├── .gitignore ├── serialization ├── cbor.md └── jsonld │ ├── validation-vscode.png │ ├── validation-vscode-error.png │ ├── validation-vscode-suggestion.png │ └── examples │ ├── person3.json │ ├── org1.json │ ├── tool1.json │ ├── file1.json │ ├── agent1.json │ ├── relationship1.json │ ├── person1.json │ ├── sbom1.json │ ├── spdx_document1.json │ ├── annotation1.json │ └── person2.json ├── images ├── model-AI.png ├── model-Build.png ├── model-Core.png ├── model-Dataset.png ├── model-Hardware.png ├── model-Security.png ├── model-Service.png ├── model-Software.png ├── model-Extension.png ├── model-Licensing.png └── model-SupplyChain.png ├── .github ├── dependabot.yaml └── workflows │ └── test_context.py ├── model ├── Core │ ├── Properties │ │ ├── prefix.md │ │ ├── processRationale.md │ │ ├── country.md │ │ ├── city.md │ │ ├── builtTime.md │ │ ├── identifier.md │ │ ├── locator.md │ │ ├── postalCode.md │ │ ├── processVersion.md │ │ ├── annotationType.md │ │ ├── releaseTime.md │ │ ├── subject.md │ │ ├── actionStartTime.md │ │ ├── endIntegerRange.md │ │ ├── from.md │ │ ├── hashValue.md │ │ ├── specType.md │ │ ├── statement.md │ │ ├── actionEndTime.md │ │ ├── additionalInformation.md │ │ ├── externalRefType.md │ │ ├── contactType.md │ │ ├── creationInfo.md │ │ ├── originatedBy.md │ │ ├── provinceStateCode.md │ │ ├── startTime.md │ │ ├── beginIntegerRange.md │ │ ├── element.md │ │ ├── algorithm.md │ │ ├── endTime.md │ │ ├── locationHint.md │ │ ├── actionLocation.md │ │ ├── key.md │ │ ├── processReadiness.md │ │ ├── externalIdentifierType.md │ │ ├── import.md │ │ ├── geographicPointLocation.md │ │ ├── scope.md │ │ ├── value.md │ │ ├── extension.md │ │ ├── streetAddress.md │ │ ├── namespace.md │ │ ├── supportLevel.md │ │ ├── comment.md │ │ ├── summary.md │ │ ├── validUntilTime.md │ │ ├── requirementStatement.md │ │ ├── requirementUUID.md │ │ ├── to.md │ │ ├── name.md │ │ ├── postalName.md │ │ ├── completeness.md │ │ ├── createdBy.md │ │ ├── externalSpdxId.md │ │ ├── context.md │ │ ├── countyCode.md │ │ ├── externalRef.md │ │ ├── externalIdentifier.md │ │ ├── identifierLocator.md │ │ ├── locationTime.md │ │ ├── quantity.md │ │ ├── requirementRationale.md │ │ ├── intendedUse.md │ │ ├── contentType.md │ │ ├── unitQUDT.md │ │ ├── rootElement.md │ │ ├── createdUsing.md │ │ ├── namespaceMap.md │ │ ├── packageVerificationCodeExcludedFile.md │ │ ├── relationshipType.md │ │ ├── verifiedUsing.md │ │ ├── inLanguage.md │ │ ├── issuingAuthority.md │ │ ├── spdxId.md │ │ ├── definingArtifact.md │ │ ├── created.md │ │ ├── postOfficeBoxNumber.md │ │ ├── devLifecycleStage.md │ │ ├── typeFromSource.md │ │ ├── definitionSource.md │ │ ├── suppliedBy.md │ │ ├── description.md │ │ ├── standardName.md │ │ ├── isoAutomationLevel.md │ │ └── headquartersLocation.md │ ├── Classes │ │ ├── Person.md │ │ ├── SoftwareAgent.md │ │ ├── Tool.md │ │ ├── Bundle.md │ │ ├── Organization.md │ │ ├── Agent.md │ │ ├── IndividualElement.md │ │ ├── MeasureOfMass.md │ │ ├── MeasureOfLength.md │ │ ├── Regulation.md │ │ ├── DefinedProcess.md │ │ ├── LifecycleScopedRelationship.md │ │ ├── Bom.md │ │ ├── PositiveIntegerRange.md │ │ ├── ContactPointRelationship.md │ │ ├── DefinedType.md │ │ ├── DictionaryEntry.md │ │ ├── UnitOfMeasure.md │ │ ├── ExternalRef.md │ │ ├── Action.md │ │ └── Annotation.md │ ├── Core.md │ ├── Vocabularies │ │ ├── PresenceType.md │ │ ├── ProcessReadinessType.md │ │ ├── AnnotationType.md │ │ └── RelationshipCompleteness.md │ ├── Datatypes │ │ ├── DateTime.md │ │ ├── CountryCodeAlpha3.md │ │ └── SemVer.md │ └── Individuals │ │ ├── SpdxOrganization.md │ │ └── NoneElement.md ├── Operations │ └── Properties │ │ ├── projectTitle.md │ │ ├── projectSponsor.md │ │ ├── assessor.md │ │ ├── projectContract.md │ │ ├── projectOwner.md │ │ ├── projectEndTime.md │ │ ├── weight.md │ │ ├── assessedElement.md │ │ ├── assessmentTimestamp.md │ │ ├── projectStartTime.md │ │ ├── assessmentResult.md │ │ ├── exportClassification.md │ │ ├── exportingCountry.md │ │ ├── assessmentContext.md │ │ ├── exportControlSpecification.md │ │ └── exportControlClassificationResult.md ├── Hardware │ ├── Properties │ │ ├── itemVersion.md │ │ ├── releaseDate.md │ │ ├── hardwareVersion.md │ │ ├── partNumber.md │ │ ├── xAxisLength.md │ │ ├── yAxisLength.md │ │ ├── category.md │ │ ├── mass.md │ │ ├── dimensions.md │ │ ├── serialNumber.md │ │ ├── additionalInformation.md │ │ ├── bulkQuantity.md │ │ ├── batchNumber.md │ │ ├── zAxisLength.md │ │ ├── virtualHardwareModel.md │ │ ├── massOfHardware.md │ │ ├── productAgent.md │ │ ├── centerOfMass.md │ │ ├── hazard.md │ │ └── additionalInformationSpecification.md │ ├── Hardware.md │ ├── Vocabularies │ │ └── VirtualHardwareModelType.md │ └── Classes │ │ ├── PhysicalHardware.md │ │ └── VirtualHardware.md ├── SupplyChain │ ├── Properties │ │ ├── vaildState.md │ │ ├── pickupLocation.md │ │ ├── forPickupLocation.md │ │ ├── dropoffLocation.md │ │ ├── decisionProcess.md │ │ ├── destructionPerformedBy.md │ │ ├── forDropoffLocation.md │ │ ├── current.md │ │ ├── previous.md │ │ ├── responsibilityChangedOn.md │ │ ├── currentState.md │ │ ├── plannedCurrent.md │ │ ├── plannedStorageLocation.md │ │ ├── boundaryParameter.md │ │ ├── plannedPrevious.md │ │ ├── plannedInspectionLocation.md │ │ ├── plannedProductofResponsibilityChange.md │ │ ├── responsibilityCategory.md │ │ ├── transportRoute.md │ │ └── plannedTransportRoutes.md │ ├── Classes │ │ ├── HarvestProcess.md │ │ ├── PlanProcess.md │ │ ├── ChangeAction.md │ │ ├── ReproduceProcess.md │ │ ├── StorageProcess.md │ │ ├── ChangeProcess.md │ │ ├── ManufactureAction.md │ │ ├── TestAction.md │ │ ├── StorageAction.md │ │ ├── DestroyProcess.md │ │ ├── BoundaryDefinitionProcess.md │ │ ├── InstantiateVirtualHardwareProcess.md │ │ ├── ManufactureProcess.md │ │ ├── AssemblyAction.md │ │ ├── TestProcess.md │ │ ├── HarvestAction.md │ │ ├── BoundaryCrossingAction.md │ │ ├── TransportAction.md │ │ ├── DefinedStateProcess.md │ │ ├── TransportProcess.md │ │ ├── StateAction.md │ │ ├── InspectionProcess.md │ │ ├── ReproduceAction.md │ │ ├── AssemblyProcess.md │ │ ├── ResolutionAction.md │ │ ├── PlanAction.md │ │ ├── CreateAction.md │ │ └── DestroyAction.md │ └── Vocabularies │ │ └── ResponsibilityType.md ├── AI │ ├── Properties │ │ ├── energyQuantity.md │ │ ├── energyUnit.md │ │ ├── domain.md │ │ ├── typeOfModel.md │ │ ├── modelDataPreprocessing.md │ │ ├── trainingEnergyConsumption.md │ │ ├── finetuningEnergyConsumption.md │ │ ├── inferenceEnergyConsumption.md │ │ ├── metric.md │ │ ├── limitation.md │ │ ├── metricDecisionThreshold.md │ │ ├── energyConsumption.md │ │ ├── useSensitivePersonalInformation.md │ │ ├── modelExplainability.md │ │ ├── autonomyType.md │ │ └── standardCompliance.md │ └── Vocabularies │ │ └── EnergyUnitType.md ├── Security │ ├── Properties │ │ ├── locator.md │ │ ├── impactStatementTime.md │ │ ├── publishedTime.md │ │ ├── modifiedTime.md │ │ ├── withdrawnTime.md │ │ ├── exploited.md │ │ ├── vexVersion.md │ │ ├── statusNotes.md │ │ ├── severity.md │ │ ├── catalogType.md │ │ ├── assessedElement.md │ │ ├── score.md │ │ ├── percentile.md │ │ ├── actionStatement.md │ │ ├── probability.md │ │ ├── decisionType.md │ │ ├── actionStatementTime.md │ │ ├── impactStatement.md │ │ └── vectorString.md │ ├── Security.md │ └── Vocabularies │ │ └── ExploitCatalogType.md ├── Software │ ├── Software.md │ ├── Properties │ │ ├── artifactSize.md │ │ ├── snippetFromFile.md │ │ ├── contentIdentifierValue.md │ │ ├── contentIdentifierType.md │ │ ├── packageVersion.md │ │ ├── primaryPurpose.md │ │ ├── fileKind.md │ │ ├── additionalPurpose.md │ │ ├── contentIdentifier.md │ │ ├── downloadLocation.md │ │ ├── sbomType.md │ │ ├── byteRange.md │ │ ├── sourceInfo.md │ │ ├── homePage.md │ │ └── lineRange.md │ ├── Vocabularies │ │ └── FileKindType.md │ └── Classes │ │ ├── Sbom.md │ │ └── ContentIdentifier.md ├── Service │ ├── Properties │ │ ├── provider.md │ │ ├── serverAuthenticationProtocol.md │ │ └── serviceHostingCountry.md │ ├── Service.md │ └── Classes │ │ └── SoftwareService.md ├── Dataset │ ├── Properties │ │ ├── knownBias.md │ │ ├── datasetUpdateMechanism.md │ │ ├── sensor.md │ │ ├── anonymizationMethodUsed.md │ │ ├── confidentialityLevel.md │ │ ├── datasetSize.md │ │ ├── dataCollectionProcess.md │ │ ├── datasetNoise.md │ │ ├── datasetAvailability.md │ │ ├── datasetType.md │ │ ├── hasSensitivePersonalInformation.md │ │ └── dataPreprocessing.md │ └── Vocabularies │ │ └── ConfidentialityLevelType.md ├── Extension │ ├── Extension.md │ ├── Properties │ │ ├── cdxPropName.md │ │ ├── cdxPropValue.md │ │ └── cdxProperty.md │ └── Classes │ │ ├── CdxPropertiesExtension.md │ │ └── CdxPropertyEntry.md ├── ExpandedLicensing │ ├── Properties │ │ ├── subjectLicense.md │ │ ├── subjectAddition.md │ │ ├── subjectExtendableLicense.md │ │ ├── member.md │ │ ├── listVersionAdded.md │ │ ├── standardLicenseHeader.md │ │ ├── additionText.md │ │ ├── deprecatedVersion.md │ │ ├── licenseXml.md │ │ ├── obsoletedBy.md │ │ └── standardLicenseTemplate.md │ ├── ExpandedLicensing.md │ ├── Classes │ │ ├── CustomLicense.md │ │ ├── ExtendableLicense.md │ │ ├── IndividualLicensingInfo.md │ │ ├── ListedLicense.md │ │ └── CustomLicenseAddition.md │ └── Individuals │ │ ├── NoneLicense.md │ │ └── NoAssertionLicense.md ├── Build │ └── Properties │ │ ├── buildStartTime.md │ │ ├── buildEndTime.md │ │ ├── configSourceDigest.md │ │ ├── buildId.md │ │ ├── environment.md │ │ ├── parameter.md │ │ └── configSourceUri.md └── SimpleLicensing │ ├── Properties │ └── licenseText.md │ └── Classes │ └── SimpleLicensingText.md ├── Governance.md ├── .editorconfig └── .gitattributes /.gitignore: -------------------------------------------------------------------------------- 1 | 2 | *.bkp 3 | *.dtmp 4 | *.swp 5 | -------------------------------------------------------------------------------- /serialization/cbor.md: -------------------------------------------------------------------------------- 1 | # CBOR serialization 2 | -------------------------------------------------------------------------------- /images/model-AI.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/spdx/spdx-3-model/HEAD/images/model-AI.png -------------------------------------------------------------------------------- /images/model-Build.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/spdx/spdx-3-model/HEAD/images/model-Build.png -------------------------------------------------------------------------------- /images/model-Core.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/spdx/spdx-3-model/HEAD/images/model-Core.png -------------------------------------------------------------------------------- /images/model-Dataset.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/spdx/spdx-3-model/HEAD/images/model-Dataset.png -------------------------------------------------------------------------------- /images/model-Hardware.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/spdx/spdx-3-model/HEAD/images/model-Hardware.png -------------------------------------------------------------------------------- /images/model-Security.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/spdx/spdx-3-model/HEAD/images/model-Security.png -------------------------------------------------------------------------------- /images/model-Service.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/spdx/spdx-3-model/HEAD/images/model-Service.png -------------------------------------------------------------------------------- /images/model-Software.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/spdx/spdx-3-model/HEAD/images/model-Software.png -------------------------------------------------------------------------------- /images/model-Extension.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/spdx/spdx-3-model/HEAD/images/model-Extension.png -------------------------------------------------------------------------------- /images/model-Licensing.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/spdx/spdx-3-model/HEAD/images/model-Licensing.png -------------------------------------------------------------------------------- /images/model-SupplyChain.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/spdx/spdx-3-model/HEAD/images/model-SupplyChain.png -------------------------------------------------------------------------------- /serialization/jsonld/validation-vscode.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/spdx/spdx-3-model/HEAD/serialization/jsonld/validation-vscode.png -------------------------------------------------------------------------------- /serialization/jsonld/validation-vscode-error.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/spdx/spdx-3-model/HEAD/serialization/jsonld/validation-vscode-error.png -------------------------------------------------------------------------------- /serialization/jsonld/validation-vscode-suggestion.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/spdx/spdx-3-model/HEAD/serialization/jsonld/validation-vscode-suggestion.png -------------------------------------------------------------------------------- /.github/dependabot.yaml: -------------------------------------------------------------------------------- 1 | # SPDX-License-Identifier: Apache-2.0 2 | # SPDX-FileCopyrightText: Copyright 2024 spdx contributors 3 | 4 | version: 2 5 | updates: 6 | - package-ecosystem: "github-actions" 7 | directory: "/" 8 | schedule: 9 | interval: "daily" 10 | open-pull-requests-limit: 10 11 | -------------------------------------------------------------------------------- /model/Core/Properties/prefix.md: -------------------------------------------------------------------------------- 1 | SPDX-License-Identifier: Community-Spec-1.0 2 | 3 | # prefix 4 | 5 | ## Summary 6 | 7 | A substitute for a URI. 8 | 9 | ## Description 10 | 11 | A prefix is a substitute for a URI. 12 | 13 | ## Metadata 14 | 15 | - name: prefix 16 | - Nature: DataProperty 17 | - Range: xsd:string 18 | -------------------------------------------------------------------------------- /model/Core/Classes/Person.md: -------------------------------------------------------------------------------- 1 | SPDX-License-Identifier: Community-Spec-1.0 2 | 3 | # Person 4 | 5 | ## Summary 6 | 7 | An individual human being. 8 | 9 | ## Description 10 | 11 | A Person is an individual human being. 12 | 13 | ## Metadata 14 | 15 | - name: Person 16 | - SubclassOf: Agent 17 | - Instantiability: Concrete 18 | -------------------------------------------------------------------------------- /model/Operations/Properties/projectTitle.md: -------------------------------------------------------------------------------- 1 | SPDX-License-Identifier: Community-Spec-1.0 2 | 3 | # projectTitle 4 | 5 | ## Summary 6 | 7 | Title of the project. 8 | 9 | ## Description 10 | 11 | Title of the project. 12 | 13 | ## Metadata 14 | 15 | - name: projectTitle 16 | - Nature: DataProperty 17 | - Range: xsd:string 18 | -------------------------------------------------------------------------------- /model/Operations/Properties/projectSponsor.md: -------------------------------------------------------------------------------- 1 | SPDX-License-Identifier: Community-Spec-1.0 2 | 3 | # projectSponsor 4 | 5 | ## Summary 6 | 7 | Sponsor of the project. 8 | 9 | ## Description 10 | 11 | Sponsor of the project. 12 | 13 | ## Metadata 14 | 15 | - name: projectSponsor 16 | - Nature: DataProperty 17 | - Range: /Core/Agent 18 | -------------------------------------------------------------------------------- /model/Operations/Properties/assessor.md: -------------------------------------------------------------------------------- 1 | SPDX-License-Identifier: Community-Spec-1.0 2 | 3 | # assessor 4 | 5 | ## Summary 6 | 7 | An entity providing an assessment. 8 | 9 | ## Description 10 | 11 | An entity providing an assessment. 12 | 13 | ## Metadata 14 | 15 | - name: assessor 16 | - Nature: DataProperty 17 | - Range: /Core/Agent 18 | -------------------------------------------------------------------------------- /model/Core/Properties/processRationale.md: -------------------------------------------------------------------------------- 1 | SPDX-License-Identifier: Community-Spec-1.0 2 | 3 | # processRationale 4 | 5 | ## Summary 6 | 7 | The reason a process exists. 8 | 9 | ## Description 10 | 11 | The reason a process exists. 12 | 13 | ## Metadata 14 | 15 | - name: processRationale 16 | - Nature: DataProperty 17 | - Range: xsd:string 18 | -------------------------------------------------------------------------------- /model/Core/Properties/country.md: -------------------------------------------------------------------------------- 1 | SPDX-License-Identifier: Community-Spec-1.0 2 | 3 | # country 4 | 5 | ## Summary 6 | 7 | Specifies a country code of the location. 8 | 9 | ## Description 10 | 11 | Specifies a country code of the location. 12 | 13 | ## Metadata 14 | 15 | - name: country 16 | - Nature: DataProperty 17 | - Range: CountryCodeAlpha3 18 | -------------------------------------------------------------------------------- /model/Hardware/Properties/itemVersion.md: -------------------------------------------------------------------------------- 1 | SPDX-License-Identifier: Community-Spec-1.0 2 | 3 | # itemVersion 4 | 5 | ## Summary 6 | 7 | Version identifier for the item. 8 | 9 | ## Description 10 | 11 | Describes the specific version of item. 12 | 13 | ## Metadata 14 | 15 | - name: itemVersion 16 | - Nature: DataProperty 17 | - Range: xsd:string 18 | -------------------------------------------------------------------------------- /model/Operations/Properties/projectContract.md: -------------------------------------------------------------------------------- 1 | SPDX-License-Identifier: Community-Spec-1.0 2 | 3 | # projectContract 4 | 5 | ## Summary 6 | 7 | Link to the project contract. 8 | 9 | ## Description 10 | 11 | Link to the project contract. 12 | 13 | ## Metadata 14 | 15 | - name: projectContract 16 | - Nature: DataProperty 17 | - Range: xsd:anyURI 18 | -------------------------------------------------------------------------------- /model/Operations/Properties/projectOwner.md: -------------------------------------------------------------------------------- 1 | SPDX-License-Identifier: Community-Spec-1.0 2 | 3 | # projectOwner 4 | 5 | ## Summary 6 | 7 | Owner or Lead of the project. 8 | 9 | ## Description 10 | 11 | Person responsible for the project. 12 | 13 | ## Metadata 14 | 15 | - name: projectOwner 16 | - Nature: DataProperty 17 | - Range: /Core/Agent 18 | -------------------------------------------------------------------------------- /model/Core/Properties/city.md: -------------------------------------------------------------------------------- 1 | SPDX-License-Identifier: Community-Spec-1.0 2 | 3 | # city 4 | 5 | ## Summary 6 | 7 | City is a specific name used to define a locality. 8 | 9 | ## Description 10 | 11 | City is a specific name used to define a locality. 12 | 13 | ## Metadata 14 | 15 | - name: city 16 | - Nature: DataProperty 17 | - Range: xsd:string 18 | -------------------------------------------------------------------------------- /model/SupplyChain/Properties/vaildState.md: -------------------------------------------------------------------------------- 1 | SPDX-License-Identifier: Community-Spec-1.0 2 | 3 | # vaildState 4 | 5 | ## Summary 6 | 7 | The vaild state for DefinedStateProcess. 8 | 9 | ## Description 10 | 11 | The vaild state for DefinedStateProcess. 12 | 13 | ## Metadata 14 | 15 | - name: vaildState 16 | - Nature: ObjectProperty 17 | - Range: State 18 | -------------------------------------------------------------------------------- /model/AI/Properties/energyQuantity.md: -------------------------------------------------------------------------------- 1 | SPDX-License-Identifier: Community-Spec-1.0 2 | 3 | # energyQuantity 4 | 5 | ## Summary 6 | 7 | Represents the energy quantity. 8 | 9 | ## Description 10 | 11 | Provides the quantity information of the energy. 12 | 13 | ## Metadata 14 | 15 | - name: energyQuantity 16 | - Nature: DataProperty 17 | - Range: xsd:decimal 18 | -------------------------------------------------------------------------------- /model/Core/Properties/builtTime.md: -------------------------------------------------------------------------------- 1 | SPDX-License-Identifier: Community-Spec-1.0 2 | 3 | # builtTime 4 | 5 | ## Summary 6 | 7 | Specifies the time an artifact was built. 8 | 9 | ## Description 10 | 11 | A builtTime specifies the time an artifact was built. 12 | 13 | ## Metadata 14 | 15 | - name: builtTime 16 | - Nature: DataProperty 17 | - Range: DateTime 18 | -------------------------------------------------------------------------------- /model/AI/Properties/energyUnit.md: -------------------------------------------------------------------------------- 1 | SPDX-License-Identifier: Community-Spec-1.0 2 | 3 | # energyUnit 4 | 5 | ## Summary 6 | 7 | Specifies the unit in which energy is measured. 8 | 9 | ## Description 10 | 11 | Provides the unit information of the energy. 12 | 13 | ## Metadata 14 | 15 | - name: energyUnit 16 | - Nature: ObjectProperty 17 | - Range: EnergyUnitType 18 | -------------------------------------------------------------------------------- /model/Core/Core.md: -------------------------------------------------------------------------------- 1 | SPDX-License-Identifier: Community-Spec-1.0 2 | 3 | # Core 4 | 5 | ## Summary 6 | 7 | The basis for all SPDX profiles. 8 | 9 | ## Description 10 | 11 | The Core namespace defines foundational concepts serving as the basis for all 12 | SPDX 3 profiles. 13 | 14 | ## Metadata 15 | 16 | - id: https://spdx.org/rdf/3.1/terms/Core 17 | - name: Core 18 | -------------------------------------------------------------------------------- /model/Core/Properties/identifier.md: -------------------------------------------------------------------------------- 1 | SPDX-License-Identifier: Community-Spec-1.0 2 | 3 | # identifier 4 | 5 | ## Summary 6 | 7 | Uniquely identifies an external element. 8 | 9 | ## Description 10 | 11 | An identifier uniquely identifies an external element. 12 | 13 | ## Metadata 14 | 15 | - name: identifier 16 | - Nature: DataProperty 17 | - Range: xsd:string 18 | -------------------------------------------------------------------------------- /model/Core/Properties/locator.md: -------------------------------------------------------------------------------- 1 | SPDX-License-Identifier: Community-Spec-1.0 2 | 3 | # locator 4 | 5 | ## Summary 6 | 7 | Provides the location of an external reference. 8 | 9 | ## Description 10 | 11 | A locator provides the location of an external reference. 12 | 13 | ## Metadata 14 | 15 | - name: locator 16 | - Nature: DataProperty 17 | - Range: xsd:string 18 | -------------------------------------------------------------------------------- /model/Core/Properties/postalCode.md: -------------------------------------------------------------------------------- 1 | SPDX-License-Identifier: Community-Spec-1.0 2 | 3 | # postalCode 4 | 5 | ## Summary 6 | 7 | Text specifying the postal code for an address. 8 | 9 | ## Description 10 | 11 | Text specifying the postal code for an address. 12 | 13 | ## Metadata 14 | 15 | - name: postalCode 16 | - Nature: DataProperty 17 | - Range: xsd:string 18 | -------------------------------------------------------------------------------- /model/Core/Properties/processVersion.md: -------------------------------------------------------------------------------- 1 | SPDX-License-Identifier: Community-Spec-1.0 2 | 3 | # processVersion 4 | 5 | ## Summary 6 | 7 | Defines the version of a specific process. 8 | 9 | ## Description 10 | 11 | Defines the version of a specific process. 12 | 13 | ## Metadata 14 | 15 | - name: processVersion 16 | - Nature: DataProperty 17 | - Range: xsd:string 18 | -------------------------------------------------------------------------------- /model/Security/Properties/locator.md: -------------------------------------------------------------------------------- 1 | SPDX-License-Identifier: Community-Spec-1.0 2 | 3 | # locator 4 | 5 | ## Summary 6 | 7 | Provides the location of an exploit catalog. 8 | 9 | ## Description 10 | 11 | A locator provides the location of an exploit catalog. 12 | 13 | ## Metadata 14 | 15 | - name: locator 16 | - Nature: DataProperty 17 | - Range: xsd:anyURI 18 | -------------------------------------------------------------------------------- /model/Software/Software.md: -------------------------------------------------------------------------------- 1 | SPDX-License-Identifier: Community-Spec-1.0 2 | 3 | # Software 4 | 5 | ## Summary 6 | 7 | Everything having to do with software. 8 | 9 | ## Description 10 | 11 | The Software namespace defines concepts related to software artifacts. 12 | 13 | ## Metadata 14 | 15 | - id: https://spdx.org/rdf/3.1/terms/Software 16 | - name: Software 17 | -------------------------------------------------------------------------------- /Governance.md: -------------------------------------------------------------------------------- 1 | # SPDX Project Governance Policy 1.0 2 | 3 | Please see 4 | [SPDX Project Governance Policy](https://github.com/spdx/governance/blob/main/5._Governance.md) 5 | at SPDX Governance repository for the latest SPDX project governance policy. 6 | 7 | Additional governance policies can be found in the 8 | [SPDX Governance repository](https://github.com/spdx/governance). 9 | -------------------------------------------------------------------------------- /model/Hardware/Properties/releaseDate.md: -------------------------------------------------------------------------------- 1 | SPDX-License-Identifier: Community-Spec-1.0 2 | 3 | # releaseDate 4 | 5 | ## Summary 6 | 7 | Date of product release. 8 | 9 | ## Description 10 | 11 | This is the first date associated to a specific product release. 12 | 13 | ## Metadata 14 | 15 | - name: releaseDate 16 | - Nature: ObjectProperty 17 | - Range: /Core/DateTime 18 | -------------------------------------------------------------------------------- /model/Service/Properties/provider.md: -------------------------------------------------------------------------------- 1 | SPDX-License-Identifier: Community-Spec-1.0 2 | 3 | # provider 4 | 5 | ## Summary 6 | 7 | The provider of a SoftwareService. 8 | 9 | ## Description 10 | 11 | The Agent that provides a SoftwareService to one or more consumers. 12 | 13 | ## Metadata 14 | 15 | - name: provider 16 | - Nature: ObjectProperty 17 | - Range: /Core/Agent 18 | -------------------------------------------------------------------------------- /model/Core/Properties/annotationType.md: -------------------------------------------------------------------------------- 1 | SPDX-License-Identifier: Community-Spec-1.0 2 | 3 | # annotationType 4 | 5 | ## Summary 6 | 7 | Describes the type of annotation. 8 | 9 | ## Description 10 | 11 | An annotationType describes the type of an annotation. 12 | 13 | ## Metadata 14 | 15 | - name: annotationType 16 | - Nature: ObjectProperty 17 | - Range: AnnotationType 18 | -------------------------------------------------------------------------------- /model/Core/Properties/releaseTime.md: -------------------------------------------------------------------------------- 1 | SPDX-License-Identifier: Community-Spec-1.0 2 | 3 | # releaseTime 4 | 5 | ## Summary 6 | 7 | Specifies the time an artifact was released. 8 | 9 | ## Description 10 | 11 | A releaseTime specifies the time an artifact was released. 12 | 13 | ## Metadata 14 | 15 | - name: releaseTime 16 | - Nature: DataProperty 17 | - Range: DateTime 18 | -------------------------------------------------------------------------------- /model/Hardware/Properties/hardwareVersion.md: -------------------------------------------------------------------------------- 1 | SPDX-License-Identifier: Community-Spec-1.0 2 | 3 | # hardwareVersion 4 | 5 | ## Summary 6 | 7 | Version identifier for the hardware product. 8 | 9 | ## Description 10 | 11 | Describes the specific hardware version. 12 | 13 | ## Metadata 14 | 15 | - name: hardwareVersion 16 | - Nature: DataProperty 17 | - Range: xsd:string 18 | -------------------------------------------------------------------------------- /model/Security/Security.md: -------------------------------------------------------------------------------- 1 | SPDX-License-Identifier: Community-Spec-1.0 2 | 3 | # Security 4 | 5 | ## Summary 6 | 7 | The Security profile captures security related information. 8 | 9 | ## Description 10 | 11 | The Security profile captures security related information. 12 | 13 | ## Metadata 14 | 15 | - id: https://spdx.org/rdf/3.1/terms/Security 16 | - name: Security 17 | -------------------------------------------------------------------------------- /model/Service/Service.md: -------------------------------------------------------------------------------- 1 | SPDX-License-Identifier: Community-Spec-1.0 2 | 3 | # Service 4 | 5 | ## Summary 6 | 7 | The profile captures software as a service related information. 8 | 9 | ## Description 10 | 11 | The profile captures software as a service related information. 12 | 13 | ## Metadata 14 | 15 | - id: https://spdx.org/rdf/3.1/terms/Service 16 | - name: Service 17 | -------------------------------------------------------------------------------- /model/Core/Properties/subject.md: -------------------------------------------------------------------------------- 1 | SPDX-License-Identifier: Community-Spec-1.0 2 | 3 | # subject 4 | 5 | ## Summary 6 | 7 | An Element an annotator has made an assertion about. 8 | 9 | ## Description 10 | 11 | A subject is an Element an annotator has made an assertion about. 12 | 13 | ## Metadata 14 | 15 | - name: subject 16 | - Nature: ObjectProperty 17 | - Range: Element 18 | -------------------------------------------------------------------------------- /model/Hardware/Properties/partNumber.md: -------------------------------------------------------------------------------- 1 | SPDX-License-Identifier: Community-Spec-1.0 2 | 3 | # partNumber 4 | 5 | ## Summary 6 | 7 | Product Part Number as defined by OEM. 8 | 9 | ## Description 10 | 11 | Product Part Number as defined by manufacturer. Can be used for an SKU. 12 | 13 | ## Metadata 14 | 15 | - name: partNumber 16 | - Nature: DataProperty 17 | - Range: xsd:string 18 | -------------------------------------------------------------------------------- /model/Hardware/Properties/xAxisLength.md: -------------------------------------------------------------------------------- 1 | SPDX-License-Identifier: Community-Spec-1.0 2 | 3 | # xAxisLength 4 | 5 | ## Summary 6 | 7 | Information related to hardware dimension. 8 | 9 | ## Description 10 | 11 | Information related to xAxis measurement of an object. 12 | 13 | ## Metadata 14 | 15 | - name: xAxisLength 16 | - Nature: ObjectProperty 17 | - Range: /Core/MeasureOfLength 18 | -------------------------------------------------------------------------------- /model/Hardware/Properties/yAxisLength.md: -------------------------------------------------------------------------------- 1 | SPDX-License-Identifier: Community-Spec-1.0 2 | 3 | # yAxisLength 4 | 5 | ## Summary 6 | 7 | Information related to hardware dimension. 8 | 9 | ## Description 10 | 11 | Information related to yAxis measurement of an object. 