "ns2:SoftwarePurpose"
+ ],
+ "rdfs:label": "library",
+ "rdfs:comment": {
+ "@value": "The Element is a software library.",
+ "@language": "en"
+ }
+ },
+ {
+ "@id": "https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/manifest",
+ "@type": [
+ "owl:NamedIndividual",
+ "ns2:SoftwarePurpose"
+ ],
+ "rdfs:label": "manifest",
+ "rdfs:comment": {
+ "@value": "The Element is a software manifest.",
+ "@language": "en"
+ }
+ },
+ {
+ "@id": "https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/model",
+ "@type": [
+ "owl:NamedIndividual",
+ "ns2:SoftwarePurpose"
+ ],
+ "rdfs:label": "model",
+ "rdfs:comment": {
+ "@value": "The Element is a machine learning or artificial intelligence model.",
+ "@language": "en"
+ }
+ },
+ {
+ "@id": "https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/module",
+ "@type": [
+ "owl:NamedIndividual",
+ "ns2:SoftwarePurpose"
+ ],
+ "rdfs:label": "module",
+ "rdfs:comment": {
+ "@value": "The Element is a module of a piece of software.",
+ "@language": "en"
+ }
+ },
+ {
+ "@id": "https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/operatingSystem",
+ "@type": [
+ "owl:NamedIndividual",
+ "ns2:SoftwarePurpose"
+ ],
+ "rdfs:label": "operatingSystem",
+ "rdfs:comment": {
+ "@value": "The Element is an operating system.",
+ "@language": "en"
+ }
+ },
+ {
+ "@id": "https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/other",
+ "@type": [
+ "owl:NamedIndividual",
+ "ns2:SoftwarePurpose"
+ ],
+ "rdfs:label": "other",
+ "rdfs:comment": {
+ "@value": "The Element doesn't fit into any of the other categories.",
+ "@language": "en"
+ }
+ },
+ {
+ "@id": "https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/patch",
+ "@type": [
+ "owl:NamedIndividual",
+ "ns2:SoftwarePurpose"
+ ],
+ "rdfs:label": "patch",
+ "rdfs:comment": {
+ "@value": "The Element contains a set of changes to update, fix, or improve another Element.",
+ "@language": "en"
+ }
+ },
+ {
+ "@id": "https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/platform",
+ "@type": [
+ "owl:NamedIndividual",
+ "ns2:SoftwarePurpose"
+ ],
+ "rdfs:label": "platform",
+ "rdfs:comment": {
+ "@value": "The Element represents a runtime environment.",
+ "@language": "en"
+ }
},
{
- "@id": "licensing:listVersionAdded",
- "@type": "owl:DatatypeProperty",
- "rdfs:comment": "A listVersionAdded for a ListedLicense or ListedLicenseException on the SPDX\nLicense List specifies which version release of the License List was the first\none in which it was included.",
- "rdfs:range": {
- "@id": "xsd:string"
- },
- "ns0:term_status": "Stable"
+ "@id": "https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/requirement",
+ "@type": [
+ "owl:NamedIndividual",
+ "ns2:SoftwarePurpose"
+ ],
+ "rdfs:label": "requirement",
+ "rdfs:comment": {
+ "@value": "The Element provides a requirement needed as input for another Element.",
+ "@language": "en"
+ }
},
{
- "@id": "licensing:member",
- "@type": "owl:ObjectProperty",
- "rdfs:comment": "A member is a license expression participating in a conjuctive (of type\nConjunctiveLicenseSet) or a disjunctive (of type DisjunctiveLicenseSet)\nlicense set.",
- "rdfs:range": {
- "@id": "licensing:AnyLicenseInfo"
- },
- "ns0:term_status": "Stable"
+ "@id": "https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/source",
+ "@type": [
+ "owl:NamedIndividual",
+ "ns2:SoftwarePurpose"
+ ],
+ "rdfs:label": "source",
+ "rdfs:comment": {
+ "@value": "The Element is a single or a collection of source files.",
+ "@language": "en"
+ }
},
{
- "@id": "licensing:obsoletedBy",
- "@type": "owl:DatatypeProperty",
- "rdfs:comment": "An obsoletedBy value for a deprecated License or LicenseAddition specifies\nthe licenseId of the replacement License or LicenseAddition that is preferred\nto be used in its place. It should use the same format as specified for a\nlicenseId.\n\nThe License's or LicenseAddition's comment value may include more information\nabout the reason why the licenseId specified in the obsoletedBy value is\npreferred.",
- "rdfs:range": {
- "@id": "xsd:string"
- },
- "ns0:term_status": "Stable"
+ "@id": "https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/specification",
+ "@type": [
+ "owl:NamedIndividual",
+ "ns2:SoftwarePurpose"
+ ],
+ "rdfs:label": "specification",
+ "rdfs:comment": {
+ "@value": "The Element is a plan, guideline or strategy how to create, perform or analyze an application.",
+ "@language": "en"
+ }
},
{
- "@id": "licensing:seeAlso",
- "@type": "owl:DatatypeProperty",
- "rdfs:comment": "A seeAlso defines a cross-reference with a URL where the License or\nLicenseAddition can be found in use by one or a few projects.\n\nIf applicable, it should include a URL where the license text is posted by\nthe license steward, particularly if the license steward has made available a\n\"canonical\" primary URL for the license text.\n\nIf the license is OSI approved, a seeAlso should be included with the URL for\nthe license's listing on the OSI website.\n\nThe seeAlso URL may refer to a previously-available URL for the License or\nLicenseAddition which is no longer active.\n\nWhere applicable, the seeAlso URL should include the license text in its\nnative language. seeAlso URLs to English or other translations may be included\nwhere multiple, equivalent official translations exist.",
- "rdfs:range": {
- "@id": "xsd:anyURI"
- },
- "ns0:term_status": "Stable"
+ "@id": "https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/test",
+ "@type": [
+ "owl:NamedIndividual",
+ "ns2:SoftwarePurpose"
+ ],
+ "rdfs:label": "test",
+ "rdfs:comment": {
+ "@value": "The Element is a test used to verify functionality on an software element.",
+ "@language": "en"
+ }
},
{
- "@id": "licensing:subjectLicense",
- "@type": "owl:ObjectProperty",
- "rdfs:comment": "A subjectLicense is a License which is subject to either an 'or later' effect\n(OrLaterOperator) or a 'with additional text' effect (WithAdditionOperator).",
- "rdfs:range": {
- "@id": "licensing:License"
- },
- "ns0:term_status": "Stable"
+ "@id": "https://spdx.org/rdf/3.0.1/terms/Core/PresenceType/no",
+ "@type": [
+ "owl:NamedIndividual",
+ "ns1:PresenceType"
+ ],
+ "rdfs:label": "no",
+ "rdfs:comment": {
+ "@value": "Indicates absence of the field.",
+ "@language": "en"
+ }
},
{
- "@id": "security:modifiedTime",
- "@type": "owl:DatatypeProperty",
- "rdfs:comment": "Specifies a time when a vulnerability assessment was last modified.",
- "rdfs:range": {
- "@id": "core:DateTime"
- },
- "ns0:term_status": "Stable"
+ "@id": "https://spdx.org/rdf/3.0.1/terms/Core/PresenceType/noAssertion",
+ "@type": [
+ "owl:NamedIndividual",
+ "ns1:PresenceType"
+ ],
+ "rdfs:label": "noAssertion",
+ "rdfs:comment": {
+ "@value": "Makes no assertion about the field.",
+ "@language": "en"
+ }
},
{
- "@id": "security:publishedTime",
- "@type": "owl:DatatypeProperty",
- "rdfs:comment": "Specifies the time when a vulnerability was first published.",
- "rdfs:range": {
- "@id": "core:DateTime"
- },
- "ns0:term_status": "Stable"
+ "@id": "https://spdx.org/rdf/3.0.1/terms/Core/PresenceType/yes",
+ "@type": [
+ "owl:NamedIndividual",
+ "ns1:PresenceType"
+ ],
+ "rdfs:label": "yes",
+ "rdfs:comment": {
+ "@value": "Indicates presence of the field.",
+ "@language": "en"
+ }
},
{
- "@id": "security:score",
+ "@id": "ns1:contentType",
"@type": "owl:DatatypeProperty",
- "rdfs:comment": "The score provides information on the severity of a vulnerability per the\nCommon Vulnerability Scoring System as defined on [https://www.first.org/cvss](https://www.first.org/cvss/).",
+ "rdfs:comment": {
+ "@value": "Provides information about the content type of an Element or a Property.",
+ "@language": "en"
+ },
"rdfs:range": {
"@id": "xsd:string"
+ }
+ },
+ {
+ "@id": "https://spdx.org/rdf/3.0.1/terms/Extension/Extension",
+ "@type": [
+ "ns7:AbstractClass",
+ "owl:Class"
+ ],
+ "rdfs:comment": {
+ "@value": "A characterization of some aspect of an Element that is associated with the Element in a generalized fashion.",
+ "@language": "en"
},
- "ns0:term_status": "Stable"
+ "sh:nodeKind": {
+ "@id": "sh:BlankNode"
+ }
},
{
- "@id": "security:vector",
+ "@id": "ns5:score",
"@type": "owl:DatatypeProperty",
- "rdfs:comment": "Sepcifies the vector string of a vulnerability, a string combining metrics\nfrom an assessment of its severity.",
- "rdfs:range": {
- "@id": "xsd:string"
+ "rdfs:comment": {
+ "@value": "Provides a numerical (0-10) representation of the severity of a vulnerability.",
+ "@language": "en"
},
- "ns0:term_status": "Stable"
+ "rdfs:range": {
+ "@id": "xsd:decimal"
+ }
},
{
- "@id": "security:withdrawnTime",
+ "@id": "ns5:vectorString",
"@type": "owl:DatatypeProperty",
- "rdfs:comment": "Specified the time and date when a vulnerability was withdrawn.",
- "rdfs:range": {
- "@id": "core:DateTime"
+ "rdfs:comment": {
+ "@value": "Specifies the CVSS vector string for a vulnerability.",
+ "@language": "en"
},
- "ns0:term_status": "Stable"
+ "rdfs:range": {
+ "@id": "xsd:string"
+ }
},
{
- "@id": "software:Package",
+ "@id": "ns2:SoftwareArtifact",
"@type": [
+ "ns7:AbstractClass",
"owl:Class",
"sh:NodeShape"
],
- "rdfs:comment": "A package refers to any unit of content that can be associated with a distribution of software.\nTypically, a package is composed of one or more files. \nAny of the following non-limiting examples may be (but are not required to be) represented in SPDX as a package:\n\n - a tarball, zip file or other archive\n - a directory or sub-directory\n - a separately distributed piece of software which another Package or File uses or depends upon (e.g., a Python package, a Go module, ...)\n - a container image, and/or each image layer within a container image\n - a collection of one or more sub-packages\n - a Git repository snapshot from a particular point in time\n\nNote that some of these could be represented in SPDX as a file as well.\nExternal property restriction on /Core/Element/name: minCount: 1",
+ "rdfs:comment": {
+ "@value": "A distinct article or unit related to Software.",
+ "@language": "en"
+ },
"rdfs:subClassOf": {
- "@id": "software:SoftwareArtifact"
+ "@id": "ns1:Artifact"
+ },
+ "sh:nodeKind": {
+ "@id": "sh:IRI"
},
- "ns0:term_status": "Stable",
"sh:property": [
{
"sh:datatype": {
- "@id": "xsd:anyURI"
+ "@id": "xsd:string"
},
"sh:maxCount": 1,
- "sh:name": "homePage",
+ "sh:nodeKind": {
+ "@id": "sh:Literal"
+ },
"sh:path": {
- "@id": "software:homePage"
+ "@id": "ns2:copyrightText"
}
},
{
- "sh:datatype": {
- "@id": "xsd:string"
+ "sh:class": {
+ "@id": "ns2:SoftwarePurpose"
+ },
+ "sh:in": {
+ "@list": [
+ {
+ "@id": "https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/application"
+ },
+ {
+ "@id": "https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/archive"
+ },
+ {
+ "@id": "https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/bom"
+ },
+ {
+ "@id": "https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/configuration"
+ },
+ {
+ "@id": "https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/container"
+ },
+ {
+ "@id": "https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/data"
+ },
+ {
+ "@id": "https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/device"
+ },
+ {
+ "@id": "https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/diskImage"
+ },
+ {
+ "@id": "https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/deviceDriver"
+ },
+ {
+ "@id": "https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/documentation"
+ },
+ {
+ "@id": "https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/evidence"
+ },
+ {
+ "@id": "https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/executable"
+ },
+ {
+ "@id": "https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/file"
+ },
+ {
+ "@id": "https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/filesystemImage"
+ },
+ {
+ "@id": "https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/firmware"
+ },
+ {
+ "@id": "https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/framework"
+ },
+ {
+ "@id": "https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/install"
+ },
+ {
+ "@id": "https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/library"
+ },
+ {
+ "@id": "https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/manifest"
+ },
+ {
+ "@id": "https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/model"
+ },
+ {
+ "@id": "https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/module"
+ },
+ {
+ "@id": "https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/operatingSystem"
+ },
+ {
+ "@id": "https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/other"
+ },
+ {
+ "@id": "https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/patch"
+ },
+ {
+ "@id": "https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/platform"
+ },
+ {
+ "@id": "https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/requirement"
+ },
+ {
+ "@id": "https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/source"
+ },
+ {
+ "@id": "https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/specification"
+ },
+ {
+ "@id": "https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/test"
+ }
+ ]
},
"sh:maxCount": 1,
- "sh:name": "packageVersion",
+ "sh:nodeKind": {
+ "@id": "sh:IRI"
+ },
"sh:path": {
- "@id": "software:packageVersion"
+ "@id": "ns2:primaryPurpose"
}
},
{
- "sh:datatype": {
- "@id": "xsd:anyURI"
- },
- "sh:maxCount": 1,
- "sh:name": "packageUrl",
- "sh:path": {
- "@id": "software:packageUrl"
+ "sh:class": {
+ "@id": "ns2:SoftwarePurpose"
+ },
+ "sh:in": {
+ "@list": [
+ {
+ "@id": "https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/application"
+ },
+ {
+ "@id": "https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/archive"
+ },
+ {
+ "@id": "https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/bom"
+ },
+ {
+ "@id": "https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/configuration"
+ },
+ {
+ "@id": "https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/container"
+ },
+ {
+ "@id": "https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/data"
+ },
+ {
+ "@id": "https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/device"
+ },
+ {
+ "@id": "https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/diskImage"
+ },
+ {
+ "@id": "https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/deviceDriver"
+ },
+ {
+ "@id": "https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/documentation"
+ },
+ {
+ "@id": "https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/evidence"
+ },
+ {
+ "@id": "https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/executable"
+ },
+ {
+ "@id": "https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/file"
+ },
+ {
+ "@id": "https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/filesystemImage"
+ },
+ {
+ "@id": "https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/firmware"
+ },
+ {
+ "@id": "https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/framework"
+ },
+ {
+ "@id": "https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/install"
+ },
+ {
+ "@id": "https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/library"
+ },
+ {
+ "@id": "https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/manifest"
+ },
+ {
+ "@id": "https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/model"
+ },
+ {
+ "@id": "https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/module"
+ },
+ {
+ "@id": "https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/operatingSystem"
+ },
+ {
+ "@id": "https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/other"
+ },
+ {
+ "@id": "https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/patch"
+ },
+ {
+ "@id": "https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/platform"
+ },
+ {
+ "@id": "https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/requirement"
+ },
+ {
+ "@id": "https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/source"
+ },
+ {
+ "@id": "https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/specification"
+ },
+ {
+ "@id": "https://spdx.org/rdf/3.0.1/terms/Software/SoftwarePurpose/test"
+ }
+ ]
+ },
+ "sh:nodeKind": {
+ "@id": "sh:IRI"
+ },
+ "sh:path": {
+ "@id": "ns2:additionalPurpose"
}
},
{
"sh:datatype": {
"@id": "xsd:string"
},
- "sh:maxCount": 1,
- "sh:name": "sourceInfo",
+ "sh:nodeKind": {
+ "@id": "sh:Literal"
+ },
"sh:path": {
- "@id": "software:sourceInfo"
+ "@id": "ns2:attributionText"
}
},
{
- "sh:datatype": {
- "@id": "xsd:anyURI"
+ "sh:class": {
+ "@id": "ns2:ContentIdentifier"
+ },
+ "sh:nodeKind": {
+ "@id": "sh:BlankNodeOrIRI"
},
- "sh:maxCount": 1,
- "sh:name": "downloadLocation",
"sh:path": {
- "@id": "software:downloadLocation"
+ "@id": "ns2:contentIdentifier"
}
}
]
},
{
- "@id": "core:creationInfo",
- "@type": "owl:DatatypeProperty",
- "rdfs:comment": "CreationInfo provides information about the creation of the Element.",
