SBOM-CycloneDX
view release on metacpan or search on metacpan
lib/SBOM/CycloneDX/schema/bom-1.6.schema.json view on Meta::CPAN
"title": "Column",
"description": "The column the code that is called resides.",
"type": "integer"
},
"fullFilename": {
"title": "Full Filename",
"description": "The full path and filename of the module.",
"type": "string"
}
}
}
}
}
},
"licenses": {
"$ref": "#/definitions/licenseChoice",
"title": "License Evidence"
},
"copyright": {
"type": "array",
"items": {"$ref": "#/definitions/copyright"},
"title": "Copyright Evidence",
"description": "Copyright evidence captures intellectual property assertions, providing evidence of possible ownership and legal protection."
}
}
},
"compositions": {
"type": "object",
"title": "Compositions",
"required": [
"aggregate"
],
"additionalProperties": false,
"properties": {
"bom-ref": {
"$ref": "#/definitions/refType",
"title": "BOM Reference",
"description": "An optional identifier which can be used to reference the composition elsewhere in the BOM. Every bom-ref must be unique within the BOM.\nValue SHOULD not start with the BOM-Link intro 'urn:cdx:' to avoid conflicts with BOM-...
},
"aggregate": {
"$ref": "#/definitions/aggregateType",
"title": "Aggregate",
"description": "Specifies an aggregate type that describes how complete a relationship is."
},
"assemblies": {
"type": "array",
"uniqueItems": true,
"items": {
"anyOf": [
{
"title": "Ref",
"$ref": "#/definitions/refLinkType"
},
{
"title": "BOM-Link Element",
"$ref": "#/definitions/bomLinkElementType"
}
]
},
"title": "BOM references",
"description": "The bom-ref identifiers of the components or services being described. Assemblies refer to nested relationships whereby a constituent part may include other constituent parts. References do not cascade to child parts. Refere...
},
"dependencies": {
"type": "array",
"uniqueItems": true,
"items": {
"type": "string"
},
"title": "BOM references",
"description": "The bom-ref identifiers of the components or services being described. Dependencies refer to a relationship whereby an independent constituent part requires another independent constituent part. References do not cascade to ...
},
"vulnerabilities": {
"type": "array",
"uniqueItems": true,
"items": {
"type": "string"
},
"title": "BOM references",
"description": "The bom-ref identifiers of the vulnerabilities being described."
},
"signature": {
"$ref": "#/definitions/signature",
"title": "Signature",
"description": "Enveloped signature in [JSON Signature Format (JSF)](https://cyberphone.github.io/doc/security/jsf.html)."
}
}
},
"aggregateType": {
"type": "string",
"default": "not_specified",
"enum": [
"complete",
"incomplete",
"incomplete_first_party_only",
"incomplete_first_party_proprietary_only",
"incomplete_first_party_opensource_only",
"incomplete_third_party_only",
"incomplete_third_party_proprietary_only",
"incomplete_third_party_opensource_only",
"unknown",
"not_specified"
],
"meta:enum": {
"complete": "The relationship is complete. No further relationships including constituent components, services, or dependencies are known to exist.",
"incomplete": "The relationship is incomplete. Additional relationships exist and may include constituent components, services, or dependencies.",
"incomplete_first_party_only": "The relationship is incomplete. Only relationships for first-party components, services, or their dependencies are represented.",
"incomplete_first_party_proprietary_only": "The relationship is incomplete. Only relationships for first-party components, services, or their dependencies are represented, limited specifically to those that are proprietary.",
"incomplete_first_party_opensource_only": "The relationship is incomplete. Only relationships for first-party components, services, or their dependencies are represented, limited specifically to those that are opensource.",
"incomplete_third_party_only": "The relationship is incomplete. Only relationships for third-party components, services, or their dependencies are represented.",
"incomplete_third_party_proprietary_only": "The relationship is incomplete. Only relationships for third-party components, services, or their dependencies are represented, limited specifically to those that are proprietary.",
"incomplete_third_party_opensource_only": "The relationship is incomplete. Only relationships for third-party components, services, or their dependencies are represented, limited specifically to those that are opensource.",
"unknown": "The relationship may be complete or incomplete. This usually signifies a 'best-effort' to obtain constituent components, services, or dependencies but the completeness is inconclusive.",
"not_specified": "The relationship completeness is not specified."
}
},
"property": {
"type": "object",
"title": "Lightweight name-value pair",
"description": "Provides the ability to document properties in a name-value store. This provides flexibility to include data not officially supported in the standard without having to use additional namespaces or create extensions. Unlike key-v...
"required": [
"name"
],
"properties": {
"name": {
"type": "string",
"title": "Name",
"description": "The name of the property. Duplicate names are allowed, each potentially having a different value."
},
"value": {
"type": "string",
( run in 0.774 second using v1.01-cache-2.11-cpan-39bf76dae61 )