12 | 13 | ## Metadata 14 | 15 | - name: yAxisLength 16 | - Nature: ObjectProperty 17 | - Range: /Core/MeasureOfLength 18 | -------------------------------------------------------------------------------- /model/Core/Properties/actionStartTime.md: -------------------------------------------------------------------------------- 1 | SPDX-License-Identifier: Community-Spec-1.0 2 | 3 | # actionStartTime 4 | 5 | ## Summary 6 | 7 | Property describing the start time of an action. 8 | 9 | ## Description 10 | 11 | actionStartTime is the time at which an action is triggered. 12 | 13 | ## Metadata 14 | 15 | - name: actionStartTime 16 | - Nature: DataProperty 17 | - Range: DateTime 18 | -------------------------------------------------------------------------------- /model/Core/Properties/endIntegerRange.md: -------------------------------------------------------------------------------- 1 | SPDX-License-Identifier: Community-Spec-1.0 2 | 3 | # endIntegerRange 4 | 5 | ## Summary 6 | 7 | Defines the end of a range. 8 | 9 | ## Description 10 | 11 | endIntegerRange is a positive integer that defines the end of a range. 12 | 13 | ## Metadata 14 | 15 | - name: endIntegerRange 16 | - Nature: DataProperty 17 | - Range: xsd:positiveInteger 18 | -------------------------------------------------------------------------------- /model/Core/Properties/from.md: -------------------------------------------------------------------------------- 1 | SPDX-License-Identifier: Community-Spec-1.0 2 | 3 | # from 4 | 5 | ## Summary 6 | 7 | References the Element on the left-hand side of a relationship. 8 | 9 | ## Description 10 | 11 | This field references the Element on the left-hand side of a relationship. 12 | 13 | ## Metadata 14 | 15 | - name: from 16 | - Nature: ObjectProperty 17 | - Range: Element 18 | -------------------------------------------------------------------------------- /model/Core/Properties/hashValue.md: -------------------------------------------------------------------------------- 1 | SPDX-License-Identifier: Community-Spec-1.0 2 | 3 | # hashValue 4 | 5 | ## Summary 6 | 7 | The result of applying a hash algorithm to an Element. 8 | 9 | ## Description 10 | 11 | A hashValue is the result of applying a hash algorithm to an Element. 12 | 13 | ## Metadata 14 | 15 | - name: hashValue 16 | - Nature: DataProperty 17 | - Range: xsd:string 18 | -------------------------------------------------------------------------------- /model/Core/Properties/specType.md: -------------------------------------------------------------------------------- 1 | SPDX-License-Identifier: Community-Spec-1.0 2 | 3 | # specType 4 | 5 | ## Summary 6 | 7 | A specification type defines the nature of a specification. 8 | 9 | ## Description 10 | 11 | A specification type defines the nature of a specification. 12 | 13 | ## Metadata 14 | 15 | - name: specType 16 | - Nature: DataProperty 17 | - Range: SpecificationType 18 | -------------------------------------------------------------------------------- /model/Operations/Properties/projectEndTime.md: -------------------------------------------------------------------------------- 1 | SPDX-License-Identifier: Community-Spec-1.0 2 | 3 | # projectEndTime 4 | 5 | ## Summary 6 | 7 | Time when the project ends or is planned to end. 8 | 9 | ## Description 10 | 11 | Time when the project ends or is planned to end. 12 | 13 | ## Metadata 14 | 15 | - name: projectEndTime 16 | - Nature: DataProperty 17 | - Range: /Core/DateTime 18 | -------------------------------------------------------------------------------- /model/Operations/Properties/weight.md: -------------------------------------------------------------------------------- 1 | SPDX-License-Identifier: Community-Spec-1.0 2 | 3 | # weight 4 | 5 | ## Summary 6 | 7 | Weight to express relevance in de minimis consideration. 8 | 9 | ## Description 10 | 11 | Weight to express relevance in de minimis consideration. 12 | 13 | ## Metadata 14 | 15 | - name: weight 16 | - Nature: ObjectProperty 17 | - Range: xsd:positiveInteger 18 | -------------------------------------------------------------------------------- /model/Core/Properties/statement.md: -------------------------------------------------------------------------------- 1 | SPDX-License-Identifier: Community-Spec-1.0 2 | 3 | # statement 4 | 5 | ## Summary 6 | 7 | Commentary on an assertion that an annotator has made. 8 | 9 | ## Description 10 | 11 | A statement is a commentary on an assertion that an annotator has made. 12 | 13 | ## Metadata 14 | 15 | - name: statement 16 | - Nature: DataProperty 17 | - Range: xsd:string 18 | -------------------------------------------------------------------------------- /model/Hardware/Properties/category.md: -------------------------------------------------------------------------------- 1 | SPDX-License-Identifier: Community-Spec-1.0 2 | 3 | # category 4 | 5 | ## Summary 6 | 7 | The category describes the hardware item in a DefinedType. 8 | 9 | ## Description 10 | 11 | The category describes the hardware item in a DefinedType. 12 | 13 | ## Metadata 14 | 15 | - name: category 16 | - Nature: ObjectProperty 17 | - Range: /Core/DefinedType 18 | -------------------------------------------------------------------------------- /model/Hardware/Properties/mass.md: -------------------------------------------------------------------------------- 1 | SPDX-License-Identifier: Community-Spec-1.0 2 | 3 | # mass 4 | 5 | ## Summary 6 | 7 | Information related to physical hardware. 8 | 9 | ## Description 10 | 11 | Mass is defined as an intrinsic property of a body for describing a physical hardware component. 12 | 13 | ## Metadata 14 | 15 | - name: mass 16 | - Nature: DataProperty 17 | - Range: xsd:decimal 18 | -------------------------------------------------------------------------------- /model/Operations/Properties/assessedElement.md: -------------------------------------------------------------------------------- 1 | SPDX-License-Identifier: Community-Spec-1.0 2 | 3 | # assessedElement 4 | 5 | ## Summary 6 | 7 | Specifies an Element as subject of an assessment. 8 | 9 | ## Description 10 | 11 | Specifies an Element as subject of an assessment. 12 | 13 | ## Metadata 14 | 15 | - name: assessedElement 16 | - Nature: DataProperty 17 | - Range: /Core/Element 18 | -------------------------------------------------------------------------------- /model/Operations/Properties/assessmentTimestamp.md: -------------------------------------------------------------------------------- 1 | SPDX-License-Identifier: Community-Spec-1.0 2 | 3 | # assessmentTimestamp 4 | 5 | ## Summary 6 | 7 | Timestamp, when an assessment was conducted. 8 | 9 | ## Description 10 | 11 | Timestamp, when an assessment was conducted. 12 | 13 | ## Metadata 14 | 15 | - name: assessmentTimestamp 16 | - Nature: DataProperty 17 | - Range: /Core/DateTime 18 | -------------------------------------------------------------------------------- /model/Security/Properties/impactStatementTime.md: -------------------------------------------------------------------------------- 1 | SPDX-License-Identifier: Community-Spec-1.0 2 | 3 | # impactStatementTime 4 | 5 | ## Summary 6 | 7 | Timestamp of impact statement. 8 | 9 | ## Description 10 | 11 | Specifies the time when the impact statement was recorded. 12 | 13 | ## Metadata 14 | 15 | - name: impactStatementTime 16 | - Nature: DataProperty 17 | - Range: /Core/DateTime 18 | -------------------------------------------------------------------------------- /model/SupplyChain/Properties/pickupLocation.md: -------------------------------------------------------------------------------- 1 | SPDX-License-Identifier: Community-Spec-1.0 2 | 3 | # pickupLocation 4 | 5 | ## Summary 6 | 7 | The location for picking up a package or item. 8 | 9 | ## Description 10 | 11 | This is a specific location that an item was picked up. 12 | 13 | ## Metadata 14 | 15 | - name: pickupLocation 16 | - Nature: ObjectProperty 17 | - Range: /Core/Location 18 | -------------------------------------------------------------------------------- /model/Core/Properties/actionEndTime.md: -------------------------------------------------------------------------------- 1 | SPDX-License-Identifier: Community-Spec-1.0 2 | 3 | # actionEndTime 4 | 5 | ## Summary 6 | 7 | Property that describes the time at which an action stops. 8 | 9 | ## Description 10 | 11 | Property describing the time at which an action stops or finishes. 12 | 13 | ## Metadata 14 | 15 | - name: actionEndTime 16 | - Nature: DataProperty 17 | - Range: DateTime 18 | -------------------------------------------------------------------------------- /model/Core/Properties/additionalInformation.md: -------------------------------------------------------------------------------- 1 | SPDX-License-Identifier: Community-Spec-1.0 2 | 3 | # additionalInformation 4 | 5 | ## Summary 6 | 7 | Additional relevance information. 8 | 9 | ## Description 10 | 11 | This element provides relevant information to the action. 12 | 13 | ## Metadata 14 | 15 | - name: additionalInformation 16 | - Nature: ObjectProperty 17 | - Range: DictionaryEntry 18 | -------------------------------------------------------------------------------- /model/Core/Properties/externalRefType.md: -------------------------------------------------------------------------------- 1 | SPDX-License-Identifier: Community-Spec-1.0 2 | 3 | # externalRefType 4 | 5 | ## Summary 6 | 7 | Specifies the type of the external reference. 8 | 9 | ## Description 10 | 11 | An externalRefType specifies the type of the external reference. 12 | 13 | ## Metadata 14 | 15 | - name: externalRefType 16 | - Nature: ObjectProperty 17 | - Range: ExternalRefType 18 | -------------------------------------------------------------------------------- /model/Hardware/Properties/dimensions.md: -------------------------------------------------------------------------------- 1 | SPDX-License-Identifier: Community-Spec-1.0 2 | 3 | # dimensions 4 | 5 | ## Summary 6 | 7 | Information related to hardware dimension. 8 | 9 | ## Description 10 | 11 | Product dimensions describe the physical characteristics of a specific product. 12 | 13 | ## Metadata 14 | 15 | - name: dimensions 16 | - Nature: ObjectProperty 17 | - Range: Dimensions 18 | -------------------------------------------------------------------------------- /model/Hardware/Properties/serialNumber.md: -------------------------------------------------------------------------------- 1 | SPDX-License-Identifier: Community-Spec-1.0 2 | 3 | # serialNumber 4 | 5 | ## Summary 6 | 7 | Identifier for specific product is called a serial number. 8 | 9 | ## Description 10 | 11 | This is a specific identifier assigned to a specific product. 12 | 13 | ## Metadata 14 | 15 | - name: serialNumber 16 | - Nature: DataProperty 17 | - Range: xsd:string 18 | -------------------------------------------------------------------------------- /model/Security/Properties/publishedTime.md: -------------------------------------------------------------------------------- 1 | SPDX-License-Identifier: Community-Spec-1.0 2 | 3 | # publishedTime 4 | 5 | ## Summary 6 | 7 | Specifies the time when a vulnerability was published. 8 | 9 | ## Description 10 | 11 | Specifies the time when a vulnerability was first published. 12 | 13 | ## Metadata 14 | 15 | - name: publishedTime 16 | - Nature: DataProperty 17 | - Range: /Core/DateTime 18 | -------------------------------------------------------------------------------- /model/Software/Properties/artifactSize.md: -------------------------------------------------------------------------------- 1 | SPDX-License-Identifier: Community-Spec-1.0 2 | 3 | # artifactSize 4 | 5 | ## Summary 6 | 7 | Identifies the size of a software Artifact, in bytes. 8 | 9 | ## Description 10 | 11 | Identifies the size of a software Artifact, in bytes. 12 | 13 | ## Metadata 14 | 15 | - name: artifactSize 16 | - Nature: DataProperty 17 | - Range: xsd:nonNegativeInteger 18 | -------------------------------------------------------------------------------- /model/Core/Properties/contactType.md: -------------------------------------------------------------------------------- 1 | SPDX-License-Identifier: Community-Spec-1.0 2 | 3 | # contactType 4 | 5 | ## Summary 6 | 7 | Identifies the nature of the contactPointRelationship. 8 | 9 | ## Description 10 | 11 | Identifies the role of the Artifact to the contact point. 12 | 13 | ## Metadata 14 | 15 | - name: contactType 16 | - Nature: ObjectProperty 17 | - Range: ContactPointRelationshipType 18 | -------------------------------------------------------------------------------- /model/Core/Properties/creationInfo.md: -------------------------------------------------------------------------------- 1 | SPDX-License-Identifier: Community-Spec-1.0 2 | 3 | # creationInfo 4 | 5 | ## Summary 6 | 7 | Provides information about the creation of the Element. 8 | 9 | ## Description 10 | 11 | CreationInfo provides information about the creation of the Element. 12 | 13 | ## Metadata 14 | 15 | - name: creationInfo 16 | - Nature: ObjectProperty 17 | - Range: CreationInfo 18 | -------------------------------------------------------------------------------- /model/Core/Properties/originatedBy.md: -------------------------------------------------------------------------------- 1 | SPDX-License-Identifier: Community-Spec-1.0 2 | 3 | # originatedBy 4 | 5 | ## Summary 6 | 7 | Identifies from where or whom the Element originally came. 8 | 9 | ## Description 10 | 11 | An originatedBy identifies from where or whom the Element originally came. 12 | 13 | ## Metadata 14 | 15 | - name: originatedBy 16 | - Nature: ObjectProperty 17 | - Range: Agent 18 | -------------------------------------------------------------------------------- /model/Core/Properties/provinceStateCode.md: -------------------------------------------------------------------------------- 1 | SPDX-License-Identifier: Community-Spec-1.0 2 | 3 | # provinceStateCode 4 | 5 | ## Summary 6 | 7 | Text specifying a province or state. 8 | 9 | ## Description 10 | 11 | Text specifying a province or state (e.g., Buenos Aires, California, Cebu). 12 | 13 | ## Metadata 14 | 15 | - name: provinceStateCode 16 | - Nature: DataProperty 17 | - Range: xsd:string 18 | -------------------------------------------------------------------------------- /model/Core/Properties/startTime.md: -------------------------------------------------------------------------------- 1 | SPDX-License-Identifier: Community-Spec-1.0 2 | 3 | # startTime 4 | 5 | ## Summary 6 | 7 | Specifies the time from which an element is applicable / valid. 8 | 9 | ## Description 10 | 11 | A startTime specifies the time from which an element is applicable / valid. 12 | 13 | ## Metadata 14 | 15 | - name: startTime 16 | - Nature: DataProperty 17 | - Range: DateTime 18 | -------------------------------------------------------------------------------- /model/Operations/Properties/projectStartTime.md: -------------------------------------------------------------------------------- 1 | SPDX-License-Identifier: Community-Spec-1.0 2 | 3 | # projectStartTime 4 | 5 | ## Summary 6 | 7 | Time when the project starts or is planned to start. 8 | 9 | ## Description 10 | 11 | Time when the project starts or is planned to start. 12 | 13 | ## Metadata 14 | 15 | - name: projectStartTime 16 | - Nature: DataProperty 17 | - Range: /Core/DateTime 18 | -------------------------------------------------------------------------------- /model/SupplyChain/Properties/forPickupLocation.md: -------------------------------------------------------------------------------- 1 | SPDX-License-Identifier: Community-Spec-1.0 2 | 3 | # forPickupLocation 4 | 5 | ## Summary 6 | 7 | The location for picking up a package or item. 8 | 9 | ## Description 10 | 11 | This is the designated location for pickup of an item. 12 | 13 | ## Metadata 14 | 15 | - name: forPickupLocation 16 | - Nature: ObjectProperty 17 | - Range: /Core/Location 18 | -------------------------------------------------------------------------------- /model/Core/Properties/beginIntegerRange.md: -------------------------------------------------------------------------------- 1 | SPDX-License-Identifier: Community-Spec-1.0 2 | 3 | # beginIntegerRange 4 | 5 | ## Summary 6 | 7 | Defines the beginning of a range. 8 | 9 | ## Description 10 | 11 | beginIntegerRange is a positive integer that defines the beginning of a range. 12 | 13 | ## Metadata 14 | 15 | - name: beginIntegerRange 16 | - Nature: DataProperty 17 | - Range: xsd:positiveInteger 18 | -------------------------------------------------------------------------------- /model/Dataset/Properties/knownBias.md: -------------------------------------------------------------------------------- 1 | SPDX-License-Identifier: Community-Spec-1.0 2 | 3 | # knownBias 4 | 5 | ## Summary 6 | 7 | Records the biases that the dataset is known to encompass. 8 | 9 | ## Description 10 | 11 | A free-form text that describes the different biases that the dataset encompasses. 12 | 13 | ## Metadata 14 | 15 | - name: knownBias 16 | - Nature: DataProperty 17 | - Range: xsd:string 18 | -------------------------------------------------------------------------------- /model/Operations/Properties/assessmentResult.md: -------------------------------------------------------------------------------- 1 | SPDX-License-Identifier: Community-Spec-1.0 2 | 3 | # assessmentResult 4 | 5 | ## Summary 6 | 7 | Specifies an Element as subject of an assessment. 8 | 9 | ## Description 10 | 11 | Specifies an Element as subject of an assessment. 12 | 13 | ## Metadata 14 | 15 | - name: assessmentResult 16 | - Nature: DataProperty 17 | - Range: ExportControlClassification 18 | -------------------------------------------------------------------------------- /.editorconfig: -------------------------------------------------------------------------------- 1 | # EditorConfig helps developers define and maintain consistent 2 | # coding styles between different editors and IDEs 3 | # See also http://editorconfig.org/ 4 | 5 | root = true 6 | 7 | [*] 8 | charset = utf-8 9 | end_of_line = lf 10 | indent_size = 2 11 | indent_style = space 12 | insert_final_newline = true 13 | trim_trailing_whitespace = true 14 | 15 | [*.md] 16 | trim_trailing_whitespace = false 17 | -------------------------------------------------------------------------------- /model/Core/Properties/element.md: -------------------------------------------------------------------------------- 1 | SPDX-License-Identifier: Community-Spec-1.0 2 | 3 | # element 4 | 5 | ## Summary 6 | 7 | Refers to one or more Elements that are part of an ElementCollection. 8 | 9 | ## Description 10 | 11 | This field refers to one or more Elements that are part of an 12 | ElementCollection. 13 | 14 | ## Metadata 15 | 16 | - name: element 17 | - Nature: ObjectProperty 18 | - Range: Element 19 | -------------------------------------------------------------------------------- /model/Hardware/Properties/additionalInformation.md: -------------------------------------------------------------------------------- 1 | SPDX-License-Identifier: Community-Spec-1.0 2 | 3 | # additionalInformation 4 | 5 | ## Summary 6 | 7 | Additional relevance information. 8 | 9 | ## Description 10 | 11 | This element provides relevant information about the product. 12 | 13 | ## Metadata 14 | 15 | - name: additionalInformation 16 | - Nature: ObjectProperty 17 | - Range: /Core/DictionaryEntry 18 | -------------------------------------------------------------------------------- /model/Hardware/Properties/bulkQuantity.md: -------------------------------------------------------------------------------- 1 | SPDX-License-Identifier: Community-Spec-1.0 2 | 3 | # bulkQuantity 4 | 5 | ## Summary 6 | 7 | The amount or measure of a bulk product. 8 | 9 | ## Description 10 | 11 | The amount or measure of a bulk product includes the quality and unit of measure. 12 | 13 | ## Metadata 14 | 15 | - name: bulkQuantity 16 | - Nature: ObjectProperty 17 | - Range: /Core/UnitOfMeasure 18 | -------------------------------------------------------------------------------- /model/Security/Properties/modifiedTime.md: -------------------------------------------------------------------------------- 1 | SPDX-License-Identifier: Community-Spec-1.0 2 | 3 | # modifiedTime 4 | 5 | ## Summary 6 | 7 | Specifies a time when a vulnerability assessment was modified 8 | 9 | ## Description 10 | 11 | Specifies a time when a vulnerability assessment was last modified. 12 | 13 | ## Metadata 14 | 15 | - name: modifiedTime 16 | - Nature: DataProperty 17 | - Range: /Core/DateTime 18 | -------------------------------------------------------------------------------- /model/Security/Properties/withdrawnTime.md: -------------------------------------------------------------------------------- 1 | SPDX-License-Identifier: Community-Spec-1.0 2 | 3 | # withdrawnTime 4 | 5 | ## Summary 6 | 7 | Specified the time and date when a vulnerability was withdrawn. 8 | 9 | ## Description 10 | 11 | Specified the time and date when a vulnerability was withdrawn. 12 | 13 | ## Metadata 14 | 15 | - name: withdrawnTime 16 | - Nature: DataProperty 17 | - Range: /Core/DateTime 18 | -------------------------------------------------------------------------------- /model/Software/Properties/snippetFromFile.md: -------------------------------------------------------------------------------- 1 | SPDX-License-Identifier: Community-Spec-1.0 2 | 3 | # snippetFromFile 4 | 5 | ## Summary 6 | 7 | Defines the original host file that the snippet information applies to. 8 | 9 | ## Description 10 | 11 | The field identifies the file which contains the snippet. 12 | 13 | ## Metadata 14 | 15 | - name: snippetFromFile 16 | - Nature: ObjectProperty 17 | - Range: File 18 | -------------------------------------------------------------------------------- /model/Core/Classes/SoftwareAgent.md: -------------------------------------------------------------------------------- 1 | SPDX-License-Identifier: Community-Spec-1.0 2 | 3 | # SoftwareAgent 4 | 5 | ## Summary 6 | 7 | A software agent. 8 | 9 | ## Description 10 | 11 | A SoftwareAgent is a software program that is given the authority (similar to a 12 | user's authority) to act on a system. 13 | 14 | ## Metadata 15 | 16 | - name: SoftwareAgent 17 | - SubclassOf: Agent 18 | - Instantiability: Concrete 19 | -------------------------------------------------------------------------------- /model/Core/Properties/algorithm.md: -------------------------------------------------------------------------------- 1 | SPDX-License-Identifier: Community-Spec-1.0 2 | 3 | # algorithm 4 | 5 | ## Summary 6 | 7 | Specifies the algorithm used for calculating the hash value. 8 | 9 | ## Description 10 | 11 | An algorithm specifies the algorithm that was used for calculating the hash 12 | value. 13 | 14 | ## Metadata 15 | 16 | - name: algorithm 17 | - Nature: ObjectProperty 18 | - Range: HashAlgorithm 19 | -------------------------------------------------------------------------------- /model/Core/Properties/endTime.md: -------------------------------------------------------------------------------- 1 | SPDX-License-Identifier: Community-Spec-1.0 2 | 3 | # endTime 4 | 5 | ## Summary 6 | 7 | Specifies the time from which an element is no longer applicable / valid. 8 | 9 | ## Description 10 | 11 | An endTime specifies the time from which element is no longer applicable 12 | / valid. 13 | 14 | ## Metadata 15 | 16 | - name: endTime 17 | - Nature: DataProperty 18 | - Range: DateTime 19 | -------------------------------------------------------------------------------- /model/Core/Properties/locationHint.md: -------------------------------------------------------------------------------- 1 | SPDX-License-Identifier: Community-Spec-1.0 2 | 3 | # locationHint 4 | 5 | ## Summary 6 | 7 | Provides an indication of where to retrieve an external Element. 8 | 9 | ## Description 10 | 11 | A locationHint provides an indication of where to retrieve an external Element. 12 | 13 | ## Metadata 14 | 15 | - name: locationHint 16 | - Nature: DataProperty 17 | - Range: xsd:anyURI 18 | -------------------------------------------------------------------------------- /model/Dataset/Properties/datasetUpdateMechanism.md: -------------------------------------------------------------------------------- 1 | SPDX-License-Identifier: Community-Spec-1.0 2 | 3 | # datasetUpdateMechanism 4 | 5 | ## Summary 6 | 7 | Describes a mechanism to update the dataset. 8 | 9 | ## Description 10 | 11 | A free-form text that describes a mechanism to update the dataset. 12 | 13 | ## Metadata 14 | 15 | - name: datasetUpdateMechanism 16 | - Nature: DataProperty 17 | - Range: xsd:string 18 | -------------------------------------------------------------------------------- /model/Operations/Properties/exportClassification.md: -------------------------------------------------------------------------------- 1 | SPDX-License-Identifier: Community-Spec-1.0 2 | 3 | # exportClassification 4 | 5 | ## Summary 6 | 7 | Expression for the export control classification. 8 | 9 | ## Description 10 | 11 | Expression for the export control classification, e.g. "EAR99". 12 | 13 | ## Metadata 14 | 15 | - name: exportClassification 16 | - Nature: DataProperty 17 | - Range: xsd:string 18 | -------------------------------------------------------------------------------- /model/SupplyChain/Properties/dropoffLocation.md: -------------------------------------------------------------------------------- 1 | SPDX-License-Identifier: Community-Spec-1.0 2 | 3 | # dropoffLocation 4 | 5 | ## Summary 6 | 7 | The location for dropping off or delivering a package or item. 8 | 9 | ## Description 10 | 11 | This is a specific location that an item was dropped off to. 12 | 13 | ## Metadata 14 | 15 | - name: dropoffLocation 16 | - Nature: ObjectProperty 17 | - Range: /Core/Location 18 | -------------------------------------------------------------------------------- /model/Hardware/Properties/batchNumber.md: -------------------------------------------------------------------------------- 1 | SPDX-License-Identifier: Community-Spec-1.0 2 | 3 | # batchNumber 4 | 5 | ## Summary 6 | 7 | Identifier for product production batch. 8 | 9 | ## Description 10 | 11 | A group of products produced in a common process is called a batch. Batches are identified by batch numbers. 12 | 13 | ## Metadata 14 | 15 | - name: batchNumber 16 | - Nature: DataProperty 17 | - Range: xsd:string 18 | -------------------------------------------------------------------------------- /model/Software/Properties/contentIdentifierValue.md: -------------------------------------------------------------------------------- 1 | SPDX-License-Identifier: Community-Spec-1.0 2 | 3 | # contentIdentifierValue 4 | 5 | ## Summary 6 | 7 | Specifies the value of the content identifier. 8 | 9 | ## Description 10 | 11 | A contentIdentifierValue specifies the value of a content identifier. 12 | 13 | ## Metadata 14 | 15 | - name: contentIdentifierValue 16 | - Nature: DataProperty 17 | - Range: xsd:anyURI 18 | -------------------------------------------------------------------------------- /model/SupplyChain/Properties/decisionProcess.md: -------------------------------------------------------------------------------- 1 | SPDX-License-Identifier: Community-Spec-1.0 2 | 3 | # decisionProcess 4 | 5 | ## Summary 6 | 7 | This is how the currentState of an affected Element is found. 8 | 9 | ## Description 10 | 11 | This is how the currentState of an affected Element is found. 12 | 13 | ## Metadata 14 | 15 | - name: decisionProcess 16 | - Nature: ObjectProperty 17 | - Range: DefinedStateProcess 18 | -------------------------------------------------------------------------------- /serialization/jsonld/examples/person3.json: -------------------------------------------------------------------------------- 1 | { 2 | "@context": "https://spdx.org/rdf/3.0.0/spdx-context.jsonld", 3 | "type": "Person", 4 | "spdxId": "http://spdx.acme.org/3FA9CB25#person3", 5 | "name": "Nigel Thornberry", 6 | "externalIdentifier": [ 7 | { 8 | "type": "ExternalIdentifier", 9 | "externalIdentifierType": "email", 10 | "identifier": "nigel3@outlook.com" 11 | } 12 | ] 13 | } 14 | -------------------------------------------------------------------------------- /model/Dataset/Properties/sensor.md: -------------------------------------------------------------------------------- 1 | SPDX-License-Identifier: Community-Spec-1.0 2 | 3 | # sensor 4 | 5 | ## Summary 6 | 7 | Describes a sensor used for collecting the data. 8 | 9 | ## Description 10 | 11 | Describes a sensor that was used for collecting the data 12 | and its calibration value as a key-value pair. 13 | 14 | ## Metadata 15 | 16 | - name: sensor 17 | - Nature: ObjectProperty 18 | - Range: /Core/DictionaryEntry 19 | -------------------------------------------------------------------------------- /model/Extension/Extension.md: -------------------------------------------------------------------------------- 1 | SPDX-License-Identifier: Community-Spec-1.0 2 | 3 | # Extension 4 | 5 | ## Summary 6 | 7 | Everything having to do with SPDX extensions. 8 | 9 | ## Description 10 | 11 | The Extension namespace defines the abstract Extension class serving as the 12 | base for all defined extension subclasses. 13 | 14 | ## Metadata 15 | 16 | - id: https://spdx.org/rdf/3.1/terms/Extension 17 | - name: Extension 18 | -------------------------------------------------------------------------------- /model/Operations/Properties/exportingCountry.md: -------------------------------------------------------------------------------- 1 | SPDX-License-Identifier: Community-Spec-1.0 2 | 3 | # exportingCountry 4 | 5 | ## Summary 6 | 7 | Country for which export controls must be taken into account. 8 | 9 | ## Description 10 | 11 | Country for which export controls must be taken into account. 12 | 13 | ## Metadata 14 | 15 | - name: exportingCountry 16 | - Nature: DataProperty 17 | - Range: /Core/CountryCodeAlpha3 18 | -------------------------------------------------------------------------------- /model/Core/Classes/Tool.md: -------------------------------------------------------------------------------- 1 | SPDX-License-Identifier: Community-Spec-1.0 2 | 3 | # Tool 4 | 5 | ## Summary 6 | 7 | An element of hardware and/or software utilized to carry out a particular function. 8 | 9 | ## Description 10 | 11 | A Tool is an element of hardware and/or software utilized to carry out a particular function. 12 | 13 | ## Metadata 14 | 15 | - name: Tool 16 | - SubclassOf: Element 17 | - Instantiability: Concrete 18 | -------------------------------------------------------------------------------- /model/Core/Properties/actionLocation.md: -------------------------------------------------------------------------------- 1 | SPDX-License-Identifier: Community-Spec-1.0 2 | 3 | # actionLocation 4 | 5 | ## Summary 6 | 7 | Location of a specific action. 8 | 9 | ## Description 10 | 11 | The location of an action is defined by the actionLocation. Action locations help define and validate a specific action. 