- "rdfs:range": {
- "@id": "core:CreationInfo"
- },
- "ns0:term_status": "Stable"
- },
- {
- "@id": "core:imports",
- "@type": "owl:DatatypeProperty",
- "rdfs:comment": "Imports provides an ExternalMap of Element identifiers that are used within a document\nbut defined external to that document.",
- "rdfs:range": {
- "@id": "core:ExternalMap"
- },
- "ns0:term_status": "Stable"
- },
- {
- "@id": "core:namespaces",
- "@type": "owl:DatatypeProperty",
- "rdfs:comment": "This field provides a NamespaceMap applicable to an ElementCollection.",
- "rdfs:range": {
- "@id": "core:NamespaceMap"
- },
- "ns0:term_status": "Stable"
- },
- {
- "@id": "security:severity",
- "@type": "owl:DatatypeProperty",
- "rdfs:comment": "The severity field provides a human readable string, a label that can be used\nas an English adjective that qualifies its numerical score.",
- "rdfs:range": {
- "@id": "xsd:string"
- },
- "ns0:term_status": "Stable"
+ "@id": "ns1:AnnotationType",
+ "@type": "owl:Class",
+ "rdfs:comment": {
+ "@value": "Specifies the type of an annotation.",
+ "@language": "en"
+ }
},
{
- "@id": "software:SoftwareArtifact",
+ "@id": "ns1:Artifact",
"@type": [
+ "ns7:AbstractClass",
"owl:Class",
"sh:NodeShape"
],
- "rdfs:comment": "A software artifact is a distinct article or unit related to software\nsuch as a package, a file, or a snippet.",
+ "rdfs:comment": {
+ "@value": "A distinct article or unit within the digital domain.",
+ "@language": "en"
+ },
"rdfs:subClassOf": {
- "@id": "core:Artifact"
+ "@id": "ns1:Element"
+ },
+ "sh:nodeKind": {
+ "@id": "sh:IRI"
},
- "ns0:term_status": "Stable",
"sh:property": [
{
"sh:datatype": {
- "@id": "xsd:anyURI"
+ "@id": "xsd:dateTimeStamp"
},
"sh:maxCount": 1,
- "sh:name": "contentIdentifier",
+ "sh:nodeKind": {
+ "@id": "sh:Literal"
+ },
"sh:path": {
- "@id": "software:contentIdentifier"
- }
+ "@id": "ns1:builtTime"
+ },
+ "sh:pattern": "^\\d\\d\\d\\d-\\d\\d-\\d\\dT\\d\\d:\\d\\d:\\d\\dZ$"
},
{
"sh:datatype": {
- "@id": "xsd:string"
+ "@id": "xsd:dateTimeStamp"
},
"sh:maxCount": 1,
- "sh:name": "attributionText",
+ "sh:nodeKind": {
+ "@id": "sh:Literal"
+ },
"sh:path": {
- "@id": "software:attributionText"
- }
+ "@id": "ns1:releaseTime"
+ },
+ "sh:pattern": "^\\d\\d\\d\\d-\\d\\d-\\d\\dT\\d\\d:\\d\\d:\\d\\dZ$"
},
{
"sh:class": {
- "@id": "licensing:LicenseField"
- },
- "sh:maxCount": 1,
- "sh:name": "declaredLicense",
- "sh:path": {
- "@id": "software:declaredLicense"
+ "@id": "ns1:SupportType"
+ },
+ "sh:in": {
+ "@list": [
+ {
+ "@id": "https://spdx.org/rdf/3.0.1/terms/Core/SupportType/development"
+ },
+ {
+ "@id": "https://spdx.org/rdf/3.0.1/terms/Core/SupportType/support"
+ },
+ {
+ "@id": "https://spdx.org/rdf/3.0.1/terms/Core/SupportType/deployed"
+ },
+ {
+ "@id": "https://spdx.org/rdf/3.0.1/terms/Core/SupportType/limitedSupport"
+ },
+ {
+ "@id": "https://spdx.org/rdf/3.0.1/terms/Core/SupportType/endOfSupport"
+ },
+ {
+ "@id": "https://spdx.org/rdf/3.0.1/terms/Core/SupportType/noSupport"
+ },
+ {
+ "@id": "https://spdx.org/rdf/3.0.1/terms/Core/SupportType/noAssertion"
+ }
+ ]
+ },
+ "sh:nodeKind": {
+ "@id": "sh:IRI"
+ },
+ "sh:path": {
+ "@id": "ns1:supportLevel"
}
},
{
- "sh:datatype": {
- "@id": "xsd:string"
+ "sh:class": {
+ "@id": "ns1:Agent"
},
"sh:maxCount": 1,
- "sh:name": "copyrightText",
+ "sh:nodeKind": {
+ "@id": "sh:IRI"
+ },
"sh:path": {
- "@id": "software:copyrightText"
+ "@id": "ns1:suppliedBy"
}
},
{
- "sh:class": {
- "@id": "software:SoftwarePurpose"
+ "sh:datatype": {
+ "@id": "xsd:dateTimeStamp"
},
"sh:maxCount": 1,
- "sh:name": "primaryPurpose",
+ "sh:nodeKind": {
+ "@id": "sh:Literal"
+ },
"sh:path": {
- "@id": "software:primaryPurpose"
- }
+ "@id": "ns1:validUntilTime"
+ },
+ "sh:pattern": "^\\d\\d\\d\\d-\\d\\d-\\d\\dT\\d\\d:\\d\\d:\\d\\dZ$"
},
{
"sh:class": {
- "@id": "licensing:LicenseField"
+ "@id": "ns1:Agent"
+ },
+ "sh:nodeKind": {
+ "@id": "sh:IRI"
},
- "sh:maxCount": 1,
- "sh:name": "concludedLicense",
"sh:path": {
- "@id": "software:concludedLicense"
+ "@id": "ns1:originatedBy"
}
},
{
- "sh:class": {
- "@id": "software:SoftwarePurpose"
+ "sh:datatype": {
+ "@id": "xsd:string"
+ },
+ "sh:nodeKind": {
+ "@id": "sh:Literal"
},
- "sh:name": "additionalPurpose",
"sh:path": {
- "@id": "software:additionalPurpose"
+ "@id": "ns1:standardName"
}
}
]
},
{
- "@id": "core:AnnotationType",
- "@type": "owl:Class",
- "rdfs:comment": "AnnotationType specifies the type of an annotation.",
- "ns0:term_status": "Stable"
- },
- {
- "@id": "core:CreationInfo",
+ "@id": "ns1:PositiveIntegerRange",
"@type": [
"owl:Class",
"sh:NodeShape"
],
- "rdfs:comment": "The CreationInfo provides information about who created the Element, and when and how it was created. \n\nThe dateTime created is often the date of last change (e.g., a git commit date), not the date when the SPDX data was created, as doing so supports reproducible builds.",
- "ns0:term_status": "Stable",
+ "rdfs:comment": {
+ "@value": "A tuple of two positive integers that define a range.",
+ "@language": "en"
+ },
+ "sh:nodeKind": {
+ "@id": "sh:BlankNode"
+ },
"sh:property": [
{
"sh:datatype": {
- "@id": "xsd:string"
+ "@id": "xsd:positiveInteger"
},
"sh:maxCount": 1,
- "sh:name": "comment",
- "sh:path": {
- "@id": "core:comment"
- }
- },
- {
- "sh:class": {
- "@id": "core:Tool"
- },
- "sh:name": "createdUsing",
- "sh:path": {
- "@id": "core:createdUsing"
- }
- },
- {
- "sh:class": {
- "@id": "core:Agent"
- },
"sh:minCount": 1,
- "sh:name": "createdBy",
- "sh:path": {
- "@id": "core:createdBy"
- }
- },
- {
- "sh:datatype": {
- "@id": "core:DateTime"
+ "sh:nodeKind": {
+ "@id": "sh:Literal"
},
- "sh:name": "created",
"sh:path": {
- "@id": "core:created"
+ "@id": "ns1:beginIntegerRange"
}
},
{
"sh:datatype": {
- "@id": "core:SemVer"
- },
- "sh:name": "specVersion",
- "sh:path": {
- "@id": "core:specVersion"
- }
- },
- {
- "sh:class": {
- "@id": "core:ProfileIdentifierType"
+ "@id": "xsd:positiveInteger"
},
+ "sh:maxCount": 1,
"sh:minCount": 1,
- "sh:name": "profile",
- "sh:path": {
- "@id": "core:profile"
- }
- },
- {
- "sh:datatype": {
- "@id": "xsd:string"
+ "sh:nodeKind": {
+ "@id": "sh:Literal"
},
- "sh:name": "dataLicense",
"sh:path": {
- "@id": "core:dataLicense"
+ "@id": "ns1:endIntegerRange"
}
}
]
},
{
- "@id": "core:ExternalMap",
+ "@id": "ns6:ExtendableLicense",
+ "@type": [
+ "ns7:AbstractClass",
+ "owl:Class"
+ ],
+ "rdfs:comment": {
+ "@value": "Abstract class representing a License or an OrLaterOperator.",
+ "@language": "en"
+ },
+ "rdfs:subClassOf": {
+ "@id": "https://spdx.org/rdf/3.0.1/terms/SimpleLicensing/AnyLicenseInfo"
+ },
+ "sh:nodeKind": {
+ "@id": "sh:IRI"
+ }
+ },
+ {
+ "@id": "ns6:License",
"@type": [
+ "ns7:AbstractClass",
"owl:Class",
"sh:NodeShape"
],
- "rdfs:comment": "An External Map is a map of Element identifiers that are used within a Document\nbut defined external to that Document.\nThe external map provides details about the externally-defined Element\nsuch as its provenance, where to retrieve it, and how to verify its integrity.",
- "ns0:term_status": "Stable",
+ "rdfs:comment": {
+ "@value": "Abstract class for the portion of an AnyLicenseInfo representing a license.",
+ "@language": "en"
+ },
+ "rdfs:subClassOf": {
+ "@id": "ns6:ExtendableLicense"
+ },
+ "sh:nodeKind": {
+ "@id": "sh:IRI"
+ },
"sh:property": [
{
- "sh:class": {
- "@id": "core:IntegrityMethod"
+ "sh:datatype": {
+ "@id": "xsd:boolean"
+ },
+ "sh:maxCount": 1,
+ "sh:nodeKind": {
+ "@id": "sh:Literal"
},
- "sh:name": "verifiedUsing",
"sh:path": {
- "@id": "core:verifiedUsing"
+ "@id": "ns6:isFsfLibre"
}
},
{
"sh:datatype": {
- "@id": "xsd:anyURI"
+ "@id": "xsd:string"
},
"sh:maxCount": 1,
- "sh:name": "locationHint",
+ "sh:nodeKind": {
+ "@id": "sh:Literal"
+ },
"sh:path": {
- "@id": "core:locationHint"
+ "@id": "ns6:standardLicenseHeader"
}
},
{
"sh:datatype": {
"@id": "xsd:anyURI"
},
- "sh:maxCount": 1,
- "sh:name": "definingDocument",
+ "sh:nodeKind": {
+ "@id": "sh:Literal"
+ },
"sh:path": {
- "@id": "core:definingDocument"
+ "@id": "ns6:seeAlso"
}
},
{
"sh:datatype": {
- "@id": "xsd:anyURI"
+ "@id": "xsd:string"
},
"sh:maxCount": 1,
- "sh:minCount": 1,
- "sh:name": "externalId",
+ "sh:nodeKind": {
+ "@id": "sh:Literal"
+ },
"sh:path": {
- "@id": "core:externalId"
+ "@id": "ns6:obsoletedBy"
}
- }
- ]
- },
- {
- "@id": "core:IntegrityMethod",
- "@type": [
- "owl:Class",
- "sh:NodeShape"
- ],
- "rdfs:comment": "An IntegrityMethod provides an independently reproducible mechanism that permits verification\nof a specific Element that correlates to the data in this SPDX document. This identifier enables\na recipient to determine if anything in the original Element has been changed and eliminates\nconfusion over which version or modification of a specific Element is referenced.",
- "ns0:term_status": "Stable",
- "sh:property": {
- "sh:datatype": {
- "@id": "xsd:string"
},
- "sh:maxCount": 1,
- "sh:name": "comment",
- "sh:path": {
- "@id": "core:comment"
- }
- }
- },
- {
- "@id": "core:NamespaceMap",
- "@type": [
- "owl:Class",
- "sh:NodeShape"
- ],
- "rdfs:comment": "A namespace map allows the creator of a collection of Elements to use\nshorter identifiers (\"prefixes\") instead of URIs to provide a more\nhuman-readable and smaller serialized representation of the Elements.",
- "ns0:term_status": "Stable",
- "sh:property": [
{
"sh:datatype": {
"@id": "xsd:string"
},
"sh:maxCount": 1,
- "sh:minCount": 1,
- "sh:name": "prefix",
+ "sh:nodeKind": {
+ "@id": "sh:Literal"
+ },
"sh:path": {
- "@id": "core:prefix"
+ "@id": "ns6:standardLicenseTemplate"
}
},
{
"sh:datatype": {
- "@id": "xsd:anyURI"
+ "@id": "xsd:boolean"
},
"sh:maxCount": 1,
- "sh:minCount": 1,
- "sh:name": "namespace",
+ "sh:nodeKind": {
+ "@id": "sh:Literal"
+ },
"sh:path": {
- "@id": "core:namespace"
+ "@id": "ns6:isOsiApproved"
}
- }
- ]
- },
- {
- "@id": "core:PositiveIntegerRange",
- "@type": [
- "owl:Class",
- "sh:NodeShape"
- ],
- "rdfs:comment": "PositiveIntegerRange is a tuple of two positive integers that define a range.\n\"begin\" must be less than or equal to \"end\".",
- "ns0:term_status": "Stable",
- "sh:property": [
+ },
{
"sh:datatype": {
- "@id": "xsd:positiveInteger"
+ "@id": "xsd:string"
},
"sh:maxCount": 1,
- "sh:minCount": 1,
- "sh:name": "begin",
+ "sh:nodeKind": {
+ "@id": "sh:Literal"
+ },
"sh:path": {
- "@id": "core:begin"
+ "@id": "ns6:licenseXml"
}
},
{
"sh:datatype": {
- "@id": "xsd:positiveInteger"
+ "@id": "xsd:string"
},
"sh:maxCount": 1,
"sh:minCount": 1,
- "sh:name": "end",
+ "sh:nodeKind": {
+ "@id": "sh:Literal"
+ },
+ "sh:path": {
+ "@id": "https://spdx.org/rdf/3.0.1/terms/SimpleLicensing/licenseText"
+ }
+ },
+ {
+ "sh:datatype": {
+ "@id": "xsd:boolean"
+ },
+ "sh:maxCount": 1,
+ "sh:nodeKind": {
+ "@id": "sh:Literal"
+ },
"sh:path": {
- "@id": "core:end"
+ "@id": "ns6:isDeprecatedLicenseId"
}
}
]
},
{
- "@id": "licensing:LicenseAddition",
+ "@id": "ns6:LicenseAddition",
"@type": [
+ "ns7:AbstractClass",
"owl:Class",
"sh:NodeShape"
],
- "rdfs:comment": "A LicenseAddition represents text which is intended to be added to a License\nas additional text, but which is not itself intended to be a standalone\nLicense.\n\nIt may be an exception which is listed on the SPDX Exceptions List\n(ListedLicenseException), or may be any other additional text (as an exception\nor otherwise) which is defined by an SPDX data creator (CustomLicenseAddition).",
- "ns0:term_status": "Stable",
+ "rdfs:comment": {
+ "@value": "Abstract class for additional text intended to be added to a License, but\nwhich is not itself a standalone License.",
+ "@language": "en"
+ },
+ "rdfs:subClassOf": {
+ "@id": "ns1:Element"
+ },
+ "sh:nodeKind": {
+ "@id": "sh:IRI"
+ },
"sh:property": [
{
"sh:datatype": {
"@id": "xsd:boolean"
},
"sh:maxCount": 1,
- "sh:name": "isDeprecatedAdditionId",
- "sh:path": {
- "@id": "licensing:isDeprecatedAdditionId"
- }
- },
- {
- "sh:datatype": {
- "@id": "xsd:string"
+ "sh:nodeKind": {
+ "@id": "sh:Literal"
},
- "sh:maxCount": 1,
- "sh:minCount": 1,
- "sh:name": "additionText",
"sh:path": {
- "@id": "licensing:additionText"
+ "@id": "ns6:isDeprecatedAdditionId"
}
},
{
@@ -4856,29 +8886,22 @@
"@id": "xsd:string"
},
"sh:maxCount": 1,
- "sh:minCount": 1,
- "sh:name": "additionId",
+ "sh:nodeKind": {
+ "@id": "sh:Literal"
+ },
"sh:path": {
- "@id": "licensing:additionId"
+ "@id": "ns6:licenseXml"
}
},
{
"sh:datatype": {
"@id": "xsd:anyURI"
},
- "sh:name": "seeAlso",
- "sh:path": {
- "@id": "licensing:seeAlso"
- }
- },
- {
- "sh:datatype": {
- "@id": "xsd:string"
+ "sh:nodeKind": {
+ "@id": "sh:Literal"
},
- "sh:maxCount": 1,
- "sh:name": "obsoletedBy",
"sh:path": {
- "@id": "licensing:obsoletedBy"
+ "@id": "ns6:seeAlso"
}
},
{
@@ -4886,9 +8909,11 @@
"@id": "xsd:string"
},
"sh:maxCount": 1,
- "sh:name": "standardAdditionTemplate",
+ "sh:nodeKind": {
+ "@id": "sh:Literal"
+ },
"sh:path": {
- "@id": "licensing:standardAdditionTemplate"
+ "@id": "ns6:standardAdditionTemplate"
}
},
{
@@ -4897,9 +8922,11 @@
},
"sh:maxCount": 1,
"sh:minCount": 1,
- "sh:name": "additionName",
+ "sh:nodeKind": {
+ "@id": "sh:Literal"
+ },
"sh:path": {
- "@id": "licensing:additionName"
+ "@id": "ns6:additionText"
}
},
{
@@ -4907,39 +8934,51 @@
"@id": "xsd:string"
},
"sh:maxCount": 1,
- "sh:name": "additionComment",
+ "sh:nodeKind": {
+ "@id": "sh:Literal"
+ },
"sh:path": {
- "@id": "licensing:additionComment"
+ "@id": "ns6:obsoletedBy"
}
}
]
},
{
- "@id": "security:ExploitCatalogType",
+ "@id": "ns5:ExploitCatalogType",
"@type": "owl:Class",
- "rdfs:comment": "ExploitCatalogType specifies the type of exploit catalog that a vulnerability is listed in.",
- "ns0:term_status": "Stable"
+ "rdfs:comment": {
+ "@value": "Specifies the exploit catalog type.",
+ "@language": "en"
+ }
},
{
- "@id": "security:VexVulnAssessmentRelationship",
+ "@id": "ns5:VexVulnAssessmentRelationship",
"@type": [
+ "ns7:AbstractClass",
"owl:Class",
"sh:NodeShape"
],
- "rdfs:comment": "VexVulnAssessmentRelationship is an abstract subclass that defined the common\nproperties shared by all the SPDX-VEX status relationships. \n\n**Constraints**\n\nWhen linking elements using a VexVulnAssessmentRelationship, the following\nrequirements must be observed:\n\n- The from: end must be a /Security/Vulnerability classed element\n- The to: end must point to elements representing the VEX _products_. To\nspecify a different element where the vulnerability was detected, the VEX\nrelationship can optionally specify _subcomponents_ using the assessedElement\nproperty.\n\nVEX inherits information from the document level down to its statements. When a\nstatement is missing information it can be completed by reading the equivalent \nfield from the containing document. For example, if a VEX relationship is\nmissing data in its createdBy property, tools must consider the entity\nlisted in the CreationInfo section of the document as the VEX author.\nIn the same way, when a VEX relationship does not have a created property,\nthe document's date must be considered as authoritative.",
+ "rdfs:comment": {
+ "@value": "Abstract ancestor class for all VEX relationships",
+ "@language": "en"
+ },
"rdfs:subClassOf": {
- "@id": "security:VulnAssessmentRelationship"
+ "@id": "ns5:VulnAssessmentRelationship"
+ },
+ "sh:nodeKind": {
+ "@id": "sh:IRI"
},
- "ns0:term_status": "Stable",
"sh:property": [
{
"sh:datatype": {
"@id": "xsd:string"
},
"sh:maxCount": 1,
- "sh:name": "vexVersion",
+ "sh:nodeKind": {
+ "@id": "sh:Literal"
+ },
"sh:path": {
- "@id": "security:vexVersion"
+ "@id": "ns5:vexVersion"
}
},
{
@@ -4947,347 +8986,378 @@
"@id": "xsd:string"
},
"sh:maxCount": 1,
- "sh:name": "statusNotes",
+ "sh:nodeKind": {
+ "@id": "sh:Literal"
+ },
"sh:path": {
- "@id": "security:statusNotes"
+ "@id": "ns5:statusNotes"
}
}
]
},
{
- "@id": "core:MediaType",
- "@type": [
- "owl:Class",
- "sh:NodeShape"
- ],
- "rdfs:comment": "The MediaType is a String constrained to the RFC 2046 specification. It provides a standardized\nway of indicating the type of content of an Element.\nA list of all possible media types is available at https://www.iana.org/assignments/media-types/media-types.xhtml.",
- "rdfs:subClassOf": {
- "@id": "xsd:string"
- },
- "ns0:term_status": "Stable"
+ "@id": "ns2:ContentIdentifierType",
+ "@type": "owl:Class",
+ "rdfs:comment": {
+ "@value": "Specifies the type of a content identifier.",
+ "@language": "en"
+ }
+ },
+ {
+ "@id": "ns2:FileKindType",
+ "@type": "owl:Class",
+ "rdfs:comment": {
+ "@value": "Enumeration of the different kinds of SPDX file.",
+ "@language": "en"
+ }
+ },
+ {
+ "@id": "ns4:EnergyUnitType",
+ "@type": "owl:Class",
+ "rdfs:comment": {
+ "@value": "Specifies the unit of energy consumption.",
+ "@language": "en"
+ }
},
{
- "@id": "core:RelationshipCompleteness",
+ "@id": "ns1:RelationshipCompleteness",
"@type": "owl:Class",