12 | 13 | ## Metadata 14 | 15 | - name: actionLocation 16 | - Nature: ObjectProperty 17 | - Range: Location 18 | -------------------------------------------------------------------------------- /model/Core/Properties/key.md: -------------------------------------------------------------------------------- 1 | SPDX-License-Identifier: Community-Spec-1.0 2 | 3 | # key 4 | 5 | ## Summary 6 | 7 | A key used in a generic key-value pair. 8 | 9 | ## Description 10 | 11 | A key used in generic a key-value pair. 12 | 13 | A key-value pair can be used to implement a dictionary which associates a key 14 | with a value. 15 | 16 | ## Metadata 17 | 18 | - name: key 19 | - Nature: DataProperty 20 | - Range: xsd:string 21 | -------------------------------------------------------------------------------- /model/Core/Properties/processReadiness.md: -------------------------------------------------------------------------------- 1 | SPDX-License-Identifier: Community-Spec-1.0 2 | 3 | # processReadiness 4 | 5 | ## Summary 6 | 7 | processReadiness describes the readiness of a process. 8 | 9 | ## Description 10 | 11 | Draft, active, obsolete or other are used to define the readiness of a proceedure. 12 | 13 | ## Metadata 14 | 15 | - name: processReadiness 16 | - Nature: DataProperty 17 | - Range: ProcessReadinessType 18 | -------------------------------------------------------------------------------- /model/ExpandedLicensing/Properties/subjectLicense.md: -------------------------------------------------------------------------------- 1 | SPDX-License-Identifier: Community-Spec-1.0 2 | 3 | # subjectLicense 4 | 5 | ## Summary 6 | 7 | A License participating in an 'or later' model. 8 | 9 | ## Description 10 | 11 | A subjectLicense is a License which is subject an 'or later' effect 12 | (OrLaterOperator). 13 | 14 | ## Metadata 15 | 16 | - name: subjectLicense 17 | - Nature: ObjectProperty 18 | - Range: License 19 | -------------------------------------------------------------------------------- /model/Hardware/Properties/zAxisLength.md: -------------------------------------------------------------------------------- 1 | SPDX-License-Identifier: Community-Spec-1.0 2 | 3 | # zAxisLength 4 | 5 | ## Summary 6 | 7 | Information related to hardware dimension. 8 | 9 | ## Description 10 | 11 | Information related to zAxis measurement of an object. 12 | 13 | Z axis is the height of the object. 14 | 15 | ## Metadata 16 | 17 | - name: zAxisLength 18 | - Nature: ObjectProperty 19 | - Range: /Core/MeasureOfLength 20 | -------------------------------------------------------------------------------- /model/Operations/Properties/assessmentContext.md: -------------------------------------------------------------------------------- 1 | SPDX-License-Identifier: Community-Spec-1.0 2 | 3 | # assessmentContext 4 | 5 | ## Summary 6 | 7 | Sets the context for an assessment iby specifying the related project. 8 | 9 | ## Description 10 | 11 | Sets the context for an assessment iby specifying the related project. 12 | 13 | ## Metadata 14 | 15 | - name: assessmentContext 16 | - Nature: DataProperty 17 | - Range: Project 18 | -------------------------------------------------------------------------------- /model/Security/Properties/exploited.md: -------------------------------------------------------------------------------- 1 | SPDX-License-Identifier: Community-Spec-1.0 2 | 3 | # exploited 4 | 5 | ## Summary 6 | 7 | Denote whether a CVE is present in an exploit catalog. 8 | 9 | ## Description 10 | 11 | This field is set to True when a CVE is present in an exploit catalog and False when the CVE is not present. 12 | 13 | ## Metadata 14 | 15 | - name: exploited 16 | - Nature: DataProperty 17 | - Range: xsd:boolean 18 | -------------------------------------------------------------------------------- /model/Security/Properties/vexVersion.md: -------------------------------------------------------------------------------- 1 | SPDX-License-Identifier: Community-Spec-1.0 2 | 3 | # vexVersion 4 | 5 | ## Summary 6 | 7 | Specifies the version of a VEX statement. 8 | 9 | ## Description 10 | 11 | The statement version default value is zero. 12 | When any VEX-related content changes, the version shall be incremented. 13 | 14 | ## Metadata 15 | 16 | - name: vexVersion 17 | - Nature: DataProperty 18 | - Range: xsd:string 19 | -------------------------------------------------------------------------------- /model/Software/Properties/contentIdentifierType.md: -------------------------------------------------------------------------------- 1 | SPDX-License-Identifier: Community-Spec-1.0 2 | 3 | # contentIdentifierType 4 | 5 | ## Summary 6 | 7 | Specifies the type of the content identifier. 8 | 9 | ## Description 10 | 11 | A contentIdentifierType specifies the type of the content identifier. 12 | 13 | ## Metadata 14 | 15 | - name: contentIdentifierType 16 | - Nature: ObjectProperty 17 | - Range: ContentIdentifierType 18 | -------------------------------------------------------------------------------- /model/Software/Properties/packageVersion.md: -------------------------------------------------------------------------------- 1 | SPDX-License-Identifier: Community-Spec-1.0 2 | 3 | # packageVersion 4 | 5 | ## Summary 6 | 7 | Identify the version of a package. 8 | 9 | ## Description 10 | 11 | A packageVersion is useful for identification purposes and for indicating later 12 | changes of the package version. 13 | 14 | ## Metadata 15 | 16 | - name: packageVersion 17 | - Nature: DataProperty 18 | - Range: xsd:string 19 | -------------------------------------------------------------------------------- /model/Core/Properties/externalIdentifierType.md: -------------------------------------------------------------------------------- 1 | SPDX-License-Identifier: Community-Spec-1.0 2 | 3 | # externalIdentifierType 4 | 5 | ## Summary 6 | 7 | Specifies the type of the external identifier. 8 | 9 | ## Description 10 | 11 | An externalIdentifierType specifies the type of the external identifier. 12 | 13 | ## Metadata 14 | 15 | - name: externalIdentifierType 16 | - Nature: ObjectProperty 17 | - Range: ExternalIdentifierType 18 | -------------------------------------------------------------------------------- /model/Core/Properties/import.md: -------------------------------------------------------------------------------- 1 | SPDX-License-Identifier: Community-Spec-1.0 2 | 3 | # import 4 | 5 | ## Summary 6 | 7 | Provides an ExternalMap of Element identifiers. 8 | 9 | ## Description 10 | 11 | An import provides an ExternalMap of an Element identifier that is used within a 12 | document but defined external to that document. 13 | 14 | ## Metadata 15 | 16 | - name: import 17 | - Nature: ObjectProperty 18 | - Range: ExternalMap 19 | -------------------------------------------------------------------------------- /model/Hardware/Properties/virtualHardwareModel.md: -------------------------------------------------------------------------------- 1 | SPDX-License-Identifier: Community-Spec-1.0 2 | 3 | # virtualHardwareModel 4 | 5 | ## Summary 6 | 7 | Information related to virtual hardware simulation. 8 | 9 | ## Description 10 | 11 | Information related to virtual hardware simulation modelling process. 12 | 13 | ## Metadata 14 | 15 | - name: virtualHardwareModel 16 | - Nature: DataProperty 17 | - Range: VirtualHardwareModelType 18 | -------------------------------------------------------------------------------- /model/Build/Properties/buildStartTime.md: -------------------------------------------------------------------------------- 1 | SPDX-License-Identifier: Community-Spec-1.0 2 | 3 | # buildStartTime 4 | 5 | ## Summary 6 | 7 | Property describing the start time of a build. 8 | 9 | ## Description 10 | 11 | buildStartTime is the time at which a build is triggered. 12 | 13 | The builder typically records this value. 14 | 15 | ## Metadata 16 | 17 | - name: buildStartTime 18 | - Nature: DataProperty 19 | - Range: /Core/DateTime 20 | -------------------------------------------------------------------------------- /model/Core/Properties/geographicPointLocation.md: -------------------------------------------------------------------------------- 1 | SPDX-License-Identifier: Community-Spec-1.0 2 | 3 | # geographicPointLocation 4 | 5 | ## Summary 6 | 7 | This is a set of point coordinates as defined in by the GPS standard. 8 | 9 | ## Description 10 | 11 | GPL coordinates are defined in the format Standard: ISO 6709:2022 12 | 13 | ## Metadata 14 | 15 | - name: geographicPointLocation 16 | - Nature: DataProperty 17 | - Range: xsd:string 18 | -------------------------------------------------------------------------------- /model/Core/Properties/scope.md: -------------------------------------------------------------------------------- 1 | SPDX-License-Identifier: Community-Spec-1.0 2 | 3 | # scope 4 | 5 | ## Summary 6 | 7 | Capture the scope of information about a specific relationship between elements. 8 | 9 | ## Description 10 | 11 | A scope is additional context about a relationship, that clarifies the relationship between elements. 12 | 13 | ## Metadata 14 | 15 | - name: scope 16 | - Nature: ObjectProperty 17 | - Range: LifecycleScopeType 18 | -------------------------------------------------------------------------------- /model/Core/Properties/value.md: -------------------------------------------------------------------------------- 1 | SPDX-License-Identifier: Community-Spec-1.0 2 | 3 | # value 4 | 5 | ## Summary 6 | 7 | A value used in a generic key-value pair. 8 | 9 | ## Description 10 | 11 | A value used in a generic key-value pair. 12 | 13 | A key-value pair can be used to implement a dictionary which associates a key 14 | with a value. 15 | 16 | ## Metadata 17 | 18 | - name: value 19 | - Nature: DataProperty 20 | - Range: xsd:string 21 | -------------------------------------------------------------------------------- /model/Operations/Properties/exportControlSpecification.md: -------------------------------------------------------------------------------- 1 | SPDX-License-Identifier: Community-Spec-1.0 2 | 3 | # exportControlSpecification 4 | 5 | ## Summary 6 | 7 | Specification basis for the export control classification. 8 | 9 | ## Description 10 | 11 | Specification basis for the export control classification. 12 | 13 | ## Metadata 14 | 15 | - name: exportControlSpecification 16 | - Nature: DataProperty 17 | - Range: /Core/Specification -------------------------------------------------------------------------------- /model/Security/Properties/statusNotes.md: -------------------------------------------------------------------------------- 1 | SPDX-License-Identifier: Community-Spec-1.0 2 | 3 | # statusNotes 4 | 5 | ## Summary 6 | 7 | Conveys information about how VEX status was determined. 8 | 9 | ## Description 10 | 11 | A VEX statement may convey information about how status was determined and may reference other VEX information. 12 | 13 | ## Metadata 14 | 15 | - name: statusNotes 16 | - Nature: DataProperty 17 | - Range: xsd:string 18 | -------------------------------------------------------------------------------- /model/SupplyChain/Properties/destructionPerformedBy.md: -------------------------------------------------------------------------------- 1 | SPDX-License-Identifier: Community-Spec-1.0 2 | 3 | # destructionPerformedBy 4 | 5 | ## Summary 6 | 7 | This is the agent that performed the act of destroying the item. 8 | 9 | ## Description 10 | 11 | This is the agent that performed the act of destroying the item. 12 | 13 | ## Metadata 14 | 15 | - name: destructionPerformedBy 16 | - Nature: ObjectProperty 17 | - Range: /Core/Agent 18 | -------------------------------------------------------------------------------- /model/SupplyChain/Properties/forDropoffLocation.md: -------------------------------------------------------------------------------- 1 | SPDX-License-Identifier: Community-Spec-1.0 2 | 3 | # forDropoffLocation 4 | 5 | ## Summary 6 | 7 | The location that an item will be dropping off or delivered. 8 | 9 | ## Description 10 | 11 | This is a specific location designated for dropping off or delivering an item. 12 | 13 | ## Metadata 14 | 15 | - name: forDropoffLocation 16 | - Nature: ObjectProperty 17 | - Range: /Core/Location 18 | -------------------------------------------------------------------------------- /serialization/jsonld/examples/org1.json: -------------------------------------------------------------------------------- 1 | { 2 | "@context": "https://spdx.org/rdf/3.0.0/spdx-context.jsonld", 3 | "type": "Organization", 4 | "spdxId": "https://spdx.dev/elements/3F26391C#spdx-dev", 5 | "creationInfo": { 6 | "type": "CreationInfo", 7 | "specVersion": "3.0.0", 8 | "created": "2022-12-01T00:00:00Z", 9 | "createdBy": ["https://spdx.dev/elements/3F26391C#spdx-dev"] 10 | }, 11 | "name": "spdx.dev" 12 | } 13 | -------------------------------------------------------------------------------- /model/Core/Properties/extension.md: -------------------------------------------------------------------------------- 1 | SPDX-License-Identifier: Community-Spec-1.0 2 | 3 | # extension 4 | 5 | ## Summary 6 | 7 | Specifies an Extension characterization of some aspect of an Element. 8 | 9 | ## Description 10 | 11 | `extension` specifies an Extension-based characterization of a particular 12 | aspect of an Element. 13 | 14 | ## Metadata 15 | 16 | - name: extension 17 | - Nature: ObjectProperty 18 | - Range: /Extension/Extension 19 | -------------------------------------------------------------------------------- /model/Hardware/Properties/massOfHardware.md: -------------------------------------------------------------------------------- 1 | SPDX-License-Identifier: Community-Spec-1.0 2 | 3 | # massOfHardware 4 | 5 | ## Summary 6 | 7 | Information related to massOfHardware physical hardware. 8 | 9 | ## Description 10 | 11 | Mass is defined as an intrinsic property of a body for describing a physical hardware component. 12 | 13 | ## Metadata 14 | 15 | - name: massOfHardware 16 | - Nature: DataProperty 17 | - Range: /Core/MeasureOfMass 18 | -------------------------------------------------------------------------------- /serialization/jsonld/examples/tool1.json: -------------------------------------------------------------------------------- 1 | { 2 | "@context": "https://spdx.org/rdf/3.0.0/spdx-context.jsonld", 3 | "type": "Tool", 4 | "spdxId": "https://some.namespace#sbomolator_v2", 5 | "creationInfo": { 6 | "type": "CreationInfo", 7 | "specVersion": "3.0.0", 8 | "created": "2022-12-01T00:00:00Z", 9 | "createdBy": ["https://spdx.dev/elements/3F26391C#spdx-dev"] 10 | }, 11 | "name": "Acme Corp. Super SBOM-o-lator" 12 | } 13 | -------------------------------------------------------------------------------- /model/Core/Properties/streetAddress.md: -------------------------------------------------------------------------------- 1 | SPDX-License-Identifier: Community-Spec-1.0 2 | 3 | # streetAddress 4 | 5 | ## Summary 6 | 7 | Street address includes a street number, name and unit ID to identify a specific street. 8 | 9 | ## Description 10 | 11 | Street address includes a street number, name and unit ID to identify a specific street. 12 | 13 | ## Metadata 14 | 15 | - name: streetAddress 16 | - Nature: DataProperty 17 | - Range: xsd:string 18 | -------------------------------------------------------------------------------- /model/Hardware/Properties/productAgent.md: -------------------------------------------------------------------------------- 1 | SPDX-License-Identifier: Community-Spec-1.0 2 | 3 | # productAgent 4 | 5 | ## Summary 6 | 7 | The Agent who is responsible for product branding such as an OEM. 8 | 9 | ## Description 10 | 11 | The Agent is responsible for defining the partNumber, batchNumber or serialNumber of the unit of hardware. 12 | 13 | ## Metadata 14 | 15 | - name: productAgent 16 | - Nature: ObjectProperty 17 | - Range: /Core/Agent 18 | -------------------------------------------------------------------------------- /model/Dataset/Properties/anonymizationMethodUsed.md: -------------------------------------------------------------------------------- 1 | SPDX-License-Identifier: Community-Spec-1.0 2 | 3 | # anonymizationMethodUsed 4 | 5 | ## Summary 6 | 7 | Describes the anonymization methods used. 8 | 9 | ## Description 10 | 11 | A free-form text that describes the methods used to anonymize the dataset 12 | or fields in the dataset. 13 | 14 | ## Metadata 15 | 16 | - name: anonymizationMethodUsed 17 | - Nature: DataProperty 18 | - Range: xsd:string 19 | -------------------------------------------------------------------------------- /model/Operations/Properties/exportControlClassificationResult.md: -------------------------------------------------------------------------------- 1 | SPDX-License-Identifier: Community-Spec-1.0 2 | 3 | # exportControlClassificationResult 4 | ## Summary 5 | 6 | Provides the result of an export control assessment. 7 | 8 | ## Description 9 | 10 | Provides the result of an export control assessment. 11 | 12 | ## Metadata 13 | 14 | - name: exportControlClassificationResult 15 | - Nature: DataProperty 16 | - Range: ExportControlClassification 17 | -------------------------------------------------------------------------------- /model/Software/Properties/primaryPurpose.md: -------------------------------------------------------------------------------- 1 | SPDX-License-Identifier: Community-Spec-1.0 2 | 3 | # primaryPurpose 4 | 5 | ## Summary 6 | 7 | Provides information about the primary purpose of the software artifact. 8 | 9 | ## Description 10 | 11 | primaryPurpose provides information about the primary purpose of the software 12 | artifact. 13 | 14 | ## Metadata 15 | 16 | - name: primaryPurpose 17 | - Nature: ObjectProperty 18 | - Range: SoftwarePurpose 19 | -------------------------------------------------------------------------------- /model/Build/Properties/buildEndTime.md: -------------------------------------------------------------------------------- 1 | SPDX-License-Identifier: Community-Spec-1.0 2 | 3 | # buildEndTime 4 | 5 | ## Summary 6 | 7 | Property that describes the time at which a build stops. 8 | 9 | ## Description 10 | 11 | buildEndTime describes the time at which a build stops or finishes. 12 | 13 | This value is typically recorded by the builder. 14 | 15 | ## Metadata 16 | 17 | - name: buildEndTime 18 | - Nature: DataProperty 19 | - Range: /Core/DateTime 20 | -------------------------------------------------------------------------------- /model/Core/Properties/namespace.md: -------------------------------------------------------------------------------- 1 | SPDX-License-Identifier: Community-Spec-1.0 2 | 3 | # namespace 4 | 5 | ## Summary 6 | 7 | Provides an unambiguous mechanism for conveying a URI fragment portion of an 8 | Element ID. 9 | 10 | ## Description 11 | 12 | A namespace provides an unambiguous mechanism for conveying a URI fragment 13 | portion of an Element ID. 14 | 15 | ## Metadata 16 | 17 | - name: namespace 18 | - Nature: DataProperty 19 | - Range: xsd:anyURI 20 | -------------------------------------------------------------------------------- /model/Core/Properties/supportLevel.md: -------------------------------------------------------------------------------- 1 | SPDX-License-Identifier: Community-Spec-1.0 2 | 3 | # supportLevel 4 | 5 | ## Summary 6 | 7 | Specifies the level of support associated with an artifact. 8 | 9 | ## Description 10 | 11 | supportLevel provides an indication of what support expectations that the 12 | supplier of an artifact is providing to the user. 13 | 14 | ## Metadata 15 | 16 | - name: supportLevel 17 | - Nature: ObjectProperty 18 | - Range: SupportType 19 | -------------------------------------------------------------------------------- /model/Core/Properties/comment.md: -------------------------------------------------------------------------------- 1 | SPDX-License-Identifier: Community-Spec-1.0 2 | 3 | # comment 4 | 5 | ## Summary 6 | 7 | Provide consumers with comments by the creator of the Element about the 8 | Element. 9 | 10 | ## Description 11 | 12 | A comment is an optional field for creators of the Element to provide comments 13 | to the readers/reviewers of the document. 14 | 15 | ## Metadata 16 | 17 | - name: comment 18 | - Nature: DataProperty 19 | - Range: xsd:string 20 | -------------------------------------------------------------------------------- /model/Security/Properties/severity.md: -------------------------------------------------------------------------------- 1 | SPDX-License-Identifier: Community-Spec-1.0 2 | 3 | # severity 4 | 5 | ## Summary 6 | 7 | Specifies the CVSS qualitative severity rating of a vulnerability in relation to a piece of software. 8 | 9 | ## Description 10 | 11 | The severity field provides a human readable string of the resulting numerical CVSS score. 12 | 13 | ## Metadata 14 | 15 | - name: severity 16 | - Nature: ObjectProperty 17 | - Range: CvssSeverityType 18 | -------------------------------------------------------------------------------- /model/SupplyChain/Properties/current.md: -------------------------------------------------------------------------------- 1 | SPDX-License-Identifier: Community-Spec-1.0 2 | 3 | # current 4 | 5 | ## Summary 6 | 7 | This is the individual, business, or organization who currently manages goods, services, or assets. 8 | 9 | ## Description 10 | 11 | This is the individual, business, or organization who currently manages goods, services, or assets. 12 | 13 | ## Metadata 14 | 15 | - name: current 16 | - Nature: ObjectProperty 17 | - Range: /Core/Agent 18 | -------------------------------------------------------------------------------- /.gitattributes: -------------------------------------------------------------------------------- 1 | # Set the default behavior, in case people don't have core.autocrlf set. 2 | * text=auto 3 | 4 | # Explicitly declare text files you want to always be normalized and converted 5 | # to native line endings on checkout. 6 | *.json text eol=lf 7 | *.md text eol=lf 8 | *.py text eol=lf 9 | *.txt text eol=lf 10 | *.yml text eol=lf 11 | 12 | # Denote all files that are truly binary and should not be modified. 13 | *.jpg binary 14 | *.pdf binary 15 | *.png binary 16 | -------------------------------------------------------------------------------- /model/Core/Properties/summary.md: -------------------------------------------------------------------------------- 1 | SPDX-License-Identifier: Community-Spec-1.0 2 | 3 | # summary 4 | 5 | ## Summary 6 | 7 | A short description of an Element. 8 | 9 | ## Description 10 | 11 | A summary is a short description of an Element. Here, the intent is to allow 12 | the Element creator to provide concise information about the function or use of 13 | the Element. 14 | 15 | ## Metadata 16 | 17 | - name: summary 18 | - Nature: DataProperty 19 | - Range: xsd:string 20 | -------------------------------------------------------------------------------- /model/ExpandedLicensing/ExpandedLicensing.md: -------------------------------------------------------------------------------- 1 | SPDX-License-Identifier: Community-Spec-1.0 2 | 3 | # ExpandedLicensing 4 | 5 | ## Summary 6 | 7 | Fully expanded license expressions. 8 | 9 | ## Description 10 | 11 | This profile supports representing a fully expanded 12 | [license expression](../../annexes/spdx-license-expressions.md) 13 | in object form. 14 | 15 | ## Metadata 16 | 17 | - id: https://spdx.org/rdf/3.1/terms/ExpandedLicensing 18 | - name: ExpandedLicensing 19 | -------------------------------------------------------------------------------- /model/Core/Classes/Bundle.md: -------------------------------------------------------------------------------- 1 | SPDX-License-Identifier: Community-Spec-1.0 2 | 3 | # Bundle 4 | 5 | ## Summary 6 | 7 | A collection of Elements that have a shared context. 8 | 9 | ## Description 10 | 11 | A bundle is a collection of Elements that have a shared context. 12 | 13 | ## Metadata 14 | 15 | - name: Bundle 16 | - SubclassOf: ElementCollection 17 | - Instantiability: Concrete 18 | 19 | ## Properties 20 | 21 | - context 22 | - type: xsd:string 23 | - maxCount: 1 24 | -------------------------------------------------------------------------------- /model/Core/Properties/validUntilTime.md: -------------------------------------------------------------------------------- 1 | SPDX-License-Identifier: Community-Spec-1.0 2 | 3 | # validUntilTime 4 | 5 | ## Summary 6 | 7 | Specifies until when the artifact can be used before its usage needs to be 8 | reassessed. 9 | 10 | ## Description 11 | 12 | A validUntilTime specifies until when the artifact can be used before its usage 13 | needs to be reassessed. 14 | 15 | ## Metadata 16 | 17 | - name: validUntilTime 18 | - Nature: DataProperty 19 | - Range: DateTime 20 | -------------------------------------------------------------------------------- /model/SupplyChain/Classes/HarvestProcess.md: -------------------------------------------------------------------------------- 1 | SPDX-License-Identifier: Community-Spec-1.0 2 | 3 | # HarvestProcess 4 | 5 | ## Summary 6 | 7 | Harvest is the process of extracting goods or products from nature. 8 | 9 | ## Description 10 | 11 | Harvest is the process of extracting goods or products from nature. This includes mining, fishing and husbandry. 12 | 13 | ## Metadata 14 | 15 | - name: HarvestProcess 16 | - SubclassOf: CreateProcess 17 | - Instantiability: Concrete 18 | -------------------------------------------------------------------------------- /model/Dataset/Properties/confidentialityLevel.md: -------------------------------------------------------------------------------- 1 | SPDX-License-Identifier: Community-Spec-1.0 2 | 3 | # confidentialityLevel 4 | 5 | ## Summary 6 | 7 | Describes the confidentiality level of the data points contained in the dataset. 8 | 9 | ## Description 10 | 11 | Describes the levels of confidentiality of the data points contained in the dataset. 12 | 13 | ## Metadata 14 | 15 | - name: confidentialityLevel 16 | - Nature: ObjectProperty 17 | - Range: ConfidentialityLevelType 18 | -------------------------------------------------------------------------------- /model/ExpandedLicensing/Properties/subjectAddition.md: -------------------------------------------------------------------------------- 1 | SPDX-License-Identifier: Community-Spec-1.0 2 | 3 | # subjectAddition 4 | 5 | ## Summary 6 | 7 | A LicenseAddition participating in a 'with addition' model. 8 | 9 | ## Description 10 | 11 | A subjectAddition is a LicenseAddition which is subject to a 'with additional 12 | text' effect (WithAdditionOperator). 13 | 14 | ## Metadata 15 | 16 | - name: subjectAddition 17 | - Nature: ObjectProperty 18 | - Range: LicenseAddition 19 | -------------------------------------------------------------------------------- /model/SupplyChain/Properties/previous.md: -------------------------------------------------------------------------------- 1 | SPDX-License-Identifier: Community-Spec-1.0 2 | 3 | # previous 4 | 5 | ## Summary 6 | 7 | This is the individual, business, or organization who was previously managing goods, services, or assets. 8 | 9 | ## Description 10 | 11 | This is the individual, business, or organization who was previously managing goods, services, or assets. 12 | 13 | ## Metadata 14 | 15 | - name: previous 16 | - Nature: ObjectProperty 17 | - Range: /Core/Agent 18 | -------------------------------------------------------------------------------- /model/Core/Properties/requirementStatement.md: -------------------------------------------------------------------------------- 1 | SPDX-License-Identifier: Community-Spec-1.0 2 | 3 | # requirementStatement 4 | 5 | ## Summary 6 | 7 | A text describing the actual need defined by the requirement. 8 | 9 | ## Description 10 | 11 | The text portion of the requirement, usually following specific rules and best practices of requirements engineering. e.g. EARS. 12 | 13 | ## Metadata 14 | 15 | - name: requirementStatement 16 | - Nature: DataProperty 17 | - Range: xsd:string 18 | -------------------------------------------------------------------------------- /model/Core/Properties/requirementUUID.md: -------------------------------------------------------------------------------- 1 | SPDX-License-Identifier: Community-Spec-1.0 2 | 3 | # requirementUUID 4 | 5 | ## Summary 6 | 7 | Provides a universally unique Requirement ID. 8 | 9 | ## Description 10 | 11 | A unique ID, as used by requirements management or other lifecycle management tools, usually a string that follows a project specific naming convention. 12 | 13 | ## Metadata 14 | 15 | - name: requirementUUID 16 | - Nature: DataProperty 17 | - Range: ExternalIdentifier 18 | -------------------------------------------------------------------------------- /model/Core/Properties/to.md: -------------------------------------------------------------------------------- 1 | SPDX-License-Identifier: Community-Spec-1.0 2 | 3 | # to 4 | 5 | ## Summary 6 | 7 | References an Element on the right-hand side of a relationship. 8 | 9 | ## Description 10 | 11 | This field references an Element on the right-hand side of a relationship. 12 | 13 | If it is not provided, it indicates that there are no known relationships of 14 | the given type. 15 | 16 | ## Metadata 17 | 18 | - name: to 19 | - Nature: ObjectProperty 20 | - Range: Element 21 | -------------------------------------------------------------------------------- /model/Security/Properties/catalogType.md: -------------------------------------------------------------------------------- 1 | SPDX-License-Identifier: Community-Spec-1.0 2 | 3 | # catalogType 4 | 5 | ## Summary 6 | 7 | Specifies the exploit catalog type. 8 | 9 | ## Description 10 | 11 | A catalogType is a mandatory value and shall select one of the existing entries 12 | in the [`ExploitCatalogType`](../Vocabularies/ExploitCatalogType.md) vocabulary. 13 | 14 | ## Metadata 15 | 16 | - name: catalogType 17 | - Nature: ObjectProperty 18 | - Range: ExploitCatalogType 19 | -------------------------------------------------------------------------------- /model/SupplyChain/Classes/PlanProcess.md: -------------------------------------------------------------------------------- 1 | SPDX-License-Identifier: Community-Spec-1.0 2 | 3 | # PlanProcess 4 | 5 | ## Summary 6 | 7 | Process plans outline the stages of implementation or use related to a process. 8 | 9 | ## Description 10 | 11 | Complex processes require plans, therefore a process plan outlines procedures required to deliver a specified requirement. 12 | 13 | ## Metadata 14 | 15 | - name: PlanProcess 16 | - SubclassOf: UseProcess 17 | - Instantiability: Concrete 18 | -------------------------------------------------------------------------------- /model/SupplyChain/Properties/responsibilityChangedOn.md: -------------------------------------------------------------------------------- 1 | SPDX-License-Identifier: Community-Spec-1.0 2 | 3 | # responsibilityChangedOn 4 | 5 | ## Summary 6 | 7 | The element that has it's responsibility changed. 8 | 9 | ## Description 10 | 11 | The element that has it's responsibility changed. For example: "This product is associated with the change of ownership." 