- "rdfs:comment": "RelationshipCompleteness indicates whether a relationship is complete or \nknown to be incomplete or if there is made no assertion either way.",
- "ns0:term_status": "Stable"
+ "rdfs:comment": {
+ "@value": "Indicates whether a relationship is known to be complete, incomplete, or if no assertion is made with respect to relationship completeness.",
+ "@language": "en"
+ }
},
{
- "@id": "core:comment",
+ "@id": "ns1:comment",
"@type": "owl:DatatypeProperty",
- "rdfs:comment": "A comment is an optional field for creators of the Element to provide comments\nto the readers/reviewers of the document.",
+ "rdfs:comment": {
+ "@value": "Provide consumers with comments by the creator of the Element about the\nElement.",
+ "@language": "en"
+ },
"rdfs:range": {
"@id": "xsd:string"
- },
- "ns0:term_status": "Stable"
+ }
},
{
- "@id": "licensing:License",
+ "@id": "ns4:EnergyConsumptionDescription",
"@type": [
"owl:Class",
"sh:NodeShape"
],
- "rdfs:comment": "A License represents a license text, whether listed on the SPDX License List\n(ListedLicense) or defined by an SPDX data creator (CustomLicense).",
- "rdfs:subClassOf": {
- "@id": "licensing:AnyLicenseInfo"
+ "rdfs:comment": {
+ "@value": "The class that helps note down the quantity of energy consumption and the unit\nused for measurement.",
+ "@language": "en"
+ },
+ "sh:nodeKind": {
+ "@id": "sh:BlankNode"
},
- "ns0:term_status": "Stable",
"sh:property": [
{
"sh:datatype": {
- "@id": "xsd:string"
- },
- "sh:maxCount": 1,
- "sh:name": "obsoletedBy",
- "sh:path": {
- "@id": "licensing:obsoletedBy"
- }
- },
- {
- "sh:datatype": {
- "@id": "xsd:string"
- },
- "sh:maxCount": 1,
- "sh:name": "standardLicenseTemplate",
- "sh:path": {
- "@id": "licensing:standardLicenseTemplate"
- }
- },
- {
- "sh:datatype": {
- "@id": "xsd:string"
+ "@id": "xsd:decimal"
},
"sh:maxCount": 1,
"sh:minCount": 1,
- "sh:name": "licenseText",
- "sh:path": {
- "@id": "licensing:licenseText"
- }
- },
- {
- "sh:datatype": {
- "@id": "xsd:boolean"
- },
- "sh:maxCount": 1,
- "sh:name": "isDeprecatedLicenseId",
- "sh:path": {
- "@id": "licensing:isDeprecatedLicenseId"
- }
- },
- {
- "sh:datatype": {
- "@id": "xsd:boolean"
- },
- "sh:maxCount": 1,
- "sh:name": "isFsfLibre",
- "sh:path": {
- "@id": "licensing:isFsfLibre"
- }
- },
- {
- "sh:datatype": {
- "@id": "xsd:string"
- },
- "sh:maxCount": 1,
- "sh:name": "standardLicenseHeader",
- "sh:path": {
- "@id": "licensing:standardLicenseHeader"
- }
- },
- {
- "sh:datatype": {
- "@id": "xsd:string"
+ "sh:nodeKind": {
+ "@id": "sh:Literal"
},
- "sh:maxCount": 1,
- "sh:minCount": 1,
- "sh:name": "licenseId",
"sh:path": {
- "@id": "licensing:licenseId"
+ "@id": "ns4:energyQuantity"
}
},
{
- "sh:datatype": {
- "@id": "xsd:string"
+ "sh:class": {
+ "@id": "ns4:EnergyUnitType"
+ },
+ "sh:in": {
+ "@list": [
+ {
+ "@id": "https://spdx.org/rdf/3.0.1/terms/AI/EnergyUnitType/kilowattHour"
+ },
+ {
+ "@id": "https://spdx.org/rdf/3.0.1/terms/AI/EnergyUnitType/megajoule"
+ },
+ {
+ "@id": "https://spdx.org/rdf/3.0.1/terms/AI/EnergyUnitType/other"
+ }
+ ]
},
"sh:maxCount": 1,
"sh:minCount": 1,
- "sh:name": "licenseName",
- "sh:path": {
- "@id": "licensing:licenseName"
- }
- },
- {
- "sh:datatype": {
- "@id": "xsd:boolean"
+ "sh:nodeKind": {
+ "@id": "sh:IRI"
},
- "sh:maxCount": 1,
- "sh:name": "isOsiApproved",
"sh:path": {
- "@id": "licensing:isOsiApproved"
+ "@id": "ns4:energyUnit"
}
+ }
+ ]
+ },
+ {
+ "@id": "ns4:SafetyRiskAssessmentType",
+ "@type": "owl:Class",
+ "rdfs:comment": {
+ "@value": "Specifies the safety risk level.",
+ "@language": "en"
+ }
+ },
+ {
+ "@id": "ns1:IntegrityMethod",
+ "@type": [
+ "ns7:AbstractClass",
+ "owl:Class",
+ "sh:NodeShape"
+ ],
+ "rdfs:comment": {
+ "@value": "Provides an independently reproducible mechanism that permits verification of a specific Element.",
+ "@language": "en"
+ },
+ "sh:nodeKind": {
+ "@id": "sh:BlankNode"
+ },
+ "sh:property": {
+ "sh:datatype": {
+ "@id": "xsd:string"
},
- {
- "sh:datatype": {
- "@id": "xsd:string"
- },
- "sh:maxCount": 1,
- "sh:name": "licenseComment",
- "sh:path": {
- "@id": "licensing:licenseComment"
- }
+ "sh:maxCount": 1,
+ "sh:nodeKind": {
+ "@id": "sh:Literal"
},
- {
- "sh:datatype": {
- "@id": "xsd:anyURI"
- },
- "sh:name": "seeAlso",
- "sh:path": {
- "@id": "licensing:seeAlso"
- }
+ "sh:path": {
+ "@id": "ns1:comment"
}
- ]
+ }
+ },
+ {
+ "@id": "ns3:ConfidentialityLevelType",
+ "@type": "owl:Class",
+ "rdfs:comment": {
+ "@value": "Categories of confidentiality level.",
+ "@language": "en"
+ }
},
{
- "@id": "ai:SafetyRiskAssessmentType",
+ "@id": "ns5:SsvcDecisionType",
"@type": "owl:Class",
- "rdfs:comment": "Lists the different safety risk type values that can be used to describe the safety risk of AI software\naccording to [Article 20 of Regulation 765/2008/EC](https://ec.europa.eu/docsroom/documents/17107/attachments/1/translations/en/renditions/pdf).",
- "ns0:term_status": "Stable"
+ "rdfs:comment": {
+ "@value": "Specifies the SSVC decision type.",
+ "@language": "en"
+ }
},
{
- "@id": "dataset:ConfidentialityLevelType",
+ "@id": "ns3:DatasetAvailabilityType",
"@type": "owl:Class",
- "rdfs:comment": "Describes the different confidentiality levels as given by the [Traffic Light Protocol](https://en.wikipedia.org/wiki/Traffic_Light_Protocol).",
- "ns0:term_status": "Stable"
+ "rdfs:comment": {
+ "@value": "Availability of dataset.",
+ "@language": "en"
+ }
},
{
- "@id": "security:SsvcDecisionType",
+ "@id": "ns5:VexJustificationType",
"@type": "owl:Class",
- "rdfs:comment": "SsvcDecisionType specifies the type of decision that's been made according to the Stakeholder-Specific Vulnerability Categorization (SSVC) system [https://www.cisa.gov/stakeholder-specific-vulnerability-categorization-ssvc](https://www.cisa.gov/stakeholder-specific-vulnerability-categorization-ssvc)",
- "ns0:term_status": "Stable"
+ "rdfs:comment": {
+ "@value": "Specifies the VEX justification type.",
+ "@language": "en"
+ }
},
{
- "@id": "security:VulnAssessmentRelationship",
+ "@id": "ns5:VulnAssessmentRelationship",
"@type": [
+ "ns7:AbstractClass",
"owl:Class",
"sh:NodeShape"
],
- "rdfs:comment": "VulnAssessmentRelationship is the ancestor class common to all vulnerability\nassessment relationships. It factors out the common properties shared by them.\nExternal property restriction on /Core/Relationship/to: minCount: 1",
+ "rdfs:comment": {
+ "@value": "Abstract ancestor class for all vulnerability assessments",
+ "@language": "en"
+ },
"rdfs:subClassOf": {
- "@id": "core:Relationship"
+ "@id": "ns1:Relationship"
+ },
+ "sh:nodeKind": {
+ "@id": "sh:IRI"
},
- "ns0:term_status": "Stable",
"sh:property": [
{
- "sh:datatype": {
- "@id": "core:DateTime"
+ "sh:class": {
+ "@id": "ns1:Element"
},
"sh:maxCount": 1,
- "sh:name": "withdrawnTime",
+ "sh:nodeKind": {
+ "@id": "sh:IRI"
+ },
"sh:path": {
- "@id": "security:withdrawnTime"
+ "@id": "ns5:assessedElement"
}
},
{
- "sh:class": {
- "@id": "core:Element"
+ "sh:datatype": {
+ "@id": "xsd:dateTimeStamp"
},
"sh:maxCount": 1,
- "sh:name": "assessedElement",
+ "sh:nodeKind": {
+ "@id": "sh:Literal"
+ },
"sh:path": {
- "@id": "security:assessedElement"
- }
+ "@id": "ns5:withdrawnTime"
+ },
+ "sh:pattern": "^\\d\\d\\d\\d-\\d\\d-\\d\\dT\\d\\d:\\d\\d:\\d\\dZ$"
},
{
"sh:class": {
- "@id": "core:Agent"
+ "@id": "ns1:Agent"
},
"sh:maxCount": 1,
- "sh:name": "suppliedBy",
+ "sh:nodeKind": {
+ "@id": "sh:IRI"
+ },
"sh:path": {
- "@id": "security:suppliedBy"
+ "@id": "ns1:suppliedBy"
}
},
{
"sh:datatype": {
- "@id": "core:DateTime"
+ "@id": "xsd:dateTimeStamp"
},
"sh:maxCount": 1,
- "sh:name": "publishedTime",
+ "sh:nodeKind": {
+ "@id": "sh:Literal"
+ },
"sh:path": {
- "@id": "security:publishedTime"
- }
+ "@id": "ns5:modifiedTime"
+ },
+ "sh:pattern": "^\\d\\d\\d\\d-\\d\\d-\\d\\dT\\d\\d:\\d\\d:\\d\\dZ$"
},
{
"sh:datatype": {
- "@id": "core:DateTime"
+ "@id": "xsd:dateTimeStamp"
},
"sh:maxCount": 1,
- "sh:name": "modifiedTime",
+ "sh:nodeKind": {
+ "@id": "sh:Literal"
+ },
"sh:path": {
- "@id": "security:modifiedTime"
- }
+ "@id": "ns5:publishedTime"
+ },
+ "sh:pattern": "^\\d\\d\\d\\d-\\d\\d-\\d\\dT\\d\\d:\\d\\d:\\d\\dZ$"
}
]
},
{
- "@id": "software:SoftwareDependencyLinkType",
+ "@id": "ns1:LifecycleScopeType",
"@type": "owl:Class",
- "rdfs:comment": "TODO",
- "ns0:term_status": "Stable"
+ "rdfs:comment": {
+ "@value": "Provide an enumerated set of lifecycle phases that can provide context to relationships.",
+ "@language": "en"
+ }
},
{
- "@id": "ai:PresenceType",
+ "@id": "ns5:CvssSeverityType",
"@type": "owl:Class",
- "rdfs:comment": "This type is used to indicate if a given field is present or absent or unknown.",
- "ns0:term_status": "Stable"
+ "rdfs:comment": {
+ "@value": "Specifies the CVSS base, temporal, threat, or environmental severity type.",
+ "@language": "en"
+ }
},
{
- "@id": "dataset:DatasetAvailabilityType",
+ "@id": "ns2:SbomType",
"@type": "owl:Class",
- "rdfs:comment": "Describes the possible types of availability of a dataset, indicating whether the dataset can be directly downloaded, can be assembled using a script for scraping the data, is only available after a clickthrough or a registration form.",
- "ns0:term_status": "Stable"
- },
- {
- "@id": "licensing:LicenseField",
- "@type": [
- "owl:Class",
- "sh:NodeShape"
- ],
- "rdfs:comment": "A LicenseField is the primary value that is used by a licensing field for a\nsoftware Package, File or Snippet. It represents either a license expression,\nor the values NOASSERTION or NONE. The specific meanings of NOASSERTION or\nNONE for the particular licensing field are defined in the corresponding\nproperty description.",
- "ns0:term_status": "Stable"
+ "rdfs:comment": {
+ "@value": "Provides a set of values to be used to describe the common types of SBOMs that\ntools may create.",
+ "@language": "en"
+ }
},
{
- "@id": "security:VexJustificationType",
+ "@id": "ns1:PresenceType",
"@type": "owl:Class",
- "rdfs:comment": "VexJustificationType specifies the type of Vulnerability Exploitability eXchange (VEX) justification.",
- "ns0:term_status": "Stable"
+ "rdfs:comment": {
+ "@value": "Categories of presence or absence.",
+ "@language": "en"
+ }
},
{
- "@id": "software:DependencyConditionalityType",
+ "@id": "ns1:SupportType",
"@type": "owl:Class",
- "rdfs:comment": "TODO",
- "ns0:term_status": "Stable"
+ "rdfs:comment": {
+ "@value": "Indicates the type of support that is associated with an artifact.",
+ "@language": "en"
+ }
},
{
- "@id": "core:LifecycleScopeType",
+ "@id": "ns1:Agent",
"@type": "owl:Class",
- "rdfs:comment": "TODO",
- "ns0:term_status": "Stable"
+ "rdfs:comment": {
+ "@value": "Agent represents anything with the potential to act on a system.",
+ "@language": "en"
+ },
+ "rdfs:subClassOf": {
+ "@id": "ns1:Element"
+ },
+ "sh:nodeKind": {
+ "@id": "sh:IRI"
+ }
},
{
- "@id": "licensing:AnyLicenseInfo",
+ "@id": "https://spdx.org/rdf/3.0.1/terms/SimpleLicensing/AnyLicenseInfo",
"@type": [
- "owl:Class",
- "sh:NodeShape"
+ "ns7:AbstractClass",
+ "owl:Class"
],
- "rdfs:comment": "An AnyLicenseInfo is used by a licensing field for a software package,\nfile or snippet when its value is not NOASSERTION or NONE. It can be a\nsingle license (either on the SPDX License List or a custom-defined license);\na single license with an \"or later\" operator applied; the foregoing with\nadditional text applied; or a set of licenses combined by applying \"AND\" and\n\"OR\" operators recursively.",
+ "rdfs:comment": {
+ "@value": "Abstract class representing a license combination consisting of one or more licenses.",
+ "@language": "en"
+ },
"rdfs:subClassOf": {
- "@id": "licensing:LicenseField"
+ "@id": "ns1:Element"
},
- "ns0:term_status": "Stable"
+ "sh:nodeKind": {
+ "@id": "sh:IRI"
+ }
},
{
- "@id": "software:SBOMType",
- "@type": "owl:Class",
- "rdfs:comment": "The set of SBOM types with definitions as defined in [Types of Software Bill of Material (SBOM) Documents](https://www.cisa.gov/sites/default/files/2023-04/sbom-types-document-508c.pdf), published on April 21, 2023. \nAn SBOM type describes the most likely type of an SBOM from the producer perspective, so that consumers can draw conclusions about the data inside an SBOM. A single SBOM can have multiple SBOM document types associated with it.",
- "ns0:term_status": "Stable"
+ "@id": "ns7:AbstractClass",
+ "@type": "owl:Class"
},
{
- "@id": "core:Agent",
- "@type": [
- "owl:Class",
- "sh:NodeShape"
- ],
- "rdfs:comment": "The Agent class represents anything that has the potential to act on a system. This could be a person, organization, software agent, etc. This is not to be confused with tools that are used to perform tasks.",
- "rdfs:subClassOf": {
- "@id": "core:Element"
- },
- "ns0:term_status": "Stable"
+ "@id": "ns1:ProfileIdentifierType",
+ "@type": "owl:Class",
+ "rdfs:comment": {
+ "@value": "Enumeration of the valid profiles.",
+ "@language": "en"
+ }
},
{
- "@id": "core:ProfileIdentifierType",
+ "@id": "ns1:ExternalIdentifierType",
"@type": "owl:Class",
- "rdfs:comment": "There are a set of profiles that have been defined to be valid for a specific release This file enumerates the values that have been agreed on, and may be applied to the creation information for an an element.",
- "ns0:term_status": "Stable"
+ "rdfs:comment": {
+ "@value": "Specifies the type of an external identifier.",
+ "@language": "en"
+ }
},
{
- "@id": "core:DictionaryEntry",
+ "@id": "ns1:DictionaryEntry",
"@type": [
"owl:Class",
"sh:NodeShape"
],
- "rdfs:comment": "The class used for implementing a generic string mapping (also known as associative array, dictionary, or hash map) in SPDX. Each DictionaryEntry contains a key-value pair which maps the key to its associated value. To implement a dictionary, this class is to be used in a collection with unique keys.",
- "ns0:term_status": "Stable",
+ "rdfs:comment": {
+ "@value": "A key with an associated value.",
+ "@language": "en"
+ },
+ "sh:nodeKind": {
+ "@id": "sh:BlankNode"
+ },
"sh:property": [
{
"sh:datatype": {
"@id": "xsd:string"
},
"sh:maxCount": 1,
- "sh:minCount": 1,
- "sh:name": "key",
+ "sh:nodeKind": {
+ "@id": "sh:Literal"
+ },
"sh:path": {
- "@id": "core:key"
+ "@id": "ns1:value"
}
},
{
@@ -5295,67 +9365,70 @@
"@id": "xsd:string"
},
"sh:maxCount": 1,
- "sh:name": "value",
+ "sh:minCount": 1,
+ "sh:nodeKind": {
+ "@id": "sh:Literal"
+ },
"sh:path": {
- "@id": "core:value"
+ "@id": "ns1:key"
}
}
]
},
{
- "@id": "core:ExternalIdentifierType",
+ "@id": "ns3:DatasetType",
"@type": "owl:Class",
- "rdfs:comment": "ExteralIdentifierType specifies the type of an external identifier.",
- "ns0:term_status": "Stable"
+ "rdfs:comment": {
+ "@value": "Enumeration of dataset types.",
+ "@language": "en"
+ }
},
{
- "@id": "core:Element",
+ "@id": "ns1:Element",
"@type": [
+ "ns7:AbstractClass",
"owl:Class",
"sh:NodeShape"
],
- "rdfs:comment": "An Element is a representation of a fundamental concept either directly inherent\nto the Bill of Materials (BOM) domain or indirectly related to the BOM domain\nand necessary for contextually characterizing BOM concepts and relationships.\nWithin SPDX-3.0 structure this is the base class acting as a consistent,\nunifying, and interoperable foundation for all explicit\nand inter-relatable content objects.",
- "rdfs:subClassOf": {
- "@id": "core:Payload"
+ "rdfs:comment": {
+ "@value": "Base domain class from which all other SPDX-3.0 domain classes derive.",
+ "@language": "en"
+ },
+ "sh:nodeKind": {
+ "@id": "sh:IRI"
},
- "ns0:term_status": "Stable",
"sh:property": [
{
- "sh:datatype": {
- "@id": "xsd:string"
+ "sh:class": {
+ "@id": "ns1:IntegrityMethod"
},
- "sh:maxCount": 1,
- "sh:name": "summary",
- "sh:path": {
- "@id": "core:summary"
- }
- },
- {
- "sh:datatype": {
- "@id": "xsd:string"
+ "sh:nodeKind": {
+ "@id": "sh:BlankNodeOrIRI"
},
- "sh:maxCount": 1,
- "sh:name": "description",
"sh:path": {
- "@id": "core:description"
+ "@id": "ns1:verifiedUsing"
}
},
{
- "sh:datatype": {
- "@id": "core:Extension"
+ "sh:class": {
+ "@id": "https://spdx.org/rdf/3.0.1/terms/Extension/Extension"
+ },
+ "sh:nodeKind": {
+ "@id": "sh:BlankNodeOrIRI"
},
- "sh:name": "extension",
"sh:path": {
- "@id": "core:extension"
+ "@id": "ns1:extension"
}
},
{
"sh:class": {
- "@id": "core:ExternalIdentifier"
+ "@id": "ns1:ExternalRef"
+ },
+ "sh:nodeKind": {
+ "@id": "sh:BlankNodeOrIRI"
},
- "sh:name": "externalIdentifier",
"sh:path": {
- "@id": "core:externalIdentifier"
+ "@id": "ns1:externalRef"
}
},
{
@@ -5363,37 +9436,59 @@
"@id": "xsd:string"
},
"sh:maxCount": 1,
- "sh:name": "name",
+ "sh:nodeKind": {
+ "@id": "sh:Literal"
+ },
"sh:path": {
- "@id": "core:name"
+ "@id": "ns1:comment"
}
},
{
"sh:class": {
- "@id": "core:ExternalReference"
+ "@id": "ns1:ExternalIdentifier"
+ },
+ "sh:nodeKind": {
+ "@id": "sh:BlankNodeOrIRI"
},
- "sh:name": "externalReference",
"sh:path": {
- "@id": "core:externalReference"
+ "@id": "ns1:externalIdentifier"
}
},
{
- "sh:class": {