12 | 13 | ## Metadata 14 | 15 | - name: responsibilityChangedOn 16 | - Nature: ObjectProperty 17 | - Range: /Core/Element 18 | -------------------------------------------------------------------------------- /model/Core/Properties/name.md: -------------------------------------------------------------------------------- 1 | SPDX-License-Identifier: Community-Spec-1.0 2 | 3 | # name 4 | 5 | ## Summary 6 | 7 | Identifies the name of an Element as designated by the creator. 8 | 9 | ## Description 10 | 11 | This field identifies the name of an Element as designated by the creator. 12 | 13 | The name of an Element is an important convention and easier to refer to than 14 | the URI. 15 | 16 | ## Metadata 17 | 18 | - name: name 19 | - Nature: DataProperty 20 | - Range: xsd:string 21 | -------------------------------------------------------------------------------- /model/Service/Properties/serverAuthenticationProtocol.md: -------------------------------------------------------------------------------- 1 | SPDX-License-Identifier: Community-Spec-1.0 2 | 3 | # serverAuthenticationProtocol 4 | 5 | ## Summary 6 | 7 | Authentication protocol used by a server. 8 | 9 | ## Description 10 | 11 | Authentication protocols used by a server or a software service to authenticate the server to the consumer. 12 | 13 | ## Metadata 14 | 15 | - name: serverAuthenticationProtocol 16 | - Nature: ObjectProperty 17 | - Range: AuthenticationProtocolType 18 | -------------------------------------------------------------------------------- /model/Core/Properties/postalName.md: -------------------------------------------------------------------------------- 1 | SPDX-License-Identifier: Community-Spec-1.0 2 | 3 | # postalName 4 | 5 | ## Summary 6 | 7 | The name of the recipient expressed in text. 8 | 9 | ## Description 10 | 11 | A postal name refers to the official name of a city, town, or locality as recognized by a postal system for mail delivery purposes. It ensures accurate addressing and routing of mail. 12 | 13 | ## Metadata 14 | 15 | - name: postalName 16 | - Nature: DataProperty 17 | - Range: xsd:string 18 | -------------------------------------------------------------------------------- /model/Software/Properties/fileKind.md: -------------------------------------------------------------------------------- 1 | SPDX-License-Identifier: Community-Spec-1.0 2 | 3 | # fileKind 4 | 5 | ## Summary 6 | 7 | Describes if a given file is a directory or non-directory kind of file. 8 | 9 | ## Description 10 | 11 | An SPDX file may represent a specific file or a directory of files. 12 | 13 | In the future, this may be extended to other kinds (e.g. network based files). 14 | 15 | ## Metadata 16 | 17 | - name: fileKind 18 | - Nature: ObjectProperty 19 | - Range: FileKindType 20 | -------------------------------------------------------------------------------- /model/SupplyChain/Properties/currentState.md: -------------------------------------------------------------------------------- 1 | SPDX-License-Identifier: Community-Spec-1.0 2 | 3 | # currentState 4 | 5 | ## Summary 6 | 7 | This is the state of an affected Element. 8 | 9 | ## Description 10 | 11 | The state of an object refers to a string assigned to its attributes (or properties) at a given moment in time. The state describes the current condition or behavior of the object. 12 | 13 | ## Metadata 14 | 15 | - name: currentState 16 | - Nature: ObjectProperty 17 | - Range: State 18 | -------------------------------------------------------------------------------- /model/Core/Properties/completeness.md: -------------------------------------------------------------------------------- 1 | SPDX-License-Identifier: Community-Spec-1.0 2 | 3 | # completeness 4 | 5 | ## Summary 6 | 7 | Provides information about the completeness of relationships. 8 | 9 | ## Description 10 | 11 | Completeness gives information about whether the provided relationships are 12 | complete, known to be incomplete or if no assertion is made either way. 13 | 14 | ## Metadata 15 | 16 | - name: completeness 17 | - Nature: ObjectProperty 18 | - Range: RelationshipCompleteness 19 | -------------------------------------------------------------------------------- /model/ExpandedLicensing/Properties/subjectExtendableLicense.md: -------------------------------------------------------------------------------- 1 | SPDX-License-Identifier: Community-Spec-1.0 2 | 3 | # subjectExtendableLicense 4 | 5 | ## Summary 6 | 7 | A License participating in a 'with addition' model. 8 | 9 | ## Description 10 | 11 | A subjectExtendableLicense is a License which is subject to a 'with additional 12 | text' effect (WithAdditionOperator). 13 | 14 | ## Metadata 15 | 16 | - name: subjectExtendableLicense 17 | - Nature: ObjectProperty 18 | - Range: ExtendableLicense 19 | -------------------------------------------------------------------------------- /model/Security/Vocabularies/ExploitCatalogType.md: -------------------------------------------------------------------------------- 1 | SPDX-License-Identifier: Community-Spec-1.0 2 | 3 | # ExploitCatalogType 4 | 5 | ## Summary 6 | 7 | Specifies the exploit catalog type. 8 | 9 | ## Description 10 | 11 | ExploitCatalogType specifies the type of exploit catalog that a vulnerability is listed in. 12 | 13 | ## Metadata 14 | 15 | - name: ExploitCatalogType 16 | 17 | ## Entries 18 | 19 | - kev: CISA's Known Exploited Vulnerability (KEV) catalog. 20 | - other: Other exploit catalogs. 21 | -------------------------------------------------------------------------------- /model/Software/Properties/additionalPurpose.md: -------------------------------------------------------------------------------- 1 | SPDX-License-Identifier: Community-Spec-1.0 2 | 3 | # additionalPurpose 4 | 5 | ## Summary 6 | 7 | Provides additional purpose information of the software artifact. 8 | 9 | ## Description 10 | 11 | An additionalPurpose provides information about the additional purpose of the 12 | software artifact in addition to the primaryPurpose. 13 | 14 | ## Metadata 15 | 16 | - name: additionalPurpose 17 | - Nature: ObjectProperty 18 | - Range: SoftwarePurpose 19 | -------------------------------------------------------------------------------- /model/SupplyChain/Properties/plannedCurrent.md: -------------------------------------------------------------------------------- 1 | SPDX-License-Identifier: Community-Spec-1.0 2 | 3 | # plannedCurrent 4 | 5 | ## Summary 6 | 7 | This is the planned individual, business, or organization who currently manages goods, services, or assets. 8 | 9 | ## Description 10 | 11 | This is the planned individual, business, or organization who currently manages goods, services, or assets. 12 | 13 | ## Metadata 14 | 15 | - name: plannedCurrent 16 | - Nature: ObjectProperty 17 | - Range: /Core/Agent 18 | -------------------------------------------------------------------------------- /model/Core/Vocabularies/PresenceType.md: -------------------------------------------------------------------------------- 1 | SPDX-License-Identifier: Community-Spec-1.0 2 | 3 | # PresenceType 4 | 5 | ## Summary 6 | 7 | Categories of presence or absence. 8 | 9 | ## Description 10 | 11 | This type is used to indicate if a given field is present or absent or unknown. 12 | 13 | ## Metadata 14 | 15 | - name: PresenceType 16 | 17 | ## Entries 18 | 19 | - yes: Indicates presence of the field. 20 | - no: Indicates absence of the field. 21 | - noAssertion: Makes no assertion about the field. 22 | -------------------------------------------------------------------------------- /model/SupplyChain/Properties/plannedStorageLocation.md: -------------------------------------------------------------------------------- 1 | SPDX-License-Identifier: Community-Spec-1.0 2 | 3 | # plannedStorageLocation 4 | 5 | ## Summary 6 | 7 | The planned location that a good, product or material is stored. 8 | 9 | ## Description 10 | 11 | This is the property of the storage class that defines a planned location related to the storage of a good, product or material. 12 | 13 | ## Metadata 14 | 15 | - name: plannedStorageLocation 16 | - Nature: ObjectProperty 17 | - Range: /Core/Location 18 | -------------------------------------------------------------------------------- /model/Core/Properties/createdBy.md: -------------------------------------------------------------------------------- 1 | SPDX-License-Identifier: Community-Spec-1.0 2 | 3 | # createdBy 4 | 5 | ## Summary 6 | 7 | Identifies who or what created the Element. 8 | 9 | ## Description 10 | 11 | CreatedBy identifies who or what created the Element. 12 | 13 | The generation method will assist the recipient of the Element in assessing 14 | the general reliability/accuracy of the analysis information. 15 | 16 | ## Metadata 17 | 18 | - name: createdBy 19 | - Nature: ObjectProperty 20 | - Range: Agent 21 | -------------------------------------------------------------------------------- /model/Core/Properties/externalSpdxId.md: -------------------------------------------------------------------------------- 1 | SPDX-License-Identifier: Community-Spec-1.0 2 | 3 | # externalSpdxId 4 | 5 | ## Summary 6 | 7 | Identifies an external Element used within an SpdxDocument but defined 8 | external to that SpdxDocument. 9 | 10 | ## Description 11 | 12 | An externalSpdxId identifies an external Element used within an SpdxDocument but 13 | defined external to that SpdxDocument. 14 | 15 | ## Metadata 16 | 17 | - name: externalSpdxId 18 | - Nature: DataProperty 19 | - Range: xsd:anyURI 20 | -------------------------------------------------------------------------------- /model/Dataset/Properties/datasetSize.md: -------------------------------------------------------------------------------- 1 | SPDX-License-Identifier: Community-Spec-1.0 2 | 3 | # datasetSize 4 | 5 | ## Summary 6 | 7 | Captures the size of the dataset. 8 | 9 | Deprecated in SPDX 3.1. 10 | Use [artifactSize](../../Software/Properties/artifactSize.md) instead. 11 | 12 | ## Description 13 | 14 | Captures how large a dataset is. 15 | 16 | The size is to be measured in bytes. 17 | 18 | ## Metadata 19 | 20 | - name: datasetSize 21 | - Nature: DataProperty 22 | - Range: xsd:nonNegativeInteger 23 | -------------------------------------------------------------------------------- /model/ExpandedLicensing/Properties/member.md: -------------------------------------------------------------------------------- 1 | SPDX-License-Identifier: Community-Spec-1.0 2 | 3 | # member 4 | 5 | ## Summary 6 | 7 | A license expression participating in a license set. 8 | 9 | ## Description 10 | 11 | A member is a license expression participating in a conjunctive (of type 12 | ConjunctiveLicenseSet) or a disjunctive (of type DisjunctiveLicenseSet) 13 | license set. 14 | 15 | ## Metadata 16 | 17 | - name: member 18 | - Nature: ObjectProperty 19 | - Range: /SimpleLicensing/AnyLicenseInfo 20 | -------------------------------------------------------------------------------- /model/SupplyChain/Classes/ChangeAction.md: -------------------------------------------------------------------------------- 1 | SPDX-License-Identifier: Community-Spec-1.0 2 | 3 | # ChangeAction 4 | 5 | ## Summary 6 | 7 | An actual change to a product. 8 | 9 | ## Description 10 | 11 | A ChangeAction expresses an alteration of a product, such as an intentional adjustment. 12 | 13 | ## Metadata 14 | 15 | - name: ChangeAction 16 | - SubclassOf: ModifyAction 17 | - Instantiability: Concrete 18 | 19 | ## External properties restrictions 20 | 21 | - /Core/Element/description 22 | - minCount: 1 23 | -------------------------------------------------------------------------------- /model/Core/Properties/context.md: -------------------------------------------------------------------------------- 1 | SPDX-License-Identifier: Community-Spec-1.0 2 | 3 | # context 4 | 5 | ## Summary 6 | 7 | Gives information about the circumstances or unifying properties 8 | that Elements of the bundle have been assembled under. 9 | 10 | ## Description 11 | 12 | A context gives information about the circumstances or unifying properties 13 | that Elements of the bundle have been assembled under. 14 | 15 | ## Metadata 16 | 17 | - name: context 18 | - Nature: DataProperty 19 | - Range: xsd:string 20 | -------------------------------------------------------------------------------- /model/ExpandedLicensing/Classes/CustomLicense.md: -------------------------------------------------------------------------------- 1 | SPDX-License-Identifier: Community-Spec-1.0 2 | 3 | # CustomLicense 4 | 5 | ## Summary 6 | 7 | A license that is not listed on the SPDX License List. 8 | 9 | ## Description 10 | 11 | A CustomLicense represents a License that is not listed on the 12 | [SPDX License List](https://spdx.org/licenses), 13 | and is therefore defined by an SPDX data creator. 14 | 15 | ## Metadata 16 | 17 | - name: CustomLicense 18 | - SubclassOf: License 19 | - Instantiability: Concrete 20 | -------------------------------------------------------------------------------- /model/SupplyChain/Properties/boundaryParameter.md: -------------------------------------------------------------------------------- 1 | SPDX-License-Identifier: Community-Spec-1.0 2 | 3 | # boundaryParameter 4 | 5 | ## Summary 6 | 7 | The boundary parameters define the area or region needed to describe a boundary. 8 | 9 | ## Description 10 | 11 | A boundary parameter refers to a limiting condition, constraint, or predefined value that determines area or region boundaries. 12 | 13 | ## Metadata 14 | 15 | - name: boundaryParameter 16 | - Nature: ObjectProperty 17 | - Range: /Core/DictionaryEntry 18 | -------------------------------------------------------------------------------- /model/SupplyChain/Properties/plannedPrevious.md: -------------------------------------------------------------------------------- 1 | SPDX-License-Identifier: Community-Spec-1.0 2 | 3 | # plannedPrevious 4 | 5 | ## Summary 6 | 7 | This is the planned individual, business, or organization who was previously managing goods, services, or assets. 8 | 9 | ## Description 10 | 11 | This is the planned individual, business, or organization who was previously managing goods, services, or assets. 12 | 13 | ## Metadata 14 | 15 | - name: plannedPrevious 16 | - Nature: ObjectProperty 17 | - Range: /Core/Agent 18 | -------------------------------------------------------------------------------- /model/Core/Vocabularies/ProcessReadinessType.md: -------------------------------------------------------------------------------- 1 | SPDX-License-Identifier: Community-Spec-1.0 2 | 3 | # ProcessReadinessType 4 | 5 | ## Summary 6 | 7 | The ProcessReadinessType is defined by the enumeration. 8 | 9 | ## Description 10 | 11 | ProcessReadinessType enumerations are used to define the version state. 12 | 13 | ## Metadata 14 | 15 | - name: ProcessReadinessType 16 | 17 | ## Entries 18 | 19 | - draft: in production 20 | - active: in use 21 | - obsolete: superseded or not valid at present 22 | - other: other 23 | -------------------------------------------------------------------------------- /model/SupplyChain/Properties/plannedInspectionLocation.md: -------------------------------------------------------------------------------- 1 | SPDX-License-Identifier: Community-Spec-1.0 2 | 3 | # plannedInspectionLocation 4 | 5 | ## Summary 6 | 7 | The planned location that a good, product or material is inspected. 8 | 9 | ## Description 10 | 11 | This is the property of the storage class that defines a planned location related to the inspection of a good, product or material. 12 | 13 | ## Metadata 14 | 15 | - name: plannedInspectionLocation 16 | - Nature: ObjectProperty 17 | - Range: /Core/Location 18 | -------------------------------------------------------------------------------- /model/AI/Properties/domain.md: -------------------------------------------------------------------------------- 1 | SPDX-License-Identifier: Community-Spec-1.0 2 | 3 | # domain 4 | 5 | ## Summary 6 | 7 | Captures the domain in which the AI package can be used. 8 | 9 | ## Description 10 | 11 | A free-form text that describes the domain where the AI model contained in the 12 | AI software can be expected to operate successfully. 13 | 14 | Examples include computer vision, natural language processing, etc. 15 | 16 | ## Metadata 17 | 18 | - name: domain 19 | - Nature: DataProperty 20 | - Range: xsd:string 21 | -------------------------------------------------------------------------------- /model/Core/Properties/countyCode.md: -------------------------------------------------------------------------------- 1 | SPDX-License-Identifier: Community-Spec-1.0 2 | 3 | # countyCode 4 | 5 | ## Summary 6 | 7 | A code that identifies a county. 8 | 9 | ## Description 10 | 11 | A code that identifies a county. A county is a territorial division in some countries, often forming a primary unit of local administration. 12 | 13 | In the US, a county is a political and administrative division of a state. 14 | 15 | ## Metadata 16 | 17 | - name: countyCode 18 | - Nature: DataProperty 19 | - Range: xsd:string 20 | -------------------------------------------------------------------------------- /model/Core/Properties/externalRef.md: -------------------------------------------------------------------------------- 1 | SPDX-License-Identifier: Community-Spec-1.0 2 | 3 | # externalRef 4 | 5 | ## Summary 6 | 7 | Points to a resource outside the scope of the SPDX 3 content 8 | that provides additional characteristics of an Element. 9 | 10 | ## Description 11 | 12 | This field points to a resource outside the scope of the SPDX 3 content 13 | that provides additional characteristics of an Element. 14 | 15 | ## Metadata 16 | 17 | - name: externalRef 18 | - Nature: ObjectProperty 19 | - Range: ExternalRef 20 | -------------------------------------------------------------------------------- /model/ExpandedLicensing/Classes/ExtendableLicense.md: -------------------------------------------------------------------------------- 1 | SPDX-License-Identifier: Community-Spec-1.0 2 | 3 | # ExtendableLicense 4 | 5 | ## Summary 6 | 7 | Abstract class representing a License or an OrLaterOperator. 8 | 9 | ## Description 10 | 11 | The WithAdditionOperator can have a License or an OrLaterOperator as the 12 | license property value. This class is used for the value. 13 | 14 | ## Metadata 15 | 16 | - name: ExtendableLicense 17 | - SubclassOf: /SimpleLicensing/AnyLicenseInfo 18 | - Instantiability: Abstract 19 | -------------------------------------------------------------------------------- /model/SupplyChain/Properties/plannedProductofResponsibilityChange.md: -------------------------------------------------------------------------------- 1 | SPDX-License-Identifier: Community-Spec-1.0 2 | 3 | # plannedProductofResponsibilityChange 4 | 5 | ## Summary 6 | 7 | This is the planned product associated with the change of responsibility. 8 | 9 | ## Description 10 | 11 | The planned product or service related to a responsibility change is identified in this field. 12 | 13 | ## Metadata 14 | 15 | - name: plannedProductofResponsibilityChange 16 | - Nature: ObjectProperty 17 | - Range: /Core/Element 18 | -------------------------------------------------------------------------------- /model/Core/Properties/externalIdentifier.md: -------------------------------------------------------------------------------- 1 | SPDX-License-Identifier: Community-Spec-1.0 2 | 3 | # externalIdentifier 4 | 5 | ## Summary 6 | 7 | Provides a reference to a resource outside the scope of SPDX 3 content 8 | that uniquely identifies an Element. 9 | 10 | ## Description 11 | 12 | ExternalIdentifier points to a resource outside the scope of SPDX 3 content 13 | that uniquely identifies an Element. 14 | 15 | ## Metadata 16 | 17 | - name: externalIdentifier 18 | - Nature: ObjectProperty 19 | - Range: ExternalIdentifier 20 | -------------------------------------------------------------------------------- /model/Core/Properties/identifierLocator.md: -------------------------------------------------------------------------------- 1 | SPDX-License-Identifier: Community-Spec-1.0 2 | 3 | # identifierLocator 4 | 5 | ## Summary 6 | 7 | Provides the location for more information regarding an external identifier. 8 | 9 | ## Description 10 | 11 | Identifiers are not always structured as URIs. An identifierLocator is a 12 | location hint (a URL) that provides contextual information relevant to the 13 | identifier. 14 | 15 | ## Metadata 16 | 17 | - name: identifierLocator 18 | - Nature: DataProperty 19 | - Range: xsd:anyURI 20 | -------------------------------------------------------------------------------- /model/Extension/Properties/cdxPropName.md: -------------------------------------------------------------------------------- 1 | SPDX-License-Identifier: Community-Spec-1.0 2 | 3 | # cdxPropName 4 | 5 | ## Summary 6 | 7 | A name used in a CdxPropertyEntry name-value pair. 8 | 9 | ## Description 10 | 11 | A cdxPropName is used in a CdxPropertyEntry name-value pair. 12 | 13 | Unlike key-value stores, properties in CdxPropertiesExtension support duplicate 14 | names, each potentially having different values. 15 | 16 | ## Metadata 17 | 18 | - name: cdxPropName 19 | - Nature: DataProperty 20 | - Range: xsd:string 21 | -------------------------------------------------------------------------------- /model/SupplyChain/Classes/ReproduceProcess.md: -------------------------------------------------------------------------------- 1 | SPDX-License-Identifier: Community-Spec-1.0 2 | 3 | # ReproduceProcess 4 | 5 | ## Summary 6 | 7 | Reproduction is the biological process by which living organisms produce offspring. 8 | 9 | ## Description 10 | 11 | Reproduction is the biological process by which living organisms produce offspring. 12 | 13 | It occurs in plants, animals, and microorganisms. 14 | 15 | ## Metadata 16 | 17 | - name: ReproduceProcess 18 | - SubclassOf: CreateProcess 19 | - Instantiability: Concrete 20 | -------------------------------------------------------------------------------- /model/AI/Properties/typeOfModel.md: -------------------------------------------------------------------------------- 1 | SPDX-License-Identifier: Community-Spec-1.0 2 | 3 | # typeOfModel 4 | 5 | ## Summary 6 | 7 | Records the type of the model used in the AI software. 8 | 9 | ## Description 10 | 11 | A free-form text that records the type of the AI model(s) used in the software. 12 | 13 | For instance, if it is a supervised model, unsupervised model, reinforcement 14 | learning model or a combination of those. 15 | 16 | ## Metadata 17 | 18 | - name: typeOfModel 19 | - Nature: DataProperty 20 | - Range: xsd:string 21 | -------------------------------------------------------------------------------- /model/Core/Classes/Organization.md: -------------------------------------------------------------------------------- 1 | SPDX-License-Identifier: Community-Spec-1.0 2 | 3 | # Organization 4 | 5 | ## Summary 6 | 7 | A group of people who work together in an organized way for a shared purpose. 8 | 9 | ## Description 10 | 11 | An Organization is a group of people who work together in an organized way for a shared purpose. 12 | 13 | ## Metadata 14 | 15 | - name: Organization 16 | - SubclassOf: Agent 17 | - Instantiability: Concrete 18 | 19 | ## Properties 20 | 21 | - headquartersLocation 22 | - type: Location 23 | 24 | -------------------------------------------------------------------------------- /model/Extension/Properties/cdxPropValue.md: -------------------------------------------------------------------------------- 1 | SPDX-License-Identifier: Community-Spec-1.0 2 | 3 | # cdxPropValue 4 | 5 | ## Summary 6 | 7 | A value used in a CdxPropertyEntry name-value pair. 8 | 9 | ## Description 10 | 11 | A cdxPropValue is used in a CdxPropertyEntry name-value pair. 12 | 13 | Unlike key-value stores, properties in CdxPropertiesExtension support duplicate 14 | names, each potentially having different values. 15 | 16 | ## Metadata 17 | 18 | - name: cdxPropValue 19 | - Nature: DataProperty 20 | - Range: xsd:string 21 | -------------------------------------------------------------------------------- /model/Core/Properties/locationTime.md: -------------------------------------------------------------------------------- 1 | SPDX-License-Identifier: Community-Spec-1.0 2 | 3 | # locationTime 4 | 5 | ## Summary 6 | 7 | A known location is specified at this time. 8 | 9 | ## Description 10 | 11 | The locationTime establishes the relationship between a specific time and location. For example, at 8:45 the company's headquarters is located at this location. 12 | An action occurred at this location at this specific time. 13 | 14 | ## Metadata 15 | 16 | - name: locationTime 17 | - Nature: DataProperty 18 | - Range: DateTime 19 | -------------------------------------------------------------------------------- /model/Core/Properties/quantity.md: -------------------------------------------------------------------------------- 1 | SPDX-License-Identifier: Community-Spec-1.0 2 | 3 | # quantity 4 | 5 | ## Summary 6 | 7 | Quantity is the amount in the selected QUDT unit. 8 | 9 | ## Description 10 | 11 | Quantity is a property that defines the count, multitude or magnitude. 12 | 13 | Express it as an xsd:decimal whenever possible. 14 | If it is not an xsd:decimal, place the notation being used in the parent element's comment field. 15 | 16 | ## Metadata 17 | 18 | - name: quantity 19 | - Nature: DataProperty 20 | - Range: xsd:string 21 | -------------------------------------------------------------------------------- /model/Security/Properties/assessedElement.md: -------------------------------------------------------------------------------- 1 | SPDX-License-Identifier: Community-Spec-1.0 2 | 3 | # assessedElement 4 | 5 | ## Summary 6 | 7 | Specifies an Element contained in a piece of software where a vulnerability was 8 | found. 9 | 10 | ## Description 11 | 12 | Specifies subpackages, files or snippets referenced by a security assessment 13 | to specify the precise location where a vulnerability was found. 14 | 15 | ## Metadata 16 | 17 | - name: assessedElement 18 | - Nature: ObjectProperty 19 | - Range: /Software/SoftwareArtifact 20 | -------------------------------------------------------------------------------- /model/Core/Properties/requirementRationale.md: -------------------------------------------------------------------------------- 1 | SPDX-License-Identifier: Community-Spec-1.0 2 | 3 | # requirementRationale 4 | 5 | ## Summary 6 | 7 | Text used to define the rationale or additional information. 8 | 9 | ## Description 10 | 11 | Additional detail used to define the reason or justification for the existence of the requirement. The rationale is usually less formal than the wording of the requirement statement itself. 12 | 13 | ## Metadata 14 | 15 | - name: requirementRationale 16 | - Nature: DataProperty 17 | - Range: xsd:string 18 | -------------------------------------------------------------------------------- /model/Dataset/Properties/dataCollectionProcess.md: -------------------------------------------------------------------------------- 1 | SPDX-License-Identifier: Community-Spec-1.0 2 | 3 | # dataCollectionProcess 4 | 5 | ## Summary 6 | 7 | Describes how the dataset was collected. 8 | 9 | ## Description 10 | 11 | A free-form text that describes how a dataset was collected. 12 | 13 | Examples include the sources from which a dataset was scrapped and 14 | the interview protocol that was used for data collection. 15 | 16 | ## Metadata 17 | 18 | - name: dataCollectionProcess 19 | - Nature: DataProperty 20 | - Range: xsd:string 21 | -------------------------------------------------------------------------------- /model/Hardware/Hardware.md: -------------------------------------------------------------------------------- 1 | SPDX-License-Identifier: Community-Spec-1.0 2 | 3 | # Hardware 4 | 5 | ## Summary 6 | 7 | The Hardware profile provides metadata that describes hardware. 8 | 9 | ## Description 10 | 11 | The Hardware namespace defines metadata related to physical and virtual hardware properties. 12 | Hardware is any product, real or virtual. A product is tangible and is the result of labor, or of a natural or artificial process. 13 | 14 | ## Metadata 15 | 16 | - id: https://spdx.org/rdf/3.1/terms/Hardware 17 | - name: Hardware 18 | -------------------------------------------------------------------------------- /model/Security/Properties/score.md: -------------------------------------------------------------------------------- 1 | SPDX-License-Identifier: Community-Spec-1.0 2 | 3 | # score 4 | 5 | ## Summary 6 | 7 | Provides a numerical (0-10) representation of the severity of a vulnerability. 8 | 9 | ## Description 10 | 11 | The score provides information on the severity of a vulnerability per the 12 | Common Vulnerability Scoring System as defined by 13 | [Forum of Incident Response and Security Teams](https://www.first.org/cvss/). 14 | 15 | ## Metadata 16 | 17 | - name: score 18 | - Nature: DataProperty 19 | - Range: xsd:decimal 20 | -------------------------------------------------------------------------------- /model/SupplyChain/Classes/StorageProcess.md: -------------------------------------------------------------------------------- 1 | SPDX-License-Identifier: Community-Spec-1.0 2 | 3 | # StorageProcess 4 | 5 | ## Summary 6 | 7 | Prescribes the storage of a product. 8 | 9 | ## Description 10 | 11 | A StorageProcess expresses the planned storage of product in an optionally-specified location. 12 | 13 | ## Metadata 14 | 15 | - name: StorageProcess 16 | - SubclassOf: ModifyProcess 17 | - Instantiability: Concrete 18 | 19 | ## Properties 20 | 21 | - plannedStorageLocation 22 | - type: /Core/Location 23 | - minCount: 0 24 | 25 | -------------------------------------------------------------------------------- /model/AI/Properties/modelDataPreprocessing.md: -------------------------------------------------------------------------------- 1 | SPDX-License-Identifier: Community-Spec-1.0 2 | 3 | # modelDataPreprocessing 4 | 5 | ## Summary 6 | 7 | Describes all the preprocessing steps applied to the training data before the 8 | model training. 9 | 10 | ## Description 11 | 12 | A free-form text that describes the preprocessing steps applied to the training 13 | data before training of the model(s) contained in the AI software. 14 | 15 | ## Metadata 16 | 17 | - name: modelDataPreprocessing 18 | - Nature: DataProperty 19 | - Range: xsd:string 20 | -------------------------------------------------------------------------------- /model/Core/Classes/Agent.md: -------------------------------------------------------------------------------- 1 | SPDX-License-Identifier: Community-Spec-1.0 2 | 3 | # Agent 4 | 5 | ## Summary 6 | 7 | Agent represents anything with the potential to act on a system. 8 | 9 | ## Description 10 | 11 | The Agent class represents anything that has the potential to act on a system. 12 | 13 | This could be a person, organization, software agent, etc. 14 | 15 | This is not to be confused with tools that are used to perform tasks. 16 | 17 | ## Metadata 18 | 19 | - name: Agent 20 | - SubclassOf: Element 21 | - Instantiability: Concrete 22 | -------------------------------------------------------------------------------- /model/SupplyChain/Classes/ChangeProcess.md: -------------------------------------------------------------------------------- 1 | SPDX-License-Identifier: Community-Spec-1.0 2 | 3 | # ChangeProcess 4 | 5 | ## Summary 6 | 7 | A prescribed change to a product. 8 | 9 | ## Description 10 | 11 | A ChangeProcess is a planned process causing an intentional change to a product, such as an adjustment. 12 | 13 | ## Metadata 14 | 15 | - name: ChangeProcess 16 | - SubclassOf: ModifyProcess 17 | - Instantiability: Concrete 18 | 19 | ## External properties restrictions 20 | 21 | - /Core/DefinedProcess/processRationale 22 | - minCount: 1 23 | -------------------------------------------------------------------------------- /model/SupplyChain/Classes/ManufactureAction.md: -------------------------------------------------------------------------------- 1 | SPDX-License-Identifier: Community-Spec-1.0 2 | 3 | # ManufactureAction 4 | 5 | ## Summary 6 | 7 | ManufactureAction represents the act of creating a product by a manufacturing process. 8 | 9 | ## Description 10 | 11 | ManufactureAction refers to an event where goods are created using materials or ingredients, typically resulting in a product that cannot be easily disassembled. 12 | 13 | ## Metadata 14 | 15 | - name: ManufactureAction 16 | - SubclassOf: CreateAction 17 | - Instantiability: Concrete 18 | -------------------------------------------------------------------------------- /model/SupplyChain/Classes/TestAction.md: -------------------------------------------------------------------------------- 1 | SPDX-License-Identifier: Community-Spec-1.0 2 | 3 | # TestAction 4 | 5 | ## Summary 6 | 7 | A test action is a specific action associated with a test. 8 | 9 | ## Description 10 | 11 | A test action is a specific action associated with a test. 12 | The execution of a test is a test action. 13 | 14 | ## Metadata 15 | 16 | - name: TestAction 17 | - SubclassOf: UseAction 18 | - Instantiability: Concrete 19 | 20 | ## External properties restrictions 21 | 22 | - /Core/Element/description 23 | - minCount: 1 24 | -------------------------------------------------------------------------------- /model/AI/Properties/trainingEnergyConsumption.md: -------------------------------------------------------------------------------- 1 | SPDX-License-Identifier: Community-Spec-1.0 2 | 3 | # trainingEnergyConsumption 4 | 5 | ## Summary 6 | 7 | Specifies the amount of energy consumed when training the AI model that is 8 | being used in the AI system. 9 | 10 | ## Description 11 | 12 | The field specifies the amount of energy consumed when training the AI model 13 | that is being used in the AI system. 14 | 15 | ## Metadata 16 | 17 | - name: trainingEnergyConsumption 18 | - Nature: ObjectProperty 19 | - Range: EnergyConsumptionDescription 20 | -------------------------------------------------------------------------------- /model/Core/Vocabularies/AnnotationType.md: -------------------------------------------------------------------------------- 1 | SPDX-License-Identifier: Community-Spec-1.0 2 | 3 | # AnnotationType 4 | 5 | ## Summary 6 | 7 | Specifies the type of an annotation. 8 | 9 | ## Description 10 | 11 | AnnotationType specifies the type of an annotation. 12 | 13 | ## Metadata 14 | 15 | - name: AnnotationType 16 | 17 | ## Entries 18 | 19 | - other: Used to store extra information about an Element which is not part of a review (e.g. extra information provided during the creation of the Element). 20 | - review: Used when someone reviews the Element. 21 | -------------------------------------------------------------------------------- /model/Hardware/Properties/centerOfMass.md: -------------------------------------------------------------------------------- 1 | SPDX-License-Identifier: Community-Spec-1.0 2 | 3 | # centerOfMass 4 | 5 | ## Summary 6 | 7 | A point representing the mean position of the matter in a body or system. 8 | 9 | ## Description 10 | 11 | The mass-center is a fixed property for a given rigid body (e.g. with no slosh or articulation), whereas the center-of-gravity may, in addition, depend upon its orientation in a non-uniform gravitational field. 12 | 13 | ## Metadata 14 | 15 | - name: centerOfMass 16 | - Nature: ObjectProperty 17 | - Range: Dimensions 18 | -------------------------------------------------------------------------------- /model/AI/Properties/finetuningEnergyConsumption.md: -------------------------------------------------------------------------------- 1 | SPDX-License-Identifier: Community-Spec-1.0 2 | 3 | # finetuningEnergyConsumption 4 | 5 | ## Summary 6 | 7 | Specifies the amount of energy consumed when finetuning the AI model that is 8 | being used in the AI system. 9 | 10 | ## Description 11 | 12 | The field specifies the amount of energy consumed when finetuning the AI model 13 | that is being used in the AI system. 14 | 15 | ## Metadata 16 | 17 | - name: finetuningEnergyConsumption 18 | - Nature: ObjectProperty 19 | - Range: EnergyConsumptionDescription 20 | -------------------------------------------------------------------------------- /model/Core/Properties/intendedUse.md: -------------------------------------------------------------------------------- 1 | SPDX-License-Identifier: Community-Spec-1.0 2 | 3 | # intendedUse 4 | 5 | ## Summary 6 | 7 | The intendedUse property is designed to capture a summary of how or for what item or artifact is meant to be used for. 8 | 9 | ## Description 10 | 11 | The intendedUse field allows users to enter a free-form textual description outlining the scope and boundaries of appropriate or intended applications for the item or artifact. 12 | 13 | ## Metadata 14 | 15 | - name: intendedUse 16 | - Nature: DataProperty 17 | - Range: xsd:string 18 | -------------------------------------------------------------------------------- /model/SupplyChain/Classes/StorageAction.md: -------------------------------------------------------------------------------- 1 | SPDX-License-Identifier: Community-Spec-1.0 2 | 3 | # StorageAction 4 | 5 | ## Summary 6 | 7 | Records the storage of a product. 8 | 9 | ## Description 10 | 11 | A StorageAction expresses the actual storage of product in a specific location. 12 | 13 | ## Metadata 14 | 15 | - name: StorageAction 16 | - SubclassOf: ModifyAction 17 | - Instantiability: Concrete 18 | 19 | ## External properties restrictions 20 | 21 | - /Core/Element/description 22 | - minCount: 1 23 | - /Core/Action/actionLocation 24 | - minCount: 1 25 | -------------------------------------------------------------------------------- /model/Core/Classes/IndividualElement.md: -------------------------------------------------------------------------------- 1 | SPDX-License-Identifier: Community-Spec-1.0 2 | 3 | # IndividualElement 4 | 5 | ## Summary 6 | 7 | A concrete subclass of Element used by Individuals in the 8 | Core profile. 9 | 10 | ## Description 11 | 12 | Individuals, such as NoneElement and NoAssertionElement, need to reference a 13 | concrete subclass of Element. 14 | 15 | This class provides the type used by the individuals defined in the Core profile. 16 | 17 | ## Metadata 18 | 19 | - name: IndividualElement 20 | - SubclassOf: Element 21 | - Instantiability: Concrete 22 | -------------------------------------------------------------------------------- /model/Dataset/Properties/datasetNoise.md: -------------------------------------------------------------------------------- 1 | SPDX-License-Identifier: Community-Spec-1.0 2 | 3 | # datasetNoise 4 | 5 | ## Summary 6 | 7 | Describes potentially noisy elements of the dataset. 8 | 9 | ## Description 10 | 11 | Describes what kinds of noises a dataset can encompass. 12 | 13 | The free-form text specifies fields or samples that can be noisy. 14 | 15 | Alternatively, it can also be used to describe various noises that can 16 | impact the whole dataset. 17 | 18 | ## Metadata 19 | 20 | - name: datasetNoise 21 | - Nature: DataProperty 22 | - Range: xsd:string 23 | -------------------------------------------------------------------------------- /model/SupplyChain/Classes/DestroyProcess.md: -------------------------------------------------------------------------------- 1 | SPDX-License-Identifier: Community-Spec-1.0 2 | 3 | # DestroyProcess 4 | 5 | ## Summary 6 | 7 | The destruction process is defined in this process. 8 | 9 | ## Description 10 | 11 | Destroyed means to render an item useless. The destroyed process defines the method used to destroy an item. 12 | 13 | ## Metadata 14 | 15 | - name: DestroyProcess 16 | - SubclassOf: /Core/DefinedProcess 17 | - Instantiability: Concrete 18 | 19 | ## External properties restrictions 20 | 21 | - /Core/Element/description 22 | - minCount: 1 23 | -------------------------------------------------------------------------------- /model/Core/Properties/contentType.md: -------------------------------------------------------------------------------- 1 | SPDX-License-Identifier: Community-Spec-1.0 2 | 3 | # contentType 4 | 5 | ## Summary 6 | 7 | Provides information about the content type of an Element or a property. 8 | 9 | ## Description 10 | 11 | This field is a reasonable estimation of the content type of the Element or the 12 | property, from a creator perspective. 13 | 14 | Content type is intrinsic to the Element or the property, independent of how it 15 | is being used. 16 | 17 | ## Metadata 18 | 19 | - name: contentType 20 | - Nature: DataProperty 21 | - Range: MediaType 22 | -------------------------------------------------------------------------------- /model/Core/Properties/unitQUDT.md: -------------------------------------------------------------------------------- 1 | SPDX-License-Identifier: Community-Spec-1.0 2 | 3 | # unitQUDT 4 | 5 | ## Summary 6 | 7 | QUDT unit is used for measurement criteria based on product type, region and use. 8 | 9 | ## Description 10 | 11 | QUDT units are used to describe measurable quantities, units for measuring different kinds of quantities, the numerical values of quantities in different units of measure and the data structures and data types. https://www.qudt.org/ 12 | 13 | ## Metadata 14 | 15 | - name: unitQUDT 16 | - Nature: DataProperty 17 | - Range: xsd:string 18 | -------------------------------------------------------------------------------- /model/AI/Properties/inferenceEnergyConsumption.md: -------------------------------------------------------------------------------- 1 | SPDX-License-Identifier: Community-Spec-1.0 2 | 3 | # inferenceEnergyConsumption 4 | 5 | ## Summary 6 | 7 | Specifies the amount of energy consumed during inference time by an AI model 8 | that is being used in the AI system. 9 | 10 | ## Description 11 | 12 | The field specifies the amount of energy consumed during inference time by an 13 | AI model that is being used in the AI system. 14 | 15 | ## Metadata 16 | 17 | - name: inferenceEnergyConsumption 18 | - Nature: ObjectProperty 19 | - Range: EnergyConsumptionDescription 20 | -------------------------------------------------------------------------------- /model/Core/Classes/MeasureOfMass.md: -------------------------------------------------------------------------------- 1 | SPDX-License-Identifier: Community-Spec-1.0 2 | 3 | # MeasureOfMass 4 | 5 | ## Summary 6 | 7 | The measure of mass refers to the quantity of matter in an object or substance. 8 | 9 | ## Description 10 | 11 | The measure of mass refers to the quantity of matter in an object or substance. Mass is a fundamental property of matter and is typically measured in various units depending on the system of measurement being used. 12 | 13 | ## Metadata 14 | 15 | - name: MeasureOfMass 16 | - SubclassOf: UnitOfMeasure 17 | - Instantiability: Concrete 18 | -------------------------------------------------------------------------------- /model/Core/Properties/rootElement.md: -------------------------------------------------------------------------------- 1 | SPDX-License-Identifier: Community-Spec-1.0 2 | 3 | # rootElement 4 | 5 | ## Summary 6 | 7 | This property is used to denote the root Element(s) of a tree of elements contained in a BOM. 8 | 9 | ## Description 10 | 11 | This property is used to denote the root Element(s) of a tree of elements contained in a BOM. 12 | The tree consists of other elements directly and indirectly related through properties or Relationships from the root. 13 | 14 | ## Metadata 15 | 16 | - name: rootElement 17 | - Nature: ObjectProperty 18 | - Range: Element 19 | -------------------------------------------------------------------------------- /model/AI/Properties/metric.md: -------------------------------------------------------------------------------- 1 | SPDX-License-Identifier: Community-Spec-1.0 2 | 3 | # metric 4 | 5 | ## Summary 6 | 7 | Records the measurement of prediction quality of the AI model. 8 | 9 | ## Description 10 | 11 | Records the measurement with which the AI model was evaluated. 12 | 13 | This makes statements about the prediction quality including uncertainty, 14 | accuracy, characteristics of the tested population, quality, fairness, 15 | explainability, robustness etc. 16 | 17 | ## Metadata 18 | 19 | - name: metric 20 | - Nature: ObjectProperty 21 | - Range: /Core/DictionaryEntry 22 | -------------------------------------------------------------------------------- /model/Core/Properties/createdUsing.md: -------------------------------------------------------------------------------- 1 | SPDX-License-Identifier: Community-Spec-1.0 2 | 3 | # createdUsing 4 | 5 | ## Summary 6 | 7 | Identifies the tooling that was used during the creation of the Element. 8 | 9 | ## Description 10 | 11 | CreatedUsing identifies the tooling that was used during the creation of the 12 | Element. 13 | 14 | The generation method will assist the recipient of the Element in assessing 15 | the general reliability/accuracy of the analysis information. 16 | 17 | ## Metadata 18 | 19 | - name: createdUsing 20 | - Nature: ObjectProperty 21 | - Range: Tool 22 | -------------------------------------------------------------------------------- /serialization/jsonld/examples/file1.json: -------------------------------------------------------------------------------- 1 | { 2 | "@context": "https://spdx.org/rdf/3.0.0/spdx-context.jsonld", 3 | "type": "software_File", 4 | "spdxId": "https://some.namespace#file1", 5 | "creationInfo": { 6 | "type": "CreationInfo", 7 | "specVersion": "3.0.0", 8 | "created": "2022-12-01T00:00:00Z", 9 | "createdBy": ["https://spdx.dev/elements/3F26391C#spdx-dev"] 10 | }, 11 | "name": "model.png", 12 | "contentType": "image/png", 13 | "software_primaryPurpose": "documentation", 14 | "originatedBy": ["https://spdx.dev/elements/3F26391C#spdx-dev"] 15 | } 16 | -------------------------------------------------------------------------------- /.github/workflows/test_context.py: -------------------------------------------------------------------------------- 1 | # SPDX-License-Identifier: Apache-2.0 2 | # SPDX-FileCopyrightText: Copyright 2023 spdx contributors 3 | 4 | import sys 5 | from rdflib import Graph 6 | 7 | def parseString(data: str) -> Graph: 8 | return Graph().parse(data=data, format='json-ld') 9 | 10 | def testLocalContext(context_file: str) -> Graph: 11 | data = "{ \"@context\": [ \"" + context_file + "\" ], \"@graph\": [ ] }" 12 | parseString(data) 13 | 14 | 15 | if __name__ == '__main__': 16 | # run testLocalContext with first argument as context file 17 | testLocalContext(sys.argv[1]) 18 | -------------------------------------------------------------------------------- /model/Dataset/Properties/datasetAvailability.md: -------------------------------------------------------------------------------- 1 | SPDX-License-Identifier: Community-Spec-1.0 2 | 3 | # datasetAvailability 4 | 5 | ## Summary 6 | 7 | The field describes the availability of a dataset. 8 | 9 | ## Description 10 | 11 | Some datasets are publicly available and can be downloaded directly. Others are only accessible behind a clickthrough, or after filling a registration form. This field will describe the dataset availability from that perspective. 12 | 13 | ## Metadata 14 | 15 | - name: datasetAvailability 16 | - Nature: ObjectProperty 17 | - Range: DatasetAvailabilityType 18 | -------------------------------------------------------------------------------- /model/Security/Properties/percentile.md: -------------------------------------------------------------------------------- 1 | SPDX-License-Identifier: Community-Spec-1.0 2 | 3 | # percentile 4 | 5 | ## Summary 6 | 7 | The percentile of the current probability score. 8 | 9 | ## Description 10 | 11 | The percentile between 0 and 1 (0 and 100%) of the current probability score, 12 | the proportion of all scored vulnerabilities with the same or a lower 13 | probability score. The definition follows "percentile" in 14 | [EPSS Data](https://www.first.org/epss/data_stats). 15 | 16 | ## Metadata 17 | 18 | - name: percentile 19 | - Nature: DataProperty 20 | - Range: xsd:decimal 21 | -------------------------------------------------------------------------------- /model/Dataset/Properties/datasetType.md: -------------------------------------------------------------------------------- 1 | SPDX-License-Identifier: Community-Spec-1.0 2 | 3 | # datasetType 4 | 5 | ## Summary 6 | 7 | Describes the type of the given dataset. 8 | 9 | ## Description 10 | 11 | Describes the datatype contained in the dataset. 12 | 13 | For example, a dataset can be an image dataset for computer vision applications, a text dataset such as the contents of a book or Wikipedia article, or sometimes a multimodal dataset that contains multiple types of data. 14 | 15 | ## Metadata 16 | 17 | - name: datasetType 18 | - Nature: ObjectProperty 19 | - Range: DatasetType 20 | -------------------------------------------------------------------------------- /model/ExpandedLicensing/Individuals/NoneLicense.md: -------------------------------------------------------------------------------- 1 | SPDX-License-Identifier: Community-Spec-1.0 2 | 3 | # NoneLicense 4 | 5 | ## Summary 6 | 7 | An Individual Value for License where the SPDX data creator determines that no 8 | license is present. 9 | 10 | ## Description 11 | 12 | NoneLicense shall be used if the SPDX creator determines there is no license 13 | available for this Artifact. 14 | 15 | ## Metadata 16 | 17 | - name: NoneLicense 18 | - type: IndividualLicensingInfo 19 | - IRI: https://spdx.org/rdf/3.1/terms/Licensing/None 20 | 21 | ## Property Values 22 | 23 | - name: "NONE" 24 | -------------------------------------------------------------------------------- /model/SupplyChain/Properties/responsibilityCategory.md: -------------------------------------------------------------------------------- 1 | SPDX-License-Identifier: Community-Spec-1.0 2 | 3 | # responsibilityCategory 4 | 5 | ## Summary 6 | 7 | Requirements can be categorized into various types based on their focus, purpose, and scope. 8 | 9 | ## Description 10 | 11 | Requirements can be categorized into various types based on their focus, purpose, and scope. This helps in organizing them more effectively for analysis, validation, and implementation. 12 | 13 | ## Metadata 14 | 15 | - name: responsibilityCategory 16 | - Nature: ObjectProperty 17 | - Range: ResponsibilityType 18 | -------------------------------------------------------------------------------- /model/AI/Properties/limitation.md: -------------------------------------------------------------------------------- 1 | SPDX-License-Identifier: Community-Spec-1.0 2 | 3 | # limitation 4 | 5 | ## Summary 6 | 7 | Captures a limitation of the AI software. 8 | 9 | ## Description 10 | 11 | A free-form text that captures a limitation of the AI package 12 | (or of the AI models present in the AI package). 13 | 14 | Note that this is not guaranteed to be exhaustive. 15 | 16 | For instance, a limitation can be that the AI package is having poor accuracy 17 | for a certain demography. 18 | 19 | ## Metadata 20 | 21 | - name: limitation 22 | - Nature: DataProperty 23 | - Range: xsd:string 24 | -------------------------------------------------------------------------------- /model/AI/Vocabularies/EnergyUnitType.md: -------------------------------------------------------------------------------- 1 | SPDX-License-Identifier: Community-Spec-1.0 2 | 3 | # EnergyUnitType 4 | 5 | ## Summary 6 | 7 | Specifies the unit of energy consumption. 8 | 9 | ## Description 10 | 11 | List the different acceptable units for measuring energy consumption. 12 | 13 | If the unit in which the energy consumption has been recorded 14 | is not listed here, please select "other". 15 | 16 | ## Metadata 17 | 18 | - name: EnergyUnitType 19 | 20 | ## Entries 21 | 22 | - kilowattHour: Kilowatt-hour. 23 | - megajoule: Megajoule. 24 | - other: Any other units of energy measurement. 25 | -------------------------------------------------------------------------------- /model/Core/Datatypes/DateTime.md: -------------------------------------------------------------------------------- 1 | SPDX-License-Identifier: Community-Spec-1.0 2 | 3 | # DateTime 4 | 5 | ## Summary 6 | 7 | A string representing a specific date and time. 8 | 9 | ## Description 10 | 11 | A DateTime is a string representation of a specific date and time. 12 | 13 | It has resolution of seconds and is always expressed in UTC time zone. 14 | 15 | The specific format is one of the most commonly used ISO-8601 formats. 16 | 17 | ## Metadata 18 | 19 | - name: DateTime 20 | - SubclassOf: xsd:dateTimeStamp 21 | 22 | ## Format 23 | 24 | - pattern: ^\d\d\d\d-\d\d-\d\dT\d\d:\d\d:\d\dZ$ 25 | -------------------------------------------------------------------------------- /model/Hardware/Vocabularies/VirtualHardwareModelType.md: -------------------------------------------------------------------------------- 1 | SPDX-License-Identifier: Community-Spec-1.0 2 | 3 | # VirtualHardwareModelType 4 | 5 | ## Summary 6 | 7 | VirtualHardwareModelType sets the VirtualHardware Model Type. 8 | 9 | ## Description 10 | 11 | VirtualHardwareModelType sets the VirtualHardware set the simulation process. 12 | 13 | ## Metadata 14 | 15 | - name: VirtualHardwareModelType 16 | 17 | ## Entries 18 | 19 | - function: Simulation the function of the hardware. 20 | - cycle: Simulation architectures with precise cycle-level accuracy. 21 | - other: All other simulation types. 22 | -------------------------------------------------------------------------------- /model/Security/Properties/actionStatement.md: -------------------------------------------------------------------------------- 1 | SPDX-License-Identifier: Community-Spec-1.0 2 | 3 | # actionStatement 4 | 5 | ## Summary 6 | 7 | Provides advise on how to mitigate or remediate a vulnerability when a VEX product 8 | is affected by it. 9 | 10 | ## Description 11 | 12 | When an element is referenced with a VexAffectedVulnAssessmentRelationship, 13 | the relationship shall include one actionStatement that should describe actions 14 | to remediate or mitigate the vulnerability. 15 | 16 | ## Metadata 17 | 18 | - name: actionStatement 19 | - Nature: DataProperty 20 | - Range: xsd:string 21 | -------------------------------------------------------------------------------- /model/Security/Properties/probability.md: -------------------------------------------------------------------------------- 1 | SPDX-License-Identifier: Community-Spec-1.0 2 | 3 | # probability 4 | 5 | ## Summary 6 | 7 | A probability score between 0 and 1 of a vulnerability being exploited. 8 | 9 | ## Description 10 | 11 | The probability score between 0 and 1 (0 and 100%) estimating the likelihood of 12 | exploitation in the wild in the next 30 days (following score publication). 13 | The definition follows "epss" in 14 | [EPSS Data](https://www.first.org/epss/data_stats). 15 | 16 | ## Metadata 17 | 18 | - name: probability 19 | - Nature: DataProperty 20 | - Range: xsd:decimal 21 | -------------------------------------------------------------------------------- /model/SupplyChain/Properties/transportRoute.md: -------------------------------------------------------------------------------- 1 | SPDX-License-Identifier: Community-Spec-1.0 2 | 3 | # transportRoute 4 | 5 | ## Summary 6 | 7 | A transport route refers to the specific path or network used to move people, goods, data, or resources from one location to another. 8 | 9 | ## Description 10 | 11 | A transport route is the path taken by people, products, goods, data or resources. Transport routes vary by product type, safety requirements, business constraints or other factors. 12 | 13 | ## Metadata 14 | 15 | - name: transportRoute 16 | - Nature: DataProperty 17 | - Range: xsd:string 18 | -------------------------------------------------------------------------------- /model/Software/Vocabularies/FileKindType.md: -------------------------------------------------------------------------------- 1 | SPDX-License-Identifier: Community-Spec-1.0 2 | 3 | # FileKindType 4 | 5 | ## Summary 6 | 7 | Enumeration of the different kinds of SPDX file. 8 | 9 | ## Description 10 | 11 | An SPDX file may represent a file on disk or a directory of files. 12 | 13 | In the future, this may be extended to other kinds (e.g. network based files). 14 | 15 | ## Metadata 16 | 17 | - name: FileKindType 18 | 19 | ## Entries 20 | 21 | - file: The file represents a single file (default). 22 | - directory: The file represents a directory and all content stored in that directory. 23 | -------------------------------------------------------------------------------- /model/Extension/Properties/cdxProperty.md: -------------------------------------------------------------------------------- 1 | SPDX-License-Identifier: Community-Spec-1.0 2 | 3 | # cdxProperty 4 | 5 | ## Summary 6 | 7 | Provides a map of a property name to a value. 8 | 9 | ## Description 10 | 11 | This field provides a mapping of a name to a value. 12 | 13 | This is intended to be compatible with the CycloneDX property `properties`. 14 | 15 | Unlike key-value stores, properties in CdxPropertiesExtension support duplicate 16 | names, each potentially having different values. 17 | 18 | ## Metadata 19 | 20 | - name: cdxProperty 21 | - Nature: ObjectProperty 22 | - Range: CdxPropertyEntry 23 | -------------------------------------------------------------------------------- /serialization/jsonld/examples/agent1.json: -------------------------------------------------------------------------------- 1 | { 2 | "@context": "https://spdx.org/rdf/3.0.0/spdx-context.jsonld", 3 | "type": "Agent", 4 | "spdxId": "https://some.namespace#agent1", 5 | "creationInfo": { 6 | "type": "CreationInfo", 7 | "specVersion": "3.0.0", 8 | "created": "2022-12-01T00:00:00Z", 9 | "createdBy": ["https://spdx.dev/elements/3F26391C#spdx-dev"] 10 | }, 11 | "name": "John Smith", 12 | "externalIdentifier": [ 13 | { 14 | "type": "ExternalIdentifier", 15 | "externalIdentifierType": "email", 16 | "identifier": "info@acme.com" 17 | } 18 | ] 19 | } 20 | -------------------------------------------------------------------------------- /model/Build/Properties/configSourceDigest.md: -------------------------------------------------------------------------------- 1 | SPDX-License-Identifier: Community-Spec-1.0 2 | 3 | # configSourceDigest 4 | 5 | ## Summary 6 | 7 | Property that describes the digest of the build configuration file used to 8 | invoke a build. 9 | 10 | ## Description 11 | 12 | configSourceDigest is the checksum of the build configuration file used by a 13 | builder to execute a build, according to the buildType. 14 | 15 | This property uses the Core model's [Hash](../../Core/Classes/Hash.md) class. 16 | 17 | ## Metadata 18 | 19 | - name: configSourceDigest 20 | - Nature: ObjectProperty 21 | - Range: /Core/Hash 22 | -------------------------------------------------------------------------------- /model/Dataset/Properties/hasSensitivePersonalInformation.md: -------------------------------------------------------------------------------- 1 | SPDX-License-Identifier: Community-Spec-1.0 2 | 3 | # hasSensitivePersonalInformation 4 | 5 | ## Summary 6 | 7 | Describes if any sensitive personal information is present in the dataset. 8 | 9 | ## Description 10 | 11 | Indicates the presence of sensitive personal data 12 | or information that allows drawing conclusions about a person's identity. 13 | 14 | Related: `useSensitivePersonalInformation` in `/AI/AIPackage` 15 | 16 | ## Metadata 17 | 18 | - name: hasSensitivePersonalInformation 19 | - Nature: ObjectProperty 20 | - Range: /Core/PresenceType 21 | -------------------------------------------------------------------------------- /model/SupplyChain/Classes/BoundaryDefinitionProcess.md: -------------------------------------------------------------------------------- 1 | SPDX-License-Identifier: Community-Spec-1.0 2 | 3 | # BoundaryDefinitionProcess 4 | 5 | ## Summary 6 | 7 | The Boundary Definition Process refers to the process class used to produce boundaries. 8 | 9 | ## Description 10 | 11 | This is the process of defining boundaries for the creation of a region. 12 | 13 | ## Metadata 14 | 15 | - name: BoundaryDefinitionProcess 16 | - SubclassOf: /Core/DefinedProcess 17 | - Instantiability: Concrete 18 | 19 | ## External properties restrictions 20 | 21 | - /Core/DefinedProcess/processRationale 22 | - minCount: 1 23 | -------------------------------------------------------------------------------- /serialization/jsonld/examples/relationship1.json: -------------------------------------------------------------------------------- 1 | { 2 | "@context": "https://spdx.org/rdf/3.0.0/spdx-context.jsonld", 3 | "type": "Relationship", 4 | "spdxId": "https://some.namespace#relationship1", 5 | "creationInfo": { 6 | "type": "CreationInfo", 7 | "specVersion": "3.0.0", 8 | "created": "2022-12-01T00:00:00Z", 9 | "createdBy": ["https://spdx.dev/elements/3F26391C#spdx-dev"] 10 | }, 11 | "from": "https://some.namespace#SPDXRef-Package", 12 | "to": [ 13 | "https://some.namespace#file1", 14 | "https://some.namespace#file2" 15 | ], 16 | "relationshipType": "contains" 17 | } 18 | -------------------------------------------------------------------------------- /model/SupplyChain/Classes/InstantiateVirtualHardwareProcess.md: -------------------------------------------------------------------------------- 1 | SPDX-License-Identifier: Community-Spec-1.0 2 | 3 | # InstantiateVirtualHardwareProcess 4 | 5 | ## Summary 6 | 7 | Class that describes an InstantiateVirtualHardwareProcess that is used to define VirtualHardware and its source. 8 | 9 | ## Description 10 | 11 | InstantiateVirtualHardwareProcess is a class defining the process needed to instantiate an 'VirtualHardware' defined by running software package(s). 