- "@id": "core:IntegrityMethod"
+ "sh:datatype": {
+ "@id": "xsd:string"
+ },
+ "sh:maxCount": 1,
+ "sh:nodeKind": {
+ "@id": "sh:Literal"
+ },
+ "sh:path": {
+ "@id": "ns1:summary"
+ }
+ },
+ {
+ "sh:datatype": {
+ "@id": "xsd:string"
+ },
+ "sh:maxCount": 1,
+ "sh:nodeKind": {
+ "@id": "sh:Literal"
},
- "sh:name": "verifiedUsing",
"sh:path": {
- "@id": "core:verifiedUsing"
+ "@id": "ns1:description"
}
},
{
"sh:class": {
- "@id": "core:CreationInfo"
+ "@id": "ns1:CreationInfo"
},
"sh:maxCount": 1,
- "sh:name": "creationInfo",
+ "sh:minCount": 1,
+ "sh:nodeKind": {
+ "@id": "sh:BlankNodeOrIRI"
+ },
"sh:path": {
- "@id": "core:creationInfo"
+ "@id": "ns1:creationInfo"
}
},
{
@@ -5401,48 +9496,46 @@
"@id": "xsd:string"
},
"sh:maxCount": 1,
- "sh:name": "comment",
+ "sh:nodeKind": {
+ "@id": "sh:Literal"
+ },
"sh:path": {
- "@id": "core:comment"
+ "@id": "ns1:name"
}
}
]
},
{
- "@id": "core:ExternalReferenceType",
+ "@id": "ns1:HashAlgorithm",
"@type": "owl:Class",
- "rdfs:comment": "ExteralReferenceType specifies the type of an external reference.",
- "ns0:term_status": "Stable"
+ "rdfs:comment": {
+ "@value": "A mathematical algorithm that maps data of arbitrary size to a bit string.",
+ "@language": "en"
+ }
},
{
- "@id": "core:HashAlgorithm",
+ "@id": "ns2:SoftwarePurpose",
"@type": "owl:Class",
- "rdfs:comment": "A HashAlgorithm is a mathematical algorithm that maps data of arbitrary size to a bit string (the hash)\nand is a one-way function, that is, a function which is practically infeasible to invert.",
- "ns0:term_status": "Stable"
+ "rdfs:comment": {
+ "@value": "Provides information about the primary purpose of an Element.",
+ "@language": "en"
+ }
},
{
- "@id": "software:SoftwarePurpose",
+ "@id": "ns1:ExternalRefType",
"@type": "owl:Class",
- "rdfs:comment": "This field provides information about the primary purpose of an Element.\nSoftware Purpose is intrinsic to how the Element is being used rather than the content of the Element.\nThis field is a reasonable estimate of the most likely usage of the Element\nfrom the producer and consumer perspective from which both parties can draw conclusions\nabout the context in which the Element exists.",
- "ns0:term_status": "Stable"
- },
- {
- "@id": "core:DateTime",
- "@type": [
- "owl:Class",
- "sh:NodeShape"
- ],
- "rdfs:comment": "A Datetime is a string representation of a specific date and time.\nIt has resolution of seconds and is always expressed in UTC timezone.\nThe specific format is one of the most commonly used ISO-8601 formats.\nFormat restriction: pattern: ^\\d\\d\\d\\d-\\d\\d-\\d\\dT\\d\\d:\\d\\d:\\d\\dZ$",
- "rdfs:subClassOf": {
- "@id": "xsd:string"
- },
- "ns0:term_status": "Stable"
+ "rdfs:comment": {
+ "@value": "Specifies the type of an external reference.",
+ "@language": "en"
+ }
},
{
- "@id": "core:RelationshipType",
+ "@id": "ns1:RelationshipType",
"@type": "owl:Class",
- "rdfs:comment": "Provides information about the relationship between two Elements.\nFor example, you can represent a relationship between two different Files,\nbetween a Package and a File, between two Packages, or between one SPDXDocument and another SPDXDocument.\n\nBuild Profile specific RelationshipType descriptions can be found [here](https://github.com/spdx/spdx-3-build-profile/blob/main/model/relationships.md)",
- "ns0:term_status": "Stable"
+ "rdfs:comment": {
+ "@value": "Information about the relationship between two Elements.",
+ "@language": "en"
+ }
}
]
}
diff --git a/src/spdx_tools/spdx3/writer/json_ld/__init__.py b/src/spdx_tools/spdx3/writer/json_ld/__init__.py
index e69de29bb..131ab7732 100644
--- a/src/spdx_tools/spdx3/writer/json_ld/__init__.py
+++ b/src/spdx_tools/spdx3/writer/json_ld/__init__.py
@@ -0,0 +1,2 @@
+# SPDX-License-Identifier: Apache-2.0
+# SPDX-FileCopyrightText: 2024 The SPDX Contributors
diff --git a/src/spdx_tools/spdx3/writer/json_ld/context.json b/src/spdx_tools/spdx3/writer/json_ld/context.json
index 94cb2b5e6..52eee6fe5 100644
--- a/src/spdx_tools/spdx3/writer/json_ld/context.json
+++ b/src/spdx_tools/spdx3/writer/json_ld/context.json
@@ -1,742 +1 @@
-{
- "ai": "https://spdx.org/rdf/AI/",
- "build": "https://spdx.org/rdf/Build/",
- "core": "https://spdx.org/rdf/Core/",
- "dataset": "https://spdx.org/rdf/Dataset/",
- "licensing": "https://spdx.org/rdf/Licensing/",
- "ns0": "http://www.w3.org/2003/06/sw-vocab-status/ns#",
- "owl": "http://www.w3.org/2002/07/owl#",
- "rdfs": "http://www.w3.org/2000/01/rdf-schema#",
- "security": "https://spdx.org/rdf/Security/",
- "sh": "http://www.w3.org/ns/shacl#",
- "software": "https://spdx.org/rdf/Software/",
- "xsd": "http://www.w3.org/2001/XMLSchema#",
- "AIPackage": "ai:AIPackage",
- "Build": "build:Build",
- "Annotation": "core:Annotation",
- "AnonymousPayload": "core:AnonymousPayload",
- "Organization": "core:Organization",
- "Person": "core:Person",
- "SoftwareAgent": "core:SoftwareAgent",
- "SpdxDocument": "core:SpdxDocument",
- "Dataset": "dataset:Dataset",
- "ConjunctiveLicenseSet": "licensing:ConjunctiveLicenseSet",
- "CustomLicense": "licensing:CustomLicense",
- "CustomLicenseAddition": "licensing:CustomLicenseAddition",
- "DisjunctiveLicenseSet": "licensing:DisjunctiveLicenseSet",
- "ListedLicense": "licensing:ListedLicense",
- "ListedLicenseException": "licensing:ListedLicenseException",
- "NoAssertionLicense": "licensing:NoAssertionLicense",
- "NoneLicense": "licensing:NoneLicense",
- "OrLaterOperator": "licensing:OrLaterOperator",
- "WithAdditionOperator": "licensing:WithAdditionOperator",
- "CvssV2VulnAssessmentRelationship": "security:CvssV2VulnAssessmentRelationship",
- "CvssV3VulnAssessmentRelationship": "security:CvssV3VulnAssessmentRelationship",
- "EpssVulnAssessmentRelationship": "security:EpssVulnAssessmentRelationship",
- "ExploitCatalogVulnAssessmentRelationship": "security:ExploitCatalogVulnAssessmentRelationship",
- "SsvcVulnAssessmentRelationship": "security:SsvcVulnAssessmentRelationship",
- "VexAffectedVulnAssessmentRelationship": "security:VexAffectedVulnAssessmentRelationship",
- "VexFixedVulnAssessmentRelationship": "security:VexFixedVulnAssessmentRelationship",
- "VexNotAffectedVulnAssessmentRelationship": "security:VexNotAffectedVulnAssessmentRelationship",
- "VexUnderInvestigationVulnAssessmentRelationship": "security:VexUnderInvestigationVulnAssessmentRelationship",
- "Vulnerability": "security:Vulnerability",
- "File": "software:File",
- "Sbom": "software:Sbom",
- "Snippet": "software:Snippet",
- "SoftwareDependencyRelationship": "software:SoftwareDependencyRelationship",
- "autonomyType": {
- "@id": "ai:autonomyType",
- "@type": "ai:PresenceType"
- },
- "domain": {
- "@id": "ai:domain",
- "@type": "xsd:string"
- },
- "energyConsumption": {
- "@id": "ai:energyConsumption",
- "@type": "xsd:string"
- },
- "hyperparameter": {
- "@id": "ai:hyperparameter",
- "@type": "core:DictionaryEntry"
- },
- "informationAboutApplication": {
- "@id": "ai:informationAboutApplication",
- "@type": "xsd:string"
- },
- "informationAboutTraining": {
- "@id": "ai:informationAboutTraining",
- "@type": "xsd:string"
- },
- "limitation": {
- "@id": "ai:limitation",
- "@type": "xsd:string"
- },
- "metric": {
- "@id": "ai:metric",
- "@type": "core:DictionaryEntry"
- },
- "metricDecisionThreshold": {
- "@id": "ai:metricDecisionThreshold",
- "@type": "core:DictionaryEntry"
- },
- "modelDataPreprocessing": {
- "@id": "ai:modelDataPreprocessing",
- "@type": "xsd:string"
- },
- "modelExplainability": {
- "@id": "ai:modelExplainability",
- "@type": "xsd:string"
- },
- "safetyRiskAssessment": {
- "@id": "ai:safetyRiskAssessment",
- "@type": "@vocab",
- "@context": {
- "@vocab": "ai:SafetyRiskAssessmentType/"
- }
- },
- "sensitivePersonalInformation": {
- "@id": "dataset:sensitivePersonalInformation",
- "@type": "@vocab",
- "@context": {
- "@vocab": "dataset:PresenceType/"
- }
- },
- "standardCompliance": {
- "@id": "ai:standardCompliance",
- "@type": "xsd:string"
- },
- "typeOfModel": {
- "@id": "ai:typeOfModel",
- "@type": "xsd:string"
- },
- "buildEndTime": {
- "@id": "build:buildEndTime",
- "@type": "core:DateTime"
- },
- "buildId": {
- "@id": "build:buildId",
- "@type": "xsd:string"
- },
- "buildStartTime": {
- "@id": "build:buildStartTime",
- "@type": "core:DateTime"
- },
- "buildType": {
- "@id": "build:buildType",
- "@type": "xsd:anyURI"
- },
- "configSourceDigest": {
- "@id": "build:configSourceDigest",
- "@type": "core:Hash"
- },
- "configSourceEntrypoint": {
- "@id": "build:configSourceEntrypoint",
- "@type": "xsd:string"
- },
- "configSourceUri": {
- "@id": "build:configSourceUri",
- "@type": "xsd:anyURI"
- },
- "environment": {
- "@id": "build:environment",
- "@type": "core:DictionaryEntry"
- },
- "parameters": {
- "@id": "build:parameters",
- "@type": "core:DictionaryEntry"
- },
- "Artifact": "core:Artifact",
- "Bom": "core:Bom",
- "ElementCollection": "core:ElementCollection",
- "LifecycleScopedRelationship": "core:LifecycleScopedRelationship",
- "algorithm": {
- "@id": "core:algorithm",
- "@type": "@vocab",
- "@context": {
- "@vocab": "core:HashAlgorithm/"
- }
- },
- "annotationType": {
- "@id": "core:annotationType",
- "@type": "@vocab",
- "@context": {
- "@vocab": "core:AnnotationType/"
- }
- },
- "begin": {
- "@id": "core:begin",
- "@type": "xsd:positiveInteger"
- },
- "builtTime": {
- "@id": "core:builtTime",
- "@type": "core:DateTime"
- },
- "completeness": {
- "@id": "core:completeness",
- "@type": "@vocab",
- "@context": {
- "@vocab": "core:RelationshipCompleteness/"
- }
- },
- "context": {
- "@id": "core:context",
- "@type": "xsd:string"
- },
- "created": {
- "@id": "core:created",
- "@type": "core:DateTime"
- },
- "createdBy": {
- "@id": "core:createdBy",
- "@type": "@id"
- },
- "createdUsing": {
- "@id": "core:createdUsing",
- "@type": "core:Tool"
- },
- "dataLicense": {
- "@id": "core:dataLicense",
- "@type": "xsd:string"
- },
- "definingDocument": {
- "@id": "core:definingDocument",
- "@type": "xsd:anyURI"
- },
- "description": {
- "@id": "core:description",
- "@type": "xsd:string"
- },
- "element": {
- "@id": "core:element",
- "@type": "@id"
- },
- "end": {
- "@id": "core:end",
- "@type": "xsd:positiveInteger"
- },
- "endTime": {
- "@id": "core:endTime",
- "@type": "core:DateTime"
- },
- "externalId": {
- "@id": "core:externalId",
- "@type": "xsd:anyURI"
- },
- "externalIdentifier": {
- "@id": "core:externalIdentifier",
- "@type": "core:ExternalIdentifier"
- },
- "externalIdentifierType": {
- "@id": "core:externalIdentifierType",
- "@type": "@vocab",
- "@context": {
- "@vocab": "core:ExternalIdentifierType/"
- }
- },
- "externalReference": {
- "@id": "core:externalReference",
- "@type": "core:ExternalReference"
- },
- "externalReferenceType": {
- "@id": "core:externalReferenceType",
- "@type": "@vocab",
- "@context": {
- "@vocab": "core:ExternalReferenceType/"
- }
- },
- "from": {
- "@id": "core:from",
- "@type": "@id"
- },
- "hashValue": {
- "@id": "core:hashValue",
- "@type": "xsd:string"
- },
- "identifier": {
- "@id": "core:identifier",
- "@type": "xsd:string"
- },
- "identifierLocator": {
- "@id": "core:identifierLocator",
- "@type": "xsd:anyURI"
- },
- "issuingAuthority": {
- "@id": "core:issuingAuthority",
- "@type": "xsd:anyURI"
- },
- "key": {
- "@id": "core:key",
- "@type": "xsd:string"
- },
- "locationHint": {
- "@id": "core:locationHint",
- "@type": "xsd:anyURI"
- },
- "locator": {
- "@id": "core:locator",
- "@type": "xsd:anyURI"
- },
- "namespace": {
- "@id": "core:namespace",
- "@type": "xsd:anyURI"
- },
- "originatedBy": {
- "@id": "core:originatedBy",
- "@type": "@id"
- },
- "prefix": {
- "@id": "core:prefix",
- "@type": "xsd:string"
- },
- "profile": {
- "@id": "core:profile",
- "@type": "@vocab",
- "@context": {
- "core": "https://spdx.org/rdf/Core/ProfileIdentifierType/core",
- "software": "https://spdx.org/rdf/Core/ProfileIdentifierType/software",
- "licensing": "https://spdx.org/rdf/Core/ProfileIdentifierType/licensing",
- "security": "https://spdx.org/rdf/Core/ProfileIdentifierType/security",
- "build": "https://spdx.org/rdf/Core/ProfileIdentifierType/build",
- "ai": "https://spdx.org/rdf/Core/ProfileIdentifierType/ai",
- "dataset": "https://spdx.org/rdf/Core/ProfileIdentifierType/dataset",
- "usage": "https://spdx.org/rdf/Core/ProfileIdentifierType/usage",
- "extension": "https://spdx.org/rdf/Core/ProfileIdentifierType/extension"
- }
- },
- "relationshipType": {
- "@id": "core:relationshipType",
- "@type": "@vocab",
- "@context": {
- "@vocab": "core:RelationshipType/"
- }
- },
- "releaseTime": {
- "@id": "core:releaseTime",
- "@type": "core:DateTime"
- },
- "rootElement": {
- "@id": "core:rootElement",
- "@type": "@id"
- },
- "scope": {
- "@id": "core:scope",
- "@type": "@vocab",
- "@context": {
- "@vocab": "core:LifecycleScopeType/"
- }
- },
- "specVersion": {
- "@id": "core:specVersion",
- "@type": "core:SemVer"
- },
- "standard": {
- "@id": "core:standard",
- "@type": "xsd:string"
- },
- "startTime": {
- "@id": "core:startTime",
- "@type": "core:DateTime"
- },
- "statement": {
- "@id": "core:statement",
- "@type": "xsd:string"
- },
- "subject": {
- "@id": "core:subject",
- "@type": "@id"
- },
- "summary": {
- "@id": "core:summary",
- "@type": "xsd:string"
- },
- "suppliedBy": {
- "@id": "core:suppliedBy",
- "@type": "@id"
- },
- "to": {
- "@id": "core:to",
- "@type": "@id"
- },
- "validUntilTime": {
- "@id": "core:validUntilTime",
- "@type": "core:DateTime"
- },
- "value": {
- "@id": "core:value",
- "@type": "xsd:string"
- },
- "anonymizationMethodUsed": {
- "@id": "dataset:anonymizationMethodUsed",
- "@type": "xsd:string"
- },
- "confidentialityLevel": {
- "@id": "dataset:confidentialityLevel",
- "@type": "@vocab",
- "@context": {
- "@vocab": "dataset:ConfidentialityLevelType/"
- }
- },
- "dataCollectionProcess": {
- "@id": "dataset:dataCollectionProcess",
- "@type": "xsd:string"
- },
- "dataPreprocessing": {
- "@id": "dataset:dataPreprocessing",
- "@type": "xsd:string"
- },
- "datasetAvailability": {
- "@id": "dataset:datasetAvailability",
- "@type": "@vocab",
- "@context": {
- "@vocab": "dataset:DatasetAvailabilityType/"
- }
- },
- "datasetNoise": {
- "@id": "dataset:datasetNoise",
- "@type": "xsd:string"
- },
- "datasetSize": {
- "@id": "dataset:datasetSize",
- "@type": "xsd:nonNegativeInteger"
- },
- "datasetType": {
- "@id": "dataset:datasetType",
- "@type": "xsd:string"
- },
- "datasetUpdateMechanism": {
- "@id": "dataset:datasetUpdateMechanism",
- "@type": "xsd:string"
- },
- "intendedUse": {
- "@id": "dataset:intendedUse",
- "@type": "xsd:string"
- },
- "knownBias": {
- "@id": "dataset:knownBias",
- "@type": "xsd:string"
- },
- "sensor": {
- "@id": "dataset:sensor",
- "@type": "core:DictionaryEntry"
- },
- "additionComment": {
- "@id": "licensing:additionComment",
- "@type": "xsd:string"
- },
- "additionId": {
- "@id": "licensing:additionId",
- "@type": "xsd:string"
- },
- "additionName": {
- "@id": "licensing:additionName",
- "@type": "xsd:string"
- },
- "additionText": {
- "@id": "licensing:additionText",
- "@type": "xsd:string"
- },
- "isDeprecatedAdditionId": {
- "@id": "licensing:isDeprecatedAdditionId",
- "@type": "xsd:boolean"
- },
- "isDeprecatedLicenseId": {
- "@id": "licensing:isDeprecatedLicenseId",
- "@type": "xsd:boolean"
- },
- "isFsfLibre": {
- "@id": "licensing:isFsfLibre",
- "@type": "xsd:boolean"
- },
- "isOsiApproved": {
- "@id": "licensing:isOsiApproved",
- "@type": "xsd:boolean"
- },
- "licenseComment": {
- "@id": "licensing:licenseComment",
- "@type": "xsd:string"
- },
- "licenseId": {
- "@id": "licensing:licenseId",
- "@type": "xsd:string"
- },
- "licenseName": {
- "@id": "licensing:licenseName",
- "@type": "xsd:string"
- },
- "licenseText": {
- "@id": "licensing:licenseText",
- "@type": "xsd:string"
- },
- "standardAdditionTemplate": {
- "@id": "licensing:standardAdditionTemplate",
- "@type": "xsd:string"
- },
- "standardLicenseHeader": {
- "@id": "licensing:standardLicenseHeader",
- "@type": "xsd:string"
- },
- "standardLicenseTemplate": {
- "@id": "licensing:standardLicenseTemplate",
- "@type": "xsd:string"
- },
- "subjectAddition": {
- "@id": "licensing:subjectAddition",
- "@type": "licensing:LicenseAddition"
- },
- "actionStatement": {
- "@id": "security:actionStatement",
- "@type": "xsd:string"
- },
- "actionStatementTime": {
- "@id": "security:actionStatementTime",
- "@type": "core:DateTime"
- },
- "assessedElement": {
- "@id": "security:assessedElement",
- "@type": "@id"
- },
- "catalogType": {
- "@id": "security:catalogType",
- "@type": "@vocab",
- "@context": {
- "@vocab": "security:ExploitCatalogType/"
- }
- },
- "decisionType": {
- "@id": "security:decisionType",
- "@type": "@vocab",
- "@context": {
- "@vocab": "security:SsvcDecisionType/"
- }
- },
- "exploited": {
- "@id": "security:exploited",
- "@type": "xsd:boolean"
- },
- "impactStatement": {
- "@id": "security:impactStatement",
- "@type": "xsd:string"
- },