12 | 13 | ## Metadata 14 | 15 | - name: InstantiateVirtualHardwareProcess 16 | - SubclassOf: CreateProcess 17 | - Instantiability: Concrete 18 | 19 | -------------------------------------------------------------------------------- /serialization/jsonld/examples/person1.json: -------------------------------------------------------------------------------- 1 | { 2 | "@context": "https://spdx.org/rdf/3.0.0/spdx-context.jsonld", 3 | "type": "Person", 4 | "spdxId": "https://some.namespace#john_smith", 5 | "creationInfo": { 6 | "type": "CreationInfo", 7 | "specVersion": "3.0.0", 8 | "created": "2022-12-01T00:00:00Z", 9 | "createdBy": ["https://spdx.dev/elements/3F26391C#spdx-dev"] 10 | }, 11 | "name": "John Smith", 12 | "externalIdentifier": [ 13 | { 14 | "type": "ExternalIdentifier", 15 | "externalIdentifierType": "email", 16 | "identifier": "john@smith.com" 17 | } 18 | ] 19 | } 20 | -------------------------------------------------------------------------------- /model/Build/Properties/buildId.md: -------------------------------------------------------------------------------- 1 | SPDX-License-Identifier: Community-Spec-1.0 2 | 3 | # buildId 4 | 5 | ## Summary 6 | 7 | A buildId is a locally unique identifier used by a builder to identify a unique 8 | instance of a build produced by it. 9 | 10 | ## Description 11 | 12 | A buildId is a locally unique identifier to identify a unique instance of a 13 | build, according to the buildType. 14 | 15 | This identifier differs based on build toolchain, platform, or naming 16 | convention used by an organization or standard. 17 | 18 | ## Metadata 19 | 20 | - name: buildId 21 | - Nature: DataProperty 22 | - Range: xsd:string 23 | -------------------------------------------------------------------------------- /model/Core/Properties/namespaceMap.md: -------------------------------------------------------------------------------- 1 | SPDX-License-Identifier: Community-Spec-1.0 2 | 3 | # namespaceMap 4 | 5 | ## Summary 6 | 7 | Provides a NamespaceMap of prefixes and associated namespace partial URIs applicable to an SpdxDocument and independent of any specific serialization format or instance. 8 | 9 | ## Description 10 | 11 | This field provides a NamespaceMap of prefixes and associated namespace partial URIs applicable to an SpdxDocument and independent of any specific serialization format or instance. 12 | 13 | ## Metadata 14 | 15 | - name: namespaceMap 16 | - Nature: ObjectProperty 17 | - Range: NamespaceMap 18 | -------------------------------------------------------------------------------- /model/Core/Properties/packageVerificationCodeExcludedFile.md: -------------------------------------------------------------------------------- 1 | SPDX-License-Identifier: Community-Spec-1.0 2 | 3 | # packageVerificationCodeExcludedFile 4 | 5 | ## Summary 6 | 7 | The relative file name of a file to be excluded from the 8 | `PackageVerificationCode`. 9 | 10 | ## Description 11 | 12 | A relative filename with the root of the package archive or directory 13 | referencing a file to be excluded from the `PackageVerificationCode`. 14 | 15 | Every filename is preceded with a `./`. 16 | 17 | ## Metadata 18 | 19 | - name: packageVerificationCodeExcludedFile 20 | - Nature: DataProperty 21 | - Range: xsd:string 22 | -------------------------------------------------------------------------------- /model/Core/Properties/relationshipType.md: -------------------------------------------------------------------------------- 1 | SPDX-License-Identifier: Community-Spec-1.0 2 | 3 | # relationshipType 4 | 5 | ## Summary 6 | 7 | Information about the relationship between two Elements. 8 | 9 | ## Description 10 | 11 | This field provides information about the relationship between two Elements. 12 | 13 | For example, you can represent a relationship between two different Files, 14 | between a Package and a File, between two Packages, or between one SpdxDocument 15 | and another SpdxDocument. 16 | 17 | ## Metadata 18 | 19 | - name: relationshipType 20 | - Nature: ObjectProperty 21 | - Range: RelationshipType 22 | -------------------------------------------------------------------------------- /model/Core/Properties/verifiedUsing.md: -------------------------------------------------------------------------------- 1 | SPDX-License-Identifier: Community-Spec-1.0 2 | 3 | # verifiedUsing 4 | 5 | ## Summary 6 | 7 | Provides an IntegrityMethod with which the integrity of an Element can be 8 | asserted. 9 | 10 | ## Description 11 | 12 | A verifiedUsing provides an IntegrityMethod with which the integrity of an 13 | Element can be asserted. 14 | 15 | Please note that different profiles may also provide additional methods for 16 | verifying the integrity of specific subclasses of Elements. 17 | 18 | ## Metadata 19 | 20 | - name: verifiedUsing 21 | - Nature: ObjectProperty 22 | - Range: IntegrityMethod 23 | -------------------------------------------------------------------------------- /model/Dataset/Properties/dataPreprocessing.md: -------------------------------------------------------------------------------- 1 | SPDX-License-Identifier: Community-Spec-1.0 2 | 3 | # dataPreprocessing 4 | 5 | ## Summary 6 | 7 | Describes the preprocessing steps that were applied to the raw data to create the given dataset. 8 | 9 | ## Description 10 | 11 | A free-form text that describes the various preprocessing steps 12 | that were applied to the raw data to create the dataset. 13 | 14 | Examples include standardization, normalization, deduplication, tokenization, and removal of tokens. 15 | 16 | ## Metadata 17 | 18 | - name: dataPreprocessing 19 | - Nature: DataProperty 20 | - Range: xsd:string 21 | -------------------------------------------------------------------------------- /model/ExpandedLicensing/Classes/IndividualLicensingInfo.md: -------------------------------------------------------------------------------- 1 | SPDX-License-Identifier: Community-Spec-1.0 2 | 3 | # IndividualLicensingInfo 4 | 5 | ## Summary 6 | 7 | A concrete subclass of AnyLicenseInfo used by Individuals in the 8 | ExpandedLicensing profile. 9 | 10 | ## Description 11 | 12 | Individuals, such as NoneLicense and NoAssertionLicense, need to reference a 13 | concrete subclass of AnyLicenseInfo. 14 | 15 | This class provides the type used by the individuals. 16 | 17 | ## Metadata 18 | 19 | - name: IndividualLicensingInfo 20 | - SubclassOf: /SimpleLicensing/AnyLicenseInfo 21 | - Instantiability: Concrete 22 | -------------------------------------------------------------------------------- /model/SupplyChain/Classes/ManufactureProcess.md: -------------------------------------------------------------------------------- 1 | SPDX-License-Identifier: Community-Spec-1.0 2 | 3 | # ManufactureProcess 4 | 5 | ## Summary 6 | 7 | This class represents the process involved in manufacturing products. 8 | 9 | ## Description 10 | 11 | The manufacturing process encompasses the series of steps required to transform materials into finished goods. It is a fundamental operation across various industries, including automotive, electronics, pharmaceuticals, textiles, and food production. 12 | 13 | ## Metadata 14 | 15 | - name: ManufactureProcess 16 | - SubclassOf: CreateProcess 17 | - Instantiability: Concrete 18 | -------------------------------------------------------------------------------- /model/Core/Datatypes/CountryCodeAlpha3.md: -------------------------------------------------------------------------------- 1 | SPDX-License-Identifier: Community-Spec-1.0 2 | 3 | # CountryCodeAlpha3 4 | 5 | ## Summary 6 | 7 | A string constrained to the ISO 3166-1 alpha-3 three-letter format. 8 | 9 | ## Description 10 | 11 | The string shall be in the [ISO 3166-1 alpha-3](https://www.iso.org/obp/ui/#iso:std:iso:3166:-1) three-letter format. 12 | 13 | See the [ISO 3166-1 alpha-3 Wikipedia page](https://en.wikipedia.org/wiki/ISO_3166-1_alpha-3) for more information. 14 | 15 | ## Metadata 16 | 17 | - name: CountryCodeAlpha3 18 | - SubclassOf: xsd:string 19 | 20 | ## Format 21 | 22 | - pattern: ^[A-Z]{3}$ 23 | -------------------------------------------------------------------------------- /model/Core/Datatypes/SemVer.md: -------------------------------------------------------------------------------- 1 | SPDX-License-Identifier: Community-Spec-1.0 2 | 3 | # SemVer 4 | 5 | ## Summary 6 | 7 | A string constrained to the SemVer 2.0.0 specification. 8 | 9 | ## Description 10 | 11 | A semantic version is a string that is following the specification of 12 | [Semantic Versioning 2.0.0](https://semver.org/). 13 | 14 | ## Metadata 15 | 16 | - name: SemVer 17 | - SubclassOf: xsd:string 18 | 19 | ## Format 20 | 21 | - pattern: ^(0|[1-9]\d*)\.(0|[1-9]\d*)\.(0|[1-9]\d*)(?:-((?:0|[1-9]\d*|\d*[a-zA-Z-][0-9a-zA-Z-]*)(?:\.(?:0|[1-9]\d*|\d*[a-zA-Z-][0-9a-zA-Z-]*))*))?(?:\+([0-9a-zA-Z-]+(?:\.[0-9a-zA-Z-]+)*))?$ 22 | -------------------------------------------------------------------------------- /model/Core/Properties/inLanguage.md: -------------------------------------------------------------------------------- 1 | SPDX-License-Identifier: Community-Spec-1.0 2 | 3 | # inLanguage 4 | 5 | ## Summary 6 | 7 | Specifies a human language used within the content of an Element or a property. 8 | 9 | ## Description 10 | 11 | Specifies a human language used within the content of an Element or a property. 12 | 13 | The property value shall be an 14 | [IETF BCP 47 language tag](https://datatracker.ietf.org/doc/rfc5646/) 15 | used to indicating human languages, dialects, scripts, regions, and variants. 16 | 17 | ## Metadata 18 | 19 | - name: inLanguage 20 | - Nature: DataProperty 21 | - Range: /Core/LanguageTag 22 | -------------------------------------------------------------------------------- /model/Core/Properties/issuingAuthority.md: -------------------------------------------------------------------------------- 1 | SPDX-License-Identifier: Community-Spec-1.0 2 | 3 | # issuingAuthority 4 | 5 | ## Summary 6 | 7 | An entity that is authorized to issue identification credentials. 8 | 9 | ## Description 10 | 11 | An issuingAuthority is an entity that is authorized to issue identification 12 | credentials. 13 | 14 | The entity may be a government, non-profit, educational institution, or 15 | commercial enterprise. 16 | 17 | The string provides a unique identifier for the issuing authority. 18 | 19 | ## Metadata 20 | 21 | - name: issuingAuthority 22 | - Nature: DataProperty 23 | - Range: xsd:string 24 | -------------------------------------------------------------------------------- /model/SupplyChain/Properties/plannedTransportRoutes.md: -------------------------------------------------------------------------------- 1 | SPDX-License-Identifier: Community-Spec-1.0 2 | 3 | # plannedTransportRoutes 4 | 5 | ## Summary 6 | 7 | A transport route refers to the planned path or network used to move people, goods, data, or resources from one location to another. 8 | 9 | ## Description 10 | 11 | A transport route is the planned path taken by people, products, goods, data or resources. Transport routes vary by product type, safety requirements, business constraints or other factors. 12 | 13 | ## Metadata 14 | 15 | - name: plannedTransportRoutes 16 | - Nature: DataProperty 17 | - Range: xsd:string 18 | -------------------------------------------------------------------------------- /model/Core/Properties/spdxId.md: -------------------------------------------------------------------------------- 1 | SPDX-License-Identifier: Community-Spec-1.0 2 | 3 | # spdxId 4 | 5 | ## Summary 6 | 7 | Identifies an Element to be referenced by other Elements. 8 | 9 | ## Description 10 | 11 | An spdxId uniquely identifies an Element which may thereby be referenced by other Elements. 12 | These references may be internal or external. 13 | While there may be several versions of the same Element, each one needs to be able to be referred to uniquely 14 | so that relationships between Elements can be clearly articulated. 15 | 16 | ## Metadata 17 | 18 | - name: spdxId 19 | - Nature: DataProperty 20 | - Range: xsd:anyURI 21 | -------------------------------------------------------------------------------- /model/SupplyChain/Classes/AssemblyAction.md: -------------------------------------------------------------------------------- 1 | SPDX-License-Identifier: Community-Spec-1.0 2 | 3 | # AssemblyAction 4 | 5 | ## Summary 6 | 7 | AssemblyAction represents the event of creating a product by assembling individual components. 8 | 9 | ## Description 10 | 11 | AssemblyAction refers to the process of constructing a product by putting together various components. These actions can vary depending on the purpose and requirements. In this context, the assembled product is typically designed to allow for disassembly. 12 | 13 | ## Metadata 14 | 15 | - name: AssemblyAction 16 | - SubclassOf: CreateAction 17 | - Instantiability: Concrete 18 | -------------------------------------------------------------------------------- /serialization/jsonld/examples/sbom1.json: -------------------------------------------------------------------------------- 1 | { 2 | "@context": "https://spdx.org/rdf/3.0.0/spdx-context.jsonld", 3 | "type": "software_Sbom", 4 | "spdxId": "https://some.namespace#SBOM", 5 | "creationInfo": { 6 | "type": "CreationInfo", 7 | "specVersion": "3.0.0", 8 | "created": "2022-12-01T00:00:00Z", 9 | "createdBy": ["https://spdx.dev/elements/3F26391C#spdx-dev"] 10 | }, 11 | "software_sbomType": "analyzed", 12 | "element": [ 13 | "https://some.namespace#File1", 14 | "https://spdx.dev/elements/3F26391C#spdx-spec-v2.3" 15 | ], 16 | "rootElement": [ 17 | "https://some.namespace#File1" 18 | ] 19 | } 20 | -------------------------------------------------------------------------------- /model/Core/Properties/definingArtifact.md: -------------------------------------------------------------------------------- 1 | SPDX-License-Identifier: Community-Spec-1.0 2 | 3 | # definingArtifact 4 | 5 | ## Summary 6 | 7 | Artifact representing a serialization instance of SPDX data containing the 8 | definition of a particular Element. 9 | 10 | ## Description 11 | 12 | A definingArtifact property is used to link the Element identifier for an 13 | Element defined external to a given SpdxDocument to an Artifact Element 14 | representing the SPDX serialization instance which contains the definition for 15 | the Element. 16 | 17 | ## Metadata 18 | 19 | - name: definingArtifact 20 | - Nature: ObjectProperty 21 | - Range: Artifact 22 | -------------------------------------------------------------------------------- /model/Security/Properties/decisionType.md: -------------------------------------------------------------------------------- 1 | SPDX-License-Identifier: Community-Spec-1.0 2 | 3 | # decisionType 4 | 5 | ## Summary 6 | 7 | Provide the enumeration of possible decisions in the 8 | [Stakeholder-Specific Vulnerability Categorization (SSVC) decision tree](https://www.cisa.gov/stakeholder-specific-vulnerability-categorization-ssvc). 9 | 10 | ## Description 11 | 12 | A decisionType is a mandatory value and shall select one of the four entries in 13 | the [`SsvcDecisionType`](../Vocabularies/SsvcDecisionType.md) vocabulary. 14 | 15 | ## Metadata 16 | 17 | - name: decisionType 18 | - Nature: ObjectProperty 19 | - Range: SsvcDecisionType 20 | -------------------------------------------------------------------------------- /model/Software/Properties/contentIdentifier.md: -------------------------------------------------------------------------------- 1 | SPDX-License-Identifier: Community-Spec-1.0 2 | 3 | # contentIdentifier 4 | 5 | ## Summary 6 | 7 | A canonical, unique, immutable identifier of the artifact content, that may be 8 | used for verifying its identity and/or integrity. 9 | 10 | ## Description 11 | 12 | A contentIdentifier is a canonical, unique, immutable identifier of the content 13 | of a software artifact, such as a package, a file, or a snippet. 14 | 15 | It may be used for verifying its identity and/or integrity. 16 | 17 | ## Metadata 18 | 19 | - name: contentIdentifier 20 | - Nature: DataProperty 21 | - Range: ContentIdentifier 22 | -------------------------------------------------------------------------------- /model/Core/Properties/created.md: -------------------------------------------------------------------------------- 1 | SPDX-License-Identifier: Community-Spec-1.0 2 | 3 | # created 4 | 5 | ## Summary 6 | 7 | Identifies when the Element was originally created. 8 | 9 | ## Description 10 | 11 | Created is a date that identifies when the Element was originally created. 12 | 13 | The time stamp can serve as an indication as to whether the analysis needs to 14 | be updated. 15 | 16 | This is often the date of last change (e.g., a git commit date), not the date 17 | when the SPDX data was created, as doing so supports reproducible builds. 18 | 19 | ## Metadata 20 | 21 | - name: created 22 | - Nature: DataProperty 23 | - Range: DateTime 24 | -------------------------------------------------------------------------------- /model/ExpandedLicensing/Properties/listVersionAdded.md: -------------------------------------------------------------------------------- 1 | SPDX-License-Identifier: Community-Spec-1.0 2 | 3 | # listVersionAdded 4 | 5 | ## Summary 6 | 7 | Specifies the SPDX License List version in which this ListedLicense or 8 | ListedLicenseException identifier was first added. 9 | 10 | ## Description 11 | 12 | A listVersionAdded for a ListedLicense or ListedLicenseException on the 13 | [SPDX License List](https://spdx.org/licenses/) 14 | specifies which version release of the License List was the first 15 | one in which it was included. 16 | 17 | ## Metadata 18 | 19 | - name: listVersionAdded 20 | - Nature: DataProperty 21 | - Range: xsd:string 22 | -------------------------------------------------------------------------------- /model/ExpandedLicensing/Properties/standardLicenseHeader.md: -------------------------------------------------------------------------------- 1 | SPDX-License-Identifier: Community-Spec-1.0 2 | 3 | # standardLicenseHeader 4 | 5 | ## Summary 6 | 7 | Provides a License author's preferred text to indicate that a file is covered 8 | by the License. 9 | 10 | ## Description 11 | 12 | A standardLicenseHeader contains the plain text of the License author's 13 | preferred wording to be used, typically in a source code file's header 14 | comments or similar location, to indicate that the file is subject to 15 | the specified License. 16 | 17 | ## Metadata 18 | 19 | - name: standardLicenseHeader 20 | - Nature: DataProperty 21 | - Range: xsd:string 22 | -------------------------------------------------------------------------------- /model/Hardware/Properties/hazard.md: -------------------------------------------------------------------------------- 1 | SPDX-License-Identifier: Community-Spec-1.0 2 | 3 | # hazard 4 | 5 | ## Summary 6 | 7 | Hazards are potential sources of harm, danger, or adverse effects to people, property, the environment, or systems within or related to a specific piece of hardware. 8 | 9 | ## Description 10 | 11 | Hazards are potential sources of harm, danger, or adverse effects to people, property, the environment, or systems within or related to a specific piece of hardware. For example, a lithium battery is a hazardous hardware item. 12 | 13 | ## Metadata 14 | 15 | - name: hazard 16 | - Nature: ObjectProperty 17 | - Range: /Core/DefinedType 18 | -------------------------------------------------------------------------------- /model/Software/Properties/downloadLocation.md: -------------------------------------------------------------------------------- 1 | SPDX-License-Identifier: Community-Spec-1.0 2 | 3 | # downloadLocation 4 | 5 | ## Summary 6 | 7 | Identifies the download Uniform Resource Identifier for the package at the time 8 | that the document was created. 9 | 10 | ## Description 11 | 12 | A downloadLocation identifies the download Uniform Resource Identifier 13 | for the package at the time that the document was created. 14 | 15 | Where and how to download the exact package being referenced 16 | is critical for verification and tracking data. 17 | 18 | ## Metadata 19 | 20 | - name: downloadLocation 21 | - Nature: DataProperty 22 | - Range: xsd:anyURI 23 | -------------------------------------------------------------------------------- /model/SupplyChain/Classes/TestProcess.md: -------------------------------------------------------------------------------- 1 | SPDX-License-Identifier: Community-Spec-1.0 2 | 3 | # TestProcess 4 | 5 | ## Summary 6 | 7 | Test Process defines the testing process for an element. 8 | 9 | ## Description 10 | 11 | Tests are processes based on requirements. The process's requirements are met by the test process. 12 | 13 | Relationship: 14 | 15 | For each `TestProcess` there is at least one `/Core/Relationship` class or subclass with the relationshipType of 'contains’ on the from and a `Requirements` class or subclass on the to. 16 | 17 | ## Metadata 18 | 19 | - name: TestProcess 20 | - SubclassOf: UseProcess 21 | - Instantiability: Concrete 22 | -------------------------------------------------------------------------------- /model/Core/Properties/postOfficeBoxNumber.md: -------------------------------------------------------------------------------- 1 | SPDX-License-Identifier: Community-Spec-1.0 2 | 3 | # postOfficeBoxNumber 4 | 5 | ## Summary 6 | 7 | The number that identifies a PO box. A PO box is a box in a post office or other postal service location assigned to an organization where postal items may be kept. 8 | 9 | ## Description 10 | 11 | A postal box (P.O. Box) is a secure, numbered mailbox located at a post office or mail facility, used to receive mail. It provides a fixed mailing address, independent of a physical home or business location. 12 | 13 | ## Metadata 14 | 15 | - name: postOfficeBoxNumber 16 | - Nature: DataProperty 17 | - Range: xsd:string 18 | -------------------------------------------------------------------------------- /model/Core/Classes/MeasureOfLength.md: -------------------------------------------------------------------------------- 1 | SPDX-License-Identifier: Community-Spec-1.0 2 | 3 | # MeasureOfLength 4 | 5 | ## Summary 6 | 7 | The measure of length refers to the dimension of an object or space that describes how long it is, typically expressed in various units depending on the system of measurement being used. 8 | 9 | ## Description 10 | 11 | The measure of length refers to the dimension of an object or space that describes how long it is, typically expressed in various units depending on the system of measurement being used. 12 | 13 | ## Metadata 14 | 15 | - name: MeasureOfLength 16 | - SubclassOf: UnitOfMeasure 17 | - Instantiability: Concrete 18 | 19 | -------------------------------------------------------------------------------- /model/ExpandedLicensing/Classes/ListedLicense.md: -------------------------------------------------------------------------------- 1 | SPDX-License-Identifier: Community-Spec-1.0 2 | 3 | # ListedLicense 4 | 5 | ## Summary 6 | 7 | A license that is listed on the SPDX License List. 8 | 9 | ## Description 10 | 11 | A ListedLicense represents a License that is listed on the 12 | [SPDX License List](https://spdx.org/licenses). 13 | 14 | ## Metadata 15 | 16 | - name: ListedLicense 17 | - SubclassOf: License 18 | - Instantiability: Concrete 19 | 20 | ## Properties 21 | 22 | - deprecatedVersion 23 | - type: xsd:string 24 | - minCount: 0 25 | - maxCount: 1 26 | - listVersionAdded 27 | - type: xsd:string 28 | - minCount: 0 29 | - maxCount: 1 30 | -------------------------------------------------------------------------------- /model/Core/Classes/Regulation.md: -------------------------------------------------------------------------------- 1 | SPDX-License-Identifier: Community-Spec-1.0 2 | 3 | # Regulation 4 | 5 | ## Summary 6 | 7 | Regulation represents a rule or directive maintained by an authority. 8 | 9 | ## Description 10 | 11 | The Regulation class represents any rules or directives enforced by an official authority. 12 | Regulations within this class can be either mandatory or voluntary. 13 | 14 | Examples of these regulations include the EU Radio Equipment Directive, EU Cyber Resilience Act, 15 | the Japan Cyber STAR, or the U.S. Cyber Trust Mark. 16 | 17 | ## Metadata 18 | 19 | - name: Regulation 20 | - SubclassOf: Specification 21 | - Instantiability: Concrete 22 | -------------------------------------------------------------------------------- /model/Core/Properties/devLifecycleStage.md: -------------------------------------------------------------------------------- 1 | SPDX-License-Identifier: Community-Spec-1.0 2 | 3 | # devLifecycleStage 4 | 5 | ## Summary 6 | 7 | The product lifecycle phase, the requirement is applicable for. 8 | 9 | ## Description 10 | 11 | The development lifecycle stage specifies the phase or phases of a product’s lifecycle to which a given requirement applies. These may include requirements that govern the design phase, guide development activities, define constraints for the build environment, provide instructions for the decommissioning phase, etc. 12 | 13 | ## Metadata 14 | 15 | - name: devLifecycleStage 16 | - Nature: DataProperty 17 | - Range: LifecycleScopeType 18 | -------------------------------------------------------------------------------- /model/Hardware/Classes/PhysicalHardware.md: -------------------------------------------------------------------------------- 1 | SPDX-License-Identifier: Community-Spec-1.0 2 | 3 | # PhysicalHardware 4 | 5 | ## Summary 6 | 7 | Class that describes a physical instance of Hardware. 8 | 9 | ## Description 10 | 11 | A PhysicalHardware artifact describes a distinct physical unit. 12 | 13 | ## Metadata 14 | 15 | - name: PhysicalHardware 16 | - SubclassOf: Hardware 17 | - Instantiability: Concrete 18 | 19 | ## Properties 20 | 21 | - massOfHardware 22 | - type: /Core/MeasureOfMass 23 | - minCount: 0 24 | - maxCount: 1 25 | - dimensions 26 | - type: Dimensions 27 | - maxCount: 1 28 | - centerOfMass 29 | - type: Dimensions 30 | - maxCount: 1 31 | -------------------------------------------------------------------------------- /model/Build/Properties/environment.md: -------------------------------------------------------------------------------- 1 | SPDX-License-Identifier: Community-Spec-1.0 2 | 3 | # environment 4 | 5 | ## Summary 6 | 7 | Property describing the session in which a build is invoked. 8 | 9 | ## Description 10 | 11 | environment is a map of environment variables and values that are set during a 12 | build session, according to the buildType. 13 | 14 | This is different from the [parameter](parameter.md) property in that it 15 | describes the environment variables set before a build is invoked rather than 16 | the variables provided to the builder. 17 | 18 | ## Metadata 19 | 20 | - name: environment 21 | - Nature: ObjectProperty 22 | - Range: /Core/DictionaryEntry 23 | -------------------------------------------------------------------------------- /model/Build/Properties/parameter.md: -------------------------------------------------------------------------------- 1 | SPDX-License-Identifier: Community-Spec-1.0 2 | 3 | # parameter 4 | 5 | ## Summary 6 | 7 | Property describing a parameter used in an instance of a build. 8 | 9 | ## Description 10 | 11 | parameter is a key-value of a build parameter and its value that 12 | was provided to the builder for a build instance, according to the buildType. 13 | 14 | This is different from the [environment](environment.md) property in that 15 | the key and value are provided as command line arguments or 16 | a configuration file to the builder. 17 | 18 | ## Metadata 19 | 20 | - name: parameter 21 | - Nature: ObjectProperty 22 | - Range: /Core/DictionaryEntry 23 | -------------------------------------------------------------------------------- /model/Core/Properties/typeFromSource.md: -------------------------------------------------------------------------------- 1 | SPDX-License-Identifier: Community-Spec-1.0 2 | 3 | # typeFromSource 4 | 5 | ## Summary 6 | 7 | typeFromSource is a value used to define an item within the definitionSource. 8 | 9 | ## Description 10 | 11 | A typeFromSource is a specific term or label assigned within a definitionSource to define or identify an item, concept, or category. 12 | It represents a unique or standardized value within the classification system that helps categorize and describe the item's place or characteristics within the overall definitionSource. 13 | 14 | ## Metadata 15 | 16 | - name: typeFromSource 17 | - Nature: DataProperty 18 | - Range: xsd:string 19 | -------------------------------------------------------------------------------- /model/ExpandedLicensing/Properties/additionText.md: -------------------------------------------------------------------------------- 1 | SPDX-License-Identifier: Community-Spec-1.0 2 | 3 | # additionText 4 | 5 | ## Summary 6 | 7 | Identifies the full text of a LicenseAddition. 8 | 9 | ## Description 10 | 11 | An additionText contains the plain text of the LicenseAddition, without 12 | templating or other similar markup. 13 | 14 | Users of the additionText for a License can apply the 15 | [SPDX License List Matching Guidelines](../../../annexes/license-matching-guidelines-and-templates.md) 16 | when comparing it to another text for matching purposes. 17 | 18 | ## Metadata 19 | 20 | - name: additionText 21 | - Nature: DataProperty 22 | - Range: xsd:string 23 | -------------------------------------------------------------------------------- /model/SimpleLicensing/Properties/licenseText.md: -------------------------------------------------------------------------------- 1 | SPDX-License-Identifier: Community-Spec-1.0 2 | 3 | # licenseText 4 | 5 | ## Summary 6 | 7 | Identifies the full text of a License or Addition. 8 | 9 | ## Description 10 | 11 | A licenseText contains the plain text of the License or Addition, 12 | without templating or other similar markup. 13 | 14 | Users of the licenseText for a License can apply the 15 | [SPDX License List Matching Guidelines](../../../annexes/license-matching-guidelines-and-templates.md) 16 | when comparing it to another text for matching purposes. 17 | 18 | ## Metadata 19 | 20 | - name: licenseText 21 | - Nature: DataProperty 22 | - Range: xsd:string 23 | -------------------------------------------------------------------------------- /model/SimpleLicensing/Classes/SimpleLicensingText.md: -------------------------------------------------------------------------------- 1 | SPDX-License-Identifier: Community-Spec-1.0 2 | 3 | # SimpleLicensingText 4 | 5 | ## Summary 6 | 7 | A license or addition that is not listed on the SPDX License List. 8 | 9 | ## Description 10 | 11 | A SimpleLicensingText represents a License or Addition that is not listed on 12 | the [SPDX License List](https://spdx.org/licenses), 13 | and is therefore defined by an SPDX data creator. 14 | 15 | ## Metadata 16 | 17 | - name: SimpleLicensingText 18 | - SubclassOf: /Core/Element 19 | - Instantiability: Concrete 20 | 21 | ## Properties 22 | 23 | - licenseText 24 | - type: xsd:string 25 | - minCount: 1 26 | - maxCount: 1 27 | -------------------------------------------------------------------------------- /model/Software/Classes/Sbom.md: -------------------------------------------------------------------------------- 1 | SPDX-License-Identifier: Community-Spec-1.0 2 | 3 | # Sbom 4 | 5 | ## Summary 6 | 7 | A collection of SPDX Elements describing a single package. 8 | 9 | ## Description 10 | 11 | A Software Bill of Materials (SBOM) is a collection of SPDX Elements describing 12 | a single package. 