- "impactStatementTime": {
- "@id": "security:impactStatementTime",
- "@type": "core:DateTime"
- },
- "justificationType": {
- "@id": "security:justificationType",
- "@type": "@vocab",
- "@context": {
- "@vocab": "security:VexJustificationType/"
- }
- },
- "probability": {
- "@id": "security:probability",
- "@type": "xsd:decimal"
- },
- "statusNotes": {
- "@id": "security:statusNotes",
- "@type": "xsd:string"
- },
- "vexVersion": {
- "@id": "security:vexVersion",
- "@type": "xsd:string"
- },
- "additionalPurpose": {
- "@id": "software:additionalPurpose",
- "@type": "software:SoftwarePurpose"
- },
- "attributionText": {
- "@id": "software:attributionText",
- "@type": "xsd:string"
- },
- "byteRange": {
- "@id": "software:byteRange",
- "@type": "core:PositiveIntegerRange"
- },
- "concludedLicense": {
- "@id": "software:concludedLicense",
- "@type": "licensing:LicenseField"
- },
- "conditionality": {
- "@id": "software:conditionality",
- "@type": "@vocab",
- "@context": {
- "@vocab": "software:DependencyConditionalityType/"
- }
- },
- "contentIdentifier": {
- "@id": "software:contentIdentifier",
- "@type": "xsd:anyURI"
- },
- "contentType": {
- "@id": "core:contentType",
- "@type": "core:MediaType"
- },
- "copyrightText": {
- "@id": "software:copyrightText",
- "@type": "xsd:string"
- },
- "declaredLicense": {
- "@id": "software:declaredLicense",
- "@type": "licensing:LicenseField"
- },
- "downloadLocation": {
- "@id": "software:downloadLocation",
- "@type": "xsd:anyURI"
- },
- "homePage": {
- "@id": "software:homePage",
- "@type": "xsd:anyURI"
- },
- "lineRange": {
- "@id": "software:lineRange",
- "@type": "core:PositiveIntegerRange"
- },
- "packageUrl": {
- "@id": "software:packageUrl",
- "@type": "xsd:anyURI"
- },
- "packageVersion": {
- "@id": "software:packageVersion",
- "@type": "xsd:string"
- },
- "primaryPurpose": {
- "@id": "software:primaryPurpose",
- "@type": "software:SoftwarePurpose"
- },
- "sbomType": {
- "@id": "software:sbomType",
- "@type": "@vocab",
- "@context": {
- "@vocab": "software:SBOMType/"
- }
- },
- "softwareLinkage": {
- "@id": "software:softwareLinkage",
- "@type": "@vocab",
- "@context": {
- "@vocab": "software:SoftwareDependencyLinkType/"
- }
- },
- "sourceInfo": {
- "@id": "software:sourceInfo",
- "@type": "xsd:string"
- },
- "Bundle": "core:Bundle",
- "ExternalIdentifier": "core:ExternalIdentifier",
- "ExternalReference": "core:ExternalReference",
- "Hash": "core:Hash",
- "Payload": "core:Payload",
- "Relationship": "core:Relationship",
- "SemVer": "core:SemVer",
- "Tool": "core:Tool",
- "name": {
- "@id": "core:name",
- "@type": "xsd:string"
- },
- "verifiedUsing": {
- "@id": "core:verifiedUsing",
- "@type": "core:IntegrityMethod"
- },
- "deprecatedVersion": {
- "@id": "licensing:deprecatedVersion",
- "@type": "xsd:string"
- },
- "listVersionAdded": {
- "@id": "licensing:listVersionAdded",
- "@type": "xsd:string"
- },
- "member": {
- "@id": "licensing:member",
- "@type": "licensing:AnyLicenseInfo"
- },
- "obsoletedBy": {
- "@id": "licensing:obsoletedBy",
- "@type": "xsd:string"
- },
- "seeAlso": {
- "@id": "licensing:seeAlso",
- "@type": "xsd:anyURI"
- },
- "subjectLicense": {
- "@id": "licensing:subjectLicense",
- "@type": "licensing:License"
- },
- "modifiedTime": {
- "@id": "security:modifiedTime",
- "@type": "core:DateTime"
- },
- "publishedTime": {
- "@id": "security:publishedTime",
- "@type": "core:DateTime"
- },
- "score": {
- "@id": "security:score",
- "@type": "xsd:string"
- },
- "vector": {
- "@id": "security:vector",
- "@type": "xsd:string"
- },
- "withdrawnTime": {
- "@id": "security:withdrawnTime",
- "@type": "core:DateTime"
- },
- "Package": "software:Package",
- "creationInfo": {
- "@id": "core:creationInfo",
- "@type": "core:CreationInfo"
- },
- "imports": {
- "@id": "core:imports",
- "@type": "core:ExternalMap"
- },
- "namespaces": {
- "@id": "core:namespaces",
- "@type": "core:NamespaceMap"
- },
- "severity": {
- "@id": "security:severity",
- "@type": "xsd:string"
- },
- "SoftwareArtifact": "software:SoftwareArtifact",
- "AnnotationType": "core:AnnotationType",
- "CreationInfo": "core:CreationInfo",
- "ExternalMap": "core:ExternalMap",
- "IntegrityMethod": "core:IntegrityMethod",
- "NamespaceMap": "core:NamespaceMap",
- "PositiveIntegerRange": "core:PositiveIntegerRange",
- "LicenseAddition": "licensing:LicenseAddition",
- "ExploitCatalogType": "security:ExploitCatalogType",
- "VexVulnAssessmentRelationship": "security:VexVulnAssessmentRelationship",
- "MediaType": "core:MediaType",
- "RelationshipCompleteness": "core:RelationshipCompleteness",
- "comment": {
- "@id": "core:comment",
- "@type": "xsd:string"
- },
- "License": "licensing:License",
- "SafetyRiskAssessmentType": "ai:SafetyRiskAssessmentType",
- "ConfidentialityLevelType": "dataset:ConfidentialityLevelType",
- "SsvcDecisionType": "security:SsvcDecisionType",
- "VulnAssessmentRelationship": "security:VulnAssessmentRelationship",
- "SoftwareDependencyLinkType": "software:SoftwareDependencyLinkType",
- "PresenceType": "ai:PresenceType",
- "DatasetAvailabilityType": "dataset:DatasetAvailabilityType",
- "LicenseField": "licensing:LicenseField",
- "VexJustificationType": "security:VexJustificationType",
- "DependencyConditionalityType": "software:DependencyConditionalityType",
- "LifecycleScopeType": "core:LifecycleScopeType",
- "AnyLicenseInfo": "licensing:AnyLicenseInfo",
- "SBOMType": "software:SBOMType",
- "Agent": "core:Agent",
- "ProfileIdentifierType": "core:ProfileIdentifierType",
- "DictionaryEntry": "core:DictionaryEntry",
- "ExternalIdentifierType": "core:ExternalIdentifierType",
- "Element": "core:Element",
- "ExternalReferenceType": "core:ExternalReferenceType",
- "HashAlgorithm": "core:HashAlgorithm",
- "SoftwarePurpose": "software:SoftwarePurpose",
- "DateTime": "core:DateTime",
- "RelationshipType": "core:RelationshipType"
-}
+{"dcterms": "http://purl.org/dc/terms/", "ns1": "https://spdx.org/rdf/3.0.1/terms/Core/", "ns2": "https://spdx.org/rdf/3.0.1/terms/Software/", "ns3": "https://spdx.org/rdf/3.0.1/terms/Dataset/", "ns4": "https://spdx.org/rdf/3.0.1/terms/AI/", "ns5": "https://spdx.org/rdf/3.0.1/terms/Security/", "ns6": "https://spdx.org/rdf/3.0.1/terms/ExpandedLicensing/", "ns7": "http://spdx.invalid./", "omg-ann": "https://www.omg.org/spec/Commons/AnnotationVocabulary/", "owl": "http://www.w3.org/2002/07/owl#", "rdf": "http://www.w3.org/1999/02/22-rdf-syntax-ns#", "rdfs": "http://www.w3.org/2000/01/rdf-schema#", "sh": "http://www.w3.org/ns/shacl#", "spdx": "https://spdx.org/rdf/3.0.1/terms/", "xsd": "http://www.w3.org/2001/XMLSchema#", "AIPackage": "ns4:AIPackage", "//spdx.org/rdf/3.0.1/terms/Build/Build": "https://spdx.org/rdf/3.0.1/terms/Build/Build", "Annotation": "ns1:Annotation", "LifecycleScopedRelationship": "ns1:LifecycleScopedRelationship", "PackageVerificationCode": "ns1:PackageVerificationCode", "Person": "ns1:Person", "SoftwareAgent": "ns1:SoftwareAgent", "SpdxDocument": "ns1:SpdxDocument", "DatasetPackage": "ns3:DatasetPackage", "ConjunctiveLicenseSet": "ns6:ConjunctiveLicenseSet", "CustomLicense": "ns6:CustomLicense", "CustomLicenseAddition": "ns6:CustomLicenseAddition", "DisjunctiveLicenseSet": "ns6:DisjunctiveLicenseSet", "ListedLicense": "ns6:ListedLicense", "ListedLicenseException": "ns6:ListedLicenseException", "OrLaterOperator": "ns6:OrLaterOperator", "WithAdditionOperator": "ns6:WithAdditionOperator", "//spdx.org/rdf/3.0.1/terms/Extension/CdxPropertiesExtension": "https://spdx.org/rdf/3.0.1/terms/Extension/CdxPropertiesExtension", "CvssV2VulnAssessmentRelationship": "ns5:CvssV2VulnAssessmentRelationship", "CvssV3VulnAssessmentRelationship": "ns5:CvssV3VulnAssessmentRelationship", "CvssV4VulnAssessmentRelationship": "ns5:CvssV4VulnAssessmentRelationship", "EpssVulnAssessmentRelationship": "ns5:EpssVulnAssessmentRelationship", "ExploitCatalogVulnAssessmentRelationship": "ns5:ExploitCatalogVulnAssessmentRelationship", "SsvcVulnAssessmentRelationship": "ns5:SsvcVulnAssessmentRelationship", "VexAffectedVulnAssessmentRelationship": "ns5:VexAffectedVulnAssessmentRelationship", "VexFixedVulnAssessmentRelationship": "ns5:VexFixedVulnAssessmentRelationship", "VexNotAffectedVulnAssessmentRelationship": "ns5:VexNotAffectedVulnAssessmentRelationship", "VexUnderInvestigationVulnAssessmentRelationship": "ns5:VexUnderInvestigationVulnAssessmentRelationship", "Vulnerability": "ns5:Vulnerability", "//spdx.org/rdf/3.0.1/terms/SimpleLicensing/LicenseExpression": "https://spdx.org/rdf/3.0.1/terms/SimpleLicensing/LicenseExpression", "//spdx.org/rdf/3.0.1/terms/SimpleLicensing/SimpleLicensingText": "https://spdx.org/rdf/3.0.1/terms/SimpleLicensing/SimpleLicensingText", "Sbom": "ns2:Sbom", "Snippet": "ns2:Snippet", "autonomyType": {"@id": "ns4:autonomyType", "@type": "ns1:PresenceType"}, "domain": {"@id": "ns4:domain", "@type": "xsd:string"}, "energyConsumption": {"@id": "ns4:energyConsumption", "@type": "ns4:EnergyConsumption"}, "energyQuantity": {"@id": "ns4:energyQuantity", "@type": "xsd:decimal"}, "energyUnit": {"@id": "ns4:energyUnit", "@type": "ns4:EnergyUnitType"}, "finetuningEnergyConsumption": {"@id": "ns4:finetuningEnergyConsumption", "@type": "ns4:EnergyConsumptionDescription"}, "hyperparameter": {"@id": "ns4:hyperparameter", "@type": "ns1:DictionaryEntry"}, "inferenceEnergyConsumption": {"@id": "ns4:inferenceEnergyConsumption", "@type": "ns4:EnergyConsumptionDescription"}, "informationAboutApplication": {"@id": "ns4:informationAboutApplication", "@type": "xsd:string"}, "informationAboutTraining": {"@id": "ns4:informationAboutTraining", "@type": "xsd:string"}, "limitation": {"@id": "ns4:limitation", "@type": "xsd:string"}, "metric": {"@id": "ns4:metric", "@type": "ns1:DictionaryEntry"}, "metricDecisionThreshold": {"@id": "ns4:metricDecisionThreshold", "@type": "ns1:DictionaryEntry"}, "modelDataPreprocessing": {"@id": "ns4:modelDataPreprocessing", "@type": "xsd:string"}, "modelExplainability": {"@id": "ns4:modelExplainability", "@type": "xsd:string"}, "safetyRiskAssessment": {"@id": "ns4:safetyRiskAssessment", "@type": "@vocab", "@context": {"@vocab": "ns4:SafetyRiskAssessmentType/"}}, "standardCompliance": {"@id": "ns4:standardCompliance", "@type": "xsd:string"}, "trainingEnergyConsumption": {"@id": "ns4:trainingEnergyConsumption", "@type": "ns4:EnergyConsumptionDescription"}, "typeOfModel": {"@id": "ns4:typeOfModel", "@type": "xsd:string"}, "useSensitivePersonalInformation": {"@id": "ns4:useSensitivePersonalInformation", "@type": "@vocab", "@context": {"@vocab": "ns1:PresenceType/"}}, "//spdx.org/rdf/3.0.1/terms/Build/buildEndTime": {"@id": "https://spdx.org/rdf/3.0.1/terms/Build/buildEndTime", "@type": "xsd:dateTimeStamp"}, "//spdx.org/rdf/3.0.1/terms/Build/buildId": {"@id": "https://spdx.org/rdf/3.0.1/terms/Build/buildId", "@type": "xsd:string"}, "//spdx.org/rdf/3.0.1/terms/Build/buildStartTime": {"@id": "https://spdx.org/rdf/3.0.1/terms/Build/buildStartTime", "@type": "xsd:dateTimeStamp"}, "//spdx.org/rdf/3.0.1/terms/Build/buildType": {"@id": "https://spdx.org/rdf/3.0.1/terms/Build/buildType", "@type": "xsd:anyURI"}, "//spdx.org/rdf/3.0.1/terms/Build/configSourceDigest": {"@id": "https://spdx.org/rdf/3.0.1/terms/Build/configSourceDigest", "@type": "ns1:Hash"}, "//spdx.org/rdf/3.0.1/terms/Build/configSourceEntrypoint": {"@id": "https://spdx.org/rdf/3.0.1/terms/Build/configSourceEntrypoint", "@type": "xsd:string"}, "//spdx.org/rdf/3.0.1/terms/Build/configSourceUri": {"@id": "https://spdx.org/rdf/3.0.1/terms/Build/configSourceUri", "@type": "xsd:anyURI"}, "//spdx.org/rdf/3.0.1/terms/Build/environment": {"@id": "https://spdx.org/rdf/3.0.1/terms/Build/environment", "@type": "ns1:DictionaryEntry"}, "//spdx.org/rdf/3.0.1/terms/Build/parameter": {"@id": "https://spdx.org/rdf/3.0.1/terms/Build/parameter", "@type": "ns1:DictionaryEntry"}, "Bom": "ns1:Bom", "Bundle": "ns1:Bundle", "Organization": "ns1:Organization", "annotationType": {"@id": "ns1:annotationType", "@type": "@vocab", "@context": {"@vocab": "ns1:AnnotationType/"}}, "beginIntegerRange": {"@id": "ns1:beginIntegerRange", "@type": "xsd:positiveInteger"}, "builtTime": {"@id": "ns1:builtTime", "@type": "xsd:dateTimeStamp"}, "completeness": {"@id": "ns1:completeness", "@type": "@vocab", "@context": {"@vocab": "ns1:RelationshipCompleteness/"}}, "context": {"@id": "ns1:context", "@type": "xsd:string"}, "created": {"@id": "ns1:created", "@type": "xsd:dateTimeStamp"}, "createdBy": {"@id": "ns1:createdBy", "@type": "ns1:Agent"}, "createdUsing": {"@id": "ns1:createdUsing", "@type": "ns1:Tool"}, "creationInfo": {"@id": "ns1:creationInfo", "@type": "ns1:CreationInfo"}, "dataLicense": {"@id": "ns1:dataLicense", "@type": "https://spdx.org/rdf/3.0.1/terms/SimpleLicensing/AnyLicenseInfo"}, "definingArtifact": {"@id": "ns1:definingArtifact", "@type": "ns1:Artifact"}, "description": {"@id": "ns1:description", "@type": "xsd:string"}, "element": {"@id": "ns1:element", "@type": "ns1:Element"}, "endIntegerRange": {"@id": "ns1:endIntegerRange", "@type": "xsd:positiveInteger"}, "endTime": {"@id": "ns1:endTime", "@type": "xsd:dateTimeStamp"}, "extension": {"@id": "ns1:extension", "@type": "https://spdx.org/rdf/3.0.1/terms/Extension/Extension"}, "externalIdentifier": {"@id": "ns1:externalIdentifier", "@type": "ns1:ExternalIdentifier"}, "externalIdentifierType": {"@id": "ns1:externalIdentifierType", "@type": "@vocab", "@context": {"@vocab": "ns1:ExternalIdentifierType/"}}, "externalRef": {"@id": "ns1:externalRef", "@type": "ns1:ExternalRef"}, "externalRefType": {"@id": "ns1:externalRefType", "@type": "@vocab", "@context": {"@vocab": "ns1:ExternalRefType/"}}, "externalSpdxId": {"@id": "ns1:externalSpdxId", "@type": "xsd:anyURI"}, "from": {"@id": "ns1:from", "@type": "ns1:Element"}, "identifier": {"@id": "ns1:identifier", "@type": "xsd:string"}, "identifierLocator": {"@id": "ns1:identifierLocator", "@type": "xsd:anyURI"}, "import": {"@id": "ns1:import", "@type": "ns1:ExternalMap"}, "issuingAuthority": {"@id": "ns1:issuingAuthority", "@type": "xsd:string"}, "key": {"@id": "ns1:key", "@type": "xsd:string"}, "locationHint": {"@id": "ns1:locationHint", "@type": "xsd:anyURI"}, "locator": {"@id": "ns5:locator", "@type": "xsd:anyURI"}, "name": {"@id": "ns1:name", "@type": "xsd:string"}, "namespace": {"@id": "ns1:namespace", "@type": "xsd:anyURI"}, "namespaceMap": {"@id": "ns1:namespaceMap", "@type": "ns1:NamespaceMap"}, "originatedBy": {"@id": "ns1:originatedBy", "@type": "ns1:Agent"}, "packageVerificationCodeExcludedFile": {"@id": "ns1:packageVerificationCodeExcludedFile", "@type": "xsd:string"}, "prefix": {"@id": "ns1:prefix", "@type": "xsd:string"}, "profileConformance": {"@id": "ns1:profileConformance", "@type": "ns1:ProfileIdentifierType"}, "relationshipType": {"@id": "ns1:relationshipType", "@type": "@vocab", "@context": {"@vocab": "ns1:RelationshipType/"}}, "releaseTime": {"@id": "ns1:releaseTime", "@type": "xsd:dateTimeStamp"}, "rootElement": {"@id": "ns1:rootElement", "@type": "ns1:Element"}, "scope": {"@id": "ns1:scope", "@type": "@vocab", "@context": {"@vocab": "ns1:LifecycleScopeType/"}}, "specVersion": {"@id": "ns1:specVersion", "@type": "xsd:string"}, "standardName": {"@id": "ns1:standardName", "@type": "xsd:string"}, "startTime": {"@id": "ns1:startTime", "@type": "xsd:dateTimeStamp"}, "statement": {"@id": "ns1:statement", "@type": "xsd:string"}, "subject": {"@id": "ns1:subject", "@type": "ns1:Element"}, "summary": {"@id": "ns1:summary", "@type": "xsd:string"}, "supportLevel": {"@id": "ns1:supportLevel", "@type": "ns1:SupportType"}, "to": {"@id": "ns1:to", "@type": "ns1:Element"}, "validUntilTime": {"@id": "ns1:validUntilTime", "@type": "xsd:dateTimeStamp"}, "value": {"@id": "ns1:value", "@type": "xsd:string"}, "anonymizationMethodUsed": {"@id": "ns3:anonymizationMethodUsed", "@type": "xsd:string"}, "confidentialityLevel": {"@id": "ns3:confidentialityLevel", "@type": "@vocab", "@context": {"@vocab": "ns3:ConfidentialityLevelType/"}}, "dataCollectionProcess": {"@id": "ns3:dataCollectionProcess", "@type": "xsd:string"}, "dataPreprocessing": {"@id": "ns3:dataPreprocessing", "@type": "xsd:string"}, "datasetAvailability": {"@id": "ns3:datasetAvailability", "@type": "@vocab", "@context": {"@vocab": "ns3:DatasetAvailabilityType/"}}, "datasetNoise": {"@id": "ns3:datasetNoise", "@type": "xsd:string"}, "datasetSize": {"@id": "ns3:datasetSize", "@type": "xsd:nonNegativeInteger"}, "datasetType": {"@id": "ns3:datasetType", "@type": "ns3:DatasetType"}, "datasetUpdateMechanism": {"@id": "ns3:datasetUpdateMechanism", "@type": "xsd:string"}, "hasSensitivePersonalInformation": {"@id": "ns3:hasSensitivePersonalInformation", "@type": "@vocab", "@context": {"@vocab": "ns1:PresenceType/"}}, "intendedUse": {"@id": "ns3:intendedUse", "@type": "xsd:string"}, "knownBias": {"@id": "ns3:knownBias", "@type": "xsd:string"}, "sensor": {"@id": "ns3:sensor", "@type": "ns1:DictionaryEntry"}, "additionText": {"@id": "ns6:additionText", "@type": "xsd:string"}, "isDeprecatedAdditionId": {"@id": "ns6:isDeprecatedAdditionId", "@type": "xsd:boolean"}, "isDeprecatedLicenseId": {"@id": "ns6:isDeprecatedLicenseId", "@type": "xsd:boolean"}, "isFsfLibre": {"@id": "ns6:isFsfLibre", "@type": "xsd:boolean"}, "isOsiApproved": {"@id": "ns6:isOsiApproved", "@type": "xsd:boolean"}, "standardAdditionTemplate": {"@id": "ns6:standardAdditionTemplate", "@type": "xsd:string"}, "standardLicenseHeader": {"@id": "ns6:standardLicenseHeader", "@type": "xsd:string"}, "standardLicenseTemplate": {"@id": "ns6:standardLicenseTemplate", "@type": "xsd:string"}, "subjectAddition": {"@id": "ns6:subjectAddition", "@type": "ns6:LicenseAddition"}, "subjectExtendableLicense": {"@id": "ns6:subjectExtendableLicense", "@type": "ns6:ExtendableLicense"}, "subjectLicense": {"@id": "ns6:subjectLicense", "@type": "ns6:License"}, "//spdx.org/rdf/3.0.1/terms/Extension/cdxPropName": {"@id": "https://spdx.org/rdf/3.0.1/terms/Extension/cdxPropName", "@type": "xsd:string"}, "//spdx.org/rdf/3.0.1/terms/Extension/cdxPropValue": {"@id": "https://spdx.org/rdf/3.0.1/terms/Extension/cdxPropValue", "@type": "xsd:string"}, "//spdx.org/rdf/3.0.1/terms/Extension/cdxProperty": {"@id": "https://spdx.org/rdf/3.0.1/terms/Extension/cdxProperty", "@type": "https://spdx.org/rdf/3.0.1/terms/Extension/CdxPropertyEntry"}, "actionStatement": {"@id": "ns5:actionStatement", "@type": "xsd:string"}, "actionStatementTime": {"@id": "ns5:actionStatementTime", "@type": "xsd:dateTimeStamp"}, "assessedElement": {"@id": "ns5:assessedElement", "@type": "ns1:Element"}, "catalogType": {"@id": "ns5:catalogType", "@type": "@vocab", "@context": {"@vocab": "ns5:ExploitCatalogType/"}}, "decisionType": {"@id": "ns5:decisionType", "@type": "@vocab", "@context": {"@vocab": "ns5:SsvcDecisionType/"}}, "exploited": {"@id": "ns5:exploited", "@type": "xsd:boolean"}, "impactStatement": {"@id": "ns5:impactStatement", "@type": "xsd:string"}, "impactStatementTime": {"@id": "ns5:impactStatementTime", "@type": "xsd:dateTimeStamp"}, "justificationType": {"@id": "ns5:justificationType", "@type": "@vocab", "@context": {"@vocab": "ns5:VexJustificationType/"}}, "percentile": {"@id": "ns5:percentile", "@type": "xsd:decimal"}, "probability": {"@id": "ns5:probability", "@type": "xsd:decimal"}, "statusNotes": {"@id": "ns5:statusNotes", "@type": "xsd:string"}, "vexVersion": {"@id": "ns5:vexVersion", "@type": "xsd:string"}, "//spdx.org/rdf/3.0.1/terms/SimpleLicensing/customIdToUri": {"@id": "https://spdx.org/rdf/3.0.1/terms/SimpleLicensing/customIdToUri", "@type": "ns1:DictionaryEntry"}, "//spdx.org/rdf/3.0.1/terms/SimpleLicensing/licenseExpression": {"@id": "https://spdx.org/rdf/3.0.1/terms/SimpleLicensing/licenseExpression", "@type": "xsd:string"}, "//spdx.org/rdf/3.0.1/terms/SimpleLicensing/licenseListVersion": {"@id": "https://spdx.org/rdf/3.0.1/terms/SimpleLicensing/licenseListVersion", "@type": "xsd:string"}, "additionalPurpose": {"@id": "ns2:additionalPurpose", "@type": "ns2:SoftwarePurpose"}, "attributionText": {"@id": "ns2:attributionText", "@type": "xsd:string"}, "byteRange": {"@id": "ns2:byteRange", "@type": "ns1:PositiveIntegerRange"}, "contentIdentifier": {"@id": "ns2:contentIdentifier", "@type": "ns2:ContentIdentifier"}, "contentIdentifierType": {"@id": "ns2:contentIdentifierType", "@type": "ns2:ContentIdentifierType"}, "contentIdentifierValue": {"@id": "ns2:contentIdentifierValue", "@type": "xsd:anyURI"}, "copyrightText": {"@id": "ns2:copyrightText", "@type": "xsd:string"}, "downloadLocation": {"@id": "ns2:downloadLocation", "@type": "xsd:anyURI"}, "fileKind": {"@id": "ns2:fileKind", "@type": "ns2:FileKindType"}, "homePage": {"@id": "ns2:homePage", "@type": "xsd:anyURI"}, "lineRange": {"@id": "ns2:lineRange", "@type": "ns1:PositiveIntegerRange"}, "packageUrl": {"@id": "ns2:packageUrl", "@type": "xsd:anyURI"}, "packageVersion": {"@id": "ns2:packageVersion", "@type": "xsd:string"}, "primaryPurpose": {"@id": "ns2:primaryPurpose", "@type": "ns2:SoftwarePurpose"}, "sbomType": {"@id": "ns2:sbomType", "@type": "@vocab", "@context": {"@vocab": "ns2:SbomType/"}}, "snippetFromFile": {"@id": "ns2:snippetFromFile", "@type": "ns2:File"}, "sourceInfo": {"@id": "ns2:sourceInfo", "@type": "xsd:string"}, "EnergyConsumption": "ns4:EnergyConsumption", "CreationInfo": "ns1:CreationInfo", "ElementCollection": "ns1:ElementCollection", "ExternalIdentifier": "ns1:ExternalIdentifier", "ExternalMap": "ns1:ExternalMap", "ExternalRef": "ns1:ExternalRef", "Hash": "ns1:Hash", "NamespaceMap": "ns1:NamespaceMap", "Relationship": "ns1:Relationship", "Tool": "ns1:Tool", "algorithm": {"@id": "ns1:algorithm", "@type": "@vocab", "@context": {"@vocab": "ns1:HashAlgorithm/"}}, "hashValue": {"@id": "ns1:hashValue", "@type": "xsd:string"}, "suppliedBy": {"@id": "ns1:suppliedBy", "@type": "ns1:Agent"}, "verifiedUsing": {"@id": "ns1:verifiedUsing", "@type": "ns1:IntegrityMethod"}, "IndividualLicensingInfo": "ns6:IndividualLicensingInfo", "deprecatedVersion": {"@id": "ns6:deprecatedVersion", "@type": "xsd:string"}, "licenseXml": {"@id": "ns6:licenseXml", "@type": "xsd:string"}, "listVersionAdded": {"@id": "ns6:listVersionAdded", "@type": "xsd:string"}, "member": {"@id": "ns6:member", "@type": "https://spdx.org/rdf/3.0.1/terms/SimpleLicensing/AnyLicenseInfo"}, "obsoletedBy": {"@id": "ns6:obsoletedBy", "@type": "xsd:string"}, "seeAlso": {"@id": "ns6:seeAlso", "@type": "xsd:anyURI"}, "//spdx.org/rdf/3.0.1/terms/Extension/CdxPropertyEntry": "https://spdx.org/rdf/3.0.1/terms/Extension/CdxPropertyEntry", "modifiedTime": {"@id": "ns5:modifiedTime", "@type": "xsd:dateTimeStamp"}, "publishedTime": {"@id": "ns5:publishedTime", "@type": "xsd:dateTimeStamp"}, "severity": {"@id": "ns5:severity", "@type": "ns5:CvssSeverityType"}, "withdrawnTime": {"@id": "ns5:withdrawnTime", "@type": "xsd:dateTimeStamp"}, "//spdx.org/rdf/3.0.1/terms/SimpleLicensing/licenseText": {"@id": "https://spdx.org/rdf/3.0.1/terms/SimpleLicensing/licenseText", "@type": "xsd:string"}, "ContentIdentifier": "ns2:ContentIdentifier", "File": "ns2:File", "Package": "ns2:Package", "contentType": {"@id": "ns1:contentType", "@type": "xsd:string"}, "//spdx.org/rdf/3.0.1/terms/Extension/Extension": "https://spdx.org/rdf/3.0.1/terms/Extension/Extension", "score": {"@id": "ns5:score", "@type": "xsd:decimal"}, "vectorString": {"@id": "ns5:vectorString", "@type": "xsd:string"}, "SoftwareArtifact": "ns2:SoftwareArtifact", "AnnotationType": "ns1:AnnotationType", "Artifact": "ns1:Artifact", "PositiveIntegerRange": "ns1:PositiveIntegerRange", "ExtendableLicense": "ns6:ExtendableLicense", "License": "ns6:License", "LicenseAddition": "ns6:LicenseAddition", "ExploitCatalogType": "ns5:ExploitCatalogType", "VexVulnAssessmentRelationship": "ns5:VexVulnAssessmentRelationship", "ContentIdentifierType": "ns2:ContentIdentifierType", "FileKindType": "ns2:FileKindType", "EnergyUnitType": "ns4:EnergyUnitType", "RelationshipCompleteness": "ns1:RelationshipCompleteness", "comment": {"@id": "ns1:comment", "@type": "xsd:string"}, "EnergyConsumptionDescription": "ns4:EnergyConsumptionDescription", "SafetyRiskAssessmentType": "ns4:SafetyRiskAssessmentType", "IntegrityMethod": "ns1:IntegrityMethod", "ConfidentialityLevelType": "ns3:ConfidentialityLevelType", "SsvcDecisionType": "ns5:SsvcDecisionType", "DatasetAvailabilityType": "ns3:DatasetAvailabilityType", "VexJustificationType": "ns5:VexJustificationType", "VulnAssessmentRelationship": "ns5:VulnAssessmentRelationship", "LifecycleScopeType": "ns1:LifecycleScopeType", "CvssSeverityType": "ns5:CvssSeverityType", "SbomType": "ns2:SbomType", "PresenceType": "ns1:PresenceType", "SupportType": "ns1:SupportType", "Agent": "ns1:Agent", "//spdx.org/rdf/3.0.1/terms/SimpleLicensing/AnyLicenseInfo": "https://spdx.org/rdf/3.0.1/terms/SimpleLicensing/AnyLicenseInfo", "AbstractClass": "ns7:AbstractClass", "ProfileIdentifierType": "ns1:ProfileIdentifierType", "ExternalIdentifierType": "ns1:ExternalIdentifierType", "DictionaryEntry": "ns1:DictionaryEntry", "DatasetType": "ns3:DatasetType", "Element": "ns1:Element", "HashAlgorithm": "ns1:HashAlgorithm", "SoftwarePurpose": "ns2:SoftwarePurpose", "ExternalRefType": "ns1:ExternalRefType", "RelationshipType": "ns1:RelationshipType"}
\ No newline at end of file
diff --git a/src/spdx_tools/spdx3/writer/json_ld/json_ld_converter.py b/src/spdx_tools/spdx3/writer/json_ld/json_ld_converter.py
index 865053b71..d6218f10c 100644
--- a/src/spdx_tools/spdx3/writer/json_ld/json_ld_converter.py
+++ b/src/spdx_tools/spdx3/writer/json_ld/json_ld_converter.py
@@ -7,8 +7,7 @@
from beartype.typing import Any, List
from semantic_version import Version
-from spdx_tools.spdx3.model.creation_info import CreationInfo
-from spdx_tools.spdx3.model.hash import Hash
+from spdx_tools.spdx3.model.core import CreationInfo, Hash
from spdx_tools.spdx3.payload import Payload
from spdx_tools.spdx.casing_tools import snake_case_to_camel_case
from spdx_tools.spdx.datetime_conversions import datetime_to_iso_string
diff --git a/src/spdx_tools/spdx3/writer/json_ld/json_ld_writer.py b/src/spdx_tools/spdx3/writer/json_ld/json_ld_writer.py
index 69a4d763c..f13b84dc4 100644
--- a/src/spdx_tools/spdx3/writer/json_ld/json_ld_writer.py
+++ b/src/spdx_tools/spdx3/writer/json_ld/json_ld_writer.py
@@ -11,7 +11,8 @@
def write_payload(payload: Payload, file_name: str):
element_list = convert_payload_to_json_ld_list_of_elements(payload)
- # this will be obsolete as soon as the context is publicly available under some URI
+ # The code should be updated to use the context file from the public IRI
+ # such as https://spdx.org/rdf/3.0.1/spdx-context.jsonld
with open(os.path.join(os.path.dirname(__file__), "context.json"), "r") as infile:
context = json.load(infile)
diff --git a/src/spdx_tools/spdx3/writer/json_ld/model.ttl b/src/spdx_tools/spdx3/writer/json_ld/model.ttl
index 04b407217..0de2b7ee9 100644
--- a/src/spdx_tools/spdx3/writer/json_ld/model.ttl
+++ b/src/spdx_tools/spdx3/writer/json_ld/model.ttl
@@ -1,3441 +1,3267 @@
-@prefix ai: .
-@prefix build: .
-@prefix core: .
-@prefix dataset: .
-@prefix licensing: .
-@prefix ns0: .
+@prefix dcterms: .
+@prefix ns1: .
+@prefix ns2: .
+@prefix ns3: .
+@prefix ns4: .
+@prefix ns5: .
+@prefix ns6: .
+@prefix ns7: .
+@prefix omg-ann: .
@prefix owl: .
+@prefix rdf: .
@prefix rdfs: .
-@prefix security: .
@prefix sh: .
-@prefix software: .
+@prefix spdx: .
@prefix xsd: .
-ai:AIPackage a owl:Class,
+ns4:AIPackage a owl:Class,
sh:NodeShape ;
- rdfs:comment """Metadata information that can be added to a package to describe an AI application or trained AI model.
-External property restriction on /Core/Artifact/suppliedBy: minCount: 1
-External property restriction on /Software/Package/downloadLocation: minCount: 1
-External property restriction on /Software/Package/packageVersion: minCount: 1
-External property restriction on /Software/SoftwareArtifact/purpose: minCount: 1
-External property restriction on /Core/Artifact/releaseTime: minCount: 1""" ;
- rdfs:subClassOf software:Package ;
- ns0:term_status "Stable" ;
- sh:property [ sh:class core:DictionaryEntry ;
- sh:name "metric" ;
- sh:path ai:metric ],
+ rdfs:comment "Specifies an AI package and its associated information."@en ;
+ rdfs:subClassOf ns2:Package ;
+ sh:nodeKind sh:IRI ;
+ sh:property [ sh:class ns1:DictionaryEntry ;
+ sh:nodeKind sh:BlankNodeOrIRI ;
+ sh:path ns4:metricDecisionThreshold ],
+ [ sh:class ns1:DictionaryEntry ;
+ sh:nodeKind sh:BlankNodeOrIRI ;
+ sh:path ns4:metric ],
[ sh:datatype xsd:string ;
- sh:name "modelExplainability" ;
- sh:path ai:modelExplainability ],
+ sh:nodeKind sh:Literal ;
+ sh:path ns4:modelExplainability ],
+ [ sh:class ns1:DictionaryEntry ;
+ sh:nodeKind sh:BlankNodeOrIRI ;
+ sh:path ns4:hyperparameter ],
[ sh:datatype xsd:string ;
- sh:name "domain" ;
- sh:path ai:domain ],
+ sh:maxCount 1 ;
+ sh:nodeKind sh:Literal ;
+ sh:path ns4:informationAboutTraining ],
[ sh:datatype xsd:string ;
- sh:name "standardCompliance" ;
- sh:path ai:standardCompliance ],
- [ sh:class core:DictionaryEntry ;
- sh:name "hyperparameter" ;
- sh:path ai:hyperparameter ],
+ sh:nodeKind sh:Literal ;
+ sh:path ns4:modelDataPreprocessing ],
[ sh:datatype xsd:string ;
- sh:maxCount 1 ;
- sh:name "energyConsumption" ;
- sh:path ai:energyConsumption ],
+ sh:nodeKind sh:Literal ;
+ sh:path ns4:typeOfModel ],
[ sh:datatype xsd:string ;
- sh:maxCount 1 ;
- sh:name "limitation" ;
- sh:path ai:limitation ],
- [ sh:class ai:SafetyRiskAssessmentType ;
- sh:maxCount 1 ;
- sh:name "safetyRiskAssessment" ;
- sh:path ai:safetyRiskAssessment ],
+ sh:nodeKind sh:Literal ;
+ sh:path ns4:standardCompliance ],
[ sh:datatype xsd:string ;
- sh:name "modelDataPreprocessing" ;
- sh:path ai:modelDataPreprocessing ],
- [ sh:class ai:PresenceType ;
sh:maxCount 1 ;
- sh:name "sensitivePersonalInformation" ;
- sh:path ai:sensitivePersonalInformation ],
- [ sh:datatype xsd:string ;
+ sh:nodeKind sh:Literal ;
+ sh:path ns4:limitation ],
+ [ sh:class ns1:PresenceType ;
+ sh:in ( ) ;
sh:maxCount 1 ;
- sh:name "informationAboutTraining" ;
- sh:path ai:informationAboutTraining ],
+ sh:nodeKind sh:IRI ;
+ sh:path ns4:autonomyType ],
[ sh:datatype xsd:string ;
- sh:maxCount 1 ;
- sh:name "informationAboutApplication" ;
- sh:path ai:informationAboutApplication ],
+ sh:nodeKind sh:Literal ;
+ sh:path ns4:domain ],
+ [ sh:class ns4:SafetyRiskAssessmentType ;
+ sh:in ( ) ;
+ sh:maxCount 1 ;
+ sh:nodeKind sh:IRI ;
+ sh:path ns4:safetyRiskAssessment ],
+ [ sh:class ns1:PresenceType ;
+ sh:in ( ) ;
+ sh:maxCount 1 ;
+ sh:nodeKind sh:IRI ;
+ sh:path ns4:useSensitivePersonalInformation ],
[ sh:datatype xsd:string ;
- sh:name "typeOfModel" ;
- sh:path ai:typeOfModel ],
- [ sh:class ai:PresenceType ;
sh:maxCount 1 ;
- sh:name "autonomyType" ;
- sh:path ai:autonomyType ],
- [ sh:class core:DictionaryEntry ;
- sh:name "metricDecisionThreshold" ;
- sh:path ai:metricDecisionThreshold ] .
-
- a owl:NamedIndividual,
- ai:PresenceType .
-
- a owl:NamedIndividual,
- ai:PresenceType .
-
- a owl:NamedIndividual,
- ai:PresenceType .
-
- a owl:NamedIndividual,
- ai:SafetyRiskAssessmentType .
-
- a owl:NamedIndividual,
- ai:SafetyRiskAssessmentType .
-
- a owl:NamedIndividual,
- ai:SafetyRiskAssessmentType .
-
- a owl:NamedIndividual,
- ai:SafetyRiskAssessmentType .
+ sh:nodeKind sh:Literal ;
+ sh:path ns4:informationAboutApplication ],
+ [ sh:class ns4:EnergyConsumption ;
+ sh:maxCount 1 ;
+ sh:nodeKind sh:BlankNodeOrIRI ;
+ sh:path ns4:energyConsumption ] .
-build:Build a owl:Class,
+ a owl:Class,
sh:NodeShape ;
- rdfs:comment """A build is a representation of the process in which a piece of software or artifact is built. It encapsulates information related to a build process and
-provides an element from which relationships can be created to describe the build's inputs, outputs, and related entities (e.g. builders, identities, etc.).
-
-Definitions of "BuildType", "ConfigSource", "Parameters" and "Environment" follow
-those defined in [SLSA provenance](https://slsa.dev/provenance/v0.2).
-
-ExternalIdentifier of type "urlScheme" may be used to identify build logs. In this case, the comment of the ExternalIdentifier should be "LogReference".
-
-Note that buildStart and buildEnd are optional, and may be omitted to simplify creating reproducible builds.""" ;
- rdfs:subClassOf core:Element ;
- ns0:term_status "Stable" ;
- sh:property [ sh:class core:Hash ;
- sh:name "configSourceDigest" ;
- sh:path build:configSourceDigest ],
- [ sh:datatype xsd:anyURI ;
- sh:name "configSourceUri" ;
- sh:path build:configSourceUri ],
+ rdfs:comment "Class that describes a build instance of software/artifacts."@en ;
+ rdfs:subClassOf ns1:Element ;
+ sh:nodeKind sh:IRI ;
+ sh:property [ sh:datatype xsd:anyURI ;
+ sh:maxCount 1 ;
+ sh:minCount 1 ;
+ sh:nodeKind sh:Literal ;
+ sh:path ],
+ [ sh:class ns1:DictionaryEntry ;
+ sh:nodeKind sh:BlankNodeOrIRI ;
+ sh:path ],
[ sh:datatype xsd:string ;
sh:maxCount 1 ;
- sh:name "buildId" ;
- sh:path build:buildId ],
- [ sh:class core:DictionaryEntry ;
- sh:name "parameters" ;
- sh:path build:parameters ],
- [ sh:datatype core:DateTime ;
- sh:maxCount 1 ;
- sh:name "buildEndTime" ;
- sh:path build:buildEndTime ],
- [ sh:datatype core:DateTime ;
- sh:maxCount 1 ;
- sh:name "buildStartTime" ;
- sh:path build:buildStartTime ],
- [ sh:class core:DictionaryEntry ;
- sh:name "environment" ;
- sh:path build:environment ],
- [ sh:datatype xsd:anyURI ;
+ sh:nodeKind sh:Literal ;
+ sh:path ],
+ [ sh:datatype xsd:dateTimeStamp ;
sh:maxCount 1 ;
- sh:minCount 1 ;
- sh:name "buildType" ;
- sh:path build:buildType ],
+ sh:nodeKind sh:Literal ;
+ sh:path ;
+ sh:pattern "^\\d\\d\\d\\d-\\d\\d-\\d\\dT\\d\\d:\\d\\d:\\d\\dZ$" ],
+ [ sh:datatype xsd:anyURI ;
+ sh:nodeKind sh:Literal ;
+ sh:path ],
[ sh:datatype xsd:string ;
- sh:name "configSourceEntrypoint" ;
- sh:path build:configSourceEntrypoint ] .