13 | 14 | This could include details of the content and composition of the product, 15 | provenance details of the product and/or its composition, licensing 16 | information, known quality or security issues, etc. 17 | 18 | ## Metadata 19 | 20 | - name: Sbom 21 | - SubclassOf: /Core/Bom 22 | 23 | ## Properties 24 | 25 | - sbomType 26 | - type: SbomType 27 | - minCount: 0 28 | -------------------------------------------------------------------------------- /model/Security/Properties/actionStatementTime.md: -------------------------------------------------------------------------------- 1 | SPDX-License-Identifier: Community-Spec-1.0 2 | 3 | # actionStatementTime 4 | 5 | ## Summary 6 | 7 | Records the time when a recommended action was communicated in a VEX statement 8 | to mitigate a vulnerability. 9 | 10 | ## Description 11 | 12 | When a VEX statement communicates an affected status, the author shall 13 | include an action statement with a recommended action to help mitigate the 14 | vulnerability's impact. The actionStatementTime property records the time 15 | when the action statement was first communicated. 16 | 17 | ## Metadata 18 | 19 | - name: actionStatementTime 20 | - Nature: DataProperty 21 | - Range: /Core/DateTime 22 | -------------------------------------------------------------------------------- /model/Core/Classes/DefinedProcess.md: -------------------------------------------------------------------------------- 1 | SPDX-License-Identifier: Community-Spec-1.0 2 | 3 | # DefinedProcess 4 | 5 | ## Summary 6 | 7 | Class that describes a process. 8 | 9 | ## Description 10 | 11 | Processes are composed of systematic task(s) required to achieve a goal. 12 | 13 | ## Metadata 14 | 15 | - name: DefinedProcess 16 | - SubclassOf: Artifact 17 | - Instantiability: Abstract 18 | 19 | ## Properties 20 | 21 | - processVersion 22 | - type: xsd:string 23 | - minCount: 1 24 | - maxCount: 1 25 | - processRationale 26 | - type: xsd:string 27 | - minCount: 0 28 | - maxCount: 1 29 | - processReadiness 30 | - type: ProcessReadinessType 31 | - minCount: 0 32 | - maxCount: 1 33 | -------------------------------------------------------------------------------- /model/SupplyChain/Classes/HarvestAction.md: -------------------------------------------------------------------------------- 1 | SPDX-License-Identifier: Community-Spec-1.0 2 | 3 | # HarvestAction 4 | 5 | ## Summary 6 | 7 | HarvestAction represents the act of creating a product by directly extracting goods or materials from nature. 8 | 9 | ## Description 10 | 11 | HarvestAction refers to an event where goods or products are obtained directly from natural sources. This includes activities such as mining, and fishing. In such cases, there may be no associated hasInput relationships, as the products are not assembled from other components but sourced directly. 12 | 13 | ## Metadata 14 | 15 | - name: HarvestAction 16 | - SubclassOf: CreateAction 17 | - Instantiability: Concrete 18 | -------------------------------------------------------------------------------- /model/Core/Properties/definitionSource.md: -------------------------------------------------------------------------------- 1 | SPDX-License-Identifier: Community-Spec-1.0 2 | 3 | # definitionSource 4 | 5 | ## Summary 6 | 7 | It is the authoritative or credible entity, document, or body of knowledge that provides the meaning of a type, ensuring accuracy, context, and standardization. 8 | 9 | ## Description 10 | 11 | It is the authoritative or credible entity, document, or body of knowledge that provides the meaning of a type, ensuring accuracy, context, and standardization. 12 | These are adopted to create uniformity and facilitate interoperability within industries. 13 | 14 | ## Metadata 15 | 16 | - name: definitionSource 17 | - Nature: ObjectProperty 18 | - Range: Specification 19 | -------------------------------------------------------------------------------- /model/Software/Properties/sbomType.md: -------------------------------------------------------------------------------- 1 | SPDX-License-Identifier: Community-Spec-1.0 2 | 3 | # sbomType 4 | 5 | ## Summary 6 | 7 | Provides information about the type of an SBOM. 8 | 9 | ## Description 10 | 11 | This field is a reasonable estimation of the type of SBOM created from a 12 | creator perspective. 13 | 14 | It is intended to be used to give guidance on the elements that may be 15 | contained within it. 16 | 17 | Aligning with the guidance produced in 18 | [Types of Software Bill of Material (SBOM) Documents](https://www.cisa.gov/sites/default/files/2023-04/sbom-types-document-508c.pdf). 19 | 20 | ## Metadata 21 | 22 | - name: sbomType 23 | - Nature: ObjectProperty 24 | - Range: SbomType 25 | -------------------------------------------------------------------------------- /model/AI/Properties/metricDecisionThreshold.md: -------------------------------------------------------------------------------- 1 | SPDX-License-Identifier: Community-Spec-1.0 2 | 3 | # metricDecisionThreshold 4 | 5 | ## Summary 6 | 7 | Captures the threshold that was used for computation of a metric described in 8 | the metric field. 9 | 10 | ## Description 11 | 12 | Each metric can be computed based on a decision threshold. 13 | 14 | For instance, precision or recall is typically computed by checking if the 15 | probability of the outcome is larger than 0.5. 16 | 17 | Each decision threshold shall match with a metric field defined in the AI 18 | package. 19 | 20 | ## Metadata 21 | 22 | - name: metricDecisionThreshold 23 | - Nature: ObjectProperty 24 | - Range: /Core/DictionaryEntry 25 | -------------------------------------------------------------------------------- /model/Core/Classes/LifecycleScopedRelationship.md: -------------------------------------------------------------------------------- 1 | SPDX-License-Identifier: Community-Spec-1.0 2 | 3 | # LifecycleScopedRelationship 4 | 5 | ## Summary 6 | 7 | Provide context for a relationship that occurs in the lifecycle. 8 | 9 | ## Description 10 | 11 | Certain relationships are sensitive to where they occur in the lifecycle. This parameter lets us avoid a proliferation of relationships, by parameterizing this context information for a relationship. 12 | 13 | ## Metadata 14 | 15 | - name: LifecycleScopedRelationship 16 | - SubclassOf: Relationship 17 | - Instantiability: Concrete 18 | 19 | ## Properties 20 | 21 | - scope 22 | - type: LifecycleScopeType 23 | - minCount: 0 24 | - maxCount: 1 25 | -------------------------------------------------------------------------------- /model/SupplyChain/Classes/BoundaryCrossingAction.md: -------------------------------------------------------------------------------- 1 | SPDX-License-Identifier: Community-Spec-1.0 2 | 3 | # BoundaryCrossingAction 4 | 5 | ## Summary 6 | 7 | An action of crossing a boundary is defined in this class. 8 | 9 | ## Description 10 | 11 | Boundary crossing occurs when an individual, object, or system moves between different defined areas, domains, or disciplines. It can apply to various fields, including education, psychology, business, logistics, and technology. 12 | 13 | ## Metadata 14 | 15 | - name: BoundaryCrossingAction 16 | - SubclassOf: UseAction 17 | - Instantiability: Concrete 18 | 19 | ## External properties restrictions 20 | 21 | - /Core/Element/description 22 | - minCount: 1 23 | -------------------------------------------------------------------------------- /model/AI/Properties/energyConsumption.md: -------------------------------------------------------------------------------- 1 | SPDX-License-Identifier: Community-Spec-1.0 2 | 3 | # energyConsumption 4 | 5 | ## Summary 6 | 7 | Indicates the amount of energy consumption incurred by an AI model. 8 | 9 | ## Description 10 | 11 | Captures the energy consumption of an AI model, either known or estimated. 12 | 13 | In the absence of direct measurements, an SPDX data creator may choose to 14 | estimate the energy consumption based on information about computational 15 | resources (e.g., number of floating-point operations), training time, and other 16 | relevant training details. 17 | 18 | ## Metadata 19 | 20 | - name: energyConsumption 21 | - Nature: ObjectProperty 22 | - Range: EnergyConsumption 23 | -------------------------------------------------------------------------------- /model/Core/Classes/Bom.md: -------------------------------------------------------------------------------- 1 | SPDX-License-Identifier: Community-Spec-1.0 2 | 3 | # Bom 4 | 5 | ## Summary 6 | 7 | A container for a grouping of SPDX 3 content characterizing details 8 | (provenance, composition, licensing, etc.) about a product. 9 | 10 | ## Description 11 | 12 | A Bill of Materials (BOM) is a container for a grouping of SPDX 3 content 13 | characterizing details about a product. 14 | 15 | This could include details of the content and composition of the product, 16 | provenance details of the product and/or 17 | its composition, licensing information, known quality or security issues, etc. 18 | 19 | ## Metadata 20 | 21 | - name: Bom 22 | - SubclassOf: Bundle 23 | - Instantiability: Concrete 24 | -------------------------------------------------------------------------------- /model/Core/Individuals/SpdxOrganization.md: -------------------------------------------------------------------------------- 1 | SPDX-License-Identifier: Community-Spec-1.0 2 | 3 | # SpdxOrganization 4 | 5 | ## Summary 6 | 7 | An Organization representing the SPDX Project. 8 | 9 | ## Description 10 | 11 | SpdxOrganization is an Organization representing the SPDX Project. 12 | It is by definition the creator of all Element type individuals defined by 13 | the SPDX Project. 14 | These individuals include licenses and exceptions defined in the SPDX License 15 | List, as well as individuals defined in the specification. 16 | 17 | ## Metadata 18 | 19 | - name: SpdxOrganization 20 | - type: Organization 21 | - IRI: https://spdx.org/ 22 | 23 | ## Property Values 24 | 25 | - name: "SPDX Project" 26 | -------------------------------------------------------------------------------- /model/Core/Properties/suppliedBy.md: -------------------------------------------------------------------------------- 1 | SPDX-License-Identifier: Community-Spec-1.0 2 | 3 | # suppliedBy 4 | 5 | ## Summary 6 | 7 | Identifies who or what supplied the artifact or VulnAssessmentRelationship 8 | referenced by the Element. 9 | 10 | ## Description 11 | 12 | Identify the actual distribution source for the artifact (e.g., snippet, file, 13 | package, vulnerability) or VulnAssessmentRelationship being referenced. 14 | 15 | This may or may not be different from the originating distribution source 16 | for the artifact (e.g., snippet, file, package, vulnerability) or 17 | VulnAssessmentRelationship. 18 | 19 | ## Metadata 20 | 21 | - name: suppliedBy 22 | - Nature: ObjectProperty 23 | - Range: Agent 24 | -------------------------------------------------------------------------------- /model/SupplyChain/Classes/TransportAction.md: -------------------------------------------------------------------------------- 1 | SPDX-License-Identifier: Community-Spec-1.0 2 | 3 | # TransportAction 4 | 5 | ## Summary 6 | 7 | An actual change to a product's location. 8 | 9 | ## Description 10 | 11 | A TransportAction expresses the change in location of a product, such as a component being moved from an assembly plant to a warehouse. 12 | 13 | ## Metadata 14 | 15 | - name: TransportAction 16 | - SubclassOf: ModifyAction 17 | - Instantiability: Concrete 18 | 19 | ## Properties 20 | 21 | - transportRoute 22 | - type: xsd:string 23 | - minCount: 0 24 | - pickupLocation 25 | - type: /Core/Location 26 | - minCount: 1 27 | - dropoffLocation 28 | - type: /Core/Location 29 | - minCount: 0 30 | -------------------------------------------------------------------------------- /model/Build/Properties/configSourceUri.md: -------------------------------------------------------------------------------- 1 | SPDX-License-Identifier: Community-Spec-1.0 2 | 3 | # configSourceUri 4 | 5 | ## Summary 6 | 7 | Property that describes the URI of the build configuration source file. 8 | 9 | ## Description 10 | 11 | If a build configuration exists for the toolchain or platform performing the 12 | build, the configSourceUri of a build is the URI of that build configuration, 13 | according to the buildType. 14 | 15 | For example, a build triggered by a GitHub Action is defined by a build 16 | configuration YAML file. In this case, the configSourceUri is the URL of that 17 | YAML file. 18 | 19 | ## Metadata 20 | 21 | - name: configSourceUri 22 | - Nature: DataProperty 23 | - Range: xsd:anyURI 24 | -------------------------------------------------------------------------------- /serialization/jsonld/examples/spdx_document1.json: -------------------------------------------------------------------------------- 1 | { 2 | "@context": "https://spdx.org/rdf/3.0.0/spdx-context.jsonld", 3 | "type": "SpdxDocument", 4 | "spdxId": "http://spdx.acme.org/3FA9CB25#spdxdocument159", 5 | "creationInfo": { 6 | "type": "CreationInfo", 7 | "specVersion": "3.0.0", 8 | "created": "2022-12-01T00:00:00Z", 9 | "createdBy": ["https://spdx.dev/elements/3F26391C#spdx-dev"] 10 | }, 11 | "name": "Doc 159 - two File elements", 12 | "profileConformance": ["core", "software"], 13 | "element": [ 14 | "https://some.namespace#File1", 15 | "https://spdx.dev/elements/3F26391C#spdx-spec-v2.3" 16 | ], 17 | "rootElement": [ 18 | "https://some.namespace#File1" 19 | ] 20 | } 21 | -------------------------------------------------------------------------------- /model/Core/Properties/description.md: -------------------------------------------------------------------------------- 1 | SPDX-License-Identifier: Community-Spec-1.0 2 | 3 | # description 4 | 5 | ## Summary 6 | 7 | Provides a detailed description of the Element. 8 | 9 | ## Description 10 | 11 | This field is a detailed description of the Element. It may also be extracted 12 | from the Element itself. 13 | 14 | The intent is to provide recipients of the SPDX file with a detailed technical 15 | explanation of the functionality, anticipated use, and anticipated 16 | implementation of the Element. 17 | 18 | This field may also include a description of improvements over prior versions 19 | of the Element. 20 | 21 | ## Metadata 22 | 23 | - name: description 24 | - Nature: DataProperty 25 | - Range: xsd:string 26 | -------------------------------------------------------------------------------- /model/Service/Classes/SoftwareService.md: -------------------------------------------------------------------------------- 1 | SPDX-License-Identifier: Community-Spec-1.0 2 | 3 | # SoftwareService 4 | 5 | ## Summary 6 | 7 | Software provided as a service over a network. 8 | 9 | ## Description 10 | 11 | SoftwareService represents a service based on software components offered for access online over a network. 12 | 13 | ## Properties 14 | 15 | - provider 16 | - type: /Core/Agent 17 | - minCount: 1 18 | - serverAuthenticationProtocol 19 | - type: AuthenticationProtocolType 20 | - minCount: 0 21 | - serviceHostingCountry 22 | - type: /Core/CountryCodeAlpha3 23 | - minCount: 0 24 | 25 | ## Metadata 26 | 27 | - name: SoftwareService 28 | - SubclassOf: /Core/Element 29 | - Instantiability: Concrete 30 | -------------------------------------------------------------------------------- /model/Core/Classes/PositiveIntegerRange.md: -------------------------------------------------------------------------------- 1 | SPDX-License-Identifier: Community-Spec-1.0 2 | 3 | # PositiveIntegerRange 4 | 5 | ## Summary 6 | 7 | A tuple of two positive integers that define a range. 8 | 9 | ## Description 10 | 11 | PositiveIntegerRange is a tuple of two positive integers that define a range. 12 | "beginIntegerRange" shall be less than or equal to "endIntegerRange". 13 | 14 | ## Metadata 15 | 16 | - name: PositiveIntegerRange 17 | - SubclassOf: none 18 | - Instantiability: Concrete 19 | 20 | ## Properties 21 | 22 | - beginIntegerRange 23 | - type: xsd:positiveInteger 24 | - minCount: 1 25 | - maxCount: 1 26 | - endIntegerRange 27 | - type: xsd:positiveInteger 28 | - minCount: 1 29 | - maxCount: 1 30 | -------------------------------------------------------------------------------- /model/Core/Properties/standardName.md: -------------------------------------------------------------------------------- 1 | SPDX-License-Identifier: Community-Spec-1.0 2 | 3 | # standardName 4 | 5 | ## Summary 6 | 7 | The name of a relevant standard that may apply to an artifact. 8 | 9 | ## Description 10 | 11 | Various standards may be relevant or useful to capture for specific artifacts. 12 | 13 | This does not imply that the artifact is compliant with the standard, 14 | but rather that the standard is used as a reference or guideline for 15 | the design, implementation, production, or evaluation of the artifact. 16 | 17 | For compliance with a standard, use the `standardCompliance` property instead. 18 | 19 | ## Metadata 20 | 21 | - name: standardName 22 | - Nature: DataProperty 23 | - Range: xsd:string 24 | -------------------------------------------------------------------------------- /serialization/jsonld/examples/annotation1.json: -------------------------------------------------------------------------------- 1 | { 2 | "@context": "https://spdx.org/rdf/3.0.0/spdx-context.jsonld", 3 | "type": "Annotation", 4 | "spdxId": "http://spdx.acme.org/3FA9CB25#annotation34", 5 | "creationInfo": { 6 | "type": "CreationInfo", 7 | "specVersion": "3.0.0", 8 | "created": "2022-12-01T00:00:00Z", 9 | "createdBy": ["https://spdx.dev/elements/3F26391C#spdx-dev"] 10 | }, 11 | "name": "Acme Corp. Super SBOM-o-lator", 12 | "annotationType": "review", 13 | "subject": "http://spdx.acme.org/3FA9CB25#person9", 14 | "contentType": "text/plain", 15 | "statement": "Keanu Reeves is back as cyberpunk icon Neo but fans of the original will find this cynical reboot a bitter pill to swallow." 16 | } 17 | -------------------------------------------------------------------------------- /model/ExpandedLicensing/Properties/deprecatedVersion.md: -------------------------------------------------------------------------------- 1 | SPDX-License-Identifier: Community-Spec-1.0 2 | 3 | # deprecatedVersion 4 | 5 | ## Summary 6 | 7 | Specifies the SPDX License List version in which this license or exception 8 | identifier was deprecated. 9 | 10 | ## Description 11 | 12 | A deprecatedVersion, for a ListedLicense on the 13 | [SPDX License List](https://spdx.org/licenses/) 14 | or a ListedLicenseException on the 15 | [SPDX License Exceptions](https://spdx.org/licenses/exceptions-index.html), 16 | specifies which version release of the License List was the first 17 | one in which it was marked as deprecated. 18 | 19 | ## Metadata 20 | 21 | - name: deprecatedVersion 22 | - Nature: DataProperty 23 | - Range: xsd:string 24 | -------------------------------------------------------------------------------- /model/Core/Individuals/NoneElement.md: -------------------------------------------------------------------------------- 1 | SPDX-License-Identifier: Community-Spec-1.0 2 | 3 | # NoneElement 4 | 5 | ## Summary 6 | 7 | An Individual Value for Element representing a set of Elements with 8 | cardinality (number/count) of zero. 9 | 10 | ## Description 11 | 12 | NoneElement shall be used if the SPDX creator desires to assert that 13 | there are NO elements for the given context of use. 14 | 15 | For example, a Relationship with 16 | `relationshipType`="ancestorOf", 17 | `from`=Element1, 18 | and `to`=NoneElement 19 | is explicitly expressing an assertion that 20 | Element1 has no descendants. 21 | 22 | ## Metadata 23 | 24 | - name: NoneElement 25 | - type: IndividualElement 26 | 27 | ## Property Values 28 | 29 | - name: "NONE" 30 | -------------------------------------------------------------------------------- /model/SupplyChain/Classes/DefinedStateProcess.md: -------------------------------------------------------------------------------- 1 | SPDX-License-Identifier: Community-Spec-1.0 2 | 3 | # DefinedStateProcess 4 | 5 | ## Summary 6 | 7 | This process is used to determine the state of an affected Element. 8 | 9 | ## Description 10 | 11 | This process is used to determine the state of an affected Element. 12 | The DefinedStateProcess is used to define a list of valid states of an affected Element. 13 | 14 | A DefinedStateProcess may describe the steps or conditions required to move an entity from one state to another. 15 | 16 | ## Metadata 17 | 18 | - name: DefinedStateProcess 19 | - SubclassOf: UseProcess 20 | - Instantiability: Concrete 21 | 22 | ## Properties 23 | 24 | - vaildState 25 | - type: State 26 | - minCount: 1 27 | -------------------------------------------------------------------------------- /serialization/jsonld/examples/person2.json: -------------------------------------------------------------------------------- 1 | { 2 | "@context": "https://spdx.org/rdf/3.0.0/spdx-context.jsonld", 3 | "type": "Person", 4 | "spdxId": "http://spdx.acme.org/3FA9CB25#person2", 5 | "creationInfo": { 6 | "type": "CreationInfo", 7 | "specVersion": "3.0.0", 8 | "created": "2022-12-01T00:00:00Z", 9 | "createdBy": ["https://spdx.dev/elements/3F26391C#spdx-dev"], 10 | "createdUsing": ["https://some.namespace#sbomolator_v2"], 11 | "comment": "Source: payroll list, 20221130" 12 | }, 13 | "name": "Alice Stone", 14 | "externalIdentifier": [ 15 | { 16 | "type": "ExternalIdentifier", 17 | "externalIdentifierType": "email", 18 | "identifier": "Alice.Stone@acme.com" 19 | } 20 | ] 21 | } 22 | -------------------------------------------------------------------------------- /model/AI/Properties/useSensitivePersonalInformation.md: -------------------------------------------------------------------------------- 1 | SPDX-License-Identifier: Community-Spec-1.0 2 | 3 | # useSensitivePersonalInformation 4 | 5 | ## Summary 6 | 7 | Records if sensitive personal information is used during model training or 8 | could be used during the inference. 9 | 10 | ## Description 11 | 12 | Notes if sensitive personal information is used in the training or inference of 13 | the AI models. 14 | 15 | This can include biometric data, addresses or other data that can be used to 16 | infer a person's identity. 17 | 18 | Related: `hasSensitivePersonalInformation` in `/Dataset/DatasetPackage` 19 | 20 | ## Metadata 21 | 22 | - name: useSensitivePersonalInformation 23 | - Nature: ObjectProperty 24 | - Range: /Core/PresenceType 25 | -------------------------------------------------------------------------------- /model/Security/Properties/impactStatement.md: -------------------------------------------------------------------------------- 1 | SPDX-License-Identifier: Community-Spec-1.0 2 | 3 | # impactStatement 4 | 5 | ## Summary 6 | 7 | Explains why a VEX product is not affected by a vulnerability. It is an 8 | alternative in VexNotAffectedVulnAssessmentRelationship to the machine-readable 9 | justification label. 10 | 11 | ## Description 12 | 13 | When a VEX product element is related with a VexNotAffectedVulnAssessmentRelationship 14 | and a machine readable justification label is not provided, then an impactStatement 15 | that further explains how or why the product(s) are not affected by the vulnerability 16 | shall be provided. 17 | 18 | ## Metadata 19 | 20 | - name: impactStatement 21 | - Nature: DataProperty 22 | - Range: xsd:string 23 | -------------------------------------------------------------------------------- /model/Software/Properties/byteRange.md: -------------------------------------------------------------------------------- 1 | SPDX-License-Identifier: Community-Spec-1.0 2 | 3 | # byteRange 4 | 5 | ## Summary 6 | 7 | Defines the byte range in the original host file that the snippet information 8 | applies to. 9 | 10 | ## Description 11 | 12 | This field defines the byte range in the original host file that the snippet 13 | information applies to. 14 | 15 | A range of bytes is independent of various formatting concerns, and the most 16 | accurate way of referring to the differences. The choice was made to start the 17 | numbering of the byte range at 1 to be consistent with the W3C pointer method 18 | vocabulary. 19 | 20 | ## Metadata 21 | 22 | - name: byteRange 23 | - Nature: DataProperty 24 | - Range: /Core/PositiveIntegerRange 25 | -------------------------------------------------------------------------------- /model/Core/Properties/isoAutomationLevel.md: -------------------------------------------------------------------------------- 1 | SPDX-License-Identifier: Community-Spec-1.0 2 | 3 | # isoAutomationLevel 4 | 5 | ## Summary 6 | 7 | Indicates level of automation. 8 | 9 | ## Description 10 | 11 | The level of automation describes a spectrum of system capability, defining 12 | the degree of control and decision-making authority a system possesses 13 | relative to an external control. 14 | 15 | This classification helps to define the roles and responsibilities of both the 16 | human operator and the automated system. It is a critical component for risk 17 | assessment, regulatory compliance, and user interface design. 18 | 19 | ## Metadata 20 | 21 | - name: isoAutomationLevel 22 | - Nature: ObjectProperty 23 | - Range: IsoAutomationLevel 24 | -------------------------------------------------------------------------------- /model/Core/Classes/ContactPointRelationship.md: -------------------------------------------------------------------------------- 1 | SPDX-License-Identifier: Community-Spec-1.0 2 | 3 | # ContactPointRelationship 4 | 5 | ## Summary 6 | 7 | A contact point from an Artifact to an Agent. 8 | 9 | ## Description 10 | 11 | Specifies a point of contact specific to an Artifact. For example, a software package may have a security contact point that researchers should use for reporting security vulnerabilities. This relationship is restricted to using the `hasContactPoint` relationship type. 12 | 13 | ## Metadata 14 | 15 | - name: ContactPointRelationship 16 | - SubclassOf: Relationship 17 | - Instantiability: Concrete 18 | 19 | ## Properties 20 | 21 | - contactType 22 | - type: ContactPointRelationshipType 23 | - minCount: 1 24 | - maxCount: 1 25 | -------------------------------------------------------------------------------- /model/ExpandedLicensing/Classes/CustomLicenseAddition.md: -------------------------------------------------------------------------------- 1 | SPDX-License-Identifier: Community-Spec-1.0 2 | 3 | # CustomLicenseAddition 4 | 5 | ## Summary 6 | 7 | A license addition that is not listed on the SPDX Exceptions List. 8 | 9 | ## Description 10 | 11 | A CustomLicenseAddition represents an addition to a License that is not listed 12 | on the 13 | [SPDX License Exceptions](https://spdx.org/licenses/exceptions-index.html), 14 | and is therefore defined by an SPDX data creator. 15 | 16 | It is intended to represent additional language which is meant to be added to 17 | a License, but which is not itself a standalone License. 18 | 19 | ## Metadata 20 | 21 | - name: CustomLicenseAddition 22 | - SubclassOf: LicenseAddition 23 | - Instantiability: Concrete 24 | -------------------------------------------------------------------------------- /model/SupplyChain/Classes/TransportProcess.md: -------------------------------------------------------------------------------- 1 | SPDX-License-Identifier: Community-Spec-1.0 2 | 3 | # TransportProcess 4 | 5 | ## Summary 6 | 7 | A prescribed change to a product's location. 8 | 9 | ## Description 10 | 11 | A TransportProcess is a process that will result in a change in location of a product, such as a component being moved from an assembly plant to a warehouse. 12 | 13 | ## Metadata 14 | 15 | - name: TransportProcess 16 | - SubclassOf: ModifyProcess 17 | - Instantiability: Concrete 18 | 19 | ## Properties 20 | 21 | - plannedTransportRoutes 22 | - type: xsd:string 23 | - minCount: 0 24 | - forPickupLocation 25 | - type: /Core/Location 26 | - minCount: 0 27 | - forDropoffLocation 28 | - type: /Core/Location 29 | - minCount: 0 30 | -------------------------------------------------------------------------------- /model/ExpandedLicensing/Properties/licenseXml.md: -------------------------------------------------------------------------------- 1 | SPDX-License-Identifier: Community-Spec-1.0 2 | 3 | # licenseXml 4 | 5 | ## Summary 6 | 7 | Identifies all the text and metadata associated with a license in the license 8 | XML format. 9 | 10 | ## Description 11 | 12 | The license XML format is defined and used by the SPDX legal team. 13 | 14 | The formal schema definition is available at 15 | [SPDX License List XML Schema](https://github.com/spdx/license-list-XML/blob/v3.25.0/schema/ListedLicense.xsd). 16 | 17 | For a text description of the XML fields, see 18 | [XML template fields](https://github.com/spdx/license-list-XML/blob/v3.25.0/DOCS/xml-fields.md). 19 | 20 | ## Metadata 21 | 22 | - name: licenseXml 23 | - Nature: DataProperty 24 | - Range: xsd:string 25 | -------------------------------------------------------------------------------- /model/Service/Properties/serviceHostingCountry.md: -------------------------------------------------------------------------------- 1 | SPDX-License-Identifier: Community-Spec-1.0 2 | 3 | # serviceHostingCountry 4 | 5 | ## Summary 6 | 7 | Specifies a country code where a software service is hosted. 8 | 9 | ## Description 10 | 11 | Specifies a country or territory where a software service is located. 12 | This includes indirect locations (e.g., where the data may be hosted). 13 | 14 | The string shall be in the [ISO 3166-1 alpha-3](https://www.iso.org/obp/ui/#iso:std:iso:3166:-1) three-letter format. 15 | See the [ISO 3166-1 alpha-3 Wikipedia page](https://en.wikipedia.org/wiki/ISO_3166-1_alpha-3) for more information. 16 | 17 | ## Metadata 18 | 19 | - name: serviceHostingCountry 20 | - Nature: DataProperty 21 | - Range: /Core/CountryCodeAlpha3 22 | -------------------------------------------------------------------------------- /model/SupplyChain/Classes/StateAction.md: -------------------------------------------------------------------------------- 1 | SPDX-License-Identifier: Community-Spec-1.0 2 | 3 | # StateAction 4 | 5 | ## Summary 6 | 7 | This is the state of an affected Element at a specific moment in time. 8 | 9 | ## Description 10 | 11 | The state of a specific Element is defined, measured or observed in this class at a specific moment in time. 12 | The stateaction is defined by the method used by the definedstaeproces to produce an outcome. 13 | 14 | ## Metadata 15 | 16 | - name: StateAction 17 | - SubclassOf: UseAction 18 | - Instantiability: Concrete 19 | 20 | ## Properties 21 | 22 | - currentState 23 | - type: State 24 | - minCount: 1 25 | - maxCount: 1 26 | - decisionProcess 27 | - type: DefinedStateProcess 28 | - minCount: 1 29 | - maxCount: 1 30 | -------------------------------------------------------------------------------- /model/Hardware/Classes/VirtualHardware.md: -------------------------------------------------------------------------------- 1 | SPDX-License-Identifier: Community-Spec-1.0 2 | 3 | # VirtualHardware 4 | 5 | ## Summary 6 | 7 | Class that describes an instance of VirtualHardware. 8 | 9 | ## Description 10 | 11 | A VirtualHardware is a distinct article related to simulation or emulation hardware. 