-
-core:Annotation a owl:Class,
+ sh:nodeKind sh:Literal ;
+ sh:path ],
+ [ sh:class ns1:Hash ;
+ sh:nodeKind sh:BlankNodeOrIRI ;
+ sh:path ],
+ [ sh:datatype xsd:dateTimeStamp ;
+ sh:maxCount 1 ;
+ sh:nodeKind sh:Literal ;
+ sh:path ;
+ sh:pattern "^\\d\\d\\d\\d-\\d\\d-\\d\\dT\\d\\d:\\d\\d:\\d\\dZ$" ],
+ [ sh:class ns1:DictionaryEntry ;
+ sh:nodeKind sh:BlankNodeOrIRI ;
+ sh:path ] .
+
+ns1:Annotation a owl:Class,
sh:NodeShape ;
- rdfs:comment "An Annotation is an assertion made in relation to one or more elements." ;
- rdfs:subClassOf core:Element ;
- ns0:term_status "Stable" ;
+ rdfs:comment "An assertion made in relation to one or more elements."@en ;
+ rdfs:subClassOf ns1:Element ;
+ sh:nodeKind sh:IRI ;
sh:property [ sh:datatype xsd:string ;
sh:maxCount 1 ;
- sh:name "statement" ;
- sh:path core:statement ],
- [ sh:class core:Element ;
+ sh:nodeKind sh:Literal ;
+ sh:path ns1:statement ],
+ [ sh:class ns1:Element ;
sh:maxCount 1 ;
sh:minCount 1 ;
- sh:name "subject" ;
- sh:path core:subject ],
- [ sh:datatype core:MediaType ;
- sh:name "contentType" ;
- sh:path core:contentType ],
- [ sh:class core:AnnotationType ;
+ sh:nodeKind sh:IRI ;
+ sh:path ns1:subject ],
+ [ sh:datatype xsd:string ;
sh:maxCount 1 ;
- sh:minCount 1 ;
- sh:name "annotationType" ;
- sh:path core:annotationType ] .
-
- a owl:NamedIndividual,
- core:AnnotationType .
-
- a owl:NamedIndividual,
- core:AnnotationType .
-
-core:AnonymousPayload a owl:Class,
- sh:NodeShape ;
- rdfs:comment "TODO" ;
- rdfs:subClassOf core:Payload ;
- ns0:term_status "Stable" ;
- sh:property [ sh:class core:CreationInfo ;
+ sh:nodeKind sh:Literal ;
+ sh:path ns1:contentType ;
+ sh:pattern "^[^\\/]+\\/[^\\/]+$" ],
+ [ sh:class ns1:AnnotationType ;
+ sh:in ( ) ;
sh:maxCount 1 ;
- sh:name "creationInfo" ;
- sh:path core:creationInfo ],
- [ sh:class core:NamespaceMap ;
- sh:name "namespaces" ;
- sh:path core:namespaces ],
- [ sh:class core:ExternalMap ;
- sh:name "imports" ;
- sh:path core:imports ] .
-
- a owl:NamedIndividual,
- core:ExternalIdentifierType .
-
- a owl:NamedIndividual,
- core:ExternalIdentifierType .
-
- a owl:NamedIndividual,
- core:ExternalIdentifierType .
-
- a owl:NamedIndividual,
- core:ExternalIdentifierType .
-
- a owl:NamedIndividual,
- core:ExternalIdentifierType .
-
- a owl:NamedIndividual,
- core:ExternalIdentifierType .
-
- a owl:NamedIndividual,
- core:ExternalIdentifierType .
-
- a owl:NamedIndividual,
- core:ExternalIdentifierType .
-
- a owl:NamedIndividual,
- core:ExternalIdentifierType .
-
- a owl:NamedIndividual,
- core:ExternalIdentifierType .
-
- a owl:NamedIndividual,
- core:ExternalIdentifierType .
-
- a owl:NamedIndividual,
- core:ExternalReferenceType .
-
- a owl:NamedIndividual,
- core:ExternalReferenceType .
-
- a owl:NamedIndividual,
- core:ExternalReferenceType .
-
- a owl:NamedIndividual,
- core:ExternalReferenceType .
-
- a owl:NamedIndividual,
- core:ExternalReferenceType .
-
- a owl:NamedIndividual,
- core:ExternalReferenceType .
-
- a owl:NamedIndividual,
- core:ExternalReferenceType .
-
- a owl:NamedIndividual,
- core:ExternalReferenceType .
-
- a owl:NamedIndividual,
- core:ExternalReferenceType .
-
- a owl:NamedIndividual,
- core:ExternalReferenceType .
-
- a owl:NamedIndividual,
- core:ExternalReferenceType .
-
- a owl:NamedIndividual,
- core:ExternalReferenceType .
-
- a owl:NamedIndividual,
- core:ExternalReferenceType .
-
- a owl:NamedIndividual,
- core:ExternalReferenceType .
-
- a owl:NamedIndividual,
- core:ExternalReferenceType .
-
- a owl:NamedIndividual,
- core:ExternalReferenceType .
-
- a owl:NamedIndividual,
- core:ExternalReferenceType .
-
- a owl:NamedIndividual,
- core:ExternalReferenceType .
-
- a owl:NamedIndividual,
- core:ExternalReferenceType .
-
- a owl:NamedIndividual,
- core:ExternalReferenceType .
-
- a owl:NamedIndividual,
- core:ExternalReferenceType .
-
- a owl:NamedIndividual,
- core:ExternalReferenceType .
-
- a owl:NamedIndividual,
- core:HashAlgorithm .
-
- a owl:NamedIndividual,
- core:HashAlgorithm .
-
- a owl:NamedIndividual,
- core:HashAlgorithm .
-
- a owl:NamedIndividual,
- core:HashAlgorithm .
-
- a owl:NamedIndividual,
- core:HashAlgorithm .
-
- a owl:NamedIndividual,
- core:HashAlgorithm .
-
- a owl:NamedIndividual,
- core:HashAlgorithm .
-
- a owl:NamedIndividual,
- core:HashAlgorithm .
-
- a owl:NamedIndividual,
- core:HashAlgorithm .
-
- a owl:NamedIndividual,
- core:HashAlgorithm .
-
- a owl:NamedIndividual,
- core:HashAlgorithm .
-
- a owl:NamedIndividual,
- core:HashAlgorithm .
-
- a owl:NamedIndividual,
- core:HashAlgorithm .
-
- a owl:NamedIndividual,
- core:HashAlgorithm .
-
- a owl:NamedIndividual,
- core:HashAlgorithm .
-
- a owl:NamedIndividual,
- core:HashAlgorithm .
-
- a owl:NamedIndividual,
- core:HashAlgorithm .
-
- a owl:NamedIndividual,
- core:HashAlgorithm .
-
- a owl:NamedIndividual,
- core:HashAlgorithm .
-
- a owl:NamedIndividual,
- core:HashAlgorithm .
-
- a owl:NamedIndividual,
- core:HashAlgorithm .
-
- a owl:NamedIndividual,
- core:HashAlgorithm .
-
- a owl:NamedIndividual,
- core:HashAlgorithm .
-
- a owl:NamedIndividual,
- core:HashAlgorithm .
-
- a owl:NamedIndividual,
- core:LifecycleScopeType .
-
- a owl:NamedIndividual,
- core:LifecycleScopeType .
-
- a owl:NamedIndividual,
- core:LifecycleScopeType .
-
- a owl:NamedIndividual,
- core:LifecycleScopeType .
-
- a owl:NamedIndividual,
- core:LifecycleScopeType .
-
- a owl:NamedIndividual,
- core:LifecycleScopeType .
-
-core:Organization a owl:Class,
- sh:NodeShape ;
- rdfs:comment "An Organization is a group of people who work together in an organized way for a shared purpose." ;
- rdfs:subClassOf core:Agent ;
- ns0:term_status "Stable" .
-
-core:Person a owl:Class,
- sh:NodeShape ;
- rdfs:comment "A Person is an individual human being." ;
- rdfs:subClassOf core:Agent ;
- ns0:term_status "Stable" .
-
- a owl:NamedIndividual,
- core:ProfileIdentifierType .
-
- a owl:NamedIndividual,
- core:ProfileIdentifierType .
-
- a owl:NamedIndividual,
- core:ProfileIdentifierType .
-
- a owl:NamedIndividual,
- core:ProfileIdentifierType .
-
- a owl:NamedIndividual,
- core:ProfileIdentifierType .
-
- a owl:NamedIndividual,
- core:ProfileIdentifierType .
-
- a owl:NamedIndividual,
- core:ProfileIdentifierType .
-
- a owl:NamedIndividual,
- core:ProfileIdentifierType .
-
- a owl:NamedIndividual,
- core:ProfileIdentifierType .
-
- a owl:NamedIndividual,
- core:RelationshipCompleteness .
-
- a owl:NamedIndividual,
- core:RelationshipCompleteness .
-
- a owl:NamedIndividual,
- core:RelationshipCompleteness .
-
- a owl:NamedIndividual,
- core:RelationshipType .
-
- a owl:NamedIndividual,
- core:RelationshipType .
-
- a owl:NamedIndividual,
- core:RelationshipType .
-
- a owl:NamedIndividual,
- core:RelationshipType .
-
- a owl:NamedIndividual,
- core:RelationshipType .
-
- a owl:NamedIndividual,
- core:RelationshipType .
-
- a owl:NamedIndividual,
- core:RelationshipType .
-
- a owl:NamedIndividual,
- core:RelationshipType .
-
- a owl:NamedIndividual,
- core:RelationshipType .
-
- a owl:NamedIndividual,
- core:RelationshipType .
-
- a owl:NamedIndividual,
- core:RelationshipType .
-
- a owl:NamedIndividual,
- core:RelationshipType .
-
- a owl:NamedIndividual,
- core:RelationshipType .
-
- a owl:NamedIndividual,
- core:RelationshipType .
-
- a owl:NamedIndividual,
- core:RelationshipType .
-
- a owl:NamedIndividual,
- core:RelationshipType .
-
- a owl:NamedIndividual,
- core:RelationshipType .
-
- a owl:NamedIndividual,
- core:RelationshipType .
-
- a owl:NamedIndividual,
- core:RelationshipType .
-
- a owl:NamedIndividual,
- core:RelationshipType .
-
- a owl:NamedIndividual,
- core:RelationshipType .
-
- a owl:NamedIndividual,
- core:RelationshipType .
-
- a owl:NamedIndividual,
- core:RelationshipType .
-
- a owl:NamedIndividual,
- core:RelationshipType .
-
- a owl:NamedIndividual,
- core:RelationshipType .
-
- a owl:NamedIndividual,
- core:RelationshipType .
-
- a owl:NamedIndividual,
- core:RelationshipType .
-
- a owl:NamedIndividual,
- core:RelationshipType .
-
- a owl:NamedIndividual,
- core:RelationshipType .
-
- a owl:NamedIndividual,
- core:RelationshipType .
-
- a owl:NamedIndividual,
- core:RelationshipType .
-
- a owl:NamedIndividual,
- core:RelationshipType .
-
- a owl:NamedIndividual,
- core:RelationshipType .
-
- a owl:NamedIndividual,
- core:RelationshipType .
-
- a owl:NamedIndividual,
- core:RelationshipType .
-
- a owl:NamedIndividual,
- core:RelationshipType .
-
- a owl:NamedIndividual,
- core:RelationshipType .
-
- a owl:NamedIndividual,
- core:RelationshipType .
-
- a owl:NamedIndividual,
- core:RelationshipType .
-
- a owl:NamedIndividual,
- core:RelationshipType .
-
- a owl:NamedIndividual,
- core:RelationshipType .
-
- a owl:NamedIndividual,
- core:RelationshipType .
-
- a owl:NamedIndividual,
- core:RelationshipType .
-
- a owl:NamedIndividual,
- core:RelationshipType .
-
- a owl:NamedIndividual,
- core:RelationshipType .
-
- a owl:NamedIndividual,
- core:RelationshipType .
-
- a owl:NamedIndividual,
- core:RelationshipType .
-
- a owl:NamedIndividual,
- core:RelationshipType .
-
- a owl:NamedIndividual,
- core:RelationshipType .
-
- a owl:NamedIndividual,
- core:RelationshipType .
-
- a owl:NamedIndividual,
- core:RelationshipType .
-
- a owl:NamedIndividual,
- core:RelationshipType .
-
- a owl:NamedIndividual,
- core:RelationshipType .
-
- a owl:NamedIndividual,
- core:RelationshipType .
-
- a owl:NamedIndividual,
- core:RelationshipType .
-
- a owl:NamedIndividual,
- core:RelationshipType .
-
- a owl:NamedIndividual,
- core:RelationshipType .
-
- a owl:NamedIndividual,
- core:RelationshipType .
-
- a owl:NamedIndividual,
- core:RelationshipType .
+ sh:minCount 1 ;
+ sh:nodeKind sh:IRI ;
+ sh:path ns1:annotationType ] .
-core:SoftwareAgent a owl:Class,
+ns1:LifecycleScopedRelationship a owl:Class,
sh:NodeShape ;
- rdfs:comment "A SoftwareAgent is a software program that is given the authority (similar to a user's authority) to act on a system." ;
- rdfs:subClassOf core:Agent ;
- ns0:term_status "Stable" .
-
-core:SpdxDocument a owl:Class,
+ rdfs:comment "Provide context for a relationship that occurs in the lifecycle."@en ;
+ rdfs:subClassOf ns1:Relationship ;
+ sh:nodeKind sh:IRI ;
+ sh:property [ sh:class ns1:LifecycleScopeType ;
+ sh:in ( ) ;
+ sh:maxCount 1 ;
+ sh:nodeKind sh:IRI ;
+ sh:path ns1:scope ] .
+
+ns1:NoAssertionElement a owl:NamedIndividual,
+ ns1:Element ;
+ rdfs:comment """An Individual Value for Element representing a set of Elements of unknown
+identify or cardinality (number)."""@en .
+
+ns1:NoneElement a owl:NamedIndividual,
+ ns1:Element ;
+ rdfs:comment """An Individual Value for Element representing a set of Elements with
+cardinality (number/count) of zero."""@en .
+
+ns1:PackageVerificationCode a owl:Class,
sh:NodeShape ;
- rdfs:comment """An SpdxDocument assembles a collection of Elements under a common string, the name of the document.
-Commonly used when representing a unit of transfer of SPDX Elements.
-External property restriction on /Core/Element/name: minCount: 1""" ;
- rdfs:subClassOf core:Bundle ;
- ns0:term_status "Stable" ;
+ rdfs:comment "An SPDX version 2.X compatible verification method for software packages."@en ;
+ rdfs:subClassOf ns1:IntegrityMethod ;
+ sh:nodeKind sh:BlankNode ;
sh:property [ sh:datatype xsd:string ;
+ sh:nodeKind sh:Literal ;
+ sh:path ns1:packageVerificationCodeExcludedFile ],
+ [ sh:datatype xsd:string ;
sh:maxCount 1 ;
sh:minCount 1 ;
- sh:name "name" ;
- sh:path core:name ] .
-
- a owl:NamedIndividual,
- dataset:ConfidentialityLevelType .
-
- a owl:NamedIndividual,
- dataset:ConfidentialityLevelType .
+ sh:nodeKind sh:Literal ;
+ sh:path ns1:hashValue ],
+ [ sh:class ns1:HashAlgorithm ;
+ sh:in ( ) ;
+ sh:maxCount 1 ;
+ sh:minCount 1 ;
+ sh:nodeKind sh:IRI ;
+ sh:path ns1:algorithm ] .
- a owl:NamedIndividual,
- dataset:ConfidentialityLevelType .
+ns1:Person a owl:Class ;
+ rdfs:comment "An individual human being."@en ;
+ rdfs:subClassOf ns1:Agent ;
+ sh:nodeKind sh:IRI .
- a owl:NamedIndividual,
- dataset:ConfidentialityLevelType .
+ns1:SoftwareAgent a owl:Class ;
+ rdfs:comment "A software agent."@en ;
+ rdfs:subClassOf ns1:Agent ;
+ sh:nodeKind sh:IRI .
-dataset:Dataset a owl:Class,
+ns1:SpdxDocument a owl:Class,
sh:NodeShape ;
- rdfs:comment """Metadata information that can be added to a dataset that may be used in a software or to train/test an AI package.
-External property restriction on /Core/Artifact/originatedBy: minCount: 1
-External property restriction on /Software/Package/downloadLocation: minCount: 1
-External property restriction on /Software/SoftwareArtifact/purpose: minCount: 1
-External property restriction on /Core/Artifact/releaseTime: minCount: 1
-External property restriction on /Core/Artifact/builtTime: minCount: 1""" ;
- rdfs:subClassOf software:Package ;
- ns0:term_status "Stable" ;
- sh:property [ sh:class dataset:DatasetAvailabilityType ;
- sh:maxCount 1 ;
- sh:name "datasetAvailability" ;
- sh:path dataset:datasetAvailability ],
- [ sh:class dataset:ConfidentialityLevelType ;
- sh:maxCount 1 ;
- sh:name "confidentialityLevel" ;
- sh:path dataset:confidentialityLevel ],
- [ sh:datatype xsd:string ;
- sh:maxCount 1 ;
- sh:name "dataCollectionProcess" ;
- sh:path dataset:dataCollectionProcess ],
+ rdfs:comment "A collection of SPDX Elements that could potentially be serialized."@en ;
+ rdfs:subClassOf ns1:ElementCollection ;
+ sh:nodeKind sh:IRI ;
+ sh:property [ sh:class ns1:ExternalMap ;
+ sh:nodeKind sh:BlankNodeOrIRI ;
+ sh:path ns1:import ],
+ [ sh:class ;
+ sh:maxCount 1 ;
+ sh:nodeKind sh:IRI ;
+ sh:path ns1:dataLicense ],
+ [ sh:class ns1:NamespaceMap ;
+ sh:nodeKind sh:BlankNodeOrIRI ;
+ sh:path ns1:namespaceMap ] .
+
+ns1:SpdxOrganization a owl:NamedIndividual,
+ ns1:Organization ;
+ rdfs:comment "An Organization representing the SPDX Project."@en ;
+ owl:sameAs .
+
+ns3:DatasetPackage a owl:Class,
+ sh:NodeShape ;
+ rdfs:comment "Specifies a data package and its associated information."@en ;
+ rdfs:subClassOf ns2:Package ;
+ sh:nodeKind sh:IRI ;
+ sh:property [ sh:datatype xsd:string ;
+ sh:nodeKind sh:Literal ;
+ sh:path ns3:dataPreprocessing ],
[ sh:datatype xsd:string ;
sh:maxCount 1 ;
- sh:name "datasetUpdateMechanism" ;
- sh:path dataset:datasetUpdateMechanism ],
- [ sh:datatype xsd:string ;
- sh:name "knownBias" ;
- sh:path dataset:knownBias ],
+ sh:nodeKind sh:Literal ;
+ sh:path ns3:datasetNoise ],
[ sh:datatype xsd:nonNegativeInteger ;
sh:maxCount 1 ;
- sh:name "datasetSize" ;
- sh:path dataset:datasetSize ],
- [ sh:datatype xsd:string ;
- sh:maxCount 1 ;
- sh:name "intendedUse" ;
- sh:path dataset:intendedUse ],
- [ sh:datatype dataset:PresenceType ;
+ sh:nodeKind sh:Literal ;
+ sh:path ns3:datasetSize ],
+ [ sh:class ns3:DatasetAvailabilityType ;
+ sh:in ( ) ;
sh:maxCount 1 ;
- sh:name "sensitivePersonalInformation" ;
- sh:path dataset:sensitivePersonalInformation ],
+ sh:nodeKind sh:IRI ;
+ sh:path ns3:datasetAvailability ],
+ [ sh:class ns1:DictionaryEntry ;
+ sh:nodeKind sh:BlankNodeOrIRI ;
+ sh:path ns3:sensor ],
[ sh:datatype xsd:string ;
- sh:name "dataPreprocessing" ;
- sh:path dataset:dataPreprocessing ],
+ sh:nodeKind sh:Literal ;
+ sh:path ns3:knownBias ],
+ [ sh:class ns3:ConfidentialityLevelType ;
+ sh:in ( ) ;
+ sh:maxCount 1 ;
+ sh:nodeKind sh:IRI ;
+ sh:path ns3:confidentialityLevel ],
[ sh:datatype xsd:string ;
sh:maxCount 1 ;
- sh:name "datasetNoise" ;
- sh:path dataset:datasetNoise ],
- [ sh:class core:DictionaryEntry ;
- sh:name "sensor" ;
- sh:path dataset:sensor ],
+ sh:nodeKind sh:Literal ;
+ sh:path ns3:datasetUpdateMechanism ],
[ sh:datatype xsd:string ;
sh:maxCount 1 ;
+ sh:nodeKind sh:Literal ;
+ sh:path ns3:intendedUse ],
+ [ sh:class ns1:PresenceType ;
+ sh:in ( ) ;
+ sh:maxCount 1 ;
+ sh:nodeKind sh:IRI ;
+ sh:path ns3:hasSensitivePersonalInformation ],
+ [ sh:class ns3:DatasetType ;
+ sh:in ( ) ;
sh:minCount 1 ;
- sh:name "datasetType" ;
- sh:path dataset:datasetType ],
+ sh:nodeKind sh:IRI ;
+ sh:path ns3:datasetType ],
[ sh:datatype xsd:string ;
- sh:name "anonymizationMethodUsed" ;
- sh:path dataset:anonymizationMethodUsed ] .
-
- a owl:NamedIndividual,
- dataset:DatasetAvailabilityType .
-
- a owl:NamedIndividual,
- dataset:DatasetAvailabilityType .
-
- a owl:NamedIndividual,
- dataset:DatasetAvailabilityType .
-
- a owl:NamedIndividual,
- dataset:DatasetAvailabilityType .
-
- a owl:NamedIndividual,
- dataset:DatasetAvailabilityType .
+ sh:maxCount 1 ;
+ sh:nodeKind sh:Literal ;
+ sh:path ns3:dataCollectionProcess ],
+ [ sh:datatype xsd:string ;
+ sh:nodeKind sh:Literal ;
+ sh:path ns3:anonymizationMethodUsed ] .
-licensing:ConjunctiveLicenseSet a owl:Class,
+ns6:ConjunctiveLicenseSet a owl:Class,
sh:NodeShape ;
- rdfs:comment """A ConjunctiveLicenseSet indicates that _each_ of its subsidiary
-AnyLicenseInfos apply. In other words, a ConjunctiveLicenseSet of two or
-more licenses represents a licensing situation where _all_ of the specified
-licenses are to be complied with. It is represented in the SPDX License
-Expression Syntax by the `AND` operator.
-
-It is syntactically correct to specify a ConjunctiveLicenseSet where the
-subsidiary AnyLicenseInfos may be "incompatible" according to a particular
-interpretation of the corresponding Licenses. The SPDX License Expression
-Syntax does not take into account interpretation of license texts, which is
-left to the consumer of SPDX data to determine for themselves.""" ;
- rdfs:subClassOf licensing:AnyLicenseInfo ;
- ns0:term_status "Stable" ;
- sh:property [ sh:class licensing:AnyLicenseInfo ;
+ rdfs:comment """Portion of an AnyLicenseInfo representing a set of licensing information
+where all elements apply."""@en ;
+ rdfs:subClassOf ;
+ sh:nodeKind sh:IRI ;
+ sh:property [ sh:class ;
sh:minCount 2 ;
- sh:name "member" ;
- sh:path licensing:member ] .
+ sh:nodeKind sh:IRI ;
+ sh:path ns6:member ] .
-licensing:CustomLicense a owl:Class,
- sh:NodeShape ;
- rdfs:comment """A CustomLicense represents a License that is not listed on the SPDX License
-List at https://spdx.org/licenses, and is therefore defined by an SPDX data
-creator.""" ;
- rdfs:subClassOf licensing:License ;
- ns0:term_status "Stable" .
+ns6:CustomLicense a owl:Class ;
+ rdfs:comment "A license that is not listed on the SPDX License List."@en ;
+ rdfs:subClassOf ns6:License ;
+ sh:nodeKind sh:IRI .
-licensing:CustomLicenseAddition a owl:Class,
- sh:NodeShape ;
- rdfs:comment """A CustomLicenseAddition represents an addition to a License that is not listed
-on the SPDX Exceptions List at https://spdx.org/licenses/exceptions-index.html,
-and is therefore defined by an SPDX data creator.
+ns6:CustomLicenseAddition a owl:Class ;
+ rdfs:comment "A license addition that is not listed on the SPDX Exceptions List."@en ;
+ rdfs:subClassOf ns6:LicenseAddition ;
+ sh:nodeKind sh:IRI .
-It is intended to represent additional language which is meant to be added to
-a License, but which is not itself a standalone License.""" ;
- rdfs:subClassOf licensing:LicenseAddition ;
- ns0:term_status "Stable" .
-
-licensing:DisjunctiveLicenseSet a owl:Class,
+ns6:DisjunctiveLicenseSet a owl:Class,
sh:NodeShape ;
- rdfs:comment """A DisjunctiveLicenseSet indicates that _only one_ of its subsidiary
-AnyLicenseInfos is required to apply. In other words, a
-DisjunctiveLicenseSet of two or more licenses represents a licensing
-situation where _only one_ of the specified licenses are to be complied with.
-A consumer of SPDX data would typically understand this to permit the recipient
-of the licensed content to choose which of the corresponding license they
-would prefer to use. It is represented in the SPDX License Expression Syntax
-by the `OR` operator.""" ;
- rdfs:subClassOf licensing:AnyLicenseInfo ;
- ns0:term_status "Stable" ;
- sh:property [ sh:class licensing:AnyLicenseInfo ;
+ rdfs:comment """Portion of an AnyLicenseInfo representing a set of licensing information where
+only one of the elements applies."""@en ;
+ rdfs:subClassOf ;
+ sh:nodeKind sh:IRI ;
+ sh:property [ sh:class ;
sh:minCount 2 ;
- sh:name "member" ;
- sh:path licensing:member ] .
+ sh:nodeKind sh:IRI ;
+ sh:path ns6:member ] .
-licensing:ListedLicense a owl:Class,
+ns6:ListedLicense a owl:Class,
sh:NodeShape ;
- rdfs:comment """A ListedLicense represents a License that is listed on the SPDX License List
-at https://spdx.org/licenses.""" ;
- rdfs:subClassOf licensing:License ;
- ns0:term_status "Stable" ;
+ rdfs:comment "A license that is listed on the SPDX License List."@en ;
+ rdfs:subClassOf ns6:License ;
+ sh:nodeKind sh:IRI ;
sh:property [ sh:datatype xsd:string ;
sh:maxCount 1 ;
- sh:name "deprecatedVersion" ;
- sh:path licensing:deprecatedVersion ],
+ sh:nodeKind sh:Literal ;
+ sh:path ns6:deprecatedVersion ],
[ sh:datatype xsd:string ;
sh:maxCount 1 ;
- sh:name "listVersionAdded" ;
- sh:path licensing:listVersionAdded ] .
+ sh:nodeKind sh:Literal ;
+ sh:path ns6:listVersionAdded ] .
-licensing:ListedLicenseException a owl:Class,
+ns6:ListedLicenseException a owl:Class,
sh:NodeShape ;
- rdfs:comment """A ListedLicenseException represents an exception to a License (in other words,
-an exception to a license condition or an additional permission beyond those
-granted in a License) which is listed on the SPDX Exceptions List at
-https://spdx.org/licenses/exceptions-index.html.""" ;
- rdfs:subClassOf licensing:LicenseAddition ;
- ns0:term_status "Stable" ;
+ rdfs:comment "A license exception that is listed on the SPDX Exceptions list."@en ;
+ rdfs:subClassOf ns6:LicenseAddition ;
+ sh:nodeKind sh:IRI ;
sh:property [ sh:datatype xsd:string ;
sh:maxCount 1 ;
- sh:name "deprecatedVersion" ;
- sh:path licensing:deprecatedVersion ],
+ sh:nodeKind sh:Literal ;
+ sh:path ns6:deprecatedVersion ],
[ sh:datatype xsd:string ;
sh:maxCount 1 ;
- sh:name "listVersionAdded" ;
- sh:path licensing:listVersionAdded ] .
+ sh:nodeKind sh:Literal ;
+ sh:path ns6:listVersionAdded ] .
-licensing:NoAssertionLicense a owl:Class,
- sh:NodeShape ;
- rdfs:comment """A NoAssertionLicense is the primary value that is used by a concludedLicense
-or declaredLicense field that indicates that the SPDX data creator is making
-no assertion about the license information for the corresponding software
-Package, File or Snippet.
-
-The specific meaning of NoAssertionLicense in the context of a
-concludedLicense or declaredLicense field is more fully set forth in the
-Property definitions for those fields.""" ;
- rdfs:subClassOf licensing:LicenseField ;
- ns0:term_status "Stable" .
-
-licensing:NoneLicense a owl:Class,
- sh:NodeShape ;
- rdfs:comment """A NoneLicense is the primary value that is used by a concludedLicense or
-declaredLicense field that indicates the absence of license information from
-the corresponding software Package, File or Snippet.
+ns6:NoAssertionLicense a owl:NamedIndividual,
+ ns6:IndividualLicensingInfo ;
+ rdfs:comment """An Individual Value for License when no assertion can be made about its actual
+value."""@en ;
+ owl:sameAs .
-The specific meaning of NoneLicense in the context of a concludedLicense or
-declaredLicense field is more fully set forth in the Property definitions for
-those fields.""" ;
- rdfs:subClassOf licensing:LicenseField ;
- ns0:term_status "Stable" .
+ns6:NoneLicense a owl:NamedIndividual,
+ ns6:IndividualLicensingInfo ;
+ rdfs:comment """An Individual Value for License where the SPDX data creator determines that no
+license is present."""@en ;
+ owl:sameAs .
-licensing:OrLaterOperator a owl:Class,
+ns6:OrLaterOperator a owl:Class,
sh:NodeShape ;
- rdfs:comment """An OrLaterOperator indicates that this portion of the AnyLicenseInfo
-represents either (1) the specified version of the corresponding License, or
-(2) any later version of that License. It is represented in the SPDX License
-Expression Syntax by the `+` operator.
-
-It is context-dependent, and unspecified by SPDX, as to what constitutes a
-"later version" of any particular License. Some Licenses may not be versioned,
-or may not have clearly-defined ordering for versions. The consumer of SPDX
-data will need to determine for themselves what meaning to attribute to a
-"later version" operator for a particular License.""" ;
- rdfs:subClassOf licensing:AnyLicenseInfo ;
- ns0:term_status "Stable" ;
- sh:property [ sh:class licensing:License ;
+ rdfs:comment """Portion of an AnyLicenseInfo representing this version, or any later version,
+of the indicated License."""@en ;
+ rdfs:subClassOf ns6:ExtendableLicense ;
+ sh:nodeKind sh:IRI ;
+ sh:property [ sh:class ns6:License ;
sh:maxCount 1 ;
sh:minCount 1 ;
- sh:name "subjectLicense" ;
- sh:path licensing:subjectLicense ] .
+ sh:nodeKind sh:IRI ;
+ sh:path ns6:subjectLicense ] .
-licensing:WithAdditionOperator a owl:Class,
+ns6:WithAdditionOperator a owl:Class,
sh:NodeShape ;
- rdfs:comment """A WithAdditionOperator indicates that the designated License is subject to the
-designated LicenseAddition, which might be a license exception on the SPDX
-Exceptions List (ListedLicenseException) or may be other additional text
-(CustomLicenseAddition). It is represented in the SPDX License Expression
-Syntax by the `WITH` operator.""" ;
- rdfs:subClassOf licensing:AnyLicenseInfo ;
- ns0:term_status "Stable" ;
- sh:property [ sh:class licensing:License ;
+ rdfs:comment """Portion of an AnyLicenseInfo representing a License which has additional
+text applied to it."""@en ;
+ rdfs:subClassOf ;
+ sh:nodeKind sh:IRI ;
+ sh:property [ sh:class ns6:ExtendableLicense ;
sh:maxCount 1 ;
sh:minCount 1 ;
- sh:name "subjectLicense" ;
- sh:path licensing:subjectLicense ],
- [ sh:class licensing:LicenseAddition ;
+ sh:nodeKind sh:IRI ;
+ sh:path ns6:subjectExtendableLicense ],
+ [ sh:class ns6:LicenseAddition ;
sh:maxCount 1 ;
sh:minCount 1 ;
- sh:name "subjectAddition" ;
- sh:path licensing:subjectAddition ] .
+ sh:nodeKind sh:IRI ;
+ sh:path ns6:subjectAddition ] .
+
+ a owl:Class,
+ sh:NodeShape ;
+ rdfs:comment "A type of extension consisting of a list of name value pairs."@en ;
+ rdfs:subClassOf ;
+ sh:nodeKind sh:BlankNode ;
+ sh:property [ sh:class ;
+ sh:minCount 1 ;
+ sh:nodeKind sh:BlankNodeOrIRI ;
+ sh:path ] .
-security:CvssV2VulnAssessmentRelationship a owl:Class,
+ns5:CvssV2VulnAssessmentRelationship a owl:Class,
sh:NodeShape ;
- rdfs:comment """A CvssV2VulnAssessmentRelationship relationship describes the determined score and vector of a vulnerability using version 2.0 of the Common Vulnerability Scoring System
-(CVSS) as defined on [https://www.first.org/cvss/v2/guide](https://www.first.org/cvss/v2/guide). It is intented to communicate the results of using a CVSS calculator.
-
-**Constraints**
-
-- The value of severity must be one of 'low', 'medium' or 'high'
-- The relationship type must be set to hasAssessmentFor.
-
-**Syntax**
-
-```json
-{
- "@type": "CvssV2VulnAssessmentRelationship",
- "@id": "urn:spdx.dev:cvssv2-cve-2020-28498",
- "relationshipType": "hasAssessmentFor",
- "score": 4.3,
- "vector": "(AV:N/AC:M/Au:N/C:P/I:N/A:N)",
- "severity": "low",
- "from": "urn:spdx.dev:vuln-cve-2020-28498",
- "to": ["urn:product-acme-application-1.3"],
- "assessedElement": "urn:npm-elliptic-6.5.2",
- "externalReferences": [
- {
- "@type": "ExternalReference",
- "externalReferenceType": "securityAdvisory",
- "locator": "https://nvd.nist.gov/vuln/detail/CVE-2020-28498"
- },
- {
- "@type": "ExternalReference",
- "externalReferenceType": "securityAdvisory",
- "locator": "https://snyk.io/vuln/SNYK-JS-ELLIPTIC-1064899"
- },
- {
- "@type": "ExternalReference",
- "externalReferenceType": "securityFix",
- "locator": "https://github.com/indutny/elliptic/commit/441b742"
- }
- ],
- "suppliedBy": ["urn:spdx.dev:agent-my-security-vendor"],
- "publishedTime": "2023-05-06T10:06:13Z"
-},
-{
- "@type": "Relationship",
- "@id": "urn:spdx.dev:vulnAgentRel-1",
- "relationshipType": "publishedBy",
- "from": "urn:spdx.dev:cvssv2-cve-2020-28498",
- "to": ["urn:spdx.dev:agent-snyk"],
- "startTime": "2021-03-08T16:06:50Z"
-}
-```""" ;
- rdfs:subClassOf security:VulnAssessmentRelationship ;
- ns0:term_status "Stable" ;
+ rdfs:comment "Provides a CVSS version 2.0 assessment for a vulnerability."@en ;
+ rdfs:subClassOf ns5:VulnAssessmentRelationship ;
+ sh:nodeKind sh:IRI ;
sh:property [ sh:datatype xsd:decimal ;
sh:maxCount 1 ;
sh:minCount 1 ;
- sh:name "score" ;
- sh:path security:score ],
+ sh:nodeKind sh:Literal ;
+ sh:path ns5:score ],
[ sh:datatype xsd:string ;
sh:maxCount 1 ;
- sh:name "severity" ;
- sh:path security:severity ],
+ sh:minCount 1 ;
+ sh:nodeKind sh:Literal ;
+ sh:path ns5:vectorString ] .
+
+ns5:CvssV3VulnAssessmentRelationship a owl:Class,
+ sh:NodeShape ;
+ rdfs:comment "Provides a CVSS version 3 assessment for a vulnerability."@en ;
+ rdfs:subClassOf ns5:VulnAssessmentRelationship ;
+ sh:nodeKind sh:IRI ;
+ sh:property [ sh:class ns5:CvssSeverityType ;
+ sh:in ( ) ;
+ sh:maxCount 1 ;
+ sh:minCount 1 ;
+ sh:nodeKind sh:IRI ;
+ sh:path ns5:severity ],
+ [ sh:datatype xsd:decimal ;
+ sh:maxCount 1 ;
+ sh:minCount 1 ;
+ sh:nodeKind sh:Literal ;
+ sh:path ns5:score ],
[ sh:datatype xsd:string ;
sh:maxCount 1 ;
- sh:name "vector" ;
- sh:path security:vector ] .
+ sh:minCount 1 ;
+ sh:nodeKind sh:Literal ;
+ sh:path ns5:vectorString ] .
-security:CvssV3VulnAssessmentRelationship a owl:Class,
+ns5:CvssV4VulnAssessmentRelationship a owl:Class,
sh:NodeShape ;
- rdfs:comment """A CvssV3VulnAssessmentRelationship relationship describes the determined score,
-severity, and vector of a vulnerability using version 3.1 of the Common
-Vulnerability Scoring System (CVSS) as defined on
-[https://www.first.org/cvss/v3.1/specification-document](https://www.first.org/cvss/v3.1/specification-document). It is intented to communicate the results of using a CVSS calculator.
-
-**Constraints**
-
-- The value of severity must be one of 'none', 'low', 'medium', 'high' or 'critical'.
-- Absence of the property shall be interpreted as 'none'.
-- The relationship type must be set to hasAssessmentFor.
-
-**Syntax**
-
-```json
-{
- "@type": "CvssV3VulnAssessmentRelationship",
- "@id": "urn:spdx.dev:cvssv3-cve-2020-28498",
- "relationshipType": "hasAssessmentFor",
- "severity": "medium",
- "score": 6.8,
- "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N",
- "from": "urn:spdx.dev:vuln-cve-2020-28498",
- "to": ["urn:product-acme-application-1.3"],
- "assessedElement": "urn:npm-elliptic-6.5.2",
- "externalReferences": [
- {
- "@type": "ExternalReference",
- "externalReferenceType": "securityAdvisory",
- "locator": "https://nvd.nist.gov/vuln/detail/CVE-2020-28498"
- },
- {
- "@type": "ExternalReference",
- "externalReferenceType": "securityAdvisory",
- "locator": "https://snyk.io/vuln/SNYK-JS-ELLIPTIC-1064899"
- },
- {
- "@type": "ExternalReference",
- "externalReferenceType": "securityFix",
- "locator": "https://github.com/indutny/elliptic/commit/441b742"
- }
- ],
- "suppliedBy": ["urn:spdx.dev:agent-my-security-vendor"],
- "publishedTime": "2023-05-06T10:06:13Z"
-},
-{
- "@type": "Relationship",
- "@id": "urn:spdx.dev:vulnAgentRel-1",
- "relationshipType": "publishedBy",
- "from": "urn:spdx.dev:cvssv3-cve-2020-28498",
- "to": "urn:spdx.dev:agent-snyk",
- "startTime": "2021-03-08T16:06:50Z"
-}
-```""" ;
- rdfs:subClassOf security:VulnAssessmentRelationship ;
- ns0:term_status "Stable" ;
+ rdfs:comment "Provides a CVSS version 4 assessment for a vulnerability."@en ;
+ rdfs:subClassOf ns5:VulnAssessmentRelationship ;
+ sh:nodeKind sh:IRI ;
sh:property [ sh:datatype xsd:decimal ;
sh:maxCount 1 ;
sh:minCount 1 ;
- sh:name "score" ;
- sh:path security:score ],
+ sh:nodeKind sh:Literal ;
+ sh:path ns5:score ],
[ sh:datatype xsd:string ;
sh:maxCount 1 ;
- sh:name "vector" ;
- sh:path security:vector ],
- [ sh:datatype xsd:string ;
+ sh:minCount 1 ;
+ sh:nodeKind sh:Literal ;
+ sh:path ns5:vectorString ],
+ [ sh:class ns5:CvssSeverityType ;
+ sh:in (