12 | This is used to assist in recording "Digital Twinning". 13 | 14 | An FPGA simulation of hardware is a VirtualHardware. 15 | Virtual hardware requires instantiation involving specific hardware and software. 16 | 17 | ## Metadata 18 | 19 | - name: VirtualHardware 20 | - SubclassOf: Hardware 21 | - Instantiability: Concrete 22 | 23 | ## Properties 24 | 25 | - virtualHardwareModel 26 | - type: VirtualHardwareModelType 27 | - minCount: 0 28 | - maxCount: 1 29 | -------------------------------------------------------------------------------- /model/SupplyChain/Classes/InspectionProcess.md: -------------------------------------------------------------------------------- 1 | SPDX-License-Identifier: Community-Spec-1.0 2 | 3 | # InspectionProcess 4 | 5 | ## Summary 6 | 7 | Inspection Process defines specific various processes needed to satisfy the inspection requirements for a specific product or service. 8 | 9 | ## Description 10 | 11 | Different types of products and services require different types of inspection processes. Your specific inspection process is defined in this process. You can define multiple inspection processes for goods based on requirements. 12 | 13 | ## Metadata 14 | 15 | - name: InspectionProcess 16 | - SubclassOf: UseProcess 17 | - Instantiability: Concrete 18 | 19 | ## Properties 20 | 21 | - plannedInspectionLocation 22 | - type: /Core/Location 23 | - minCount: 0 24 | -------------------------------------------------------------------------------- /model/SupplyChain/Classes/ReproduceAction.md: -------------------------------------------------------------------------------- 1 | SPDX-License-Identifier: Community-Spec-1.0 2 | 3 | # ReproduceAction 4 | 5 | ## Summary 6 | 7 | Reproduction is the biological process by which organisms generate new individuals of the same species. 8 | 9 | ## Description 10 | 11 | Reproduction involves the act of replicating or reproducing a product. This includes producing new products related to husbandry, agriculture, and fishing. 12 | 13 | Relationship: 14 | 15 | For each `ReproduceAction` there is at least one `/Core/Relationship` class or subclass with the relationshipType of 'hasInput’ on the from and a `/Core/Element` class or subclass on the to. 16 | 17 | ## Metadata 18 | 19 | - name: ReproduceAction 20 | - SubclassOf: CreateAction 21 | - Instantiability: Concrete 22 | -------------------------------------------------------------------------------- /model/Core/Classes/DefinedType.md: -------------------------------------------------------------------------------- 1 | SPDX-License-Identifier: Community-Spec-1.0 2 | 3 | # DefinedType 4 | 5 | ## Summary 6 | 7 | The DefinedType class associates a specific type with its defined source. 8 | 9 | ## Description 10 | 11 | The DefinedType class associates a specific type with its defined source. 12 | It provides a structured way to represent defined types, holds information about the type's identity and the source specification that defines its structure and semantics. 13 | 14 | ## Metadata 15 | 16 | - name: DefinedType 17 | - Instantiability: Concrete 18 | 19 | ## Properties 20 | 21 | - typeFromSource 22 | - type: xsd:string 23 | - minCount: 1 24 | - maxCount: 1 25 | - definitionSource 26 | - type: Specification 27 | - minCount: 1 28 | - maxCount: 1 29 | 30 | -------------------------------------------------------------------------------- /model/Core/Classes/DictionaryEntry.md: -------------------------------------------------------------------------------- 1 | SPDX-License-Identifier: Community-Spec-1.0 2 | 3 | # DictionaryEntry 4 | 5 | ## Summary 6 | 7 | A key with an associated value. 8 | 9 | ## Description 10 | 11 | The class used for implementing a generic string mapping (also known as 12 | associative array, dictionary, or hash map) in SPDX. 13 | 14 | Each DictionaryEntry contains a key-value pair which maps the key to its 15 | associated value. 16 | 17 | To implement a dictionary, this class is to be used in a collection with 18 | unique keys. 19 | 20 | ## Metadata 21 | 22 | - name: DictionaryEntry 23 | - Instantiability: Concrete 24 | 25 | ## Properties 26 | 27 | - key 28 | - type: xsd:string 29 | - minCount: 1 30 | - maxCount: 1 31 | - value 32 | - type: xsd:string 33 | - maxCount: 1 34 | -------------------------------------------------------------------------------- /model/Extension/Classes/CdxPropertiesExtension.md: -------------------------------------------------------------------------------- 1 | SPDX-License-Identifier: Community-Spec-1.0 2 | 3 | # CdxPropertiesExtension 4 | 5 | ## Summary 6 | 7 | A type of extension consisting of a list of name value pairs. 8 | 9 | ## Description 10 | 11 | This extension provides a more structured extension using a name-value 12 | approach. 13 | 14 | Unlike key-value stores, properties in CdxPropertiesExtension support duplicate names, each 15 | potentially having different values. 16 | 17 | This is intended to be compatible with the CycloneDX property `properties`. 18 | 19 | ## Metadata 20 | 21 | - name: CdxPropertiesExtension 22 | - SubclassOf: Extension 23 | - Instantiability: Concrete 24 | 25 | ## Properties 26 | 27 | - cdxProperty 28 | - type: CdxPropertyEntry 29 | - minCount: 1 30 | -------------------------------------------------------------------------------- /model/Core/Classes/UnitOfMeasure.md: -------------------------------------------------------------------------------- 1 | SPDX-License-Identifier: Community-Spec-1.0 2 | 3 | # UnitOfMeasure 4 | 5 | ## Summary 6 | 7 | UnitofMeasure specify information structures through industry standards for Units of Measure, Quantity Kinds, Dimensions and Data Types. 8 | 9 | ## Description 10 | 11 | The QUDT, or "Quantity, Unit, Dimension and Type" schema defines the base classes properties, and restrictions used for modeling physical quantities, units of measure, and their dimensions in various measurement systems. 12 | 13 | ## Metadata 14 | 15 | - name: UnitOfMeasure 16 | - Instantiability: Concrete 17 | 18 | ## Properties 19 | 20 | - quantity 21 | - type: xsd:string 22 | - minCount: 1 23 | - maxCount: 1 24 | - unitQUDT 25 | - type: xsd:string 26 | - minCount: 1 27 | - maxCount: 1 28 | -------------------------------------------------------------------------------- /model/Software/Classes/ContentIdentifier.md: -------------------------------------------------------------------------------- 1 | SPDX-License-Identifier: Community-Spec-1.0 2 | 3 | # ContentIdentifier 4 | 5 | ## Summary 6 | 7 | A canonical, unique, immutable identifier. 8 | 9 | ## Description 10 | 11 | A ContentIdentifier is a canonical, unique, immutable identifier of the content 12 | of a software artifact, such as a package, a file, or a snippet. 13 | 14 | It can be used for verifying its identity and integrity. 15 | 16 | ## Metadata 17 | 18 | - name: ContentIdentifier 19 | - SubclassOf: /Core/IntegrityMethod 20 | - Instantiability: Concrete 21 | 22 | ## Properties 23 | 24 | - contentIdentifierType 25 | - type: ContentIdentifierType 26 | - minCount: 1 27 | - maxCount: 1 28 | - contentIdentifierValue 29 | - type: xsd:anyURI 30 | - minCount: 1 31 | - maxCount: 1 32 | -------------------------------------------------------------------------------- /model/Software/Properties/sourceInfo.md: -------------------------------------------------------------------------------- 1 | SPDX-License-Identifier: Community-Spec-1.0 2 | 3 | # sourceInfo 4 | 5 | ## Summary 6 | 7 | Records any relevant background information or additional comments 8 | about the origin of the package. 9 | 10 | ## Description 11 | 12 | A sourceInfo records any relevant background information or additional comments 13 | about the origin of the package. 14 | 15 | For example, this field can include comments indicating whether the package 16 | was pulled from a source code management system or has been repackaged. 17 | 18 | The creator can provide additional information to describe any anomalies or 19 | discoveries in the determination of the origin of the package. 20 | 21 | ## Metadata 22 | 23 | - name: sourceInfo 24 | - Nature: DataProperty 25 | - Range: xsd:string 26 | -------------------------------------------------------------------------------- /model/SupplyChain/Classes/AssemblyProcess.md: -------------------------------------------------------------------------------- 1 | SPDX-License-Identifier: Community-Spec-1.0 2 | 3 | # AssemblyProcess 4 | 5 | ## Summary 6 | 7 | The AssemblyProcess represents the process of creating a product by assembling a set of components, potentially in a way that allows for at disassembly (at least partially). 8 | 9 | ## Description 10 | 11 | The AssemblyProcess refers to the systematic method of putting together different components to create a finished product. The process of assembly is part of the manufacturing process used in industries such as automotive, electronics, aerospace, and consumer goods. Assembled products may be designed to be disassembled into components. 12 | 13 | ## Metadata 14 | 15 | - name: AssemblyProcess 16 | - SubclassOf: CreateProcess 17 | - Instantiability: Concrete 18 | -------------------------------------------------------------------------------- /model/Core/Classes/ExternalRef.md: -------------------------------------------------------------------------------- 1 | SPDX-License-Identifier: Community-Spec-1.0 2 | 3 | # ExternalRef 4 | 5 | ## Summary 6 | 7 | A reference to a resource outside the scope of SPDX 3 content related to an Element. 8 | 9 | ## Description 10 | 11 | An External Reference points to a general resource outside the scope of the SPDX 3 content 12 | that provides additional context, characteristics or related information about an Element. 13 | 14 | ## Metadata 15 | 16 | - name: ExternalRef 17 | - SubclassOf: none 18 | - Instantiability: Concrete 19 | 20 | ## Properties 21 | 22 | - externalRefType 23 | - type: ExternalRefType 24 | - maxCount: 1 25 | - locator 26 | - type: xsd:string 27 | - contentType 28 | - type: MediaType 29 | - maxCount: 1 30 | - comment 31 | - type: xsd:string 32 | - maxCount: 1 33 | -------------------------------------------------------------------------------- /model/Core/Vocabularies/RelationshipCompleteness.md: -------------------------------------------------------------------------------- 1 | SPDX-License-Identifier: Community-Spec-1.0 2 | 3 | # RelationshipCompleteness 4 | 5 | ## Summary 6 | 7 | Indicates whether a relationship is known to be complete, incomplete, or if no assertion is made with respect to relationship completeness. 8 | 9 | ## Description 10 | 11 | RelationshipCompleteness indicates whether the provided relationship is known to be complete, known to be incomplete, or if no assertion is made by the relationship creator. 12 | 13 | ## Metadata 14 | 15 | - name: RelationshipCompleteness 16 | 17 | ## Entries 18 | 19 | - incomplete: The relationship is known not to be exhaustive. 20 | - complete: The relationship is known to be exhaustive. 21 | - noAssertion: No assertion can be made about the completeness of the relationship. 22 | -------------------------------------------------------------------------------- /model/Extension/Classes/CdxPropertyEntry.md: -------------------------------------------------------------------------------- 1 | SPDX-License-Identifier: Community-Spec-1.0 2 | 3 | # CdxPropertyEntry 4 | 5 | ## Summary 6 | 7 | A property name with an associated value. 8 | 9 | ## Description 10 | 11 | Each CdxPropertyEntry contains a name-value pair which maps the name to its 12 | associated value. 13 | 14 | Unlike key-value stores, properties in CdxPropertiesExtension support duplicate 15 | names, each potentially having different values. 16 | 17 | This class can be used to implement CycloneDX compatible properties. 18 | 19 | ## Metadata 20 | 21 | - name: CdxPropertyEntry 22 | - Instantiability: Concrete 23 | 24 | ## Properties 25 | 26 | - cdxPropName 27 | - type: xsd:string 28 | - minCount: 1 29 | - maxCount: 1 30 | - cdxPropValue 31 | - type: xsd:string 32 | - maxCount: 1 33 | -------------------------------------------------------------------------------- /model/Software/Properties/homePage.md: -------------------------------------------------------------------------------- 1 | SPDX-License-Identifier: Community-Spec-1.0 2 | 3 | # homePage 4 | 5 | ## Summary 6 | 7 | A place for the SPDX document creator to record a website that serves as the 8 | package's home page. 9 | 10 | ## Description 11 | 12 | A homePage is a place for the SPDX document creator to record a website that 13 | serves as the package's home page. 14 | 15 | This saves the recipient of the SPDX document who is looking for more info from 16 | having to search for and verify a match between the package and the associated 17 | project home page. 18 | 19 | This link can also be used to reference further information about the package 20 | referenced by the SPDX document creator. 21 | 22 | ## Metadata 23 | 24 | - name: homePage 25 | - Nature: DataProperty 26 | - Range: xsd:anyURI 27 | -------------------------------------------------------------------------------- /model/SupplyChain/Classes/ResolutionAction.md: -------------------------------------------------------------------------------- 1 | SPDX-License-Identifier: Community-Spec-1.0 2 | 3 | # ResolutionAction 4 | 5 | ## Summary 6 | 7 | Products out of specification require a resolution action. This is the action of resolution. 8 | 9 | ## Description 10 | 11 | Products out of specification require a resolution action. This is the action of resolution. 12 | 13 | Relationship: 14 | For each `ResolutionAction` there is at least one `/Core/Relationship` class or subclass with the relationshipType of 'resolved’ on the from and an `OutOfSpecAction` class or subclass on the to. 15 | 16 | ## Metadata 17 | 18 | - name: ResolutionAction 19 | - SubclassOf: UseAction 20 | - Instantiability: Concrete 21 | 22 | ## External properties restrictions 23 | 24 | - /Core/Element/description 25 | - minCount: 1 26 | -------------------------------------------------------------------------------- /model/AI/Properties/modelExplainability.md: -------------------------------------------------------------------------------- 1 | SPDX-License-Identifier: Community-Spec-1.0 2 | 3 | # modelExplainability 4 | 5 | ## Summary 6 | 7 | Describes methods that can be used to explain the results from the AI model. 8 | 9 | ## Description 10 | 11 | A free-form text that lists the different explainability mechanisms and how 12 | they can be used to explain the results from the AI model. 13 | 14 | The mechanisms can be model-agnostic methods, such as 15 | [SHapley Additive exPlanations (SHAP)](https://shap.readthedocs.io/) and 16 | [Local Interpretable Model-agnostic Explanations (LIME)](https://github.com/marcotcr/lime), 17 | and model-specific methods that applied to a limited category of models. 18 | 19 | ## Metadata 20 | 21 | - name: modelExplainability 22 | - Nature: DataProperty 23 | - Range: xsd:string 24 | -------------------------------------------------------------------------------- /model/ExpandedLicensing/Properties/obsoletedBy.md: -------------------------------------------------------------------------------- 1 | SPDX-License-Identifier: Community-Spec-1.0 2 | 3 | # obsoletedBy 4 | 5 | ## Summary 6 | 7 | Specifies the licenseId that is preferred to be used in place of a deprecated 8 | License or LicenseAddition. 9 | 10 | ## Description 11 | 12 | An obsoletedBy value for a deprecated License or LicenseAddition specifies 13 | the licenseId of the replacement License or LicenseAddition that is preferred 14 | to be used in its place. It shall use the same format as specified for a 15 | licenseId. 16 | 17 | The License's or LicenseAddition's comment value may include more information 18 | about the reason why the licenseId specified in the obsoletedBy value is 19 | preferred. 20 | 21 | ## Metadata 22 | 23 | - name: obsoletedBy 24 | - Nature: DataProperty 25 | - Range: xsd:string 26 | -------------------------------------------------------------------------------- /model/SupplyChain/Classes/PlanAction.md: -------------------------------------------------------------------------------- 1 | SPDX-License-Identifier: Community-Spec-1.0 2 | 3 | # PlanAction 4 | 5 | ## Summary 6 | 7 | A PlanAction involves the execution of a plan in relation to a PlanProcess. 8 | 9 | ## Description 10 | 11 | A PlanAction involves the execution of a plan in relation to a PlanProcess. 12 | 13 | The description of the PlanAction is a mandatory property. 14 | 15 | Relationship: 16 | 17 | For each `PlanAction` there is at least one `/Core/Relationship` class or subclass with the relationshipType of 'generates’ on the to and a `PlanProcess` class or subclass on the from. 18 | 19 | ## Metadata 20 | 21 | - name: PlanAction 22 | - SubclassOf: UseAction 23 | - Instantiability: Concrete 24 | 25 | ## External properties restrictions 26 | 27 | - /Core/Element/description 28 | - minCount: 1 29 | -------------------------------------------------------------------------------- /model/SupplyChain/Classes/CreateAction.md: -------------------------------------------------------------------------------- 1 | SPDX-License-Identifier: Community-Spec-1.0 2 | 3 | # CreateAction 4 | 5 | ## Summary 6 | 7 | CreationAction represents an event of product creation. 8 | 9 | ## Description 10 | 11 | CreationAction represents the lifecycle event of Product creation. A product could be manufactured, assembled, mined/extracted directly from the nature etc. 12 | 13 | Relationship: 14 | 15 | For each `CreateAction` there is at least one `/Core/Relationship` class or subclass with the relationshipType of 'hasOutput’ on the from and a `/Core/Element` class or subclass on the to. 16 | 17 | ## Metadata 18 | 19 | - name: CreateAction 20 | - SubclassOf: /Core/Action 21 | - Instantiability: Abstract 22 | 23 | ## External properties restrictions 24 | 25 | - /Core/Action/actionStartTime 26 | - minCount: 1 27 | -------------------------------------------------------------------------------- /model/ExpandedLicensing/Individuals/NoAssertionLicense.md: -------------------------------------------------------------------------------- 1 | SPDX-License-Identifier: Community-Spec-1.0 2 | 3 | # NoAssertionLicense 4 | 5 | ## Summary 6 | 7 | An Individual Value for License when no assertion can be made about its actual 8 | value. 9 | 10 | ## Description 11 | 12 | NoAssertionLicense shall be used if 13 | 14 | - the SPDX creator has attempted to but cannot reach a reasonable objective 15 | determination; 16 | - the SPDX creator has made no attempt to determine this field; or 17 | - the SPDX creator has intentionally provided no information (no meaning shall 18 | be implied by doing so). 19 | 20 | ## Metadata 21 | 22 | - name: NoAssertionLicense 23 | - type: IndividualLicensingInfo 24 | - IRI: https://spdx.org/rdf/3.1/terms/Licensing/NoAssertion 25 | 26 | ## Property Values 27 | 28 | - name: "NOASSERTION" 29 | -------------------------------------------------------------------------------- /model/AI/Properties/autonomyType.md: -------------------------------------------------------------------------------- 1 | SPDX-License-Identifier: Community-Spec-1.0 2 | 3 | # autonomyType 4 | 5 | ## Summary 6 | 7 | Indicates whether the system can perform a decision or action without human 8 | involvement or guidance. 9 | 10 | *Deprecated in SPDX 3.1.* 11 | Use [/Core/isoAutomationLevel](../../Core/Properties/isoAutomationLevel.md) 12 | instead. 13 | 14 | ## Description 15 | 16 | Indicates if the system is fully automated or a human is involved in any of the 17 | decisions of the AI system. 18 | 19 | - yes: Indicates that the system is fully automated. 20 | - no: Indicates that a human is involved in any of the decisions of the AI 21 | system. 22 | - noAssertion: Makes no assertion about the autonomy. 23 | 24 | ## Metadata 25 | 26 | - name: autonomyType 27 | - Nature: ObjectProperty 28 | - Range: /Core/PresenceType 29 | -------------------------------------------------------------------------------- /model/AI/Properties/standardCompliance.md: -------------------------------------------------------------------------------- 1 | SPDX-License-Identifier: Community-Spec-1.0 2 | 3 | # standardCompliance 4 | 5 | ## Summary 6 | 7 | Captures a standard that an artifact is being complied with. 8 | 9 | ## Description 10 | 11 | A free-form text that captures a standard that an artifact complies with. 12 | 13 | The standard may, but is not necessarily required to, satisfy a legal or 14 | regulatory requirement. 15 | 16 | If the artifact is using a standard as a reference or guideline, but not 17 | necessarily compliant with it, use the `standardName` property instead. 18 | 19 | For a detailed compliance information, please consider defining 20 | a `Relationship` with "conformsTo" relationship type to a `Regulation`. 21 | 22 | ## Metadata 23 | 24 | - name: standardCompliance 25 | - Nature: DataProperty 26 | - Range: xsd:string 27 | -------------------------------------------------------------------------------- /model/Core/Classes/Action.md: -------------------------------------------------------------------------------- 1 | SPDX-License-Identifier: Community-Spec-1.0 2 | 3 | # Action 4 | 5 | ## Summary 6 | 7 | Class that describes an action that has occurred. 8 | 9 | ## Description 10 | 11 | Action defines an event that has occurred. This is an Abstract Action. 12 | 13 | ## Metadata 14 | 15 | - name: Action 16 | - SubclassOf: Artifact 17 | - Instantiability: Abstract 18 | 19 | ## Properties 20 | 21 | - actionStartTime 22 | - type: DateTime 23 | - minCount: 0 24 | - maxCount: 1 25 | - actionEndTime 26 | - type: DateTime 27 | - minCount: 0 28 | - maxCount: 1 29 | - actionLocation 30 | - type: Location 31 | - minCount: 0 32 | - additionalInformation 33 | - type: DictionaryEntry 34 | - minCount: 0 35 | 36 | ## External properties restrictions 37 | 38 | - /Core/Artifact/originatedBy 39 | - minCount: 1 40 | -------------------------------------------------------------------------------- /model/Core/Properties/headquartersLocation.md: -------------------------------------------------------------------------------- 1 | SPDX-License-Identifier: Community-Spec-1.0 2 | 3 | # headquartersLocation 4 | 5 | ## Summary 6 | 7 | The headquartersLocation defines the location of the organization's headquarters. 8 | 9 | ## Description 10 | 11 | Headquarters denotes the location where most or all of the important functions of an organization are coordinated. In the United States, the corporate headquarters represents the entity at the center or the top of a corporation taking full responsibility for managing all business activities. 12 | To identify an organization's headquarters accurately, you provide address information (mailing, street and GPL) information related to the organization’s headquarters. 13 | 14 | ## Metadata 15 | 16 | - name: headquartersLocation 17 | - Nature: ObjectProperty 18 | - Range: Location 19 | -------------------------------------------------------------------------------- /model/Security/Properties/vectorString.md: -------------------------------------------------------------------------------- 1 | SPDX-License-Identifier: Community-Spec-1.0 2 | 3 | # vectorString 4 | 5 | ## Summary 6 | 7 | Specifies the CVSS vector string for a vulnerability. 8 | 9 | ## Description 10 | 11 | Specifies any combination of the CVSS Base, Temporal, Threat, Environmental, 12 | and/or Supplemental vector string values for a vulnerability. 13 | 14 | Supports vectorStrings specified in all CVSS versions. 15 | 16 | *Constraints* 17 | 18 | String values for the vectorString range shall only include the abbreviated form 19 | of metric names specified in CVSS specifications, e.g. 20 | [Common Vulnerability Scoring System Vector String](https://www.first.org/cvss/v4.0/specification-document#Vector-String). 21 | 22 | ## Metadata 23 | 24 | - name: vectorString 25 | - Nature: DataProperty 26 | - Range: xsd:string 27 | -------------------------------------------------------------------------------- /model/Hardware/Properties/additionalInformationSpecification.md: -------------------------------------------------------------------------------- 1 | SPDX-License-Identifier: Community-Spec-1.0 2 | 3 | # additionalInformationSpecification 4 | 5 | ## Summary 6 | 7 | It is the authoritative or credible entity, document, or body of knowledge that provides the meaning of an additionalInformation key and/or its values, ensuring accuracy, context, and standardization. 8 | 9 | ## Description 10 | 11 | It is the authoritative or credible entity, document, or body of knowledge that provides the meaning of an additionalInformation key and/or its values, ensuring accuracy, context, and standardization. 12 | These are adopted to create uniformity and facilitate interoperability within industries. 13 | 14 | ## Metadata 15 | 16 | - name: additionalInformationSpecification 17 | - Nature: ObjectProperty 18 | - Range: /Core/Specification 19 | -------------------------------------------------------------------------------- /model/Software/Properties/lineRange.md: -------------------------------------------------------------------------------- 1 | SPDX-License-Identifier: Community-Spec-1.0 2 | 3 | # lineRange 4 | 5 | ## Summary 6 | 7 | Defines the line range in the original host file that the snippet information 8 | applies to. 9 | 10 | ## Description 11 | 12 | This field defines the line range in the original host file that the snippet 13 | information applies to. 14 | 15 | If there is a disagreement between the byte range and line range, the byte 16 | range values will take precedence. 17 | 18 | A range of lines is a convenient reference for those files where there is a 19 | known line delimiter. 20 | The choice was made to start the numbering of the lines at 1 to be consistent 21 | with the W3C pointer method vocabulary. 22 | 23 | ## Metadata 24 | 25 | - name: lineRange 26 | - Nature: DataProperty 27 | - Range: /Core/PositiveIntegerRange 28 | -------------------------------------------------------------------------------- /model/ExpandedLicensing/Properties/standardLicenseTemplate.md: -------------------------------------------------------------------------------- 1 | SPDX-License-Identifier: Community-Spec-1.0 2 | 3 | # standardLicenseTemplate 4 | 5 | ## Summary 6 | 7 | Identifies the full text of a License, in SPDX templating format. 8 | 9 | ## Description 10 | 11 | A standardLicenseTemplate contains a license template which describes sections 12 | of the License text which can be varied. 13 | 14 | See the Legacy Text Template format section of the 15 | [SPDX License List Matching Guidelines](../../../annexes/license-matching-guidelines-and-templates.md) 16 | for format information. 17 | 18 | It is recommended to use [licenseXml](./licenseXml.md) instead, as it can 19 | capture all the text and metadata associated with a license. 20 | 21 | ## Metadata 22 | 23 | - name: standardLicenseTemplate 24 | - Nature: DataProperty 25 | - Range: xsd:string 26 | -------------------------------------------------------------------------------- /model/SupplyChain/Classes/DestroyAction.md: -------------------------------------------------------------------------------- 1 | SPDX-License-Identifier: Community-Spec-1.0 2 | 3 | # DestroyAction 4 | 5 | ## Summary 6 | 7 | The record of destruction is entered in this action. 8 | 9 | ## Description 10 | 11 | The action of destroying an element is recorded as part of the DestroyAction. To destroy refers to the act of completely eliminating, or rendering something unusable or irretrievable. 12 | 13 | ## Metadata 14 | 15 | - name: DestroyAction 16 | - SubclassOf: /Core/Action 17 | - Instantiability: Concrete 18 | 19 | ## Properties 20 | 21 | - destructionPerformedBy 22 | - type: /Core/Agent 23 | - minCount: 1 24 | 25 | ## External properties restrictions 26 | 27 | - /Core/Action/actionStartTime 28 | - minCount: 1 29 | - /Core/Action/actionEndTime 30 | - minCount: 1 31 | - /Core/Element/description 32 | - minCount: 1 33 | -------------------------------------------------------------------------------- /model/Core/Classes/Annotation.md: -------------------------------------------------------------------------------- 1 | SPDX-License-Identifier: Community-Spec-1.0 2 | 3 | # Annotation 4 | 5 | ## Summary 6 | 7 | An assertion made in relation to one or more elements. 8 | 9 | ## Description 10 | 11 | An Annotation is an assertion made in relation to one or more elements. 12 | 13 | The `contentType` property describes the format of the `statement` property. 14 | 15 | ## Metadata 16 | 17 | - name: Annotation 18 | - SubclassOf: Element 19 | - Instantiability: Concrete 20 | 21 | ## Properties 22 | 23 | - annotationType 24 | - type: AnnotationType 25 | - minCount: 1 26 | - maxCount: 1 27 | - contentType 28 | - type: MediaType 29 | - minCount: 0 30 | - maxCount: 1 31 | - statement 32 | - type: xsd:string 33 | - minCount: 0 34 | - maxCount: 1 35 | - subject 36 | - type: Element 37 | - minCount: 1 38 | - maxCount: 1 39 | -------------------------------------------------------------------------------- /model/Dataset/Vocabularies/ConfidentialityLevelType.md: -------------------------------------------------------------------------------- 1 | SPDX-License-Identifier: Community-Spec-1.0 2 | 3 | # ConfidentialityLevelType 4 | 5 | ## Summary 6 | 7 | Categories of confidentiality level. 8 | 9 | ## Description 10 | 11 | Describes the different confidentiality levels as given by the 12 | [Traffic Light Protocol](https://en.wikipedia.org/wiki/Traffic_Light_Protocol). 13 | 14 | ## Metadata 15 | 16 | - name: ConfidentialityLevelType 17 | 18 | ## Entries 19 | 20 | - red: Data points in the dataset are highly confidential and can only be shared with named recipients. 21 | - amber: Data points in the dataset can be shared only with specific organizations and their clients on a need to know basis. 22 | - green: Dataset can be shared within a community of peers and partners. 23 | - clear: Dataset may be distributed freely, without restriction. 24 | -------------------------------------------------------------------------------- /model/SupplyChain/Vocabularies/ResponsibilityType.md: -------------------------------------------------------------------------------- 1 | SPDX-License-Identifier: Community-Spec-1.0 2 | 3 | # ResponsibilityType 4 | 5 | ## Summary 6 | 7 | These categories help define sets Responsibility Type. 8 | 9 | ## Description 10 | 11 | These categories help define sets Responsibility Type. 12 | 13 | ## Metadata 14 | 15 | - name: ResponsibilityType 16 | 17 | ## Entries 18 | 19 | - ownership: Ownership refers to the legal right to control, manage, and benefit from an asset, resource, or responsibility. It establishes authority, accountability, and entitlements over something, whether it's property, a business, intellectual property, or responsibilities. 20 | - custody: Custody refers to the responsibility, control, and safekeeping of an asset, person, or legal entity. It involves both physical possession and legal authority over something or someone. 21 | --------------------------------------------------------------------------------